Previously, in case the data for the audit event contained an entry
with the key "type", the member `type` from the AuditEvent would be
overwritten when rendering to JSON due to the use of @JsonAnyGetter on
the data property.
This commit removes @JsonAnyGetter so that the data map is rendered as
a separate property in the JSON.
Closes gh-7990
Replace JSR-330 validation annotations from all internal
`@ConfigurationProperties` classes with standard Asserts.
Prior to this commit validation of our own configuration properties
would only occur when the user happens to have compliant JSR-330
implementation on their classpath.
See gh-7579
Previously, the beans endpoint would only expose the context that
contained the endpoint. This commit updates the endpoint so that
the context that contains the endpoint and all of its ancestors are
exposed.
In a context hierarhcy, the relation ship is child -> parent and there
is no way to navigate from a parent to a child. As a result, any
contexts that are descendants of the context containing the endpoint
are not exposed.
Closes gh-5188
Update `ManagementWebSecurityAutoConfiguration` to match nested path
for insensitive actuators.
Prior to this commit, when Spring Security was on the classpath
nested paths were considered sensitive (even if the actuator
endpoint was not sensitive). i.e. when setting
`endpoints.env.sensitive=false` `/env` could be accessed without
authentication but `/env/user` could not.
Fixes gh-7868
Closes gh-7881
Update JmxEndpoint support so that the `@ManagedResource` annotation
is no longer required. This prevents both `EndpointMBeanExporter` and
the regular `AnnotationMBeanExporter` from both registering the bean.
Fixes gh-7813
See gh-6579
Improve support for MBeans without a backing endpoint by introducing
a `JmxEndpoint` interface. The `JmxEndpoint` is intentionally
similar in design to the `MvcEndpoint` from the `mvc` package and
allows for completely custom JMX beans that are not backed by any
real actuator `Endpoint`.
The `AuditEventsMBean` has been refactored to use the new interface and
has been renamed to `AuditEventsJmxEndpoint`.
See gh-6579
This commit moves the `MultiMetricRepository` implementation from
`InMemoryMetricRepository` to `InMemoryMultiMetricRepository`. Both
implementations can share the same underlying store (and are for backward
compatible reasons).
The side effect is that `reset` now works as expected for a group.
Closes gh-7687
Consistently use the simple name for ObjectProvider parameter and
field names. For example:
`ObjectProvider<Something> something`
rather than
`ObjectProvider<Something> somethingProvider`
Update Spring Integration metrics support since Spring Integration
`4.3.6`+ no longer needs `spring-integration-jmx` enable
`MessageChannel`, `MessageHandler` and `MessageSource` metrics.
- Add `IntegrationManagementConfiguration` conditional auto-configuration
to provide `@EnableIntegrationManagement` when JMX is `enabled` or there
is no `IntegrationManagementConfigurer.MANAGEMENT_CONFIGURER_NAME` bean.
By default this bean doesn't exist and you explicitly should declare it
(e.g. via `@EnableIntegrationManagement`) if you would like to collect
metrics. At the same time Spring Integration enables it when JMX
management is present (that is a purpose of that new
`IntegrationManagementConfiguration`)
- Change `SpringIntegrationMetricReader` to read metrics from the
`IntegrationManagementConfigurer`, not `IntegrationMBeanExporter`
- Change `PublicMetricsAutoConfiguration` to register
`IntegrationManagementConfigurer.MANAGEMENT_CONFIGURER_NAME` bean if
not present. Since we are here in `actuator`, therefore we are
interested in the metrics for SI as well.
- Since we don't need JMX for the metrics any more, remove SI-JMX
dependency from the `spring-boot-starter-integration`.
- Remove `IntegrationManagementConfiguration` modification from the
`integrationMbeanExporter()`, since that looks like mutation of an
external object, when end-user would prefer their own options.
Therefore we don't need `ObjectProvider<IntegrationManagementConfigurer>`, too
- Add missed `MessageSourceMetrics` gathering for the
`SpringIntegrationMetricReader`
Closes gh-7722
Update the error message to return less information to the client.
Details of how to disable security are now written to the log instead.
See gh-7605
See gh-7634
Update `MvcEndpointSecurityInterceptor` to that it sends an error in the
same way as Spring Security. Prior to this commit the `ErrorController`
would not handle endpoint security errors.
Fixes gh-7605
Closes gh-7634
Change CloudFoundryActuatorAutoConfiguration so that skipping of SSL
verification is now opt-in rather than enabled by default.
Fixes gh-7629
Closes gh-7655
Polish Dropwizrd reservoir support including a refactor of
`ReservoirFactory` to allow reservoirs to be created based on a
metric name.
See gh-5199
See gh-7105
Uses the ReservoirFactory to customize the implementation of
the Reservoir that will be used when creating Timer and Histogram
in the DropwizardMetricServices.
Fixes gh-5199
Closes gh-7105
Update management security to require an `ACTUATOR` role rather than
`ADMIN` by default. This should reduce the risk of users accidentally
exposing actuator endpoints because they happen to use a role named
`ADMIN`.
Fixes gh-7569
Update `SpringBootWebSecurityConfiguration` to ignore requests by
delegating to `IgnoredRequestCustomizer` beans. This allows a single
Spring Boot `WebSecurityConfigurer<WebSecurity>` bean to be used which
prevents potential exceptions caused by duplicate `@Order` values.
Fixes gh-7106
Previously, the health auto-configuration `AutoconfigureOrder` entry for
couchbase was referring to the standard couchbase auto-configuration that
is not responsible to configure the `CouchbaseOperations` bean. Yet, the
health indicator implementation was relying on the presence of such a
bean.
This commit fixes the `AutoconfigureOrder` entry so that it refers to
`CouchbaseDataAutoConfiguration` now.
Closes gh-7543
We use some internal Mockito classes and some breaking API changes
have been made to them in Mockito 2. This commit introduces a utility
class, SpringBootMockUtil, to shield our code from these differences.
Mockito 1 is called directly and Mockito 2 is called via reflection.
To allow these changes to be tested, FilteredClassPathRunner has been
enhanced to also support overriding a dependency on the class path.
As a result it has been renamed to ModifiedClassPathRunner. The new
ClassPathOverrides annotation can be used to provide the Maven
coordinates of one or more dependencies that should be resolved and
added to the class path. Such additions are added to the start of
the class path so that they override any existing dependency that
contains the same classes.
Closes gh-6520
Update `LinksEnhancer` to use NamedEndpoint names as rel names. If the
endpoint name is not available, fallback to endpoint path. Allow
multiple hrefs per rel if path is different.
Fixes gh-7132
Closes gh-7164
Andy Wilkinson
Johannes Edmeier
Stephane Nicoll
Phillip Webb
Johnny Lim
Eddú Meléndez
Kazuki Shimizu
Madhura Bhave
Vedran Pavic
Spring Buildmaster
Artem Bilan
Lucas Saldanha
Oscar Utbult
Dave Syer