For the convenience of users who want to selectively override the
access rules in an application without taking complete control of the
security configuration we now have some constants:
* SecurityProperties.ACCESS_OVERRIDE_ORDER for overriding just the
application endpoint access rules
* ManagementServerProperties.ACCESS_OVERRIDE_ORDER for overriding the
application endpoint and management endpoint access rules
Fixes gh-803
This fixes a bug in the sample, where the AuthenticationManager it builds
is a local one for the filter chain containing "/login", whereas it was
expecting to override the Boot default, which is "global". The fix is
to extract the authentication configuration out into a
GlobalAuthenticationConfigurerAdapter.
Fixes gh-699
Long package names are really unnecessary in samples and they
just clutter things up. Also Spring Loaded doesn't work with
org.sfw packages, so to demo that technology you need a
different package name.
- Gather autoconfiguration conditional decisiions (true and false)
- Provide an actuator endpoint as one means to read the report
- Define @EnableAutConfigurationReport annotation to turn this feature on
- Tidy up autoconfig report a bit and log it if --debug=true
* Add integration tests for /error view
* Add "error" @Bean as default view for HTML
Users may see side effects because now there will be
a ContentNegotiatingViewResolver by default for the
first time in a vanilla Actuator app. Should be
interesting.
[Fixes#54597932] [bs-273] Circular view reference for /error
Example: web UI with publicly available static assets
# application.properties:
security.ignored: /css/**,/script/**
Example: web UI with publicly available everything, but secure
management endpoints.
# application.properties:
# Empty path for basic security (default is /**)
security.basic.path=
[Fixes#50721675]
User adds @OnManagementContext to a bean or @Configuration and
it should be included in the management context (if there is one)
whether it is the main context or a child.
Makes it easy to secure the management endpoints and keep
the rest open (see actuator-ui-sample).
[#50721675]
Phillip Webb
Phillip Webb
Dave Syer
Greg Turnquist
Phillip Webb
Dave Syer