Commit Graph

3602 Commits (20bb9c030504a24187ca72ade3285d86350b8cc0)
 

Author SHA1 Message Date
Stephane Nicoll 20bb9c0305 Remove warnings for expected deprecation usage 10 years ago
Dave Syer 3c1e48c89a Better handling of anonymously accessible endpoints
Shares the /health endpoint request mapping between security config
and MVC dispatcher. Generalizes so that instead of a marker
interface (AnonymouslyAccessibleMvcEndpoint), an MvcEndpoint
signals that it wants to control its own access rules by adding
a Principal to the @RequestMapping method parameters (more @MVC).

Fixes gh-2015 slightly differently
10 years ago
Andy Wilkinson 2ce057ca96 Allow /health to be accessed anonymously irresepctive of its sensitivity
The changes in 3bb598a overload the health endpoint's sensitive
property such that it's now considered sensitive if management
security is enabled. When an endpoint is sensitive anonymous
access is prevented. This breaks the health endpoint which should
return a filtered view of the server's health when it's accessed
anonymously rather than rejecting the request.

This commit introduces AnonymouslyAccessibleMvcEndpoint, a marker
extension of the MvcEndpoint interface. It is implemented by
HealthMvcEndpoint. ManagementSecurityAutoConfiguration has been
updated to allow anonymous access to endpoints that aren't sensitive
or that implement AnonymouslyAccessibleMvcEndpoint.

Fixes gh-2015
10 years ago
Stephane Nicoll e507c61481 polish 10 years ago
Stephane Nicoll 5b231e600b Also flag deprecated properties in a @Deprecated class
Previously, any property defined in a @Deprecated class were not marked
as deprecated as only the getter or field was inspected for the
annotation.

An additional check on the class has been added to handle this case.

Fixes gh-2014
10 years ago
Stephane Nicoll 1a5916665c Remove unused RabbitMQ dynamic property flag
Fixes gh-1999
10 years ago
Stephane Nicoll 65e9d6a6e0 Add property description
Set the field javadoc of many properties that are managed via
configuration so that the "description" field is available in the
meta-data.

Closes gh-1808
10 years ago
Andy Wilkinson 40a7445fec Merge branch '1.1.x' 10 years ago
Andy Wilkinson 64599261a5 Allow mongo port, host, and credentials to be configured individually
Previously, the host had to have a custom value for the configuration
of the port or credentials (username and password) to take effect. This
meant, for example, that you couldn’t just set the port or just set the
username and password while using the default host.

This commit allows the port or username and password to be configured
without also configuring the host. The default host (localhost) and
port (27017) are retained.

Fixes gh-2008
10 years ago
Stephane Nicoll 8ee237a9c6 Fix documentation syntax typo 10 years ago
Oliver Gierke 123b90fa64 Register all packages where @EnableAutoConfiguration is used
Previously, when @EnableAutoConfiguration was used in multiple packages,
the last @EnableAutoConfiguration that was processed would
win and only its package would be stored as an auto-configuration
package.

This commit updates AutoConfigurationPackages to allow multiple package
name registrations. AutoConfigurationPackages.set(…) has been altered to
augment the constructor arguments of the BeanDefinition registered for
the initial call to the method so that the packages handed to the method
call will be added to the bean definition and not replace the previous
ones. The method has been renamed register(…) to reflect the changed
behavior.

Closes gh-1994
10 years ago
Andy Wilkinson a83f9c6311 Correct markup in documentation of how to configure Undertow 10 years ago
Andy Wilkinson d1cb3c7ce1 Polish names in pom.xml of Jersey and Cloud Connectors starters 10 years ago
Andy Wilkinson d5b7f49f83 Merge branch '1.1.x' 10 years ago
Andy Wilkinson 9270303a9a Remove double “and” from DataSourceInitializer’s javadoc 10 years ago
Spencer Gibb 2fb4d2ece6 Check if managementServerProperties.getSecurity() is not null
before checking isEnabled(). It is explicitly constructed as null
in ManagementServerProperties to prevent class not found errors
at runtime when Security is not on the classpath.

Fixes gh-2003, fixes gh-2004
10 years ago
Dave Syer 3bb598a421 Only hide /health details if the app is actually secure
Also gives the user the option to override (by setting
endpoints.health.sensitive=false).

Fixes gh-1977 in a slightly different way
10 years ago
Andy Wilkinson 337e9bd013 Use and wait for a latch to check that the interceptor is called
Spring MVC drives the postHandle method on any interceptors after the
response has been sent to the client. This meant that there was a
race between the test receiving the response and asserting that the
interceptor had been driven and Spring MVC driving the interceptor.

This commit updates the interceptor to use a CountDownLatch to track
whether or not it's been called. The test now waits for up to 30
seconds for the latch to be decremented.

Closes gh-1997
10 years ago
Andy Wilkinson 55fadf1231 Merge branch '1.1.x' 10 years ago
Andy Wilkinson 02e925cb4e Merge branch 'gh-1989' into 1.1.x 10 years ago
Andy Wilkinson 2b4eee5e53 Add a note explaining that double backslashes are unnecessary in YAML
Closes gh-1989
10 years ago
Sjoerd Mulder cc557833a4 Escape backslashes in .properties examples of setting internal-proxies
In a properties file, a backslash is used as an escape character for
the line terminator sequence to allow values to be split across
multiple lines. When a backslash is used elsewhere they're stripped
out of the property's value.

This commit updates .properties-based examples for configuring
server.tomcat.internal-proxies to escape the backslahes so that they
are retained in the property's value at runtime.

See gh-1989
10 years ago
Andy Wilkinson 092b861ee3 Merge branch '1.1.x' 10 years ago
Andrea Vacondio 9ef8335881 Fix broken link to the MVC section of the Spring reference docs
Closes gh-1998
10 years ago
Andy Wilkinson a708b28d9d Document restrictions when /health is accessed anonymously
Closes gh-1978
10 years ago
Andy Wilkinson 26a511495e Allow the user to opt-out of anonymous access restrictions for /health
By default, when /health is accessed anonymously, the details are
stripped, i.e. the response will only indicate UP or DOWN. Furthermore
the response is cached for a configurable period to prevent a denial
of service attack.

This commit adds a configuration property,
endpoints.health.restrict-anonymous-access, that can be set to false
to allow full anonymous access to /health. When full access is
allowed, the details will be included in the response and the response
will not be cached.

Closes gh-1977
10 years ago
Andy Wilkinson 5854ea189e Make TestInterceptor thread-safe
Previously, TestInterceptor used an int to keep a count of how often
it had been called. The count was incremented on one thread and
read on another thread. This lead to intermittent test failures as the
field was not declared volatile and a stale value would sometimes be
returned.

This commit updates TestInterceptor to use an AtomicInteger that's
held in a final field. This ensures that getCount() will not return
stale values and also ensures that the count can safely be incremented
concurrently.

Closes gh-1997
10 years ago
Andy Wilkinson 023d5bea3b Merge branch '1.1.x' 10 years ago
Andy Wilkinson feddb2e8a1 Note that @IntegrationTest and @WebAppConfiguration can be used with Spock
Closes gh-1908
10 years ago
Andy Wilkinson 6d97785030 Add a plain JPA sample application
Closes gh-1761
10 years ago
Stephane Nicoll 4402c6b4a0 Haromonize configuration keys to lowercase hyphen 10 years ago
Stephane Nicoll 76451d13f5 Add metadata for info.*
Closes gh-1993
10 years ago
Stephane Nicoll c05b387457 Add metadata for logging.level
Closes gh-1992
10 years ago
Andy Wilkinson efe50ebcad Document WebSocket exclusions that are required when using Jetty 8
Closes gh-1969
10 years ago
Andy Wilkinson 27569f5845 Add an EL implementation to the Undertow Starter
Unlike the Tomcat and Jetty starters, the Undertow starter does not
provide an EL implementation. This leads to failures when you try to use
Hibernate Validator with the Undertow starter.

To bring the Undertow starter into line with the other two embedded
container starters, this commit adds Glassfish’s EL implementation to
the Undertow starter. This is the implementation that’s used by the
Jetty starter. If/when Undertow provides JSP support and, therefore,
starts using EL itself, we should align with it.

Closes gh-1979
10 years ago
Andy Wilkinson 5b671847d3 Merge branch '1.1.x' 10 years ago
Andy Wilkinson ccbc606dad Use relative paths so index is unaffected by its context path
Previously, index.html used absolute paths to load its CSS and
JavaScript. This meant that it had to be deployed to /. This commit
updates the HTML to use relative paths for its CSS and JavaScript,
thereby ensuring that they can be loaded irrespective of the context
path to which the application is deployed.

Closes gh-1988
10 years ago
Andy Wilkinson d5ad502d31 Disable Undertow auto-config if required XNIO classes are unavailable
Fixes gh-1986
10 years ago
Stephane Nicoll dea1ca9855 Update description of property type 10 years ago
Dave Syer 9db86bbd2a Lookup metadata bean from context instead of injecting
That way, if there is one, it will always be the right one
(otherwise you might be processing teh parent context with
metadata from the child).

Fixes gh-1982
10 years ago
Dave Syer f21d58ada7 Use constructor injection for Jersey sample 10 years ago
Dave Syer 9f7bd0cddc Inject ResourceConfig instance (not class) into Jersey
If you inject the class (via a servlet parameter) it seems that
Jersey tries to create all the beans for you (and fails). I thought
it was supposed to work (according to the docs), so I'm a bit confused
but the sample now has Spring DI and the tests pass.

Fixes gh-1981
10 years ago
Phillip Webb e56a1ba561 Refine inner class detection algorithm
Update the ConfigurationMetadataAnnotationProcessor nested class
algorithm to prevent inner classes being added as both groups and
properties.

Fixes gh-1975
10 years ago
Phillip Webb 2a9a749329 Polish 10 years ago
Phillip Webb 5220f584db Revert spring-boot-configuration-metadata for now
See gh-1970
10 years ago
Stephane Nicoll 2f4a46a180 Associate logging.* properties to group 10 years ago
Stephane Nicoll 2b19955cee Remove useless System.out.println 10 years ago
Stephane Nicoll 7b4de0921f Remove useless @ConfigurationProperties
Fixes gh-1972
10 years ago
Stephane Nicoll 32efff3f30 Avoid creating a nested group for an Enum
Previously, an Enum that is defined as an inner class of a
@ConfigurationProperties pojo was wrongly detected as an nested group.

This case is now handled explicitly and covered by a test.

Fixes gh-1971
10 years ago
Stephane Nicoll 5f673c9e84 Fix usage of putIfAbsent 10 years ago