When Spring Security sends 302 responses to a login page we don't get
any information about the request matching in Spring MVC. Consequently
apps can end up with a lot of counter.status.302.* metrics (where
"*" can be whatever the user sent).
This change treats 3xx the same as 4xx (if it is unmapped it just gets
added to a metric called "unmapped" instead of using the actual request
path).
Fixes gh-2563
By default, Elasticsearch writes it data to ./data. This led to data
being left on the filesystem after a mvn clean which could cause
failures when moving between branches that use different versions of
Elasticsearch.
This commit updates the tests for the Elasticsearch sample and
the Elasticsearch auto-configuration classes to write the
Elasticsearch data and logs into the target directory.
Update ElasticsearchAutoConfiguration to ensure that local nodes are
closed when the context is closed. Prior to this commit the close()
method of the Client would be called which had no effect for local
Nodes.
Fixes gh-2480
Undertow’s WebSocket client sends an illegal Origin header – it does
not include the scheme, e.g. it’ll send “localhost” rather than
“http://localhost”. This commit works around the problem by allowing
access to the SockJS endpoints from any origin, thereby disabling
OriginHandlerInterceptor’s checking of the Origin header.
Spring Integration's FileWritingMessageHandler uses a .writing file
while it's in the process of writing a message to disk and then
performs a rename (depending on the OS and filesystem this may or may
not be atommic) to create the .msg file. Prior to this commit the
test was finding the temporary .writing files and examining them. This
could lead to a FileNotFoundException being thrown as the temporary
file was deleted while the test was trying to read its contents.
This commit updates the test to only look for files with a .msg suffix
Fixes gh-2428
Previously, SampleIntegrationParentApplicationTests assumed that when
an output file existed on disk its contents would have been written
in their entirety. This assumption does not hold true and causes the
test to fail intermittently as it incorrectly determines that the test
has produced no output.
This commit updates the test to wait for up to 30 seconds for the
output files to appear on disk and for the expected content to be
found in one of those files. If the files exist but do not
contain the expected content the test will keep trying until it does
or until too much time as elapsed.
Fixes gh-2380
Previously, the documentation only provided examples of the required
configuration for Maven users. This commit adds equivalent configuration
snippets for those using Gradle. It also removes the recommendation to
override the version of the Servlet API as this is unnecessary. The pom
files for the Jetty 8 and Tomcat 7 samples have also been updated
accordingly.
Closes gh-2346
Undertow, like Tomcat, uses "" for the context path of the root
context. Previously, the Undertow deployment was being configured with
"/" for the root context. This was leading to a silent failure in
AsyncContextImpl.dispatch when it failed to look up the deployment
manager for the current request.
This commit updates UndertowEmbeddedServletContainerFactory to use the
correct context path (an empty String) for the root context.
Fixes gh-2365
A dependency on org.glassfish.jersey.ext:jersey-bean-validation has
been added to spring-boot-starter-jersey. jersey-bean-validation’s EL
dependencies have been excluded in favour of those provided by
spring-boot-starter-tomcat (or starter-jetty or starter-undertow should
the user choose to use a different embedded container).
Closes gh-2315
The package names changed a bit from the prototype project, but wuth vanilla
autconfiguration usage that shouldn't matter. Follows closely the Groovy
templates support. Templates live in classpath:/templates/*.html by default.
Fixes gh-2242
Update ManagementSecurityAutoConfiguration so that MVC Endpoints that
have Principal arguments are not treated in any special way. This
restores Spring Boot 1.1.x behavior where the 'sensitive' flag is used
to determine access rules.
The HealthMvcEndpoint still uses the Principal (when available) to
determine if full status information can be displayed. It now also
explicitly checks the environment for `endpoints.health.sensitive`
to determine if the user has opted-out and requires complete health
details.
The health MVC endpoint should now work as follows:
* Default configuration - No login is required, full information is only
displayed if a Principal is available.
* endpoints.health.sensitive=true - Login is required, full information
is displayed.
* endpoints.health.sensitive=false - Login is not required, full
information is displayed.
Fixes gh-2211
Dave Syer
Phillip Webb
Spring Buildmaster
Matt Benson
Stephane Nicoll
Andy Wilkinson
izeye