Commit Graph

1041 Commits (f148e3a0320e012348921bb26ccde8383c28189d)

Author SHA1 Message Date
Andy Wilkinson 13971692dc Docs and actuator endpoints can be enabled when endpoints.enabled=false
Previously, if endpoints.enabled was false setting
endpoints.docs.enabled=true or endpoints.actuator.enabled=true would
have no effect as their entire configuration class was conditional
on endpoints.enabled being true.

This commit updates the conditions on the configuration class so that
it is conditional on either the actuator or docs endpoint being enabled.

Closes gh-5007
9 years ago
Andy Wilkinson 852ba54613 Merge branch '1.3.x' 9 years ago
Matt Benson 2a9e6c40ed Fix logic for disabling plugins in CrshAutoConfiguration
Plugin disabling logic was broken by e009d3e4. Prior to this change,
a plugin would be disabled if it or any of the implemented interfaces
in its inheritance hierarchy were configured as being disabled. The
offending commit inverted the logic so that the plugin would be
enabled if any part of it was NOT configured as being disabled.

This commit restores the logic such that the early return happens only
in the negative case.

Previously, the tests were written as though
PluginContext#getPlugin(Class) would consider the specified class
against the runtime type of the plugin (not an unreasonable
assumption); rather this method considers the broader 'plugin type'.
This commit rewrites the test to seek by plugin type and assert the
absence of the disabled plugins.

Closes gh-5032
9 years ago
Andy Wilkinson a3afc859bd Merge branch '1.3.x' 9 years ago
Andy Wilkinson 617c97322d Allow endpoint paths to be configured via endpoint.<name>.path
Support for configuring an endpoint’s path separately from its id was
introduced in 97255785, but it didn’t work for a variety of reasons:

 1. Some custom MVC endpoints did not have configuration properties
    bound to them
 2. Some generic endpoints rejected the path property as they were
    configured not to ignore unknown fields
 3. The property used to configure the path was dependent on the id
    of the endpoint. This meant that the path property’s name would
    change if the endpoint’s id was changed

This commit addresses these problems:

 1. @ConfigurationProperties has been added to custom MvcEndpoints where
    it was missing
 2. Generic endpoints have been updated to ignore unknown fields,
    allowing the path of their MVC adapter to be configured
 3. Rather than using the id of a generic endpoint to determine the name
    of its path property, the prefix or value of the endpoint’s
    @ConfigurationProperties annotation is used instead. Any generic
    endpoint that is not annotated with @ConfigurationProperties is
    ignored, making its path unconfigurable.

Closes gh-5105
9 years ago
Phillip Webb 566008336c Polish 9 years ago
Andy Wilkinson f46862d186 Merge branch '1.3.x' 9 years ago
Andy Wilkinson f94e8bd287 Do not try to auto-configure Jolokia if Spring MVC is not on classpath
The Jolokia auto-configuration requires ServletWrappingController from
Spring MVC to be on the classpath. This commit updates the
auto-configuration to make it conditional on the presence of this
class.

Closes gh-5153
9 years ago
Dave Syer f2c34612f6 Fix javadocs on ManagementServerProperties 9 years ago
Phillip Webb 602a09332d Switch disallowedMethods test to use PATCH
Update the requestsWithDisallowedMethodsAreRejected test to use PATCH
rather than HEAD. The change is to allow support for Spring Framework
4.3 which will implicitly map HEAD requests to GET.

Pre-flight requests are also only for "non-simple" HTTP methods [1]
(i.e. anything but GET, HEAD, POST) so there is really no such a thing
as a pre-flight request for HEAD.

[1] https://www.w3.org/TR/cors/#resource-preflight-requests
9 years ago
Phillip Webb 89b7704977 Extract spring-boot-test.jar
Relocate the `org.springframework.boot.test` package from the
`spring-boot.jar` to `spring-boot-test.jar`.

Fixes gh-5184
9 years ago
Phillip Webb 4b55144d80 Polish 9 years ago
Phillip Webb a9afe0a944 Formatting 9 years ago
Andy Wilkinson d6e0b5a165 Use @DirtiesContext to avoid unwanted context caching in the tests
We rarely use the same configuration in multiple test classes, but
Spring’s Test framework caches each context by default. For projects
with large numbers of integration tests, this can lead to tens of
contexts being cached. This increases memory usage, live thread count,
etc for no benefit.

This commit adds @DirtiesContext to the integration tests in
spring-boot, spring-boot-autoconfigure, and spring-boot-actuator so
that the context is closed once the test class has completed.

See gh-5141
9 years ago
Stephane Nicoll da3b49e024 Polish contribution
Closes gh-3499
9 years ago
Eddú Meléndez 76f1ca4188 Add Couchbase support
Closes gh-3498
9 years ago
Stephane Nicoll b205e02e33 Upgrade to Spring Data Hopper M1
Closes gh-5120
9 years ago
Andy Wilkinson 11c9068d53 Merge branch '1.3.x' 9 years ago
Andy Wilkinson 607dba97f8 Only access parameters in WebRequestTraceFilter when they are included
Previously, WebRequestTraceFilter would call request.getParameterMap()
before deciding whether or not the parameters should be included in
the trace. For a POST request, this had the unwanted side-effect
of always reading the request body.

This commit updates WebRequestTraceFilter so that it checks that
parameters are to be included in the trace before calling
request.getParameterMap()

Closes gh-5089
9 years ago
Stephane Nicoll 1f106ddf8c Enable connection validation by default
Hikari and Commons DBCP2 are already validating that the connection is
valid before borrowing it from the pool. This commit makes that behaviour
consistent by enabling that feature for the Tomcat and Commons DBCP data
sources.

Since a validation query is required in those cases, the infrastructure
of `DataSourceHealthIndicator` has been merged in a single place: the
`DatabaseDriver` enum provides not only the driver class names but also
the validation query, if any.

Closes gh-4906
9 years ago
Stephane Nicoll ebffa493e4 Harmonize ConfigurationProperties bean name
When `@EnableConfigurationProperties` is defined, Spring Boot
automatically registers a bean in the context for each class specified
on the annotation. Previously, the name of the bean only included the
prefix which leads to conflict if two different classes use the same
prefix.

This commit changes the bean name structure to be <prefix>-<fqn> where
prefix is the prefix used on the annotation and <fqn> the fully qualified
name of the target class.

Closes gh-4395
9 years ago
Phillip Webb 94677b35f8 Use AssertJ in spring-boot-actuator
See gh-5083
9 years ago
Phillip Webb 516afcd2ca Polish 9 years ago
Stephane Nicoll 34d87df425 Clarify use of the `spring.datasource` prefix
Previously, Spring Boot mapped both `DataSourceProperties` and the actual
`DataSource` implementation to the same prefix. This results in a huge
amount of keys in the `spring.datasource` namespace  with no way to
identify those that are valid for the pooled data source in use.

This commit maps the four pooled data sources we support in four isolated
namespace, keeping `spring.datasource` only for the common settings.

These are `spring.datasource.tomcat`, `spring.datasource.hikari`,
`spring.datasource.dbcp` and `spring.datasource.dbcp2` for the Tomcat,
Hikari, Commons DBCP and Commons DBCP2 implementations respectively.

Closes gh-2183
9 years ago
Phillip Webb f276ff4bd0 Polish 9 years ago
Stephane Nicoll cafe1dc4c6 Polish contribution
Fix additional use of \n

Closes gh-4707
9 years ago
Stephane Nicoll 4ff5afc636 Polish contribution
Removing all deprecated code

Closes gh-4905
Closes gh-4917
9 years ago
Eddú Meléndez 7b9cd20e98 Remove deprecated code
See gh-4905
9 years ago
Phillip Webb fbaf209240 Move master to 1.4.0.BUILD-SNAPSHOT 9 years ago
Spring Buildmaster 504d3e97ba Next development version 9 years ago
Phillip Webb cf93f84e87 Polish 9 years ago
Andy Wilkinson 00f4538529 Don’t check that a Gauge’s value is a Number until it’s being read
Spring Boot’s metrics require all values to be Numbers. A Dropwizard
Gauge can have a non-Number value. Previously, to prevent this causing
a problem, MetricRegistryMetricReader would check the value of a Gauge
when it’s being added and ignore it if it had a non-Number value.
Unfortunately, retrieving the value of a Gauge can take a non-trivial
amount of time (hence CachedGauge) so this approach, while functional,
could be improved.

This commit updates the filtering to happen when a Metric is being
retrieved from MetricRegistryMetricReader (via findOne or findAll)
when its value is required anyway. At this point, any Gauge with a
non-Number value is ignored.

Closes gh-4874
9 years ago
Andy Wilkinson 2f24c1862a Polish contribution 9 years ago
mkwaczynski 3724db9ecc Include details in AuditEvent data in AuthenticationAuditListener
Closes gh-4976
9 years ago
Andy Wilkinson 69b60f6d8c Remove HalJsonMvcEndpoint’s redirect and add links to both paths instead
Previously, HalJsonMvcEndpoint used a redirect to go from path/ to path.
When the actuator’s configured to use a custom context path this
redirect was leading to an infinite redirect loop.

This commit removes the redirect in favour of updating the controller
advice to apply the links to requests for path and path/.

Closes gh-4853
9 years ago
Andy Wilkinson f5b973a242 Polish contribution
- Update copyright headers
 - Use kebab-case for the property name
 - Set the header unconditionally when the filter's registered

Closes gh-4320
9 years ago
Eddú Meléndez c219f5e57f Don't create ApplicationContextHeaderFilter when header is disabled
See gh-4320
Closes gh-4454
9 years ago
Andy Wilkinson 93ef795159 More use entrySet() rather than using keySet() and get(key)
This commit replaces some more occurrances of keySet() and get(key)
with more efficient usage of the map's entry set.

See gh-4813
9 years ago
mnhock 8f1f8dd680 Use entrySet() rather than using keySet() and then calling get(key)
Closes gh-4813
9 years ago
Andy Wilkinson 27a81e1463 Complete static final logger changes that were started in ec2f33f9
This commit completes the changes to consistently used static final
fields for Log instances that were started in ec2f33f9. Specifically it:

 - Removes this. when accessing logger fields that are now static
 - Renames some fields from log to logger
 - Makes some logger fields static

See gh-4784
9 years ago
Dave Syer 9510938120 Make springIntegrationPublicMetrics conditional on bean by name not type
By type is too restrictive and surprising for users who wanted to add their
own MetricReaderPublicMetrics for other reasons.
9 years ago
Spring Buildmaster 8db59059a5 Next Development Version 9 years ago
Johnny Lim c09a14a128 Fix typos
Closes gh-4806
9 years ago
Phillip Webb 5d311d6203 Polish 9 years ago
Kirill Vlasov ec2f33f986 Make loggers private static final
Apply consistency across all static loggers.

Closes gh-4784
9 years ago
Kirill Vlasov 786aacf2e9 Use Collections.isEmpty() instead of .size() == 0
Ensure that Collections.isEmpty() is used to check if there are no
elements in a collections. This is more explicit and can be faster than
calling .size().

Closes gh-4783
9 years ago
Dave Syer 471947b400 Be more defensive when instantiating custom ServerProperties
If the user provides their own ServerProperties bean we want to peek
at it to see if they set the port (and only that) when we are deciding
if the actuator context needs to be created. This happens very early
(in a @Condition) so we need to be very defensive. There are already
quite a few checks in place to prevent a ServerProperties bean from
being instantiated unless we really need it, and yet, when it is
we can do more.

This change creates the bean (and the ManagementProperties) in a
throwaway BeanFactory using the same BeanDefinition as the main
context. This ensures that when the main context bean is created
it will be in the "natural" order and binding to the Environment
can take place as normal.

Fixes gh-4631
9 years ago
Dave Syer c7c685f65f Disable hypermedia in actuator endpoints by default
This change permanently removes links from the endpoints that return
arrays or collections, and also disables them in the rest of the
endpoints (except /actuator) by default.

Fixes gh-4616
9 years ago
Andy Wilkinson 097e588109 Use more sensible defaults for OpenTsdbGaugeWriter's timeouts
Previously, the default RestTemplate that is used OpenTsdbGaugeWriter
was not used with its default configuration. Notably this meant that
it would have infinite connect and read timeouts. This is problematic
as it can cause metric writing to hang and block the scheduler for
performing any other tasks.

This commit updates OpenTsdbGaugeWriter to use a default connect
timeout of 10 seconds and a default read timeout of 30 seconds. A
constructor has been added to ease the configuration of these
timeouts. The existing option of providing your own RestTemplate
(via setRestTemplate) remains.

Closes gh-4698
9 years ago
Eddú Meléndez 1b81d9f0b5 Add support for server.server-header property
Add a `server.server-header` property which can be used to override the
`server` header usually sent back automatically by Tomcat/Jetty or
Undertow.

See https://www.owasp.org/index.php/Securing_tomcat for background.

Fixes gh-4461
Closes gh-4504
9 years ago
Vedran Pavic c05432d221 Move publisher injection to abstract listeners
Push up publisher injection from AuthenticationAuditListener and
AuthorizationAuditListener to the abstract superclasses.

Closes gh-4625
9 years ago
Vedran Pavic f8090d94b2 Add AbstractHealthAggregator.aggregateDetails
Extract aggregate details logic to a protected method that can be
overridden if required.

Closes gh-4674
9 years ago
mnhock fcf6e5d6eb Prefer valueOf() to create Number values
Update Long/Integer constructor calls with `valueOf` which can make use
of global caches.

Closes gh-4688
9 years ago
Phillip Webb 0489a3b4de Polish 9 years ago
Phillip Webb 2d2e4eea82 Merge branch '1.2.x' 9 years ago
Stephane Nicoll 66fe95369c Polish doc
See gh-4743
9 years ago
Phillip Webb 2694605a4d Polish 9 years ago
Stephane Nicoll 59cb5cf8d9 Merge branch '1.2.x'
# Conflicts:
#	spring-boot-actuator/src/main/resources/META-INF/additional-spring-configuration-metadata.json
#	spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
9 years ago
Stephane Nicoll ce2346b087 Reintroduce endpoints.metrics.filter.enabled
Commit 8c14009 removed the endpoints.metrics.filter.enabled property so
that endpoints.metrics.enabled is used for both disabling the endpoint
and the servlet filter that records interactions.

This was an unfortunate decision as it was no longer possible to only
disable the servlet filter. The endpoints.metrics.filter.enabled property
has therefore been restored.

Closes gh-4365
9 years ago
Dave Syer 21d6c73539 Fix checkstyle 9 years ago
Dave Syer 8b97c3b342 Add nonheap metrics to /metrics endpoint
Fixes gh-4712
9 years ago
Stephane Nicoll 7b2afbdf13 Polish 9 years ago
Johnny Lim ec7fed1ecc Polish
Closes gh-4677
9 years ago
Andy Wilkinson ee47ae4d20 Ensure that 5xx responses to unmapped requests produce a single metric
Previously, each 5xx response to a request that used a path variable
would result in a metric being recorded that contained the path
variable. Therefore, if a different path variable was included in each
request, a new metric would be recorded for each request. This is
problematic as it can lead to the metrics being flooded with unwanted
entries.

This commit updates MetricsFilter to treat 5xx responses sent before
mapping has occurred in the same way as 4xx and redirect responses.
A single metric, counter.status.500.unmapped, is now used.

Closes gh-4377
9 years ago
Vedran Pavic d9f15636d0 Fix use of == in EndpointWebMvcHypermediaManagementContextConfiguration
Closes gh-4502
Closes gh-4536
9 years ago
Johnny Lim a4baacc549 Remove a redundant setUseSuffixPatternMatch(false)
Closes gh-4656
9 years ago
Andy Wilkinson 8e0d3ed0eb Don’t return 404 when metric or env regex matches entry with null value
Previously, if a regular expression was used when calling the metrics or
environment endpoints, a metric or property with a null value would
result in a 404 response.

This commit updates the two affected endpoints so that any metric or
property whose name matches the regular expression but has a null value
is ignored. This allows all of the matching metrics or properties with
non-null values to be returned in a 200 OK response.

Closes gh-4552
9 years ago
Dave Syer 6ec767437a Fix server.error.path reference in error controller 9 years ago
Stephane Nicoll 7d6f63ae34 Add redirection to actuator endpoint
If a request to the actuator endpoint ends with a slash with Spring
HATEOAS on the classpath, an empty array of links is returned whereas
a request without the slash returns a response with all the expected
links to the actuator's other endpoints.

This commit adds an automatic redirection so that both URIs return the
expected result.

Closes gh-4575
9 years ago
Dave Syer 2de48a35ab Make /error the error page in child context as well as parent
If user set the management.port *and* the management.context-path
then the /error path was in the wrong place because formerly it
was implemented (in this case) by an MvcEndpoint. If we
switch it to a regular @Controller (which are now supported in the
child context if there is one) then it won't disappear under the
management.context-path.

Also use lazy request matching in ignores as well as secure paths.
The problem was that the ignores were constructed eagerly from the
actuator paths before they were available (the EndpointHandlerMapping
needs to be lazily accessed to avoid a security-induced bean creation
cascade).

Fixes gh-4624
9 years ago
Dave Syer 4488bac4c3 Remove server.context-path from actuator endpoints if port set
If the user sets the management.port, he wants some of the
server.* properties, but not the context-path. This change
restores the behaviour in 1.2.x.

Fixes gh-4401
9 years ago
Dave Syer dd7d587ea8 Add tests to assert behaviour of actuator endpoints with context path
See gh-4401
9 years ago
Dave Syer 7d04ca1e1b Add tests to assert behaviour of actuator endpoints with context path
See gh-4401
9 years ago
Stephane Nicoll 091478e0fd Disable ehcache statistics if necessary
`EhCacheStatisticsProvider` uses the `StatisticsGateway` API introduced
in ehcache 2.7 (march 2013). If an older ehcache version is present, we
should back-off as this class is not available.

Closes gh-4621
9 years ago
Johnny Lim da16d6d306 Polishing
Closes gh-4503
9 years ago
Spring Buildmaster 3f6f57a80e Next Development Version 9 years ago
Johnny Lim 4369493f8d Polish 9 years ago
Phillip Webb e9440ad5b5 Formatting 9 years ago
Stephane Nicoll ba2aea4ef1 Polish contribution
Closes gh-4456
9 years ago
Eddú Meléndez 41300c35ab Add timeout configuration for CRaSH
Closes gh-4325
9 years ago
Dave Syer 8749fc745b Disallow all extensions in actuator endpoints (except .json)
Along with the recent change in Spring to use content-disposition
"inline" (which prevents the download), it also makes sense to limit
the extensions allowed by the actuator endpoints. Really there *is*
no extension for these endpoints, but since all of them explicitly
produce JSON we can add .json for browsers as a convenience in case
the app would otherwise choose to send XML.

Fixes gh-4402
9 years ago
Phillip Webb 09b5222f52 Disable suffix pattern matching for Endpoints
Update EndpointHandlerMapping so that setUseSuffixPatternMatch is set
to false. This prevents URLs of the form /beans.json from returning
results and provides another line of defense against RDF attacks.

Fixes gh-4402
9 years ago
Johnny Lim 4c1398148b Polish docs
Closes gh-4433
9 years ago
Phillip Webb a3fac37904 Fix checkstyle error 9 years ago
Phillip Webb 287a62c8f3 Update Johannes Edmeier author attribution
Congratulations to Johannes Edmeier on getting married!
9 years ago
Johannes Edmeier a1b1cdb18f Improve resource handling in LogFileMvcEndpoint
Update `LogFileMvcEndpoint` to use a `ResourceHttpRequestHandler` when
serving the log file resource. This gives support for requesting parts
of the logfile via the HTTP Range header. Requests with the
`If-Modified-Since` header are now also handled correctly.

Closes gh-4333
9 years ago
Tommy Ludwig d8247657a0 Auto-configure CassandraHealthIndicator
Add auto-configuration for the CassandraHealthIndicator. Also update
the implementation to use CassandraOperations rather than
CassandraAdminOperations.

Closes gh-4409
9 years ago
Phillip Webb 0bac6ebda7 Fix typo
See gh-4419
9 years ago
Stephane Nicoll 3311419a08 Fix typo
See gh-4419
9 years ago
Rob Winch c6e08eb883 Secure actuator when all endpoints are sensitive
Previously if every actuator endpoint was marked as sensitive, then all
endpoints were marked as permitted.

This commit ensures that if all endpoints are marked as sensitive, then
all the endpoints are secured.

Fixes gh-4368
Closes gh-4383
9 years ago
Phillip Webb 8c642bec74 Support global endpoint.sensitive override
Add support for an `endpoint.sensitive` property that can be used to
override the endpoint `sensitive` default.

Fixes gh-4419
9 years ago
Phillip Webb 332c6911cf Polish 9 years ago
Phillip Webb aa8d0dd072 Add HAL test for endpoints.enabled=false 9 years ago
Phillip Webb b1b3fc6639 Use consistent MvcEndpoint class names
Rename HAL and docs MVC endpoints so that classnames consistently end
with MvcEndpoint. Also rename integration tests so that they are grouped
together in the IDE.
9 years ago
Vedran Pavic a0c696b17b Allow security AuditListener overrides
Introduce `AbstractAuthenticationAuditListener` and
`AbstractAuthorizationAuditListener` classes so that users can
extended them to replace the auto-configured defaults.

Closes gh-4406
9 years ago
Phillip Webb 564cbfe96c Add missing @param tag
See gh-4415
9 years ago
Phillip Webb bd20b5419e Consider prefixes when sanitizing `/configprops`
Update ConfigurationPropertiesReportEndpoint so that property prefixes
are also considered when sanitizing values.

Fixes gh-4415
9 years ago
Stephane Nicoll bd8521c1ab Polish contribution
Closes gh-4356
9 years ago
邱占波 35417622e6 Add thread total started count to SystemPublicMetrics
See gh-4356
9 years ago
Phillip Webb 6c2ea4648f Polish 9 years ago