The changes made in 6a2ac080 mean that getSecurity() on
ManagementServerProperties will no longer return null when Spring
Security is on the classpath. This had the unwanted side-effect of
causing the health endpoint to hide its details when Spring Security
was not on the classpath.
This commit reinstates the previous behaviour by only considering
the health endpoint to be secure if Spring Security is on the
classpath and management.security.enabled is true.
Closes gh-7345
This commits makes sure that customizations on `DispatcherServlet` are
also applied to the `TestDispatcherServlet` that `MockMvc` is using
internally.
Closes gh-5891
Update `ManagementServerProperties` so that `security.sessions` no
longer uses `SessionCreationPolicy` from Spring Security. We now
use our own enun which allows `management.security.*` properties to
be set without the risk of a `ClassNotFoundException`.
Fixes gh-3888
Previously, if an exception was thrown during request handling after
the response had been committed, i.e. after the status and headers
had been written, the metrics filter would assume that it was a 500
response. This was potentially inaccurate as the status had already
been sent to the client and before the exception was thrown and it
may have been something other than a 500.
This commit updates MetricsFilter so that it will use the
status from the response if the response has been committed even when
an exception is thrown.
Closes gh-7277
If the resource chain is used, such as by using the
`"spring.resources.chain.strategy.content.enabled"` property,
resource chain caching can prevent the developer from seeing
changes made to resources, so that caching should be disabled
when DevTools is enabled.
This commit sets the `"spring.resources.chain.cache"` property
to `true` when devtools is enabled.