Update InMemoryAuditEventRepository to consider the date when searching
for events. Also switch to a circular buffer implementation and update
the capacity to limit the total number of items rather than limiting
per principal.
Fixes gh-2291
Update AbstractEndpoint to correctly support the `endpoints.enabled`
property. Also fix EnvironmentEnpoint which would previously prevent
the Environment from being set.
Fixes gh-2264
Closes gh-2265
Update WebMvcAutoConfiguration so that the RequestMappingHandlerMapping
bean is @Primary. Prior to this commit a NoUniqueBeanDefinitionException
would be thrown then using the MvcUriComponentsBuilder.
Fixes gh-2237
Update ManagementSecurityAutoConfiguration so that MVC Endpoints that
have Principal arguments are not treated in any special way. This
restores Spring Boot 1.1.x behavior where the 'sensitive' flag is used
to determine access rules.
The HealthMvcEndpoint still uses the Principal (when available) to
determine if full status information can be displayed. It now also
explicitly checks the environment for `endpoints.health.sensitive`
to determine if the user has opted-out and requires complete health
details.
The health MVC endpoint should now work as follows:
* Default configuration - No login is required, full information is only
displayed if a Principal is available.
* endpoints.health.sensitive=true - Login is required, full information
is displayed.
* endpoints.health.sensitive=false - Login is not required, full
information is displayed.
Fixes gh-2211
Add Ordered interface to all EmbeddedServletContainerCustomizers with
a value of 0. Prior to this commit it was difficult for a user to
define a customizer that would be applied before ours, even if they
implemented Ordered or added @Order annotations.
Fixes gh-2123
ManagementSecurityAutoConfiguration fully relies on the presence of a
web environment, yet the configuration class itself was not guarded by
`@ConditionalOnWebApplication` (while nested config where).
This turned out to be a problem for command-line applications using
spring security (i.e. CRaSH integration).
Fixes gh-2112
The method 'injectIntoSecurityFilter' added In 3c1e48c assumes that
Spring security is in the classpath so any management endpoints that are
deployed on a different port requires Spring Security all the sudden.
This commit separates the creating of the EndpointHandlerMapping in two
mutually exclusive @Configuration: one that is triggered if Spring
Security is not in the classpath and one that is triggered if Spring
Security is in the classpath. The latter apply the security filter in the
endpoint mapping if it exists.
Fixes gh-2124
The move of health.* keys to management.health.* broke them as they
are not defined as configuration keys and `ManagementServerProperties`
is strict on the whole management namespace.
This commit updates the tests to actually include that properties class
and relax the "ignoreUnknownFields" condition so that extra attributes
can be defined on the "management" namespace.
Fixes gh-2115
Update AbstractEndpoint so that the `enable` property is optional and
when it not specified the `endpoints.enabled` property will be used.
This allows users to switch the way that endpoints are enabled. Rather
than opting-out specific endpoint enablement the `endpoints.enabled`
property can be set to `false` and specific endpoints can be opted-in.
Fixes gh-2102
Since AbstractHandlerMethodMapping.getHandlerMap() is final it can't
be cglibbed and a proxy will barf if you try and call that method.
The RequestMappingEndpoint can be protected simply by defensively
checking if the mapping is a proxy before trying to inspect it.
Drop the setAdditionalProperties method from ShellProperties to ensure
that it is not included in the meta-data JSON. The additional properties
are usually wired in using @Autowired and it is pretty unlikely that
anyone is using the setter directly.
Fixes gh-2055
Shares the /health endpoint request mapping between security config
and MVC dispatcher. Generalizes so that instead of a marker
interface (AnonymouslyAccessibleMvcEndpoint), an MvcEndpoint
signals that it wants to control its own access rules by adding
a Principal to the @RequestMapping method parameters (more @MVC).
Fixes gh-2015 slightly differently
The changes in 3bb598a overload the health endpoint's sensitive
property such that it's now considered sensitive if management
security is enabled. When an endpoint is sensitive anonymous
access is prevented. This breaks the health endpoint which should
return a filtered view of the server's health when it's accessed
anonymously rather than rejecting the request.
This commit introduces AnonymouslyAccessibleMvcEndpoint, a marker
extension of the MvcEndpoint interface. It is implemented by
HealthMvcEndpoint. ManagementSecurityAutoConfiguration has been
updated to allow anonymous access to endpoints that aren't sensitive
or that implement AnonymouslyAccessibleMvcEndpoint.
Fixes gh-2015
Set the field javadoc of many properties that are managed via
configuration so that the "description" field is available in the
meta-data.
Closes gh-1808
before checking isEnabled(). It is explicitly constructed as null
in ManagementServerProperties to prevent class not found errors
at runtime when Security is not on the classpath.
Fixes gh-2003, fixes gh-2004
Spring MVC drives the postHandle method on any interceptors after the
response has been sent to the client. This meant that there was a
race between the test receiving the response and asserting that the
interceptor had been driven and Spring MVC driving the interceptor.
This commit updates the interceptor to use a CountDownLatch to track
whether or not it's been called. The test now waits for up to 30
seconds for the latch to be decremented.
Closes gh-1997
By default, when /health is accessed anonymously, the details are
stripped, i.e. the response will only indicate UP or DOWN. Furthermore
the response is cached for a configurable period to prevent a denial
of service attack.
This commit adds a configuration property,
endpoints.health.restrict-anonymous-access, that can be set to false
to allow full anonymous access to /health. When full access is
allowed, the details will be included in the response and the response
will not be cached.
Closes gh-1977
Previously, TestInterceptor used an int to keep a count of how often
it had been called. The count was incremented on one thread and
read on another thread. This lead to intermittent test failures as the
field was not declared volatile and a stale value would sometimes be
returned.
This commit updates TestInterceptor to use an AtomicInteger that's
held in a final field. This ensures that getCount() will not return
stale values and also ensures that the count can safely be incremented
concurrently.
Closes gh-1997
That way, if there is one, it will always be the right one
(otherwise you might be processing teh parent context with
metadata from the child).
Fixes gh-1982