Commit Graph

1524 Commits (908c9562e564897d902bbdce4c0c0cba756173c7)

Author SHA1 Message Date
Bohuslav Burghardt 88cf65427f Make OPTIONS/TRACE request handling configurable
Add properties to WebMvcProperties allowing control of if TRACE/OPTIONS
requests should go through the regular dispatching chain.

Closes gh-4300
9 years ago
Phillip Webb a8b23f9deb Fix import order 9 years ago
awgtek deaa9051bc Switch MongoCredential method
Update MongoProperties to use `MongoCredential.createCredential` rather
than `MongoCredential.createMongoCRCredential`. This allows connections
to Mongo 3.0 servers to authenticate using the SCRAM-SHA-1 mechanism.

Closes gh-4237
9 years ago
Johnny Lim 83e8bfedb2 Use Ordered.HIGHEST_PRECEDENCE constants
Use Ordered.HIGHEST_PRECEDENCE rather than Integer.MIN_VALUE.

Closes gh-4335
9 years ago
Johnny Lim 8540d80b84 Remove unused parameter in Security configuration
Update SecurityFilterAutoConfiguration.securityFilterChainRegistration
to remove unused ApplicationContext parameter.

Closes gh-4399
9 years ago
Phillip Webb e06198e9cb Polish 9 years ago
Stephane Nicoll 2c4f88e221 Fix Hazelcast auto-configuration ordering
Make sure that the general Hazelcast auto-configuration is processed
before the cache auto-configuration. This was supposed to be fixed and
tested in 721b5a2 but unfortunately the `@AutoConfigureAfter` annotation
was placed on a regular `@Configuration` class (which has no effect).

The tests were passing because the ordering is actually hardcoded in the
test. The relevant tests now use `ImportAutoConfiguration` that simulates
the same order as the one use by the actual application.

Closes gh-4389
9 years ago
Stephane Nicoll 157c0b6cae Register hazelcast post processor only when necessary
Commit 8e0a94f introduced a post processor that adds an explicit link
between the `HazelcastInstance` and the `EntityManagerFactory` so that
Hazelcast is fully initialized before Hibernate actually kicks in.

Unfortunately, the conditions that were implemented to register this post
processor are wrong and any app that has both JPA and Hazelcast support
blows up if no bean with name `hazelcastInstance` is defined.

This commit fixes the situation and reworks the configuration in a
separate auto-configuration that runs after the Hazelcast and JPA support
and check both the presence of an `EntityManagerFactory` and a bean of
name `hazelcastInstance`. If any of those conditions does not apply the
post processor is no longer registered.

Closes gh-4158
9 years ago
Stephane Nicoll 6dbdd575a5 Polish 9 years ago
Phillip Webb d88210f626 Improve performance with BackgroundPreinitializer
Add a BackgroundPreinitializer to trigger early initialization in a
background thread of time consuming tasks. By moving certain
initialization tasks to background thread and triggering them early
we can improve the critical path when the application starts. For
example, Tomcat's MBeanFactory class parses several XML files when
first loaded. If we trigger the load in a background thread it completes
before Tomcat actually needs to use it.

The initial set of initializers included with this commit are:

- Tomcat MBeanFactory
- javax.validation
- Spring's AllEncompassingFormHttpMessageConverter

See gh-4252
9 years ago
Phillip Webb 9432ee6a6b Polish 9 years ago
Phillip Webb 3492f1bcca Fix typo in HibernateJpaAutoConfiguration 9 years ago
Dave Syer a3c73cad4a Merge branch '1.2.x'
Conflicts:
	spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ResourceProperties.java
	spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/WebMvcAutoConfiguration.java
	spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/WebMvcProperties.java
9 years ago
Dave Syer 124574e345 Add mediaTypes (extension to media type mapping) in MVC resources
Allows users to configure "allowed" file extensions for controller
mappings, so that browsers will not switch to downloading "f.txt"
(part of the recent RFD attack fixes in Spring MVC).

See gh-4220
9 years ago
Phillip Webb 6c2ea4648f Polish 9 years ago
Stephane Nicoll 8188060edf Fix broken build 9 years ago
Dave Syer 96ba5ed32c Ensure OAuth2 context state is not reset if access tokens match
We can expect that occasionally a user clicks on a login link when
the token is expired. If the UserInfoTokenServices tries to
authenticate the user at that point, it can retain the option to
refresh the expired token if we preserve the state. Since the
state is in session scope all we need to do is to check that the
token that is being checked has the same value as the one in the
OAuth2ClientContext and re-use the context if it is.

Fixes gh-4251
9 years ago
Dave Syer cfb12fc7c2 Clarify how to switch off security autoconfiguration
The fact that the web security and the authentication manager are
controlled separately should hopefully now be clearer.

Fixes gh-3292
9 years ago
Phillip Webb 0ccd33705d Use RelaxedDataBinder for excludes
Update `EnableAutoConfigurationImportSelector` to directly use the
RelaxedDataBinder when obtaining excludes. This removes the need for
the additional getProperties method on RelaxedPropertyResolver.

See gh-4352
9 years ago
Stephane Nicoll abfd139d8f Fix `spring.application.exclude` YAML property
`spring.application.exclude` is retrieved via the
`RelaxedPropertyResolver` API explicitly and it does not have any
standard API to retrieve a list of values. As a consequence that property
could only be specified as a comma-separated value.

This felt convoluted in YAML. `RelaxedPropertyResolver` has now a
`getProperties` method that works with both comma-separated value and
index elements (i.e. list).

Closes gh-4352
9 years ago
Andy Wilkinson 02d7e2826c Don’t call ignoring.antMatchers([]) as empty array now maps to /**
Previously, if security.ignored was set to none and the error controller
was disabled, there would be no paths to ignore and we would call
IgnoredRequestConfigurer.antMatchers with an empty array. While a bit
pointless, this had no effect on Spring Security’s configuration.

This behaviour has changed in the latest 4.0.3 snapshots [1]. An empty
array passed to IgnoredRequestConfigurer.antMatchers now maps to /**. As
Spring Boot configures its ignored paths with highest precedence this
means that security is now disabled for every path.

This commit updates both the management security and application
security configuration to avoid calling antMatchers with an empty
array, thereby ensuring that we don’t inadvertently ignore every path.
Even if the change to Spring Security is reverted we can keep this
change. The behaviour will remain the same and, arguably, it makes the
intent of our configuration clearer.

Closes gh-4345

[1] 8663ac4173
9 years ago
Stephane Nicoll 00e207dcaf Temporary fix the build
See gh-4345
9 years ago
Andy Wilkinson eaa4d900eb Update auto-configured ParameterNamesModule to use DEFAULT creator mode
The PROPERTIES creator mode has the unfortunate side-effect of stopping
mixins from working. This commit updates the auto-configured module to
use the DEFAULT creator mode instead.

Closes gh-4336
9 years ago
Stephane Nicoll 7742dafccf Improve meta-data description 9 years ago
Stephane Nicoll 10a079fb07 Polish contribution
Closes gh-4316
9 years ago
Kyle Lieber c6783e8663 Add missing properties to OAuth2AutorizationServer
Make sure that `autoApprove`, `accessTokenValiditySeconds`, and
`refreshTokenValiditySeconds` properties from the `ClientDetails`
are used

Closes gh-4306
9 years ago
Andy Wilkinson 04c87138b4 Add missing javadoc to AuthorizationServerProperties 9 years ago
Dave Syer ae0eed5bf5 Be more defensive about exceptions from resource
Otherwise you can get an exception here that is unuseful, e.g. from
a ServletContext that isn't properly initialized.
9 years ago
Dave Syer abd7bc0466 Add OAuth2 resource server sample
Shows how to use @EnableResourceServer in a pure resource
server and configure the secure paths.
9 years ago
Stephane Nicoll 3740c817d3 Ensure that `@ConfigurationProperties` is mandatory
Previously it was possible to bind a bean to the root prefix by just
adding `@EnableConfigurationProperties` with the class of said bean.

 This use case is misleading and prevents any meta-data to be generated
 for that object since the annotation processor reacts on the presence of
 the `@ConfigurationProperties` annotation.

 If a class is included in the list of configuration properties bean to
 create via the `@EnableConfigurationProperties` annotation we now make
 sure that the `@configurationProperties` annotation is present on it.

 Closes gh-3460
9 years ago
Johnny Lim f76322263b Remove unnecessary String concatenation
Closes gh-4330
9 years ago
Stephane Nicoll 90a4d1df2b Polish contribution
Closes gh-4317
9 years ago
Vedran Pavic 40351c40ed Fix binding of Flyway's baselineVersion property
See gh-4317
9 years ago
Andy Wilkinson 791c50d1e7 Add an integration test to verify filter ordering
We have some requirements for filter ordering:

1. The character encoding filter must go first
2. Spring Session’s filter should go early
3. RequestContextFilter should go late so that it any request wrapping
   performed by other filters is reflected in the request that’s set
   in the RequestContextHolder
4. Spring Security’s Filter must go after RequestContextFilter so that
   any code called by Filters in Spring Security’s Filter chain can
   retrieve the request from RequestContextHolder, for example
   OAuth2ClientContextFilter.

See gh-4331
9 years ago
Andy Wilkinson 222ca74c62 Fix Checkstyle violations 9 years ago
Andy Wilkinson c4122b8f8d Work around brittle annotation scanning in Mojarra
FacesListener in Mojarra 2.2.12 (used in Glassfish 4.1.1) is a
ServletContainerInitializer that’s annotated to handle types annotated
with javax.annotation.Resource.
OAuth2RestOperationsConfiguration.SessionScopedConfiguration is one such
class. This leads to com.sun.faces.config.DelegatingAnnotationProvider
calling getAnnotations on SessionScopedConfiguration.class. This fails
with a java.lang.ArrayStoreException due to SessionScopedConfiguration
being annotated with @ConditionalOnBean(OAuth2ClientConfiguration) and
OAuth2ClientConfiguration not being on the classpath.
DelegatingAnnotationProvider currently catches NoClassDefFoundErrors
thrown during its annotation processing. It needs to be made more
robust so that it also copes with an ArrayStoreException, in a similar
way to how org.glassfish.apf.impl.AnnotationProcessorImpl was updated to
fix GLASSFISH-21265 [1]. I’ve opened an issue to this effect [2].

In the meantime, we can work around the brittleness in
DelegatingAnnotationProvider by restructuring
SessionScopedConfiguration. This commit moves the use of @Resource into
a nested inner class, ClientContextConfiguration, while leaving the use
of @ConditionalOnBean on SessionScopedConfiguration. This means that it
is now ClientContextConfiguration that is passed to FacesListener and
processed by DelegatingAnnotationProcessor, thereby avoiding exposing
it to the @ConditionalOnBean annotation that it does not handle
gracefully. A Glassfish-based deployment test has also been added to
verify the fix.

Closes gh-2079
Closes gh-4321

[1] https://java.net/jira/browse/GLASSFISH-21265
[2] https://java.net/jira/browse/JAVASERVERFACES-4076
9 years ago
Dave Syer 5c0ef308aa Test that client-id can be hyphen or camel-cased 9 years ago
Johnny Lim 396bea22b9 Polish docs
See gh-4309
9 years ago
Phillip Webb 15fbb8ddf9 Polish 9 years ago
Phillip Webb c2a46b8e3b Polish 9 years ago
Phillip Webb 673b4f6de5 Merge branch '1.2.x' 9 years ago
Phillip Webb cfbac20807 Ensure ErrorControllers work when using AOP
Add a BeanFactoryPostProcessor to set PRESERVE_TARGET_CLASS_ATTRIBUTE
to true on all ErrorController bean definitions. Without this attribute
AOP advice on @Controllers causes ErrorController beans to be created
as JDK proxies (since they implement a single valid looking interface)
and therefore not get found by Spring MVC.

Fixes gh-4236
9 years ago
Stephane Nicoll bc0eb996ff Polish contribution
Closes gh-4202
9 years ago
Eddú Meléndez 396cf76ef5 Add spring.jersey.path property
Provide a property to customize the application path that serves as the
base URI for a JAX-RS compliant application. If both `spring.jersey.path`
and an `@ApplicationPath` are present, the property takes precedence.

Closes gh-4201
9 years ago
Phillip Webb 89fe0794a9 Switch RequestContextListener to Filter
Update WebMvcAutoConfiguration to use a RequestContextFilter instead of
a RequestContextListener.

Using a filter is required for some Spring Session operations (see
https://github.com/spring-projects/spring-session/issues/129).

This update also has the added benefit of allowing the Response to be
accessed from RequestContextHolder.getRequestAttributes() by casting it
to ServletRequestAttributes.

Fixes gh-2637
9 years ago
Phillip Webb 634bb770b2 Organize imports with new settings
See gh-4234
9 years ago
Phillip Webb 1e4d974ec0 Merge remote-tracking branch 'local12x/1.2.x' 9 years ago
Phillip Webb a79131f8d2 Organize imports with new settings
See gh-4234
9 years ago
Stephane Nicoll fd525077bd Improve HornetQ/Artemis embedded tests
Previously, HornetQ and Artemis tests were using a test configuration
class listing the configuration classes to use explicitly in the purpose
of disabling the XA support.

This had a very unfortunate side effect for Artemis as we forgot to add
an import on the "real" configuration and this got unnoticed because of
this duplication.

It turns out that this special configuration class is no longer necessary
as XA backs off automatically anyway now. The tests have been updated
to use the regular auto-configuration and were failing with Artemis. The
import has now be added.

Closes gh-4226
9 years ago
Spring Buildmaster 2b38a861e3 Next Development Version 9 years ago
Andy Wilkinson 56977c037d Merge branch '1.2.x' 9 years ago
Andy Wilkinson c236db04ef Ignore parent contexts in message source auto-configuration
This commit applies the changes made in 68b55ad to 1.2.x (it was
originally only made in 1.0.x and master). It also adds some tests.

Closes gh-3803
9 years ago
Stephane Nicoll 092b2aa4e7 Polish
See gh-4191
9 years ago
Phillip Webb 922f8b6ba6 Add `server.session.store-dir` support
Add support for a `server.session.store-dir` property which can be used
to specify where session data source be saved.

Fixes gh-4191
9 years ago
Phillip Webb 143536f72d Polish 9 years ago
Andy Wilkinson f770dbab52 Apply HttpMessageConverter auto-config to form part converters
Closes gh-3525
9 years ago
Stephane Nicoll 266335339d Extract BindingResult if necessary
Previously, no `errors` attribute is made available in the standard JSON
error document if a request body object is invalid. This is due to the
fact that the framework throws a `MethodArgumentNotValidException holding
a `BindingResult` object that was not detected.

We now make sure to extract the `BindingResult` from such exception.

Closes gh-4166
9 years ago
izeye 033823f493 Disable SecurityFilterAutoConfiguration when spring-security-web is missing
Previously, SecurityFilterAutoConfiguration would be created even if
spring-security-web was not on the classpath. This didn't cause a
failure as all of its beans were disabled. It was, however, wasteful,
as the configuration class was processed and a bean created for it
unnecessarily.

This commit makes the whole class conditional on the presence of
spring-security-web so that it will be skipped entirely when the
dependency is not available.

Closes gh-4160
9 years ago
Phillip Webb ff0daa8d5c Use DelegatingFilterProxy for Spring Security
Update SecurityFilterAutoConfiguration to use a DelegatingFilterProxy
filter rather directly referencing the springSecurityFilterChain bean.

Using a DelegatingFilterProxy helps to prevent early initialization of
beans and makes Spring Security work in a similar to way to if were
installed in a regular WAR deployment.

Fixes gh-4154
9 years ago
Andy Wilkinson 3e79647b35 Fix import ordering 9 years ago
Andy Wilkinson 25e719f549 Fix handling of security.headers.* to allow headers to be disabled
Spring Security 4’s default configuration will, irrespective of any
other header writers that are added, enable writers for the following
headers:

 - X-Content-Type
 - X-XSS-Protection
 - Cache-Control
 - X-Frame-Options

Previously, SecurityProperties.headers used false as the default for the
properties that enable or disable these headers but the configuration is
only applied when the properties are true. This left us with the right
default behaviour (the headers are enabled) but meant that the
properties could not be used to switch off the headers.

This commit changes the defaults for the four properties to true and
updates SpringBootWebSecurityConfiguration to only apply the
configuration when the properties are false. This leaves us with the
desired defaults while allowing users to disable one or more of the
properties by setting the relevant property to false.

Closes gh-3517
9 years ago
Stephane Nicoll 8e0a94f1d7 Make sure Caching is initialized before JPA support
The second level cache of Hibernate can be configured with dedicated
factories that look up for the presence of a cache infrastructure. As
Hibernate shouldn't have to know about Spring, that lookup is done
against the respective proprietary APIs.

We now make sure that caching (and the general purpose Hazelcast
auto-configuration) is fully processed before JPA kicks in. In particular
an explicit `dependsOn` attribute on those beans is added when they are
processed.

Closes gh-4158
9 years ago
Stephane Nicoll 00af1f5c10 Flag main MbeanExporter `@Primary`
When the actuator is enabled, Spring Boot provides two `MBeanExporter`
bean definitions: a general purpose one and a dedicated one for Actuator
endpoints.

This commit flag the general purpose one `@Primary` so that component
can safely inject it by type if necessary. In particular, this fix the
doc of the `JmxMetricWriter`.

Closes gh-4007
9 years ago
Stephane Nicoll fb4cc718c2 Reuse existing ElasticSearch client
Instead of always creating a new ElasticSearch client, we now check for
the presence of a custom bean configuration and use that if it's
available.

Closes gh-4143
Closes gh-4146
9 years ago
Phillip Webb 877e6e034c Polish 9 years ago
Phillip Webb b6667e8495 Reformat code using Spring code formatter plugin 9 years ago
Phillip Webb 6333426cbf Reformat package-info.java files with Eclipse Mars 9 years ago
Phillip Webb 04074fece1 Merge branch '1.2.x' 9 years ago
Phillip Webb 94736719f1 Reformat package-info.java files with Eclipse Mars 9 years ago
Marten Deinum bad8c1bee8 Added support for the DB2 AS400 Driver
Closes gh-4115
9 years ago
Stephane Nicoll 7971ef24ce Polish
Closes gh-4119
9 years ago
Marten Deinum 96830a550a Add support for the DB2 Universal JDBC driver
Closes gh-4114
9 years ago
Stephane Nicoll 422444c3f2 Add throwExceptionIfNoHandlerFound property
Add a property to customize if an exception should be thrown when no
handler was found to process a given request.

Closes gh-4000
9 years ago
Andy Wilkinson 4968900b1d Gracefully disable Solr auto-configuration when Solr 5 is on classpath
Previously, if Solr 5 was on the classpath, SolrAutoConfiguration
would fail with a rather cryptic error message due to a change in the
inheritance hierarchy of CloudSolrServer between Solr 4 and Solr 5.

This commit updates SolrAutoConfiguration to be conditional on a
class that exists in Solr 4 but was removed in Solr 5. This has the
effect of switching off the auto-configuration when Solr 5 is on
the classpath, allowing the auto-configuration report to be used to
identify why the configuration was disabled. The documentation has
also been updated to state that Spring Boot does not currently support
Solr 5.0.

Closes gh-2795
9 years ago
Andy Wilkinson 031a8d5afa Polishing
Add missing javadoc to AuthoritiesExtractor and
FixedAuthoritiesExtractor
9 years ago
Dave Syer 4768faaba7 Add an AuthoritiesExtractor strategy for UserInfoTokenServices
Default will extract an "authorities" key from the map coming from the
server. No existing servers I am aware of actually send that data, but
it might be helpful as a default nevertheless. User can override the
default by adding a bean of that type.

Fixes gh-3711
9 years ago
Phillip Webb aae38db9af Fix compiler warnings only shown in Eclipse Mars 9 years ago
Phillip Webb c9fb9916b8 Reformat code using Eclipse Mars 9 years ago
Phillip Webb e473364e4e Merge branch '1.2.x' 9 years ago
Phillip Webb 6ab376e2e8 Reformat code use Eclipse Mars 9 years ago
Andy Wilkinson 291955613f Fix compile error in tests that doesn’t affect the compiler in Eclipse 9 years ago
Andy Wilkinson 0cdf19a4cb Update test to align with more precise information about target class
The latest Spring Framework 4.2.2 snapshots have reworked
EventListenerMethodProcessor so that it no longer queries a proxies
target class. Previously, when this was happening, it happened early
in the context's lifecycle when the bean's concrete type was unknown.
The led to the target class being set as the proxied interface.

With the latest 4.2.2 snapshots, the first call to
AopUtils.getTargetClass() happens in the test, by which time the
actual concrete type of the bean is known. This commit updates the
test so that its expectations match the more precise result.
9 years ago
Andy Wilkinson 953ef7091b Remove use of Ordered from auto-configuration classes
Closes gh-4056
9 years ago
Andy Wilkinson bc590a8bf4 Polishing, primarily to keep Checkstyle happy 9 years ago
Andy Wilkinson 2c2c7cee8d Polish contribution
See gh-4082
9 years ago
Benedikt Ritter 6978694cb8 Improve error reporting when driver class version is unsupported
ClassUtils.isPresent(String, ClassLoader) swallows all Throwables when
trying to load a class by name. For this reason
UnsupportedClassVersionError will also be swallowed when user code is
trying to use a driver library which has been compiled with a later
JDK than the one the application is running with. All the user would

see was "Cannot load driver class". This change simply propagates the
UnsupportedClassVersionNumberError so that it is easier for users to
find the root cause of the problem.

Closes gh-4082
Closes gh-4091
9 years ago
Dave Syer e17eab6430 Add placeholder resolution to OnResourceCondition
Users can write @ConditionalOnResource("${path.to.file}") and
placeholders are resolved from the environment.
9 years ago
Andy Wilkinson cff1eea4c4 Make new configuration inner class static
See gh-4079
9 years ago
Alexander Tokarev 91a40dd66c Disable unnecessary database initialization
If a DataSource class is found in the classpath then
EmbeddedDataSourceConfiguration will not be used, so the in-memory
database will not be shutdown on application context closing.
As a result, unnecessary database initialization may cause subsequent
tests to fail, for example see [1].

[1] https://github.com/spring-projects/spring-boot/issues/1712
9 years ago
Andy Wilkinson a4eec42813 Ensure that new JPA-based test doesn’t accidentally enable Bitronix 9 years ago
Andy Wilkinson d01236db30 Fix compile failure that doesn’t occur in Eclipse but does on Travis 9 years ago
Andy Wilkinson fd53cbf2f3 Stop JPA and a custom Flyway bean from causing a startup failure
Previously, if an application used JPA and declared its own Flyway bean,
startup would fail. The custom Flyway bean would switch off
auto-configuration of the FlywayMigrationInitializer bean but the
context’s entity manager factory beans would still be configured to
depend on the migration initialiser.

This commit splits the post-processor that configures the dependencies
into two. One that configures the dependency on the Flyway bean and
one that configures the dependency on the FlywayMigrationInitializer
bean. When to auto-configuration of the FlywayMigrationInitializer is
switched off, the auto-configuration of the latter dependency is also
switched off.

Closes gh-4079
9 years ago
Andy Wilkinson 917077c3dd Merge branch '1.2.x' 9 years ago
Andy Wilkinson a94f3a0cbf Only try to auto-configure Jetty when jetty-webapp is on the classpath
Closes gh-4089
9 years ago
Andy Wilkinson 5c35d89fd1 Revert "Update tests to shut down in-memory databases proactively"
For reasons I don't (yet?) understand, shutting down the databases
proactively triggers a StackOverflowError in Jersey. Reverting the
change while I try to figure out what's going in.
9 years ago
Andy Wilkinson 72122ec965 Update tests to shut down in-memory databases proactively 9 years ago
Phillip Webb d1b936ef2c Merge branch '1.2.x' 9 years ago
Phillip Webb 87a515f6a0 Fix TemplateAvailabilityProvider binding issues
Update all TemplateAvailabilityProvider implementations to use the
relaxed property binder. Also fix FreeMarkerTemplateAvailabilityProvider
to use `template-loader-path` rather than `path`.

Fixes gh-4085
9 years ago
Phillip Webb 5e58645202 Log warning for template folder not found problems
Update template auto-configurations to log a warning message rather
than throw an exception if the template folder cannot be found.

Fixes gh-4075
9 years ago
Phillip Webb 5ccd9afc78 Merge branch '1.2.x' 9 years ago