Commit Graph

54 Commits

Author SHA1 Message Date
Dave Syer
3c1e48c89a Better handling of anonymously accessible endpoints
Shares the /health endpoint request mapping between security config
and MVC dispatcher. Generalizes so that instead of a marker
interface (AnonymouslyAccessibleMvcEndpoint), an MvcEndpoint
signals that it wants to control its own access rules by adding
a Principal to the @RequestMapping method parameters (more @MVC).

Fixes gh-2015 slightly differently
2014-11-28 06:33:30 +00:00
Andy Wilkinson
2ce057ca96 Allow /health to be accessed anonymously irresepctive of its sensitivity
The changes in 3bb598a overload the health endpoint's sensitive
property such that it's now considered sensitive if management
security is enabled. When an endpoint is sensitive anonymous
access is prevented. This breaks the health endpoint which should
return a filtered view of the server's health when it's accessed
anonymously rather than rejecting the request.

This commit introduces AnonymouslyAccessibleMvcEndpoint, a marker
extension of the MvcEndpoint interface. It is implemented by
HealthMvcEndpoint. ManagementSecurityAutoConfiguration has been
updated to allow anonymous access to endpoints that aren't sensitive
or that implement AnonymouslyAccessibleMvcEndpoint.

Fixes gh-2015
2014-11-27 14:51:57 +00:00
Dave Syer
6ad626de49 Allows /configprops endpoint to show nested properties
Including maps and lists. Beans with no metadata (in
/META-INF/*spring-configuration-metadata.json) are just serialized
as they come (so might have problems like cycles). Serialization
errors are caught and rendered as an "error" for that bean. Any
problems can be fixed by preparing metadata and specifying which
properties are to be rendered that way.

Fixes gh-1746, fixes gh-1921
2014-11-19 14:10:01 +00:00
Andy Wilkinson
35b7ba5cda Deprecate http.mappers.* properties
The http.mappers.* configuration properties assumed that the mapping
was JSON (on of the property names was jsonPrettyPrint) and also only
exposed a small subset of the configuration options supported by
Jackson (and GSON). The property names implied that it would configure
all HTTP mapping, however it was ignored by GsonAutoConfiguration.

This commit deprecates the support for http.mappers.* in favour of
configuring Jackson or Gson instead. Jackson can be configured
declaratively using the spring.jackson.* properties or programtically.
Gson can be configured programatically by using a GsonBuilder to
create a Gson instance with the desired configuration.
gh-1946 has been opened to add support for declarative configuration
of Gson.

Closes gh-1945
2014-11-18 13:51:48 +00:00
Phillip Webb
d039f43107 Update samples to use @SpringBootApplication
Update the relevant samples to use the new @SpringBootApplication
annotation.

Closes gh-1842
2014-11-06 22:51:09 -08:00
Dave Syer
a7e1ec842d Use @*@ delimiters in Maven resource filtering
It *is* very useful to have filtering on by default, so that is now
the case (in spring-boot-starter-parent). Users can filter resources
by default by adding @*@ placeholders (so as not to clash with Spring
${} placeholders).

Fixes gh-1199
2014-11-03 11:12:11 +00:00
Phillip Webb
d17b7c8195 Polish 2014-10-29 12:08:37 -07:00
Dave Syer
24e71e868f Allow /health and /info to authenticate anonymously
Then we can optionally find a non-anonymous principal if there
is one. If the user is anonymous then the health result is cached
up to endpoints.health.ttl (default 1000ms) to prevent a DOS attack.

Fixes gh-1353
2014-10-27 16:58:01 +00:00
Dave Syer
336b96b81c Copy server customization to management context
If the actuator endpoints are configured on a different port then there
are some settings in the main ServerProperties that we would like to
re-use (e.g. the access log). The easiest way to do that is to just
configure the management server using the same ServerProperties instance
and then overwrite the things that are different (and stored in
ManagementServerProperties).

Fixes gh-1581
2014-09-25 09:57:24 -07:00
Andy Wilkinson
e185793396 Update test to correct name of metric for request that returns a 401
The request is being made to '/' and, while the application does have
a mapping for '/', that mapping is not looked for before Spring
Security's filter rejects the request with a 401. This means that the
request is considered to be unmapped and this is reflected in the
metric's name.

See #1331 and #1333
2014-08-06 13:38:42 +01:00
Phillip Webb
fa88c481a5 Remote trailing whitespace 2014-07-02 15:17:14 -07:00
Dave Syer
fd757cb371 Add logging.level to application.properties
E.g.

logging.level.org.springframework: DEBUG
logging.level.org.hibernate: WARN

Fixed gh-788
2014-06-27 15:49:17 +01:00
Phillip Webb
9632abf825 Formatting and cleanup 2014-06-26 09:41:15 -07:00
Dave Syer
bc85f388aa Add test for gh-1058 2014-06-09 17:05:12 +01:00
Dave Syer
68448a8c68 Use the ServerProperties to add prefixes to paths
when server.servletPath is set we need to add prefixes to
the security filter paths.

Fixes gh-945
2014-05-24 08:33:14 +01:00
Christian Dupuis
4648188782 Rework HealthEndpoint and HealthIndicator
With this commit the state of a component or subsystem becomes a first-class citizen in Boot's application health support. HealthIndicators now return a Health instance with status and some contextual details.

An aggregation strategy has been introduced to aggregate several Health instances into one final application Health instance. Out of the box OrderedHealthAggregator can be configured to allow different ordering or a custom HealthAggregator bean can be registered.
2014-05-22 12:27:03 +02:00
Phillip Webb
8bcda1bcbe Polish 2014-05-20 18:26:56 +01:00
Dave Syer
5249f54c5a Integrate @ConfigurationProperties @Beans with DataSource configuration
We now have a much simpler DataSourceAutoConfiguration that binds to whatever
DataSource concrete type it finds at runtime. To be able to quickly switch between
Hikari and the other types of DataSource there's a minute shim for translating
the common properties (username, password, url, driverClassName), but actually
only url is different. The shim and also DataSource initialization is supported
through DataSourceProperties, but the other native properties get bound directly
through the concrete runtime type of the DataSource.

The /configprops endpoint works (and is exposed in the actuator sample).

Fixes gh-840, fixes gh-477, see also gh-808.
2014-05-13 16:46:04 +01:00
Dave Syer
5dd77a725c Enable access log explicitly in sample 2014-05-12 10:51:47 +01:00
Christian Dupuis
c38f9bcdfa Add missing tests 2014-05-08 16:58:52 +02:00
Phillip Webb
decee8d871 Polish templates code 2014-04-30 21:36:09 +01:00
Dave Syer
27580e726f Add generic error handling to BasicErrorController
Since Spring supports gobal error handling through
@ControllerAdvice, it is quite easy to set up more meta-data
about an exception for the BasicErrorController. You need
to be careful not to swallow Security exceptions, and probably
others (optionally) so this feature needs a bit more work.

See gh-538
2014-04-29 15:23:28 +01:00
Phillip Webb
fad5ce45db Polish 2014-04-23 12:35:33 +01:00
Dave Syer
7b07fe8ce0 Convert remaining samples to use random port
Partial fix for gh-337. See also gh-607 which complements this, but might
conflict on a merge.
2014-04-17 20:29:04 -07:00
Dave Syer
f134e96053 Convert Actuator sample to dynamic ports 2014-04-17 17:36:09 -07:00
Dave Syer
72d7c286c0 Add Spring MVC-generated path suffixes to endpoint paths
Spring Security doesn't know that Spring MVC maps /foo, /foo.json
and /foo/ all to the same handler. This change explicitly adds
suffixes to the actuator endpoint matchers so they are properly
protected.
2014-04-03 14:03:09 +01:00
Phillip Webb
aca67066bf Rename RestTemplates to TestRestTemplate
Rename the RestTemplates to TestRestTemplate to help indicate that it's
primarily intended for testing. Also now extend RestTemplate to allow
direct use, rather than via factory methods.

Fixes gh-599
2014-03-27 11:22:03 -07:00
Phillip Webb
d117a6b22b Polish 2014-03-27 11:21:51 -07:00
Dave Syer
71c2c69c92 Return actual status code not 200 to machine client
Machine clients are much more fussy than browsers and we
should take care to preserve the HTTP status for them.

Fixes gh-596
2014-03-27 17:23:47 +00:00
Phillip Webb
d42bedf295 Rename @ConfigurationProperties attributes
Rename `name` to `prefix` and `path` to `locations`.
2014-03-24 11:44:52 -07:00
Phillip Webb
80ac1fb0cd Polish 2014-03-15 13:02:01 -07:00
Dave Syer
7a285cf65d Convert all sample tests to @IntegrationTest where appropriate
Makes them a lot more readable IMO, and also enables @Autowiring
from the context into the test case (sweeet). I added @DirtiesContext
to all of them as well to be on the safe side, but possbly that can be
optimized in some way as well.
2014-03-11 13:54:30 +00:00
Dave Syer
6657e3ef84 More care taken with management.contextPath
The management.contextPath property should now be respected in a
secure application, whether or not the management.port is different.

Added some test cases in the sample to verify.

Fixes gh-469
2014-03-10 16:28:13 +00:00
Dave Syer
7a452d5bc0 Fix test that fails because of pretty printing 2014-01-31 16:38:09 +00:00
Christian Dupuis
b641a0d2a5 Enable json pretty print in actuator sample 2014-01-31 12:16:17 +01:00
Phillip Webb
0160760568 Apply latest eclipse cleanup rules 2014-01-21 16:28:26 -08:00
Dave Syer
f448e79f29 Remove long package names from samples
Long package names are really unnecessary in samples and they
just clutter things up. Also Spring Loaded doesn't work with
org.sfw packages, so to demo that technology you need a
different package name.
2013-12-31 08:40:26 +00:00
Dave Syer
aa2b020660 Refactor metrics to expose richer feature set
Main user-facing interface is still Counter/GaugeService but the
back end behind that has more options. The Default*Services write
metrics to a MetricWriter and there are some variants of that, and
also variants of MetricReader (basic read-only actions).

MetricRepository is now a combination of MetricReader, MetricWriter
and some more methods that make it a bit more repository like.

There is also a MultiMetricReader and a MultiMetricRepository for
the common case where metrics are stored in related (often open
ended) groups. Examples would be complex metrics like histograms
and "rich" metrics with averages and statistics attached (which
are both closed) and "field counters" which count the occurrences
of values of a particular named field or slot in an incoming message
(e.g. counting Twitter hastags, open ended).

In memory and redis implementations are provided for the repositories.
Generally speaking the in memory repository should be used as a
local buffer and then scheduled "exports" can be executed to copy
metric values accross to a remote repository for aggregation.
There is an Exporter interface to support this and a few implementations
dealing with different strategies for storing the results (singly or
grouped).

Codahale metrics are also supported through the MetricWriter interface.
Currently implemented through a naming convention (since Codahale has
a fixed object model this makes sense): metrics beginning with "histogram"
are Histograms, "timer" for Timers, "meter" for Meters etc.

Support for message driven metric consumption and production are provided
through a MetricWriterMessageHandler and a MessageChannelMetricWriter.

No support yet for pagination in the repositories, or for HATEOAS style
HTTP endpoints.
2013-12-30 10:32:42 +00:00
Phillip Webb
dbec81cabe Disable jmx by default
Change JmxAutoConfiguration so that by default JMX exposure is not
enabled. This matches the Javdoc text.
2013-12-18 22:32:39 -08:00
Dave Syer
ab4dec58ef Rename packages in samples 2013-12-18 20:05:33 -08:00
Dave Syer
bcae284dd9 Add a shim Endpoint if management context is child
When management endpoints are on a different port the HandlerMappings
are restricted to a single EndpointHandlerMapping, so the error
controller (which is a normal @Controller with @RequestMappings) does
not get mapped.

Fixed by addinga shim Endpoint on "/error" that delegates to the
ErrorController (which interface picks up an extra method).
2013-12-05 09:56:00 +00:00
Dave Syer
2f6f88e370 Fix actuator sample for new shutdown property 2013-11-27 13:53:12 +00:00
Dave Syer
bd26b28aa5 Extract actuator security into separate classes
So spring-security + a web app is secure by default
(you don't need the actuator).
2013-11-21 16:47:29 +00:00
Christian Dupuis
95e68bf1a2 Prepare actuator sample to show how to use the telnet connector 2013-11-20 17:15:45 +01:00
Phillip Webb
64f32893bb Source format and clean-up 2013-11-16 00:08:18 -08:00
Phillip Webb
883fd9162f Polish 2013-11-16 00:08:17 -08:00
Christian Dupuis
6b599b8483 Add remote shell implementation based on crsh
This commit adds a new starter named spring-boot-starter-shell-crsh and auto configuration support to embed a system shell within Spring Boot applications.

The embedded shell allows clients to connect via ssh or telnet to the Boot app and execute commands. Commands can be implemented and embedded with app.

For sample usage see spring-boot-samples-actuator.
2013-11-04 17:22:02 +01:00
Dave Syer
63a2d06767 Explicitly disable security on management endpoints if requested
Previously the management endpoint filter was applied to all requests
if the user had disabled security.management.enabled, but since it
had no security applied it was letting all requests through.

The fix was to explicitly exclude the whole enclosing configuration
and carefully ignore the management endpoints in the normal security
chain.

Fixes gh-100.
2013-10-31 18:46:39 +00:00
Dave Syer
0498617411 Disable whitelabel view if Thymeleaf error.html detected 2013-10-23 10:48:14 -04:00
Dave Syer
f7fa63bcb4 Add status and error messages to /trace
[Fixes #57949108] [bs-323] Make sure /trace shows error responses
2013-10-01 14:48:07 -04:00