Update `MapBinder` to only compute values if an entry does not already
exist. Prior to this commit, a binding to `Map<String,List<String>>`
would be expensive since the same entries would be bound many times.
For example, given:
foo.bar[0]=baz1
foo.bar[1]=baz1
foo.bar[2]=baz1
The Map binder would iterate over the properties `bar[0]`, `bar[1]` and
`bar[2]`. Each of these properties resulted in the same actual key of
`bar` which would then be bound to list multiple times.
Fixes gh-10093
Release allocated `DataBuffer` if an error happens during template
processing. Otherwise, this buffer will be automatically released when
written to the exchange.
Update the security request matchers so that a bean is no longer needed
when the matcher is used. Matchers can now be build by starting from
the `EndpointRequest` or `StaticResourceRequest` classes. For example:
http.authorizeRequests()
.requestMatchers(EndpointRequest.to("status", "info")).permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")
.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
Closes gh-7958
Restructure actuator packages to improve structure. The following
changes have been made:
- Separate actuator and actuator auto-configuration into different
modules.
- Move endpoint code into `spring-boot-actuator`.
- Move `Endpoint` implementations from a single package into
technology specific packages.
- Move `HealthIndicator` implementations from a single package into
technology specific packages.
- As much as possible attempt to mirror the `spring-boot` package
structure and class naming in `spring-boot-actuator` and
`spring-boot-actuator-autoconfigure`.
- Move `DataSourceBuilder` and DataSource meta-data support from
`spring-boot-actuator` to `spring-boot`.
Fixes gh-10261
This commit removes the restriction that was added in 4a61e45 to
prevent / from being used as the management context path when the
management context was not using a different port
The management context path can now be set to / irrespective of the
configuration of the management port. To avoid a possible clash
with the application's welcome page or similar, the links "endpoint"
that is mapping to the management context path is disabled when
the management context path is /.
As part of allowing / to be used as the management context path again,
the handling of endpoint mappings and the creation of paths for
individual operations has been consolidated into a new EndpointMapping
class that is used across the three (MVC, WebFlux, and Jersey)
implementations.
See gh-9898
Previously, the API used to bind a ConfigurationProperties annotated
object was private to the BeanPostProcessor implementation.
This commit moves most of the logic to ConfigurationPropertiesBinder. As
we want this object to have the same state regardless of how it is built,
a builder is now provided that detects the components that the binder
needs if not specified explicitly.
Closes gh-8344
This commit adds a strategy interface to specific if a given DataSource
has its schema managed. The Hibernate auto-configuration uses it to set
it to "none" if a mechanism to initialize the DataSource is
found and "create-drop" otherwise.
Both Flyway and Liquibase implements that strategy interface and
register it in the context accordingly.
Closes gh-9262
This commit adds support for adapting to and from Mono when calling
an operation on an endpoint.
When an endpoint is exposed using WebFlux, a call to a blocking
operation is adapted to return a Mono by dispatching the operation
invocation on a separate thread using Reactor's elastic scheduler.
When an endpoint is exposed using Jersey, a call to an endpoint that
returns a Mono is adapted to return the Mono's result by blocking
until it is available. Note that such adaptation is not necessary when
using Spring MVC as it supports Mono natively.
Closes gh-10112
This commit adds a `@DeleteOperation` annotation that can be used to
indicate that an endpoint's operation is meant to delete a resource.
Such operation is mapped to a DELETE http method.
Closes gh-10023
Since the handler interceptors have been removed, web endpoints
are all disabled by default to prevent accidental exposure of
sensitive information.
Closes gh-7958
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.
Closes gh-7958
This commit creates our own version of javax.servlet.DispatcherType for
configuration purpose as we can use the other one now the servlet api
is optional.
Closes gh-9856
This commit fixes ServerPortInfoApplicationContextInitializer so that
is registers a listener against `WebServerInitializedEvent`.
A former polish to use a lambda actually introduced a regression as the
listener was registered as `ApplicationListener<?>`.
Closes gh-10047
Madhura Bhave
Andy Wilkinson
Phillip Webb
Stephane Nicoll
Jon Schneider
Johnny Lim
Brian Clozel
Paul Vorbach
Gytis Trikleris