Commit Graph

1225 Commits

Author SHA1 Message Date
Phillip Webb 9e43b99966 Polish 2017-09-27 17:44:48 -07:00
Madhura Bhave 5d05347e61 Add auto-config and starter for reactive security
Closes gh-9925
2017-09-26 19:36:48 -07:00
Madhura Bhave 7093602753 Simplify UserDetailsService creation in samples
Closes gh-10385
2017-09-26 14:06:19 -07:00
Vedran Pavic bb72a4abe1 Add support for Spring WS auto WSDL/XSD exposure
This commit adds support for auto-configuration of Spring WS automatic
WSDL and XSD exposure i.e. registration of `WsdlDefinition` and
`XsdDefinition` beans. The bean registration is triggered by configuring
`spring.webservices.wsdl-locations` property which will search the
provided locations for WSDL/XSD files and register appropriate beans.

See gh-9635
2017-09-25 15:21:08 +02:00
Vedran Pavic a39ccc2f8c Add MongoDB support to Spring Session sample
Closes gh-10374
2017-09-22 07:25:23 +02:00
Andy Wilkinson c3bc32db02 Polish and reinstate usage of FileSystemUtils.deleteRecursively
Closes gh-9942
2017-09-21 12:03:51 +01:00
Andy Wilkinson e9147c2f20 Remove Spring Security OAuth Auto-Configuration
This commit removes auto-configuration support for Spring Security
OAuth, paving the way for the introduction of auto-configuration for
Spring Security 5's new OAuth-related features.

Closes gh-10255
2017-09-21 10:33:16 +01:00
Stephane Nicoll 27f22229e2 Polish "Add actuator endpoint for finding and deleting sessions"
Closes gh-8342
2017-09-20 16:17:06 +02:00
Vedran Pavic cf151b1717 Add actuator endpoint for finding and deleting sessions
See gh-8342
2017-09-20 15:48:25 +02:00
Andy Wilkinson 8ab12d909e Use standard bean validation annotations that are new in 2.0
See gh-9969
2017-09-20 12:08:13 +01:00
Stephane Nicoll efc3188cff Polish "Improve Spring Session sample"
Closes gh-10351
2017-09-20 11:09:44 +02:00
Vedran Pavic 8561929164 Improve Spring Session sample
This commit improves the Spring Session sample by providing multiple
build profiles that make it possible to easily try out different session
stores. By default, JDBC session store backed by an in-memory embedded H2
database is used.

See gh-10351
2017-09-20 11:08:46 +02:00
Andy Wilkinson 0f25dd0ea6 Update Failsafe and Surefire Maven plugins to 2.20.1
Closes gh-9414
2017-09-19 21:31:24 +01:00
Stephane Nicoll 8c0ffa331b Polish
See gh-9969
2017-09-19 18:45:08 +02:00
Stephane Nicoll d89ff8cb28 Polish sample
Closes gh-10330
2017-09-19 17:03:27 +02:00
Jon Schneider c2958c27ab Replace Boot's own metrics with support for Micrometer
Closes gh-9970
2017-09-14 17:15:46 +01:00
Stephane Nicoll e05e04014b Move security.* to spring.security.*
This commit also removes `security.basic.enabled` as this property is
no longer required.

Closes gh-10296
2017-09-14 17:33:37 +02:00
Stephane Nicoll 8010f6ef00 Rationalize JUnit5 dependency management
This commit only provides dependency management for JUnit Jupiter,
excluding experimental and migration support artifacts. It also removes
dependency management for the platform as it is used by IDEs and build
tools). The `junit-platform.version` is still available though to allow
users to configure their plugin with a supported placeholder for the
version.

Also, given that `junit-vintage-engine`'s version does not match the
JUnit 4 version it supports, we will not add dependency management for
it.

Closes gh-10240
2017-09-14 11:47:36 +02:00
Stephane Nicoll eb4a9d87fd Add actuator to jersey sample
Closes gh-10259
2017-09-13 12:46:43 +02:00
Stephane Nicoll b5d8e072f1 Add actuator to webflux sample
Closes gh-10258
2017-09-13 12:11:20 +02:00
Stephane Nicoll 73f4a2e130 Remove unnecessary override 2017-09-13 12:03:10 +02:00
Stephane Nicoll a825e9f493 Polish 2017-09-13 12:00:43 +02:00
Stephane Nicoll 4670cc7795 Relax use of spring.session.store-type
This commit makes the "spring.session.store-type" property optional,
adding an additional check when it is not present that validates only
one supported implementation is available on the classpath.

As Spring Session has been modularized, the chance that multiple
implementations are available on the classpath are lower. When only
one implementation is present, we attempt to auto-configure it. When
more than one implementation is present and no session store is
configured, a NonUniqueSessionRepositoryException is thrown.

Closes gh-9863
2017-09-13 11:20:34 +02:00
Phillip Webb 46dfe38b60 Rework security request matchers
Update the security request matchers so that a bean is no longer needed
when the matcher is used. Matchers can now be build by starting from
the `EndpointRequest` or `StaticResourceRequest` classes. For example:

http.authorizeRequests()
  .requestMatchers(EndpointRequest.to("status", "info")).permitAll()
  .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")
  .requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()

Closes gh-7958
2017-09-12 00:11:29 -07:00
Phillip Webb 2e51b48cd9 Refactor actuator package locations
Restructure actuator packages to improve structure. The following
changes have been made:

 - Separate actuator and actuator auto-configuration into different
   modules.
 - Move endpoint code into `spring-boot-actuator`.
 - Move `Endpoint` implementations from a single package into
   technology specific packages.
 - Move `HealthIndicator` implementations from a single package into
   technology specific packages.
 - As much as possible attempt to mirror the `spring-boot` package
   structure and class naming in `spring-boot-actuator` and
   `spring-boot-actuator-autoconfigure`.
 - Move `DataSourceBuilder` and DataSource meta-data support from
   `spring-boot-actuator` to `spring-boot`.

Fixes gh-10261
2017-09-12 00:11:20 -07:00
Phillip Webb 0f99b29b1a Temporarily remove security matchers
Temporarily back out `SpringBootSecurity` to enable easier
package refactoring.

See gh-10261
2017-09-12 00:02:34 -07:00
Phillip Webb ecb8461e8c Manually format security configuration
Update security configuration formatting to follow conventions
recommended in the Spring Security documentation.

See gh-7958
2017-09-11 23:58:52 -07:00
Stephane Nicoll 1dc08fdda2 Polish "Provide dependency management for JUnit Jupiter"
Closes gh-10240
2017-09-11 20:21:21 +02:00
Eddú Meléndez bb4a8cdc0e Provide dependency management for JUnit Jupiter
Spring Framework 5 provides support for JUnit 5. This commit adds
dependency management for JUnit 5 and an upgrade for
spring-boot-sample-junit-jupiter sample.

See gh-10240
2017-09-11 20:03:26 +02:00
Andy Wilkinson ad4ce9cf57 Return objects from trace, audit event, and thread dump endpoints
Closes gh-7648
2017-09-05 12:13:25 +01:00
Andy Wilkinson a6b30a3aab Reflect context hierarchy in beans endpoint’s response structure
Closes gh-10156
2017-09-05 12:13:25 +01:00
Andy Wilkinson ab54801143 Improve structure of response from configprops endpoint
Closes gh-10162
2017-09-05 12:13:25 +01:00
Andy Wilkinson 9242def4c0 Improve structure and JSON serialization of beans endpoint's response
Closes gh-10156
2017-09-04 14:40:15 +01:00
Stephane Nicoll afda0ec129 Default Hibernate DDL auto to none with Flyway/Liquibase
This commit adds a strategy interface to specific if a given DataSource
has its schema managed. The Hibernate auto-configuration uses it to set
it to "none" if a mechanism to initialize the DataSource is
found and "create-drop" otherwise.

Both Flyway and Liquibase implements that strategy interface and
register it in the context accordingly.

Closes gh-9262
2017-08-30 12:42:24 +02:00
Stephane Nicoll b91ceef621 Polish "Polish"
Closes gh-10109
2017-08-30 10:41:51 +02:00
Johnny Lim db76112700 Polish
See gh-10109
2017-08-30 10:33:53 +02:00
Phillip Webb 2c97d3a5e9 Polish 2017-08-29 15:59:32 -07:00
Stephane Nicoll 98455e30dc Rename default endpoint settings to "default"
Closes gh-10098
2017-08-29 11:27:35 +02:00
Madhura Bhave 919dfd3f90 Remove unused properties and constants
Since the autoconfig totally backs off in the presence
of a WebSecurityConfigurerAdapter, there is no need to
order them ahead of/after the one provided by Spring Boot.

See gh-7958
2017-08-28 15:53:35 -07:00
Stephane Nicoll da65158eae Disable Jolokia by default
To be consistent with Actuator web endpoints, Jolokia is now disabled
by default.

Closes gh-10090
2017-08-28 10:18:19 +02:00
Madhura Bhave e08ddbf838 Rework security autoconfiguration
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.

Closes gh-7958
2017-08-27 23:15:18 -07:00
Stephane Nicoll 08ce7e24d7 Polish 2017-08-25 13:56:37 +02:00
Stephane Nicoll 68fcea7b9a Migrate endpoints.cors to management.endpoints.cors
This commit moves CORS properties out of the endpoints namespace as they
do not refer to a "cors" endpoint but rather to the CORS configuration
of all endpoints.

Closes gh-10053
2017-08-22 11:40:39 +02:00
Andy Wilkinson ee16332745 Update Actuator to use the new endpoint infrastructure
This commit migrates the Actuator onto the new endpoint infrastruture.
In addition to the existing support for accessing the endpoints via
JMX and HTTP using Spring MVC, support for access via HTTP using
Jersey and WebFlux has been added. This includes using a separate
management port where we now spin up an additional, appropriately
configured servlet or reactive web server to expose the management
context on a different HTTP port to the main application.

Closes gh-2921
Closes gh-5389
Closes gh-9796
2017-08-11 16:38:41 +01:00
Andy Wilkinson 0aa39d0279 Improve the package structure of spring-boot-actuator module
Closes gh-7545
2017-08-10 12:08:01 +01:00
Andy Wilkinson 5aae23d8ea Update OAuth Actuator sample tests to adapt to sensitivity removal
See gh-9924
2017-08-01 12:44:08 +01:00
Andy Wilkinson 52536dc291 Update Actuator UI sample test to adapt to sensitivity removal
See gh-9924
2017-08-01 11:12:33 +01:00
Andy Wilkinson bb55f49396 Remove concept of sensitivity from Actuator's endpoints
Closes gh-9924
2017-08-01 10:05:09 +01:00
Andy Wilkinson 847f6d1b2c Update test in Actuator sample to adapt to changes in env response
See gh-9864
2017-08-01 09:03:23 +01:00
Andy Wilkinson 4f76a560b8 Fix the Actuator sample 2017-07-31 08:47:16 +01:00