Update the security request matchers so that a bean is no longer needed
when the matcher is used. Matchers can now be build by starting from
the `EndpointRequest` or `StaticResourceRequest` classes. For example:
http.authorizeRequests()
.requestMatchers(EndpointRequest.to("status", "info")).permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")
.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
Closes gh-7958
Restructure actuator packages to improve structure. The following
changes have been made:
- Separate actuator and actuator auto-configuration into different
modules.
- Move endpoint code into `spring-boot-actuator`.
- Move `Endpoint` implementations from a single package into
technology specific packages.
- Move `HealthIndicator` implementations from a single package into
technology specific packages.
- As much as possible attempt to mirror the `spring-boot` package
structure and class naming in `spring-boot-actuator` and
`spring-boot-actuator-autoconfigure`.
- Move `DataSourceBuilder` and DataSource meta-data support from
`spring-boot-actuator` to `spring-boot`.
Fixes gh-10261
Spring Framework 5 provides support for JUnit 5. This commit adds
dependency management for JUnit 5 and an upgrade for
spring-boot-sample-junit-jupiter sample.
See gh-10240
This commit makes sure that customizations on the
SessionRepositoryFilter are also applied when the user provides its
own SessionRepository.
Closes gh-10254
Previously, if a health's details contained a key named status (either
because an indicator bean was named statusHealthIndicator or an
indicator added an entry named status to its details) this would
clash with the health's own status as the details were serialized as
siblings of the status field.
This commit updates Health to remove @JsonAnyGetter from getDetails().
This means that all of a Health's details will now be nested within
a separate details field, thereby preventing a possible clash with
the status field.
Closes gh-10249
Previously, if a user's configuration class provided a custom
Validator bean, that configuration class would be initialized very
early so that the Validator could be used to create the
auto-configured MethodValidationPostProcessor. This early
initialization could problems as it may prevent any of the
configuration class's dependencies from being post-processed.
This commit updates the injection of the Validator bean to be lazy,
thereby preventing the creation of the auto-configured
MethodValidationPostProcessor from triggering early initialization.
Closes gh-9416
This commit removes the restriction that was added in 4a61e45 to
prevent / from being used as the management context path when the
management context was not using a different port
The management context path can now be set to / irrespective of the
configuration of the management port. To avoid a possible clash
with the application's welcome page or similar, the links "endpoint"
that is mapping to the management context path is disabled when
the management context path is /.
As part of allowing / to be used as the management context path again,
the handling of endpoint mappings and the creation of paths for
individual operations has been consolidated into a new EndpointMapping
class that is used across the three (MVC, WebFlux, and Jersey)
implementations.
See gh-9898
Andy Wilkinson
Phillip Webb
Stephane Nicoll
Eddú Meléndez
Alexander Constantin
Johnny Lim