Since the autoconfig totally backs off in the presence
of a WebSecurityConfigurerAdapter, there is no need to
order them ahead of/after the one provided by Spring Boot.
See gh-7958
Following the rework on Security that expects web endpoints to be
disabled by default, this commit updates the metadata (including the
automatic generation) to reflect this decision.
Since the handler interceptors have been removed, web endpoints
are all disabled by default to prevent accidental exposure of
sensitive information.
Closes gh-7958
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.
Closes gh-7958
This commit makes sure tht `HealthIndicatorAutoConfiguration` runs after
any producers of a `ConnectionFactory` and not only ActiveMQ. This was
identified as part of #10081: `JmsAutoConfiguration` is actually the
one that isn't necessary (spring-boot-actuator has no import on the
`org.springframework.jms` and only `javax.jms.ConnectionFactory` is used
as part of the JMS health indicator.
This commit moves CORS properties out of the endpoints namespace as they
do not refer to a "cors" endpoint but rather to the CORS configuration
of all endpoints.
Closes gh-10053
This commit removes an import on a class in "spring-web" as this class
is also meant to be used with Jersey only (i.e. when "spring-web" is
not present on the classpath).
Closes gh-10051
This commit adds a new `/application/status` endpoint that provides only
the Health's status of an application.
Previously, `/application/health` was returning full health details or
only the status depending on configuration. Those two use cases are now
separate in two endpoints that can be configured, secured and enabled
separately.
Closes gh-9721
`EndpointProperties` is a left over of the infrastructure in 1.x and is
no longer used. Besides the `endpoints.enabled` property is now
`endpoints.all.enabled`.
Closes gh-10016
This commit restores the configuration properties used to configure how
the ObjectName of an endpoint is generated. For consistency, those
properties have been renamed to `management.jmx`
Closes gh-10005
Previously, the heap dump endpoint test asserted that the temporary
heap dump file had been deleted as soon as the client received a
response. This led to intermittent test failures as the input
stream is closed after its contents have been sent to the client,
creating a race condition between the client receiving the response
and then asserting that the file had been deleted and the server
close the input stream and deleting the temporary file.
This commit updates the test so that, after receiving the response, it
will wait for up to 5 seconds for the server to have deleted the
temporary heap dump file.
If an annotation attribute is linked to in javadoc before the
javadoc processor encounters a usage of the annotation, the javadoc
tool fails with a class cast exception. This is a known issue [1]
but it has been closed as won't fix so we need to work around it.
Sadly, the only reasonable way to do so appears to be to remove
the links to the annotation attributes and only link to the annotation
itself.
[1] https://bugs.openjdk.java.net/browse/JDK-8170447
This commit migrates the Actuator onto the new endpoint infrastruture.
In addition to the existing support for accessing the endpoints via
JMX and HTTP using Spring MVC, support for access via HTTP using
Jersey and WebFlux has been added. This includes using a separate
management port where we now spin up an additional, appropriately
configured servlet or reactive web server to expose the management
context on a different HTTP port to the main application.
Closes gh-2921
Closes gh-5389
Closes gh-9796
Jolokia is a 100% web concern and does not fit in the Endpoint
infrastructure. This commit removes `JolokiaMvcEndpoint` and exposes
the servlet directly instead while still being part of the
management context. As such, the Jolokia servlet is exposed beneath
the management context path and will move to a separate port when
the management port is not the same as the main server port.
Closes gh-9843