Update `ValidationAutoConfiguration` and `WebMvcAutoConfiguration` to
ensure as much as possible that only a single Validator bean of each
type is registered.
Validation auto-configuration now does the following:
- If no validator is found: Registers a `LocalValidatorFactoryBean`
(providing both Spring and JSR validation)
- If the user defines a Spring & JSR validator: Backs off
- If the user defines only a JSR validator: Adapts it to a Spring
validator (without exposing another JSR implementation)
WebMvcAutoConfiguration auto-configuration has been updated to make
MVC validation follow common Spring Boot patterns:
- If not validator beans are found (due to the user excluding
ValidationAutoConfiguration) a new `mvcValidator` bean will be
registered.
- If a single validator bean is found it will be used for MVC
validation.
- If multiple validator beans are defined it will either use the one
named `mvcValidator` or it will register a new `mvcValidator` bean
Any automatically registered `mvcValidator` bean will not implement
the JSR validator interface.
Finally, it is no longer possible to provide an MVC validator via a
`WebMvcConfigurer`.
Fixes gh-8495
Allow `PathExtensionContentNegotiationStrategy` to be bypassed by
actuator endpoints. Prior to this commit calling `/loggers/com.aaa.cab`
would return a HTTP 406 response due to `.cab` being a known extension.
Fixes gh-8765
This commit changes the solr health indicator to request the status of
all available cores, rather than invoking a generic ping on the admin
handler.
Recent versions of Solr now have a ping handler per core and the general
admin handler is gone, leading to incorrect health status. For backward
compatible reason the `solrStatus` attribute is kept to `OK` if all cores
are running properly (that's actually `0` behind the scenes).
Closes gh-8463
As of Hazelcast 3.7, the bootstrap is pretty slow by default due to the
networking discovery. This commit disables both TCP/IP and multicast
discoveries.
Update `HealthMvcEndpoint` to respect `ManagementServerProperties`
roles. Prior to this commit the `HealthMvcEndpoint` directly loaded
roles rather than using bound properties. This meant that list values
from yaml were not respected.
Fixes gh-8314
If Spring Security is on the classpath and `isUserInRole` returns false,
check if user has the authority to access the actuator endpoints.
Fixes gh-8255
Instead of validating the signature against all the public keys,
we can validate it only against the public key with the kid that
matches the one in the token header.
Closes gh-8126
This commit moves the `spring.pid.*` metadata to the relevant project. It
also updates the doc to refer to the new `ApplicationPidFileWriter`
rather than the one in its deprecatred form.
Closes gh-8196
Update `EndpointMBeanExporter` to ensure that `JmxEndpoint` as well
as regular `Endpoint` beans are considered when searching the parent
context.
Prior to this commit if the same `JmxEndpoint` was registered in the
both the child and parent context then the `context=` element of the
name wasn't added.
Fixes gh-8152
Previously, ManagementContextConfiguration classes were loaded to
allow them to be ordered based on either @Order or implementing
Ordered. This had the unwanted side-effect of possibly logging
unwanted INFO messages if the reflection-based annotation
introspection failed. One cause of this was @ConditionalOnClass when
the referenced class was not on the classpath.
This commit uses the ASM-based annotation metadata reading to
determine the order of a management context configuration class based
on the @Order annotation. The classes are then sorted using a standard
OrderComparator. Note that Ordering via implemented Ordered is not
supported as it cannot be determine without loading the class.
Add an annotation processor that generates properties files for certain
auto-configuration class annotations. Currently attribute values from
@AutoConfigureOrder, @AutoConfigureBefore, @AutoConfigureAfter and
@ConditionalOnClass annotations are stored.
The properties file will allow optimizations to be added in the
`spring-boot-autoconfigure` project. Primarily by removing the need
to ASM parse as many `.class` files.
See gh-7573
Previously, the actuator's endpoints produced application/json and,
where appropriate, also consumed application/json. Without a custom,
versioned media type, it's impossible for us to make changes to the
endpoints without breaking clients.
This commit introduces a new media type,
application/spring-boot.actuator.v1+json, that is now produced by
default with application/json also being produced if requested.
Endpoints that consume JSON will now also accept content the uses
the new media type in addition to application/json.
Closes gh-7967
Previously, in case the data for the audit event contained an entry
with the key "type", the member `type` from the AuditEvent would be
overwritten when rendering to JSON due to the use of @JsonAnyGetter on
the data property.
This commit removes @JsonAnyGetter so that the data map is rendered as
a separate property in the JSON.
Closes gh-7990
Replace JSR-330 validation annotations from all internal
`@ConfigurationProperties` classes with standard Asserts.
Prior to this commit validation of our own configuration properties
would only occur when the user happens to have compliant JSR-330
implementation on their classpath.
See gh-7579
Previously, the beans endpoint would only expose the context that
contained the endpoint. This commit updates the endpoint so that
the context that contains the endpoint and all of its ancestors are
exposed.
In a context hierarhcy, the relation ship is child -> parent and there
is no way to navigate from a parent to a child. As a result, any
contexts that are descendants of the context containing the endpoint
are not exposed.
Closes gh-5188