Colm O hEigeartaigh

It's an issue I raised on gitter already with the team: The Spring Boot actuator endpoint exposes endpoints like /heapdump. It allows any user to obtain a heapdump by calling...

In my opinion, it is safer to be "secure by default", even if Zipkin is not supposed to be deployed in an untrusted environment. By default, Zipkin exposes the actuator...

@reta What's the status of this PR?

> > @reta What's the status of this PR? > > @coheigea It looks abandoned, in general we need to make changes in a few places to prevent NPEs from...

The tests are failing in this module, and checkstyle as well: [ERROR] Failures: [ERROR] JsonMapObjectReaderWriterTest.testAlreadyEscapedBackslash:210 expected: but was: [ERROR] JsonMapObjectReaderWriterTest.testAlreadyEscapedDoubleQuotes:174

Don't worry about the build timing out. Any chance of modifying/adding some tests for these new features?

The unit tests have been modified, but I'd prefer to see a unit test added that (for example) failed with the old code but passes with the new code. Does...

The patch doesn't apply with the latest master code. I think it would be better to introduce a new configuration variable to support wildcard matching, rather than re-using JwtConstants.EXPECTED_CLAIM_AUDIENCE.

@reta, please hold off on the merge for a while, there are some things I need to check first with the PR.

@dtsybulka It's on my TODO list, but realistically it will be early in the new year before I can review it properly.