Add MVC and JMX endpoints to retrieve audit events

Add MVC and JMX specific endpoints that allow audit events to be
retrieved.

See gh-6579

spring-boot-actuator-docs/src/main/asciidoc/index.adoc

@@ -20,6 +20,34 @@ include::{generated}/endpoints.adoc[]
 
 
 
+=== /auditevents
+This endpoint provides information about audit events registered by the application.
+Audit events can be filtered using the `after`, `principal` and `type` parameters as
+defined by `AuditEventRepository`.
+
+Example cURL request with `after` parameter:
+include::{generated}/auditevents/curl-request.adoc[]
+
+Example HTTP request with `after` parameter:
+include::{generated}/auditevents/http-request.adoc[]
+
+Example HTTP response:
+include::{generated}/auditevents/http-response.adoc[]
+
+Example cURL request with `principal` and `after` parameters:
+include::{generated}/auditevents/filter-by-principal/curl-request.adoc[]
+
+Example HTTP request with `principal` and `after` parameters:
+include::{generated}/auditevents/filter-by-principal/http-request.adoc[]
+
+Example cURL request with `principal`, `after` and `type` parameters:
+include::{generated}/auditevents/filter-by-principal-and-type/curl-request.adoc[]
+
+Example HTTP request with `principal`, `after` and `type` parameters:
+include::{generated}/auditevents/filter-by-principal-and-type/http-request.adoc[]
+
+
+
 === /logfile
 This endpoint (if available) contains the plain text logfile configured by the user
 using `logging.file` or `logging.path` (by default logs are only emitted on stdout

spring-boot-actuator-docs/src/restdoc/java/org/springframework/boot/actuate/hypermedia/EndpointDocumentation.java

@@ -77,7 +77,8 @@ public class EndpointDocumentation {
 	static final File LOG_FILE = new File("target/logs/spring.log");
 
 	private static final Set<String> SKIPPED = Collections.<String>unmodifiableSet(
-			new HashSet<String>(Arrays.asList("/docs", "/logfile", "/heapdump")));
+			new HashSet<String>(Arrays.asList("/docs", "/logfile", "/heapdump",
+					"/auditevents")));
 
 	@Autowired
 	private MvcEndpoints mvcEndpoints;
@@ -127,6 +128,33 @@ public class EndpointDocumentation {
 				.andExpect(status().isOk()).andDo(document("set-logger"));
 	}
 
+	@Test
+	public void auditEvents() throws Exception {
+		this.mockMvc.perform(get("/auditevents")
+						.param("after", "2016-11-01T10:00:00+0000")
+						.accept(MediaType.APPLICATION_JSON))
+				.andExpect(status().isOk()).andDo(document("auditevents"));
+	}
+
+	@Test
+	public void auditEventsByPrincipal() throws Exception {
+		this.mockMvc.perform(get("/auditevents").param("principal", "admin")
+						.param("after", "2016-11-01T10:00:00+0000")
+						.accept(MediaType.APPLICATION_JSON))
+				.andExpect(status().isOk())
+				.andDo(document("auditevents/filter-by-principal"));
+	}
+
+	@Test
+	public void auditEventsByPrincipalAndType() throws Exception {
+		this.mockMvc.perform(get("/auditevents").param("principal", "admin")
+						.param("after", "2016-11-01T10:00:00+0000")
+						.param("type", "AUTHENTICATION_SUCCESS")
+						.accept(MediaType.APPLICATION_JSON))
+				.andExpect(status().isOk())
+				.andDo(document("auditevents/filter-by-principal-and-type"));
+	}
+
 	@Test
 	public void endpoints() throws Exception {
 		final File docs = new File("src/main/asciidoc");

spring-boot-actuator-docs/src/restdoc/java/org/springframework/boot/actuate/hypermedia/SpringBootHypermediaApplication.java

@@ -16,10 +16,18 @@
 
 package org.springframework.boot.actuate.hypermedia;
 
+import java.time.Instant;
+import java.util.Collections;
+import java.util.Date;
+
 import groovy.text.GStringTemplateEngine;
 import groovy.text.TemplateEngine;
 
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
+import org.springframework.boot.actuate.audit.AuditEvent;
+import org.springframework.boot.actuate.audit.AuditEventRepository;
 import org.springframework.boot.actuate.endpoint.EnvironmentEndpoint;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.flyway.FlywayAutoConfiguration;
@@ -30,7 +38,10 @@ import org.springframework.context.annotation.Import;
 // Flyway must go first
 @SpringBootApplication
 @Import({ FlywayAutoConfiguration.class, LiquibaseAutoConfiguration.class })
-public class SpringBootHypermediaApplication {
+public class SpringBootHypermediaApplication implements CommandLineRunner {
+
+	@Autowired
+	private AuditEventRepository auditEventRepository;
 
 	@Bean
 	public TemplateEngine groovyTemplateEngine() {
@@ -46,4 +57,14 @@ public class SpringBootHypermediaApplication {
 		SpringApplication.run(SpringBootHypermediaApplication.class, args);
 	}
 
+	@Override
+	public void run(String... args) throws Exception {
+		this.auditEventRepository.add(new AuditEvent(Date.from(Instant.parse(
+				"2016-11-01T11:00:00Z")), "user", "AUTHENTICATION_FAILURE",
+				Collections.emptyMap()));
+		this.auditEventRepository.add(new AuditEvent(Date.from(Instant.parse(
+				"2016-11-01T12:00:00Z")), "admin", "AUTHENTICATION_SUCCESS",
+				Collections.emptyMap()));
+	}
+
 }

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/audit/AuditEvent.java

@@ -22,6 +22,11 @@ import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
 
+import com.fasterxml.jackson.annotation.JsonAnyGetter;
+import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonInclude.Include;
+
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.util.Assert;
@@ -39,6 +44,7 @@ import org.springframework.util.Assert;
  * @author Dave Syer
  * @see AuditEventRepository
  */
+@JsonInclude(Include.NON_EMPTY)
 public class AuditEvent implements Serializable {
 
 	private final Date timestamp;
@@ -106,6 +112,7 @@ public class AuditEvent implements Serializable {
 	 * Returns the date/time that the even was logged.
 	 * @return the time stamp
 	 */
+	@JsonFormat(pattern = "yyyy-MM-dd'T'HH:mm:ssZ")
 	public Date getTimestamp() {
 		return this.timestamp;
 	}
@@ -130,6 +137,7 @@ public class AuditEvent implements Serializable {
 	 * Returns the event data.
 	 * @return the event data
 	 */
+	@JsonAnyGetter
 	public Map<String, Object> getData() {
 		return this.data;
 	}

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/EndpointMBeanExportAutoConfiguration.java

@@ -21,13 +21,17 @@ import javax.management.MBeanServer;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import org.springframework.beans.factory.ObjectProvider;
+import org.springframework.boot.actuate.audit.AuditEventRepository;
 import org.springframework.boot.actuate.autoconfigure.EndpointMBeanExportAutoConfiguration.JmxEnabledCondition;
+import org.springframework.boot.actuate.condition.ConditionalOnEnabledEndpoint;
 import org.springframework.boot.actuate.endpoint.Endpoint;
+import org.springframework.boot.actuate.endpoint.jmx.AuditEventsMBean;
 import org.springframework.boot.actuate.endpoint.jmx.EndpointMBeanExporter;
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionMessage;
 import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
 import org.springframework.boot.autoconfigure.jmx.JmxAutoConfiguration;
@@ -83,6 +87,14 @@ public class EndpointMBeanExportAutoConfiguration {
 		return new JmxAutoConfiguration().mbeanServer();
 	}
 
+	@Bean
+	@ConditionalOnBean(AuditEventRepository.class)
+	@ConditionalOnEnabledEndpoint("auditevents")
+	public AuditEventsMBean abstractEndpointMBean(
+			AuditEventRepository auditEventRepository) {
+		return new AuditEventsMBean(this.objectMapper, auditEventRepository);
+	}
+
 	/**
 	 * Condition to check that spring.jmx and endpoints.jmx are enabled.
 	 */

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcManagementContextConfiguration.java

@@ -21,6 +21,7 @@ import java.util.List;
 import java.util.Set;
 
 import org.springframework.beans.factory.ObjectProvider;
+import org.springframework.boot.actuate.audit.AuditEventRepository;
 import org.springframework.boot.actuate.condition.ConditionalOnEnabledEndpoint;
 import org.springframework.boot.actuate.endpoint.Endpoint;
 import org.springframework.boot.actuate.endpoint.EnvironmentEndpoint;
@@ -28,6 +29,7 @@ import org.springframework.boot.actuate.endpoint.HealthEndpoint;
 import org.springframework.boot.actuate.endpoint.LoggersEndpoint;
 import org.springframework.boot.actuate.endpoint.MetricsEndpoint;
 import org.springframework.boot.actuate.endpoint.ShutdownEndpoint;
+import org.springframework.boot.actuate.endpoint.mvc.AuditEventsMvcEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping;
 import org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMappingCustomizer;
 import org.springframework.boot.actuate.endpoint.mvc.EnvironmentMvcEndpoint;
@@ -62,6 +64,7 @@ import org.springframework.web.cors.CorsConfiguration;
  *
  * @author Dave Syer
  * @author Ben Hale
+ * @author Vedran Pavic
  * @since 1.3.0
  */
 @ManagementContextConfiguration
@@ -195,6 +198,14 @@ public class EndpointWebMvcManagementContextConfiguration {
 		return new ShutdownMvcEndpoint(delegate);
 	}
 
+	@Bean
+	@ConditionalOnBean(AuditEventRepository.class)
+	@ConditionalOnEnabledEndpoint("auditevents")
+	public AuditEventsMvcEndpoint auditEventMvcEndpoint(
+			AuditEventRepository auditEventRepository) {
+		return new AuditEventsMvcEndpoint(auditEventRepository);
+	}
+
 	private boolean isHealthSecure() {
 		return isSpringSecurityAvailable()
 				&& this.managementServerProperties.getSecurity().isEnabled();

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/jmx/AuditEventsMBean.java

@@ -0,0 +1,85 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.actuate.endpoint.jmx;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.List;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import org.springframework.boot.actuate.audit.AuditEvent;
+import org.springframework.boot.actuate.audit.AuditEventRepository;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.jmx.export.annotation.ManagedOperation;
+import org.springframework.jmx.export.annotation.ManagedResource;
+import org.springframework.util.Assert;
+
+/**
+ * Special JMX endpoint wrapper for {@link AuditEventRepository}.
+ *
+ * @author Vedran Pavic
+ * @since 1.5.0
+ */
+@ManagedResource
+@ConfigurationProperties(prefix = "endpoints.auditevents")
+public class AuditEventsMBean extends AbstractEndpointMBean {
+
+	private static final DateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
+
+	private final AuditEventRepository auditEventRepository;
+
+	public AuditEventsMBean(ObjectMapper objectMapper,
+			AuditEventRepository auditEventRepository) {
+		super(objectMapper, true);
+		Assert.notNull(auditEventRepository, "AuditEventRepository must not be null");
+		this.auditEventRepository = auditEventRepository;
+	}
+
+	@ManagedOperation(description = "Retrieves a list of audit events meeting the given criteria")
+	public Object getData(String dateAfter) {
+		List<AuditEvent> auditEvents = this.auditEventRepository.find(
+				parseDate(dateAfter));
+		return convert(auditEvents);
+	}
+
+	@ManagedOperation(description = "Retrieves a list of audit events meeting the given criteria")
+	public Object getData(String dateAfter, String principal) {
+		List<AuditEvent> auditEvents = this.auditEventRepository.find(
+				principal, parseDate(dateAfter));
+		return convert(auditEvents);
+	}
+
+	@ManagedOperation(description = "Retrieves a list of audit events meeting the given criteria")
+	public Object getData(String principal, String dateAfter, String type) {
+		List<AuditEvent> auditEvents = this.auditEventRepository.find(
+				principal, parseDate(dateAfter), type);
+		return convert(auditEvents);
+	}
+
+	private Date parseDate(String date) {
+		try {
+			return dateFormat.parse(date);
+		}
+		catch (ParseException e) {
+			throw new IllegalArgumentException(e);
+		}
+	}
+
+}

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/AuditEventsMvcEndpoint.java

@@ -0,0 +1,87 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.actuate.endpoint.mvc;
+
+import java.util.Date;
+import java.util.List;
+
+import org.springframework.boot.actuate.audit.AuditEvent;
+import org.springframework.boot.actuate.audit.AuditEventRepository;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.format.annotation.DateTimeFormat;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.util.Assert;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+/**
+ * {@link MvcEndpoint} to expose {@link AuditEvent}s.
+ *
+ * @author Vedran Pavic
+ * @since 1.5.0
+ */
+@ConfigurationProperties(prefix = "endpoints.auditevents")
+public class AuditEventsMvcEndpoint extends AbstractNamedMvcEndpoint {
+
+	private final AuditEventRepository auditEventRepository;
+
+	public AuditEventsMvcEndpoint(AuditEventRepository auditEventRepository) {
+		super("auditevents", "/auditevents", true);
+		Assert.notNull(auditEventRepository, "AuditEventRepository must not be null");
+		this.auditEventRepository = auditEventRepository;
+	}
+
+	@GetMapping(produces = MediaType.APPLICATION_JSON_VALUE, params = { "after" })
+	@ResponseBody
+	public ResponseEntity<?> findByAfter(
+			@RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd'T'HH:mm:ssZ") Date after) {
+		if (!isEnabled()) {
+			return DISABLED_RESPONSE;
+		}
+		List<AuditEvent> auditEvents = this.auditEventRepository.find(after);
+		return ResponseEntity.ok(auditEvents);
+	}
+
+	@GetMapping(produces = MediaType.APPLICATION_JSON_VALUE,
+			params = { "principal", "after" })
+	@ResponseBody
+	public ResponseEntity<?> findByPrincipalAndAfter(@RequestParam String principal,
+			@RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd'T'HH:mm:ssZ") Date after) {
+		if (!isEnabled()) {
+			return DISABLED_RESPONSE;
+		}
+		List<AuditEvent> auditEvents = this.auditEventRepository.find(principal, after);
+		return ResponseEntity.ok(auditEvents);
+	}
+
+	@GetMapping(produces = MediaType.APPLICATION_JSON_VALUE,
+			params = { "principal", "after", "type" })
+	@ResponseBody
+	public ResponseEntity<?> findByPrincipalAndAfterAndType(@RequestParam String principal,
+			@RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd'T'HH:mm:ssZ") Date after,
+			@RequestParam String type) {
+		if (!isEnabled()) {
+			return DISABLED_RESPONSE;
+		}
+		List<AuditEvent> auditEvents = this.auditEventRepository.find(principal, after,
+				type);
+		return ResponseEntity.ok(auditEvents);
+	}
+
+}

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/EndpointMvcIntegrationTests.java

@@ -103,7 +103,7 @@ public class EndpointMvcIntegrationTests {
 	@MinimalWebConfiguration
 	@Import({ ManagementServerPropertiesAutoConfiguration.class,
 			JacksonAutoConfiguration.class, EndpointAutoConfiguration.class,
-			EndpointWebMvcAutoConfiguration.class })
+			EndpointWebMvcAutoConfiguration.class, AuditAutoConfiguration.class })
 	@RestController
 	protected static class Application {
 

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcAutoConfigurationTests.java

@@ -364,7 +364,7 @@ public class EndpointWebMvcAutoConfigurationTests {
 				EmbeddedServletContainerAutoConfiguration.class,
 				HttpMessageConvertersAutoConfiguration.class,
 				DispatcherServletAutoConfiguration.class, WebMvcAutoConfiguration.class,
-				EndpointWebMvcAutoConfiguration.class);
+				EndpointWebMvcAutoConfiguration.class, AuditAutoConfiguration.class);
 		this.applicationContext.refresh();
 		assertContent("/controller", ports.get().server, "controlleroutput");
 		assertContent("/test/endpoint", ports.get().server, "endpointoutput");
@@ -381,7 +381,7 @@ public class EndpointWebMvcAutoConfigurationTests {
 				EmbeddedServletContainerAutoConfiguration.class,
 				HttpMessageConvertersAutoConfiguration.class,
 				DispatcherServletAutoConfiguration.class, WebMvcAutoConfiguration.class,
-				EndpointWebMvcAutoConfiguration.class);
+				EndpointWebMvcAutoConfiguration.class, AuditAutoConfiguration.class);
 		this.applicationContext.refresh();
 		assertContent("/controller", ports.get().server, "controlleroutput");
 		ServerProperties serverProperties = this.applicationContext
@@ -440,9 +440,9 @@ public class EndpointWebMvcAutoConfigurationTests {
 				BaseConfiguration.class, ServerPortConfig.class,
 				EndpointWebMvcAutoConfiguration.class);
 		this.applicationContext.refresh();
-		// /health, /metrics, /loggers, /env, /actuator, /heapdump (/shutdown is disabled
-		// by default)
-		assertThat(this.applicationContext.getBeansOfType(MvcEndpoint.class)).hasSize(6);
+		// /health, /metrics, /loggers, /env, /actuator, /heapdump, /auditevents
+		// (/shutdown is disabled by default)
+		assertThat(this.applicationContext.getBeansOfType(MvcEndpoint.class)).hasSize(7);
 	}
 
 	@Test
@@ -734,7 +734,7 @@ public class EndpointWebMvcAutoConfigurationTests {
 			HttpMessageConvertersAutoConfiguration.class,
 			DispatcherServletAutoConfiguration.class, WebMvcAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class,
-			ServerPropertiesAutoConfiguration.class })
+			ServerPropertiesAutoConfiguration.class, AuditAutoConfiguration.class })
 	protected static class BaseConfiguration {
 
 	}

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/HealthMvcEndpointAutoConfigurationTests.java

@@ -84,7 +84,7 @@ public class HealthMvcEndpointAutoConfigurationTests {
 	@Configuration
 	@ImportAutoConfiguration({ SecurityAutoConfiguration.class,
 			JacksonAutoConfiguration.class, WebMvcAutoConfiguration.class,
-			HttpMessageConvertersAutoConfiguration.class,
+			HttpMessageConvertersAutoConfiguration.class, AuditAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class,
 			EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class })
 	static class TestConfiguration {

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfigurationTests.java

@@ -91,7 +91,7 @@ public class ManagementWebSecurityAutoConfigurationTests {
 				HttpMessageConvertersAutoConfiguration.class,
 				EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class,
 				ManagementServerPropertiesAutoConfiguration.class,
-				PropertyPlaceholderAutoConfiguration.class);
+				PropertyPlaceholderAutoConfiguration.class, AuditAutoConfiguration.class);
 		EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false");
 		this.context.refresh();
 		assertThat(this.context.getBean(AuthenticationManagerBuilder.class)).isNotNull();
@@ -203,7 +203,7 @@ public class ManagementWebSecurityAutoConfigurationTests {
 				EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class,
 				ManagementServerPropertiesAutoConfiguration.class,
 				WebMvcAutoConfiguration.class,
-				PropertyPlaceholderAutoConfiguration.class);
+				PropertyPlaceholderAutoConfiguration.class, AuditAutoConfiguration.class);
 		this.context.refresh();
 
 		Filter filter = this.context.getBean("springSecurityFilterChain", Filter.class);
@@ -265,7 +265,7 @@ public class ManagementWebSecurityAutoConfigurationTests {
 			JacksonAutoConfiguration.class, HttpMessageConvertersAutoConfiguration.class,
 			EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class,
-			PropertyPlaceholderAutoConfiguration.class,
+			PropertyPlaceholderAutoConfiguration.class, AuditAutoConfiguration.class,
 			FallbackWebSecurityAutoConfiguration.class })
 	static class WebConfiguration {
 

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/MinimalActuatorHypermediaApplication.java

@@ -51,7 +51,7 @@ import org.springframework.context.annotation.Configuration;
 		HttpMessageConvertersAutoConfiguration.class, WebMvcAutoConfiguration.class,
 		HypermediaAutoConfiguration.class, EndpointAutoConfiguration.class,
 		EndpointWebMvcAutoConfiguration.class, ErrorMvcAutoConfiguration.class,
-		PropertyPlaceholderAutoConfiguration.class })
+		PropertyPlaceholderAutoConfiguration.class, AuditAutoConfiguration.class })
 public @interface MinimalActuatorHypermediaApplication {
 
 }

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/MvcEndpointPathConfigurationTests.java

@@ -35,6 +35,7 @@ import org.springframework.boot.actuate.endpoint.LiquibaseEndpoint;
 import org.springframework.boot.actuate.endpoint.RequestMappingEndpoint;
 import org.springframework.boot.actuate.endpoint.ShutdownEndpoint;
 import org.springframework.boot.actuate.endpoint.TraceEndpoint;
+import org.springframework.boot.actuate.endpoint.mvc.AuditEventsMvcEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.DocsMvcEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter;
 import org.springframework.boot.actuate.endpoint.mvc.EnvironmentMvcEndpoint;
@@ -85,6 +86,7 @@ public class MvcEndpointPathConfigurationTests {
 	@Parameters(name = "{0}")
 	public static Object[] parameters() {
 		return new Object[] { new Object[] { "actuator", HalJsonMvcEndpoint.class },
+				new Object[] { "auditevents", AuditEventsMvcEndpoint.class },
 				new Object[] { "autoconfig", AutoConfigurationReportEndpoint.class },
 				new Object[] { "beans", BeansEndpoint.class },
 				new Object[] { "configprops",
@@ -143,9 +145,8 @@ public class MvcEndpointPathConfigurationTests {
 	@ImportAutoConfiguration({ EndpointAutoConfiguration.class,
 			HttpMessageConvertersAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class,
-			ServerPropertiesAutoConfiguration.class,
-			EndpointWebMvcAutoConfiguration.class, JolokiaAutoConfiguration.class,
-			EndpointAutoConfiguration.class })
+			ServerPropertiesAutoConfiguration.class, AuditAutoConfiguration.class,
+			EndpointWebMvcAutoConfiguration.class, JolokiaAutoConfiguration.class })
 
 	protected static class TestConfiguration {
 

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/AuditEventsMvcEndpointTests.java

@@ -0,0 +1,125 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.actuate.endpoint.mvc;
+
+import java.time.Instant;
+import java.util.Collections;
+import java.util.Date;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.audit.AuditEvent;
+import org.springframework.boot.actuate.audit.AuditEventRepository;
+import org.springframework.boot.actuate.audit.InMemoryAuditEventRepository;
+import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
+import org.springframework.boot.actuate.autoconfigure.ManagementServerPropertiesAutoConfiguration;
+import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
+import org.springframework.boot.autoconfigure.web.HttpMessageConvertersAutoConfiguration;
+import org.springframework.boot.autoconfigure.web.WebMvcAutoConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.not;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+/**
+ * Tests for {@link AuditEventsMvcEndpoint}.
+ *
+ * @author Vedran Pavic
+ */
+@SpringBootTest
+@RunWith(SpringRunner.class)
+public class AuditEventsMvcEndpointTests {
+
+	@Autowired
+	private WebApplicationContext context;
+
+	private MockMvc mvc;
+
+	@Before
+	public void setUp() {
+		this.context.getBean(AuditEventsMvcEndpoint.class).setEnabled(true);
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).build();
+	}
+
+	@Test
+	public void invokeWhenDisabledShouldReturnNotFoundStatus() throws Exception {
+		this.context.getBean(AuditEventsMvcEndpoint.class).setEnabled(false);
+		this.mvc.perform(get("/auditevents").param("after", "2016-11-01T10:00:00+0000"))
+				.andExpect(status().isNotFound());
+	}
+
+	@Test
+	public void invokeFilterByDateAfter() throws Exception {
+		this.mvc.perform(get("/auditevents").param("after", "2016-11-01T13:00:00+0000"))
+				.andExpect(status().isOk()).andExpect(content().string("[]"));
+	}
+
+	@Test
+	public void invokeFilterByPrincipalAndDateAfter() throws Exception {
+		this.mvc.perform(get("/auditevents").param("principal", "user")
+				.param("after", "2016-11-01T10:00:00+0000"))
+				.andExpect(status().isOk())
+				.andExpect(content().string(containsString(
+						"\"principal\":\"user\",\"type\":\"login\"")))
+				.andExpect(content().string(not(containsString("admin"))));
+	}
+
+	@Test
+	public void invokeFilterByPrincipalAndDateAfterAndType() throws Exception {
+		this.mvc.perform(get("/auditevents").param("principal", "admin")
+				.param("after", "2016-11-01T10:00:00+0000")
+				.param("type", "logout")).andExpect(status().isOk())
+				.andExpect(content().string(containsString(
+						"\"principal\":\"admin\",\"type\":\"logout\"")))
+				.andExpect(content().string(not(containsString("login"))));
+	}
+
+	@Import({ JacksonAutoConfiguration.class,
+			HttpMessageConvertersAutoConfiguration.class,
+			EndpointWebMvcAutoConfiguration.class, WebMvcAutoConfiguration.class,
+			ManagementServerPropertiesAutoConfiguration.class })
+	@Configuration
+	protected static class TestConfiguration {
+
+		@Bean
+		public AuditEventRepository auditEventsRepository() {
+			AuditEventRepository repository = new InMemoryAuditEventRepository(3);
+			repository.add(new AuditEvent(Date.from(Instant.parse(
+					"2016-11-01T11:00:00Z")), "admin", "login", Collections.emptyMap()));
+			repository.add(new AuditEvent(Date.from(Instant.parse(
+					"2016-11-01T12:00:00Z")), "admin", "logout", Collections.emptyMap()));
+			repository.add(new AuditEvent(Date.from(Instant.parse(
+					"2016-11-01T12:00:00Z")), "user", "login", Collections.emptyMap()));
+			return repository;
+		}
+
+	}
+
+}

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/EnvironmentMvcEndpointTests.java

@@ -24,6 +24,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.autoconfigure.AuditAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.ManagementServerPropertiesAutoConfiguration;
 import org.springframework.boot.actuate.endpoint.EnvironmentEndpoint;
@@ -107,7 +108,7 @@ public class EnvironmentMvcEndpointTests {
 	@Configuration
 	@Import({ JacksonAutoConfiguration.class,
 			HttpMessageConvertersAutoConfiguration.class, WebMvcAutoConfiguration.class,
-			EndpointWebMvcAutoConfiguration.class,
+			EndpointWebMvcAutoConfiguration.class, AuditAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class })
 	public static class TestConfiguration {
 

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/HalBrowserMvcEndpointDisabledIntegrationTests.java

@@ -31,6 +31,7 @@ import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 
@@ -86,7 +87,11 @@ public class HalBrowserMvcEndpointDisabledIntegrationTests {
 				continue;
 			}
 			path = path.length() > 0 ? path : "/";
-			this.mockMvc.perform(get(path).accept(MediaType.APPLICATION_JSON))
+			MockHttpServletRequestBuilder requestBuilder = get(path);
+			if (endpoint instanceof AuditEventsMvcEndpoint) {
+				requestBuilder.param("after", "2016-01-01T12:00:00+00:00");
+			}
+			this.mockMvc.perform(requestBuilder.accept(MediaType.APPLICATION_JSON))
 					.andExpect(status().isOk())
 					.andExpect(jsonPath("$._links").doesNotExist());
 		}

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/HalBrowserMvcEndpointVanillaIntegrationTests.java

@@ -119,8 +119,8 @@ public class HalBrowserMvcEndpointVanillaIntegrationTests {
 
 	@Test
 	public void endpointsEachHaveSelf() throws Exception {
-		Set<String> collections = new HashSet<String>(
-				Arrays.asList("/trace", "/beans", "/dump", "/heapdump", "/loggers"));
+		Set<String> collections = new HashSet<String>(Arrays.asList("/trace", "/beans",
+				"/dump", "/heapdump", "/loggers", "/auditevents"));
 		for (MvcEndpoint endpoint : this.mvcEndpoints.getEndpoints()) {
 			String path = endpoint.getPath();
 			if (collections.contains(path)) {

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/HeapdumpMvcEndpointTests.java

@@ -28,6 +28,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.autoconfigure.AuditAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.ManagementServerPropertiesAutoConfiguration;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
@@ -114,7 +115,7 @@ public class HeapdumpMvcEndpointTests {
 		this.mvc.perform(options("/heapdump")).andExpect(status().isOk());
 	}
 
-	@Import({ JacksonAutoConfiguration.class,
+	@Import({ JacksonAutoConfiguration.class, AuditAutoConfiguration.class,
 			HttpMessageConvertersAutoConfiguration.class,
 			EndpointWebMvcAutoConfiguration.class, WebMvcAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class })

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/InfoMvcEndpointTests.java

@@ -25,6 +25,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.autoconfigure.AuditAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.ManagementServerPropertiesAutoConfiguration;
 import org.springframework.boot.actuate.endpoint.InfoEndpoint;
@@ -79,7 +80,7 @@ public class InfoMvcEndpointTests {
 						"\"beanName2\":{\"key21\":\"value21\",\"key22\":\"value22\"}")));
 	}
 
-	@Import({ JacksonAutoConfiguration.class,
+	@Import({ JacksonAutoConfiguration.class, AuditAutoConfiguration.class,
 			HttpMessageConvertersAutoConfiguration.class,
 			EndpointWebMvcAutoConfiguration.class, WebMvcAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class })

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/InfoMvcEndpointWithNoInfoContributorsTests.java

@@ -23,6 +23,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.autoconfigure.AuditAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.ManagementServerPropertiesAutoConfiguration;
 import org.springframework.boot.actuate.endpoint.InfoEndpoint;
@@ -68,7 +69,7 @@ public class InfoMvcEndpointWithNoInfoContributorsTests {
 		this.mvc.perform(get("/info")).andExpect(status().isOk());
 	}
 
-	@Import({ JacksonAutoConfiguration.class,
+	@Import({ JacksonAutoConfiguration.class, AuditAutoConfiguration.class,
 			HttpMessageConvertersAutoConfiguration.class,
 			EndpointWebMvcAutoConfiguration.class, WebMvcAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class })

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/JolokiaMvcEndpointContextPathTests.java

@@ -21,6 +21,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.autoconfigure.AuditAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.JolokiaAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.ManagementServerPropertiesAutoConfiguration;
@@ -85,7 +86,7 @@ public class JolokiaMvcEndpointContextPathTests {
 	@Configuration
 	@EnableConfigurationProperties
 	@EnableWebMvc
-	@Import({ JacksonAutoConfiguration.class,
+	@Import({ JacksonAutoConfiguration.class, AuditAutoConfiguration.class,
 			HttpMessageConvertersAutoConfiguration.class,
 			EndpointWebMvcAutoConfiguration.class, JolokiaAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class })

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/JolokiaMvcEndpointIntegrationTests.java

@@ -23,6 +23,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.autoconfigure.AuditAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.JolokiaAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.ManagementServerPropertiesAutoConfiguration;
@@ -100,7 +101,7 @@ public class JolokiaMvcEndpointIntegrationTests {
 	@Configuration
 	@EnableConfigurationProperties
 	@EnableWebMvc
-	@Import({ JacksonAutoConfiguration.class,
+	@Import({ JacksonAutoConfiguration.class, AuditAutoConfiguration.class,
 			HttpMessageConvertersAutoConfiguration.class,
 			EndpointWebMvcAutoConfiguration.class, JolokiaAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class })

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MetricsMvcEndpointTests.java

@@ -25,6 +25,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.autoconfigure.AuditAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.ManagementServerPropertiesAutoConfiguration;
 import org.springframework.boot.actuate.endpoint.MetricsEndpoint;
@@ -129,7 +130,7 @@ public class MetricsMvcEndpointTests {
 				.andExpect(content().string(containsString("1")));
 	}
 
-	@Import({ JacksonAutoConfiguration.class,
+	@Import({ JacksonAutoConfiguration.class, AuditAutoConfiguration.class,
 			HttpMessageConvertersAutoConfiguration.class,
 			EndpointWebMvcAutoConfiguration.class, WebMvcAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class })

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointCorsIntegrationTests.java

@@ -19,6 +19,7 @@ package org.springframework.boot.actuate.endpoint.mvc;
 import org.junit.Before;
 import org.junit.Test;
 
+import org.springframework.boot.actuate.autoconfigure.AuditAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.JolokiaAutoConfiguration;
@@ -56,7 +57,7 @@ public class MvcEndpointCorsIntegrationTests {
 				HttpMessageConvertersAutoConfiguration.class,
 				EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class,
 				ManagementServerPropertiesAutoConfiguration.class,
-				PropertyPlaceholderAutoConfiguration.class,
+				PropertyPlaceholderAutoConfiguration.class, AuditAutoConfiguration.class,
 				JolokiaAutoConfiguration.class, WebMvcAutoConfiguration.class);
 	}
 

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java

@@ -19,6 +19,7 @@ package org.springframework.boot.actuate.endpoint.mvc;
 import org.junit.After;
 import org.junit.Test;
 
+import org.springframework.boot.actuate.autoconfigure.AuditAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.ManagementServerPropertiesAutoConfiguration;
@@ -229,9 +230,10 @@ public class MvcEndpointIntegrationTests {
 
 	@ImportAutoConfiguration({ JacksonAutoConfiguration.class,
 			HttpMessageConvertersAutoConfiguration.class, EndpointAutoConfiguration.class,
-			EndpointWebMvcAutoConfiguration.class,
+			EndpointWebMvcAutoConfiguration.class, AuditAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class,
-			PropertyPlaceholderAutoConfiguration.class, WebMvcAutoConfiguration.class })
+			PropertyPlaceholderAutoConfiguration.class, WebMvcAutoConfiguration.class,
+			AuditAutoConfiguration.class })
 	static class DefaultConfiguration {
 
 	}

spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc

@@ -961,6 +961,10 @@ content into your application; rather pick only the properties that you need.
 	endpoints.actuator.enabled=true # Enable the endpoint.
 	endpoints.actuator.path= # Endpoint URL path.
 	endpoints.actuator.sensitive=false # Enable security on the endpoint.
+	endpoints.auditevents.enabled= # Enable the endpoint.
+	endpoints.auditevents.id= # Endpoint identifier.
+	endpoints.auditevents.path= # Endpoint path.
+	endpoints.auditevents.sensitive= # Mark if the endpoint exposes sensitive information.
 	endpoints.autoconfig.enabled= # Enable the endpoint.
 	endpoints.autoconfig.id= # Endpoint identifier.
 	endpoints.autoconfig.path= # Endpoint path.

spring-boot-docs/src/main/asciidoc/production-ready-features.adoc

@@ -73,6 +73,10 @@ The following technology agnostic endpoints are available:
 HATEOAS to be on the classpath.
 |true
 
+|`auditevents`
+|Exposes audit events information for the current application.
+|true
+
 |`autoconfig`
 |Displays an auto-configuration report showing all auto-configuration candidates and the
  reason why they '`were`' or '`were not`' applied.