As auto-configuration for Spring Security OAuth has been removed
from Spring Boot 2.0 and Spring Security 5 doesn't have OAuth
2.0 Authorization / Resource Server support yet, it has not
been obvious at all how to implement an OAUth 2.0 server with
Spring Boot 2.0.
For that reason, this new section briefly explains the current
temporary situation and points to the spring-security-oauth2-autoconfigure
module that restores the auto-configuration support for OAuth
2.0 Authorization and Resource Servers.
Closes gh-12491
Update `Map` and `Collection` binders to create a copy of the existing
collection whenever possible. Prior to this commit the binder would
always mutate the existing value and then call the setter with the
same instance. This could cause issues if the setter expected a
different instance.
Fixes gh-12322
Previously, the underlying RandomAccessDataFile was not closed when
the JarFile that was using it was closed. This causes a problem on
Windows as the open file handle prevents the file from being deleted.
This commit updates JarFile to close the underlying
RandomAccessDataFile when it is closed and has a JarFileType of
DIRECT.
Previously, when accessing the manifest of a jar file that maps to a
nested directory (BOOT-INF/classes) a new JarFile was created from the
root jar file, the manifest was retrieved, and the new JarFile was
closed. This could lead to the underlying RandomAccessDataFile being
closed while it was still in use.
This commit improves JarFile to retrieve the manifest from the
existing outer JarFile, thereby avoiding the need to create and close
a new JarFile.
Unfortunately, PropertiesLauncher creates a number of scenarios where
a JarFile with a type of direct is closed while it’s still being used.
To accommodate this behaviour, RandomAccessDataFile has been updated
so that it can re-open the underlying RandomAccessFile if it is used
after it has been closed.
Closes gh-12296
This commit disables the default HTML view in the WebFlux error handling
support when `server.error.whitelabel.enabled=false`.
In this case, the original exception will be forwarded down the stream
and handled by the default `WebExceptionHandler` provided by Spring
WebFlux (likely to respond a blank page and an error HTTP response
status).
Closes gh-12520