This commit changes AbstractWebMvcEndpointHandlerMapping to
be a MatchableHandlerMapping. Additionally, EndpointRequest,
now delegates to MvcRequestMatcher for Spring MVC applications.
For all other applications, AntPathRequestMatcher is used as
a delegate.
Closes gh-13962
As discussed in gh-11872, `TestRestTemplate` constructor variants taking
a `RestTemplate` argument are confusing since the main goal of that
class is to mutate `RestTemplate`.
This commit removes all those constructor variants and replaces them
with `RestTemplateBuilder` arguments when possible.
Closes gh-11872
Add `@ControllerEndpoint` and `@RestControllerEndpoint` annotations that
can be used to develop a Spring-only request mapped endpoint. Both
Spring MVC and Spring WebFlux are supported.
This feature is primarily for use when deeper Spring integration is
required or when existing Spring Boot 1.5 projects want to migrate to
Spring Boot 2.0 without re-writing existing endpoints. It comes at the
expense of portability, since such endpoints will be missing from
Jersey.
Fixes gh-10257
Refactor several areas of the actuator endpoint code in order to make
future extensions easier. The primary goal is to introduce the concept
of an `ExposableEndpoint` that has technology specific subclasses and
can carry additional data for filters to use. Many other changes have
been made along the way including:
* A new EndpointSupplier interface that allows cleaner separation of
supplying vs discovering endpoints. This allows cleaner class names
and allows for better auto-configuration since a user can choose to
provide their own supplier entirely.
* A `DiscoveredEndpoint` interface that allows the `EndpointFilter`
to be greatly simplified. A filter now doesn't need to know about
discovery concerns unless absolutely necessary.
* Improved naming and package structure. Many technology specific
concerns are now grouped in a better way. Related concerns are
co-located and concepts from one area no longer leakage into another.
* Simplified `HandlerMapping` implementations. Many common concerns have
been pulled up helping to create simpler subclasses.
* Simplified JMX adapters. Many of the intermediary `Info` classes have
been removed. The `DiscoveredJmxOperation` is now responsible for
mapping methods to operations.
* A specific @`HealthEndpointCloudFoundryExtension` for Cloud Foundry.
The extension logic used to create a "full" health endpoint extension
has been made explicit.
Fixes gh-11428
Fixes gh-11581
This commit moves management.server.context-path to
management.server.servlet.context-path to align with the configuration
key for the application's main context path.
Closes gh-11359
Now that Spring Boot supports Freemarker for both Spring MVC and Spring
WebFlux, the dedicated starter should not pull the Web starter
transitively and let developers manually choose the web stack.
Closes gh-11246
Drop the status endpoint and merge functionality back into the health
endpoint. The `management.endpoint.health.show-details` property can
be used to change if full details, or just the status is displayed.
Fixes gh-11113
Update endpoint code to provide cleaner separation of concerns.
Specifically, the top level endpoint package is no longer aware of
the fact that JMX and HTTP are ultimately used to expose endpoints.
Caching concerns have also been abstracted behind a general purpose
`OperationMethodInvokerAdvisor` interface.
Configuration properties have been refined to further enforce
separation. The `management.endpoint.<name>` prefix provides
configuration for a single endpoint (including enable and cache
time-to-live). These properties are now technology agnostic (they
don't include `web` or `jmx` sub properties).
The `management.endpoints.<technology>` prefix provide exposure specific
configuration. For example, `management.endpoints.web.path-mapping`
allow endpoint URLs to be changed.
Endpoint enabled/disabled logic has been simplified so that endpoints
can't be disabled per exposure technology. Instead a filter based
approach is used to allow refinement of what endpoints are exposed over
a given technology.
Fixes gh-10176
- Modifying dependencies to starter-web with tomcat exclusion plus
alternative servlet container instead of manual dependency on
spring-webmvc as it is the preferrable way to use alternative servlet
container
- Previously RestTemplate with ssl was configured manually in tests - now
it rellies on autoconfiguration - changed this for multi-connector test
and added test to ensure that ssl autoconfiguration is working
- Most samples with alterntative servlet containers used some kind of
service reading property and returning default since it wasn't
configured - removed it, since it is not specific to using alternative
servlet containers.
See gh-10548
Update the security request matchers so that a bean is no longer needed
when the matcher is used. Matchers can now be build by starting from
the `EndpointRequest` or `StaticResourceRequest` classes. For example:
http.authorizeRequests()
.requestMatchers(EndpointRequest.to("status", "info")).permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")
.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
Closes gh-7958
Restructure actuator packages to improve structure. The following
changes have been made:
- Separate actuator and actuator auto-configuration into different
modules.
- Move endpoint code into `spring-boot-actuator`.
- Move `Endpoint` implementations from a single package into
technology specific packages.
- Move `HealthIndicator` implementations from a single package into
technology specific packages.
- As much as possible attempt to mirror the `spring-boot` package
structure and class naming in `spring-boot-actuator` and
`spring-boot-actuator-autoconfigure`.
- Move `DataSourceBuilder` and DataSource meta-data support from
`spring-boot-actuator` to `spring-boot`.
Fixes gh-10261
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.
Closes gh-7958
Phillip Webb
Madhura Bhave
Stephane Nicoll
Brian Clozel
Andy Wilkinson
Ivan Sopov