Prior to this commit, `EndpointRequest` exposed factory methods for
creating security matchers in the context of Actuator endpoints. This is
using the popular pattern matching approach for security matchers.
Such matchers are not as focused as method-level security and will match
the endpoint path itself (`"actuator/endpoint"`) as well as everything
beneath it (`"actuator/endpoint/**"`).
This commit improves the Javadoc and reference documentation to make
this behavior more explicit.
Closes gh-49520
This commit highlights that while "forwarded headers" support is enabled
automatically for cloud platforms, we generally assume that apps are
behind trusted HTTP proxies.
If this is not the case, app developers should disable this feature if
they choose to expose the application to direct Internet traffic.
Closes gh-49507
Prior to this commit, applying the "spring.main.cloud-platform=none"
property would apply this choice to the relevant auto-configuration
conditions, but the `CloudPlatform` enum itself would still signal that
cloud features like header forwarding is enabled.
This commit ensures that "NONE" disables such features.
Fixes gh-49478
Update `ConfigDataEnvironment` so `spring.config.import`
properties defined in environment or system properties
are ordered correctly.
See gh-49324
Signed-off-by: qnnn <qiunan@cmbchina.com>
Micrometer Tracing's bom isn't a pure bill of materials for the
Micrometer Tracing project as it also imports Micrometer's bom.
As Boot itself also imports Micrometer's bom this can lead to
conflicts when the versions do not all align. For example, at the
time of writing, Boot is using 1.5.10-SNAPSHOT of Micrometer Tracing
and trying to use 1.15.10-SNAPSHOT of Micrometer. This results in some
conflicts as the Micrometer Tracing bom imports 1.15.9 of the
Micrometer bom.
Closes gh-49456
Stéphane Nicoll
Andy Wilkinson
Brian Clozel
Sam Brannen
Moritz Halbritter
Phillip Webb
qnnn