If the user sets security.basic.enabled=false we should just
back away from the non-management endpoints completely.
Previously the Spring Security filter was still added but with
no authentication, creating complications when unexpected
headers etc. are added by Spring Security.
Refine the loading order of LaunchedURLClassLoader to consider the
root loader before locally bundled classes.
The prevents classes from locally bundled JARs from replacing system
classes.
Issue: #56232870
Update spring-boot-loader to allow `-javaagent` instrumentation when
running from executable jars.
Prior to this commit the `Launcher` skipped the application classloader
and instead used the system classloader as a parent. This was to ensure
that locally packaged classes were always loaded by the classloader
that had access to nested jars. Unfortunately when using the
`-javaagent` option, it is the application classloader that is modified.
The `Launcher` class now uses the application classloader as parent
and `LaunchedURLClassLoader` has been updated to always search local
URLs before delegating to the parent. This is very similar to the way
that most application servers handle the loading of war files.
Issue: #56232870
Provide accurate InputStream.available() results by using the size
attribute of the ZipEntry. This helps improve performance with
CGLib and also fixes issues where libraries expect that a non-zero
result from available() indicates that read() will not return -1.
Update RunMojo to include an @Execute annotation. Allows the use of
`mvn spring-boot:run` without having to compile/package first. Now a
command like `mvn clean spring-boot:run` works.
The phase for @Execute annotation is along the lines of what is used
for the `jetty:run` plugin.
Fix TomcatEmbeddedServletContainerFactory to set a MERGED_WEB_XML
attribute when JSPs are used. This is required for EL support with
JSPs since Jasper checks the version number in the web.xml. Without
any web.xml Jasper default to disabling EL.
Issue: #55752948
Change ConfigFileApplicationContextInitializer to add config file
property sources after existing sources. This allows environment
variables and system properties to override file properties.
Issue: #55739594
Remove '/resources/**' mapping since it can cause problems with the
'/**' when the developer defines their own 'resources' sub-folder.
Also remove default servlet config since the resources mapping renders
it redundant.
Issue: #55494446
Create LiquibaseServiceLocatorInitializer to replace the standard
liquibase classpath scanning logic with SpringPackageScanClassResolver
which will work correctly in Spring Boot packaged executable JARs.
Issue: #55580628