Exclude `@ConfigurationProperties` beans from method validation so
that `@Validated` can be used on final classes without the method
validation post-processor throwing an exception.
This commit introduces a `FilteredMethodValidationPostProcessor` class
which will use `MethodValidationExcludeFilters` to exclude beans from
method validation processing. Using `@EnableConfigurationProperties`
will automatically register an appropriate filter.
Closes gh-21454
Replace `WebSecurityConfigurer` and `WebSecurityConfigurerAdapter`
configurations with `WebSecurityCustomizer` or `SecurityFilterChain`
beans.
Closes gh-23421
Previously, the base path of a servlet-based management server could be
configured using management.server.servlet.context-path but there was no
equivalent property for WebFlux.
This commit introduces a new property, management.server.base-path,
that can be used with both servlet and reactive management servers. The
existing servlet-specific property has been deprecated in favour of the
new general property. When using the servlet stack, if both the general
property and the servlet-specific property are set, the new general
property takes precedence. When using the reactive stack, only the new
general property is considered.
Closes gh-22906
Refactor `ConfigData` processing code to make it less awkward to
follow.
Prior to this commit the `ConfigDataLocationResolver` would take a
String location and return a `ConfigDataLocation` instance. This was
a little confusing since sometimes we would refer to `location` as the
String value, and sometimes it would be the typed instance. We also
had nowhere sensible to put the `optional:` prefix logic and we needed
to pass a `boolean` parameter to a number of methods. The recently
introduced `Orgin` support also didn't have a good home.
To solve this, `ConfigDataLocation` has been renamed to
`ConfigDataResource`. This frees up `ConfigDataLocation` to be used
as a richer `location` type that holds the String value, the `Orgin`
and provides a home for the `optional:` logic.
This commit also cleans up a few other areas of the code, including
renaming `ResourceConfigData...` to `StandardConfigData...`. It also
introduces a new exception hierarchy for `ConfigDataNotFoundExceptions`.
Closes gh-23711
Constructor calls like new AtomicInteger(0) cause a volatile write that
can be saved in cases where the constructor parameter is the default
value.
See gh-23575
Previously, the default servlet was registered automatically when using
embedded Jetty, Tomcat, or Undertow. However, it is not used by the
majority of applications where Spring MVC's DispatcherServlet will be
the only servlet that's needed. As such configuring the default servlet
was wasting CPU and memory.
This commit changes the default for registering the default servlet to
false. It can be re-enabled by setting
server.servlet.register-default-servlet=true.
Closes gh-22915
Refactor `BootstrapRegistry` support following initial prototype work
with the Spring Cloud team.
This update splits the `BootstrapRegistry` API into `BootstrapRegistry`,
`BootstrapContext` and `ConfigurableBootstrapContext` interfaces and
moves it to the same package as `SpringApplication`.
A new `Bootstrapper` interface has been introduced that can be added
to the `SpringApplication` to customize the `BootstrapRegistry` before
it's used.
Closes gh-23326
Previously, the project version was included in the name of the
Ant-built jar and the integration test assumed that there would be a
single jar in the output directory. This assumption did not hold true
if the project's version had changed and the project had been built
again without a clean. This resulted in two jars, one for the previous
version and one for the current version, in the output directory. This
caused a test failure.
This commit updates the build.xml to remove the version from the name
of the Ant-built jar and updates the integration test to find it.
Closes gh-22782
This commit adapts the auto-configuration for the new core r2dbc support
in Spring Framework and provides auto-configuration for
R2dbcEntityOperations.
Closes gh-22708
This commit also switches to RSocket SNAPSHOTs and updates the
repository configuration to rely on "libs-snapshot", since the RSocket
SNAPSHOTs are mirrored there.
See gh-22640
Deprecate `ConfigFileApplicationListener` and provide a replacement
mechanism that supports arbitrary config data imports.
This commit updates the following areas:
- Extract `EnvironmentPostProcessor` invocation logic from the
`ConfigFileApplicationListener` to new dedicated listener. Also
providing support for `Log` injection.
- Extract `RandomPropertySource` adding logic from the
`ConfigFileApplicationListener` to a dedicated class.
- Migrate to the recently introduced `DefaultPropertiesPropertySource`
class when moving the defaultProperties `PropertySource`
- Replace processing logic with a phased approach to ensure that
profile enablement happens in a distinct phase and that profiles
can no longer be activated on an ad-hoc basis.
- Provide a more predictable and logical import order for processing
`application.properties` and `application.yml` files.
- Add support for a `spring.config.import` property which can be used
to import additional config data. Also provide a pluggable API
allowing third-parties to resolve and load locations themselves.
- Add `spring.config.activate.on-profile` support which replaces the
existing `spring.profiles` property.
- Add `spring.config.activate.on-cloud-platform` support which allows
a config data document to be active only on a given cloud platform.
- Support a `spring.config.use-legacy-processing` property allowing the
previous processing logic to be used.
Closes gh-22497
Co-authored-by: Madhura Bhave <mbhave@vmware.com>
Previously, Spring Boot's modules published Gradle Module Metadata
(GMM) the declared a platform dependency on spring-boot-dependencies.
This provided versions for each module's own dependencies but also had
they unwanted side-effect of pulling in spring-boot-dependencies
constraints which would influence the version of other dependencies
declared in the same configuration. This was undesirable as users
should be able to opt in to this level of dependency management, either
by using the dependency management plugin or by using Gradle's built-in
support via a platform dependency on spring-boot-dependencies.
This commit reworks how Spring Boot's build uses
spring-boot-dependencies and spring-boot-parent to provide its own
dependency management. Configurations that aren't seen by consumers are
configured to extend a dependencyManagement configuration that has an
enforced platform dependency on spring-boot-parent. This enforces
spring-boot-parent's version constraints on Spring Boot's build without
making them visible to consumers. To ensure that the versions that
Spring Boot has been built against are visible to consumers, the
Maven publication that produces pom files and GMM for the published
modules is configured to use the resolved versions from the module's
runtime classpath.
Fixes gh-21911
Prior to this commit, there was a property server.error.include-details
that allowed configuration of the message and errors attributes in a
server error response.
This commit separates the control of the message and errors attributes
into two separate properties named server.error.include-message and
server.error.include-binding-errors. When the message attribute is
excluded from a servlet response, the value is changed from a
hard-coded text value to an empty value.
Fixes gh-20505
This commit updates HazelcastHealthIndicator and
HazelcastCacheMeterBinderProvider so that they work with
Hazelcast 4 while retaining compatibility with Hazelcast 3. Reflection
is used when necessary.
This commit also adds a smoke test that validates those features are
working when Hazelcast 4 is on the classpath.
Closes gh-21169
Prior to this commit, default error responses included the message
from a handled exception. When the exception was a BindException, the
error responses could also include an errors attribute containing the
details of the binding failure. These details could leak information
about the application.
This commit removes the exception message and binding errors detail
from error responses by default, and introduces a
`server.error.include-details` property that can be used to cause
these details to be included in the response.
Fixes gh-20505
Rename the SAML `singleSignOn` nested property to `singleSignOn` so
that we don't get problems when using uppercase environment variable
names.
See gh-20584
This commit adds a section to the reference guide on how to initialize
a database using R2DBC. 2 smoke tests are also added to validate this
behaviour with Flyway and Liquibase.
Closes gh-20742
The upgrade to the Couchbase SDK v3 changed how errors are reported
when the cluster is not available. This commit updates the check to
look for the new exception in the hope a more solid check can be found
shortly.
This commit upgrades to the Couchbase SDK v3 which brings the following
breaking changes:
* Bootstrap hosts have been replaced by a connection string and the
authentication is now mandatory.
* A `Bucket` is no longer auto-configured. The
`spring.couchbase.bucket.*` properties have been removed
* `ClusterInfo` no longer exists and has been replaced by a dedicated
API on `Cluster`.
* `CouchbaseEnvironment` no longer exist in favour of
`ClusterEnvironment`, the customizer has been renamed accordingly.
* The bootstrap-related properties have been removed. Users requiring
custom ports should supply the seed nodes and initialize a Cluster
themselves.
* The endpoints-related configuration has been consolidated in a
single IO configuration.
The Spring Data Couchbase provides an integration with the new SDK. This
leads to the following changes:
* A convenient `CouchbaseClientFactory` is auto-configured.
* Repositories are configured against a bucket and a scope. Those can
be set via configuration in `spring.data.couchbase.*`.
* The default consistency property has been removed in favour of a more
flexible annotation on the repository query methods instead. You can now
specify different query consistency on a per method basis.
* The `CacheManager` implementation is provided, as do other stores for
consistency so a dependency on `couchbase-spring-cache` is no longer
required.
See gh-19893
Co-authored-by: Michael Nitschinger <michael@nitschinger.at>
Unfortunately, while redundant for new applications, removing the
leading slash adversely affected existing application upon upgrades as
it caused Liquibase to re-apply every change log.
Closes gh-20177
Update all dependencies declarations to use the form `scope(reference)`
rather than `scope reference`.
Prior to this commit we declared dependencies without parentheses unless
we were forced to add them due to an `exclude`.
Replace Gradle single quote strings with the double quote form
whenever possible. The change helps to being consistency to the
dependencies section where mostly single quotes were used, but
occasionally double quotes were required due to `${}` references.
Previously, we were adding dependencies to Ant's ClassLoader within
Gradle. It is suspected that this was causing sporadic loader
contraint violations as types that Gradle itself uses (from Commons
Compress) were then available from two different ClassLoaders.
This commit reworks the Ant smoke test to use JavaExec and Ant's
launcher to run the build. This allows us to make the necessary
dependencies available to Ant in an isolated manner. The javac
invocation within Ant is now forked to allow it to find the tools jar
even when the build itself is running on a JRE.
Closes gh-19839
This paves the way for publishing Gradle module metadata once the
problem caused by snapshot versions and our two-step publication
process has been addressed.
See gh-19609
This reverts commit b34a311d02 as,
having disabled the publishing of Gradle's module metadata (4f75ab5),
the changes are no longer needed.
See gh-19609
Previously, enforcedPlatform dependencies were using to pull in the
constraints defined in spring-boot-dependencies and
spring-boot-parent and applied them strictly so that the constrained
version had to be used. This worked as intended in Spring Boot's own
build but incorrectly enforced those same strict version requirements
on external consumers of Spring Boot's modules.
This commit reworks how Spring Boot defines its internal dependency
management so that platform dependencies are exposed to external
consumers while enforced platform dependencies are using internally.
See gh-19609
This commit removes the validation starter from the web and
webflux starters - we've reconsidered that choice since many were
not using this feature as part of their default web experience.
Thit commit also changes the default EL implementation for the
Jakarta implementation, aligning all servers on it and simplifying
dependency management (especially exclusions that were required
previously).
Closes gh-19550
If the bean definition type contains a placeholder value, beanFactory.getType
can throw a CannotLoadBeanClassException. We can ignore this exception while
validating the bean definitions for constructor binding beans.
Fixes gh-19207
Allow legacy actuator endpoint IDs that contain dots to be transparently
migrated to the new format. This update will allow Spring Cloud users
to proactively migrate from endpoints such as `hystrix.stream` to
`hystrixstream`.
Closes gh-18148
Add support for a `spring.banner.image.pixelmode` property which can
be set to `block` to use unicode block characters when rendering image
banners.
Closes gh-18301
Previously, MetaInfResourceManager that we use with Undertow to serve
static resources from jar's META-INF/resources did not correctly
handle characters in the path that should be percent-encoded when
used in a URL.
This commit updates MetaInfResourceManager to encode the path before
it is used to create a URL. Prior to this encoding, encoded slashes
(%2F) are decoded as, unlike other encoded characters in the request's
URL, encoded slashes are not decoded prior to calling the
ResourceManager.
Fixes gh-17853
Update the `HealthEndpoint` to support health groups. The
`HealthEndpointSettings` interface has been replaced with
`HealthEndpointGroups` which provides access to the primary group
as well as an optional set of additional groups.
Groups can be configured via properties and may have custom
`StatusAggregator` and `HttpCodeStatusMapper` settings.
Closes gh-14022
Co-authored-by: Stephane Nicoll <snicoll@pivotal.io>
Apply checkstyle rule to ensure that private and package private
classes do not have unnecessary public methods. Test classes have
also been unified as much as possible to use default scoped
inner-classes.
Closes gh-7316
Previously, if a class was added and then changed, a restart would be triggered
and things would behave as if the class had been deleted. This occurred
because, when looking for additional classes that were not on the original
classpath, only files that had been added were considered. The subsequent
change to the class was noticed as a modified rather than an addition,
resulting in the class being skipped.
This commit updates the resource resolver to only ignore deleted files and
consider both added files and modified files when looking for additional
resources.
Closes gh-14205
Switch surefire configuration so that forking isn't used. This seems to
prevent the "Corrupted STDOUT by directly writing to native stream"
errors and will hopefully reduce failures on the CI server.
See gh-12689
Move `ApplicationHome`, `ApplicationPid` and `ApplicationTemp` to the
`system` package. Since `system` package is now much lower level, the
existing `FileWriter` implementations also needed to move to prevent
package tangles.
Fixes gh-8614
Add a new `WebServerApplicationContext` interface that provides a common
abstraction for all application contexts that create and manage the
lifecycle of an embedded `WebServer`.
Allows server namespaces to become a first-class concept (rather
subverting `ConfigurableWebApplicationContext.getNamespace()`) and
allow us to drop `getServerId()` from `WebServerInitializedEvent`.
Also helps to improve `ManagementContextAutoConfiguration` and
`ManagementContextFactory`.
Fixes gh-11881