Commit b02aba4 has renamed `management.security.role` to
`management.security.roles`. Unfortunately, the `HealthMvcEndpoint`
was still looking at the old property.
This commit makes sure that the proper key is used and any custom
role is applied rather than an unconditional `ADMIN` role.
See gh-6540
Call afterPropertiesSet on the delegate `ResourceHttpRequestHandler`
to prevent an NPE. This change is required for compatibility with
Spring Framework 4.3 following SPR-13834.
Closes gh-6592
Previously, MetricExportAutoConfiguration consumed
ExportMetricWriter-annotated GaugeWriter beans in its constructor and
also produced such a bean from one of its @Bean methods. This cycle
caused a BeanCurrentlyInCreationException to be thrown when the
bean method was active (the spring.metrics.export.statsd.host property
was set).
This commit break the cycle by moving the bean method into a separate,
nested configuration class. It also updates the existing test for
auto-configuration of a Statsd writer to catch any possible cycles
and to verify that the writer has be registered with the
MetricsExporter.
Closes gh-6544
Previously, a NullPointerException would occur if
endpoints.docs.curies.enabled was true and the default value was being
used for either server.port or management.port.
EndpointWebMvcHypermediaManagementContextConfiguration has been
restructured to ensure that the DocsMvcEndpoint bean is defined before
the condition on its existence is evaluated. Previously this was
dependant on the class’s bean methods being processed in a particular
ordering, something that would be ok when using ASM but would vary when
using reflection.
Closes gh-6584
Move ApplicationPidFileWriter and EmbeddedServerPortFileWriter to the
core spring-boot project since they're not really tied to the actuator.
Fixes gh-6398
The MBean requires that a file does not exist at the location to which
it’s dumping the heap. This commit updates the test to ensure that the
temporary file that’s created to get a location for the heap dump file
is deleted before asking the MBean to dump the heap to that location.
ConcurrentHashMap implements `containsKey` with `get`. By removing a
redundant call to `containsKey`, we guarantee better performance in our
counter services.
The geek inside measured this with JMH, and found under 4 threads of
contention, throughput on this check was 40% higher in success case.
Benchmark Mode Cnt Score Error Units
TestBenchmarks.containsKeyAndGet_success thrpt 30 432.389 ± 20.616 ops/us
TestBenchmarks.get_success thrpt 30 606.789 ± 10.848 ops/us
Closes gh-6379
Previously, the shutdown endpoint would spawn a new thread to perform
the shutdown but did not explicitly configure its thread context
class loader (TCCL). This mean that the new thread would use the
request thread's TCCL as its TCCL. This meant that a different TCCL
would be used compared to a shutdown triggered by the shutdown hook
and also caused problems with Tomcat's thread leak detection logic.
This commit updates the shutdown endpoint to explicitly configure the
TCCL of the shutdown thread to be the ClassLoader that loaded the
endpoint's class.
Closes gh-6361
Previously, the shutdown endpoint would spawn a new thread to perform
the shutdown but did not explicitly configure its thread context
class loader (TCCL). This mean that the new thread would use the
request thread's TCCL as its TCCL. This meant that a different TCCL
would be used compared to a shutdown triggered by the shutdown hook
and also caused problems with Tomcat's thread leak detection logic.
This commit updates the shutdown endpoint to explicitly configure the
TCCL of the shutdown thread to be the ClassLoader that loaded the
endpoint's class.
Closes gh-6361
Update WebRequestTraceFilter so that additional post processing can be
applied to traced request headers. The postProcessRequestHeaders method
can be used to remove or change map entries before they are returned.
Fixes gh-6309
Where possible, code that previously synchronized on this (or on the
class in the case of static methods) has been updated to use an
internal monitor object instead. This allows the locking model that's
employed to be an implementation detail rather than part of the
class's API.
Classes that override a synchronized method continue to declare
the overriding method as synchronized. This ensures that locking
is consistent across the superclass and its subclass.
Closes gh-6262
This commit polishes b0fbc7e, throwing an exception when an attempt is
made to configure management-specific SSL without also configuring a
custom management port. The testing of management-specific SSL
configuration has also been improved.
See gh-6057
Closes gh-4810
Move Neo4J auto-configuration from `autoconfigure.neo4j` to
`autoconfigure.data.neo4j` since it's intrinsically linked to Spring
Data.
See gh-5458
See gh-6142
When a custom management.port is used, the child context is configured
with an EmbeddedServletContainerFactory bean that has the same class
as the parent context’s EmbeddedServletContainerFactory bean. This
ensures that the child context uses the same type of embedded container
as its parent when there are multiple embedded containers on the
classpath. It also causes a failure when the custom
EmbeddedServletContainerFactory subclass cannot be instantiated, for
example because it’s an anonymous inner-class.
This commit improves the diagnostics so that we fail fast with an
information exception message when we detect that the embedded servlet
container factory bean’s class cannot be instantiated.
Closes gh-6193
This commit changes the default version of Tomcat to 8.5.3 while
also retaining support for Tomcat 8.0 and 7.0. The main difference
in 8.5 is that the ServerSocketFactory abstraction that allowed the
TrustStore and KeyStore to be configured programatically no longer
exists. This logic has been replaced with the use of a custom URL
protocol (springbootssl) that provides access to the key store and
trust store of an SslStoreProvider. In addition to working with 8.5,
this approach has the advantage of also working with 8.0 and 7.0.
Closes gh-6164
This commit adds `@AliasFor` meta-data to annotations that declare an
alias attribute.
`@ConditionalOnProperty` and `@AutoconfigureRestDocs` were not migrated
due to the use of `AnnotationMetadata#getAnnotationAttributes`.
Closes gh-5187
Previously, if the `contextPath` of the application wasn't the root, the
HAL browser could not initialize since the `entryPoint` was referring to
an invalid location.
This commit makes sure to take the `contextPath` into account.
Closes gh-5814
Previously, SimpleInMemoryRepository used a ConcurrentReferenceHashMap
to store its locks. The type of map will discard its entries when the
JVM comes under GC pressure. With the code in its previous form, this
could lead to a NullPointerException when the following occurred:
1. putIfAbsent returned null indicating that a new entry has been added
to the map
2. GC pressure caused the map to discard the new entry
3. get returned null as the entry has been discard
There are two problems with the existing code:
1. Its usage of a ConcurrentMap is incorrect. The correct usage is:
a. Call get to see if the map already contains a lock
b. If the lock is null, create a new one
c. Call putIfAbsent to add the new lock
d. If the return value is non-null, another thread has created the
lock and it should be used. If the return value is null, use the
new lock created in b.
2. Once the use of ConcurrentMap has been corrected, the fact that it is
a ConcurrentReferenceHashMap means that different threads could
access the same value using different locks. This would occur if one
thread has retrieved a lock from the map and is using it, while GC
causes the lock to be removed from the map. Another thread then
attempts to get the lock and, as GC pressure has remove it, a new
lock is created allowing concurrent access to the same value.
This commit updates the code to use the ConcurrentMap correctly and also
replaces the ConcurrentReferenceHashMap with a ConcurrentHashMap. This
means that the repository will now use slightly more memory but this is
outweighed by the benefits of thread-safe updates and no risk of an NPE.
Closes gh-6115
This commit adds a Jest-based health indicator for ElasticSearch. If both
Jest and the Spring Data are available, the latter takes precedence as it
provides more information.
Closes gh-3178
"Starter POM" is a confusing term as it implies the starter may be a
POM while it's actually a jar artifact like any other dependency. To
reduce the confusion (especially in the way such starter should be
declared in the build), the term Starter POM has been renamed to Starter.
Closes gh-5966
Update EndpointWebMvcAutoConfiguration so that ApplicationFailedEvents
cause the management context to close.
Prior to this commit if an application failed to start (for example
because `server.port` was already in use) the management context would
remain open and the application would not exit.
Fixes gh-5388
This commit improves the `InfoContributor` infrastructure as follows:
* `InfoEndpoint` no longer breaks its public API and returns a Map as
before
* `Info` is now immutable
* All properties of the build are now displayed. Since we control the
generation of that file, there is no longer a mode to restrict what's
shown
* Build info is now generated in `META-INF/build-info.properties` by
default
Closes gh-5734
Reorganize web related classes for better separation of concerns.
Mainly this involves moving classes from `o.s.b.context.embedded`
that aren't directly tied to embedded servlet containers to
`o.s.b.web` and relocating everything from `o.s.b.context.web`.
See gh-5822
Move the @LocalServerPort to org.springframework.boot.context.embedded
since it's only really useful when working with embedded servlet
containers.
See gh-5822
Add an additional property to LogFileMvcEndpoint to allow log files to
be read from an external location. This is helpful when a launch.script
is used to start the boot-application and the logfile is written by a
redirect of stdout/stderr.
Fixes gh-4255
Closes gh-4836
Extract ApplicationContextHeaderFilter to a top-level class from
EndpointWebMvcAutoConfiguration and make the header field public.
Fixes gh-5726
Closes gh-5784
Before this change the app context closes and metrics that have not
yet been exported ccan be orphaned. The design of this feature is simple:
use Closeable where possible, so that it will be called automatically
by Spring on shutdown.
Fixes gh-5771
The MetricCopyExporter has had the capability for a while to keep
track of counters internally. This change aligns that with the
PrefixMetricGroupExporter.
Fixes gh-5762
Previously, if the filter chain threw an unhandled exception,
WebRequestTraceFilter would record a trace with a response status of
200. This occurred because response.getStatus() would return 200 as
the container had not yet caught the exception and mapped it to an
error response.
This commit updates WebRequestTraceFilter to align its behaviour with
MetricsFilter. It now assumes that the response status will be a 500
and only updates that to the status of the response if the call to the
filter chain returns successfully.
To avoid making a breaking change to the signature of the protected
enhanceTrace method, an HttpServletResponseWrapper is used to include
the correct status in the trace.
Closes gh-5331
Flyway 4.0 provides support for repeatable migrations that do not
have a version. When such a migration has been performed,
MigrationInfo.getMigrationVersion() will return null and, previously,
FlywayEndpoint would fail with an NPE.
This commit updates FlywayEndpoint to use null as the version when
MigrationInfo.getMigrationVersion() returns null.
Closes gh-5700
This commit moves the `shell.auth` property to `shell.auth.type`. The
previous situation was unfortunate since `shell.auth` was both a group
and a particular property.
Closes gh-5139
Ensure any ChildManagementContext created to start a management server
on a different port uses the same EmbeddedServletContainerFactory type.
Fixes gh-5474
Add `endpoints.metrics.filter.gauge-submissions` and
`endpoints.metrics.filter.counter-submissions` properties which can be
used to fine-tune how MetricsFilter submits metrics.
Use `per-http-method` to group by the the HTTP method, `merged` to
combine or both (`merged,per-http-method`) to submit both in forms.
Closes gh-5102
Rework the new testing support so that @SpringApplicationTest can be
used for standard integration tests, web integration tests with a
mock Servlet environment and web integration tests with an embedded
servlet container. This means that it a replacement for 1.3's
@IntegrationTest and @WebIntegrationTest and allows all
SpringApplication testing to be configured using a common annotation.
The old @IntegrationTest and @WebIntegrationTest along with their
supporting classes have been reinstated to their previous form (while
remaining deprecated). This should ensure that they continue to work
in 1.4 exactly as they did in 1.3 giving users a smooth path to
@SpringApplicationTest.
See gh-5477
This commit polihes the original Neo4j contribution in several areas.
Rather than providing the packages to scan, this commit rearranges the
`EntityScan` and `EntityScanRegistrar` so that the logic can be shared
for other components. If no package is provided, scanning now defaults to
the "auto-configured" package(s) and a `@NodeEntityScan` annotation
allows to override that.
The configuration has also been updated to detect the driver based on the
`uri` property. If the embedded driver is available we use that by
default. If it is not available, we're trying to connect to a Neo4j
server running on localhost. It is possible to disable the embedded mode
or set the `uri` parameter explicitly to deviate from these defaults.
The sample no longer relies on the embedded driver for licensing reason:
rather it expects an instance running on localhost (like other
data-related samples) and gracefully ignore any connection error. A
README has been added in the sample to further explain the available
options;
Closes gh-5458
This is a follow-on from the work done in 5009933. Now that SPR-14015
has been fixed, constructor injection can also be used for parameterised
dependencies, including optional dependencies that are injected via
an ObjectProvider.
Closes gh-5306
This commit updates the Maven plugin to generate a
`META-INF/boot/build.properties` file with various build-specific
settings (group, artifact, name, version and build time). Additionally,
the plugin can be configured to write an arbitrary number of additional
properties.
A new `BuildProperties` bean is automatically exposed when such a file is
present. If that bean is present, an `InfoContributor` is automatically
created to expose that information under the `build` key.
As for the git contributor, it is possible to only display the core
settings or everything using the `management.info.build.mode` property.
See gh-2559
Rather than exposing a raw String with the epoch time, GitProperties
now exposes the actual `java.util.Date`. `InfoProperties` has been
improved to return such data type when the raw value is an epoch time.
This commit polish the new info contributor infrastructure by migrating
`GitInfo` to `GitProperties`. `InfoProperties` provides an abstraction
that exposes unstructured data in an immutable way.
The `GitInfoContributor` now accepts a "mode" that determines if all data
should be exposed or only a sub-set of known keys.
Closes gh-2644
Previously, the ehcache statistics were computed on the activity of the
last minute which gives a "live" overview. All others cache managers,
including JCache, provides a "cumulative" metrics (i.e. the hit/miss
ratio since the creation of the cache or the last time it got cleared).
Ths commit aligns the ehcache statistics to provide a similar semantics
as the other cache managers. The side effect is that the metrics are now
available, even if there is no cache activity at all at the moment.
Closes gh-4891
This commit updates "simple" configuration classes to use constructor
injection. Simple means that there are no optional dependencies
(@Autowired(required=false) is not used), and none of the dependencies
use generics.
Configuration classes that are not simple will be updated in a second
pass once https://jira.spring.io/browse/SPR-14015 has been fixed.
See gh-5306
`InfoProvider` is now `InfoContributor` and contributes to the `Info`
instance via a builder. The `Info` instance is immutable. Each
contributor can be disabled via the `management.info.<name>.enabled`
key or all can be disabled using `management.info.defaults.enabled` (this
is similar to what the health endpoint does).
By default, all keys from the environment starting with `info.` are
exposed. If a `git.properties` file is present in the classpath, the
content of `GitInfo` is exposed using the `git` key.
A `SimpleInfoContributor` and `AbstractEnvironmentInfoContributor` are
available for convenience. `InfoContributor` instances can be ordered
the usual way, with a default order provided by
`InfoProviderAutoConfiguration#DEFAULT_ORDER`.
Closes gh-3492
This commit moves `GitInfo` to a general "project info" area that will be
further improved with others project related information.
Deprecate `spring.git.properties` in favour of `spring.info.git.location`
Closes gh-2484
Previously, if endpoints.enabled was false setting
endpoints.docs.enabled=true or endpoints.actuator.enabled=true would
have no effect as their entire configuration class was conditional
on endpoints.enabled being true.
This commit updates the conditions on the configuration class so that
it is conditional on either the actuator or docs endpoint being enabled.
Closes gh-5007
Plugin disabling logic was broken by e009d3e4. Prior to this change,
a plugin would be disabled if it or any of the implemented interfaces
in its inheritance hierarchy were configured as being disabled. The
offending commit inverted the logic so that the plugin would be
enabled if any part of it was NOT configured as being disabled.
This commit restores the logic such that the early return happens only
in the negative case.
Previously, the tests were written as though
PluginContext#getPlugin(Class) would consider the specified class
against the runtime type of the plugin (not an unreasonable
assumption); rather this method considers the broader 'plugin type'.
This commit rewrites the test to seek by plugin type and assert the
absence of the disabled plugins.
Closes gh-5032
Support for configuring an endpoint’s path separately from its id was
introduced in 97255785, but it didn’t work for a variety of reasons:
1. Some custom MVC endpoints did not have configuration properties
bound to them
2. Some generic endpoints rejected the path property as they were
configured not to ignore unknown fields
3. The property used to configure the path was dependent on the id
of the endpoint. This meant that the path property’s name would
change if the endpoint’s id was changed
This commit addresses these problems:
1. @ConfigurationProperties has been added to custom MvcEndpoints where
it was missing
2. Generic endpoints have been updated to ignore unknown fields,
allowing the path of their MVC adapter to be configured
3. Rather than using the id of a generic endpoint to determine the name
of its path property, the prefix or value of the endpoint’s
@ConfigurationProperties annotation is used instead. Any generic
endpoint that is not annotated with @ConfigurationProperties is
ignored, making its path unconfigurable.
Closes gh-5105
The Jolokia auto-configuration requires ServletWrappingController from
Spring MVC to be on the classpath. This commit updates the
auto-configuration to make it conditional on the presence of this
class.
Closes gh-5153
Update the requestsWithDisallowedMethodsAreRejected test to use PATCH
rather than HEAD. The change is to allow support for Spring Framework
4.3 which will implicitly map HEAD requests to GET.
Pre-flight requests are also only for "non-simple" HTTP methods [1]
(i.e. anything but GET, HEAD, POST) so there is really no such a thing
as a pre-flight request for HEAD.
[1] https://www.w3.org/TR/cors/#resource-preflight-requests
We rarely use the same configuration in multiple test classes, but
Spring’s Test framework caches each context by default. For projects
with large numbers of integration tests, this can lead to tens of
contexts being cached. This increases memory usage, live thread count,
etc for no benefit.
This commit adds @DirtiesContext to the integration tests in
spring-boot, spring-boot-autoconfigure, and spring-boot-actuator so
that the context is closed once the test class has completed.
See gh-5141
Previously, WebRequestTraceFilter would call request.getParameterMap()
before deciding whether or not the parameters should be included in
the trace. For a POST request, this had the unwanted side-effect
of always reading the request body.
This commit updates WebRequestTraceFilter so that it checks that
parameters are to be included in the trace before calling
request.getParameterMap()
Closes gh-5089
Hikari and Commons DBCP2 are already validating that the connection is
valid before borrowing it from the pool. This commit makes that behaviour
consistent by enabling that feature for the Tomcat and Commons DBCP data
sources.
Since a validation query is required in those cases, the infrastructure
of `DataSourceHealthIndicator` has been merged in a single place: the
`DatabaseDriver` enum provides not only the driver class names but also
the validation query, if any.
Closes gh-4906
When `@EnableConfigurationProperties` is defined, Spring Boot
automatically registers a bean in the context for each class specified
on the annotation. Previously, the name of the bean only included the
prefix which leads to conflict if two different classes use the same
prefix.
This commit changes the bean name structure to be <prefix>-<fqn> where
prefix is the prefix used on the annotation and <fqn> the fully qualified
name of the target class.
Closes gh-4395
Previously, Spring Boot mapped both `DataSourceProperties` and the actual
`DataSource` implementation to the same prefix. This results in a huge
amount of keys in the `spring.datasource` namespace with no way to
identify those that are valid for the pooled data source in use.
This commit maps the four pooled data sources we support in four isolated
namespace, keeping `spring.datasource` only for the common settings.
These are `spring.datasource.tomcat`, `spring.datasource.hikari`,
`spring.datasource.dbcp` and `spring.datasource.dbcp2` for the Tomcat,
Hikari, Commons DBCP and Commons DBCP2 implementations respectively.
Closes gh-2183
Spring Boot’s metrics require all values to be Numbers. A Dropwizard
Gauge can have a non-Number value. Previously, to prevent this causing
a problem, MetricRegistryMetricReader would check the value of a Gauge
when it’s being added and ignore it if it had a non-Number value.
Unfortunately, retrieving the value of a Gauge can take a non-trivial
amount of time (hence CachedGauge) so this approach, while functional,
could be improved.
This commit updates the filtering to happen when a Metric is being
retrieved from MetricRegistryMetricReader (via findOne or findAll)
when its value is required anyway. At this point, any Gauge with a
non-Number value is ignored.
Closes gh-4874
Previously, HalJsonMvcEndpoint used a redirect to go from path/ to path.
When the actuator’s configured to use a custom context path this
redirect was leading to an infinite redirect loop.
This commit removes the redirect in favour of updating the controller
advice to apply the links to requests for path and path/.
Closes gh-4853
This commit completes the changes to consistently used static final
fields for Log instances that were started in ec2f33f9. Specifically it:
- Removes this. when accessing logger fields that are now static
- Renames some fields from log to logger
- Makes some logger fields static
See gh-4784
Ensure that Collections.isEmpty() is used to check if there are no
elements in a collections. This is more explicit and can be faster than
calling .size().
Closes gh-4783
If the user provides their own ServerProperties bean we want to peek
at it to see if they set the port (and only that) when we are deciding
if the actuator context needs to be created. This happens very early
(in a @Condition) so we need to be very defensive. There are already
quite a few checks in place to prevent a ServerProperties bean from
being instantiated unless we really need it, and yet, when it is
we can do more.
This change creates the bean (and the ManagementProperties) in a
throwaway BeanFactory using the same BeanDefinition as the main
context. This ensures that when the main context bean is created
it will be in the "natural" order and binding to the Environment
can take place as normal.
Fixes gh-4631
This change permanently removes links from the endpoints that return
arrays or collections, and also disables them in the rest of the
endpoints (except /actuator) by default.
Fixes gh-4616
Previously, the default RestTemplate that is used OpenTsdbGaugeWriter
was not used with its default configuration. Notably this meant that
it would have infinite connect and read timeouts. This is problematic
as it can cause metric writing to hang and block the scheduler for
performing any other tasks.
This commit updates OpenTsdbGaugeWriter to use a default connect
timeout of 10 seconds and a default read timeout of 30 seconds. A
constructor has been added to ease the configuration of these
timeouts. The existing option of providing your own RestTemplate
(via setRestTemplate) remains.
Closes gh-4698
Add a `server.server-header` property which can be used to override the
`server` header usually sent back automatically by Tomcat/Jetty or
Undertow.
See https://www.owasp.org/index.php/Securing_tomcat for background.
Fixes gh-4461
Closes gh-4504
Commit 8c14009 removed the endpoints.metrics.filter.enabled property so
that endpoints.metrics.enabled is used for both disabling the endpoint
and the servlet filter that records interactions.
This was an unfortunate decision as it was no longer possible to only
disable the servlet filter. The endpoints.metrics.filter.enabled property
has therefore been restored.
Closes gh-4365
Previously, each 5xx response to a request that used a path variable
would result in a metric being recorded that contained the path
variable. Therefore, if a different path variable was included in each
request, a new metric would be recorded for each request. This is
problematic as it can lead to the metrics being flooded with unwanted
entries.
This commit updates MetricsFilter to treat 5xx responses sent before
mapping has occurred in the same way as 4xx and redirect responses.
A single metric, counter.status.500.unmapped, is now used.
Closes gh-4377
Previously, if a regular expression was used when calling the metrics or
environment endpoints, a metric or property with a null value would
result in a 404 response.
This commit updates the two affected endpoints so that any metric or
property whose name matches the regular expression but has a null value
is ignored. This allows all of the matching metrics or properties with
non-null values to be returned in a 200 OK response.
Closes gh-4552
If a request to the actuator endpoint ends with a slash with Spring
HATEOAS on the classpath, an empty array of links is returned whereas
a request without the slash returns a response with all the expected
links to the actuator's other endpoints.
This commit adds an automatic redirection so that both URIs return the
expected result.
Closes gh-4575
If user set the management.port *and* the management.context-path
then the /error path was in the wrong place because formerly it
was implemented (in this case) by an MvcEndpoint. If we
switch it to a regular @Controller (which are now supported in the
child context if there is one) then it won't disappear under the
management.context-path.
Also use lazy request matching in ignores as well as secure paths.
The problem was that the ignores were constructed eagerly from the
actuator paths before they were available (the EndpointHandlerMapping
needs to be lazily accessed to avoid a security-induced bean creation
cascade).
Fixes gh-4624
If the user sets the management.port, he wants some of the
server.* properties, but not the context-path. This change
restores the behaviour in 1.2.x.
Fixes gh-4401
`EhCacheStatisticsProvider` uses the `StatisticsGateway` API introduced
in ehcache 2.7 (march 2013). If an older ehcache version is present, we
should back-off as this class is not available.
Closes gh-4621
Along with the recent change in Spring to use content-disposition
"inline" (which prevents the download), it also makes sense to limit
the extensions allowed by the actuator endpoints. Really there *is*
no extension for these endpoints, but since all of them explicitly
produce JSON we can add .json for browsers as a convenience in case
the app would otherwise choose to send XML.
Fixes gh-4402
Update EndpointHandlerMapping so that setUseSuffixPatternMatch is set
to false. This prevents URLs of the form /beans.json from returning
results and provides another line of defense against RDF attacks.
Fixes gh-4402
Update `LogFileMvcEndpoint` to use a `ResourceHttpRequestHandler` when
serving the log file resource. This gives support for requesting parts
of the logfile via the HTTP Range header. Requests with the
`If-Modified-Since` header are now also handled correctly.
Closes gh-4333
Add auto-configuration for the CassandraHealthIndicator. Also update
the implementation to use CassandraOperations rather than
CassandraAdminOperations.
Closes gh-4409
Previously if every actuator endpoint was marked as sensitive, then all
endpoints were marked as permitted.
This commit ensures that if all endpoints are marked as sensitive, then
all the endpoints are secured.
Fixes gh-4368
Closes gh-4383
Rename HAL and docs MVC endpoints so that classnames consistently end
with MvcEndpoint. Also rename integration tests so that they are grouped
together in the IDE.
Introduce `AbstractAuthenticationAuditListener` and
`AbstractAuthorizationAuditListener` classes so that users can
extended them to replace the auto-configured defaults.
Closes gh-4406
Commit d0cf6b5 introduced a `endpoints.metrics.filter.enabled` property
key meant to disable the filter. Unfortunately, the `endpoints.metrics`
namespace is already managed so setting this property will fail.
We now use the same key than the one used to disable the metrics
endpoint.
Closes gh-4365
The InteractiveAuthenticationSuccessEvent is always shadowed by a
regulat AuthenticationSuccessEvent, so there's no need to listen for
all AbstractAuthenticationSuccessEvents.
Fixes gh-4355
This way the MetricCopyExporter can make a sensible choice about
what to do with counter metrics, and cache the latest values, so that
they can be properly incremented.
Fixes gh-4305
Previously, if security.ignored was set to none and the error controller
was disabled, there would be no paths to ignore and we would call
IgnoredRequestConfigurer.antMatchers with an empty array. While a bit
pointless, this had no effect on Spring Security’s configuration.
This behaviour has changed in the latest 4.0.3 snapshots [1]. An empty
array passed to IgnoredRequestConfigurer.antMatchers now maps to /**. As
Spring Boot configures its ignored paths with highest precedence this
means that security is now disabled for every path.
This commit updates both the management security and application
security configuration to avoid calling antMatchers with an empty
array, thereby ensuring that we don’t inadvertently ignore every path.
Even if the change to Spring Security is reverted we can keep this
change. The behaviour will remain the same and, arguably, it makes the
intent of our configuration clearer.
Closes gh-4345
[1] 8663ac4173
The latest Spring Framework 4.2.3 snapshots appear to be trimming
whitespace as part of the binding process. This commit updates the
test's expectations accordingly.
Previously, NamePatternFilter looked for “*”, “$”, “^”, or “+” when
trying to identify a string as being a regular expression. This meant
that it missed the use of a character class ([a-z], for example). This
commit adds “[“} to the list of characters that are considered to be
part of a regular expression.
Closes gh-4233
Previously, the `PORTFILE` system property was not checked if the
`EmbeddedServerPortFileWriter` was created using the default constructor.
This had the effect to prevent overriding of the port file when this
listener is created without any file or via `META-INF/spring.factories`.
Closes gh-4254
Previously, the Actuator’s endpoints did not specify a produces
attribute on their request mappings. With Jackson’s XML binding on the
classpath, this would lead to requests made by a browser receiving
application/xml responses (due to the Accept header indicating that
application/xml is preferred). This was problematic as some of the
response payloads were not legal xml. Problems included XML tags
beginning with ‘\’ or containing ‘#’.
This commit updates the endpoints to specify that they produce
application/json. The environment and metrics endpoints have also been
updated so that always return a JSON object, even when they are
returning a single entry. This consistency avoids problems where
clients may not consider a single scalar value to be legal JSON.
Closes gh-2449
Update EndpointWebMvcAutoConfiguration to no longer catch and ignore
EmbeddedServletContainerExceptions. Since commit 764e34b9, starting a
management on a different port is not even attempted when running in a
classic servlet container. This means that the catch/log logic (which
was originally added in 45315a97) is no longer necessary, and only
serves to hide genuine problems.
Fixes gh-4064
Update TraceWebFilter to optionally trace more details from the
HttpServletRequest/HttpServletResponse. The `management.trace.include`
property can be used to change what aspects are logged.
Closes gh-3948
Previously, EndpointWebMvcChildContextConfiguration would attempt to
create a /error endpoint, irrespective of whether or not the parent
had such an endpoint. If the endpoint was disabled in the parent this
would cause a failure due to the absence of an ErrorAttributes bean.
This commit updates EndpointWebMvcChildContextConfiguration to make
the creation of its /error endpoint conditional on the existence of
an ErrorAttributes bean.
Closes gh-4164
Previously, MetricsFilter would treat async requests the same as
sync requests and would record their response status as soon as the
request had been processed by the filter chain. This would result in a
200 response being recorded and the actual response status produced by
the async processing being ignored. Furthermore, the time that was
recorded for the request would not include the time take for any async processing.
This commit updates MetricsFilter to check whether or not an async
request has been started before it records the metrics for the request.
In the event of an async request having been started no metrics are
recorded. Instead, the StopWatch is stored in a request attribute that
is then retrieved during the filtering of the request’s async
dispatch(es). Once the async processing has completed (isAsyncStarted()
returns false), the StopWatch is stopped, removed from the request’s
attributes and the metrics for the request are recorded.
Closes gh-4098
Update EndpointWebMvcAutoConfiguration to log exception details at DEBUG
in addition to the WARNING message when the child context fails to
start.
See gh-4064
Pull up functionality from EndpointMvcAdapter to a new
AbstractEndpointMvcAdapter which doesn't define any @RequestMappings and
update HealthMvcEndpoint to make use of it.
We need to be a bit cautious about whether Spring Security is on
the classpath or not, but if it is we can test for the admin role
(as specified in `management.security.role`).
Fixes gh-4060
This change applies only to "standard" MVC endpoints (not the extended
ones like /env and /jolokia which already have this feature). Allows
users to supply an endpoints.{name}.path.
Fixes gh-2790
Update ManagementWebSecurityAutoConfiguration to reinstate lazy creation
of EndpointHandlerMapping from the EndpointPathRequestMatcher.
Fixes a regression introduced in eb2984781 and picked up my one of the
sample integration tests.
Fixes gh-4059
Takes into account the fact that the new /actuator endpoint sometimes
loses its path (it is "" relative to a non-empty management context path).
Fixes gh-4059
Previously, a `NoClassDefFoundError` could be thrown if EhCache or Guava
is on the classpath without `spring-context-support` as the respective
cache statistics provider both needs the implementation and the spring
abstraction implementation.
The `@ConditionalOnClass` definition has been updated to properly guard
those beans.
Closes gh-3960
The previous implementation would remove and add a new Gauge each time
a metric was written. After this change the Gauge is registered once
and the value is updated on subsequent calls.
This commit simplifies the Jackson-related auto-configuration that’s
applied when Spring HATEOAS and Spring Data REST are on the classpath.
Previously, Boot used Jackson2HalModule to apply the HAL-related
ObjectMapper configuration to the context’s primary ObjectMapper. This
was to allow HAL-formatted responses to be sent for requests accepted
application/json (see gh-2147). This had the unwanted side-effect of
polluting the primary ObjectMapper with HAL-specific functionality.
Furthermore, Jackson2HalModule is an internal of Spring HATEOAS that
@olivergierke has asked us to avoid using.
This commit replaces the use of Jackson2HalModule with a new approach.
Now, the message converters of any RequestMappingHandlerAdapter beans
are examined and any TypeConstrainedMappingJackson2HttpMessageConverter
instances are modified to support application/json in addition to their
default support for application/hal+json. This behaviour can be disabled
by setting spring.hateoas.use-hal-as-default-json-media-type to false.
This property is named after Spring Data REST’s configuration option
which has the same effect when using Spring Data REST. The new property
replaces the old spring.hateoas.apply-to-primary-object-mapper property.
Previously, when Spring Data REST was on the classpath,
JacksonAutoConfiguration would be switched off resulting in the context
containing multiple ObjectMappers, none of which was primary.
This commit configures RepositoryRestMvcAutoConfiguration to run after
JacksonAutoConfiguration. This gives the latter a chance to create its
primary ObjectMapper before the former adds its ObjectMapper beans to
the context.
Previously, the actuator’s hypermedia support assumed that the
HttpMessageConverters bean would contain every HttpMessageConverter
being used by Spring MVC. When Spring HATEOAS is on the classpath this
isn’t the case as it post-processes RequestMappingHandlerAdapter beans
and adds a TypeConstrainedMappingJackson2HttpMessageConverter to them.
This wasn’t a problem in the past as the primary ObjectMapper, used by a
vanilla MappingJackson2HttpMessageConverter, was configured with Spring
HATEOAS’sJackson2HalModule. Now that this pollution has been tidied up
the assumption described above no longer holds true. MvcEndpointAdvice,
which adds links to the actuator’s json responses, has been updated
to look at the HttpMessageConverters of every
RequestMappingHandlerAdapter when it’s trying to find a converter to
use to write a response with additional hypermedia links.
Integration tests have been added to spring-boot-actuator to ensure
that the changes described above have not regressed the ability to
configure its json output using spring.jackson.* properties (see
gh-1729).
Closes gh-3891
Update MetricExportAutoConfiguration to auto-configure statsd metrics
export when a `spring.metrics.export.statsd.host` property is set.
Closes gh-3719
Relocate several auto-configuration classes to `...autoconfigure.data`
to make it clearer that they are Spring Data specific.
Also moved `EntityManagerFactoryBuilder` to `spring-boot` since it is
generally useful and doesn't need to be directly tied to the
auto-configuration module.
Fixes gh-4002
Introduce ManagementServletContext interface as a facade for
ManagementServerProperties to resolve the package tangle between
`o.s.boot.actuate.endpoint.mvc` and `o.s.boot.actuate`
Fixes gh-3887
Since the meta-data now provide an explicit support for value hints, we
should not copy/paste them in the description as the IDE is able to
process them any way it wants.
Closes gh-3863
Given that Spring Boot uses java config accross the board, a new `value`
attribute is now aliased to the existing `classes` attribute such that
one could write the following:
@SpringApplicationConfiguration(MyConfig.class)
public class MyTest {}
Closes gh-3635
The DataSource health indicator uses `JdbcTemplate` behind the scenes
but nothing was checking that it is actually available.
`DataSourcesHealthIndicatorConfiguration` is now disabled if
`spring-jdbc` is not on the classpath.
Fixes gh-3765
Following the changes made to combines the /links and /hal endpoints
into a single /actuator endpoint, a web browser accessing /actuator
would receive a 406 response if HAL browser was not on the classpath.
This commit updates the /actuator main entry point so that it will
serve JSON to a web browser when HAL browser is not on the classpath.
The actuator's embedded documentation has also been updated to reflect
the recent changes.
Closes gh-3696
This commit provides a single endpoint, /actuator, that serves HTML
(the HAL browser) or JSON depending on the request’s accept header
that enables discovery of all of the actuator’s other endpoints.
When the management context path is configured, the /actuator endpoint
moves to the configured path, e.g. if the management context path is
set to /management, the actuator endpoint will be available from
/management.
Closes gh-3696
Update LinksMvcEndpoint and HalBrowserMvcEndpoint so that no longer try
to use the `/` context path. Links are now available from `/links` and
the HAL browser is available from `/hal`.
The actuator HAL browser now works with either WebJars or the Spring
Data version. It also now transforms the initial HTML so that the
form is pre-populated with `/links`.
When using Spring Data's HAL browser, the root includes a link to
`/links` with a rel of `actuator`.
See gh-3621
ConfigurationPropertiesReportEndpoint parses the meta-data to inspect
entities that have potential cycles in them. The whole logic is based on
the lookup of `META-INF/spring-configuration-metadata.json` files on the
classpath. Unfortunately, the lookup instruction had a typo and did not
retrieve any file.
Surely that code was written with a clear intention in mind but it was
effectively dead code outside tests so it has been removed.
Closes gh-3310
Add a "management.health.defaults.enabled" property that controls whether
the default health indicators are enabled. This allow to disable them all
by default and still enable individual ones using their respective
specific property.
Closes gh-2298
Since `ManagementSecurityAutoConfiguration` is cnfiguring web-related
things, it has been renamed to `ManagementWebSecurityAutoConfiguration`.
Closes gh-2163
The default values of fields in @ConfigurationProperties classes are,
where possible, included in the configuration metadata. The default
values for the HAL and Links endpoints vary depending on other
configuration settings. As a result, including a default in the
metadata is misleading.
This commit removes the default assignment of "" to the path fields so
that no default value will be included in the metadata.
Closes gh-3567
Various areas of the code expect the management's context path to not
contain any trailing slash but nothing is enforcing it. We now make sure
to remove any trailing slash, including the one for '/' and make that
explicit via the Javadoc of the getter.
Fixes gh-3553
Previously, an item could only have a 'deprecated' boolean flag to
indicate that the property is deprecated. It is desirable to provide an
additional description for the deprecation as well as the name of the
property to use instead.
The `deprecated` boolean flag is now supported. Instead, a `deprecated`
object can be specified with two optional attributes: `reason` to provide
an explanation for the deprecation and `replacement` to refer to the
property that should be used instead. If none of them is present, an
empty deprecation object should be set.
For backward compatibility, the `deprecated` field is still set.
Deprecation information can only set via manual meta-data.
Closes gh-3449
When Spring Data REST is owning the home page it has its own
HandlerMapping with a fix (relatively) low priority. The /links
endpoint wants to own the home page as well, and our handler mapping
has a high priority for good reasons. This change addresses the
issue by checking if Spring Data REST is configured and if
the management context path (or more specifically, the links
endpoint) is the same as the home page.
Fixes gh-3486
When Spring Security sends 302 responses to a login page we don't get
any information about the request matching in Spring MVC. Consequently
apps can end up with a lot of counter.status.302.* metrics (where
"*" can be whatever the user sent).
This change treats 3xx the same as 4xx (if it is unmapped it just gets
added to a metric called "unmapped" instead of using the actual request
path).
Fixes gh-2563
Update DataSourceHealthIndicator to support pattern based matching for
DB2 products. Prior to this commit product identifiers of the form
`DB2/LINUXX8664` were not supported.
Fixes gh-3377
Replace the previously used `EndpointWebMvcConfiguration`
`spring.factories` key with a dedicated ManagementContextConfiguration
annotation.
Also renamed the EndpointWebMvcHypermediaConfiguration and
EndpointWebMvcConfiguration classes to make it clearer that they are
for the management context.
See gh-3345
Update the `ManagementServerPort` detection logic to attempt direct
property resolution before looking for a local property bean
definition. Bean definitions provided by auto-configuration classes
are ignored.
This change allow `OnManagementMvcCondition` to use the
`ManagementServerPort` to determine when `EndpointWebMvcConfiguration`
should apply (removing the need to create a temporary context).
See gh-3345
If spring-hateoas is on the classpath and an MvcEndpoint returns a
@ResponseBody it will be extended and wrapped into a Resource with links.
All the existing endpoints that return sensible JSON data can be extended
this way (i.e. not /logfile). The HAL browser will also be added as an
endpoint if available on the classpath. Finally, asciidocs for the
Actuator endpoints are available as a separate jar file, which if
included in an app will also generate a new (HTTP) endpoint.
Fixes gh-1390
There is a new spring.factories entry for
org.springframework.boot.actuate.autoconfigure.EndpointWebMvcConfiguration
which loads extra beans into the MVC config for the Actuator.
If the management context is a child context all the beans go in the
child (except the Spring Security filter still). A big bonus is that
you can add WebConfigurerAdapters to configure static resources etc.
A new component called ManagementContextResolver can be used to
locate the ApplicationContext for the MVC endpoints.
Fixes gh-3345
The default is now to reveal all details unless sensitive=true
(instead of only revealing then if sensitive was explicitly false).
The definition of "secure" also changes to something more sensible
where it is only true if security is enabled.
Fixes gh-2816
The default should be to generate a key from the prefix. Otherwise
if user sets the prefix and not the key it can pick up metrics from
another repository (which is what happens in the tests).
Extract common features from CounterBuffers and GuageBuffers into
a shared superclass. The new extracted types allows the service
implementations to be simplified.
Fixes gh-3257
Update `ApplicationPidFileWriter` to support a 'fail on write error'
properties which allows the user to exit the application if the PID
file cannot be written.
This commit also deprecates `spring.pidfile` in favor of
`spring.pid.file` so that the new property can be added without overlap.
Fixes gh-2764
Add the CloudFoundry vcap_services key, as well as a regular expression
to sanitize any key containing the word 'credentials'.
Fixes gh-3248
Closes gh-3266
Previously, the actual HTTP port on which a web application is running on
was only exposed in tests. This commit makes sure to provide that feature
regardless of the environment so that applications can know on which port
they are actually running on.
If there are several containers, each is exposed via the namespace of
their respective application context.
Closes gh-3259
The hitRatio is the ratio of two windowed rates that are calculated
independently. They are not updated or read transactionally, hence the
ratio of the two can drift slightly from what might be expected.
We now make sure that the hit or miss ratio can't be higher than 1
Closes gh-3235
for users to get started. It also makes it more flexible if different
aggregation keys are needed depending on the environment. The most
important new feature is the
spring.metrics.export.redis.aggregateKeyPattern configuration, which
fits the *.redis.key and prefix defaults. The aggregate reader uses
a prefix based on the key by default, with a naming convention that
the key starts with "keys.".
Update `ConfigurationPropertiesReportEndpoint` so that properties that
are set with a Boolean class but read with a boolean primitive still
appear in the report. The allows the Endpoint.isEnabled() property to
be displayed.
Fixes gh-2929
Make sure the Hazelcast statistics support is not triggered if the Spring
support is not present. The Hazelcast dependency alone may be used with
JCache and this should not trigger the support of the native Hazelcast
metrics infra.
See gh-2633
Previously the @Value annotation was not on a top level @Bean field
(it was nested inside). Manually constructing the bean in a separate
configuration class seems like the best way to get it to actually bind
at runtime.
Users can add @ExportMetric[Reader,Writer] to readers and writers that
they want to participate in the default exporter. There is also still an
@ActuatorMetricWriter that is used for the legacy (non-Java8) Gauge and
CounterServices.
The redis export and aggregate use case is a lot nicer with this
shared data between the two component types.
Also made MetricExportProperties itself a Trigger (so the default
delay etc. can be configured via spring.metrics.export.*).
Write to NUL on Windows and /dev/null on other platforms. Increase the
default number of iterations to avoid problems with the reduced timing
precision on Windows.
Closes gh-2976
User can add a bean of type MetricsEndpointMetricReader to opt in
to exporting all metrics via the MetricsEndpoint (instead of via
MetricReaders). There are disadvantages (like no accurate timestamps)
so it's best to leave it as an opt in.
Also improved tests for metric auto configuration a bit.
In principle you might have multiple "system" repositories, all
of which you want to go to public metrics or not be metrics exporters.
This change adds a new annotation and renames the old one, so that
reades and writers can be distinguished, and also changes the
autowiring of them to accept multiple values.
Also adds automatic public metrics for Spring Integration.
This commit adds CORS support to the Actuator’s MVC endpoints. CORS
support is disabled by default and is only enabled once the
endpoints.cors.allowed-origins property has been set.
The new properties to control the endpoints’ CORS configuration are:
endpoints.cors.allow-credentials
endpoints.cors.allowed-origins
endpoints.cors.allowed-methods
endpoints.cors.allowed-headers
endpoints.cors.exposed-headers
The changes to enable Jolokia-specific CORS support (57a51ed) have been
reverted as part of this commit. This provides a consistent approach
to CORS configuration across all endpoints, rather than Jolokia using
its own configuration.
See gh-1987
Closes gh-2936
This avoids a potential problems with ordering between Dropwizard and
normal repository configuration. A Dropwizard sample has been added to
verify the behaviour.
Different physical sources for the same logical metric just need to
publish them with a period-separated prefix, and this reader will
aggregate (by truncating the metric names, dropping the prefix).
Very useful (for instance) if multiple application instances are
feeding to a central (e.g. redis) repository and you want to
display the results. Useful in conjunction with a
MetricReaderPublicMetrics for hooking up to the /metrics endpoint.
This seems pretty efficient (approx 12M write/s as opposed to 2M with
the DefaultCounterService). N.B. there is no need to change most of
the rest of the metrics stuff because metrics are write-often, read-
seldom, so we don't need high performance reads as much.
The Spring Integration configuration and Dropwizard support has changed
a bit. Functionally very similar and probably opaque to users, but now
the messaging operates as an Exporter on a @Scheduled method, and
Dropwizard is a replacement [Gauge,Counter]Service.
Metrics are all
collected live in-memory (and can be very fast with Java 8), buffered
there and shipped out to a MessageChannel (if one exists with id
"metricsChannel") in a background thread.
We can still use Java 8 library APIs (like LongAdder) but to compile
to java 7 compatible byte code we have to forgo the use of lambdas :-(
and shorthand generics (<>).
Fixes gh-2682, fixes gh-2513 (for Java 8 and Dropwizard users).
Spring Framework 4.2 introduces improved support for CORS. Notably this
means that a DispatcherServlet will now process an OPTIONS request if
it contains an Origin header, without having to enable OPTIONS request
dispatching for every endpoint.
This commit takes advantage of these changes in Spring Framework 4.2 by
configuring the controller that wraps Jolokia’s AgentServlet to handle
OPTIONS requests. This allows Jolokia’s CORS support to be configured
using Jolokia’s standard configuration, as described in section 4.1.5
of the Jolokia documentation [1].
Closes gh-1987
[1] https://jolokia.org/reference/html/security.html
Previously ManagementSecurityAutoConfiguration used Spring Security's
default realm of "Realm" when authentication failed. This was confusing
because when prompted for authentication (i.e. no credentials provided)
the realm "Spring" was requested.
This commit ensures the Realm that is used is consistent for all of of the
security auto configuration.
Fixes#2466
In addition to the changes already made in 1.2.x, this commit updates
the tests in spring-boot-actuator to ensure that any Elasticsearch
data files are written into the target directory. This avoids problems
when switching branches caused by different versions of Elasticsearch
trying to read the files.
Update CacheStatisticsProvider to use a generic to indicate the type
of cache supported. Also extract individual CacheStatisticsProvider
implementations and made statistics an auto-configuration.
See gh-2633
Prior to this commit, EndpointWebMvcAutoConfiguration would start a
child context if the management port was different to the server port
and the application context was a web application context. This caused
two problems:
If a user built an executable war and configured the management port so
that it was different to the server port, their application would run
successfully when launched with java -jar, but it would fail when
deployed to Tomcat as an attempt would be made to start embedded Tomcat.
Secondly, if a user ran a test annotated with @WebAppConfiguration the
main embedded Tomcat instance would not be started, but the child
context would trigger the creation of a Tomcat instance listening on the
configured management port. This is unexpected as @WebIntegrationTest
or @IntegrationTest and @WebAppConfiguration should be required to have
the test trigger full startup of the application and listen on the
configured ports.
This commit updates EndpointWebMvcAutoConfiguration so that it will only
start a child context when the management port is different to the
server port and the EmbeddedWebApplicationContext has an embedded
servlet container. This resolves the two problems described above as
there will be no embedded servlet container when deployed to a
standalone container or when a test is run without @IntegrationTest.
Fixes gh-2798
Previously, when multiple cache managers had a cache with the same name,
the prefix for the first cache that was processed would not include its
cache manager’s name, but all subsequent prefixes would include the
cache manager’s name. This was inconsistent, and due to the cache
managers being unordered, the prefixing was not deterministic.
This commit updates the prefixing logic so that when there is a clash,
all of the affected prefixes will include the name of the cache manager.
For example, with cache managers named first and second and each
with a cache named users, the prefixes will be cache.first_users and
cache.second_users rather than cache.users and
cache.{first|second}_users.
Closes gh-2824
multipleCacheManagers fails on the CI server but does not fail
locally. This commit updates assertMetrics to include information
about the actual metrics so it's clear why the expectation was not
met.
Add an abstraction that provides a standard manner to retrieve a
statistics snapshot of a cache.
Specific implementations for JSR-107, ehcache, hazelcast, guava and
concurrent map are provided. At the moment the size of the cache and
the hit/miss ratios are recorded. Cache metrics are exposed via the
`cache.` prefix followed by the name of the cache. In case of conflict,
the name of the cache manager is added as a qualifier.
It is possible to easily register a new CacheStatisticsProvider for an
unsupported cache system and the CacheStatistics object itself can be
extended to provide additional metrics.
See gh-2633
Closes gh-2770
Previously, if a call to doFilter in MetricFilter failed (i.e. it threw
an exception), it would be handled as if it had a response status of
200. This is because the servlet container was yet to handle the
exception and set the response status to 500.
This commit updates MetricFilter to assume that an exception thrown from
doFilter will result in a response with a status of 500. Strictly
speaking, even though the filter has highest precedence and will
therefore run last on the way back out, this may not always be the case.
For example, a custom Tomcat Valve could handle the exception and result
in a 200 response but that’s an edge case that’s into shooting yourself
in the foot territory.
Closes gh-2818
- added setIndices to ElasticsearchHealthIndicatorProperties to enable
setting the indices property from configuration files
- Elasticsearch cannot handle "null" if the health of all indices should
be checked; use "_all" instead
Closes gh-2812
This commit updates Spring Boot to use Spring Security 4. As a result
of this, the coordinates of Thmyeleaf's Spring Security extra, for
which dependency management and auto-configuration is provided, have
been updated to the Spring Security 4 variant.
Closes gh-2727
- Nest the configuration class in HealthIndicatorAutoConfiguration,
bringing it into line with the other health indicator configuration
classes
- Include the statistics from the response in the health’s details
- Map YELLOW to UP rather than UNKNOWN as it indicates that the cluster
is running but that “the primary shard is allocated but replicas are
not” [1]. The details can be used to determine the precise state of
the cluster.
- Add a property to configure the time that the health indicator will
wait to receive a response from the cluster
- Document the configuration properties
- Update the tests to cover the updated functionality
See gh-2399
[1] http://www.elastic.co/guide/en/elasticsearch/reference/1.x/cluster-health.html
This commit improves upon the changes made in a8bf9d3 by adding
support for relaxed binding of the endpoints.enabled and
endpoints.<name>.enabled properties. This is achieved by replacing
use of @ConditionalOnExpression (which does not support relaxed
binding) with a custom condition implementation that uses
RelaxedPropertyResolver.
Closes gh-2767
Previously, only invocations of /metricName/ would honour the enabled
property and return a not found (404) response. For endpoints which
support nested paths, access to /metricName/foo would ignore the enabled
flag and return an OK (200) response. Furthermore, there was a comment
in EndpointMvcAdapter that suggested that an endpoint shouldn’t be
called when it is disabled, however this was not the case.
This commit updates EndpointWebMvcAutoConfiguration and
JolokiaAutoConfiguration to only register their MvcEndpoint beans if
the underlying endpoint is enabled. This means that an
EndpointMvcAdapter should not be called if its delegate is disabled,
making the comment described above accurate.
The check for the delegate being enabled has been retained so as not to
rely upon the auto-configurations’ behaviour. The methods which handle
nested paths (MetricsMvcEndpoint.value() and
EnvironmentMvcEndpoint.value()) have been updated to add the same check
for the enablement of their delegate.
Fixes gh-2767
Prior to this commit, every EndpointMBean used its own ObjectMapper.
Each of these ObjectMappers was created using new ObjectMapper() with
no opportunity for configuration.
This commit uses the ObjectMapper from the application context and
shares it among all EndpointMBeans. This gives the user control over
the ObjectMapper’s configuration using spring.jackson.* properties,
their own Jackson2ObjectMapperBuilder bean, etc. In the absence of an
ObjectMapper in the application context a single ObjectMapper is
instantiated and is used by all EndpointMBeans instead.
To allow the ObjectMapper to be shared, a number of constructors have
been overloaded to also take the ObjectMapper as a parameter. In these
cases the old constructor has been preserved for backwards compatibility
but has been deprecated.
Closes gh-2393
Prior to this commit, the auto-configuration report (both in its logged
form and the actuator endpoint) listed the positive and negative matches
but did not list the classes, if any, that the user had excluded.
This commit updates the logged report and the actuator endpoint to
expose a list of the excluded class names configured via the exclude
attribute on @EnableAutoConfiguration.
Closes gh-2085
Previously, disk health information only included the amount of free
space and the configured threshold. This commit adds the disk’s total
space.
See gh-2705
Update SystemPublicMetrics to silently ignore ManagementFactory
NoClassDefFoundErrors which can occur when deploying to Google App
Engine.
Fixes gh-2701
Previously, the response from /health was not cached if the request
was secure, i.e. the user has authenticated, or the endpoint was
configured as not being sensitive.
The commit updates HealthMvcEndpoint to apply the caching logic
all the time. Users that do not want caching can disable it by
configuring the TTL with a value of zero.
Closes gh-2630
Define an additional health indicator for each ConnectionFactory instance
defined in the context. Extracts the provider name from the connection
meta-data.
Fixes gh-2016
Spring Boot's metrics infrastructure requires a Metric to have a
Number value. Coda Hale's ThreadStatesGaugeSet includes a Gauge
named deadlocks with a Set<String> value (each entry in the set is a
description, including stacktrace, of a deadlocked thread). There's
no obvious way to coerce this to a Number, and there's already a
deadlocks.count metric in the set.
This commit updates MetricRegistryMetricReader to ignore the addition
of any Gauge with a non-Number value.
Fixes gh-2593
ee567fa boldy claimed that it had made MetricRegistryMetricReader
thread-safe. It had not. This commit should actually make it thread
safe. I hope.
One notable improvement is that MetricRegistryMetricReader.findAll()
will no longer contain null values if a metric is removed on another
thread during iteration.
names is now a ConcurrentHashMap to allow it to be safely read and
written without holding a lock.
reverse is a LinkedMultiValueMap which is not thread-safe. This could
lead to values being lost when concurrent add calls were made. Access
to reverse is now protected by synchronizing on an internal monitor
object.
Calls to containsKey(key) followed by get(key) have been reworked to
only call get(key), this avoids the possibility of the key being
removed after the contains check but before the get.
Closes gh-2590
MetricRegistryMetricReader’s fields where neither final, nor volatile
but could be accessed on multiple threads. This lead to visibility
problems where the value of a field would unexpectedly be null, causing
an NPE.
This commit updates all of the fields to declare them as final, thereby
ensuring that their values are guaranteed to be visible across different
threads.
Fixes gh-2590
If there is more than one DataSource and the non-primary bean-name is
'datasource' an incorrect metric name is chosen.
The metrics are named datasource.active and not datasource.xxx.active. To
avoid this, the shortening of the bean-name only occurs if the bean-name
is longer than 'datasource'.
See gh-2320
Previously each endpoint was secured for path, path/, and path.*.
This meant that a request to path/foo was not secured. This commit
secures path/** to ensure that requests to a nested endpoint path are
also secured.
Fixes gh-2476
Update InMemoryAuditEventRepository to consider the date when searching
for events. Also switch to a circular buffer implementation and update
the capacity to limit the total number of items rather than limiting
per principal.
Fixes gh-2291
Update AbstractEndpoint to correctly support the `endpoints.enabled`
property. Also fix EnvironmentEnpoint which would previously prevent
the Environment from being set.
Fixes gh-2264
Closes gh-2265
Update WebMvcAutoConfiguration so that the RequestMappingHandlerMapping
bean is @Primary. Prior to this commit a NoUniqueBeanDefinitionException
would be thrown then using the MvcUriComponentsBuilder.
Fixes gh-2237
Update ManagementSecurityAutoConfiguration so that MVC Endpoints that
have Principal arguments are not treated in any special way. This
restores Spring Boot 1.1.x behavior where the 'sensitive' flag is used
to determine access rules.
The HealthMvcEndpoint still uses the Principal (when available) to
determine if full status information can be displayed. It now also
explicitly checks the environment for `endpoints.health.sensitive`
to determine if the user has opted-out and requires complete health
details.
The health MVC endpoint should now work as follows:
* Default configuration - No login is required, full information is only
displayed if a Principal is available.
* endpoints.health.sensitive=true - Login is required, full information
is displayed.
* endpoints.health.sensitive=false - Login is not required, full
information is displayed.
Fixes gh-2211
Add Ordered interface to all EmbeddedServletContainerCustomizers with
a value of 0. Prior to this commit it was difficult for a user to
define a customizer that would be applied before ours, even if they
implemented Ordered or added @Order annotations.
Fixes gh-2123
ManagementSecurityAutoConfiguration fully relies on the presence of a
web environment, yet the configuration class itself was not guarded by
`@ConditionalOnWebApplication` (while nested config where).
This turned out to be a problem for command-line applications using
spring security (i.e. CRaSH integration).
Fixes gh-2112
The method 'injectIntoSecurityFilter' added In 3c1e48c assumes that
Spring security is in the classpath so any management endpoints that are
deployed on a different port requires Spring Security all the sudden.
This commit separates the creating of the EndpointHandlerMapping in two
mutually exclusive @Configuration: one that is triggered if Spring
Security is not in the classpath and one that is triggered if Spring
Security is in the classpath. The latter apply the security filter in the
endpoint mapping if it exists.
Fixes gh-2124
The move of health.* keys to management.health.* broke them as they
are not defined as configuration keys and `ManagementServerProperties`
is strict on the whole management namespace.
This commit updates the tests to actually include that properties class
and relax the "ignoreUnknownFields" condition so that extra attributes
can be defined on the "management" namespace.
Fixes gh-2115
Update AbstractEndpoint so that the `enable` property is optional and
when it not specified the `endpoints.enabled` property will be used.
This allows users to switch the way that endpoints are enabled. Rather
than opting-out specific endpoint enablement the `endpoints.enabled`
property can be set to `false` and specific endpoints can be opted-in.
Fixes gh-2102
Since AbstractHandlerMethodMapping.getHandlerMap() is final it can't
be cglibbed and a proxy will barf if you try and call that method.
The RequestMappingEndpoint can be protected simply by defensively
checking if the mapping is a proxy before trying to inspect it.
Drop the setAdditionalProperties method from ShellProperties to ensure
that it is not included in the meta-data JSON. The additional properties
are usually wired in using @Autowired and it is pretty unlikely that
anyone is using the setter directly.
Fixes gh-2055
Shares the /health endpoint request mapping between security config
and MVC dispatcher. Generalizes so that instead of a marker
interface (AnonymouslyAccessibleMvcEndpoint), an MvcEndpoint
signals that it wants to control its own access rules by adding
a Principal to the @RequestMapping method parameters (more @MVC).
Fixes gh-2015 slightly differently
The changes in 3bb598a overload the health endpoint's sensitive
property such that it's now considered sensitive if management
security is enabled. When an endpoint is sensitive anonymous
access is prevented. This breaks the health endpoint which should
return a filtered view of the server's health when it's accessed
anonymously rather than rejecting the request.
This commit introduces AnonymouslyAccessibleMvcEndpoint, a marker
extension of the MvcEndpoint interface. It is implemented by
HealthMvcEndpoint. ManagementSecurityAutoConfiguration has been
updated to allow anonymous access to endpoints that aren't sensitive
or that implement AnonymouslyAccessibleMvcEndpoint.
Fixes gh-2015
Set the field javadoc of many properties that are managed via
configuration so that the "description" field is available in the
meta-data.
Closes gh-1808
before checking isEnabled(). It is explicitly constructed as null
in ManagementServerProperties to prevent class not found errors
at runtime when Security is not on the classpath.
Fixes gh-2003, fixes gh-2004
Spring MVC drives the postHandle method on any interceptors after the
response has been sent to the client. This meant that there was a
race between the test receiving the response and asserting that the
interceptor had been driven and Spring MVC driving the interceptor.
This commit updates the interceptor to use a CountDownLatch to track
whether or not it's been called. The test now waits for up to 30
seconds for the latch to be decremented.
Closes gh-1997
By default, when /health is accessed anonymously, the details are
stripped, i.e. the response will only indicate UP or DOWN. Furthermore
the response is cached for a configurable period to prevent a denial
of service attack.
This commit adds a configuration property,
endpoints.health.restrict-anonymous-access, that can be set to false
to allow full anonymous access to /health. When full access is
allowed, the details will be included in the response and the response
will not be cached.
Closes gh-1977
Previously, TestInterceptor used an int to keep a count of how often
it had been called. The count was incremented on one thread and
read on another thread. This lead to intermittent test failures as the
field was not declared volatile and a stale value would sometimes be
returned.
This commit updates TestInterceptor to use an AtomicInteger that's
held in a final field. This ensures that getCount() will not return
stale values and also ensures that the count can safely be incremented
concurrently.
Closes gh-1997
That way, if there is one, it will always be the right one
(otherwise you might be processing teh parent context with
metadata from the child).
Fixes gh-1982
Eclipse (by default) does not create the JSON metadata when
it compiles the @ConfigurationProperties beans. So running on
the command lilne gets scarily different than in an IDE. Fixed
by externalizing the metadata location and setting it to something
empty in the tests.
Including maps and lists. Beans with no metadata (in
/META-INF/*spring-configuration-metadata.json) are just serialized
as they come (so might have problems like cycles). Serialization
errors are caught and rendered as an "error" for that bean. Any
problems can be fixed by preparing metadata and specifying which
properties are to be rendered that way.
Fixes gh-1746, fixes gh-1921
Update ConfigurationPropertiesReportEndpoint to find
@ConfigurationProperties using `context.findAnnotationOnBean` rather
than `AnnotationUtils.findAnnotation`. This will correctly find the
annotation even if the bean is an interface based proxy.
Fixes gh-1927
This reverts a change that I assume was orphaned from work in
progress to address #1353, but is no longer needed. Anyway
there is no reason to restrict MvcEndpoints to be unique by
path since they can declare their own @RequestMappings
(and if there are duplicates they will be detected when those
are scanned).
Fixes gh-1911
Change the pidfile property from `spring.application.pidfile` to
`spring.pidfile` (to save confusion with SpringApplication properties).
Also added documentation and meta-data information.
See gh-1579
Update the `spring-boot`, `spring-boot-autoconfigure` and
`spring-boot-actuator` project to generate configuration meta-data
files during compilation.
See gh-1001
Prior to this commit LoggingSystem initialization would happen multiple
times. Once to configure "quiet" logging, and again to configure correct
settings once the Application was initialized. This could cause problems
if `logging.groovy` logback files were used.
The logging system is now only initialized once (when possible) by
following these steps:
- Standard logging initialization occurs via the actual logging
implementation used (e.g. logback will load a logback.xml file if it
exists)
- beforeInitization() is called to prevent early log output.
Implementations now either use a Filter or simply set the root logging
level.
- initialize() is called with an optional log configuration file (e.g
a custom logback.xml location) and an optional log output file (the
default is null indicating console only output).
The initialize() method will attempt to prevent double initialization
by checking if a standard configuration file exists. Double
initialization now only occurs in the following situations:
- The user has a standard configuration file (e.g. classpath:logback.xml)
but also specifies a logging.config property. Double initialization is
required since the specified configuration file supersedes the default.
- The user has a standard configuration file (e.g. classpath:logback.xml)
and specifies a logging.file property. Double initialization is
required since the standard configuration may use a ${LOG_FILE}
reference.
In addition this commit removes the `logging.console` option and now
assumes that logging either occurs only to console or to both the
console and a file. This restriction helps simplify the LoggingSystem
implementations. If file only logging is required a custom logback.xml
can be used.
Fixes gh-1091
See gh-1612, gh-1770
Stephane Nicoll
Eddú Meléndez
Phillip Webb
Andy Wilkinson
Spring Buildmaster
Johnny Lim
Chad
RichardCSantana
Adrian Cole
Lari Hotari
Vedran Pavic
Venil Noronha
Alex Antonov
Johannes Edmeier
Ruben Dijkstra
Dave Syer
sebastiankirsch
Huang YunKun
Michael Hunger
Anand Shah
Meang Akira Tanaka
Matt Benson
mkwaczynski
mnhock
Kirill Vlasov
Tommy Ludwig
Rob Winch
邱占波
Wallace Wadge
Marten Deinum
Jay Anderson
Julien Dubois
Simon Buettner
Thomas Badie
Martin Lippert
Arthur Kalimullin
arghya88
Johannes Stelzer
Tomasz Przybyła
olivier bourgain
dgomesbr
Johannes Stelzer
nlejeune
Andreas Ahlenstorf
Josh Thornhill
Christian Laakmann
Sergey Egorov
Binwei Yang
Mathieu Bernatet
Alex Panchenko
Spencer Gibb
Christian Dupuis