Previously, if a health's details contained a key named status (either
because an indicator bean was named statusHealthIndicator or an
indicator added an entry named status to its details) this would
clash with the health's own status as the details were serialized as
siblings of the status field.
This commit updates Health to remove @JsonAnyGetter from getDetails().
This means that all of a Health's details will now be nested within
a separate details field, thereby preventing a possible clash with
the status field.
Closes gh-10249
This commit removes the restriction that was added in 4a61e45 to
prevent / from being used as the management context path when the
management context was not using a different port
The management context path can now be set to / irrespective of the
configuration of the management port. To avoid a possible clash
with the application's welcome page or similar, the links "endpoint"
that is mapping to the management context path is disabled when
the management context path is /.
As part of allowing / to be used as the management context path again,
the handling of endpoint mappings and the creation of paths for
individual operations has been consolidated into a new EndpointMapping
class that is used across the three (MVC, WebFlux, and Jersey)
implementations.
See gh-9898
This commit introduces a "ReactiveHealthIndicator" contract that can be
implemented for health checks against a reactive API.
When running in a WebFlux-based web app, the health and status endpoints
transparently use this in a WebFlux-based application and regular
HealthIndicator are executed on the elastic scheduler.
When running in a Servlet-based web app, the endpoints includes and
adapts available ReactiveHealthIndicators automatically
Closes gh-7972
Since the autoconfig totally backs off in the presence
of a WebSecurityConfigurerAdapter, there is no need to
order them ahead of/after the one provided by Spring Boot.
See gh-7958
Following the rework on Security that expects web endpoints to be
disabled by default, this commit updates the metadata (including the
automatic generation) to reflect this decision.
Since the handler interceptors have been removed, web endpoints
are all disabled by default to prevent accidental exposure of
sensitive information.
Closes gh-7958
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.
Closes gh-7958
This commit makes sure tht `HealthIndicatorAutoConfiguration` runs after
any producers of a `ConnectionFactory` and not only ActiveMQ. This was
identified as part of #10081: `JmsAutoConfiguration` is actually the
one that isn't necessary (spring-boot-actuator has no import on the
`org.springframework.jms` and only `javax.jms.ConnectionFactory` is used
as part of the JMS health indicator.
This commit moves CORS properties out of the endpoints namespace as they
do not refer to a "cors" endpoint but rather to the CORS configuration
of all endpoints.
Closes gh-10053
Andy Wilkinson
Johnny Lim
Stephane Nicoll
Brian Clozel
Mark Paluch
Phillip Webb
Paul Vorbach
Madhura Bhave