Commit Graph

1019 Commits

Author SHA1 Message Date
Phillip Webb
5703fb1515 Polish 2017-01-23 16:03:59 -08:00
Andy Wilkinson
07d9c3fef6 Rename classes and package in new OAuth2 and Actuator sample
Closes gh-8058
2017-01-23 11:08:05 +00:00
Stephane Nicoll
915c959a28 Polish contribution
Closes gh-7600
2017-01-20 16:40:48 +01:00
Phillip Webb
f3cd0ad22c Polish 2017-01-19 12:44:57 -08:00
Phillip Webb
10dbf3c571 Use @Validated as trigger for JSR-330 validation
Update `ConfigurationPropertiesBindingPostProcessor` so that
`@Validated` is expected to be used to trigger JSR-330 validation.

Any existing configuration classes that use JSR-330 annotations but
don't have `@Validated` will currently still be validated, but will
now log a warning. This should give users a chance to add the requested
annotations before the next Spring Boot release where we will use them
as the exclusive signal that validation is required.

Closes gh-7579
2017-01-18 21:01:07 -08:00
Andy Wilkinson
29adf2d85e Ensure that test closes InputStream that reads contents of output files 2017-01-17 21:16:20 +00:00
Andy Wilkinson
2973d3ed4b Polishing 2017-01-17 14:35:30 +00:00
Andy Wilkinson
ed18478054 Give FileWritingMessageHandler more time to sort itself out
See 3927dca3
2017-01-17 14:26:14 +00:00
Andy Wilkinson
682d0f524f Test insecure, insensitive endpoint with property that's always available
The user property is only available on Unix-like platforms (due to
the USER environment variable). This commit updates the test to
explicitly set a specific property and then check that it's accessible
via the env endpoint rather than using one that is OS-specific.

See gh-7868
See gh-7881
2017-01-17 13:17:32 +00:00
Andy Wilkinson
8666248d27 Polishing 2017-01-17 12:25:01 +00:00
Andy Wilkinson
3927dca3e0 Tolerate files being briefly left open by FileWritingMessageHandler
When the context is closed, FileWritingMessageHandler is stopped and
it closes its output files. However, it appears to do so in a manner
which means that they may be closed after the call to close the
context is completed. This causes problems on Windows as files that
are still open cannot be deleted.

This commit adds a workaround to SampleIntegrationApplicationTests
so that it makes up to 10 attempts each 0.5s apart to clean up the
input and output directories.
2017-01-17 11:48:57 +00:00
Johnny Lim
acc36c076d Polish
See gh-8004
2017-01-17 09:53:50 +01:00
Stephane Nicoll
7e557662a5 Polish contribution
Closes gh-7916
2017-01-14 04:35:58 -05:00
Praveendra Singh
36de58f0fe Polish samples list in readme
See gh-7916
2017-01-14 04:34:10 -05:00
Andy Wilkinson
ae3434ba4c Merge branch '1.4.x' into 1.5.x 2017-01-13 18:45:50 -05:00
Andy Wilkinson
d2201d5284 Correct copyright dates and enforce that starting year is 2012
Closes gh-7923
2017-01-13 18:43:30 -05:00
Phillip Webb
f96294b63b Add LDAP sample
Add an LDAP sample application.

See gh-7733
2017-01-05 23:36:29 -08:00
Madhura Bhave
4ea47220e9 Match nested paths for insensitive actuators
Update `ManagementWebSecurityAutoConfiguration` to match nested path
for insensitive actuators.

Prior to this commit, when Spring Security was on the classpath
nested paths were considered sensitive (even if the actuator
endpoint was not sensitive). i.e. when setting
`endpoints.env.sensitive=false` `/env` could be accessed without
authentication but `/env/user` could not.

Fixes gh-7868
Closes gh-7881
2017-01-05 18:45:30 -08:00
Phillip Webb
18aa9be4fb Merge branch '1.4.x' into 1.5.x 2017-01-05 18:16:42 -08:00
Phillip Webb
21bfe52694 Add test to check class resources aren't exposed
Closes gh-7880
2017-01-05 18:15:50 -08:00
Phillip Webb
565f75438e Polish 2017-01-05 11:04:07 -08:00
Dave Syer
fe344df9c5 Change default order of OAuth2 resource server filter chain
The default is now SecurityProperties.ACCESS_OVERRIDE_ORDER-1
(instead of 3), and the user can set it with
security.oauth2.resource.filter-order (as opposed to being hard
coded). The filter is provided by Spring OAuth2 so this change is
a BeanPostProcessor to call a setter on that object.

Fixes gh-5072
2017-01-05 11:58:36 +00:00
Phillip Webb
aacf5d660f Update copyright year for changed files 2016-12-30 11:53:51 -08:00
Phillip Webb
be3fe12cf0 Polish 2016-12-30 11:46:24 -08:00
Phillip Webb
273beaa3ce Polish 2016-12-30 11:10:44 -08:00
Stephane Nicoll
c903ff46a7 Polish samples 2016-12-30 17:57:14 +01:00
Stephane Nicoll
a19a28062f Fix actuator security in samples
Closes gh-7637
2016-12-30 17:56:19 +01:00
Stephane Nicoll
3ed5a723bb Polish log4j2 sample 2016-12-30 15:50:45 +01:00
Phillip Webb
97d7ffd8e8 Merge branch '1.4.x' into 1.5.x 2016-12-28 14:48:05 -08:00
Phillip Webb
61c931943f Fix Devtools PatternResolver Servlet support
Update ClassLoaderFilesResourcePatternResolver to support servlet
resources when it's being used with a WebApplicationContext.

Prior to commit 918e122ddc a `ResourceLoader` was not added to the
`ApplicationContext`, meaning that servlet resources could be found by
virtue of the protected `getResourceByPath()` method. Following commit
918e122ddc, the context `ResourceLoader` is set, meaning that all calls
to `getResource` delegate to the `ResourceLoader` and the
`ApplicationContext` methods are not invoked. Since the devtools
`ResourceLoader` wasn't Servlet aware, servlet resources could not
be found.

Fixes gh-7752
2016-12-28 14:25:11 -08:00
Phillip Webb
85504e74a6 Merge branch '1.4.x' into 1.5.x 2016-12-27 15:05:15 -08:00
Mesut Can Gurle
ab2290eecd Improve Cassandra sample README documentation
Update the README file in `spring-boot-sample-data-cassandra` with
details of how to setup the keyspace and create the tables.

Closes gh-7737
2016-12-27 12:56:22 -08:00
Phillip Webb
61f65ea10e Add test for devtools + serving from /public
Add a simple test to show that basic serving of `/public` resources
works with devtoos.

See gh-7752
2016-12-27 12:24:32 -08:00
Phillip Webb
a116579cfc Work around Jetty websocket client bug
Add workaround for Jetty JsrSession NullPointerException bug
(https://github.com/eclipse/jetty.project/issues/1202) in
`spring-boot-sample-websocket-jetty`.

See gh-7599
2016-12-24 11:22:58 -08:00
Phillip Webb
a23591e047 Support Jetty 9.4 and upgrade to 9.4.0.v20161208
Update `JettyEmbeddedServletContainerFactory` to support Jetty 9.4
directly and Jetty 9.3 via reflection. The primary difference between
Jetty 9.3 and 9.4 are the session management classes. Websocket suppport
has also been updates, but this is handled transparently by the
Spring Framework support.

Fixes gh-7599
2016-12-24 11:22:38 -08:00
Phillip Webb
c3edf9e341 Fixup version numbers following release 2016-12-22 19:03:09 -08:00
Spring Buildmaster
9057f9ae1f Next development version 2016-12-23 00:15:23 +00:00
Phillip Webb
982f41b70c Polish @IntegrationComponentScan auto-configuration
See gh-2037
See gh-7718
2016-12-21 22:22:50 -08:00
Stephane Nicoll
ac9eb8a9a9 Fix Maven warning in samples
Closes gh-7716
2016-12-21 11:40:14 +01:00
Phillip Webb
6121208cbb Polish formatting 2016-12-19 12:47:03 -08:00
Phillip Webb
bd74c3d327 Polish formatting 2016-12-19 12:25:09 -08:00
Madhura Bhave
1be5812cf0 Require ACTUATOR role rather than ADMIN
Update management security to require an `ACTUATOR` role rather than
`ADMIN` by default. This should reduce the risk of users accidentally
exposing actuator endpoints because they happen to use a role named
`ADMIN`.

Fixes gh-7569
2016-12-05 17:58:16 -08:00
Madhura Bhave
d09aafacda Add a security interceptor for actuator endpoints
Update `AbstractEndpointHandlerMapping` to support a security
interceptor that can be used to enforce endpoint security.

Fixes gh-6889
2016-12-05 17:57:00 -08:00
Andy Wilkinson
cee2f818d6 Fix m2e error caused by spring-boot-sample-custom-layout 2016-12-02 11:20:39 +00:00
Stephane Nicoll
740d28578b Promote plugin dependency management
This commit promotes the plugin dependency management for the
`maven-enforcer-plugin` and `maven-invoker-plugin` to the root. That way
these can be used in samples as well rather than having a separate copy.

Closes gh-7517
2016-11-30 11:37:48 +01:00
Stephane Nicoll
b618c70e52 Add test slice for pure jdbc tests
This commit adds `@JdbcTest`, a new test slice for pure jdbc tests. It
provides the same basic features than `@DataJpaTest`.

Closes gh-6563
2016-11-29 14:54:15 +01:00
Stephane Nicoll
140379fc5a Fix Maven warnings 2016-11-29 10:03:49 +01:00
Stephane Nicoll
cb6a7b79fe Fix build failure 2016-11-29 10:03:30 +01:00
Phillip Webb
8432c52369 Add custom LayoutFactory sample
Add a sample that shows how a custom LayoutFactory can be used with
both Maven and Gradle.

Closes gh-7263
2016-11-28 16:31:53 -08:00
Phillip Webb
88c84ce234 Merge branch '1.4.x' into 1.5.x 2016-11-22 14:53:30 -08:00