Commit Graph

541 Commits (4ad5c52dd7516df86f33bc00ff83f09253ebc5c0)

Author SHA1 Message Date
Phillip Webb 44d81d43f6 Merge branch '1.1.x' 10 years ago
Phillip Webb bd83aca63f Fix InMemoryAuditEventRepository search by date
Update InMemoryAuditEventRepository to consider the date when searching
for events. Also switch to a circular buffer implementation and update
the capacity to limit the total number of items rather than limiting
per principal.

Fixes gh-2291
10 years ago
Phillip Webb 1f775793ee Use Collections.addAll(...) instead of for loops
Replace various for loops which add items to collections with calls
to Collections.addAll(...).

Fixes gh-2277
10 years ago
Mathieu Bernatet bf839e57a5 Fix global `endpoints.enabled` property support
Update AbstractEndpoint to correctly support the `endpoints.enabled`
property. Also fix EnvironmentEnpoint which would previously prevent
the Environment from being set.

Fixes gh-2264
Closes gh-2265
10 years ago
Stephane Nicoll 0a19fd0af0 Merge branch '1.1.x' 10 years ago
Stephane Nicoll 38594cd820 Remove unused code
Closes gh-2244
10 years ago
Dave Syer 94b06be683 Change bean name metricReporitory -> actuatorMetricRepository
Fixes gh-2189
10 years ago
Phillip Webb d7a12a8791 Remove superfluous semi-colons 10 years ago
Phillip Webb 0702b4e7e3 Merge branch '1.1.x'
Conflicts:
	spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcAutoConfigurationTests.java
	spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/WebMvcAutoConfiguration.java
10 years ago
Phillip Webb 96d479c3d9 Make RequestMappingHandlerMapping @Primary
Update WebMvcAutoConfiguration so that the RequestMappingHandlerMapping
bean is @Primary. Prior to this commit a NoUniqueBeanDefinitionException
would be thrown then using the MvcUriComponentsBuilder.

Fixes gh-2237
10 years ago
izeye bff41358bf Remove unecessary semicolon 10 years ago
Phillip Webb 98135c964b Remove Principal handler logic from security
Update ManagementSecurityAutoConfiguration so that MVC Endpoints that
have Principal arguments are not treated in any special way. This
restores Spring Boot 1.1.x behavior where the 'sensitive' flag is used
to determine access rules.

The HealthMvcEndpoint still uses the Principal (when available) to
determine if full status information can be displayed. It now also
explicitly checks the environment for `endpoints.health.sensitive`
to determine if the user has opted-out and requires complete health
details.

The health MVC endpoint should now work as follows:

* Default configuration - No login is required, full information is only
  displayed if a Principal is available.
* endpoints.health.sensitive=true - Login is required, full information
  is displayed.
* endpoints.health.sensitive=false - Login is not required, full
  information is displayed.

Fixes gh-2211
10 years ago
Phillip Webb 8628adcb74 Order EmbeddedServletContainerCustomizers
Add Ordered interface to all EmbeddedServletContainerCustomizers with
a value of 0. Prior to this commit it was difficult for a user to
define a customizer that would be applied before ours, even if they
implemented Ordered or added @Order annotations.

Fixes gh-2123
10 years ago
izeye 3784959b6f Rename SecurityPrequisite -> SecurityPrerequisite
Closes gh-2179
10 years ago
Alex Panchenko 8f869e6be3 Remove duplicate "should" word from README 10 years ago
Phillip Webb 9f31e09cf0 Fix 'pid' references in the PortFileWriter
Fix numerous copy-paste errors in EmbeddedServerPortFileWriter
where PID concepts are referenced.

Fixes gh-2161
10 years ago
Phillip Webb 5dd40e6999 Polish 10 years ago
Stephane Nicoll 11f5c76968 Properly guard ManagementSecurityAutoConfiguration
ManagementSecurityAutoConfiguration fully relies on the presence of a
web environment, yet the configuration class itself was not guarded by
`@ConditionalOnWebApplication` (while nested config where).

This turned out to be a problem for command-line applications using
spring security (i.e. CRaSH integration).

Fixes gh-2112
10 years ago
Stephane Nicoll e96f75fdc1 Fix management endpoint without Spring Security
The method 'injectIntoSecurityFilter' added In 3c1e48c assumes that
Spring security is in the classpath so any management endpoints that are
deployed on a different port requires Spring Security all the sudden.

This commit separates the creating of the EndpointHandlerMapping in two
mutually exclusive @Configuration: one that is triggered if Spring
Security is not in the classpath and one that is triggered if Spring
Security is in the classpath. The latter apply the security filter in the
endpoint mapping if it exists.

Fixes gh-2124
10 years ago
Stephane Nicoll f8141cbb95 Restore use of management.health.*.enabled keys
The move of health.* keys to management.health.* broke them as they
are not defined as configuration keys and `ManagementServerProperties`
is strict on the whole management namespace.

This commit updates the tests to actually include that properties class
and relax the "ignoreUnknownFields" condition so that extra attributes
can be defined on the "management" namespace.

Fixes gh-2115
10 years ago
Spring Buildmaster 63e6a25097 Next development version 10 years ago
Spring Buildmaster 1a788c1741 Next development version 10 years ago
Phillip Webb c678c1f788 Polish 10 years ago
Phillip Webb a27217ae43 Provide a way to opt-in to endpoint enablement
Update AbstractEndpoint so that the `enable` property is optional and
when it not specified the `endpoints.enabled` property will be used.

This allows users to switch the way that endpoints are enabled. Rather
than opting-out specific endpoint enablement the `endpoints.enabled`
property can be set to `false` and specific endpoints can be opted-in.

Fixes gh-2102
10 years ago
Dave Syer de3ce18ad6 Defensive check for cglib proxy in RequestMappingEndpoint
Since AbstractHandlerMethodMapping.getHandlerMap() is final it can't
be cglibbed and a proxy will barf if you try and call that method.
The RequestMappingEndpoint can be protected simply by defensively
checking if the mapping is a proxy before trying to inspect it.
10 years ago
Phillip Webb b63922d59d Polish 10 years ago
Stephane Nicoll d33c0ebf8f Fix data type of telnet and ssh ports
Define shell.ssh.port and shell.telnet.port as integer properties
so that the generated meta-data exposes the proper type.

Fixes gh-2076
10 years ago
Phillip Webb 4b7c6f61b4 Polish 10 years ago
Phillip Webb fc746b802a Polish 10 years ago
Stephane Nicoll f40f17a758 Add missing description 10 years ago
Phillip Webb d7c61ef01c Drop ShellProperties.setAdditionalProperties
Drop the setAdditionalProperties method from ShellProperties to ensure
that it is not included in the meta-data JSON. The additional properties
are usually wired in using @Autowired and it is pretty unlikely that
anyone is using the setter directly.

Fixes gh-2055
10 years ago
Dave Syer 0b19884f58 Remove unecessary reflection hacks 10 years ago
Phillip Webb 4c7cc58a19 Correct ApplicationPidFileWriter property javadoc
Fixes gh-2041
10 years ago
Dave Syer 9de82f9c69 Add some space between the trace filter and the end of the chain 10 years ago
Phillip Webb 09dac5ff00 Apply formatting and cleanup rules 10 years ago
Phillip Webb 48db5457f1 Polish 10 years ago
Phillip Webb 237defaf18 Merge branch '1.1.x' 10 years ago
Phillip Webb 41c15f205f Polish concurrent gaugeLocks map access
See gh-1995
10 years ago
Phillip Webb 53637eaa7c Merge branch '1.1.x'
Conflicts:
	spring-boot/src/main/java/org/springframework/boot/logging/LoggingApplicationListener.java
10 years ago
Phillip Webb 49858a0ff1 Fix concurrent gaugeLocks map access
Use putIfAbsent to ensure atomic creation of lock objects.

Fixes gh-1995
10 years ago
Dave Syer 3c1e48c89a Better handling of anonymously accessible endpoints
Shares the /health endpoint request mapping between security config
and MVC dispatcher. Generalizes so that instead of a marker
interface (AnonymouslyAccessibleMvcEndpoint), an MvcEndpoint
signals that it wants to control its own access rules by adding
a Principal to the @RequestMapping method parameters (more @MVC).

Fixes gh-2015 slightly differently
10 years ago
Andy Wilkinson 2ce057ca96 Allow /health to be accessed anonymously irresepctive of its sensitivity
The changes in 3bb598a overload the health endpoint's sensitive
property such that it's now considered sensitive if management
security is enabled. When an endpoint is sensitive anonymous
access is prevented. This breaks the health endpoint which should
return a filtered view of the server's health when it's accessed
anonymously rather than rejecting the request.

This commit introduces AnonymouslyAccessibleMvcEndpoint, a marker
extension of the MvcEndpoint interface. It is implemented by
HealthMvcEndpoint. ManagementSecurityAutoConfiguration has been
updated to allow anonymous access to endpoints that aren't sensitive
or that implement AnonymouslyAccessibleMvcEndpoint.

Fixes gh-2015
10 years ago
Stephane Nicoll 65e9d6a6e0 Add property description
Set the field javadoc of many properties that are managed via
configuration so that the "description" field is available in the
meta-data.

Closes gh-1808
10 years ago
Spencer Gibb 2fb4d2ece6 Check if managementServerProperties.getSecurity() is not null
before checking isEnabled(). It is explicitly constructed as null
in ManagementServerProperties to prevent class not found errors
at runtime when Security is not on the classpath.

Fixes gh-2003, fixes gh-2004
10 years ago
Dave Syer 3bb598a421 Only hide /health details if the app is actually secure
Also gives the user the option to override (by setting
endpoints.health.sensitive=false).

Fixes gh-1977 in a slightly different way
10 years ago
Andy Wilkinson 337e9bd013 Use and wait for a latch to check that the interceptor is called
Spring MVC drives the postHandle method on any interceptors after the
response has been sent to the client. This meant that there was a
race between the test receiving the response and asserting that the
interceptor had been driven and Spring MVC driving the interceptor.

This commit updates the interceptor to use a CountDownLatch to track
whether or not it's been called. The test now waits for up to 30
seconds for the latch to be decremented.

Closes gh-1997
10 years ago
Andy Wilkinson 26a511495e Allow the user to opt-out of anonymous access restrictions for /health
By default, when /health is accessed anonymously, the details are
stripped, i.e. the response will only indicate UP or DOWN. Furthermore
the response is cached for a configurable period to prevent a denial
of service attack.

This commit adds a configuration property,
endpoints.health.restrict-anonymous-access, that can be set to false
to allow full anonymous access to /health. When full access is
allowed, the details will be included in the response and the response
will not be cached.

Closes gh-1977
10 years ago
Andy Wilkinson 5854ea189e Make TestInterceptor thread-safe
Previously, TestInterceptor used an int to keep a count of how often
it had been called. The count was incremented on one thread and
read on another thread. This lead to intermittent test failures as the
field was not declared volatile and a stale value would sometimes be
returned.

This commit updates TestInterceptor to use an AtomicInteger that's
held in a final field. This ensures that getCount() will not return
stale values and also ensures that the count can safely be incremented
concurrently.

Closes gh-1997
10 years ago
Stephane Nicoll 76451d13f5 Add metadata for info.*
Closes gh-1993
10 years ago
Dave Syer 9db86bbd2a Lookup metadata bean from context instead of injecting
That way, if there is one, it will always be the right one
(otherwise you might be processing teh parent context with
metadata from the child).

Fixes gh-1982
10 years ago