Previously, the Actuator’s endpoints did not specify a produces
attribute on their request mappings. With Jackson’s XML binding on the
classpath, this would lead to requests made by a browser receiving
application/xml responses (due to the Accept header indicating that
application/xml is preferred). This was problematic as some of the
response payloads were not legal xml. Problems included XML tags
beginning with ‘\’ or containing ‘#’.
This commit updates the endpoints to specify that they produce
application/json. The environment and metrics endpoints have also been
updated so that always return a JSON object, even when they are
returning a single entry. This consistency avoids problems where
clients may not consider a single scalar value to be legal JSON.
Closes gh-2449
Update EndpointWebMvcAutoConfiguration to no longer catch and ignore
EmbeddedServletContainerExceptions. Since commit 764e34b9, starting a
management on a different port is not even attempted when running in a
classic servlet container. This means that the catch/log logic (which
was originally added in 45315a97) is no longer necessary, and only
serves to hide genuine problems.
Fixes gh-4064
Update TraceWebFilter to optionally trace more details from the
HttpServletRequest/HttpServletResponse. The `management.trace.include`
property can be used to change what aspects are logged.
Closes gh-3948
Previously, EndpointWebMvcChildContextConfiguration would attempt to
create a /error endpoint, irrespective of whether or not the parent
had such an endpoint. If the endpoint was disabled in the parent this
would cause a failure due to the absence of an ErrorAttributes bean.
This commit updates EndpointWebMvcChildContextConfiguration to make
the creation of its /error endpoint conditional on the existence of
an ErrorAttributes bean.
Closes gh-4164
Previously, MetricsFilter would treat async requests the same as
sync requests and would record their response status as soon as the
request had been processed by the filter chain. This would result in a
200 response being recorded and the actual response status produced by
the async processing being ignored. Furthermore, the time that was
recorded for the request would not include the time take for any async processing.
This commit updates MetricsFilter to check whether or not an async
request has been started before it records the metrics for the request.
In the event of an async request having been started no metrics are
recorded. Instead, the StopWatch is stored in a request attribute that
is then retrieved during the filtering of the request’s async
dispatch(es). Once the async processing has completed (isAsyncStarted()
returns false), the StopWatch is stopped, removed from the request’s
attributes and the metrics for the request are recorded.
Closes gh-4098
Update EndpointWebMvcAutoConfiguration to log exception details at DEBUG
in addition to the WARNING message when the child context fails to
start.
See gh-4064
Pull up functionality from EndpointMvcAdapter to a new
AbstractEndpointMvcAdapter which doesn't define any @RequestMappings and
update HealthMvcEndpoint to make use of it.
We need to be a bit cautious about whether Spring Security is on
the classpath or not, but if it is we can test for the admin role
(as specified in `management.security.role`).
Fixes gh-4060
This change applies only to "standard" MVC endpoints (not the extended
ones like /env and /jolokia which already have this feature). Allows
users to supply an endpoints.{name}.path.
Fixes gh-2790
Update ManagementWebSecurityAutoConfiguration to reinstate lazy creation
of EndpointHandlerMapping from the EndpointPathRequestMatcher.
Fixes a regression introduced in eb2984781 and picked up my one of the
sample integration tests.
Fixes gh-4059
Takes into account the fact that the new /actuator endpoint sometimes
loses its path (it is "" relative to a non-empty management context path).
Fixes gh-4059
Previously, a `NoClassDefFoundError` could be thrown if EhCache or Guava
is on the classpath without `spring-context-support` as the respective
cache statistics provider both needs the implementation and the spring
abstraction implementation.
The `@ConditionalOnClass` definition has been updated to properly guard
those beans.
Closes gh-3960
The previous implementation would remove and add a new Gauge each time
a metric was written. After this change the Gauge is registered once
and the value is updated on subsequent calls.
This commit simplifies the Jackson-related auto-configuration that’s
applied when Spring HATEOAS and Spring Data REST are on the classpath.
Previously, Boot used Jackson2HalModule to apply the HAL-related
ObjectMapper configuration to the context’s primary ObjectMapper. This
was to allow HAL-formatted responses to be sent for requests accepted
application/json (see gh-2147). This had the unwanted side-effect of
polluting the primary ObjectMapper with HAL-specific functionality.
Furthermore, Jackson2HalModule is an internal of Spring HATEOAS that
@olivergierke has asked us to avoid using.
This commit replaces the use of Jackson2HalModule with a new approach.
Now, the message converters of any RequestMappingHandlerAdapter beans
are examined and any TypeConstrainedMappingJackson2HttpMessageConverter
instances are modified to support application/json in addition to their
default support for application/hal+json. This behaviour can be disabled
by setting spring.hateoas.use-hal-as-default-json-media-type to false.
This property is named after Spring Data REST’s configuration option
which has the same effect when using Spring Data REST. The new property
replaces the old spring.hateoas.apply-to-primary-object-mapper property.
Previously, when Spring Data REST was on the classpath,
JacksonAutoConfiguration would be switched off resulting in the context
containing multiple ObjectMappers, none of which was primary.
This commit configures RepositoryRestMvcAutoConfiguration to run after
JacksonAutoConfiguration. This gives the latter a chance to create its
primary ObjectMapper before the former adds its ObjectMapper beans to
the context.
Previously, the actuator’s hypermedia support assumed that the
HttpMessageConverters bean would contain every HttpMessageConverter
being used by Spring MVC. When Spring HATEOAS is on the classpath this
isn’t the case as it post-processes RequestMappingHandlerAdapter beans
and adds a TypeConstrainedMappingJackson2HttpMessageConverter to them.
This wasn’t a problem in the past as the primary ObjectMapper, used by a
vanilla MappingJackson2HttpMessageConverter, was configured with Spring
HATEOAS’sJackson2HalModule. Now that this pollution has been tidied up
the assumption described above no longer holds true. MvcEndpointAdvice,
which adds links to the actuator’s json responses, has been updated
to look at the HttpMessageConverters of every
RequestMappingHandlerAdapter when it’s trying to find a converter to
use to write a response with additional hypermedia links.
Integration tests have been added to spring-boot-actuator to ensure
that the changes described above have not regressed the ability to
configure its json output using spring.jackson.* properties (see
gh-1729).
Closes gh-3891
Update MetricExportAutoConfiguration to auto-configure statsd metrics
export when a `spring.metrics.export.statsd.host` property is set.
Closes gh-3719
Relocate several auto-configuration classes to `...autoconfigure.data`
to make it clearer that they are Spring Data specific.
Also moved `EntityManagerFactoryBuilder` to `spring-boot` since it is
generally useful and doesn't need to be directly tied to the
auto-configuration module.
Fixes gh-4002
Introduce ManagementServletContext interface as a facade for
ManagementServerProperties to resolve the package tangle between
`o.s.boot.actuate.endpoint.mvc` and `o.s.boot.actuate`
Fixes gh-3887
Since the meta-data now provide an explicit support for value hints, we
should not copy/paste them in the description as the IDE is able to
process them any way it wants.
Closes gh-3863
Given that Spring Boot uses java config accross the board, a new `value`
attribute is now aliased to the existing `classes` attribute such that
one could write the following:
@SpringApplicationConfiguration(MyConfig.class)
public class MyTest {}
Closes gh-3635
The DataSource health indicator uses `JdbcTemplate` behind the scenes
but nothing was checking that it is actually available.
`DataSourcesHealthIndicatorConfiguration` is now disabled if
`spring-jdbc` is not on the classpath.
Fixes gh-3765
Following the changes made to combines the /links and /hal endpoints
into a single /actuator endpoint, a web browser accessing /actuator
would receive a 406 response if HAL browser was not on the classpath.
This commit updates the /actuator main entry point so that it will
serve JSON to a web browser when HAL browser is not on the classpath.
The actuator's embedded documentation has also been updated to reflect
the recent changes.
Closes gh-3696
This commit provides a single endpoint, /actuator, that serves HTML
(the HAL browser) or JSON depending on the request’s accept header
that enables discovery of all of the actuator’s other endpoints.
When the management context path is configured, the /actuator endpoint
moves to the configured path, e.g. if the management context path is
set to /management, the actuator endpoint will be available from
/management.
Closes gh-3696
Update LinksMvcEndpoint and HalBrowserMvcEndpoint so that no longer try
to use the `/` context path. Links are now available from `/links` and
the HAL browser is available from `/hal`.
The actuator HAL browser now works with either WebJars or the Spring
Data version. It also now transforms the initial HTML so that the
form is pre-populated with `/links`.
When using Spring Data's HAL browser, the root includes a link to
`/links` with a rel of `actuator`.
See gh-3621
ConfigurationPropertiesReportEndpoint parses the meta-data to inspect
entities that have potential cycles in them. The whole logic is based on
the lookup of `META-INF/spring-configuration-metadata.json` files on the
classpath. Unfortunately, the lookup instruction had a typo and did not
retrieve any file.
Surely that code was written with a clear intention in mind but it was
effectively dead code outside tests so it has been removed.
Closes gh-3310
Add a "management.health.defaults.enabled" property that controls whether
the default health indicators are enabled. This allow to disable them all
by default and still enable individual ones using their respective
specific property.
Closes gh-2298
Since `ManagementSecurityAutoConfiguration` is cnfiguring web-related
things, it has been renamed to `ManagementWebSecurityAutoConfiguration`.
Closes gh-2163
The default values of fields in @ConfigurationProperties classes are,
where possible, included in the configuration metadata. The default
values for the HAL and Links endpoints vary depending on other
configuration settings. As a result, including a default in the
metadata is misleading.
This commit removes the default assignment of "" to the path fields so
that no default value will be included in the metadata.
Closes gh-3567
Various areas of the code expect the management's context path to not
contain any trailing slash but nothing is enforcing it. We now make sure
to remove any trailing slash, including the one for '/' and make that
explicit via the Javadoc of the getter.
Fixes gh-3553
Previously, an item could only have a 'deprecated' boolean flag to
indicate that the property is deprecated. It is desirable to provide an
additional description for the deprecation as well as the name of the
property to use instead.
The `deprecated` boolean flag is now supported. Instead, a `deprecated`
object can be specified with two optional attributes: `reason` to provide
an explanation for the deprecation and `replacement` to refer to the
property that should be used instead. If none of them is present, an
empty deprecation object should be set.
For backward compatibility, the `deprecated` field is still set.
Deprecation information can only set via manual meta-data.
Closes gh-3449
When Spring Data REST is owning the home page it has its own
HandlerMapping with a fix (relatively) low priority. The /links
endpoint wants to own the home page as well, and our handler mapping
has a high priority for good reasons. This change addresses the
issue by checking if Spring Data REST is configured and if
the management context path (or more specifically, the links
endpoint) is the same as the home page.
Fixes gh-3486
When Spring Security sends 302 responses to a login page we don't get
any information about the request matching in Spring MVC. Consequently
apps can end up with a lot of counter.status.302.* metrics (where
"*" can be whatever the user sent).
This change treats 3xx the same as 4xx (if it is unmapped it just gets
added to a metric called "unmapped" instead of using the actual request
path).
Fixes gh-2563
Update DataSourceHealthIndicator to support pattern based matching for
DB2 products. Prior to this commit product identifiers of the form
`DB2/LINUXX8664` were not supported.
Fixes gh-3377
Replace the previously used `EndpointWebMvcConfiguration`
`spring.factories` key with a dedicated ManagementContextConfiguration
annotation.
Also renamed the EndpointWebMvcHypermediaConfiguration and
EndpointWebMvcConfiguration classes to make it clearer that they are
for the management context.
See gh-3345
Update the `ManagementServerPort` detection logic to attempt direct
property resolution before looking for a local property bean
definition. Bean definitions provided by auto-configuration classes
are ignored.
This change allow `OnManagementMvcCondition` to use the
`ManagementServerPort` to determine when `EndpointWebMvcConfiguration`
should apply (removing the need to create a temporary context).
See gh-3345
If spring-hateoas is on the classpath and an MvcEndpoint returns a
@ResponseBody it will be extended and wrapped into a Resource with links.
All the existing endpoints that return sensible JSON data can be extended
this way (i.e. not /logfile). The HAL browser will also be added as an
endpoint if available on the classpath. Finally, asciidocs for the
Actuator endpoints are available as a separate jar file, which if
included in an app will also generate a new (HTTP) endpoint.
Fixes gh-1390
There is a new spring.factories entry for
org.springframework.boot.actuate.autoconfigure.EndpointWebMvcConfiguration
which loads extra beans into the MVC config for the Actuator.
If the management context is a child context all the beans go in the
child (except the Spring Security filter still). A big bonus is that
you can add WebConfigurerAdapters to configure static resources etc.
A new component called ManagementContextResolver can be used to
locate the ApplicationContext for the MVC endpoints.
Fixes gh-3345
The default is now to reveal all details unless sensitive=true
(instead of only revealing then if sensitive was explicitly false).
The definition of "secure" also changes to something more sensible
where it is only true if security is enabled.
Fixes gh-2816
The default should be to generate a key from the prefix. Otherwise
if user sets the prefix and not the key it can pick up metrics from
another repository (which is what happens in the tests).
Extract common features from CounterBuffers and GuageBuffers into
a shared superclass. The new extracted types allows the service
implementations to be simplified.
Fixes gh-3257
Update `ApplicationPidFileWriter` to support a 'fail on write error'
properties which allows the user to exit the application if the PID
file cannot be written.
This commit also deprecates `spring.pidfile` in favor of
`spring.pid.file` so that the new property can be added without overlap.
Fixes gh-2764
Add the CloudFoundry vcap_services key, as well as a regular expression
to sanitize any key containing the word 'credentials'.
Fixes gh-3248
Closes gh-3266
Previously, the actual HTTP port on which a web application is running on
was only exposed in tests. This commit makes sure to provide that feature
regardless of the environment so that applications can know on which port
they are actually running on.
If there are several containers, each is exposed via the namespace of
their respective application context.
Closes gh-3259
The hitRatio is the ratio of two windowed rates that are calculated
independently. They are not updated or read transactionally, hence the
ratio of the two can drift slightly from what might be expected.
We now make sure that the hit or miss ratio can't be higher than 1
Closes gh-3235
for users to get started. It also makes it more flexible if different
aggregation keys are needed depending on the environment. The most
important new feature is the
spring.metrics.export.redis.aggregateKeyPattern configuration, which
fits the *.redis.key and prefix defaults. The aggregate reader uses
a prefix based on the key by default, with a naming convention that
the key starts with "keys.".
Update `ConfigurationPropertiesReportEndpoint` so that properties that
are set with a Boolean class but read with a boolean primitive still
appear in the report. The allows the Endpoint.isEnabled() property to
be displayed.
Fixes gh-2929
Make sure the Hazelcast statistics support is not triggered if the Spring
support is not present. The Hazelcast dependency alone may be used with
JCache and this should not trigger the support of the native Hazelcast
metrics infra.
See gh-2633
Previously the @Value annotation was not on a top level @Bean field
(it was nested inside). Manually constructing the bean in a separate
configuration class seems like the best way to get it to actually bind
at runtime.
Users can add @ExportMetric[Reader,Writer] to readers and writers that
they want to participate in the default exporter. There is also still an
@ActuatorMetricWriter that is used for the legacy (non-Java8) Gauge and
CounterServices.
The redis export and aggregate use case is a lot nicer with this
shared data between the two component types.
Also made MetricExportProperties itself a Trigger (so the default
delay etc. can be configured via spring.metrics.export.*).
Write to NUL on Windows and /dev/null on other platforms. Increase the
default number of iterations to avoid problems with the reduced timing
precision on Windows.
Closes gh-2976
User can add a bean of type MetricsEndpointMetricReader to opt in
to exporting all metrics via the MetricsEndpoint (instead of via
MetricReaders). There are disadvantages (like no accurate timestamps)
so it's best to leave it as an opt in.
Also improved tests for metric auto configuration a bit.
In principle you might have multiple "system" repositories, all
of which you want to go to public metrics or not be metrics exporters.
This change adds a new annotation and renames the old one, so that
reades and writers can be distinguished, and also changes the
autowiring of them to accept multiple values.
Also adds automatic public metrics for Spring Integration.
This commit adds CORS support to the Actuator’s MVC endpoints. CORS
support is disabled by default and is only enabled once the
endpoints.cors.allowed-origins property has been set.
The new properties to control the endpoints’ CORS configuration are:
endpoints.cors.allow-credentials
endpoints.cors.allowed-origins
endpoints.cors.allowed-methods
endpoints.cors.allowed-headers
endpoints.cors.exposed-headers
The changes to enable Jolokia-specific CORS support (57a51ed) have been
reverted as part of this commit. This provides a consistent approach
to CORS configuration across all endpoints, rather than Jolokia using
its own configuration.
See gh-1987
Closes gh-2936
This avoids a potential problems with ordering between Dropwizard and
normal repository configuration. A Dropwizard sample has been added to
verify the behaviour.
Different physical sources for the same logical metric just need to
publish them with a period-separated prefix, and this reader will
aggregate (by truncating the metric names, dropping the prefix).
Very useful (for instance) if multiple application instances are
feeding to a central (e.g. redis) repository and you want to
display the results. Useful in conjunction with a
MetricReaderPublicMetrics for hooking up to the /metrics endpoint.
This seems pretty efficient (approx 12M write/s as opposed to 2M with
the DefaultCounterService). N.B. there is no need to change most of
the rest of the metrics stuff because metrics are write-often, read-
seldom, so we don't need high performance reads as much.
The Spring Integration configuration and Dropwizard support has changed
a bit. Functionally very similar and probably opaque to users, but now
the messaging operates as an Exporter on a @Scheduled method, and
Dropwizard is a replacement [Gauge,Counter]Service.
Metrics are all
collected live in-memory (and can be very fast with Java 8), buffered
there and shipped out to a MessageChannel (if one exists with id
"metricsChannel") in a background thread.
We can still use Java 8 library APIs (like LongAdder) but to compile
to java 7 compatible byte code we have to forgo the use of lambdas :-(
and shorthand generics (<>).
Fixes gh-2682, fixes gh-2513 (for Java 8 and Dropwizard users).
Spring Framework 4.2 introduces improved support for CORS. Notably this
means that a DispatcherServlet will now process an OPTIONS request if
it contains an Origin header, without having to enable OPTIONS request
dispatching for every endpoint.
This commit takes advantage of these changes in Spring Framework 4.2 by
configuring the controller that wraps Jolokia’s AgentServlet to handle
OPTIONS requests. This allows Jolokia’s CORS support to be configured
using Jolokia’s standard configuration, as described in section 4.1.5
of the Jolokia documentation [1].
Closes gh-1987
[1] https://jolokia.org/reference/html/security.html
Andy Wilkinson
Stephane Nicoll
Johnny Lim
Phillip Webb
Spring Buildmaster
Wallace Wadge
Marten Deinum
Dave Syer
Jay Anderson
Julien Dubois
Simon Buettner
Thomas Badie
Martin Lippert
Arthur Kalimullin
arghya88
Johannes Stelzer
Eddú Meléndez
Tomasz Przybyła
olivier bourgain
dgomesbr
Johannes Stelzer
nlejeune
Andreas Ahlenstorf