If spring-hateoas is on the classpath and an MvcEndpoint returns a
@ResponseBody it will be extended and wrapped into a Resource with links.
All the existing endpoints that return sensible JSON data can be extended
this way (i.e. not /logfile). The HAL browser will also be added as an
endpoint if available on the classpath. Finally, asciidocs for the
Actuator endpoints are available as a separate jar file, which if
included in an app will also generate a new (HTTP) endpoint.
Fixes gh-1390
There is a new spring.factories entry for
org.springframework.boot.actuate.autoconfigure.EndpointWebMvcConfiguration
which loads extra beans into the MVC config for the Actuator.
If the management context is a child context all the beans go in the
child (except the Spring Security filter still). A big bonus is that
you can add WebConfigurerAdapters to configure static resources etc.
A new component called ManagementContextResolver can be used to
locate the ApplicationContext for the MVC endpoints.
Fixes gh-3345
The default is now to reveal all details unless sensitive=true
(instead of only revealing then if sensitive was explicitly false).
The definition of "secure" also changes to something more sensible
where it is only true if security is enabled.
Fixes gh-2816
The default should be to generate a key from the prefix. Otherwise
if user sets the prefix and not the key it can pick up metrics from
another repository (which is what happens in the tests).
Extract common features from CounterBuffers and GuageBuffers into
a shared superclass. The new extracted types allows the service
implementations to be simplified.
Fixes gh-3257
Update `ApplicationPidFileWriter` to support a 'fail on write error'
properties which allows the user to exit the application if the PID
file cannot be written.
This commit also deprecates `spring.pidfile` in favor of
`spring.pid.file` so that the new property can be added without overlap.
Fixes gh-2764
Add the CloudFoundry vcap_services key, as well as a regular expression
to sanitize any key containing the word 'credentials'.
Fixes gh-3248
Closes gh-3266
Previously, the actual HTTP port on which a web application is running on
was only exposed in tests. This commit makes sure to provide that feature
regardless of the environment so that applications can know on which port
they are actually running on.
If there are several containers, each is exposed via the namespace of
their respective application context.
Closes gh-3259
The hitRatio is the ratio of two windowed rates that are calculated
independently. They are not updated or read transactionally, hence the
ratio of the two can drift slightly from what might be expected.
We now make sure that the hit or miss ratio can't be higher than 1
Closes gh-3235
for users to get started. It also makes it more flexible if different
aggregation keys are needed depending on the environment. The most
important new feature is the
spring.metrics.export.redis.aggregateKeyPattern configuration, which
fits the *.redis.key and prefix defaults. The aggregate reader uses
a prefix based on the key by default, with a naming convention that
the key starts with "keys.".
Update `ConfigurationPropertiesReportEndpoint` so that properties that
are set with a Boolean class but read with a boolean primitive still
appear in the report. The allows the Endpoint.isEnabled() property to
be displayed.
Fixes gh-2929
Make sure the Hazelcast statistics support is not triggered if the Spring
support is not present. The Hazelcast dependency alone may be used with
JCache and this should not trigger the support of the native Hazelcast
metrics infra.
See gh-2633
Previously the @Value annotation was not on a top level @Bean field
(it was nested inside). Manually constructing the bean in a separate
configuration class seems like the best way to get it to actually bind
at runtime.
Users can add @ExportMetric[Reader,Writer] to readers and writers that
they want to participate in the default exporter. There is also still an
@ActuatorMetricWriter that is used for the legacy (non-Java8) Gauge and
CounterServices.
The redis export and aggregate use case is a lot nicer with this
shared data between the two component types.
Also made MetricExportProperties itself a Trigger (so the default
delay etc. can be configured via spring.metrics.export.*).
Write to NUL on Windows and /dev/null on other platforms. Increase the
default number of iterations to avoid problems with the reduced timing
precision on Windows.
Closes gh-2976
User can add a bean of type MetricsEndpointMetricReader to opt in
to exporting all metrics via the MetricsEndpoint (instead of via
MetricReaders). There are disadvantages (like no accurate timestamps)
so it's best to leave it as an opt in.
Also improved tests for metric auto configuration a bit.
In principle you might have multiple "system" repositories, all
of which you want to go to public metrics or not be metrics exporters.
This change adds a new annotation and renames the old one, so that
reades and writers can be distinguished, and also changes the
autowiring of them to accept multiple values.
Also adds automatic public metrics for Spring Integration.
This commit adds CORS support to the Actuator’s MVC endpoints. CORS
support is disabled by default and is only enabled once the
endpoints.cors.allowed-origins property has been set.
The new properties to control the endpoints’ CORS configuration are:
endpoints.cors.allow-credentials
endpoints.cors.allowed-origins
endpoints.cors.allowed-methods
endpoints.cors.allowed-headers
endpoints.cors.exposed-headers
The changes to enable Jolokia-specific CORS support (57a51ed) have been
reverted as part of this commit. This provides a consistent approach
to CORS configuration across all endpoints, rather than Jolokia using
its own configuration.
See gh-1987
Closes gh-2936
This avoids a potential problems with ordering between Dropwizard and
normal repository configuration. A Dropwizard sample has been added to
verify the behaviour.
Different physical sources for the same logical metric just need to
publish them with a period-separated prefix, and this reader will
aggregate (by truncating the metric names, dropping the prefix).
Very useful (for instance) if multiple application instances are
feeding to a central (e.g. redis) repository and you want to
display the results. Useful in conjunction with a
MetricReaderPublicMetrics for hooking up to the /metrics endpoint.
This seems pretty efficient (approx 12M write/s as opposed to 2M with
the DefaultCounterService). N.B. there is no need to change most of
the rest of the metrics stuff because metrics are write-often, read-
seldom, so we don't need high performance reads as much.
The Spring Integration configuration and Dropwizard support has changed
a bit. Functionally very similar and probably opaque to users, but now
the messaging operates as an Exporter on a @Scheduled method, and
Dropwizard is a replacement [Gauge,Counter]Service.
Metrics are all
collected live in-memory (and can be very fast with Java 8), buffered
there and shipped out to a MessageChannel (if one exists with id
"metricsChannel") in a background thread.
We can still use Java 8 library APIs (like LongAdder) but to compile
to java 7 compatible byte code we have to forgo the use of lambdas :-(
and shorthand generics (<>).
Fixes gh-2682, fixes gh-2513 (for Java 8 and Dropwizard users).
Spring Framework 4.2 introduces improved support for CORS. Notably this
means that a DispatcherServlet will now process an OPTIONS request if
it contains an Origin header, without having to enable OPTIONS request
dispatching for every endpoint.
This commit takes advantage of these changes in Spring Framework 4.2 by
configuring the controller that wraps Jolokia’s AgentServlet to handle
OPTIONS requests. This allows Jolokia’s CORS support to be configured
using Jolokia’s standard configuration, as described in section 4.1.5
of the Jolokia documentation [1].
Closes gh-1987
[1] https://jolokia.org/reference/html/security.html
Previously ManagementSecurityAutoConfiguration used Spring Security's
default realm of "Realm" when authentication failed. This was confusing
because when prompted for authentication (i.e. no credentials provided)
the realm "Spring" was requested.
This commit ensures the Realm that is used is consistent for all of of the
security auto configuration.
Fixes#2466
In addition to the changes already made in 1.2.x, this commit updates
the tests in spring-boot-actuator to ensure that any Elasticsearch
data files are written into the target directory. This avoids problems
when switching branches caused by different versions of Elasticsearch
trying to read the files.
Update CacheStatisticsProvider to use a generic to indicate the type
of cache supported. Also extract individual CacheStatisticsProvider
implementations and made statistics an auto-configuration.
See gh-2633
Prior to this commit, EndpointWebMvcAutoConfiguration would start a
child context if the management port was different to the server port
and the application context was a web application context. This caused
two problems:
If a user built an executable war and configured the management port so
that it was different to the server port, their application would run
successfully when launched with java -jar, but it would fail when
deployed to Tomcat as an attempt would be made to start embedded Tomcat.
Secondly, if a user ran a test annotated with @WebAppConfiguration the
main embedded Tomcat instance would not be started, but the child
context would trigger the creation of a Tomcat instance listening on the
configured management port. This is unexpected as @WebIntegrationTest
or @IntegrationTest and @WebAppConfiguration should be required to have
the test trigger full startup of the application and listen on the
configured ports.
This commit updates EndpointWebMvcAutoConfiguration so that it will only
start a child context when the management port is different to the
server port and the EmbeddedWebApplicationContext has an embedded
servlet container. This resolves the two problems described above as
there will be no embedded servlet container when deployed to a
standalone container or when a test is run without @IntegrationTest.
Fixes gh-2798
Previously, when multiple cache managers had a cache with the same name,
the prefix for the first cache that was processed would not include its
cache manager’s name, but all subsequent prefixes would include the
cache manager’s name. This was inconsistent, and due to the cache
managers being unordered, the prefixing was not deterministic.
This commit updates the prefixing logic so that when there is a clash,
all of the affected prefixes will include the name of the cache manager.
For example, with cache managers named first and second and each
with a cache named users, the prefixes will be cache.first_users and
cache.second_users rather than cache.users and
cache.{first|second}_users.
Closes gh-2824
multipleCacheManagers fails on the CI server but does not fail
locally. This commit updates assertMetrics to include information
about the actual metrics so it's clear why the expectation was not
met.
Add an abstraction that provides a standard manner to retrieve a
statistics snapshot of a cache.
Specific implementations for JSR-107, ehcache, hazelcast, guava and
concurrent map are provided. At the moment the size of the cache and
the hit/miss ratios are recorded. Cache metrics are exposed via the
`cache.` prefix followed by the name of the cache. In case of conflict,
the name of the cache manager is added as a qualifier.
It is possible to easily register a new CacheStatisticsProvider for an
unsupported cache system and the CacheStatistics object itself can be
extended to provide additional metrics.
See gh-2633
Closes gh-2770
Previously, if a call to doFilter in MetricFilter failed (i.e. it threw
an exception), it would be handled as if it had a response status of
200. This is because the servlet container was yet to handle the
exception and set the response status to 500.
This commit updates MetricFilter to assume that an exception thrown from
doFilter will result in a response with a status of 500. Strictly
speaking, even though the filter has highest precedence and will
therefore run last on the way back out, this may not always be the case.
For example, a custom Tomcat Valve could handle the exception and result
in a 200 response but that’s an edge case that’s into shooting yourself
in the foot territory.
Closes gh-2818
- added setIndices to ElasticsearchHealthIndicatorProperties to enable
setting the indices property from configuration files
- Elasticsearch cannot handle "null" if the health of all indices should
be checked; use "_all" instead
Closes gh-2812
This commit updates Spring Boot to use Spring Security 4. As a result
of this, the coordinates of Thmyeleaf's Spring Security extra, for
which dependency management and auto-configuration is provided, have
been updated to the Spring Security 4 variant.
Closes gh-2727
- Nest the configuration class in HealthIndicatorAutoConfiguration,
bringing it into line with the other health indicator configuration
classes
- Include the statistics from the response in the health’s details
- Map YELLOW to UP rather than UNKNOWN as it indicates that the cluster
is running but that “the primary shard is allocated but replicas are
not” [1]. The details can be used to determine the precise state of
the cluster.
- Add a property to configure the time that the health indicator will
wait to receive a response from the cluster
- Document the configuration properties
- Update the tests to cover the updated functionality
See gh-2399
[1] http://www.elastic.co/guide/en/elasticsearch/reference/1.x/cluster-health.html
This commit improves upon the changes made in a8bf9d3 by adding
support for relaxed binding of the endpoints.enabled and
endpoints.<name>.enabled properties. This is achieved by replacing
use of @ConditionalOnExpression (which does not support relaxed
binding) with a custom condition implementation that uses
RelaxedPropertyResolver.
Closes gh-2767
Previously, only invocations of /metricName/ would honour the enabled
property and return a not found (404) response. For endpoints which
support nested paths, access to /metricName/foo would ignore the enabled
flag and return an OK (200) response. Furthermore, there was a comment
in EndpointMvcAdapter that suggested that an endpoint shouldn’t be
called when it is disabled, however this was not the case.
This commit updates EndpointWebMvcAutoConfiguration and
JolokiaAutoConfiguration to only register their MvcEndpoint beans if
the underlying endpoint is enabled. This means that an
EndpointMvcAdapter should not be called if its delegate is disabled,
making the comment described above accurate.
The check for the delegate being enabled has been retained so as not to
rely upon the auto-configurations’ behaviour. The methods which handle
nested paths (MetricsMvcEndpoint.value() and
EnvironmentMvcEndpoint.value()) have been updated to add the same check
for the enablement of their delegate.
Fixes gh-2767
Prior to this commit, every EndpointMBean used its own ObjectMapper.
Each of these ObjectMappers was created using new ObjectMapper() with
no opportunity for configuration.
This commit uses the ObjectMapper from the application context and
shares it among all EndpointMBeans. This gives the user control over
the ObjectMapper’s configuration using spring.jackson.* properties,
their own Jackson2ObjectMapperBuilder bean, etc. In the absence of an
ObjectMapper in the application context a single ObjectMapper is
instantiated and is used by all EndpointMBeans instead.
To allow the ObjectMapper to be shared, a number of constructors have
been overloaded to also take the ObjectMapper as a parameter. In these
cases the old constructor has been preserved for backwards compatibility
but has been deprecated.
Closes gh-2393
Prior to this commit, the auto-configuration report (both in its logged
form and the actuator endpoint) listed the positive and negative matches
but did not list the classes, if any, that the user had excluded.
This commit updates the logged report and the actuator endpoint to
expose a list of the excluded class names configured via the exclude
attribute on @EnableAutoConfiguration.
Closes gh-2085
Previously, disk health information only included the amount of free
space and the configured threshold. This commit adds the disk’s total
space.
See gh-2705
Update SystemPublicMetrics to silently ignore ManagementFactory
NoClassDefFoundErrors which can occur when deploying to Google App
Engine.
Fixes gh-2701
Previously, the response from /health was not cached if the request
was secure, i.e. the user has authenticated, or the endpoint was
configured as not being sensitive.
The commit updates HealthMvcEndpoint to apply the caching logic
all the time. Users that do not want caching can disable it by
configuring the TTL with a value of zero.
Closes gh-2630
Define an additional health indicator for each ConnectionFactory instance
defined in the context. Extracts the provider name from the connection
meta-data.
Fixes gh-2016
Spring Boot's metrics infrastructure requires a Metric to have a
Number value. Coda Hale's ThreadStatesGaugeSet includes a Gauge
named deadlocks with a Set<String> value (each entry in the set is a
description, including stacktrace, of a deadlocked thread). There's
no obvious way to coerce this to a Number, and there's already a
deadlocks.count metric in the set.
This commit updates MetricRegistryMetricReader to ignore the addition
of any Gauge with a non-Number value.
Fixes gh-2593
ee567fa boldy claimed that it had made MetricRegistryMetricReader
thread-safe. It had not. This commit should actually make it thread
safe. I hope.
One notable improvement is that MetricRegistryMetricReader.findAll()
will no longer contain null values if a metric is removed on another
thread during iteration.
names is now a ConcurrentHashMap to allow it to be safely read and
written without holding a lock.
reverse is a LinkedMultiValueMap which is not thread-safe. This could
lead to values being lost when concurrent add calls were made. Access
to reverse is now protected by synchronizing on an internal monitor
object.
Calls to containsKey(key) followed by get(key) have been reworked to
only call get(key), this avoids the possibility of the key being
removed after the contains check but before the get.
Closes gh-2590
MetricRegistryMetricReader’s fields where neither final, nor volatile
but could be accessed on multiple threads. This lead to visibility
problems where the value of a field would unexpectedly be null, causing
an NPE.
This commit updates all of the fields to declare them as final, thereby
ensuring that their values are guaranteed to be visible across different
threads.
Fixes gh-2590
If there is more than one DataSource and the non-primary bean-name is
'datasource' an incorrect metric name is chosen.
The metrics are named datasource.active and not datasource.xxx.active. To
avoid this, the shortening of the bean-name only occurs if the bean-name
is longer than 'datasource'.
See gh-2320
Previously each endpoint was secured for path, path/, and path.*.
This meant that a request to path/foo was not secured. This commit
secures path/** to ensure that requests to a nested endpoint path are
also secured.
Fixes gh-2476
Update InMemoryAuditEventRepository to consider the date when searching
for events. Also switch to a circular buffer implementation and update
the capacity to limit the total number of items rather than limiting
per principal.
Fixes gh-2291
Update AbstractEndpoint to correctly support the `endpoints.enabled`
property. Also fix EnvironmentEnpoint which would previously prevent
the Environment from being set.
Fixes gh-2264
Closes gh-2265
Update WebMvcAutoConfiguration so that the RequestMappingHandlerMapping
bean is @Primary. Prior to this commit a NoUniqueBeanDefinitionException
would be thrown then using the MvcUriComponentsBuilder.
Fixes gh-2237
Update ManagementSecurityAutoConfiguration so that MVC Endpoints that
have Principal arguments are not treated in any special way. This
restores Spring Boot 1.1.x behavior where the 'sensitive' flag is used
to determine access rules.
The HealthMvcEndpoint still uses the Principal (when available) to
determine if full status information can be displayed. It now also
explicitly checks the environment for `endpoints.health.sensitive`
to determine if the user has opted-out and requires complete health
details.
The health MVC endpoint should now work as follows:
* Default configuration - No login is required, full information is only
displayed if a Principal is available.
* endpoints.health.sensitive=true - Login is required, full information
is displayed.
* endpoints.health.sensitive=false - Login is not required, full
information is displayed.
Fixes gh-2211
Add Ordered interface to all EmbeddedServletContainerCustomizers with
a value of 0. Prior to this commit it was difficult for a user to
define a customizer that would be applied before ours, even if they
implemented Ordered or added @Order annotations.
Fixes gh-2123
ManagementSecurityAutoConfiguration fully relies on the presence of a
web environment, yet the configuration class itself was not guarded by
`@ConditionalOnWebApplication` (while nested config where).
This turned out to be a problem for command-line applications using
spring security (i.e. CRaSH integration).
Fixes gh-2112
The method 'injectIntoSecurityFilter' added In 3c1e48c assumes that
Spring security is in the classpath so any management endpoints that are
deployed on a different port requires Spring Security all the sudden.
This commit separates the creating of the EndpointHandlerMapping in two
mutually exclusive @Configuration: one that is triggered if Spring
Security is not in the classpath and one that is triggered if Spring
Security is in the classpath. The latter apply the security filter in the
endpoint mapping if it exists.
Fixes gh-2124
The move of health.* keys to management.health.* broke them as they
are not defined as configuration keys and `ManagementServerProperties`
is strict on the whole management namespace.
This commit updates the tests to actually include that properties class
and relax the "ignoreUnknownFields" condition so that extra attributes
can be defined on the "management" namespace.
Fixes gh-2115
Update AbstractEndpoint so that the `enable` property is optional and
when it not specified the `endpoints.enabled` property will be used.
This allows users to switch the way that endpoints are enabled. Rather
than opting-out specific endpoint enablement the `endpoints.enabled`
property can be set to `false` and specific endpoints can be opted-in.
Fixes gh-2102
Since AbstractHandlerMethodMapping.getHandlerMap() is final it can't
be cglibbed and a proxy will barf if you try and call that method.
The RequestMappingEndpoint can be protected simply by defensively
checking if the mapping is a proxy before trying to inspect it.
Drop the setAdditionalProperties method from ShellProperties to ensure
that it is not included in the meta-data JSON. The additional properties
are usually wired in using @Autowired and it is pretty unlikely that
anyone is using the setter directly.
Fixes gh-2055
Shares the /health endpoint request mapping between security config
and MVC dispatcher. Generalizes so that instead of a marker
interface (AnonymouslyAccessibleMvcEndpoint), an MvcEndpoint
signals that it wants to control its own access rules by adding
a Principal to the @RequestMapping method parameters (more @MVC).
Fixes gh-2015 slightly differently
The changes in 3bb598a overload the health endpoint's sensitive
property such that it's now considered sensitive if management
security is enabled. When an endpoint is sensitive anonymous
access is prevented. This breaks the health endpoint which should
return a filtered view of the server's health when it's accessed
anonymously rather than rejecting the request.
This commit introduces AnonymouslyAccessibleMvcEndpoint, a marker
extension of the MvcEndpoint interface. It is implemented by
HealthMvcEndpoint. ManagementSecurityAutoConfiguration has been
updated to allow anonymous access to endpoints that aren't sensitive
or that implement AnonymouslyAccessibleMvcEndpoint.
Fixes gh-2015
Set the field javadoc of many properties that are managed via
configuration so that the "description" field is available in the
meta-data.
Closes gh-1808
before checking isEnabled(). It is explicitly constructed as null
in ManagementServerProperties to prevent class not found errors
at runtime when Security is not on the classpath.
Fixes gh-2003, fixes gh-2004
Spring MVC drives the postHandle method on any interceptors after the
response has been sent to the client. This meant that there was a
race between the test receiving the response and asserting that the
interceptor had been driven and Spring MVC driving the interceptor.
This commit updates the interceptor to use a CountDownLatch to track
whether or not it's been called. The test now waits for up to 30
seconds for the latch to be decremented.
Closes gh-1997
By default, when /health is accessed anonymously, the details are
stripped, i.e. the response will only indicate UP or DOWN. Furthermore
the response is cached for a configurable period to prevent a denial
of service attack.
This commit adds a configuration property,
endpoints.health.restrict-anonymous-access, that can be set to false
to allow full anonymous access to /health. When full access is
allowed, the details will be included in the response and the response
will not be cached.
Closes gh-1977
Previously, TestInterceptor used an int to keep a count of how often
it had been called. The count was incremented on one thread and
read on another thread. This lead to intermittent test failures as the
field was not declared volatile and a stale value would sometimes be
returned.
This commit updates TestInterceptor to use an AtomicInteger that's
held in a final field. This ensures that getCount() will not return
stale values and also ensures that the count can safely be incremented
concurrently.
Closes gh-1997
That way, if there is one, it will always be the right one
(otherwise you might be processing teh parent context with
metadata from the child).
Fixes gh-1982
Eclipse (by default) does not create the JSON metadata when
it compiles the @ConfigurationProperties beans. So running on
the command lilne gets scarily different than in an IDE. Fixed
by externalizing the metadata location and setting it to something
empty in the tests.
Including maps and lists. Beans with no metadata (in
/META-INF/*spring-configuration-metadata.json) are just serialized
as they come (so might have problems like cycles). Serialization
errors are caught and rendered as an "error" for that bean. Any
problems can be fixed by preparing metadata and specifying which
properties are to be rendered that way.
Fixes gh-1746, fixes gh-1921
Update ConfigurationPropertiesReportEndpoint to find
@ConfigurationProperties using `context.findAnnotationOnBean` rather
than `AnnotationUtils.findAnnotation`. This will correctly find the
annotation even if the bean is an interface based proxy.
Fixes gh-1927
This reverts a change that I assume was orphaned from work in
progress to address #1353, but is no longer needed. Anyway
there is no reason to restrict MvcEndpoints to be unique by
path since they can declare their own @RequestMappings
(and if there are duplicates they will be detected when those
are scanned).
Fixes gh-1911
Change the pidfile property from `spring.application.pidfile` to
`spring.pidfile` (to save confusion with SpringApplication properties).
Also added documentation and meta-data information.
See gh-1579
Update the `spring-boot`, `spring-boot-autoconfigure` and
`spring-boot-actuator` project to generate configuration meta-data
files during compilation.
See gh-1001
Prior to this commit LoggingSystem initialization would happen multiple
times. Once to configure "quiet" logging, and again to configure correct
settings once the Application was initialized. This could cause problems
if `logging.groovy` logback files were used.
The logging system is now only initialized once (when possible) by
following these steps:
- Standard logging initialization occurs via the actual logging
implementation used (e.g. logback will load a logback.xml file if it
exists)
- beforeInitization() is called to prevent early log output.
Implementations now either use a Filter or simply set the root logging
level.
- initialize() is called with an optional log configuration file (e.g
a custom logback.xml location) and an optional log output file (the
default is null indicating console only output).
The initialize() method will attempt to prevent double initialization
by checking if a standard configuration file exists. Double
initialization now only occurs in the following situations:
- The user has a standard configuration file (e.g. classpath:logback.xml)
but also specifies a logging.config property. Double initialization is
required since the specified configuration file supersedes the default.
- The user has a standard configuration file (e.g. classpath:logback.xml)
and specifies a logging.file property. Double initialization is
required since the standard configuration may use a ${LOG_FILE}
reference.
In addition this commit removes the `logging.console` option and now
assumes that logging either occurs only to console or to both the
console and a file. This restriction helps simplify the LoggingSystem
implementations. If file only logging is required a custom logback.xml
can be used.
Fixes gh-1091
See gh-1612, gh-1770
Then we can optionally find a non-anonymous principal if there
is one. If the user is anonymous then the health result is cached
up to endpoints.health.ttl (default 1000ms) to prevent a DOS attack.
Fixes gh-1353
Spring 4.2 has a @TestPropertySource which has some of the features of
@IntegrationTest. This change adds @TestPropertySource to the @IntegrationTest
annotation, so that (for instance) the cache key for the context includes
properties for the test.
Since @IntegrationTest has slightly different semantics I do not propose to
deprecate it. Users can use it or @TestPropertySource, the main difference being that
with @IntegrationTest the Spring Boot context loader is aware of the annotation
and it will set sensible defaults for server.port and spring.jmx.enabled.
There are some reflection hacks to overcome the usual fortifications of Spring Test.
Fixes gh-1697
Replace where possible all @ConditionalOnExpression annotations with
@ConditionalOnProperty which is both faster to run and more descriptive.
Fixes gh-1685
Previously, for a string to be considered upper-case,
EmbeddedServerPortFileWriter required every character in the
string to be upper-case. This meant that strings containing numbers were
considered lower-case even if every letter in the string was upper-case.
OS X’s case-preserving, case-insensitive file system masked this problem
as the tests were still able to find the created file, even though the
case of its name was not as expected.
This commit updates EmbeddedServerPortFileWriter to only require
characters that are letters (as defined by Character.isLetter()) to be
upper-case. It also updates the tests to verify that the case of the
created file’s name is correct in such a way that it will fail, even
on OS X, when it is not.
Fixes gh-1676
- Supply auto-configuration for the new indicator
- As suggested in the pull request, include the free disk space and
configured threshold in the health details
- Update the documentation to describe the indicator and its
two configuration settings
- Use @ConfigurationProperties to bind the indicator's configuration.
This should make the changes sympathetic to the work being done
to automate the configuration properties documentation
Closes gh-1297
In addition to requiring the Servlet API to be on the classpath,
MetricFilter requires spring-web to also be on the classpath as it
extends OncePerRequestFilter. This commit updates the auto-configuration
for MetricFilter so that it will be disabled in the absence of a
dependency on spring-web.
Fixes gh-1664
Some weird looking test failures led me to track this down.
If the user changes the prefix for metric names, he probably wanted
to change the keys as welll (otherwise 2 repositories can use the
same key, which is why the test was failing for me). We can do that
in an afterPropertiesSet().
If the actuator endpoints are configured on a different port then there
are some settings in the main ServerProperties that we would like to
re-use (e.g. the access log). The easiest way to do that is to just
configure the management server using the same ServerProperties instance
and then overwrite the things that are different (and stored in
ManagementServerProperties).
Fixes gh-1581
Done in order to align with the rest of the configuration. Absent this
check, the bean will be installed in non-web applications without the
corresponding dependencies, causing the bootstrap to fail.
Closes gh-1588
This is a continuation of the changes made in 611f978. It makes some
more @Bean methods public and adds tests to spring-boot-actuator and
spring-boot-autoconfigure to prevent against non-public methods being
introduced in the future
Closes gh-1571
When MVC path matchers are used as metric keys, they can still contain
invalid characters and patterns (like asterisks). This change removes
some more special characters and also tidies up the names a bit so
no key part starts or ends with "-" (which is ugly).
Fixes gh-1528
Protecting /error doesn't make a great deal of sense and if it is
protected you don't get the ErrorPageFilter for the attempt at loading
it, so Tomcat renders its own HTML error page (when deployed as WAR).
Fixes gh-1548
When MVC path matchers are used as metric keys, they can still contain
invalid characters and patterns (like asterisks). This change removes
some more special characters and also tidies up the names a bit so
no key part starts or ends with "-" (which is ugly).
Fixes gh-1528
Import DataSourcePoolMetadataProvidersConfiguration from
DataSourceAutoConfiguration so that PoolMetadataProviders are configured
even if actuator is not used.
This commit improves DataSourceMetadata to expose the validation
query. This can be used by DataSourceHealthIndicator as the query
to use instead of "guessing" which query could be applied according
to the database type.
Fixes gh-1282
This commit adds an abstraction that provides a standard manner to
retrieve various metadata that are shared by most data sources.
DataSourceMetadata is implemented by the three data source
implementations that boot supports out-of-the-box: Tomcat, Hikari and
Commons dbcp.
This abstraction is used to provide two additional metrics per data
source defined in the application: the number of allocated
connection(s) (.active) and the current usage of the connection pool
(.usage).
All such metrics share the 'datasource.' prefix. The prefix is further
qualified for each data source:
* If the data source is the primary data source (that is either the
only available data source or the one flagged @Primary amongst the
existing ones), the prefix is "datasource.primary"
* If the data source bean name ends with "dataSource", the prefix is
the name of the bean without it (i.e. batchDataSource becomes batch)
* In all other cases, the name of the bean is used
It is possible to override part or all of those defaults by
registering a bean with a customized version of
DataSourcePublicMetrics.
Additional DataSourceMetadata implementations for other data source
types can be added very easily, check
DataourceMetadataProvidersConfiguration for more details.
Fixes gh-1013
if user also adds @EnableWebMvcSecurity. The problem is that the ordering
of the init() and configure() methods in the Spring Security configurers
can force things to happen too early unless we are careful. It's still a bit
twitchy I would say, but this relatively small change seems to fix the GS guide
and not break any existing tests.
I added a sample which mimic ths GS guide so we get an integration test that
executes the new code paths.
Fixes gh-1364
Rename `VanillaHealthIndicator` to `ApplicationHealthIndicator` and
changed the exposed bean name from `statusHealthIndicator` to
`applicationHealthIndicator`.
This provides less confusing JSON output:
{"status":"UP","application":{"status":"UP"}}
vs:
{"status":"UP","status":{"status":"UP"}}
Fixes gh-1291
JSON output of /health now has the same structure for 1 or more HealthIndicators. This makes it easier to consume the response from scripts or apps
fixes#1291
Rework flexible PublicMetrics registration introduced in 2be6b3e4 to
restore compatibility with v1.1 VanillaPublicMetrics. The new
MetricReaderPublicMetrics class now exposes metrics from a MetricReader
and VanillaPublicMetrics is deprecated. The MetricsEndpoint can now
exposes a collection of PublicMetric interface directly.
See gh-1094
Previously, when running on Java 7+, the JDBC query driven by
DataSourceHealthIndicator resulted in a call to
ResultSet.getObject(index, Object.class). When using MySQL's JDBC
driver this failed with an SQLException with the message "Conversion
not supported for type java.lang.Object". The problem does not occur
on Java 6 as the overload of getObject that takes a type does not
exist; ResultSet.getObject(index) is called instead and MySQL happily
returns whatever type it deems to be appropriate for the column.
This commit updates DataSourceHealthIndicator so that
ResultSet.getObject(index) will always be used, irrespective of the
version of Java that Boot is running on.
Closes#1306
Previously any custom http code mapping would remove the default mappings. With this commit the behaviour is changed so that default mappings will stay if a custom mapping is registered. Certainly a default mapping can be overridden.
fixes#1264
Previously any custom http code mapping would remove the default mappings. With this commit the behaviour is changed so that default mappings will stay if a custom mapping is registered. Certainly a default mapping can be overridden.
fixes#1264
This commit permits the use of several PublicMetrics instances by
default. Previously, only one PublicMetrics service could be specified
and a user configuration would remove all the defaulting.
VanillaPublicMetrics now takes a collection of PublicMetrics and
invokes them in sequence to build the final collection of metrics.
The system-related metrics have been moved to SystemPublicMetrics and
are registered by default.
Also updated the documentation to mention this feature and how it
could be fully overridden.
Fixes gh-1094
In order to solve issues with multiple or incompatible AccessDecisionManagers, the CRaSH integration will now only delegate to an explicit shellAccessDecisionManager bean refs #1121
Prior to this commit, some tests were creating a parent/child
relationship but were only closing the child context. This could
be an issue with the autoconfig module as a lot of auto-config
kicks in by default.
This commit adds a new test utility designed to properly handle
those situations. Updated tests that were creating a context
hierarchy to benefit from that.
Fixes gh-1034
The Actuator endpoints ought to take precedence over others (since
they are important and users can isolate them using management.contextPath
if necessary). This change puts the @Order at -100 (well before the default
order of the RequestMappingHandlerMapping at 0).
Fixes gh-1107
To ensure an MBeanServer is available when needed you have to
look in JNDI before resorting to the JDK platform factory.
I had to copy some private code from Spring, but it seems
worth it.
Fixes gh-1092
Anywhere that an MBeanServer is needed it should be
created @Conditionally, so that user can exclude the
JmxAutoConfiguration and still get the other JMX
behaviours automatically.
They all want to create an MBeanServer and when that happens
user sees no MBeans, or sometimes just one set (Spring Core,
Spring Integration or Spring Boot). To harmonise them we
create a @Bean of type MBeanServer and link to it in the
other autoconfigs
Fixes gh-1046
Not having READMEs in github is a mistake IMO, so here's one
restored and with a link to the docs. Docs also updated to
more accurately reflect the location of the actuator features
in implementation.
See https://github.com/spring-guides/gs-actuator-service/pull/7
for the Getting started guide change
Fixes gh-1014
Actually the web-secure sample is misusing
security.basic.enabled=false (IMO) - it should be a flag
to say that you want to temporarily disable the basic security
fallback on application endpoins, not way to disable all
security autoconfiguration.
Added test case to web-secure sample to ensure a user
can log in.
Fixes gh-979
Update Health and Status objects to be immutable, update the existing
builder methods to return new instances and add static convenience
methods to Health.
The in-memory version has to force the incoming metric keys to
start with the group name. Redis doesn't have that restriction
but normally we expect both to be used in such a way that
the metric keys already match the prefix. In that case the two
repositories behave the same now in terms of set and get.
In the redis repository we also switch to store the value in the
zset (so it can be atomically incremented) rather than in the
regular key-value.
Fixes gh-929
With this commit the state of a component or subsystem becomes a first-class citizen in Boot's application health support. HealthIndicators now return a Health instance with status and some contextual details.
An aggregation strategy has been introduced to aggregate several Health instances into one final application Health instance. Out of the box OrderedHealthAggregator can be configured to allow different ordering or a custom HealthAggregator bean can be registered.
The prefix needs to be added before looking for keys. In addition
I rationalized the constructor and final fields (it didn't make
any sense for the prefix to be mutable).
Fixes gh-927
The PrefixMetricGroupExporter only really makes sesne if the writer
is aware of the groups, so it seemed better to use a new interface
than mix read/write.
Update all @PostConstruct methods to ensure that they don't throw
checked exceptions. Required to allow deployment of Spring Boot
applications on Glassfish.
Fixes gh-868
We now have a much simpler DataSourceAutoConfiguration that binds to whatever
DataSource concrete type it finds at runtime. To be able to quickly switch between
Hikari and the other types of DataSource there's a minute shim for translating
the common properties (username, password, url, driverClassName), but actually
only url is different. The shim and also DataSource initialization is supported
through DataSourceProperties, but the other native properties get bound directly
through the concrete runtime type of the DataSource.
The /configprops endpoint works (and is exposed in the actuator sample).
Fixes gh-840, fixes gh-477, see also gh-808.
Introspects the properties that are being exposed in the report
and only renders the ones that are a) convertible from String
and b) have a setter. That goes a long way to making it a bullet
proof generic renderer of any Java object that can be bound with
@ConfigurationProperties.
Update the BasicErrorController so that it no longer needs to implement
@ControllerAdvice or have an @ExceptionHandler method.
A new ErrorAttributes interface is now used to obtain error details,
the DefaultErrorAttributes implementation uses a
HandlerExceptionResolver to obtain root exception details if the
`javax.servlet.error.*` attributes are missing.
This change also removes the need for the extract(...) method on
ErrorController as classes such as WebRequestTraceFilter can
now use the ErrorAttributes interface directly.
See gh-839, gh-538
Fixes gh-843
For the convenience of users who want to selectively override the
access rules in an application without taking complete control of the
security configuration we now have some constants:
* SecurityProperties.ACCESS_OVERRIDE_ORDER for overriding just the
application endpoint access rules
* ManagementServerProperties.ACCESS_OVERRIDE_ORDER for overriding the
application endpoint and management endpoint access rules
Fixes gh-803
Refactored HealthEndpoint to be able to take multiple HealthIndicators. Extracted configuration of HealthIndicators out of EndpointAutoConfiguration and added new HealthIndicatorAutoConfiguration class.
Added HealthIndicators for Redis and Mongo.
This commit harmonizes the dependency management of internal modules
so that versions can be omitted everywhere. Update the maven coordinates
to provide the full groupId for consistency
Two modules are still relying on the spring-boot test-jar but it was
not generated anymore. Adding the generation of test-jar again as
a workaround until we completely removes the use of it.
Since Spring supports gobal error handling through
@ControllerAdvice, it is quite easy to set up more meta-data
about an exception for the BasicErrorController. You need
to be careful not to swallow Security exceptions, and probably
others (optionally) so this feature needs a bit more work.
See gh-538
Salvatore has indicated that Jedis is his Java Redis client of choice.
This commit updates the auto-configuration support, actuator and
Redis starter accordingly.
Completes #745
Reverting arguments in assertEquals where constant was placed on
the "actual" place. Replacing assertEquals with assertFalse, assertTrue
and assertNull where applicable.
Fixes gh-735
Remove the mutable getEmbeddedServletContainers() Map from
EmbeddedWebApplicationContext and instead use the `namespace` to
distinguish the management container.
The ServerPortInfoApplicationContextInitializer class replaces the
previous TestExecutionListener to exposes port properties (by
listening for EmbeddedServletContainerInitializedEvents).
When mapping the ErrorController path to Spring Security it's
important that it starts with "/". This change ensures that is
the case even if the user has omitted the leading "/".
Fixes gh-694
When the user sets management.contextPath=/admin the Jolokia
endpoint gets mapped to /admin/jolokia, but that the path stripper it uses
internally makes a false assumption about the form of the request path.
The fix is simple (just use a smarter search for the endpoint path in the
request path).
Fixes gh-642
Spring Security doesn't know that Spring MVC maps /foo, /foo.json
and /foo/ all to the same handler. This change explicitly adds
suffixes to the actuator endpoint matchers so they are properly
protected.
Phillip Webb
izeye
Dave Syer
Spring Buildmaster
Stephane Nicoll
Johannes Stelzer
Tomasz Przybyła
Andy Wilkinson
olivier bourgain
dgomesbr
Johannes Stelzer
nlejeune
Eddú Meléndez
Andreas Ahlenstorf
Josh Thornhill
Rob Winch
Christian Laakmann
Sergey Egorov
Binwei Yang
Mathieu Bernatet
Alex Panchenko
Spencer Gibb
Christian Dupuis
Brett Wooldridge
Eric Dahl
Mattias Severson
Marius Bogoevici
Stephane Nicoll
Phillip Webb
Taylor Wicksell
Christian Dupuis
Dave Syer
Tobias Gesellchen
Andy Wilkinson
Lukasz Kryger
Tyler Frederick
sopov.ivan
Jakub Kubrynski