Commit Graph

664 Commits (6575b31fb141fc843e64210bf9bbb99e46bda352)

Author SHA1 Message Date
Phillip Webb 80ac1fb0cd Polish 11 years ago
Phillip Webb 22e397cda2 Polish 11 years ago
Dave Syer 6657e3ef84 More care taken with management.contextPath
The management.contextPath property should now be respected in a
secure application, whether or not the management.port is different.

Added some test cases in the sample to verify.

Fixes gh-469
11 years ago
Dave Syer c9efa5ac13 Allow non-string return from health query 11 years ago
Spring Buildmaster b0d4e8ae69 Next development version 11 years ago
Spring Buildmaster cb8668a151 Release version 1.0.0.RC4 11 years ago
Phillip Webb 99350a2216 Tidy ConfigurableEmbeddedServletContainerFactory
Rename ConfigurableEmbeddedServletContainerFactory to
ConfigurableEmbeddedServletContainer and extract
AbstractConfigurableEmbeddedServletContainer from
AbstractEmbeddedServletContainerFactory.
11 years ago
Phillip Webb 468728a2c0 Polish 11 years ago
Dave Syer 07b88630f4 Be defensive with auto-config of Servlet 3.0 features
There's no explicit support for older Servlet specs in Spring Boot,
but we can at least make it easy for others to provide such
support by not adding stuff to the context when in an older container.
11 years ago
Dave Syer b0b7bc0e7f Fix tests
Some assumptions were being made in tests, e.g. about
there being an AuthenticationManager @Bean, which were
false with the new Security 3.2.1 updates from Rob.

Also parent-child contexts with the actuator were
problematic because they didn't exclude the web configuration
for the management security in the parent context.

Fixes gh-244
11 years ago
Rob Winch 6b0eba3759 Update to Spring Security 3.2.1
Also change strategy for defaulting of Authentication. Spring
Boot authentication defaults are now encapsulated and can easily
be overridden by a user defined AuthenticationManager.
11 years ago
Dave Syer 13e040c06e Add ErrorWrapperEmbeddedServletContainerFactory for error pages in WARs
Error pages are a feature of the servlet spec but there is no Java API for
registering them in the spec. This filter works around that by accepting error page
registrations from Spring Boot's EmbeddedServletContainerCustomizer (any beans
of that type in the context will be applied to this container).

In addition the ErrorController interface was enhanced to provide callers
the option to suppress logging.

Fixes gh-410
11 years ago
Dave Syer 82f49abeba Expose setter for Map store in InMemoryMetricRepository
User can then use a weak reference map (for instance), if worried
about memory usage.
11 years ago
Phillip Webb 083cb388c0 Upgrade to Spring Security 3.2.1
Fixes gh-392
11 years ago
Phillip Webb cf23b519d2 Polish 11 years ago
Dave Syer 08d8cb8efd Add /mappings endpoint
Lists AbstractUrlMappings and AbstractHandlerMethodMappings
in a loose Map structure. E.g.

{
  "/**/favicon.ico": {
    "bean": "faviconHandlerMapping"
  },
  "/**": {
    "bean": "resourceHandlerMapping"
  },
  "/webjars/**": {
    "bean": "resourceHandlerMapping"
  },
  "{[/error],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}":
     {
       "bean": "requestMappingHandlerMapping",
       "method": "public java.util.Map<java.lang.String, java.lang.Object> org.springframework.boot.actuate.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)"
...
}

Fixes gh-378
11 years ago
Dave Syer d98bfdea37 Make sure metricsExecutor is shutdown cleanly
The default executor for publishing metrics was a single
thread (native JDK) ExecutorService with a non-daemon thread.
Changed it to a Spring-managed thread pool of size 1, which
is then shutdown with e ApplicationContext automatically.

Fixes gh-388
11 years ago
Dave Syer b2b487ee5f Add ServletRegistrationBean for DispatcherServlet
Mapping is exposed via server.servletPath.

Fixes gh-379
11 years ago
Dave Syer 0aa3b00fdf Ensure shutdown endpoint is disabled by default
Fixes gh-377
11 years ago
Phillip Webb b69c659d8f Polish 11 years ago
Dave Syer f888567c1d Be defensive about Spring Security dependencies
In particular don't assume that Spring Security Web is on the
classpath, just because Spring Security Core is.

Fixes gh-363
11 years ago
Spring Buildmaster 1367d57e8c Next development version 11 years ago
Spring Buildmaster eaff1677a7 Release version 1.0.0.RC3 11 years ago
Dave Syer 8de9890757 Add scope=test to hsqldb (fixes #330) 11 years ago
Christian Dupuis af75dd0e40 Move remaining properties for consistency 11 years ago
Phillip Webb ed9735361e Apply source cleanup and formatting 11 years ago
Phillip Webb 80f2336f17 Polish 11 years ago
Ben c251e33bf8 Document that applicaiton.yml requires snakeyaml
Update documentation to reference the need for a yaml library to be on
the classpath.

Fixes gh-313
11 years ago
Phillip Webb 8763fab0e7 Extract inner configuration property classes
Extract all inner @ConfigurationProperties classes from @Configuration
classes for consistency.
11 years ago
Phillip Webb 37c2c89bcb Restructure packages
Improve package structure and attempt to co-locate related classes.
11 years ago
Phillip Webb 31c385470e Update ErrorMvcAutoConfiguration for Spring 4
Update ErrorMvcAutoConfiguration thymeleaf condition to use the
`spring4` package.

Fixes gh-310
11 years ago
Phillip Webb 676cacd308 Use '-1' to disable management port
Update `EndpointWebMvcAutoConfiguration` to use '-1' to indicate that
the management context should be disabled. This brings consistency
between the server settings and the management settings and allows '0'
to be used to pick a random port.

Fixed gh-311
11 years ago
Phillip Webb f7d4490b2d Fix package tangle with AutoConfigurationReport
Rename AutoConfigurationReport to ConditionEvaluationReport and
co-locate with conditions.
11 years ago
Christian Dupuis 5e2cfe1cfe Add some javadoc. Fix typos. 11 years ago
Phillip Webb 6431fef91e Polish 11 years ago
Christian Dupuis 3911ce3e29 Filter out CGLIB generated bean properties from configuration properties report 11 years ago
Christian Dupuis 6519ee0171 Change order of properties in endpoint mbean objectNames to make display in jconsole nicer 11 years ago
Dave Syer 2bd6026a2a Exclude null and empty properties from /autoconfig 11 years ago
Christian Dupuis 5cf2387e58 Append context id to objectName of Endpoint MBeans if name already exists in MBeanServer 11 years ago
Dave Syer 4d608f20e9 Support for AuthenticationManagerBuilder injection into user code
Spring Boot provides a default AuthenticatiomManager for getting
started quickly with security and never exposing insecure
endpoints. To override that feature as users move to the next
stage in their project, they may have to do something slightly
different depending on whether it is a webapp or not.

In any app (web or not), providing a @Bean of type
AuthenticationManager always works, but you don't get the benefit of
the builder features.

In a webapp the user can also extend WebSecurityConfigurerAdapter
to provides a custom AuthenticationManager, and the preferred
way of doing that is via a void method that is autowired with an
AuthenticationManagerBuilder. The default AuthenticationManager is
built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so
to override it the user's confugrer must have higher precedence
(lower @Order).

@EnableGlobalMethodSecurity can also be used in a non-webapp, and
Spring Boot will still provide a default AuthenticationManager.
To override it the user has to either extend
GlobalMethodSecurityConfiguration or provide a @Bean of type
AuthenticationManager (there's no other way to
capture the AuthenticationManagerBuilder that doesn't happen too late
in the beans lifecyle).

Fixes gh-244
11 years ago
Christian Dupuis 07238b1ce8 Restructure /configprops output
/configprops output now contains the prefix from @ConfigurationProperties as wells as bean name and actual properties

fixes #267
11 years ago
Christian Dupuis 7681d0841f Add missing bean property getters 11 years ago
Christian Dupuis efe8494f46 Remove hard coded bean names for couple of @ConfigurationProperties beans 11 years ago
Dave Syer 5a7d89c9a9 Look in parent context for Endpoints to expose
Fixes gh-275
11 years ago
Dave Syer 2d54b54d81 Listen for parent close events and close child context
If the context hierarchy is from a SpringApplication we can control
the shutdown semantics a bit. Specifically we need a listener in the child context
that will shut it down when the parent closes (since assummably the child relies
on beans in the arent that may now be disposed).

Fixes gh-275
11 years ago
Phillip Webb e545e5aa32 Polish 11 years ago
Dave Syer 195eb9f9bc Updates to redis repositories
* Ensure prefix ends with period
* Allow prefix and key index to be set separately
11 years ago
Dave Syer a2f70c6f4f Add javadocs to some Metrics interfaces
Fixes gh-250
11 years ago
Phillip Webb 43e54d38f7 Make fields private where possible 11 years ago
Phillip Webb 0160760568 Apply latest eclipse cleanup rules 11 years ago
Phillip Webb ac54d7fe3c Final polish before 1.0.0.RC1 11 years ago
Phillip Webb cdda330acd Update copyright header for files changed in 2014 11 years ago
Dave Syer 433d049544 Make some dependencies optional 11 years ago
Dave Syer 8f4059147c Revert "Upgrade to Tomcat 7.0.50"
This reverts commit 3d60696b9b.
11 years ago
Phillip Webb 68293f34af Upgrade version to 1.0.0.BUILD-SNAPSHOT
Fixes fg-243
11 years ago
Phillip Webb 3d60696b9b Upgrade to Tomcat 7.0.50
Upgrade to Tomcat 7.0.50, working around the potential
NullPointerException by also adding dependencies to
tomcat-embedded-jasper (which is now also required for Hibernate
Validator 5.0, see commit 377953babd)

Fixes gh-245
11 years ago
Phillip Webb e38f10d7a6 Upgrade CRaSH shell to 1.3.0-beta14 11 years ago
Rob Winch 6c5701bacd Use @Autowired AuthenticationManagerBuilder
Update documentation to use @Autowired AuthenticationManagerBuilder.

Fixes gh-244
11 years ago
Dave Syer 8db1d0e044 Fix some TODOs 11 years ago
Phillip Webb 0a6074be6f Fix failing test due to cache timeout property
Related to gh-232
11 years ago
Phillip Webb 47da8a817a Polish 11 years ago
Dave Syer b1db714c23 Allow @EnableGlobalMethodSecurity in a non webapp
Fixes gh-202
11 years ago
Christian Dupuis b8b948d366 Migrate JolokiaAutoConfiguration to use ConfigurationProperties instead of accessing the environment directly to obtain configuration properties 11 years ago
Dave Syer c8152bfc70 SpringBootTestUtils->EnvironmentTestUtils 11 years ago
Dave Syer 478e655758 Change algorithm for determining active profile from external config
Instead of adding active prpfiles for every one we encounter, we need to
build up a complete "default" Environment and then ask it what the active
profiles are. Implemented in ConfigFileApplicationListener.

Fixes gh-198
11 years ago
Dave Syer 7d846c835a Allow user to disable all JMX exports with spring.jmx.enabled 11 years ago
Dave Syer 561cb3a50f TestUtils -> SpringBootTestUtils 11 years ago
Dave Syer 321ce3aad2 TestUtils -> SpringBootTestUtils 11 years ago
Dave Syer 633dea9d80 Add declarative ApplicationListener 11 years ago
Dave Syer 3dacf4be17 Migrate Logging and Liquibase initializers to be listeners 11 years ago
Phillip Webb 6b3e79e693 Polish 11 years ago
Phillip Webb 1bcd3de7b5 Polish 11 years ago
Dave Syer aa2b020660 Refactor metrics to expose richer feature set
Main user-facing interface is still Counter/GaugeService but the
back end behind that has more options. The Default*Services write
metrics to a MetricWriter and there are some variants of that, and
also variants of MetricReader (basic read-only actions).

MetricRepository is now a combination of MetricReader, MetricWriter
and some more methods that make it a bit more repository like.

There is also a MultiMetricReader and a MultiMetricRepository for
the common case where metrics are stored in related (often open
ended) groups. Examples would be complex metrics like histograms
and "rich" metrics with averages and statistics attached (which
are both closed) and "field counters" which count the occurrences
of values of a particular named field or slot in an incoming message
(e.g. counting Twitter hastags, open ended).

In memory and redis implementations are provided for the repositories.
Generally speaking the in memory repository should be used as a
local buffer and then scheduled "exports" can be executed to copy
metric values accross to a remote repository for aggregation.
There is an Exporter interface to support this and a few implementations
dealing with different strategies for storing the results (singly or
grouped).

Codahale metrics are also supported through the MetricWriter interface.
Currently implemented through a naming convention (since Codahale has
a fixed object model this makes sense): metrics beginning with "histogram"
are Histograms, "timer" for Timers, "meter" for Meters etc.

Support for message driven metric consumption and production are provided
through a MetricWriterMessageHandler and a MessageChannelMetricWriter.

No support yet for pagination in the repositories, or for HATEOAS style
HTTP endpoints.
11 years ago
Christian Dupuis 384dfc91e3 Fix some tests to prevent JMX registration issues 11 years ago
Christian Dupuis 4ed4ed905d Make EndpointMBeanExportAutoConfiguration public 11 years ago
Christian Dupuis 06ffcdd3cc Change configuration to use ConfigurationProperties instead of direct access to environment for MBean export 11 years ago
Christian Dupuis 65d6757a10 Rework EndpointMBeanExporter to prevent name clashes and to provide more flexibility in naming of endpoint MBeans 11 years ago
Dave Syer 8e2a6eec2a Add database query defaults in SimpleHealthManager 11 years ago
Dave Syer 063403a043 Close connection properly in /health
Fixes gh-181
11 years ago
Dave Syer fa507005cd Use ServletWrappingController for jolokia instead of Servlet
We get more control over the handling and in particular the registration
of the endpoint this way. It was practically impossible to disable the
AgentServlet bean when in a parent context of the management server
because of lifecyce issues - you don't know that the user wants a
separate management server until too late.

This approach also makes it possible to test with spring-test MVC
support.
11 years ago
Christian Dupuis 72ae5d5a97 Rename invoke JMX operation
Rename invoke JMX operation to getData for endpoints that provide actuator data. Special case for ShutdownEndpoint to provide a shutdown method.
11 years ago
Christian Dupuis 31f7807acf Change naming strategy for endpoint mbeans 11 years ago
Dave Syer e2c962ac28 Switch to thymeleaf-spring4 11 years ago
Phillip Webb d6dbbebc88 Polish 11 years ago
Phillip Webb 7c78b74a76 Minor polish 11 years ago
Phillip Webb 43b820a7d3 Rename Endpoint path to ID 11 years ago
Dave Syer 451acb5679 Move JolokiaEndpoint so it is not an Endpoint 11 years ago
Dave Syer 7f1264bb65 Replace @FrameworkEndpoint with MvcEndpoint interface 11 years ago
Dave Syer 87e00cfae9 Extract MVC concerns completely from Endpoint implementations 11 years ago
Dave Syer 6443800038 Add actuator-noweb sample 11 years ago
Dave Syer 332f23a0ee Add parent properties to config props endpoint 11 years ago
Dave Syer bbac4ea9fb @FrameworkEndpoint replaces EndpointHandlerAdapter 11 years ago
Christian Dupuis 5a978e2f31 Change strategy from ApplicationListener to SmartLifecycle to avoid multiple registration attempts for the same beans
When running with parent/child application contexts the previous implementation was trying to re-register the same beans with JMX which led to errors.
11 years ago
Christian Dupuis 0a04b74379 Allow configuration of domainName and key for endpoint JMX export 11 years ago
Christian Dupuis cd1a228210 Allow Endpoint JMX export to be switched off 11 years ago
Christian Dupuis 32818515b7 Expose endpoints via JMX
Actuator endpoints are now being exposed over JMX.
11 years ago
Phillip Webb 513c6a1de2 Polish 11 years ago
Phillip Webb 85fb1cba0b Rework HttpMessageConverters 11 years ago
Dave Syer b72002142d Split MessageConverters auto config out into separate class 11 years ago
Dave Syer c78973e375 MessageConverters -> HttpMessageConverters 11 years ago
Dave Syer c2b499c775 Support for @Beans of type HttpMessageConverter, and Jackson specific details
You can contribute additional HttpMessageConverters
by simply adding beans of that type in a Spring Boot
context. If a bean you add is of a type that would have been included
by default anyway (like MappingJackson2HttpMessageConverter for JSON
conversions) then it will replace the default value. A convenience
bean is provided of type MessageConverters (always available if you
use the default MVC configuration) which has some useful methods to
access the default and user-enhanced message converters (useful, for
example if you want to manually inject them into a custom
RestTemplate).

There are also some convenient configuration shortcuts for Jackson2.
The smallest change that might work is to just add beans of type
Module to your context. They will be registered with the default
ObjectMapper and then injected into the default message
converter. In addition, if your context contains any beans of type
ObjectMapper then all of the Module beans will be registered with
all of the mappers.
11 years ago
Dave Syer beef5cfd31 Prevent type not present exception when no security on classpath 11 years ago
Dave Syer b05ffd1164 Add extra condition to security properties config 11 years ago
Dave Syer 1db28e5b92 Prevent cryptic exception if SecurityProperties not created
Previously if a user happened to provide an @EnableWebSecurity bean
the SecurityProperties would not be created, which is fine until you
add the Actuator (which needs them). Fixed by adding an explicit
SecurityProperties @Bean if not already present.
11 years ago
Dave Syer 023faf092f Fix broken test 11 years ago
Dave Syer bcae284dd9 Add a shim Endpoint if management context is child
When management endpoints are on a different port the HandlerMappings
are restricted to a single EndpointHandlerMapping, so the error
controller (which is a normal @Controller with @RequestMappings) does
not get mapped.

Fixed by addinga shim Endpoint on "/error" that delegates to the
ErrorController (which interface picks up an extra method).
11 years ago
Dave Syer 884fd0125a Add some handler adapter tests 11 years ago
Dave Syer 2104d9a1e2 Prevent failure of web app with parent context
ServerProperties formerly had an @OnMissingBeanCondition
that didn't restrict the hierarchy. It also asserts that
the current context (not including parents) contains such
a bean. This led to an inevitable failure when there was
an existing instance in the parent context.

Fixed by a) searching only the current context, b) not
adding a ServerProperties bean if the context is not a
web app.
11 years ago
Christian Dupuis 5661f8fc28 Test key/value sanitization 11 years ago
Christian Dupuis 078933c8fd Add actuator endpoint to expose ConfigurationProperties
This information should probably be also available from the console and log similar to AutoConfigurationReport.
11 years ago
Christian Dupuis 00c8633597 Add missing new exception class 11 years ago
Christian Dupuis 2c67e06b47 Move enablement of endpoints into AbstractEndpoint 11 years ago
Dave Syer e74da3fa73 FIXME test additions 11 years ago
Dave Syer 3e6c1b435f Add @SpringApplicationConfiguration (for integration testing)
Example:

    @RunWith(SpringJUnit4ClassRunner.class)
    @SpringApplicationConfiguration(classes = SampleDataJpaApplication.class)
    public class CityRepositoryIntegrationTests {

    	@Autowired
    	CityRepository repository;

Fixes gh-66.
11 years ago
Dave Syer 3e5e058b02 Ensure /error view is available 11 years ago
Dave Syer 8c9b7bd406 Use SimpleHealthIndicator if DataSource present 11 years ago
Dave Syer 20bede21ad Add support for parent hierarchy in AUtoConfigurationReport 11 years ago
Dave Syer b74a9b2d06 Add tests to FIXME 11 years ago
Dave Syer 171c1366f9 Move shutdown enable flag to the endpoint 11 years ago
Dave Syer 94e2f90793 Ensure endpoints.jolokia.enabled=false switches off jolokia 11 years ago
Phillip Webb f4f668a52b Polish 11 years ago
Phillip Webb 8845c9c279 Fixup for upstream Spring changes 11 years ago
Christian Dupuis 04b7b9b2ca Rework handling of default shell authentication method in the absence of Spring Security
In case Spring Security is missing from the class path, shell auto configuration will now fall back gracefully to simple authentication and emit warning to the console.

fixes #114
11 years ago
Christian Dupuis e69e190ae9 Close application context in test 11 years ago
Christian Dupuis 1b49605749 Make shell username and password configuration properties consistent with general security properties
Now simple authentication for the crsh shell can we configured using shell.auth.simple.user.name and shell.auth.simple.user.password. This is consistent with security.user.name and security.user.password.

fixes #113
11 years ago
Christian Dupuis 2d058570ca Add auto configure support for Jolokia a JMX-HTTP bridge 11 years ago
Christian Dupuis b14c607d36 Add missing tests 11 years ago
Christian Dupuis 405c9d5593 Allow management endpoints to express what http methods they support
Previously a management endpoint was either GET or POST. That requirement seems limited.
11 years ago
Christian Dupuis 845aeecbad Properly close application context in tests 11 years ago
Christian Dupuis cd89691726 Pin order to of crsh auto configuration to happen after any security related configuration
If crsh auto configuration happens too early a AuthenticationManager contributed by SecurityAutoConfiguration will not be detected
11 years ago
Dave Syer 61dd7d1dbb Add port scan to ServerProperties (server.scan=true)
Also moved ServerProperties to autoconfigure project.
11 years ago
Dave Syer bd26b28aa5 Extract actuator security into separate classes
So spring-security + a web app is secure by default
(you don't need the actuator).
11 years ago
Christian Dupuis f3a225f35f Polish and rework default authentication method if a Spring Security AuthenticationManager is available
In case a Spring Security AuthenticationManager is found in the app context the auto configuration will change default shell authentication method to auth against Spring Security. In addition shell access will get protected by the specific role configured in SecurityProperties.Management.

Certainly this can be overridden by providing shell.auth and shell.auth.spring.roles.
11 years ago
Christian Dupuis 43c0c932e6 Ensure telnet connector gets installed if available on the class path 11 years ago
Christian Dupuis 2e926601f2 Polish 11 years ago
Christian Dupuis dba8c01035 Polish 11 years ago
Christian Dupuis e16e23230c Clarify default authentication settings for shell access 11 years ago
Christian Dupuis 41cbbeba79 Re-Introduce authentication specific properties 11 years ago
Christian Dupuis e009d3e47d Polish
Fixed inconsistency in method naming after last polish. Method and class name should use 'crsh' instead of 'crash' to be aligned with CRaSH code base.

Implemented facility to provide custom shell properties by adding beans of type CrshShellProperties to the ApplicationContext.
11 years ago
Christian Dupuis dc252c7417 Remove unnecessary String concatenation 11 years ago
Dave Syer 2f7214002d Update Spring to catch SPR-11069 11 years ago
Phillip Webb 0f85f31960 Polish 11 years ago
Phillip Webb 64f32893bb Source format and clean-up 11 years ago
Phillip Webb 883fd9162f Polish 11 years ago
Dave Syer b39ab925cf Make the AutoConfigurationReportEndpoint path a bit shorter 11 years ago
Phillip Webb dc3d670019 Strip trailing whitespace 11 years ago
Christian Dupuis 1f922f49b0 Switch to placeholders in conditional expressions; Ensure that Crsh auto configuration works without Spring Security 11 years ago
Christian Dupuis a498a7f477 Make simple authentication the default and log default password 11 years ago
Phillip Webb dafeddca09 Rework auto-configure report
Update the auto-configuration report to improve log formatting and to
separate the internal report data-structure from the JSON friendly
endpoint data-structure.
11 years ago
Phillip Webb ab249b034d Rename Outcome -> ConditionOutcome 11 years ago
Christian Dupuis 9f13d291ec Return early if no plugins should be disabled 11 years ago
Phillip Webb b39ed89a6f Increase whitespace around password logging
Increase the whitespace to make the password easier to find in the log.
11 years ago
Dave Syer 68475406eb Really fix it 11 years ago
Dave Syer c144cae600 Comment out security condition pending SPR-11069 11 years ago
Phillip Webb d784cb6a88 Apply eclipse-formatter conventions 11 years ago
Dave Syer 0c79c8913f Ensure AutoConfigurationReport is always present 11 years ago
Greg Turnquist b63016d8fc Create a report based on Boot's autoconfiguration decisions
- Gather autoconfiguration conditional decisiions (true and false)
- Provide an actuator endpoint as one means to read the report
- Define @EnableAutConfigurationReport annotation to turn this feature on
- Tidy up autoconfig report a bit and log it if --debug=true
11 years ago
Christian Dupuis f9caade3cc Fix test assertion 11 years ago
Christian Dupuis 6b599b8483 Add remote shell implementation based on crsh
This commit adds a new starter named spring-boot-starter-shell-crsh and auto configuration support to embed a system shell within Spring Boot applications.

The embedded shell allows clients to connect via ssh or telnet to the Boot app and execute commands. Commands can be implemented and embedded with app.

For sample usage see spring-boot-samples-actuator.
11 years ago
Dave Syer c29d2b1be4 Remove a small race condition 11 years ago
Dave Syer 7e7d4b7d3d Only do Actuator MVC config if in a web app 11 years ago
Dave Syer bd719c1330 Nest the @EnableWebSecurity so it can be added to a condition 11 years ago
Dave Syer 761c2dabd1 Fix build 11 years ago
Dave Syer 1bd65c7487 Make context hierarchies play nicely with actuator 11 years ago
Dave Syer f84df423e8 Better implementation of ignores in security config 11 years ago
Dave Syer e4d594cce5 Avoid registering endpoints if Spring MVC not available 11 years ago
Dave Syer e53dad879d Add sample with form login 11 years ago
Dave Syer 63a2d06767 Explicitly disable security on management endpoints if requested
Previously the management endpoint filter was applied to all requests
if the user had disabled security.management.enabled, but since it
had no security applied it was letting all requests through.

The fix was to explicitly exclude the whole enclosing configuration
and carefully ignore the management endpoints in the normal security
chain.

Fixes gh-100.
11 years ago
Dave Syer 5e9b8c3340 Add missing depdendency 11 years ago
Rob Winch 77b5ad1b0b Update to Spring Security Snapshot 11 years ago
Dave Syer 0498617411 Disable whitelabel view if Thymeleaf error.html detected 11 years ago
Dave Syer 4b2cea7267 Add simple DB aware HealthIndicator 11 years ago
Dave Syer fede0d1c98 Add profiles to /env 11 years ago
Dave Syer cd5bc83533 Fix build some more after changes for gh-84 11 years ago
Dave Syer 228787e66d Fix build after changes for gh-84 11 years ago
ggerard 182328697d Spelling error: "everypone" 11 years ago
Dave Syer 345c0fc5a4 Add SpringApplicationBuilder
Builder for SpringApplication and ApplicationContext instances with
convenient fluent API and context hierarchy support. Simple example
of a context hierarchy:

   new SpringApplicationBuilder(ParentConfig.class)
               .child(ChildConfig.class).run(args);

Another common use case is setting default arguments, e.g.
active Spring profiles, to set up the environment for an application:

     new SpringApplicationBuilder(Application.class).profiles("server")
 		.defaultArgs("--transport=local").run(args);

If your needs are simpler, consider using the static convenience
methods in SpringApplication instead.

[#49703716] [bs-116] Parent context for some beans maybe?
11 years ago
Dave Syer 0df4156b57 Lazy initialization of management server properties 11 years ago
Dave Syer f7fa63bcb4 Add status and error messages to /trace
[Fixes #57949108] [bs-323] Make sure /trace shows error responses
11 years ago
Dave Syer ecc4676fb3 Tweak security example 11 years ago
lecaros cf4f549b06 change credentials order in authentication manager example
username/password pairs were incorrect. The authentication manager has "user" and "password", so those credentials should be allowed to get the actual message.
11 years ago
checketts 7236015a4d Fix the AuthenticationManagerBuilder code snippet
Fix AuthenticationManagerBuilder code snippet to add the missing the
ObjectPostProcessor parameter for the constructor.

Issue: #45
11 years ago
Dave Syer ba4a81510b Add response headers to Trace 11 years ago
Dave Syer 7a6131c466 Make InMemoryMetricRepository.increment() thread safe 11 years ago
Dave Syer 8467a66e84 Add security.management.enabled flag 11 years ago
Dave Syer 5f8f062545 Allow security.ignored=none to switch off ignores 11 years ago
Dave Syer f63071d38a Allow security.ignored to be set as a list (e.g. indexed)
In particular this allows a YAML externalization as an array
as opposed to a CSV.
11 years ago
Dave Syer 1366216b7f Add X-Application-Context header to identify app 11 years ago
Dave Syer 2ba01008bb Add headers external properties for security filters 11 years ago
Dave Syer 5d7101fb5a Really disable security for app endpoints
If the user sets security.basic.enabled=false we should just
back away from the non-management endpoints completely.
Previously the Spring Security filter was still added but with
no authentication, creating complications when unexpected
headers etc. are added by Spring Security.
11 years ago
Dave Syer 38e565e920 Back to SNAPSHOT for dev 11 years ago
Dave Syer b634b3bde6 Update to 0.5.0.M2 11 years ago
Dave Syer 9e18183dd5 Don't set deefault password if empty or unresolved 11 years ago
Dave Syer 1e0e2e7102 Switch off CSRF filter
Might need to revisit later.
11 years ago
Dave Syer 43fc107437 Fix security config
The management endpoints were still all mixed up
with the user endpoints. Fixed that and extracted
user endpoints in to conditional block so not
protected if path explicitly set to empty string.

[#53029715]
11 years ago
Dave Syer 6498f0e8b8 Add logger for default password 11 years ago
Dave Syer 621116c9b8 ManagementServerConfiguration security
Management endpoints are still secure by default if
Spring Security is present, but now the default
user details have an ADMIN role, and a random password
(which is logged at INFO level if not overridden).

To override you add management.user.password (name, role)
to external properties.

[Fixes #53029715] [bs-203]
11 years ago
Dave Syer c582fa2067 /info endpoint should be open by default
[#53029715] [bs-203] ManagementServerConfiguration security
11 years ago
ggerard 322b5e5c2b Typo (mvn -> curl) 11 years ago
Dave Syer 4c4e013c5e Avoid NPE in error controller 11 years ago
Phillip Webb cf655945aa Polish 11 years ago
Dave Syer 2ba1bd9dbb Fix security dependency in README 11 years ago
Dave Syer a2fe8a0e89 Actuator README accuracy 11 years ago
Dave Syer f645b03939 Fix pom in actuator README 11 years ago
Dave Syer 521174754e Add default /error view for HTML clients
* Add integration tests for /error view
* Add "error" @Bean as default view for HTML

Users may see side effects because now there will be
a ContentNegotiatingViewResolver by default for the
first time in a vanilla Actuator app. Should be
interesting.

[Fixes #54597932] [bs-273] Circular view reference for /error
11 years ago
Dave Syer 12f0d4d95e Rename ops package to actuate 11 years ago
Dave Syer e967c2d551 Add exception with more helpful error message.
[#54676948] Filter registered twice
11 years ago
Phillip Webb 4e11ae1671 Documentation
Various updates to README.md files.
11 years ago
Phillip Webb 1db22aca5c Rework POM structure
Rework main build POM to be an aggregator pom that does not inherit
from any parent. Introduce new spring-boot-dependencies module to
act as a parent for both spring-boot-starter-parent and
spring-boot-parent.
11 years ago
Dave Syer 4bb5de02e7 Switch back to SNAPSHOT for dev 11 years ago
Dave Syer 68e5a7e887 Bump version to 0.5.0.M1 11 years ago
Phillip Webb e1c6860a41 Documentation 11 years ago
Phillip Webb c83400d265 Move conditions from boot to autoconfigure
Issue: #54393078
11 years ago
Dave Syer 5995b7727a Ops -> Actuator 11 years ago