Commit Graph

1342 Commits (49fc72770684ab014369b2f7ef6d9ae66f1d22f2)

Author SHA1 Message Date
Eddú Meléndez 53d25999f3 Add support for multiple beans in the Flyway and Liquibase endpoints
Closes gh-6610
See gh-6613
8 years ago
Phillip Webb b87e02dde0 Polish Spring Integration metrics support
See gh-7722
8 years ago
Artem Bilan d69e43b433 Refactor Spring Integration metrics support
Update Spring Integration metrics support since Spring Integration
`4.3.6`+ no longer needs `spring-integration-jmx` enable
`MessageChannel`, `MessageHandler` and `MessageSource` metrics.

- Add `IntegrationManagementConfiguration` conditional auto-configuration
  to provide `@EnableIntegrationManagement` when JMX is `enabled` or there
  is no `IntegrationManagementConfigurer.MANAGEMENT_CONFIGURER_NAME` bean.
  By default this bean doesn't exist and you explicitly should declare it
  (e.g. via `@EnableIntegrationManagement`) if you would like to collect
  metrics. At the same time Spring Integration enables it when JMX
  management is present (that is a purpose of that new
  `IntegrationManagementConfiguration`)

- Change `SpringIntegrationMetricReader` to read metrics from the
  `IntegrationManagementConfigurer`, not `IntegrationMBeanExporter`

- Change `PublicMetricsAutoConfiguration` to register
  `IntegrationManagementConfigurer.MANAGEMENT_CONFIGURER_NAME` bean if
  not present. Since we are here in `actuator`, therefore we are
  interested in the metrics for SI as well.

- Since we don't need JMX for the metrics any more, remove SI-JMX
  dependency from the `spring-boot-starter-integration`.

- Remove `IntegrationManagementConfiguration` modification from the
  `integrationMbeanExporter()`, since that looks like mutation of an
  external object, when end-user would prefer their own options.
  Therefore we don't need `ObjectProvider<IntegrationManagementConfigurer>`, too

- Add missed `MessageSourceMetrics` gathering for the
  `SpringIntegrationMetricReader`

Closes gh-7722
8 years ago
Johnny Lim e12b4a944f Polish 8 years ago
Phillip Webb 38f7389eab Polish loggers 8 years ago
Phillip Webb c76bd2d81e Refine error message from Endpoint MVC security
Update the error message to return less information to the client.
Details of how to disable security are now written to the log instead.

See gh-7605
See gh-7634
8 years ago
Madhura Bhave 38eeae2166 Send error with message from Endpoint MVC security
Update `MvcEndpointSecurityInterceptor` to that it sends an error in the
same way as Spring Security. Prior to this commit the `ErrorController`
would not handle endpoint security errors.

Fixes gh-7605
Closes gh-7634
8 years ago
Phillip Webb dba8ef2ba8 Polish CF management skip SSL opt-in
See gh-7629
See gh-7655
8 years ago
Madhura Bhave 34712cbf76 Switch CF management skip SSL to opt-in
Change CloudFoundryActuatorAutoConfiguration so that skipping of SSL
verification is now opt-in rather than enabled by default.

Fixes gh-7629
Closes gh-7655
8 years ago
Phillip Webb 06a7ab0cd5 Polish ReservoirFactory support
Polish Dropwizrd reservoir support including a refactor of
`ReservoirFactory` to allow reservoirs to be created based on a
metric name.

See gh-5199
See gh-7105
8 years ago
Lucas Saldanha 1fc2e87053 Enable custom Reservoir with Dropwizard metrics
Uses the ReservoirFactory to customize the implementation of
the Reservoir that will be used when creating Timer and Histogram
in the DropwizardMetricServices.

Fixes gh-5199
Closes gh-7105
8 years ago
Phillip Webb d15f3548be Polish 8 years ago
Phillip Webb 6121208cbb Polish formatting 8 years ago
Phillip Webb 4b9cba351b Merge branch '1.4.x' into 1.5.x 8 years ago
Phillip Webb bd74c3d327 Polish formatting 8 years ago
Stephane Nicoll 684be0f048 Polish contribution
Closes gh-6852
8 years ago
Vedran Pavic 899f7aa8f0 Add constants for supported audit event types
See gh-6582
8 years ago
Stephane Nicoll f560f338ab Polish contribution
Closes gh-7219
8 years ago
Vedran Pavic 60e054d0e4 Add `LoggersEndpointMBean`
See gh-7219
8 years ago
Eddú Meléndez fc09a23991 Add missing actuator metadata
Health metadata for cassandra and couchbase is added.

See gh-7632
8 years ago
Johnny Lim 6d1b752ffe Polish
Closes gh-7552
8 years ago
Oscar Utbult 38713c473f Remove redundant array creation for calling varargs method
Closes gh-7551
8 years ago
Andy Wilkinson 595679bed4 Disable management security when testing Jolokia endpoint 8 years ago
Andy Wilkinson 391a760c3c Merge branch '1.4.x' into 1.5.x 8 years ago
Andy Wilkinson 4ec95b8308 Ensure that JolokiaMvcEndpoint destroys underlying controller
Closes gh-7606
8 years ago
Dave Syer 1baf3c63c4 Make the Spring Security part of CF autoconfig conditional
Otherwise you get a class not found exception at runtime in
CF when Spring Securtity is not on the classpath.
8 years ago
Dave Syer cc8ecb6ff5 Clear VCAP_APPLICATION after tests
So that other CF tests do not fail.
8 years ago
Madhura Bhave 5d8e00cb56 Fix HealthMvcEndpointTests
See gh-7569
8 years ago
Madhura Bhave 1be5812cf0 Require `ACTUATOR` role rather than `ADMIN`
Update management security to require an `ACTUATOR` role rather than
`ADMIN` by default. This should reduce the risk of users accidentally
exposing actuator endpoints because they happen to use a role named
`ADMIN`.

Fixes gh-7569
8 years ago
Madhura Bhave 95be208f0f Use IgnoredRequestCustomizer to ignore paths
Update `SpringBootWebSecurityConfiguration` to ignore requests by
delegating to `IgnoredRequestCustomizer` beans. This allows a single
Spring Boot `WebSecurityConfigurer<WebSecurity>` bean to be used which
prevents potential exceptions caused by duplicate `@Order` values.

Fixes gh-7106
8 years ago
Madhura Bhave d09aafacda Add a security interceptor for actuator endpoints
Update `AbstractEndpointHandlerMapping` to support a security
interceptor that can be used to enforce endpoint security.

Fixes gh-6889
8 years ago
Andy Wilkinson 967625db1e Replace field injection with constructor injection in config classes
Closes gh-7563
8 years ago
Andy Wilkinson 1464425d64 Remove use of @Component from classes that are not scanned
Closes gh-7549
8 years ago
Stephane Nicoll ee72e788ed Rename `spring-boot-junit-runners` to `spring-boot-test-support`
Closes gh-7421
8 years ago
Stephane Nicoll 85de72c0d0 Merge branch '1.4.x' into 1.5.x 8 years ago
Stephane Nicoll 2a85a2557d Fix health indicator auto-configuration order
Previously, the health auto-configuration `AutoconfigureOrder` entry for
couchbase was referring to the standard couchbase auto-configuration that
is not responsible to configure the `CouchbaseOperations` bean. Yet, the
health indicator implementation was relying on the presence of such a
bean.

This commit fixes the `AutoconfigureOrder` entry so that it refers to
`CouchbaseDataAutoConfiguration` now.

Closes gh-7543
8 years ago
Andy Wilkinson 9c20ada927 Merge branch '1.4.x' into 1.5.x 8 years ago
Andy Wilkinson 356edc725c Handle request mappings with regular expressions in MetricsFilter
Closes gh-7503
8 years ago
Andy Wilkinson 2be554456e Introduce SearchStrategy.ANCESTORS as a replacement for .PARENTS
Closes gh-6763
8 years ago
Andy Wilkinson dce1487424 Merge branch '1.4.x' into 1.5.x 8 years ago
Andy Wilkinson e19c6245ef Consider endpoints.sensitive when endpoints.health.sensitive is not set
Closes gh-7476
8 years ago
Andy Wilkinson f5dd90815b Polishing: fix some compiler warnings 8 years ago
Phillip Webb 1657120286 Move ModifiedClassPathRunner to its own module
Migrate `ModifiedClassPathRunner` from `spring-boot` test source to
its own module.

Fixes gh-7420
8 years ago
Phillip Webb c2c5611f77 Polish 8 years ago
Madhura Bhave 3a3228fc70 Add CORS interceptor for Cloud Foundry actuators
This interceptor processes the response with CORS headers
and apepars before the Cloud Foundry security interceptor.

See gh-7108
8 years ago
Andy Wilkinson 1cd781b242 Make spring-boot-test compatible with Mockito 2.1 and 2.2
We use some internal Mockito classes and some  breaking API changes
have been made to them in Mockito 2. This commit introduces a utility
class, SpringBootMockUtil, to shield our code from these differences.
Mockito 1 is called directly and Mockito 2 is called via reflection.

To allow these changes to be tested, FilteredClassPathRunner has been
enhanced to also support overriding a dependency on the class path.
As a result it has been renamed to ModifiedClassPathRunner. The new
ClassPathOverrides annotation can be used to provide the Maven
coordinates of one or more dependencies that should be resolved and
added to the class path. Such additions are added to the start of
the class path so that they override any existing dependency that
contains the same classes.

Closes gh-6520
8 years ago
Andy Wilkinson 5527e3fdad Fix SpringApplicationHierarchyTests following latest Neo4j changes
See gh-7391
8 years ago
Johnny Lim 8038882d46 Polish
Closes gh-7403
8 years ago
Andy Wilkinson 387a406aad Merge branch '1.4.x' into 1.5.x 8 years ago
Phillip Webb 449b42ffa0 Polish LinksEnhancer to use endpoint name
See gh-7164
See gh-7132
8 years ago
Madhura Bhave ada02232b9 Change LinksEnhancer to use endpoint name
Update `LinksEnhancer` to use NamedEndpoint names as rel names. If the
endpoint name is not available, fallback to endpoint path. Allow
multiple hrefs per rel if path is different.

Fixes gh-7132
Closes gh-7164
8 years ago
Madhura Bhave 0e3a3df6f4 Return log levels in `/loggers` endpoint payload
Update `LoggersEndpoint` to additionally return the log levels actually
supported by the system.

Fixes gh-7396
8 years ago
Phillip Webb 764f13453a Merge branch '1.4.x' into 1.5.x 8 years ago
Phillip Webb bacf0878af Polish 8 years ago
Andy Wilkinson 24cc5d5644 Give javac's type inferencing a helping hand 8 years ago
Andy Wilkinson 22e456a177 Merge branch '1.4.x' into 1.5.x 8 years ago
Madhura Bhave 2697bf2ba1 Add Content-Type to allowed headers for CloudFoundry actuators
See gh-7108
8 years ago
Madhura Bhave af61278213 Extend HealthMvcEndpoint for Cloud Foundry
The CloudFoundryHealthMvcEndpoint does not perform additional
security checks since security is handled by the interceptor.

See gh-7108
8 years ago
Madhura Bhave a3bcb2778f Add message to response body for Cloud Foundry security error
See gh-7108
8 years ago
Spring Buildmaster e712a9ba8c Next Development Version 8 years ago
Andy Wilkinson 2e76687d17 Merge branch '1.4.x' into 1.5.x 8 years ago
Andy Wilkinson 5f44598d8b Remove use of static import that Checkstyle prohibits 8 years ago
Andy Wilkinson 218d28f74c Merge branch '1.4.x' into 1.5.x 8 years ago
Andy Wilkinson 33dcd853fd Ensure that health endpoint remains insecure without Spring Security
The changes made in 6a2ac080 mean that getSecurity() on
ManagementServerProperties will no longer return null when Spring
Security is on the classpath. This had the unwanted side-effect of
causing the health endpoint to hide its details when Spring Security
was not on the classpath.

This commit reinstates the previous behaviour by only considering
the health endpoint to be secure if Spring Security is on the
classpath and management.security.enabled is true.

Closes gh-7345
8 years ago
Madhura Bhave 82f89b4ac1 Add custom headers to allowed CORS headers for CF actuators
Update CORS configuration to support Authorization and X-Cf-App-Instance.

See gh-7108
8 years ago
Stephane Nicoll 01e66ecbd5 Merge branch '1.4.x' into 1.5.x 8 years ago
Stephane Nicoll 2c71cb8efd Polish 8 years ago
Stephane Nicoll 4407194c00 Replace sample by integration test
Closes gh-3888
8 years ago
Phillip Webb 6c76353682 Default `management.cloudfoundry.enabled` to true
Update `CloudFoundryActuatorAutoConfiguration` so that it is enabled
when `management.cloudfoundry.enabled` is missing.

See gh-7108
8 years ago
Madhura Bhave a77cfc3b0e Skip SSL validation when calling Cloud Foundry
Update CloudFoundrySecurityService so that SSL validation is not
required. We're unlikely to have configured public keys for the
REST endpoints we need to call. Since the endpoints are provided via
environment variables we can implicitly trust them.

See gh-7108
8 years ago
Madhura Bhave 862a06eb7a Add POST to allowed CORS methods for CF actuators
Update CORS configuration to support POST.

See gh-7108
8 years ago
Madhura Bhave 1005feb27d Update discovery endpoint to respect AccessLevel
Change `CloudFoundryDiscoveryMvcEndpoint` so that `AccessLevel` rights
are consulted so that only accessible links are returned.

See gh-7108
8 years ago
Madhura Bhave 340f1d5574 Add security for Cloud Foundry actuators
Add security to Cloud Foundry actuator endpoints. Security is enforced
by a `HanderInterceptor` on `CloudFoundryEndpointHandlerMapping`. Each
endpoint call expects an 'Authorization' header containing a bearer
token. The token signature is checked against the UAA public keys then
passed to the Cloud Controller to obtain an ultimate access level.

The client may either have 'RESTRICTED' or FULL' access, with the latter
only providing access to a limited set of endpoints.

See gh-7108
8 years ago
Phillip Webb 81c5753f4d Merge branch '1.4.x' into 1.5.x 8 years ago
Phillip Webb 6a2ac080ac Create our own SessionCreationPolicy enum
Update `ManagementServerProperties` so that `security.sessions` no
longer uses `SessionCreationPolicy` from Spring Security. We now
use our own enun which allows `management.security.*` properties to
be set without the risk of a `ClassNotFoundException`.

Fixes gh-3888
8 years ago
Andy Wilkinson bdfceae24c Merge branch '1.4.x' into 1.5.x 8 years ago
Andy Wilkinson 97e5e32496 Make sure the MetricsFilter uses committed response's status
Previously, if an exception was thrown during request handling after
the response had been committed, i.e. after the status and headers
had been written, the metrics filter would assume that it was a 500
response. This was potentially inaccurate as the status had already
been sent to the client and before the exception was thrown and it
may have been something other than a 500.

This commit updates MetricsFilter so that it will use the
status from the response if the response has been committed even when
an exception is thrown.

Closes gh-7277
8 years ago
Andy Wilkinson fe50b2019e Merge branch '1.4.x' into 1.5.x 8 years ago
Andy Wilkinson b191974faa Reflect Java 7/8 differences in javadoc for metric repository auto-config
Closes gh-6985
8 years ago
Phillip Webb 5b66ffbb4b Merge branch '1.4.x' into 1.5.x 8 years ago
Phillip Webb 60355e0e11 Fix ResourceHttpRequestHandler delegate
Fix ResourceHttpRequestHandler to set the ServletContext following the
Spring Framework update for SPR-14851.
8 years ago
Johnny Lim 7bb63238ab Fix typo
Closes gh-7253
8 years ago
Stephane Nicoll c4d8fb1c09 Merge branch '1.4.x' into 1.5.x 8 years ago
Stephane Nicoll 6d50e26b70 Polish contribution
Closes gh-7215
8 years ago
Madhura Bhave 9bde1e89cb Move some tests to AbstractEndpointHandlerMapping
See gh-7108
8 years ago
Phillip Webb a448183681 Polish `/loggers` actuator endpoint
See gh-7086
8 years ago
Ben Hale 06cb4fcca5 Add `/loggers` actuator endpoint
Add `LoggersEndpoint` that can enables listing and configuration of log
levels. This actuator builds on top of the `LoggingSystem` abstraction
and implements support for Logback, Log4J2, and JUL.  The LoggingSystem
interface is modified to require each implementation to list the
configuration of all loggers as well as an individual logger by name.

The MVC endpoint exposes these behaviors at `GET /loggers` and
`GET /loggers/{name}` (much like the metrics actuator).

In addition `POST /loggers/{name}` allows users to modify the level for a given
logger. This modification is passed to the logging implementation, which
then decides, as an internal implementation detail, what the final outcome
of the modification is (e.g. changing all unconfigured children). Users
are then expected to request the listing of all loggers to see what has
changed internally to the logging system.

Closes gh-7086
8 years ago
Stephane Nicoll aec85787d2 Merge branch '1.4.x' into 1.5.x 8 years ago
Johnny Lim eb7c0e4dc8 Remove unused
Closes gh-6966
8 years ago
Phillip Webb 2ba978b4ad Polish 8 years ago
Madhura Bhave ab81d993e6 Add CloudFoundryDiscoveryMvcEndpoint
Update Cloud Foundry support with a discovery endpoint that shows what
endpoints are available.

See gh-7108
8 years ago
Madhura Bhave 7afb161fcf Add CloudFoundry EndpointHandlerMapping
Add a CloudFoundryEndpointHandlerMapping that can expose actuator
endpoints for Cloud Foundry "appsmanager" to use.

See gh-7108
8 years ago
Andy Wilkinson a416f496c0 Clean up deprecation and unused code warnings 8 years ago
Madhura Bhave 7352d8e303 Improve EndpointHandlerMapping subclassing support
Update EndpointHandlerMapping so that it can be subclasses easily.
Subclasses can override the `path` that is used to map the endpoint,
allowing different mapping strategies to be used.

See gh-7108
8 years ago
Madhura Bhave 0be8a30276 Add EndpointHandlerMapping.getEndpoints(Class)
Add an additional method to EndpointHandlerMapping which allows
endpoints of a specific type to be returned.

See gh-7108
8 years ago
Madhura Bhave 7f1ff968a1 Support NamedMvcEndpoints
Introduce a new NamedMvcEndpoint interface which can be used when an
MvcEndpoint also has a logical name. Existing MvcEndpoints have been
reworked to implement the NamedMvcEndpoint interface.

Fixes gh-7156
8 years ago
Madhura Bhave 0f5007d69d Drop superfluous disabled check
Remove EndpointWebMvcManagementContextConfiguration `disabled` logic
since the configuration should even be processed when the management
port is `-1`.

Closes gh-7154
8 years ago
Madhura Bhave 84d0e8acd8 Fix EndpointHandlerMappingTests path references
Fix the TestEndpoint constructor to use an ID parameter rather than
path.
8 years ago
Phillip Webb d818a09ed8 Polish 8 years ago
Stephane Nicoll cfee9bab81 Deprecate remote shell support
Closes gh-7044
8 years ago