CachePublicMetrics wasn't explicitly tested and was still using field
injection. This commit improves the situation in preparation of the fix
for gh-8984
Update `ValidationAutoConfiguration` and `WebMvcAutoConfiguration` to
ensure as much as possible that only a single Validator bean of each
type is registered.
Validation auto-configuration now does the following:
- If no validator is found: Registers a `LocalValidatorFactoryBean`
(providing both Spring and JSR validation)
- If the user defines a Spring & JSR validator: Backs off
- If the user defines only a JSR validator: Adapts it to a Spring
validator (without exposing another JSR implementation)
WebMvcAutoConfiguration auto-configuration has been updated to make
MVC validation follow common Spring Boot patterns:
- If not validator beans are found (due to the user excluding
ValidationAutoConfiguration) a new `mvcValidator` bean will be
registered.
- If a single validator bean is found it will be used for MVC
validation.
- If multiple validator beans are defined it will either use the one
named `mvcValidator` or it will register a new `mvcValidator` bean
Any automatically registered `mvcValidator` bean will not implement
the JSR validator interface.
Finally, it is no longer possible to provide an MVC validator via a
`WebMvcConfigurer`.
Fixes gh-8495
Allow `PathExtensionContentNegotiationStrategy` to be bypassed by
actuator endpoints. Prior to this commit calling `/loggers/com.aaa.cab`
would return a HTTP 406 response due to `.cab` being a known extension.
Fixes gh-8765
This commit changes the solr health indicator to request the status of
all available cores, rather than invoking a generic ping on the admin
handler.
Recent versions of Solr now have a ping handler per core and the general
admin handler is gone, leading to incorrect health status. For backward
compatible reason the `solrStatus` attribute is kept to `OK` if all cores
are running properly (that's actually `0` behind the scenes).
Closes gh-8463
As of Hazelcast 3.7, the bootstrap is pretty slow by default due to the
networking discovery. This commit disables both TCP/IP and multicast
discoveries.
Update `HealthMvcEndpoint` to respect `ManagementServerProperties`
roles. Prior to this commit the `HealthMvcEndpoint` directly loaded
roles rather than using bound properties. This meant that list values
from yaml were not respected.
Fixes gh-8314
If Spring Security is on the classpath and `isUserInRole` returns false,
check if user has the authority to access the actuator endpoints.
Fixes gh-8255
Instead of validating the signature against all the public keys,
we can validate it only against the public key with the kid that
matches the one in the token header.
Closes gh-8126
This commit moves the `spring.pid.*` metadata to the relevant project. It
also updates the doc to refer to the new `ApplicationPidFileWriter`
rather than the one in its deprecatred form.
Closes gh-8196
Update `EndpointMBeanExporter` to ensure that `JmxEndpoint` as well
as regular `Endpoint` beans are considered when searching the parent
context.
Prior to this commit if the same `JmxEndpoint` was registered in the
both the child and parent context then the `context=` element of the
name wasn't added.
Fixes gh-8152
Previously, ManagementContextConfiguration classes were loaded to
allow them to be ordered based on either @Order or implementing
Ordered. This had the unwanted side-effect of possibly logging
unwanted INFO messages if the reflection-based annotation
introspection failed. One cause of this was @ConditionalOnClass when
the referenced class was not on the classpath.
This commit uses the ASM-based annotation metadata reading to
determine the order of a management context configuration class based
on the @Order annotation. The classes are then sorted using a standard
OrderComparator. Note that Ordering via implemented Ordered is not
supported as it cannot be determine without loading the class.
Add an annotation processor that generates properties files for certain
auto-configuration class annotations. Currently attribute values from
@AutoConfigureOrder, @AutoConfigureBefore, @AutoConfigureAfter and
@ConditionalOnClass annotations are stored.
The properties file will allow optimizations to be added in the
`spring-boot-autoconfigure` project. Primarily by removing the need
to ASM parse as many `.class` files.
See gh-7573
Previously, the actuator's endpoints produced application/json and,
where appropriate, also consumed application/json. Without a custom,
versioned media type, it's impossible for us to make changes to the
endpoints without breaking clients.
This commit introduces a new media type,
application/spring-boot.actuator.v1+json, that is now produced by
default with application/json also being produced if requested.
Endpoints that consume JSON will now also accept content the uses
the new media type in addition to application/json.
Closes gh-7967
Previously, in case the data for the audit event contained an entry
with the key "type", the member `type` from the AuditEvent would be
overwritten when rendering to JSON due to the use of @JsonAnyGetter on
the data property.
This commit removes @JsonAnyGetter so that the data map is rendered as
a separate property in the JSON.
Closes gh-7990
Replace JSR-330 validation annotations from all internal
`@ConfigurationProperties` classes with standard Asserts.
Prior to this commit validation of our own configuration properties
would only occur when the user happens to have compliant JSR-330
implementation on their classpath.
See gh-7579
Previously, the beans endpoint would only expose the context that
contained the endpoint. This commit updates the endpoint so that
the context that contains the endpoint and all of its ancestors are
exposed.
In a context hierarhcy, the relation ship is child -> parent and there
is no way to navigate from a parent to a child. As a result, any
contexts that are descendants of the context containing the endpoint
are not exposed.
Closes gh-5188
Update `ManagementWebSecurityAutoConfiguration` to match nested path
for insensitive actuators.
Prior to this commit, when Spring Security was on the classpath
nested paths were considered sensitive (even if the actuator
endpoint was not sensitive). i.e. when setting
`endpoints.env.sensitive=false` `/env` could be accessed without
authentication but `/env/user` could not.
Fixes gh-7868
Closes gh-7881
Update JmxEndpoint support so that the `@ManagedResource` annotation
is no longer required. This prevents both `EndpointMBeanExporter` and
the regular `AnnotationMBeanExporter` from both registering the bean.
Fixes gh-7813
See gh-6579
Improve support for MBeans without a backing endpoint by introducing
a `JmxEndpoint` interface. The `JmxEndpoint` is intentionally
similar in design to the `MvcEndpoint` from the `mvc` package and
allows for completely custom JMX beans that are not backed by any
real actuator `Endpoint`.
The `AuditEventsMBean` has been refactored to use the new interface and
has been renamed to `AuditEventsJmxEndpoint`.
See gh-6579
This commit moves the `MultiMetricRepository` implementation from
`InMemoryMetricRepository` to `InMemoryMultiMetricRepository`. Both
implementations can share the same underlying store (and are for backward
compatible reasons).
The side effect is that `reset` now works as expected for a group.
Closes gh-7687
Consistently use the simple name for ObjectProvider parameter and
field names. For example:
`ObjectProvider<Something> something`
rather than
`ObjectProvider<Something> somethingProvider`
Update Spring Integration metrics support since Spring Integration
`4.3.6`+ no longer needs `spring-integration-jmx` enable
`MessageChannel`, `MessageHandler` and `MessageSource` metrics.
- Add `IntegrationManagementConfiguration` conditional auto-configuration
to provide `@EnableIntegrationManagement` when JMX is `enabled` or there
is no `IntegrationManagementConfigurer.MANAGEMENT_CONFIGURER_NAME` bean.
By default this bean doesn't exist and you explicitly should declare it
(e.g. via `@EnableIntegrationManagement`) if you would like to collect
metrics. At the same time Spring Integration enables it when JMX
management is present (that is a purpose of that new
`IntegrationManagementConfiguration`)
- Change `SpringIntegrationMetricReader` to read metrics from the
`IntegrationManagementConfigurer`, not `IntegrationMBeanExporter`
- Change `PublicMetricsAutoConfiguration` to register
`IntegrationManagementConfigurer.MANAGEMENT_CONFIGURER_NAME` bean if
not present. Since we are here in `actuator`, therefore we are
interested in the metrics for SI as well.
- Since we don't need JMX for the metrics any more, remove SI-JMX
dependency from the `spring-boot-starter-integration`.
- Remove `IntegrationManagementConfiguration` modification from the
`integrationMbeanExporter()`, since that looks like mutation of an
external object, when end-user would prefer their own options.
Therefore we don't need `ObjectProvider<IntegrationManagementConfigurer>`, too
- Add missed `MessageSourceMetrics` gathering for the
`SpringIntegrationMetricReader`
Closes gh-7722
Update the error message to return less information to the client.
Details of how to disable security are now written to the log instead.
See gh-7605
See gh-7634
Update `MvcEndpointSecurityInterceptor` to that it sends an error in the
same way as Spring Security. Prior to this commit the `ErrorController`
would not handle endpoint security errors.
Fixes gh-7605
Closes gh-7634