Commit Graph

10 Commits (2e3187d1f6a3e84908aaffc16e489c84b319ad49)

Author SHA1 Message Date
Andy Wilkinson 66b55defa0 Adapt to password encoder changes in Spring Security
Closes gh-10762
7 years ago
Madhura Bhave d307eba0a3 Add property to configure base-path for web endpoints.
Also, move properties corresponding to management server under
`management.server.*`.

Closes gh-10230
7 years ago
Phillip Webb 2855010841 Fix sample POMs
Update sample POMs to follow CI friendly Maven conventions.

See gh-9316
7 years ago
Phillip Webb 46dfe38b60 Rework security request matchers
Update the security request matchers so that a bean is no longer needed
when the matcher is used. Matchers can now be build by starting from
the `EndpointRequest` or `StaticResourceRequest` classes. For example:

http.authorizeRequests()
  .requestMatchers(EndpointRequest.to("status", "info")).permitAll()
  .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")
  .requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()

Closes gh-7958
7 years ago
Phillip Webb 2e51b48cd9 Refactor actuator package locations
Restructure actuator packages to improve structure. The following
changes have been made:

 - Separate actuator and actuator auto-configuration into different
   modules.
 - Move endpoint code into `spring-boot-actuator`.
 - Move `Endpoint` implementations from a single package into
   technology specific packages.
 - Move `HealthIndicator` implementations from a single package into
   technology specific packages.
 - As much as possible attempt to mirror the `spring-boot` package
   structure and class naming in `spring-boot-actuator` and
   `spring-boot-actuator-autoconfigure`.
 - Move `DataSourceBuilder` and DataSource meta-data support from
   `spring-boot-actuator` to `spring-boot`.

Fixes gh-10261
7 years ago
Phillip Webb 0f99b29b1a Temporarily remove security matchers
Temporarily back out `SpringBootSecurity` to enable easier
package refactoring.

See gh-10261
7 years ago
Phillip Webb ecb8461e8c Manually format security configuration
Update security configuration formatting to follow conventions
recommended in the Spring Security documentation.

See gh-7958
7 years ago
Phillip Webb 2c97d3a5e9 Polish 7 years ago
Stephane Nicoll 98455e30dc Rename default endpoint settings to "default"
Closes gh-10098
7 years ago
Madhura Bhave e08ddbf838 Rework security autoconfiguration
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.

Closes gh-7958
7 years ago