Update `JettyEmbeddedServletContainerFactory` to support Jetty 9.4
directly and Jetty 9.3 via reflection. The primary difference between
Jetty 9.3 and 9.4 are the session management classes. Websocket suppport
has also been updates, but this is handled transparently by the
Spring Framework support.
Fixes gh-7599
Update management security to require an `ACTUATOR` role rather than
`ADMIN` by default. This should reduce the risk of users accidentally
exposing actuator endpoints because they happen to use a role named
`ADMIN`.
Fixes gh-7569
This commit promotes the plugin dependency management for the
`maven-enforcer-plugin` and `maven-invoker-plugin` to the root. That way
these can be used in samples as well rather than having a separate copy.
Closes gh-7517
Update `ManagementServerProperties` so that `security.sessions` no
longer uses `SessionCreationPolicy` from Spring Security. We now
use our own enun which allows `management.security.*` properties to
be set without the risk of a `ClassNotFoundException`.
Fixes gh-3888
Cassandra sometimes takes a long time when dropping the test keyspace.
This results in the test failing due to an exception being thrown.
This commit attempts to make the tests more robust by catching and
logging any exceptions thrown during server cleanup.
To be compatible with Gradle's plugin portal, plugins must have an
ID that uses a reverse domain name. This means that spring-boot is
not compatible.
This commit introduces a new ID, org.springframework.boot, and
deprecates the old ID.
Closes gh-6997
To be compatible with Gradle's plugin portal, plugins must have an
ID that uses a reverse domain name. This means that spring-boot is
not compatible.
This commit introduces a new ID, org.springframework.boot, and
deprecates the old ID.
Closes gh-6997
Update dependency management to exclude commons-logging and add
an enforcer rule to spring-boot-samples to try and prevent unwanted
commons-logging dependencies from sneaking back in again.
Closes gh-7067
In addition, dependency management for `hazelcast-hibernate5` module has
been added, and a separate dependency version was introduced for
`hazelcast-hibernate4` module.
Closes gh-7023
This commit enables compatibility build against Spring Framework 5.
The Velocity and Guava support that are deprecated in the 1.x line have
been removed and few other classes contain minor change to comply to non
backward compatible changes in Spring Framework 5.
This commit also switches the required java version to 8.
Closes gh-6977
Switch `@AutoConfigureJsonTesters` to use regular `@Autowired` injection
for JSON testers. Prior to this commit JSON Tester fields were
initialized directly which caused IDE issues and was also a little
confusing.
Fixes gh-6451
Update @AutoConfigureMockMvc to support extended print options including
`System.err` and `log.debug`. In addition the "default" print option
can now be overridden by adding `spring.test.mockmvc.print=...` to
`src/test/resources/application.properties`.
Fixes gh-6455
Previously, an entry had to be added to spring.factories using the
name of one of the @AutoConfigure… meta-annotations on the @…Test
annotation as the key. This indirection was unnecessarily complicated.
This commit simplifies things by allowing the name of the @…Test
annotation itself to be used as the key.
Closes gh-6335
Where possible, code that previously synchronized on this (or on the
class in the case of static methods) has been updated to use an
internal monitor object instead. This allows the locking model that's
employed to be an implementation detail rather than part of the
class's API.
Classes that override a synchronized method continue to declare
the overriding method as synchronized. This ensures that locking
is consistent across the superclass and its subclass.
Closes gh-6262
springloaded isn't required in any of the samples, yet some of them
make use of it without being a springloaded-specific sample. This
is creating the false impression that springloaded is necessary in
cases where it's not.
The upgrade to Hibernate 5.2.0.Final has provide to be too
problematic to live with. It requires Java 8, is incompatible with
a number of other projects in the Hibernate ecosystem, and it's
unclear for how long it will be maintained. We'd previously used
Hibernate 5.1.0.Final but its maintenance is also unclear with
Hibernate 5.1.1.Final being more than 3 months overdue.
This commit drops back to Hibernate 5.0.9.Final. This has a few
advantages:
- It's Java 7 compatible
- It's had some time to mature and should be reasonably free of
regressions for those moving from 4.3.x
- It's used in both Wildfly and JBoss EAP so there's a fair chance
that it will continue to be maintained.
Closes gh-6198
This commit changes the default version of Tomcat to 8.5.3 while
also retaining support for Tomcat 8.0 and 7.0. The main difference
in 8.5 is that the ServerSocketFactory abstraction that allowed the
TrustStore and KeyStore to be configured programatically no longer
exists. This logic has been replaced with the use of a custom URL
protocol (springbootssl) that provides access to the key store and
trust store of an SslStoreProvider. In addition to working with 8.5,
this approach has the advantage of also working with 8.0 and 7.0.
Closes gh-6164
This commit removes HSQLDB dependency from Batch Starter as most apps
that use Spring Batch will prefer to use a RDBMS of their choice to store
batch metadata.
Additionally, explicit spring-jdbc dependency has been replaced with JDBC
Starter dependency.
See gh-6081
Update RemoteVehicleDetailsService and the related test to use the new
RestTemplateBuilder class and @RestClientTest annotation.
See gh-6030
See gh-5507
Neither Cassandra nor Elasticsearch starts reliably on Windows. This
commit adds a custom class rule to the associated sample application
tests to skip them on Windows. A class rule is used rather than a
Unit assumption as we want to avoid starting Elasticsearch (done by
the application context) and Cassandra (done by a test execution
listener) and an assumption would be too late.
Update TestRestTemplate so that it no longer directly extends
RestTemplate. Prior to this commit it was possible that TestRestTemplate
could interfere with user defined RestTemplate beans.
TestRestTemplate offers the same methods as RestTemplate so should be
a drop-in replacement. If access is needed to the actual underlying
template the `getRestTemplate()` method should be used.
Fixes gh-5915
Hibernate 5.1 logs an ugly but benign exception when using an in-memory
HSQL database when it tries to drop a non-existent constraint.
This commit changes the Spring Data REST sample to use H2 rather than
HSQL. This prevents the unwanted exception from occurring as Hibernate's
H2 dialect returns false from dropConstraints.
Previously, the name of a join table when using Hibernate 5 would
differ from those when using Hibernate 4 with the default
SpringNamingStrategy.
This commit introduces SpringImplicitNamingStrategy which customises the
name of join tables to match those produced by SpringNamingStrategy.
Closes gh-5880
The name of the table for a many-to-many relationship has changed in
Hibernate 5.1.
This commit updates the JPA sample’s import.sql accordingly. It also
updates the repository integration tests to verify that the data has
been imported successfully.
Closes gh-5880
Add additional @ConditionalOnMissingBean guards to session
configurations to ensure that the first wins. Also reorder imports
to prefer Redis over JDBC.
See gh-5158
Reorganize web related classes for better separation of concerns.
Mainly this involves moving classes from `o.s.b.context.embedded`
that aren't directly tied to embedded servlet containers to
`o.s.b.web` and relocating everything from `o.s.b.context.web`.
See gh-5822
Move the @LocalServerPort to org.springframework.boot.context.embedded
since it's only really useful when working with embedded servlet
containers.
See gh-5822
Since the `SampleJerseyApplication` class is already passed in the
`SpringApplicationBuilder` constructor, there is no need to override the
configure method of the `SpringBootServletInitializer` class.
Closes gh-5773
This commit streamlines the Integration Starter by removing the file
http, ip, and stream modules as they are not always used by a majority
of apps that use Spring Integration and can also pull in other, unwanted
dependencies.
Additionally, a dependency on spring-integration-java-dsl has been
added. This makes it easy for users to configure Spring Integration
using Java configuration (the recommended approach), rather than via
XML. The Integration sample has been updated to use the DSL. Further
improvements could be made once the sample is using Java 8.
Closes gh-5528
Rename spring-boot-starter-webservices back to spring-boot-starter-ws.
Unfortunately the starter exists in Spring Boot 1.3 so we can't rename
it without consequence.
See gh-5711
The ServerConnector class doesn’t exist in Jetty 8 so we have to
resort to reflection to create and configure a SelectChannelConnector
instead.
Closes gh-5649
See gh-5380
Our Windows build is failing currently because the couchbase server does
not handle a socket connection within a second (the default). This commit
adds a property to customize this option and set it to 10 sec in the
sample.
While investigating this issue, it turns out that while
`CouchbaseConfiguration` is public, it is not really possible to extend
it in user's configuration. This commit fixes this problem and add a test
that demonstrates how it can be used.
Closes gh-5657
The couchbase instance in our windows infra seems super slow. Trying to
workaround that issue by increasing the connect timeout from 5 to 10 sec.
See gh-5651
Refactor several aspects of the ImageBanner:
- Extract a few new classes and methods from the previous code
- Directly encode ANSI rather than using `${}` properties
- Rework the scaling algorithm to prefer a fixed width
- Allow ImageBanner and TextBanner to be used together
- Rename several of the `banner.image` properties
- Add support for a left hand margin
- Add property meta-data
See gh-4647
While the benign exception that Gemfire outputs is unfortunate, it
isn't sufficient justification for adding dependency management for
Spring Shell.
Closes gh-5444
Rework the new testing support so that @SpringApplicationTest can be
used for standard integration tests, web integration tests with a
mock Servlet environment and web integration tests with an embedded
servlet container. This means that it a replacement for 1.3's
@IntegrationTest and @WebIntegrationTest and allows all
SpringApplication testing to be configured using a common annotation.
The old @IntegrationTest and @WebIntegrationTest along with their
supporting classes have been reinstated to their previous form (while
remaining deprecated). This should ensure that they continue to work
in 1.4 exactly as they did in 1.3 giving users a smooth path to
@SpringApplicationTest.
See gh-5477
This commit polihes the original Neo4j contribution in several areas.
Rather than providing the packages to scan, this commit rearranges the
`EntityScan` and `EntityScanRegistrar` so that the logic can be shared
for other components. If no package is provided, scanning now defaults to
the "auto-configured" package(s) and a `@NodeEntityScan` annotation
allows to override that.
The configuration has also been updated to detect the driver based on the
`uri` property. If the embedded driver is available we use that by
default. If it is not available, we're trying to connect to a Neo4j
server running on localhost. It is possible to disable the embedded mode
or set the `uri` parameter explicitly to deviate from these defaults.
The sample no longer relies on the embedded driver for licensing reason:
rather it expects an instance running on localhost (like other
data-related samples) and gracefully ignore any connection error. A
README has been added in the sample to further explain the available
options;
Closes gh-5458
The commit adds a new BuildInfo task that can be used to generate
a build.properties file, intended for inclusion in the Actuator's
info endpoint.
A default instance of the task can be configure using the plugin's
DSL:
springBoot {
buildInfo()
}
Additional properties can also be configured using the DSL:
springBoot {
buildInfo {
additionalProperties = [
'foo': 'bar'
]
}
}
When configured via the DSL, the Java plugin's classes task is
configured to depend on the build info task. Alternatively, if more
control is required, the task can be declared and configured manually:
task buildInfo(type: org.springframework.boot.gradle.buildinfo.BuildInfo) {
additionalProperties = [
'foo': 'bar'
]
}
classes {
dependsOn buildInfo
}
See gh-2559
This is a follow-on from the work done in 5009933. Now that SPR-14015
has been fixed, constructor injection can also be used for parameterised
dependencies, including optional dependencies that are injected via
an ObjectProvider.
Closes gh-5306
This commit updates the cache auto-configuration to provide a
`CouchbaseCacheManager` if a `Bucket` has been configured.
The global customizer infrastructure allows to further tune the cache
manager if necessary.
Closes gh-5176
This commit separates the basic setup of Couchbase from Spring Data so
that a `Bucket` and `Cluster` bucket beans are exposed even if Spring
Data is not available.
A basic setup happens if `spring.couchbase.bootstrap-hosts` is specified,
configuring the `default` bucket with no authentication unless specified
otherwise.
If Spring Data is available, those beans are re-used by default to
configure the `CouchbaseTemplate` and other repository-related beans.
Closes gh-5347
This commit updates the Maven plugin to generate a
`META-INF/boot/build.properties` file with various build-specific
settings (group, artifact, name, version and build time). Additionally,
the plugin can be configured to write an arbitrary number of additional
properties.
A new `BuildProperties` bean is automatically exposed when such a file is
present. If that bean is present, an `InfoContributor` is automatically
created to expose that information under the `build` key.
As for the git contributor, it is possible to only display the core
settings or everything using the `management.info.build.mode` property.
See gh-2559
Support for Velocity has been deprecated in Spring Framework 4.3 with
the plan being to remove it in 5.0. This commit deprecates Spring
Boot's support in 1.4, with the plan being to remove it in 2.0.
Closes gh-5276
This commit updates "simple" configuration classes to use constructor
injection. Simple means that there are no optional dependencies
(@Autowired(required=false) is not used), and none of the dependencies
use generics.
Configuration classes that are not simple will be updated in a second
pass once https://jira.spring.io/browse/SPR-14015 has been fixed.
See gh-5306
`InfoProvider` is now `InfoContributor` and contributes to the `Info`
instance via a builder. The `Info` instance is immutable. Each
contributor can be disabled via the `management.info.<name>.enabled`
key or all can be disabled using `management.info.defaults.enabled` (this
is similar to what the health endpoint does).
By default, all keys from the environment starting with `info.` are
exposed. If a `git.properties` file is present in the classpath, the
content of `GitInfo` is exposed using the `git` key.
A `SimpleInfoContributor` and `AbstractEnvironmentInfoContributor` are
available for convenience. `InfoContributor` instances can be ordered
the usual way, with a default order provided by
`InfoProviderAutoConfiguration#DEFAULT_ORDER`.
Closes gh-3492
The integration tests for the Spring Data Cassandra sample application
fail intermittently, apparently due to Cassandra failing to start
within the default timeout period of 10000ms.
In attempt to get the tests to pass reliably, this commit increases
the timeout to 60000ms (1 minute).
Expose an `auto-index` property that controls if views and indexes
should be created automatically.
Update the sample so that it uses this new property, lowering the manual
steps to make it working on a vanilla couchbase server.
See gh-3498
When `@EnableConfigurationProperties` is defined, Spring Boot
automatically registers a bean in the context for each class specified
on the annotation. Previously, the name of the bean only included the
prefix which leads to conflict if two different classes use the same
prefix.
This commit changes the bean name structure to be <prefix>-<fqn> where
prefix is the prefix used on the annotation and <fqn> the fully qualified
name of the target class.
Closes gh-4395
`server.session-timeout` was deprecated in 1.3 but still used in a sample
that broke once the support for it was removed. This commit fix the build
by using the expected property.
Update exit code support to allow the ExitCodeGenerator interface to
be placed on an Exception. Any uncaught exception implementing the
interface and returning a non `0` status will now trigger a System.exit
with the code.
Fixes gh-4803
Ensure that Collections.isEmpty() is used to check if there are no
elements in a collections. This is more explicit and can be faster than
calling .size().
Closes gh-4783
This change permanently removes links from the endpoints that return
arrays or collections, and also disables them in the rest of the
endpoints (except /actuator) by default.
Fixes gh-4616
Add a `server.server-header` property which can be used to override the
`server` header usually sent back automatically by Tomcat/Jetty or
Undertow.
See https://www.owasp.org/index.php/Securing_tomcat for background.
Fixes gh-4461
Closes gh-4504
Previously, BasicErrorController would return the response status
set in the javax.servlet.error.status_code request attribute when
serving JSON but would also return a 200 OK response when serving
HTML. This didn’t cause much trouble when a person was browsing, but
proved problematic for machine clients that request text/html and care
about the response status. For example, the success handler would be
driven for an XHR request even though the response was really an error.
This commit updates BasicErrorController to set the response status for
text/html responses to match the status that it would use in an
application/json response.
Closes gh-4694
If user set the management.port *and* the management.context-path
then the /error path was in the wrong place because formerly it
was implemented (in this case) by an MvcEndpoint. If we
switch it to a regular @Controller (which are now supported in the
child context if there is one) then it won't disappear under the
management.context-path.
Also use lazy request matching in ignores as well as secure paths.
The problem was that the ignores were constructed eagerly from the
actuator paths before they were available (the EndpointHandlerMapping
needs to be lazily accessed to avoid a security-induced bean creation
cascade).
Fixes gh-4624
The Maven POM does all the dependency resolutions for the
spring-boot-antlib project. Delegating this task to Ivy, which is
buried deep in the Antrun/Antunit part of the build, makes any kind
of proxy configuration much more complex.
The ivysettings.xml already has the local M2 repository configured,
but because the folder "repository" is missing, the artifacts, already
downloaded by Maven cannot be resolved from this location.
The Spring and Maven Central repositories should be removed from the
ivysettings.xml files in order to force all resolves to be done through
the local M2 repository. The POM of joda-time version 2.8.1 has an
optional dependency to joda-convert 1.2, which lets the Ivy resolve
process fail, because this version of the joda-convert library was
not resolved by any of the Maven POMs. It seems as if Ivy does not
respect the optional scope, defined in the joda-time POM.
Pass proxy settings to the forked process to make the Gradle distribution download work
Create a gradle.properties file for each Gradle integration test and writes the forking
process' proxy settings as systemProp.http(s).Host/Port to the properties file.
This configures the external process with the right proxy settings to let it download
the Gradle distribution via the HTTP proxy server.
Added a hint for Windows users to get the core.autocrlf setting right
When the core.autocrlf setting under Windows is set to false for example
All files are not converted regarding their EOL characters to the
Windows format with CRLF at a line's end. There is a checkstyle
validation that checks that all files have the system's line endings
and in some test-cases the value from the system property "line.ending"
is used to check test output. So without the conversion, those checks
are going to fail, resulting in build errors.
Fixes gh-4367, fixes gh-3816
The InteractiveAuthenticationSuccessEvent is always shadowed by a
regulat AuthenticationSuccessEvent, so there's no need to listen for
all AbstractAuthenticationSuccessEvents.
Fixes gh-4355
The HATEOAS sample does not support XML responses. Previously, the
controller doesn't constrain the media types that it could produce.
This would result in a failure when handling a request that prefers
XML responses.
This commit updates the produces clauses in the controller so that
the sample will only attempt to produce JSON.
Closes gh-4343
The documentation recommends configuring the HTTP connector in code
and using application.properties to configure the HTTPS connector
as it's easier. This commit updates the sample to follow that
recommendation.
Closes gh-4342
FacesListener in Mojarra 2.2.12 (used in Glassfish 4.1.1) is a
ServletContainerInitializer that’s annotated to handle types annotated
with javax.annotation.Resource.
OAuth2RestOperationsConfiguration.SessionScopedConfiguration is one such
class. This leads to com.sun.faces.config.DelegatingAnnotationProvider
calling getAnnotations on SessionScopedConfiguration.class. This fails
with a java.lang.ArrayStoreException due to SessionScopedConfiguration
being annotated with @ConditionalOnBean(OAuth2ClientConfiguration) and
OAuth2ClientConfiguration not being on the classpath.
DelegatingAnnotationProvider currently catches NoClassDefFoundErrors
thrown during its annotation processing. It needs to be made more
robust so that it also copes with an ArrayStoreException, in a similar
way to how org.glassfish.apf.impl.AnnotationProcessorImpl was updated to
fix GLASSFISH-21265 [1]. I’ve opened an issue to this effect [2].
In the meantime, we can work around the brittleness in
DelegatingAnnotationProvider by restructuring
SessionScopedConfiguration. This commit moves the use of @Resource into
a nested inner class, ClientContextConfiguration, while leaving the use
of @ConditionalOnBean on SessionScopedConfiguration. This means that it
is now ClientContextConfiguration that is passed to FacesListener and
processed by DelegatingAnnotationProcessor, thereby avoiding exposing
it to the @ConditionalOnBean annotation that it does not handle
gracefully. A Glassfish-based deployment test has also been added to
verify the fix.
Closes gh-2079
Closes gh-4321
[1] https://java.net/jira/browse/GLASSFISH-21265
[2] https://java.net/jira/browse/JAVASERVERFACES-4076
Previously, OrderedRequestContextFilter was ordered such that it
ran after Spring Security's Filter. This meant that the request
context was unavailable to any Filters in Spring Security's Filter
chain. Specifically, this caused a failure when using @EnableOAuth2Sso
as OAuth2ClientAuthenticationProcessingFilter, which is added to
Spring Security's Filter chain would be unable to use the
request-scoped bean upon which it depends.
This commit updates the order of OrderedRequestContextFilter so that
the request context is set up before Spring Security's Filter runs.
The tests for SampleGitHubApplication have been updated to use
TestRestTemplate rather than MockMvc. This is necessary as the latter,
via ServletTestExecutionListener, automatically populates the request
context holder, masking the fact that the request context filter was
setting it up too late.
Closes gh-4270
Update TraceWebFilter to optionally trace more details from the
HttpServletRequest/HttpServletResponse. The `management.trace.include`
property can be used to change what aspects are logged.
Closes gh-3948
Prior to 8.0.28 Tomcat required the key store and trust store (if any)
to be available directly on the filesystem, i.e. classpath: resources
would not work. Tomcat 8.0.28 removed this limitation.
This commit updates to Tomcat 8.0.28, updates the tests to verify
the new Tomcat capability and removes the obsolete documentation of
the restriction.
Closes gh-4048
Update the samples and integration tests to use Java 8. There's no
specific reason to keep them on Java 6 and it helps keep Eclipse happy
if we upgrade.
Update the samples and integration tests to use Java 8. There's no
specific reason to keep them on Java 6 and it helps keep Eclipse happy
if we upgrade.
The redirect happens in two stages, first from / to /login on localhost
and then to github.com. This commit updates the test to check that the
first redirect has worked, i.e. from / to /login on localhost.