For the convenience of users who want to selectively override the
access rules in an application without taking complete control of the
security configuration we now have some constants:
* SecurityProperties.ACCESS_OVERRIDE_ORDER for overriding just the
application endpoint access rules
* ManagementServerProperties.ACCESS_OVERRIDE_ORDER for overriding the
application endpoint and management endpoint access rules
Fixes gh-803
Refactored HealthEndpoint to be able to take multiple HealthIndicators. Extracted configuration of HealthIndicators out of EndpointAutoConfiguration and added new HealthIndicatorAutoConfiguration class.
Added HealthIndicators for Redis and Mongo.
This commit harmonizes the dependency management of internal modules
so that versions can be omitted everywhere. Update the maven coordinates
to provide the full groupId for consistency
Two modules are still relying on the spring-boot test-jar but it was
not generated anymore. Adding the generation of test-jar again as
a workaround until we completely removes the use of it.
Since Spring supports gobal error handling through
@ControllerAdvice, it is quite easy to set up more meta-data
about an exception for the BasicErrorController. You need
to be careful not to swallow Security exceptions, and probably
others (optionally) so this feature needs a bit more work.
See gh-538
Salvatore has indicated that Jedis is his Java Redis client of choice.
This commit updates the auto-configuration support, actuator and
Redis starter accordingly.
Completes #745
Reverting arguments in assertEquals where constant was placed on
the "actual" place. Replacing assertEquals with assertFalse, assertTrue
and assertNull where applicable.
Fixes gh-735
Remove the mutable getEmbeddedServletContainers() Map from
EmbeddedWebApplicationContext and instead use the `namespace` to
distinguish the management container.
The ServerPortInfoApplicationContextInitializer class replaces the
previous TestExecutionListener to exposes port properties (by
listening for EmbeddedServletContainerInitializedEvents).
When mapping the ErrorController path to Spring Security it's
important that it starts with "/". This change ensures that is
the case even if the user has omitted the leading "/".
Fixes gh-694
When the user sets management.contextPath=/admin the Jolokia
endpoint gets mapped to /admin/jolokia, but that the path stripper it uses
internally makes a false assumption about the form of the request path.
The fix is simple (just use a smarter search for the endpoint path in the
request path).
Fixes gh-642
Spring Security doesn't know that Spring MVC maps /foo, /foo.json
and /foo/ all to the same handler. This change explicitly adds
suffixes to the actuator endpoint matchers so they are properly
protected.
Lukasz Kryger
Phillip Webb
Christian Dupuis
Dave Syer
Stephane Nicoll
Tyler Frederick
Andy Wilkinson
sopov.ivan
Spring Buildmaster
Jakub Kubrynski