Allow `PathExtensionContentNegotiationStrategy` to be bypassed by
actuator endpoints. Prior to this commit calling `/loggers/com.aaa.cab`
would return a HTTP 406 response due to `.cab` being a known extension.
Fixes gh-8765
This commit renames the `solrStatus` property of the Solr health indicator
to `status` and its type. This is now an integer corresponding to the
status Solr sent rather than a String that can be "OK" when all is well.
Closes gh-8878
This commit changes the solr health indicator to request the status of
all available cores, rather than invoking a generic ping on the admin
handler.
Recent versions of Solr now have a ping handler per core and the general
admin handler is gone, leading to incorrect health status. For backward
compatible reason the `solrStatus` attribute is kept to `OK` if all cores
are running properly (that's actually `0` behind the scenes).
Closes gh-8463
As part of the upgrade, this commit removes the use of any API that
has been deprecated in 2.9. This includes the config props endpoint's
use of SerializationFeature.WRITE_NULL_MAP_VALUES. This has been
replaced with configuring serialization inclusion to only include
properties with non-null values. This means that all null-valued
properties will no longer be serialized, not just those that are an
entry in a map.
Closes gh-8604
Closes gh-8537
Closes gh-7695
As part of the upgrade, this commit removes the use of any API that
has been deprecated in 2.9.0.pr1. This includes the config props
endpoint's use of SerializationFeature.WRITE_NULL_MAP_VALUES. This
has been replaced with configuring serialization inclusion to only
include properties with non-null values. This means that all
null-valued properties will no longer be serialized, not just those
that are an entry in a map.
Closes gh-8604
Closes gh-8537
Restructure `org.springframework.boot.autoconfigure.web` to better align
with the new package structure in `spring-boot`.
Auto-configuration is now split into client, servlet and reactive
sub-packages. In addition a new `http` package now handles common
HTTP concerns.
Fixes gh-8616
Rework `org.springframework.boot.context.embedded` to relocate classes
to `org.springframework.boot.web`. Packages are now organized around
the following areas:
Packages for shared concerns, for example the `WebServer` interface
to start/stop a server and the common configuration elements:
- org.springframework.boot.web.context
- org.springframework.boot.web.server
Servlet specific packages:
- org.springframework.boot.web.servlet.server
- org.springframework.boot.web.servlet.context
- org.springframework.boot.web.servlet.filter
Reactive specific packages:
- org.springframework.boot.web.reactive.context
- org.springframework.boot.web.reactive.server
Embedded server implementations (both reactive and servlet):
- org.springframework.boot.web.embedded
In addition:
- Rename `EmbeddedServletContainerFactory` to `ServletWebServerFactory`
to align with the `ReactiveWebServerFactory`.
- Rename `EmbeddedWebApplicationContext` to
`ServletWebServerApplicationContext` and
- Rename `EmbeddedReactiveWebApplicationContext` to
`ReactiveWebServerApplicationContext`.
- Add checkstyle rules to restrict imports.
- Fixup all affected code to use the correct imports and local names.
Fixes gh-8532
As of Hazelcast 3.7, the bootstrap is pretty slow by default due to the
networking discovery. This commit disables both TCP/IP and multicast
discoveries.
Update `HealthMvcEndpoint` to respect `ManagementServerProperties`
roles. Prior to this commit the `HealthMvcEndpoint` directly loaded
roles rather than using bound properties. This meant that list values
from yaml were not respected.
Fixes gh-8314
If Spring Security is on the classpath and `isUserInRole` returns false,
check if user has the authority to access the actuator endpoints.
Fixes gh-8255
This commit adds `EmbeddedWebServerInitializedEvent`, which holds the
`EmbeddedWebServer` information when the application context starts.
The `EmbeddedServletContainerInitializedEvent` now inherits from that
type and holds additional information, the
`EmbeddedWebApplicationContext`.
Closes gh-8208
Instead of validating the signature against all the public keys,
we can validate it only against the public key with the kid that
matches the one in the token header.
Closes gh-8126
This commit creates a separate
`ServerPropertiesServletContainerCustomizer` that holds the servlet
container customization code, separating that concern from the server
configuration keys.
See gh-8066
This commit refactors the `ServerProperties` property keys and
introduces a separate "server.servlet" namespace to isolate
servlet-specific properties from the rest.
Closes gh-8066
This contract is not specific to servlet containers and should be
reused by all web server implementations (including reactive variants).
Fixes gh-8208
This commit removes `ServerProperties` and `ManagementServerProperties`
auto-configurations. Those properties objects are now created using
`@EnableConfigurationProperties` only.
Closes gh-8108
This commit moves the `spring.pid.*` metadata to the relevant project. It
also updates the doc to refer to the new `ApplicationPidFileWriter`
rather than the one in its deprecatred form.
Closes gh-8196
Dependency management for the `HikariCP-java6` dependency is no longer
needed since Java 6 is no longer supported by Spring Boot.
The HikariDriverConfigurationFailureAnalyzer has been updated with the
current message thrown by HikariCP in this failure scenario.
Closes gh-8147
Update `EndpointMBeanExporter` to ensure that `JmxEndpoint` as well
as regular `Endpoint` beans are considered when searching the parent
context.
Prior to this commit if the same `JmxEndpoint` was registered in the
both the child and parent context then the `context=` element of the
name wasn't added.
Fixes gh-8152
Previously, ManagementContextConfiguration classes were loaded to
allow them to be ordered based on either @Order or implementing
Ordered. This had the unwanted side-effect of possibly logging
unwanted INFO messages if the reflection-based annotation
introspection failed. One cause of this was @ConditionalOnClass when
the referenced class was not on the classpath.
This commit uses the ASM-based annotation metadata reading to
determine the order of a management context configuration class based
on the @Order annotation. The classes are then sorted using a standard
OrderComparator. Note that Ordering via implemented Ordered is not
supported as it cannot be determine without loading the class.
Add an annotation processor that generates properties files for certain
auto-configuration class annotations. Currently attribute values from
@AutoConfigureOrder, @AutoConfigureBefore, @AutoConfigureAfter and
@ConditionalOnClass annotations are stored.
The properties file will allow optimizations to be added in the
`spring-boot-autoconfigure` project. Primarily by removing the need
to ASM parse as many `.class` files.
See gh-7573
Previously, the actuator's endpoints produced application/json and,
where appropriate, also consumed application/json. Without a custom,
versioned media type, it's impossible for us to make changes to the
endpoints without breaking clients.
This commit introduces a new media type,
application/spring-boot.actuator.v1+json, that is now produced by
default with application/json also being produced if requested.
Endpoints that consume JSON will now also accept content the uses
the new media type in addition to application/json.
Closes gh-7967
Previously, in case the data for the audit event contained an entry
with the key "type", the member `type` from the AuditEvent would be
overwritten when rendering to JSON due to the use of @JsonAnyGetter on
the data property.
This commit removes @JsonAnyGetter so that the data map is rendered as
a separate property in the JSON.
Closes gh-7990
Replace JSR-330 validation annotations from all internal
`@ConfigurationProperties` classes with standard Asserts.
Prior to this commit validation of our own configuration properties
would only occur when the user happens to have compliant JSR-330
implementation on their classpath.
See gh-7579
Previously, the beans endpoint would only expose the context that
contained the endpoint. This commit updates the endpoint so that
the context that contains the endpoint and all of its ancestors are
exposed.
In a context hierarhcy, the relation ship is child -> parent and there
is no way to navigate from a parent to a child. As a result, any
contexts that are descendants of the context containing the endpoint
are not exposed.
Closes gh-5188
Update `ManagementWebSecurityAutoConfiguration` to match nested path
for insensitive actuators.
Prior to this commit, when Spring Security was on the classpath
nested paths were considered sensitive (even if the actuator
endpoint was not sensitive). i.e. when setting
`endpoints.env.sensitive=false` `/env` could be accessed without
authentication but `/env/user` could not.
Fixes gh-7868
Closes gh-7881
Update JmxEndpoint support so that the `@ManagedResource` annotation
is no longer required. This prevents both `EndpointMBeanExporter` and
the regular `AnnotationMBeanExporter` from both registering the bean.
Fixes gh-7813
See gh-6579
Improve support for MBeans without a backing endpoint by introducing
a `JmxEndpoint` interface. The `JmxEndpoint` is intentionally
similar in design to the `MvcEndpoint` from the `mvc` package and
allows for completely custom JMX beans that are not backed by any
real actuator `Endpoint`.
The `AuditEventsMBean` has been refactored to use the new interface and
has been renamed to `AuditEventsJmxEndpoint`.
See gh-6579
This commit moves the `MultiMetricRepository` implementation from
`InMemoryMetricRepository` to `InMemoryMultiMetricRepository`. Both
implementations can share the same underlying store (and are for backward
compatible reasons).
The side effect is that `reset` now works as expected for a group.
Closes gh-7687
Consistently use the simple name for ObjectProvider parameter and
field names. For example:
`ObjectProvider<Something> something`
rather than
`ObjectProvider<Something> somethingProvider`
Update Spring Integration metrics support since Spring Integration
`4.3.6`+ no longer needs `spring-integration-jmx` enable
`MessageChannel`, `MessageHandler` and `MessageSource` metrics.
- Add `IntegrationManagementConfiguration` conditional auto-configuration
to provide `@EnableIntegrationManagement` when JMX is `enabled` or there
is no `IntegrationManagementConfigurer.MANAGEMENT_CONFIGURER_NAME` bean.
By default this bean doesn't exist and you explicitly should declare it
(e.g. via `@EnableIntegrationManagement`) if you would like to collect
metrics. At the same time Spring Integration enables it when JMX
management is present (that is a purpose of that new
`IntegrationManagementConfiguration`)
- Change `SpringIntegrationMetricReader` to read metrics from the
`IntegrationManagementConfigurer`, not `IntegrationMBeanExporter`
- Change `PublicMetricsAutoConfiguration` to register
`IntegrationManagementConfigurer.MANAGEMENT_CONFIGURER_NAME` bean if
not present. Since we are here in `actuator`, therefore we are
interested in the metrics for SI as well.
- Since we don't need JMX for the metrics any more, remove SI-JMX
dependency from the `spring-boot-starter-integration`.
- Remove `IntegrationManagementConfiguration` modification from the
`integrationMbeanExporter()`, since that looks like mutation of an
external object, when end-user would prefer their own options.
Therefore we don't need `ObjectProvider<IntegrationManagementConfigurer>`, too
- Add missed `MessageSourceMetrics` gathering for the
`SpringIntegrationMetricReader`
Closes gh-7722
Update the error message to return less information to the client.
Details of how to disable security are now written to the log instead.
See gh-7605
See gh-7634
Update `MvcEndpointSecurityInterceptor` to that it sends an error in the
same way as Spring Security. Prior to this commit the `ErrorController`
would not handle endpoint security errors.
Fixes gh-7605
Closes gh-7634
Change CloudFoundryActuatorAutoConfiguration so that skipping of SSL
verification is now opt-in rather than enabled by default.
Fixes gh-7629
Closes gh-7655
Polish Dropwizrd reservoir support including a refactor of
`ReservoirFactory` to allow reservoirs to be created based on a
metric name.
See gh-5199
See gh-7105
Uses the ReservoirFactory to customize the implementation of
the Reservoir that will be used when creating Timer and Histogram
in the DropwizardMetricServices.
Fixes gh-5199
Closes gh-7105
Andy Wilkinson
Phillip Webb
Stephane Nicoll
Odín del Río
Madhura Bhave
Colin Harrington
Eddú Meléndez
Vedran Pavic
dreis
Spring Buildmaster
Brian Clozel
Johnny Lim
Tommy Ludwig
Dave Syer
Johannes Edmeier
Kazuki Shimizu
Artem Bilan
Lucas Saldanha