The default is now SecurityProperties.ACCESS_OVERRIDE_ORDER-1
(instead of 3), and the user can set it with
security.oauth2.resource.filter-order (as opposed to being hard
coded). The filter is provided by Spring OAuth2 so this change is
a BeanPostProcessor to call a setter on that object.
Fixes gh-5072
Upgrade to `hibernate-validator` 5.3.4 and introduce a new
`MessageInterpolatorFactory` that creates a suitable
`MessageInterpolator` (taking into account missing EL dependencies).
Rework `ConfigurationPropertiesBindingPostProcessor` and
`ValidationAutoConfiguration` to make use of the new factory.
Fixes gh-7598
This commit removes the automatic enabling of Redis as the Spring Session
store when it is available. This case is covered by a warning in `1.4.x`
that this commit removes as well.
Closes gh-7858
Previously, property `spring.jpa.database` should be provided. This
commit allows to detect the database when `spring.datasource.url` is
provided.
Closes gh-7708
Update `ImportAutoConfigurationImportSelector` to ignore excludes for
classes that aren't loaded. Since the import classes for tests tend to
be much more limited, the exception isn't really helpful.
Closes gh-6809
Update `CacheManagerCustomizers` to deal directly with
`ClassCastException` assuming that they are because a customizer is
implemented using a lambda.
Closes gh-7788
Update `CacheManagerCustomizers` to deal directly with
`ClassCastException` assuming that they are because a customizer is
implemented using a lambda.
Closes gh-7788
Update `@ImportAutoConfiguration` with support for an exclude attribute
that works in a similar way to `@EnableAutoConfiguration`.
Also update existing `@Test...` annotation with exclude attribute
aliases.
Fixes gh-6809
Update `TransactionManagerCustomizers` to deal directly with
`ClassCastExceptions` assuming that they are because a customizer is
implemented using a lambda.
See gh-7561
Add a `TransactionManagerCustomizer` callback interface that can be
used to customize auto-configured `PlatformTransactionManagers`.
Also update `...transaction.*` properties under a single unified
`spring.transaction...` key since the existing auto-configurations
would often share a transaction manager (the technology specific
transaction managers are `@ConditionalOnMissingBean` and may use
a manager created by a previous auto-configuration).
See gh-7561
Consistently use the simple name for ObjectProvider parameter and
field names. For example:
`ObjectProvider<Something> something`
rather than
`ObjectProvider<Something> somethingProvider`
Since the `JestClient` is auto-configured as a bean, it must have its
multi-threaded support enabled by default. This commit exposes a new
`spring.elasticsearch.jest.multi-threaded` property that is `true` by
default.
Closes gh-6806
Rework cb3d14a so that the customizer operates on the Builder rather than
the Cluster. The former exposes many more options.
See gh-7320
Closes gh-7669
Update Spring Integration auto-configuration so that
`@IntegrationComponentScan` from `AutoConfigurationPackages` is
implicitly applied. Prior to this commit `@MessagingGateway` interfaces
would only get picked up if `@IntegrationComponentScan` was added
alongside with the `@SpringBootApplication`.
Fixes gh-2037
Closes gh-7718
Update Spring Integration metrics support since Spring Integration
`4.3.6`+ no longer needs `spring-integration-jmx` enable
`MessageChannel`, `MessageHandler` and `MessageSource` metrics.
- Add `IntegrationManagementConfiguration` conditional auto-configuration
to provide `@EnableIntegrationManagement` when JMX is `enabled` or there
is no `IntegrationManagementConfigurer.MANAGEMENT_CONFIGURER_NAME` bean.
By default this bean doesn't exist and you explicitly should declare it
(e.g. via `@EnableIntegrationManagement`) if you would like to collect
metrics. At the same time Spring Integration enables it when JMX
management is present (that is a purpose of that new
`IntegrationManagementConfiguration`)
- Change `SpringIntegrationMetricReader` to read metrics from the
`IntegrationManagementConfigurer`, not `IntegrationMBeanExporter`
- Change `PublicMetricsAutoConfiguration` to register
`IntegrationManagementConfigurer.MANAGEMENT_CONFIGURER_NAME` bean if
not present. Since we are here in `actuator`, therefore we are
interested in the metrics for SI as well.
- Since we don't need JMX for the metrics any more, remove SI-JMX
dependency from the `spring-boot-starter-integration`.
- Remove `IntegrationManagementConfiguration` modification from the
`integrationMbeanExporter()`, since that looks like mutation of an
external object, when end-user would prefer their own options.
Therefore we don't need `ObjectProvider<IntegrationManagementConfigurer>`, too
- Add missed `MessageSourceMetrics` gathering for the
`SpringIntegrationMetricReader`
Closes gh-7722
Update KafkaProperties since Apache Kafka `0.10.1` changed the type
for the `ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG` from the
`Long` to `Integer`.
Kafka includes the following conversion logic:
case LONG:
if (value instanceof Integer)
return ((Integer) value).longValue();
if (value instanceof Long)
return (Long) value;
else if (value instanceof String)
return Long.parseLong(trimmed);
So we remain compatible with both `0.10.0` and `0.10.1`
Closes gh-7723
By configuring security.oauth2.client.grantType=client_credentials the
user signals that (even in a web application) he doesn't want to use
the auth code grant (and hence session and request scoped beans for
client context).
This commit improves ValidationAutoConfiguration so that a `Validator`
bean is exposed if JSR 303 is available. This has the side effect of
automatically enable Spring Data Couchbase's entity validation rather
than requiring to expose a `Validator` bean.
Closes gh-5178
Previously, ValidationAutoConfiguration would configure a
MethodValidationPostProcessor if any Bean Validation 1.0 or later
implementation was available, however the underlying infrastructure
requires Bean Validation 1.1 with any implementation or
Bean Validation 1.0 with Hibernate Validator 4.3.
This caused a problem on TomEE which uses Apache BVal, and Bean
Validation 1.0 implementation. Spring Framework would identify that
Bean Validaton 1.0 was being used and then try to load Hibernate
Validator classes that are not present.
This commit fixes the problem by requiring Bean Validation 1.1 before
auto-configuring a MethodValidationPostProcessor.
Closes gh-7665
Update `SpringBootWebSecurityConfiguration` to ignore requests by
delegating to `IgnoredRequestCustomizer` beans. This allows a single
Spring Boot `WebSecurityConfigurer<WebSecurity>` bean to be used which
prevents potential exceptions caused by duplicate `@Order` values.
Fixes gh-7106
Previously, if a user specifies a path to a schema or data DDL that does
not exist, the application will start up fine and the missing DDL would
not be reported.
This commit validates that user-defined resources actually exist and
throw a new `ResourceNotFoundException` if they don't.
Closes gh-7088
Previously, if `spring.couchbase.bootstrap-hosts` was specified in YAML
or with the `[Idx]` notation, the auto-configuration would not kick in.
This is due to a limitation of `@ConditionalOnProperty` on a property of
type Collection. This commit workarounds this limitation for now with a
dedicated condition.
Closes gh-7508
Checking for the presence of a `ValidationProvider` resource is
unfortunately not enough to trigger the validation auto-configuration.
If `hibernate-validator` is added on the classpath without a `javax.el`
implementation, the former will blow up on startup. So far this was a
pilot error so we didn't have to care about it. Now that we have an
auto-configuration that may lead to this error, we need to be extra
careful and check that scenario ourselves.
This commit adds an extra condition that runs as late as possible and
attempt to actually initialize a `Validator`. If that fails for whatever
reason, the auto-configuration will now back off.
Several additional tests have been added to exercise this scenario.
Closes gh-6228
Phillip Webb
Eddú Meléndez
Dave Syer
Stephane Nicoll
Johnny Lim
Kazuki Shimizu
Spring Buildmaster
Vedran Pavic
Artem Bilan
Marco Aust
Gary Russell
Andy Wilkinson
Madhura Bhave
Mark Paluch
Oscar Utbult