Previously, the web environment configured on `@SpringBootTest` was not
part of the context cache key. As a result, two test classes that has
identical configuration other than one using a MOCK web environment and
the other using a DEFINED_PORT web environment would share a context
when they should not do so. Classes that use MOCK and RANDOM_PORT were
not affected as the use of RANDOM_PORT results in a property for the
port being added to the environment.
This commit adds a new ContextCustomizer, SpringBootTestWebEnvironment,
that is used to capture the `webEnvironment` from `@SpringBootTest`
and use it in its hashCode and equals implementations. This fixes the
problem as all context customizers are evaluated when determing the
equality of two context cache keys.
Fixes gh-23085
This commit rework the tip on locating templates when running the app
in the IDE. Using classpath* should not change anything as this won't
make a difference without a pattern in the path.
Closes gh-23068
Change the visibility of our own ConfigDataLocationResolver and
ConfigDataLoader classes so that they can be created outside of
`spring.factories`.
Closes gh-23434
Previously LOG_LEVEL_PATTERN and LOG_DATEFORMAT_PATTERN were not
consumed as system properties in log4j2.xml and log4j2-file.xml. As a
result, the logging.pattern.level and logging.pattern.dateformat
configuration properties, which are translated into the
LOG_LEVEL_PATTERN and LOG_DATEFORMAT_PATTERN system properties
respectively had no effect.
This commit updates the log4j2.xml and log4j2-file.xml config files to
consume LOG_LEVEL_PATTERN and LOG_DATEFORMAT_PATTERN as system
properties. When the system property is not set, the configuation falls
back to the default values specified in the config files. Tests for
both log4j2.xml and log4j2-file.xml to verify the behaviour have also
bean added.
Fixes gh-22983
Previously, all MeterFilter beans were applied to all MeterRegistry
beans. As a result, when a composite registry was auto-configured, both
the composite and all of its delegates would have the same MeterFilters
applied. This made it impossible for one of the delegate registries to
have a locally-configured filter that would allow a meter that would be
denied by one of the MeterFilter beans applied to the composite.
This commit update MeterRegistryConfigurer to skips the auto-configured
composite meter registry when applying MeterFilter beans to
MeterRegistry beans. As a result, the composite's filters will no
longer deny a meter before it reaches a delegate that would have
accepted it due to one of its locally-configured filters.
Closes gh-23381
Introduce a new `LoggingSystemFactory` interface so that the
`LoggingSystem` class can find implementations without needing to
be directly tied to them.
Closes gh-23387
This commit adds the ability to configure the Maven and Gradle
plugins to use a remote Docker daemon using build file
configuration, as an alternative to setting environment variables
to specify remote host connection details.
Fixes gh-23400
Previously, spring.flyway.init-sqls was only applied to Flyway's
configuration if Flyway was being configured to create the DataSource.
If Flyway was being configured to use an existing DataSource, init-sqls
was not applied. This is a hangover from when the init SQLs support was
introduced. At that time, Flyway only supported SQL to initialize the
connection when it was creating the DataSource. Flyway 5.2 added init
SQL support no matter how Flyway's DataSource was configured.
This commit updates FlywayAutoConfiguration to always apply the
init-sqls property to Flyway's configuration. The property's
documentation does not describe the current limitation so this change
should align the behaviour with what the documentation leads people to
expect.
Fixes gh-23392
Refactor `BootstrapRegistry` support following initial prototype work
with the Spring Cloud team.
This update splits the `BootstrapRegistry` API into `BootstrapRegistry`,
`BootstrapContext` and `ConfigurableBootstrapContext` interfaces and
moves it to the same package as `SpringApplication`.
A new `Bootstrapper` interface has been introduced that can be added
to the `SpringApplication` to customize the `BootstrapRegistry` before
it's used.
Closes gh-23326
This commit adds the ability to configure Docker image registry
authentication credentials in the Maven and Gradle plugins. The
authentication credentials are passed to the Docker daemon with
all daemon API calls, and the daemon forwards the credentials to the
image registry when necessary. This makes it possible to use
builder and run images stored in a private Docker registry.
See gh-22972
Rename `@ConfigurationPropertiesImport` to
`@ImportAsConfigurationPropertiesBean` and also refine the registrar
so that it can be used with type directly annotated with
`@ConfigurationProperties`.
Closes gh-23172
Update `JarFileEntries` so that the interface is obtained rather than
the concrete implementation. This allows `JarEntry` values to be used
without causing a ClassCastException.
Closes gh-19041
Update the performance improvements to push certificate loading
and storage into the `JarFileEntries` class. This allows us to
keep certificates without needing to cache all entry data. We
now also keep certificates and code signers in a dedicated class
which is set whenever the full jar stream as been read, even if
the contained values are `null`. The logic that assumes META-INF
entries are not signed has been removed in favor of delegating to
the streamed entry results.
See gh-19041
Update Spring Boot nested JarFile support to improve the performance of
signed jars. Prior to this commit, `certificates` and `codeSigners`
were read by streaming the entire jar whenever the existing values
were `null`. Unfortunately, the contract for `getCertificates` and
get `getCodeSigners` states that `null` is a valid return value. This
meant that full jar streaming would occur whenever either method was
called on an entry that had no result. The problem was further
exacerbated by the fact that entries might not be cached.
See gh-19041
Update `ValidationBindHandler` so that pushed fields that reference
map keys can be used. This fixes a regression that was introduced in
commit 4483f417 when we switched to a `AbstractBindingResult` that no
longer required public getters/setters.
Closes gh-20350
Remove casting "timestamp" to `java.util.Date` in
`ErrorMvcAutoConfiguration` as the cast is not necessary and it
prevents other types (e.g. `java.time`) from being used.
See gh-23256
Prior to this commit, Actuator would sanitize properties values when
serializing them on the dedicated endpoint. Keys like "password" or
"secret" are entirely sanitized, but other keys like "uri" or "address"
are considered as URI types and only the password part of the user info
is sanitized.
This commit fixes the sanitization process where lists of such URI types
would not match the first entries of the list since they're starting
with `'['`. This commit improves the regexp matching process to sanitize
all URIs within a collection.
The documentation is also updated to better underline the processing
difference between complete sanitization and selective sanitization for
URIs.
Fixes gh-23037
Previous to this commit the connection idle timeout and heartbeat
interval were mapped to seconds whereas Cassandra expects ms for all
duration types.
This commit fixes the mapping and removes the default duration unit
since it should be considered ms like every other duration properties.
Closes gh-23249
This commit updates the Gradle Plugin to filter dependencies based on
the Spring-Boot-Jar-Type entry in their manifest. Jars with a
Spring-Boot-Jar-Type of dependencies-starter are excluded. Unlike the
Maven plugin, jars with a type of annotation-processor are not
excluded. It is not necessary with Gradle as use of the
annotationProcessor configuration for such dependencies already ensures
that they are not included.
See gh-22036
This commit updates the Maven Plugin to filter dependencies based on
the Spring-Boot-Jar-Type entry in their manifest. Jars with a
Spring-Boot-Jar-Type of dependencies-starter or annotation-processor
are excluded.
See gh-22036
The commit also includes an upgrade to Nimbus JOSE JWT 9.0. Spring
Security requires 9.0 and it is not backwards compatible with 8.19.
Closes gh-23225
Closes gh-23242
Previously, PropertiesLauncher would close each archive that it
iterated over when creating its ClassLoader. This was not aligned
with JarLauncher's behaviour and left the ClassLoader with closed
archives. The close was introduced in [1] and became more apparent
following the change to fail operations on closed archives [2].
This commit updates Launcher to remove the close() that was added in
[1]. This aligns the behavior of PropertiesLauncher with JarLauncher
and ensures that the ClassLoader does not have entries backed by
closed archives on its classpath.
Fixes gh-23165
[1] ad72f86bdb
[2] ed7a5db174
Add repeatable `@ImportConfigurationPropertiesBean` annotation that can
be used to import types and treat them as `@ConfigurationProperties`
beans. This annotation is specifically designed to support third-party
classes that can't contain any Spring annotations.
Closes gh-23172
Prior to this commit, the `WebClientExchangeTags`, when given a request
without a string template, would only get the request path to create the
"uri" tag for metrics. This is inconsistent with the
`RestTemplateExchangeTags`, which are taking the full request URI minus
the protocol+host+port.
This commit aligns the `WebClientExchangeTags` behavior in this case.
Closes gh-22832
This commit deprecates the
`"spring.resources.chain.html-application-cache"` configuration property
and its support, since the feature has been deprecated in Spring
Framework.
The app-cache manifest feature is being removed from browsers in favor
of web workers.
Closes gh-23228
With the introduction of health indicators that only require the
CqlSession, this commit deprecates the health indicators that require
Spring Data since the latter build on top of the former.
Closes gh-23226
ReactiveDataAccessStrategy has been deprecated in Spring Data R2BC in
favor of R2dbcConverter (and StatementMapper and UpdateMapper). When
not using Boot, an R2dbcConverter bean is now defined by
AbstractR2dbcConfiguration. This commit updates
R2dbcDataAutoConfiguration to replace the definition of a
ReactiveDataAccessStrategy bean with the definition of an
R2dbcConverter bean.
See gh-23197
Prior to this commit, Spring Boot would auto-configure both
Elasticsearch variants: `RestClient` ("Low Level" client) and
`RestHighLevelClient` ("High Level" client).
Since one can be derived from the other, this would create complex and
unclear situations depending on what developers provided with their
configuration.
`RestHighLevelClient` is mostly for actual use of the Elasticsearch API,
with support for specific methods and (de)serialization. On the other
hand, `RestClient` is merely wrapping the Apache HTTP client for
load-balancing support and low level HTTP features.
This commit completely removes the support for `RestClient` in Spring
Boot and now requires the presence of the
`org.elasticsearch.client:elasticsearch-rest-high-level-client`
dependency for REST client support with Elasticsearch.
Closes gh-22358
This commit builds on top of gh-22603 and exposes data collected by the
`BufferingApplicationStartup` on a dedicated `"/startup"` Actuator
endpoint.
Closes gh-23213
As of spring-projects/spring-framework#24878, Spring Framework provides
an `ApplicationStartup` infrastructure that applications can use to
collect and track events during the application startup phase.
This commit adds a new `BufferingApplicationStartup` implementation that
buffer `StartupStep`s and tracks their execution time. Once buffered,
these steps can be pushed to an external metrics system or drained
through a web endpoint, to a file...
Closes gh-22603
This commit adds a protected method that lets an override customize the
configuration of the ClassPathScanningCandidateComponentProvider used
to scan entities.
Closes gh-23154
Update `OriginTrackedYamlLoader` to remove node limits and recursive
parsing restrictions. SnakeYAML 1.26 introduced these options in order
to protect against the "billion laugh attacks" but since we consider
`application.yml` files to be trusted, we don't need these restrictions.
Fixes gh-23096
Extend `initializeSystem` to search the exception stack for a
FileNotFoundException before reporting the error. This allows
us to provide a similar stack trace to the one that used to be
thrown when we had the `ResourceUtils.getURL` check.
See gh-22946
Remove `ResourceUtils.getURL` checking from `LoggingApplicationListener`
so that logging systems can implement custom location support.
Prior to this commit, we checked in the listener if the specified config
location could be opened as a URL. This unfortunately prevents Log4J
extensions such as `log4j-spring-cloud-config-client` from implementing
configurable SSL and credentials support.
See gh-22946
In some cases, a call to the Docker image load API will fail but
return a 200 OK response status code and an empty response. This
commit detects that the response from this call is empty and
treats this condition as an error instead of a silent failure.
Fixes gh-23130
Allow `ConfigDataLocationResolvers` to access `Origin` information for
locations so that they can be used as a parent origin of loaded items.
The `ResourceConfigData...` classes have been reworked so that loaded
`PropertySources` include the parent origin.
See gh-23018
Update the `Origin` interface to include a default `getParent()` method
which can be used to get the parent origin. The `TextResourceOrigin`
has been updated to implement the method against the source `Resource`.
A new `OriginTrackedResource` implementation allows any `Resource` to
be decorated and carry an optional `Origin`.
Ultimately this will allow us to include parent `Origin` information
on properties loaded via a `PropertySourceLoader` without needing any
changes to that interface.
See gh-23018
Update `DefaultBindConstructorProvider` so that binding to objects with
multiple constructors is allowed, as long as there is only one
non-public candidate.
Closes gh-23117
Support a `spring.config.all-locations-optional` property which can be
set to `true` if all config data locations should be considered
optional.
Closes gh-23097
Update config data processing code so that import locations are
mandatory by default. Any import request will now throw a
`ConfigDataLocationNotFoundException` if the specified import
location cannot be found. For optional imports, the user can
use the `optional:` prefix to indicate that the application should
continue to start, even if the location does not exist.
Closes gh-23032
Previous to this commit, an auto-configuration would create a
PlatformTransactionManager if none is present and others conditions are
met. Spring Framework now has the notion of TransactionManager, a parent
interface that gathers both PlatformTransactionManager and
ReactiveTransactionManager.
Spring Boot should not be in a situation where both managers are defined
out-of-the-box. This commit makes sure to back-off if any
TransactionManager is available.
Closes gh-22851
Previously to this commit, a project that has several classpath
locations matching the template path may lead to some of those
locations to be ignored if one of them is a directory. This can easily
happen if you run your tests in your IDE.
This commit changes the default of "preferFileSystemAccess" to
false so that the complete classpath is always considered.
Closes gh-23051
Allow `${..}` property placeholders to be used in `spring.config.import`
properties. Prior to this commit, placeholders were not resolved when
binding the `ConfigDataProperty` instance. Furthermore, binding happened
too early for all placeholders to be resolved correctly. The
`ConfigDataEnvironmentContributor` class now has two states for imported
contributors, `UNBOUND_IMPORT` has the initial unbound state and is
eventually replaced with a `BOUND_IMPORT`.
Closes gh-23020
Expose the `BootstrapRegisty` to both `ConfigDataLocationResolver` and
`ConfigDataLoader` implementations. The registry is exposed via the
context interfaces and may be used to reuse instances that are expensive
to create. It may also be used to ultimately register beans with the
`ApplicationContext`.
Closes gh-22956
Add a simple `BootstrapRegistry` that can be used to store and share
object instances across `EnvironmentPostProcessors`. The registry
can be injected into the constructor of any `EnvironmentPostProcessor`.
Registrations can also perform additional actions when the
`ApplicationContext` has been prepared. For example, they could register
the the bootstrap instances as beans so that they become available to
the application.
See gh-22956
This commit changes the path used to invoke lifecycle binaries in
CNB builders from `/lifecycle` to `/cnb/lifecycle` to conform to
the CNB spec. This will ensure the build plugin image-building
goals and tasks are compatible with future versions of builders
that may not support both paths.
See gh-23009
Andy Wilkinson
thorasine
Stephane Nicoll
Pavel Gordon
dreis2211
Phillip Webb
heinz
Sebastiaan Fernandez
Scott Frederick
姜为
mathieufortin01
lock14
anshlykov
Brian Clozel
David Good
cbono
Spencer Gibb
Eddú Meléndez
Josh Cummings
Dario Seidl
Pradipta Sarma
EruDev
Ralph Goers
Martin Chalupa
Jonghan Kim
Johnny Lim
spencergibb
hoaphan
Thomas Kåsene
Ivo Smid
mvanmeerbeck