Add a Java implementation of the buildpacks.io specification allowing
projects to be packaged into OCI containers. The `builder` class
provides a Java equivalent of `pack build` command and is based on
the `pack` CLI Go code published at https://github.com/buildpacks/pack.
Closes gh-19828
This commit deprecates the only public accessor to
`CacheOperationInvoker` so that we can make the entire class package
private in the next feature release.
Closes gh-19089
Support an alternative fat jar format that is more amenable to Docker
image layers.
The new format arranges files in the following structure:
BOOT-INF/
layers/
<layer-name #1>
/classes
/lib
<layer-name #2>
/classes
/lib
The `BOOT-INF/layers.idx` file provides the names of the layers and the
order in which they should be added (starting with the least changed).
The `JarLauncher` class can load layered jars in both fat and exploded
forms.
Closes gh-19767
Co-authored-by: Phillip Webb <pwebb@pivotal.io>
Update the `Repackager` class so that an additional `classpath.idx` file
is written into the jar that provides the original order of the
classpath. The `JarLauncher` class now uses this file when running as
an exploded archive to ensure that the classpath order is the same as
when running from the far jar.
Closes gh-9128
Co-authored-by: Phillip Webb <pwebb@pivotal.io>
The JarFile was not being closed which linked a file handle and caused
a test failure on Windows.
The local variable has been renamed as, when declared in a
try-with-resources, Checkstyle was confused by the shadowing of the
jarFile field and required references to jarFile within the try-block
the be prefixed with this.
See gh-19595
This paves the way for publishing Gradle module metadata once the
problem caused by snapshot versions and our two-step publication
process has been addressed.
See gh-19609
This reverts commit b34a311d02 as,
having disabled the publishing of Gradle's module metadata (4f75ab5),
the changes are no longer needed.
See gh-19609
This commit maps 'spring.cache.redis.key-prefix' to the new
'prefixCacheNameWith' method introduced in Spring Data Neumann. This
makes sure that the configured prefix includes the cache name.
Closes gh-16676
Previously, enforcedPlatform dependencies were using to pull in the
constraints defined in spring-boot-dependencies and
spring-boot-parent and applied them strictly so that the constrained
version had to be used. This worked as intended in Spring Boot's own
build but incorrectly enforced those same strict version requirements
on external consumers of Spring Boot's modules.
This commit reworks how Spring Boot defines its internal dependency
management so that platform dependencies are exposed to external
consumers while enforced platform dependencies are using internally.
See gh-19609
The Elasticsearch transport client has been deprecated since Spring Boot
2.2.0 and is about to be removed from Spring Data Elasticsearch and
Elasticsearch itself in their next major releases.
The available REST client support variants are now the preferred way of
using Elasticsearch features.
Closes gh-19668
Prior to this commit, requests made by `HttpRequestInterceptor`
instances configured on `RestTemplate` would not be recorded
properly.
This commit ensures that nested requests are recorded separately.
See gh-19381
Enforcing the spring-boot-dependencies platform makes for too strong
an opinion about the version of Kotlin that should be on the build
script's classpath. It clashes with the version of Kotlin that's
embedded in Gradle and used with Gradle's Kotlin DSL.
This commit switches to a normal platform (rather than an enforced
platform) which allows it to express an opinion about the version of
Kotlin without making it a strict requirement.
Closes gh-19609
This commit removes the validation starter from the web and
webflux starters - we've reconsidered that choice since many were
not using this feature as part of their default web experience.
Thit commit also changes the default EL implementation for the
Jakarta implementation, aligning all servers on it and simplifying
dependency management (especially exclusions that were required
previously).
Closes gh-19550
Prior to this commit, HTTP client builders auto-configured by Spring
Boot would be eagerly instantiating resources, even if those were not
used by the application.
This commit makes the `RestTemplateBuilder` bean as Lazy.
`WebClient.Builder` was already a prototype bean, but some of its
dependencies could consume resources, like the `HttpClientConnector` and
the related infrastructure. This commit makes those pieces lazy.
Note that since those components are meant to help instantiate actual
HTTP clients for application components, making them lazy won't make any
difference at runtime since they'll be used during context refresh, or
they won't be used at all.
Closes gh-19549
Prior to this commit, active profiles were being added to the Spring Boot
application environment by setting the `spring.profiles.active` property.
This could result in profiles getting parsed differently than other uses of `@ActiveProfiles`.
Setting the profiles directly in the `Environment` prevents this parsing.
See gh-19556
Prior to this commit, the `ErrorController` would override the original
error response status if the error map cannot be written due to content
negotiation with the HTTP client. In that case, the error handling
infrastructure returns a `406 Not Acceptable` response.
This commit improves the `ErrorController` so that
`HttpMediaTypeNotAcceptableException` instances thrown by that
controller are not returned as is but instead we write the error
response with an empty body and the original HTTP error status.
Fixes gh-19545
See gh-19522
Prior to this commit, there was no distinction between explicitly setting
forward headers strategy to a value of NONE and not setting it at all.
This meant that in a cloud environment, a cloud provider was always checked
to see if it was active and using forward headers and there was no way to
prevent that.
This commit changes the default value of the property to null so that there
is a way to determine if the property was explicitly set to NONE.
Fixes gh-19333
Prior to this commit, the `ErrorController` would override the original
error response status if the error map cannot be written due to content
negotiation with the HTTP client. In that case, the error handling
infrastructure returns a `406 Not Acceptable` response.
This commit improves the `ErrorController` so that
`HttpMediaTypeNotAcceptableException` instances thrown by that
controller are not returned as is but instead we write the error
response with an empty body and the original HTTP error status.
Fixes gh-19522
Prior to this commit, the Couchbase auto-configuration would use the
bucket credentials when RBAC is configured. This commit ensures that
RBAC is used in that case.
This commit also adds new configuration properties to customize the
bootstrap ports for Couchbase:
* `spring.couchbase.env.bootstrap.http-direct-port`
* `spring.couchbase.env.bootstrap.http-ssl-port`
Fixes gh-19393
This commit fixes the setup of tests using component scan. Previously,
a configuration used an include filter to only include a particular
configuration class in a given package. Unfortunately, include filters
do not prevent regular filters by default and the definition did not
have the intended behaviour.
This commit disables default filters so that only the specified include
filter is applied.
This commit movers the auto-configuration of RabbitTemplate to a
dedicated class that can be reused to create additional template with
similar settings.
CLoses gh-19440
This commit migrates JobLauncherCommandLineRunner to an
ApplicationRunner implementation. The latter allows to parse option
arguments (i.e. `--spring.something=value`) and makes it easy to ignore
arguments that are not meant to be passed to batch jobs.
Closes gh-19442
Update `AutoConfigureAnnotationProcessor` to ensure that the generated
properties file is fully repeatable. Properties are now sorted and
written out directly to ensure that the timestamp comment is not
present.
Closes gh-19370
- Previously, we would create a JarFileArchive for all nested jars.
This was an additional overhead. We only need to create a JarFileArchive
for jars that can have nested jars in them. For all other jars we only need
the URL to build the classpath.
- While iterating over nested entries in the exploded jar, we only need to
look at BOOT-INF and we can skip any entry that does not match that.
Closes gh-16655
Co-authored-by: Phillip Webb <pwebb@pivotal.io>
This commit improves the LDAP auto-configuration to detect if a
DirContextAuthenticationStrategy bean is defined and, if so, associates
it with the auto-configured `LdapContextSource`.
See gh-19328
If the bean definition type contains a placeholder value, beanFactory.getType
can throw a CannotLoadBeanClassException. We can ignore this exception while
validating the bean definitions for constructor binding beans.
Fixes gh-19207
Previously, the endpoint used the same change log history service for
for each SpringLiquibase bean that it processed. This resulted in
pollution of the reported changes as the history of each bean was not
isolated.
This commit updates the endpoint to use a new history service for each
SpringLiquibase bean that is processed.
See gh-19171
Previously, reflective access to the archiveBaseName property
incorrectly treated the property as a String. It should have been
treated as a Property<String>. This caused an exception to be thrown
and the deprecated baseName property to be used as a fallback.
This commit corrects the reflective access to the archiveBaseName
property. It also updates the tests to fail if a build outputs a
deprecation warning. Tests that use Gradle's Maven plugin have been
updated to expect deprecation warnings when run with Gradle 6.0 where
the plugin is deprecated. Tests that configure an archive's base name
have been updated to use archiveBaseName when running with Gradle 6.0
and later.
Closes gh-18663
In general we do not recommend using @PropertySource due to them being
added to the environment too late for auto-configuration to use them. This
commit updates the documentation to mention them in the list of external
sources along with a note.
Closes gh-18900
There is a direct link between the sslEnabled flag and the default port
that should be used by an address. The checks are currently set in two
places:
* Determine which port should be used
* Determine if SSL should be enabled
This commit polishes the initial proposal so that secureConnection is
only set if a protocol is available.
See gh-19109
Prior to this commit, ApiVersion was treated as a mandatory parameter in
CachingOperationInvokerAdvisor and thus prevented the
CachingOperationInvoker to kick in. By skipping ApiVersion in the same
way we're skipping SecurityContext we can avoid this.
In order to not return the same cached response, this commit also
changes the cache handling in CachingOperationInvoker to account for
different ApiVersions being passed.
See gh-18961
Previously, our Gradle plugin was not tested against Gradle 6.0,
a number of deprecation warnings were output when using the plugin
with Gradle 6, and some functionality related to the application
plugin did not work as expected.
This commit tests the plugin against Gradle 6. It also avoids calling
deprecated APIs. The plugin is compatibile against Gradle 4.10 where
the deprecated APIs' replacements are not available so reflection is
used to call the replcaements. Lastly, the way in which the base name
of the boot distribution that is created when the application plugin
is applied has been modified to ensure that it is effective when using
Gradle 6.
Closes gh-18663
Previously, when RunProcess handled a SIGINT it would immediately
attempt to destroy the process that it had run. This created a race
condition between the SIGINT being handled by the child process
and RunProcess destroying the child. The exact behavior of destroy
is implementation dependent and it may result in forcible termination
of the process where shutdown hooks are not called. This is what
happens on Windows. The exit code in such a case is 1 which prevents
anything from waiting for the process to complete from detecting
that it ended as a result of a SIGINT, leaving it with no choice but
to report an error. This is what happens with mvn spring-boot:run
with a forked process on Windows and results in the build failing.
This commit updates RunProcess to allow the child process to handle
the SIGINT itself, waiting for up to five seconds for that to happen
before the process is then destroyed. Given this time, the child
process exits with 130 which RunMojo already handles correctly as
indicating that the process died due to SIGINT and the build completes
with success as a result.
Fixes gh-18936
Previously, whitespace in between the keys and values in the JSON was
not trimmed correctly in BasicJsonParser which lead to it incorrectly
parsing JSON with whitespace between the opening of a list ([) and the
opening of a map ({).
This commit updates the parser to trim unwanted whitespace and adds a
test to AbstractJsonParserTests to verify the whitespace handling
behaviour across all JsonParser implementations.
Closes gh-18911
Previously @ServletComponentScan did not work when there was a
component index on the classpath as it made an assumption about
the concrete type of the BeanDefinitions produced by scanning that
does not hold true when an index is present.
This commit updates the scanning and the handlers to correct the
assumpution by working with a bean definition type that is produced
by scanning both when there is and when there is not an index present.
To prevent the problem from reoccuring, a test that uses and index
has been added and the import of ScannedGenericBeanDefinition is now
prohibited by Checkstyle.
Closes gh-18910
This commit makes sure that the health endpoint returns a default health
status when no contributors are available. Previously, it was returning
`null` which leads to a 404 when exposed via HTTP.
Closes gh-18676
Prior to this commit constructor bound configuration properties could
not be mocked because it would fail validation from
ConfigurationPropertiesBeanDefinitionValidator. The MockitoPostProcessor
registers the mocked bean as a singleton and validation can be skipped if a
singleton for the type is found in the bean factory.
Fixes gh-18652
This commit fixes a few bugs related to constructor binding.
The ContructorFilter on the Bindable has been replaced with a
Binder level BinderConstructorProvider so that it can be used to
determine the constructor to use for nested properties as well.
Fixes gh-18810
Fixes gh-18670
Closes gh-18685
Closes gh-18894
Co-authored-by: Phillip Webb <pwebb@pivotal.io>
Previously, when the configuration properties annotation processor
encountered a property that was the same as an outer type that had
already been processed, it would fail with a stack overflow error.
This commit introduces the use of a stack to track the types that
have been processed. Types that have been seen before are skipped,
thereby preventing a failure from occurring. We do not fail upon
encountering a recursive type to allow metadata generation to
complete. At runtime, the recursive property will not cause a problem
if it is not bound.
Fixes gh-18365
Previously, the documentation did not provide any guidance on using
Jersey alongside Spring MVC or any other web framework.
This improves the documentation in two ways:
1. It notes that, in the presence of both Jersey and Spring MVC, the
Actuator will prefer Spring MVC for exposing HTTP endpoints.
2. It adds a how-to describing how to configure Jersey to forward
requests for which it has no handler on to the rest of the filter
chain. When Spring MVC is the other framework, this allows them to
be handled by its dispatcher servlet.
Closes gh-17523
This commit is a continuation of the work done in 987a5f81. In
addition to developers and licenses that are covered in the earlier
commit, a number of other settings are still inherited from the
starter parent. This commit updates the documentation to show them
being overridden as well.
Closes gh-18532
Previously, @EndpointFilter would only have an effect when used as
an annotation or meta-annotation on the endpoint class itself. It
would have no effect when used on a super-class of the endpoint
bean's class.
This commit updates EndpointDiscoverer so that an @EndpointFilter
annotation or meta-annotation on a super-class will be found and
applied to the discovery process. This is achieved by using find…
rather than get… when retrieving the attributes for the EndpointFilter
annotation.
Fixes gh-17866
Previously, AbstractDependsOnBeanFactoryPostProcessor was unordered
which meant that it was impossible to guarantee that another bean
factory post-processor would run after it. This prevented overriding
of the dependsOn relationships that is creates.
This commit updates AbstractDependsOnBeanFactoryPostProcessor to give
it a default order of zero. This will allow additional bean factory
post-processors to be configured with a lower precedence order (values
greater than 0) so that they run after any
AbstractDependsOnBeanFactoryPostProcessor and can override the
dependencies that it has configured.
Fixes gh-18362
Publishing to Maven Central requires spring-boot-starter-parent to
declare its license and developers. When a user then uses
spring-boot-starter-parent as their project's parent, these values
are inherited and this is almost certainly unwanted.
This commit updates the documentation to recommend and demonstrate
overriding the license and developers that are inherited from the
starter parent.
Closes gh-18532
Previously, the security risks and our recommendations on how to
mitigate them were not documented as clearly as they could have been.
This commit makes some changes to try to address this:
1. The security risk is now noted at the beginning of the section
2. The recommendation to use SSL is now documented more prominently
and an alternative recommendation to only use remote support on
a trusted network has been added.
3. The example secret has been removed to prevent copy and paste
4. A recommendation to use a secret that is unique and strong has been
added
Closes gh-18825
Previously, AopAutoConfiguration would only enable CGLib-based
proxies if aspectjweaver was on the classpath. The intention was for
CGLib-based proxies to always be used by default so this behaviour
was incorrect.
This commit updates AopAutoConfiguration to force the use of
CGLib-based proxies even in the absence of aspectjweaver.
Closes gh-18523
Previously, the endpoint tables in the documentation include an
"Enabled by default" column that listed whether or not an endpoint
was enabled by default. This resulted in some confusion as an endpoint
could be listed as being enabled by default but not actually be
enabled as the requirements for it being auto-configured has not been
met.
This commit removes the "Enabled by default" column and replaces it,
where needed, with some extra information in the "Description"
column that describes what is needed for the endpoint to be
auto-configured.
Closes gh-18633
In 2.2.0, @ConfigurationPropertiesScan was enabled by default.
Unfortunately, this had the unexpected side-effect of breaking
conditional enablement of a @ConfigurationProperties class via
@EnableConfigurationProperties if the @ConfigurationProperties class
was in a package covered by scanning.
This commit remove @ConfigurationPropertiesScan from
@SpringBootApplication so that it is no longer enabled by default.
2.1.x users who rely upon such conditional enablement of
@ConfigurationProperties classes can now upgrade to 2.2.x without
having to make any changes. Users who do not have such a need and are
in a position to use configuration properties scanning can now opt-in
by adding @ConfigurationPropertiesScan to their main application class
alongside @SpringBootApplication.
Closes gh-18674
Previously, all of the type exclude filters in
spring-boot-test-autoconfigure were package-private. This prevent a
user who was creating their own test slice from composing their own
TypeExcludeFilter with one of Boot's.
This commit updates all of the TypeExcludeFilters in the
test-autoconfigure module to make them public. The intention is only
to allow them to be composed with other type exclude filters when
referenced in a @TypeExcludeFilters annotation. Therefore, each
filter class is declared final and their constructors remain
package-private.
Closes gh-18746
This commit creates a new configuration property
`spring.codec.max-in-memory-size` which configures the maximum
amount of data to be buffered in memory by codecs (both client and
server).
This property has no default value - it will let Spring Framework handle
the default behavior, currently enforcing a 256KB for provided codecs.
Fixes gh-18828
Update `HealthEndpointConfiguration` to also include adapted reactive
health contributors when project reactor is on the classpath. Prior to
this commit, reactive contributors were only exposed in WebFlux
applications. This was a regression from Spring Boot 2.1 that we didn't
catch because all our own reactive contributors all have non-reactive
equivalents.
Closes gh-18805
This commit is a follow-up of a change in Spring Framework[1] to make
sure injection points that are expecting a specific bean by name use
a qualifier.
As a result of this change, MVC uses the dedicated MVC validator again
rather than the general one auto-configured by Spring Boot.
[1] https://github.com/spring-projects/spring-framework/issues/23887
Closes gh-18672
Phillip Webb
Andy Wilkinson
Stephane Nicoll
Dmytro Nosan
Madhura Bhave
dreis2211
Scott Frederick
Brian Clozel
liuhuan
Matthias Stock
Johannes Graf
Rossen Stoyanchev
Geoffrey De Smet
Ochieng Olanga
Johnny Lim
Victor Ferrer
Zekariyas
Girish Kulkarni
如梦技术
Jay Bryant
Filip Hrisafov
Tadaya Tsuyukubo
dark
Ferdinand Jacobs
Aaron Klish
Huluvu424242
cbono
luoyuan
tongluyang
Leo Li
Victor Mandujano
Lars Grefer
Franjo Zilic
thelproad
Adam Michalik
Mark Bigler
Dave Syer
Guillaume Lours
wonwoo
Mark Pollack
Jens Teglhus Møller
wycm
Jaeyeon Kim
larrywest