springloaded isn't required in any of the samples, yet some of them
make use of it without being a springloaded-specific sample. This
is creating the false impression that springloaded is necessary in
cases where it's not.
Neither Cassandra nor Elasticsearch starts reliably on Windows. This
commit adds a custom class rule to the associated sample application
tests to skip them on Windows. A class rule is used rather than a
Unit assumption as we want to avoid starting Elasticsearch (done by
the application context) and Cassandra (done by a test execution
listener) and an assumption would be too late.
The integration tests for the Spring Data Cassandra sample application
fail intermittently, apparently due to Cassandra failing to start
within the default timeout period of 10000ms.
In attempt to get the tests to pass reliably, this commit increases
the timeout to 60000ms (1 minute).
Update exit code support to allow the ExitCodeGenerator interface to
be placed on an Exception. Any uncaught exception implementing the
interface and returning a non `0` status will now trigger a System.exit
with the code.
Fixes gh-4803
Ensure that Collections.isEmpty() is used to check if there are no
elements in a collections. This is more explicit and can be faster than
calling .size().
Closes gh-4783
This change permanently removes links from the endpoints that return
arrays or collections, and also disables them in the rest of the
endpoints (except /actuator) by default.
Fixes gh-4616
Add a `server.server-header` property which can be used to override the
`server` header usually sent back automatically by Tomcat/Jetty or
Undertow.
See https://www.owasp.org/index.php/Securing_tomcat for background.
Fixes gh-4461
Closes gh-4504
Previously, BasicErrorController would return the response status
set in the javax.servlet.error.status_code request attribute when
serving JSON but would also return a 200 OK response when serving
HTML. This didn’t cause much trouble when a person was browsing, but
proved problematic for machine clients that request text/html and care
about the response status. For example, the success handler would be
driven for an XHR request even though the response was really an error.
This commit updates BasicErrorController to set the response status for
text/html responses to match the status that it would use in an
application/json response.
Closes gh-4694
If user set the management.port *and* the management.context-path
then the /error path was in the wrong place because formerly it
was implemented (in this case) by an MvcEndpoint. If we
switch it to a regular @Controller (which are now supported in the
child context if there is one) then it won't disappear under the
management.context-path.
Also use lazy request matching in ignores as well as secure paths.
The problem was that the ignores were constructed eagerly from the
actuator paths before they were available (the EndpointHandlerMapping
needs to be lazily accessed to avoid a security-induced bean creation
cascade).
Fixes gh-4624
Andy Wilkinson
Spring Operator
Stephane Nicoll
Spring Buildmaster
Vedran Pavic
Karol Rynio
Phillip Webb
Kirill Vlasov
Dave Syer
David Morley
Eddú Meléndez
kozazz
Ivan Chen
Johnny Lim