Now that we're in the RC phase and close to release, we only want to
pick up maintenance releases of our managed dependencies. This commit
updates bomr's config accordingly.
Previously, the documentation did not describe how to combine
multiple security components when one component's
WebSecurityConfigurerAdapter or SecurityWebFilterChain would cause
the other components' beans of the same type to back off.
This commit adds a note that such cases should be handled by the user
defining their own WebSecurityConfigurerAdapter or
SecurityWebFilterChain that configures the use of all of the
components as required.
Closes gh-18507
This commit renames the `server.jetty.idle-timeout` property to
`server.jetty.thread-idle-timeout`, since there are other timeout
properties that are not tied to the threadpool configuration (e.g. the
connection idle timeout).
We might regroup thread-related properties in a dedicated group in the
future, see gh-18620.
Fixes gh-18615
Previously, the methods were named addServerProcessors and
setServerProcessors which wasn't aligned with them taking
socket factory processors (ServerRSocketFactoryProcessor) as an
argument.
This commit renames the methods to align them more closely with the
type of their arguments.
Closes gh-18617
Prior to this commit, all supported servers would share the same
configuration property `server.connection-timeout`. Unfortunately, in
many cases the behavior of this timeout changes depending on the server.
From actual connection setup timeout, to detecting and closing idle
connections, this property cannot be properly translated from one server
implementation to another.
This commit deprecates this configuration property and introduces server
specific properties:
* `server.jetty.connection-idle-timeout`
(Time that the connection can be idle before it is closed.)
* `server.netty.connection-timeout`
(Connection timeout of the Netty channel.)
* `server.tomcat.connection-timeout`
(Amount of time the connector will wait, after accepting a connection,
for the request URI line to be presented.)
* `server.undertow.no-request-timeout`
(Amount of time a connection can sit idle without processing a request,
before it is closed by the server.)
`server.connection-timeout` is now deprecated and will be removed in a
future release.
Fixes gh-18473
Previously, a WebSecurityConfigurerAdapter would be configured
irrespective of whether or not the user had provided their own
WebSecurityConfigurerAdapter. This then required them to use ordering
to diambiguate the configuration and made it harder to take complete
control of security configuration.
This commit updates the configuration of the SAML 2 login configurer
adapter to be conditional on missing bean, aligning it with other
security configuration such as the equivalent OAuth 2 configurer
adapter.
Closes gh-18530
Previously, when a NoSuchBeanDefinitionException was being analyzed,
the possibility of a missing @ConstructorBinding annotation on a
@ConfigurationProperties class was not considered.
This commit updates the failure analysis for failed constructor
injection of an instance of a @ConfigurationProperties-annotated
class. When such a failure occurs, adding @ConstructorBinding is
now suggested as an action.
Closes gh-18545
Due to a current limitation of Spring Framework, when bean metadata
caching is disabled, a merged bean definition may have a null
resolved factory method that would have been non-null if bean metadata
caching was enabled. Configuration property binding for @Bean methods
annotated with @ConfigurationProperties relied upon the resolved
factory method being enabled to find the @ConfigurationProperties
annotation and trigger property binding. As a result, when bean
metadata caching is disabled on the bean factory, such
@ConfigurationProperties beans would not be bound.
This commit works around the limitation by adding a fallback that
performs a reflection-based search for the factory method when the
resolved factory method on the bean definition is null. This allows
the bean's factory method and any @ConfigurationProperties annotation
on it to be found, ensuring that propoerty binding is then performed.
Fixes gh-18440
This commit adds a note to spring-boot-features.adoc to clarify that
using javadoc tags to format configuration property descriptions is not
supported.
See gh-18578
Andy Wilkinson
dreis2211
Spring Buildmaster
Brian Clozel
Johnny Lim
Stephane Nicoll
contextshuffling
Dave Syer
leoli
Rafiullah Hamedy