Commit Graph

1399 Commits

Author SHA1 Message Date
Phillip Webb
425dbc3e52 Update copyright header for edited files 2017-03-06 15:04:07 -08:00
Phillip Webb
2a592103f0 Polish formatting 2017-03-06 15:03:43 -08:00
Phillip Webb
91a7bf92e6 Merge branch '1.5.x' 2017-03-06 12:04:55 -08:00
Phillip Webb
fedd7b9506 Polish 2017-03-06 12:01:05 -08:00
Madhura Bhave
8f26dc09b7 Merge branch '1.5.x' 2017-03-02 13:35:19 -08:00
Madhura Bhave
d4b52a3538 Expose Health details if user has authority
If the Princial is a Spring Security Authentication object and the
request doesn't have the right roles, check the authorities.

Fixes gh-8471
2017-03-02 12:37:47 -08:00
Stephane Nicoll
cb40ea485b Merge branch '1.5.x' 2017-03-02 14:31:49 +01:00
Stephane Nicoll
5cc569fc91 Improve execution speed of CacheAutoConfigurationTests
As of Hazelcast 3.7, the bootstrap is pretty slow by default due to the
networking discovery. This commit disables both TCP/IP and multicast
discoveries.
2017-03-02 14:28:33 +01:00
Phillip Webb
58ac67eb27 Merge branch '1.5.x' 2017-03-02 00:09:56 -08:00
Phillip Webb
3ee7dae09b Merge branch '1.4.x' into 1.5.x 2017-03-01 23:44:40 -08:00
Phillip Webb
f1012c104a Polish 2017-03-01 23:29:20 -08:00
Phillip Webb
c06a9771c2 Support list based role properties
Update `HealthMvcEndpoint` to respect `ManagementServerProperties`
roles. Prior to this commit the `HealthMvcEndpoint` directly loaded
roles rather than using bound properties. This meant that list values
from yaml were not respected.

Fixes gh-8314
2017-03-01 21:35:50 -08:00
Madhura Bhave
94a14dbcd8 Merge branch '1.5.x' 2017-03-01 20:16:43 -08:00
Madhura Bhave
031c9bf191 Validate authorities in MvcSecurityInterceptor
If Spring Security is on the classpath and `isUserInRole` returns false,
check if user has the authority to access the actuator endpoints.

Fixes gh-8255
2017-03-01 17:55:30 -08:00
Madhura Bhave
e5e1f24d1f Revert "Skip MvcSecurityInterceptor if Spring Security present"
Instead of entirely skipping the interceptor, we will be additionally
checking for authorities.
2017-03-01 16:31:36 -08:00
Madhura Bhave
ad5cb8a3cd Skip MvcSecurityInterceptor if Spring Security present
If Spring Security is on the classpath, the role check can be done
as part of the ManagementWebSecurityConfigurerAdapter.

Fixes gh-8255
2017-03-01 14:44:06 -08:00
Phillip Webb
a4bcd20b64 Merge branch '1.5.x' 2017-02-27 20:43:18 -08:00
Phillip Webb
ca1540cefe Update header copyright for changed files 2017-02-27 20:41:18 -08:00
Phillip Webb
5867cd6175 Polish 2017-02-27 20:41:18 -08:00
Phillip Webb
47fd5f4fac Merge branch '1.4.x' into 1.5.x 2017-02-27 14:00:46 -08:00
Phillip Webb
47b00c086c Polish 2017-02-27 13:56:17 -08:00
Andy Wilkinson
3164330139 Correct HAL Browser location to reflect version of web jar
See gh-8382
2017-02-22 16:53:29 +00:00
Brian Clozel
a5bdbd0dc2 Introduce EmbeddedWebServerInitializedEvent
This commit adds `EmbeddedWebServerInitializedEvent`, which holds the
`EmbeddedWebServer` information when the application context starts.
The `EmbeddedServletContainerInitializedEvent` now inherits from that
type and holds additional information, the
`EmbeddedWebApplicationContext`.

Closes gh-8208
2017-02-14 14:30:49 +01:00
Andy Wilkinson
54b95973bb Merge branch '1.5.x' 2017-02-14 11:23:36 +00:00
Andy Wilkinson
e2a12e77b7 Merge branch '1.4.x' into 1.5.x 2017-02-14 11:23:25 +00:00
Andy Wilkinson
bbe9394228 Tests that lists of lists are sanitized correctly
See gh-8263
2017-02-14 11:22:04 +00:00
Johnny Lim
88afc43d44 Ensure that entries in a list of lists are not lost during sanitization
Closes gh-8263
See gh-8197
2017-02-14 11:20:14 +00:00
Madhura Bhave
ffd35aaf5f Merge branch '1.5.x' 2017-02-09 17:15:20 -08:00
Madhura Bhave
77e5c585f4 Validate kid in Cloud Foundry token header
Instead of validating the signature against all the public keys,
we can validate it only against the public key with the kid that
matches the one in the token header.

Closes gh-8126
2017-02-09 16:47:44 -08:00
Andy Wilkinson
16b7bf7f73 Merge branch '1.5.x' 2017-02-09 13:50:23 +00:00
Andy Wilkinson
df08863641 Make ServletRegistrationBean and FilterRegistration bean generic
Closes gh-7666
2017-02-09 13:36:35 +00:00
Andy Wilkinson
1efa700713 Merge branch '1.5.x' 2017-02-08 20:50:45 +00:00
Andy Wilkinson
25982ecf69 Merge branch '1.4.x' into 1.5.x 2017-02-08 20:50:24 +00:00
Andy Wilkinson
04c8b912ee Fall back to standard LiveBeansView behaviour when MBean is in use
Closes gh-8146
2017-02-08 20:49:16 +00:00
Andy Wilkinson
a19ad3211b Merge branch '1.5.x' 2017-02-08 17:29:22 +00:00
Andy Wilkinson
d02a9c1058 Merge branch '1.4.x' into 1.5.x 2017-02-08 17:29:15 +00:00
Andy Wilkinson
f27bb39af9 Sanitize configuration properties that are nested beneath a List
Closes gh-8197
2017-02-08 17:21:41 +00:00
Brian Clozel
aeef41c977 Separate container customization from ServerProperties
This commit creates a separate
`ServerPropertiesServletContainerCustomizer` that holds the servlet
container customization code, separating that concern from the server
configuration keys.

See gh-8066
2017-02-08 09:55:07 +01:00
Brian Clozel
12d883f6b9 Introduce "server.servlet" configuration prefix
This commit refactors the `ServerProperties` property keys and
introduces a separate "server.servlet" namespace to isolate
servlet-specific properties from the rest.

Closes gh-8066
2017-02-07 16:48:22 +01:00
Stephane Nicoll
f41801ee8c Narrow down ConditionalOnWebApplication
Use the new `type` attribute of `@ConditionalOnWebApplication` for the
configurations that have a hard dependency on the Servlet/MVC API.

See gh-8118
2017-02-07 15:53:18 +01:00
Brian Clozel
8619d6a229 Rename EmbeddedServletContainer -> EmbeddedWebServer
This contract is not specific to servlet containers and should be
reused by all web server implementations (including reactive variants).

Fixes gh-8208
2017-02-06 17:44:26 +01:00
Stephane Nicoll
6af6e8e31b Remove auto-configuration for ServerProperties
This commit removes `ServerProperties` and `ManagementServerProperties`
auto-configurations. Those properties objects are now created using
`@EnableConfigurationProperties` only.

Closes gh-8108
2017-02-06 14:00:50 +01:00
Stephane Nicoll
cfdc75d384 Merge branch '1.5.x' 2017-02-06 10:38:16 +01:00
Johnny Lim
0adab8a2be Use logical 'and' instead of bitwise 'and'
Closes gh-8198
2017-02-06 10:35:13 +01:00
Stephane Nicoll
fb19b36595 Merge branch '1.5.x' 2017-02-05 09:26:52 +01:00
Stephane Nicoll
dc75f13754 Remove deprecated metadata for spring.pidfile 2017-02-05 09:26:32 +01:00
Stephane Nicoll
3d1f8aa8d7 Merge branch '1.4.x' into 1.5.x 2017-02-05 09:25:48 +01:00
Stephane Nicoll
a30461c5c7 Polish pid metadata
This commit moves the `spring.pid.*` metadata to the relevant project. It
also updates the doc to refer to the new `ApplicationPidFileWriter`
rather than the one in its deprecatred form.

Closes gh-8196
2017-02-05 09:23:56 +01:00
Phillip Webb
36c1db0223 Merge branch '1.5.x' 2017-01-31 13:27:09 -08:00
Phillip Webb
21234b36de Ensure JmxEndpoint beans get context object IDs
Update `EndpointMBeanExporter` to ensure that `JmxEndpoint` as well
as regular `Endpoint` beans are considered when searching the parent
context.

Prior to this commit if the same `JmxEndpoint` was registered in the
both the child and parent context then the `context=` element of the
name wasn't added.

Fixes gh-8152
2017-01-31 13:25:59 -08:00