Document Cloud Foundry actuator endpoint support

Add a Cloud Foundry specific section to "Production Ready Features". See gh-7108
2024-08-29 03:06:45 +08:00 · 2017-01-03 17:27:14 -08:00 · 2017-01-03 17:27:14 -08:00 · 7c51941578
commit 7c51941578
parent 2fe4d60b47
2 changed files with 113 additions and 0 deletions
--- a/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
+++ b/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
@ -1539,6 +1539,67 @@ customize the file name and path via the `Writer` constructor.



+[[production-ready-cloudfoundry]]
+== Cloud Foundry support
+Spring Boot's actuator module includes additional support that is activated when you
+deploy to a compatible Cloud Foundry instance. The `/cloudfoundryapplication` path
+provides an alternative secured route to all `NamedMvcEndpoint` beans.
+
+The extended support allows Cloud Foundry management UIs (such as the web
+application that you can use to view deployed applications) to be augmented with Spring
+Boot actuator information. For example, an application status page may include full health
+information instead of the typical "`running`" or "`stopped`" status.
+
+NOTE: The `/cloudfoundryapplication` path is not directly accessible to regular users.
+In order to use the endpoint a valid UAA token must be passed with the request.
+
+
+
+[[production-ready-cloudfoundry-disable]]
+=== Disabling extended Cloud Foundry actuator support
+If you want to fully disable the `/cloudfoundryapplication` endpoints you can add the
+following to your `application.properties` file:
+
+
+.application.properties
+[source,properties,indent=0]
+----
+	management.cloudfoundry.enabled=false
+----
+
+
+
+[[production-ready-cloudfoundry-ssl]]
+=== Cloud Foundry self signed certificates
+By default, the security verification for `/cloudfoundryapplication` endpoints makes SSL
+calls to various Cloud Foundry services. If your Cloud Foundry UAA or Cloud Controller
+services use self-signed certificates you will need to set the following property:
+
+.application.properties
+[source,properties,indent=0]
+----
+	management.cloudfoundry.skip-ssl-validation=true
+----
+
+
+
+[[production-ready-cloudfoundry-custom-security]]
+=== Custom security configuration
+If you define custom security configuration, and you want extended Cloud Foundry actuator
+support, you'll should ensure that `/cloudfoundryapplication/**` paths are open. Without
+a direct open route, your Cloud Foundry application manager will not be able to obtain
+endpoint data.
+
+For Spring Security, you'll typically include something like
+`mvcMatchers("/cloudfoundryapplication/**").permitAll()` in your configuration:
+
+[source,java,indent=0]
+----
+include::{code-examples}/cloudfoundry/CloudFoundryIgnorePathsExample.java[tag=security]
+----
+
+
+
 [[production-ready-whats-next]]
 == What to read next
 If you want to explore some of the concepts discussed in this chapter, you can take a
--- a/spring-boot-docs/src/main/java/org/springframework/boot/cloudfoundry/CloudFoundryIgnorePathsExample.java
+++ b/spring-boot-docs/src/main/java/org/springframework/boot/cloudfoundry/CloudFoundryIgnorePathsExample.java
@ -0,0 +1,52 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.cloudfoundry;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+/**
+ * Example for custom Cloud Foundry actuator ignored paths.
+ *
+ * @author Phillip Webb
+ */
+public class CloudFoundryIgnorePathsExample {
+
+	@Configuration
+	static class CustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+		// @formatter:off
+		// tag::security[]
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			http
+				.authorizeRequests()
+					.mvcMatchers("/cloudfoundryapplication/**")
+						.permitAll()
+					.mvcMatchers("/mypath")
+						.hasAnyRole("SUPERUSER")
+					.anyRequest()
+						.authenticated().and()
+				.httpBasic();
+		}
+		// end::security[]
+		// @formatter:on
+
+	}
+
+}