Update ExecutableArchiveLauncher so that `-cp` URLs are not added
when they are already contained as nested JARs. This prevents a
SecurityException "signer information does not match error" when using
signed jars. The root cause of the issue was that the primary JAR file
was on the default classpath with the URL "file:....jar" and in the
main URL set as "jar:file:....jar". It is now filtered so that only
the "jar:" variant is added.
Fixes gh-1134
* The SpringApplicationBuilder was registering the parent context initializer
twice (not really a problem, but confusing if you are debugging).
* ParentContextApplicationContextInitializer itself should have been
checking that the current context is not the parent
* The EventPublishingRunListener as a result needs to call
setApplicationContext on any listeners that are AplicationContextAware
* ParentContextCloserApplicationListener can ensure that there is
only one of its kind per application context by implementing hashCode
and equals
Fixes gh-1142
Update the executable JAR code to automatically unpack any entries
which include an entry comment starting `UNPACK:` to the temp folder.
The existing Maven and Gradle plugins have been updated with new
configuration options and the `spring-boot-tools` project has been
updated to write the appropriate entry comment based on a flag passed
in via the `Library` class.
This support has been added to allow libraries such a JRuby (which
assumes that `jruby-complete.jar` is always accessible as file) to work
with Spring Boot executable jars.
Fixes gh-1070
Add a Library class update the LibraryCallback interface and
implementations to use it. This change is in preparation for
an addition `unpack` flag that will be required to allow the
automatic unpacking of certain nested jars.
See gh-1070
Update JarURLConnection to allow the resolution of items within a nested
jar, even if the jarFile passed to the connection is several levels up.
This prevent a connection from incorrectly resolving an entry against
the wrong jar file.
See gh-1070
bean from the registration of Jackson modules to avoid circular creation
of the default ObjectMapper bean (and thus failing to obtain the ObjectMapper
and registering the module(s)).
Fixes gh-1132
Tomcat 8 has different APIs again so it was quite difficult to
get it working and test it. The test is manual anyway (multi-module
project with JSPs in /META-INF/resources, not part of the samples),
and requires you to build a war and execute it (since the resource
paths are different when it's an archive).
Fixes gh-1131
Tweak 'fat jar' handling to generally improve performance:
- Allow JarURLConnection to throw a static FileNotFoundException when
loading classes. This exception is thrown many times when attempting
to load a class and is silently swallowed so there is no point in
providing the entry name.
- Expose JarFile.getJarEntryData(AsciiBytes) and store AsciiBytes in
the JarURLConnection. Previously AsciiBytes were created, discarded
then created again.
- Use EMPTY_JAR_URL for the JarURLConnection super constructor. The URL
is never actually used so we can improve performance by using a
constant.
- Extract JarEntryName for possible caching. The jar entry name
extracted from the URL is now contained in an inner JarEntryName
class. This could be cached if necessary (although currently it is
not because no perceivable performance benefit was observed)
Fixes gh-1119
Update JarFile to reuse the previously parsed entries when creating
filtered jars. This saves needing to re-scan the underlying file to
recreate a subset of entries.
See gh-1119
Drop JarEntryFilter arguments from the JarFile constructor and the
getNestedJarFile methods. Filtered JarFiles can still be obtained by
using the getFilteredJarFile() method.
This helps simplify the code a little and will make it easier to add
caching.
See gh-1119
In order to solve issues with multiple or incompatible AccessDecisionManagers, the CRaSH integration will now only delegate to an explicit shellAccessDecisionManager bean refs #1121
Adding an Order to the BeanPostProcessor and catching an exception
are enough to get a simple web app with @EnableGlobalMethodSecurity
and JDBC user details running. It actually doesn't solve an underlying
problem in Spring Security, but I'll deal with that separately.
See gh-1115
Update SolrAutoConfiguration to specifically require HttpSolrServer
and CloudSolrServer classes rather than the generic SolrServer.
This prevents the rather cryptic "@ConditionalOnMissingBean annotations
must specify at least one bean" error that can occur if an earlier
version of solr happens to be on the classpath (as is the case when
hibernate-search is used).
Fixes gh-1098
Spring Buildmaster
Phillip Webb
Dave Syer
Jonas Bergvall
Tadaya Tsuyukubo
Phillip Wirth
Christian Dupuis