This commit updates CORS handling according to Framework changes
introduced via [1]. It also fixes tests according to the new behavior.
See gh-16410
[1] d27b5d0ab6.
Prior to this commit, exceptions nested in
`NestedServletExceptions` would not be recorded by the
`WebMvcMetricsFilter`. This commit ensures that exceptions
happening downstream (e.g. happening while writing the response
body itself) are properly recorded.
See https://github.com/micrometer-metrics/micrometer/issues/1190
See gh-16014
Update the `BaseConfiguration` class in `ScheduledTasksEndpointTests`
to be package private so that it can be enhanced by cglib.
Prior to merge commit 361437f4 the class was a lite configuration so
it didn't matter that it was a private class.
loadOnStartup property was missing from EndpointServlet and cannot be set
inside ServletEndpointRegistrar. Now it can be set and register a Servlet
with that integer property ready to act upon registration.
See gh-16053
When Spring Security is misconfigured it's possible to switch from an anonymous user
to a normal user. When switching back again, the corresponding
AuthenticationSwitchUserEvent will have a null target user. Previously, Actuator's
AuthenticationAuditListener would throw a NullPointerException when it received such an
event.
This commit updates the audit listener to defensively handled events with a null target
user.
Closes gh-15767
Prior to this commit, the `HttpTraceWebFilter` would collect the
response information (status and headers) for tracing purposes, after
the handling chain is done with the exchange - inside a
`doAfterSuccessOrError`.
Once the handler has processed the exchange, there is no strong
guarantee about the HTTP resources being still present. Depending on the
web server implementation, HTTP resources (including HTTP header maps)
might be recycled, because pooled in the first place.
This commit moves the collection and processing of the HTTP trace right
before the response is committed. This removes the need to handle
special cases with exceptions, since by that time all exception handlers
have processed the response and the information that we extract is the
information that's about to be written to the network.
Fixes gh-15819
