Shares the /health endpoint request mapping between security config
and MVC dispatcher. Generalizes so that instead of a marker
interface (AnonymouslyAccessibleMvcEndpoint), an MvcEndpoint
signals that it wants to control its own access rules by adding
a Principal to the @RequestMapping method parameters (more @MVC).
Fixes gh-2015 slightly differently
The changes in 3bb598a overload the health endpoint's sensitive
property such that it's now considered sensitive if management
security is enabled. When an endpoint is sensitive anonymous
access is prevented. This breaks the health endpoint which should
return a filtered view of the server's health when it's accessed
anonymously rather than rejecting the request.
This commit introduces AnonymouslyAccessibleMvcEndpoint, a marker
extension of the MvcEndpoint interface. It is implemented by
HealthMvcEndpoint. ManagementSecurityAutoConfiguration has been
updated to allow anonymous access to endpoints that aren't sensitive
or that implement AnonymouslyAccessibleMvcEndpoint.
Fixes gh-2015
Previously, any property defined in a @Deprecated class were not marked
as deprecated as only the getter or field was inspected for the
annotation.
An additional check on the class has been added to handle this case.
Fixes gh-2014
Set the field javadoc of many properties that are managed via
configuration so that the "description" field is available in the
meta-data.
Closes gh-1808
Previously, the host had to have a custom value for the configuration
of the port or credentials (username and password) to take effect. This
meant, for example, that you couldn’t just set the port or just set the
username and password while using the default host.
This commit allows the port or username and password to be configured
without also configuring the host. The default host (localhost) and
port (27017) are retained.
Fixes gh-2008
Previously, when @EnableAutoConfiguration was used in multiple packages,
the last @EnableAutoConfiguration that was processed would
win and only its package would be stored as an auto-configuration
package.
This commit updates AutoConfigurationPackages to allow multiple package
name registrations. AutoConfigurationPackages.set(…) has been altered to
augment the constructor arguments of the BeanDefinition registered for
the initial call to the method so that the packages handed to the method
call will be added to the bean definition and not replace the previous
ones. The method has been renamed register(…) to reflect the changed
behavior.
Closes gh-1994
before checking isEnabled(). It is explicitly constructed as null
in ManagementServerProperties to prevent class not found errors
at runtime when Security is not on the classpath.
Fixes gh-2003, fixes gh-2004
Spring MVC drives the postHandle method on any interceptors after the
response has been sent to the client. This meant that there was a
race between the test receiving the response and asserting that the
interceptor had been driven and Spring MVC driving the interceptor.
This commit updates the interceptor to use a CountDownLatch to track
whether or not it's been called. The test now waits for up to 30
seconds for the latch to be decremented.
Closes gh-1997
In a properties file, a backslash is used as an escape character for
the line terminator sequence to allow values to be split across
multiple lines. When a backslash is used elsewhere they're stripped
out of the property's value.
This commit updates .properties-based examples for configuring
server.tomcat.internal-proxies to escape the backslahes so that they
are retained in the property's value at runtime.
See gh-1989
By default, when /health is accessed anonymously, the details are
stripped, i.e. the response will only indicate UP or DOWN. Furthermore
the response is cached for a configurable period to prevent a denial
of service attack.
This commit adds a configuration property,
endpoints.health.restrict-anonymous-access, that can be set to false
to allow full anonymous access to /health. When full access is
allowed, the details will be included in the response and the response
will not be cached.
Closes gh-1977
Previously, TestInterceptor used an int to keep a count of how often
it had been called. The count was incremented on one thread and
read on another thread. This lead to intermittent test failures as the
field was not declared volatile and a stale value would sometimes be
returned.
This commit updates TestInterceptor to use an AtomicInteger that's
held in a final field. This ensures that getCount() will not return
stale values and also ensures that the count can safely be incremented
concurrently.
Closes gh-1997
Unlike the Tomcat and Jetty starters, the Undertow starter does not
provide an EL implementation. This leads to failures when you try to use
Hibernate Validator with the Undertow starter.
To bring the Undertow starter into line with the other two embedded
container starters, this commit adds Glassfish’s EL implementation to
the Undertow starter. This is the implementation that’s used by the
Jetty starter. If/when Undertow provides JSP support and, therefore,
starts using EL itself, we should align with it.
Closes gh-1979
Previously, index.html used absolute paths to load its CSS and
JavaScript. This meant that it had to be deployed to /. This commit
updates the HTML to use relative paths for its CSS and JavaScript,
thereby ensuring that they can be loaded irrespective of the context
path to which the application is deployed.
Closes gh-1988
That way, if there is one, it will always be the right one
(otherwise you might be processing teh parent context with
metadata from the child).
Fixes gh-1982
If you inject the class (via a servlet parameter) it seems that
Jersey tries to create all the beans for you (and fails). I thought
it was supposed to work (according to the docs), so I'm a bit confused
but the sample now has Spring DI and the tests pass.
Fixes gh-1981
Update the ConfigurationMetadataAnnotationProcessor nested class
algorithm to prevent inner classes being added as both groups and
properties.
Fixes gh-1975
Previously, an Enum that is defined as an inner class of a
@ConfigurationProperties pojo was wrongly detected as an nested group.
This case is now handled explicitly and covered by a test.
Fixes gh-1971
Stephane Nicoll
Dave Syer
Andy Wilkinson
Oliver Gierke
Spencer Gibb
Sjoerd Mulder
Andrea Vacondio
Phillip Webb