Commit Graph

1468 Commits (88f776ef1718847b60aba3197c8fd0a9c53a2c47)

Author SHA1 Message Date
Phillip Webb e06198e9cb Polish 9 years ago
Stephane Nicoll 2c4f88e221 Fix Hazelcast auto-configuration ordering
Make sure that the general Hazelcast auto-configuration is processed
before the cache auto-configuration. This was supposed to be fixed and
tested in 721b5a2 but unfortunately the `@AutoConfigureAfter` annotation
was placed on a regular `@Configuration` class (which has no effect).

The tests were passing because the ordering is actually hardcoded in the
test. The relevant tests now use `ImportAutoConfiguration` that simulates
the same order as the one use by the actual application.

Closes gh-4389
9 years ago
Stephane Nicoll 157c0b6cae Register hazelcast post processor only when necessary
Commit 8e0a94f introduced a post processor that adds an explicit link
between the `HazelcastInstance` and the `EntityManagerFactory` so that
Hazelcast is fully initialized before Hibernate actually kicks in.

Unfortunately, the conditions that were implemented to register this post
processor are wrong and any app that has both JPA and Hazelcast support
blows up if no bean with name `hazelcastInstance` is defined.

This commit fixes the situation and reworks the configuration in a
separate auto-configuration that runs after the Hazelcast and JPA support
and check both the presence of an `EntityManagerFactory` and a bean of
name `hazelcastInstance`. If any of those conditions does not apply the
post processor is no longer registered.

Closes gh-4158
9 years ago
Stephane Nicoll 6dbdd575a5 Polish 9 years ago
Phillip Webb d88210f626 Improve performance with BackgroundPreinitializer
Add a BackgroundPreinitializer to trigger early initialization in a
background thread of time consuming tasks. By moving certain
initialization tasks to background thread and triggering them early
we can improve the critical path when the application starts. For
example, Tomcat's MBeanFactory class parses several XML files when
first loaded. If we trigger the load in a background thread it completes
before Tomcat actually needs to use it.

The initial set of initializers included with this commit are:

- Tomcat MBeanFactory
- javax.validation
- Spring's AllEncompassingFormHttpMessageConverter

See gh-4252
9 years ago
Phillip Webb 3492f1bcca Fix typo in HibernateJpaAutoConfiguration 9 years ago
Dave Syer a3c73cad4a Merge branch '1.2.x'
Conflicts:
	spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ResourceProperties.java
	spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/WebMvcAutoConfiguration.java
	spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/WebMvcProperties.java
9 years ago
Dave Syer 124574e345 Add mediaTypes (extension to media type mapping) in MVC resources
Allows users to configure "allowed" file extensions for controller
mappings, so that browsers will not switch to downloading "f.txt"
(part of the recent RFD attack fixes in Spring MVC).

See gh-4220
9 years ago
Phillip Webb 6c2ea4648f Polish 9 years ago
Stephane Nicoll 8188060edf Fix broken build 9 years ago
Dave Syer 96ba5ed32c Ensure OAuth2 context state is not reset if access tokens match
We can expect that occasionally a user clicks on a login link when
the token is expired. If the UserInfoTokenServices tries to
authenticate the user at that point, it can retain the option to
refresh the expired token if we preserve the state. Since the
state is in session scope all we need to do is to check that the
token that is being checked has the same value as the one in the
OAuth2ClientContext and re-use the context if it is.

Fixes gh-4251
9 years ago
Dave Syer cfb12fc7c2 Clarify how to switch off security autoconfiguration
The fact that the web security and the authentication manager are
controlled separately should hopefully now be clearer.

Fixes gh-3292
9 years ago
Phillip Webb 0ccd33705d Use RelaxedDataBinder for excludes
Update `EnableAutoConfigurationImportSelector` to directly use the
RelaxedDataBinder when obtaining excludes. This removes the need for
the additional getProperties method on RelaxedPropertyResolver.

See gh-4352
9 years ago
Stephane Nicoll abfd139d8f Fix `spring.application.exclude` YAML property
`spring.application.exclude` is retrieved via the
`RelaxedPropertyResolver` API explicitly and it does not have any
standard API to retrieve a list of values. As a consequence that property
could only be specified as a comma-separated value.

This felt convoluted in YAML. `RelaxedPropertyResolver` has now a
`getProperties` method that works with both comma-separated value and
index elements (i.e. list).

Closes gh-4352
9 years ago
Andy Wilkinson 02d7e2826c Don’t call ignoring.antMatchers([]) as empty array now maps to /**
Previously, if security.ignored was set to none and the error controller
was disabled, there would be no paths to ignore and we would call
IgnoredRequestConfigurer.antMatchers with an empty array. While a bit
pointless, this had no effect on Spring Security’s configuration.

This behaviour has changed in the latest 4.0.3 snapshots [1]. An empty
array passed to IgnoredRequestConfigurer.antMatchers now maps to /**. As
Spring Boot configures its ignored paths with highest precedence this
means that security is now disabled for every path.

This commit updates both the management security and application
security configuration to avoid calling antMatchers with an empty
array, thereby ensuring that we don’t inadvertently ignore every path.
Even if the change to Spring Security is reverted we can keep this
change. The behaviour will remain the same and, arguably, it makes the
intent of our configuration clearer.

Closes gh-4345

[1] 8663ac4173
9 years ago
Stephane Nicoll 00e207dcaf Temporary fix the build
See gh-4345
9 years ago
Andy Wilkinson eaa4d900eb Update auto-configured ParameterNamesModule to use DEFAULT creator mode
The PROPERTIES creator mode has the unfortunate side-effect of stopping
mixins from working. This commit updates the auto-configured module to
use the DEFAULT creator mode instead.

Closes gh-4336
9 years ago
Stephane Nicoll 7742dafccf Improve meta-data description 9 years ago
Stephane Nicoll 10a079fb07 Polish contribution
Closes gh-4316
9 years ago
Kyle Lieber c6783e8663 Add missing properties to OAuth2AutorizationServer
Make sure that `autoApprove`, `accessTokenValiditySeconds`, and
`refreshTokenValiditySeconds` properties from the `ClientDetails`
are used

Closes gh-4306
9 years ago
Andy Wilkinson 04c87138b4 Add missing javadoc to AuthorizationServerProperties 9 years ago
Dave Syer ae0eed5bf5 Be more defensive about exceptions from resource
Otherwise you can get an exception here that is unuseful, e.g. from
a ServletContext that isn't properly initialized.
9 years ago
Dave Syer abd7bc0466 Add OAuth2 resource server sample
Shows how to use @EnableResourceServer in a pure resource
server and configure the secure paths.
9 years ago
Stephane Nicoll 3740c817d3 Ensure that `@ConfigurationProperties` is mandatory
Previously it was possible to bind a bean to the root prefix by just
adding `@EnableConfigurationProperties` with the class of said bean.

 This use case is misleading and prevents any meta-data to be generated
 for that object since the annotation processor reacts on the presence of
 the `@ConfigurationProperties` annotation.

 If a class is included in the list of configuration properties bean to
 create via the `@EnableConfigurationProperties` annotation we now make
 sure that the `@configurationProperties` annotation is present on it.

 Closes gh-3460
9 years ago
Johnny Lim f76322263b Remove unnecessary String concatenation
Closes gh-4330
9 years ago
Stephane Nicoll 90a4d1df2b Polish contribution
Closes gh-4317
9 years ago
Vedran Pavic 40351c40ed Fix binding of Flyway's baselineVersion property
See gh-4317
9 years ago
Andy Wilkinson 791c50d1e7 Add an integration test to verify filter ordering
We have some requirements for filter ordering:

1. The character encoding filter must go first
2. Spring Session’s filter should go early
3. RequestContextFilter should go late so that it any request wrapping
   performed by other filters is reflected in the request that’s set
   in the RequestContextHolder
4. Spring Security’s Filter must go after RequestContextFilter so that
   any code called by Filters in Spring Security’s Filter chain can
   retrieve the request from RequestContextHolder, for example
   OAuth2ClientContextFilter.

See gh-4331
9 years ago
Andy Wilkinson 222ca74c62 Fix Checkstyle violations 9 years ago
Andy Wilkinson c4122b8f8d Work around brittle annotation scanning in Mojarra
FacesListener in Mojarra 2.2.12 (used in Glassfish 4.1.1) is a
ServletContainerInitializer that’s annotated to handle types annotated
with javax.annotation.Resource.
OAuth2RestOperationsConfiguration.SessionScopedConfiguration is one such
class. This leads to com.sun.faces.config.DelegatingAnnotationProvider
calling getAnnotations on SessionScopedConfiguration.class. This fails
with a java.lang.ArrayStoreException due to SessionScopedConfiguration
being annotated with @ConditionalOnBean(OAuth2ClientConfiguration) and
OAuth2ClientConfiguration not being on the classpath.
DelegatingAnnotationProvider currently catches NoClassDefFoundErrors
thrown during its annotation processing. It needs to be made more
robust so that it also copes with an ArrayStoreException, in a similar
way to how org.glassfish.apf.impl.AnnotationProcessorImpl was updated to
fix GLASSFISH-21265 [1]. I’ve opened an issue to this effect [2].

In the meantime, we can work around the brittleness in
DelegatingAnnotationProvider by restructuring
SessionScopedConfiguration. This commit moves the use of @Resource into
a nested inner class, ClientContextConfiguration, while leaving the use
of @ConditionalOnBean on SessionScopedConfiguration. This means that it
is now ClientContextConfiguration that is passed to FacesListener and
processed by DelegatingAnnotationProcessor, thereby avoiding exposing
it to the @ConditionalOnBean annotation that it does not handle
gracefully. A Glassfish-based deployment test has also been added to
verify the fix.

Closes gh-2079
Closes gh-4321

[1] https://java.net/jira/browse/GLASSFISH-21265
[2] https://java.net/jira/browse/JAVASERVERFACES-4076
9 years ago
Dave Syer 5c0ef308aa Test that client-id can be hyphen or camel-cased 9 years ago
Johnny Lim 396bea22b9 Polish docs
See gh-4309
9 years ago
Phillip Webb 15fbb8ddf9 Polish 9 years ago
Phillip Webb c2a46b8e3b Polish 9 years ago
Phillip Webb 673b4f6de5 Merge branch '1.2.x' 9 years ago
Phillip Webb cfbac20807 Ensure ErrorControllers work when using AOP
Add a BeanFactoryPostProcessor to set PRESERVE_TARGET_CLASS_ATTRIBUTE
to true on all ErrorController bean definitions. Without this attribute
AOP advice on @Controllers causes ErrorController beans to be created
as JDK proxies (since they implement a single valid looking interface)
and therefore not get found by Spring MVC.

Fixes gh-4236
9 years ago
Stephane Nicoll bc0eb996ff Polish contribution
Closes gh-4202
9 years ago
Eddú Meléndez 396cf76ef5 Add spring.jersey.path property
Provide a property to customize the application path that serves as the
base URI for a JAX-RS compliant application. If both `spring.jersey.path`
and an `@ApplicationPath` are present, the property takes precedence.

Closes gh-4201
9 years ago
Phillip Webb 89fe0794a9 Switch RequestContextListener to Filter
Update WebMvcAutoConfiguration to use a RequestContextFilter instead of
a RequestContextListener.

Using a filter is required for some Spring Session operations (see
https://github.com/spring-projects/spring-session/issues/129).

This update also has the added benefit of allowing the Response to be
accessed from RequestContextHolder.getRequestAttributes() by casting it
to ServletRequestAttributes.

Fixes gh-2637
9 years ago
Phillip Webb 634bb770b2 Organize imports with new settings
See gh-4234
9 years ago
Phillip Webb 1e4d974ec0 Merge remote-tracking branch 'local12x/1.2.x' 9 years ago
Phillip Webb a79131f8d2 Organize imports with new settings
See gh-4234
9 years ago
Stephane Nicoll fd525077bd Improve HornetQ/Artemis embedded tests
Previously, HornetQ and Artemis tests were using a test configuration
class listing the configuration classes to use explicitly in the purpose
of disabling the XA support.

This had a very unfortunate side effect for Artemis as we forgot to add
an import on the "real" configuration and this got unnoticed because of
this duplication.

It turns out that this special configuration class is no longer necessary
as XA backs off automatically anyway now. The tests have been updated
to use the regular auto-configuration and were failing with Artemis. The
import has now be added.

Closes gh-4226
9 years ago
Spring Buildmaster 2b38a861e3 Next Development Version 9 years ago
Andy Wilkinson 56977c037d Merge branch '1.2.x' 9 years ago
Andy Wilkinson c236db04ef Ignore parent contexts in message source auto-configuration
This commit applies the changes made in 68b55ad to 1.2.x (it was
originally only made in 1.0.x and master). It also adds some tests.

Closes gh-3803
9 years ago
Stephane Nicoll 092b2aa4e7 Polish
See gh-4191
9 years ago
Phillip Webb 922f8b6ba6 Add `server.session.store-dir` support
Add support for a `server.session.store-dir` property which can be used
to specify where session data source be saved.

Fixes gh-4191
9 years ago
Phillip Webb 143536f72d Polish 9 years ago
Andy Wilkinson f770dbab52 Apply HttpMessageConverter auto-config to form part converters
Closes gh-3525
9 years ago