Hikari can configure both an underlying Driver or DataSource. Spring Boot
only supports the former so any attempt to trigger the creation of the
latter will lead to an exception since the auto-configuration has set
driver-specific field.
This commit adds an analyzer that intercepts such faulty scenario and
indicate that users should configure Hikari with an underlying DataSource
themselves.
Closes gh-6568
This commit marks the auto-configured `JdbcTemplate` as `Primary`. Spring
session creates its own so we could end up with two in a fully auto
configured context.
Closes gh-6717
Previously, Tomcat’s background processing was only enabled on the
context but access logging was configured on the engine. This means that
the access log valve’s background processing method was never called
and, therefore, that it wasn’t flushed periodically.
This commit moves the enablement of background processing up to the
engine, thereby ensuring that the access log is flushed periodically.
Background processing cascades down the container hierarchy so, after
this change, background processing will still be performed on the
context as well.
Closes gh-6646
We make Liquibase aware of our custom Commons Logging-based logger by
adding its package to the Liquibase ServiceLocator’s packages to scan.
Previously, this was happening too late so Liquibase may have already
initialized and cached a particular logger.
This commit moves the registration of the extra package from the
Liquibase auto-configuration to the application listener that customises
Liquibase’s ServiceLocator. This ensures that the package is added
before Liquibase is used. Unfortunately, configuring Liquibase’s
ServiceLocator and its packages to scan causes it to try to perform
some logging, resulting in it caching the wrong type of logger. We
work around this problem by resetting Liquibase’s LogFactory once we’ve
finished setting everything up.
Closes gh-6713
As of Spring Boot 1.4, IDEs are supposed to provide auto-completion for
hints and enum values. This commit removes the hard-coded copy of
allowed values for enum-based properties. This was mostly the case
already and this commit fixes the few ones remaining.
Closes gh-6654
This commit restores the support of "spring.datasource.type". If this
property is set to an unsupported `DataSource` implementation, we now
properly create it again, rather than ignoring it because its value did
not match any value we support.
Since Spring Boot 1.4 now redirects `DataSource` implementation settings
to dedicated namespaces, the documentation has been updated to explicitly
mention how one can create such arrangement for an unsupported
implementation.
As a convenience, `DataSourceProperties` can initialize a
`DataSourceBuilder` based on its internal state, making it very easy for
anyone to create a `DataSource` from a `DataSourceProperties` instance.
Closes gh-6695
This commit adds a new configuration key:
spring.http.encoding.mapping.<locale>=<charset>
This allows to specify which default charset should be used for any
given Locale, if none has been provided already in the response itself.
This applies to all supported embedded servlet containers.
Fixes gh-6453
Prior to this commit parsing addresses had an inconsistent effect on the
various properties that can be contained in an address (host, port,
username, password, and virtual host).
Three different approaches were used:
1. Return the property if no addresses were set. If there was one
address set, return the property from the address. Otherwise return
null. (host)
2. Return the property if no address were set, otherwise return the
property from the first address (port)
3. Return the property if no addresses were set, otherwise return the
property from the last address that had such property (username,
password, virtual host).
This commit aims to make the behaviour consistent. If no addresses
were set the property is returned. Otherwise the value extracted from
the first address is returned. If the first address has no such value
the property is returned.
Closes gh-6424
Previously, one SpringApplicationAdminMXBeanRegistrar was created
per context. When there was more then one context this would result
in a javax.management.InstanceAlreadyExistsException being thrown
as an attempt was made to register the MBean more than once.
This commit updates SpringApplicationAdminJmxAutoConfiguration so
that the registrar is only created when there's no such existing bean
in the context hierarchy.
Closes gh-6378
Commit 3ea84f9e1 has wrongly introduced a `@Primary` marker on
`IntegrationMBeanExporter` so any use of both Spring's JMX support
and Spring Integration's JMX support leads to an exception. This commit
makes sure to remove the unnecessary `@Primary`
Closes gh-6328
This commit makes sure to use `getAliasedStringArray` rather than
`getStringArray` as the latter does not work with ASM. While this will
probably be fixed in the core framework, this commit also adds dedicated
tests with ASM to ensure that the code works as expected.
Closes gh-6337
By default Jersey configures Jackson to use both Jackson annotations
and JAXB annotations when introspective types for (de)serialization.
However, the changes made in 5776d6a8 mean that Jersey no longer uses
its default ObjectMapper configuration and uses the auto-configured
ObjectMapper instead. This had the unwanted side-effect of leaving
Jersey with an ObjectMapper that only uses Jackson annotations and
ignores JAXB annotations.
This commit updates JerseyAutoConfiguration so that it will add the
JaxbAnnotationIntrospector to the auto-configured ObjectMapper for
both serialization and deserialization. It uses
AnnotationIntrospectorPair to ensure retain any existing
introspectors.
Closes gh-6310
This commit adds a new property, server.tomcat.redirect-context-root,
that can be used to configure the Tomcat Context’s
mapperContextRootRedirectEnabled property. The default is to not apply
any configuration and, therefore, to use Tomcat’s default of true.
Closes gh-6248
Change WebMvcAutoConfigurationAdapter.requestContextFilter() to a static
method so that the configuration class isn't needed when creating it.
This helps to prevent early initialization of beans.
See gh-6178
Previously, Spring Mobile was only supported for Thymeleaf and JSPs. This
commit improves the auto-configuration to also provide device delegating
support for Freemarker, Groovy Templates and Mustache.
Closes gh-5140
This commit makes sure that the condition that links a `MongoClient` to
the embedded mongo server kicks in only if `MongoClientFactoryBean` is
also on the classpath.
Previously, only a condition on the mongo driver existed, leading to
`ClassNotFoundException` if Spring Data MongoDB wasn't available.
See gh-6203
Previously, if an exception was resolved by a `HandlerExceptionResolver`
nothing the log indicated a failure to process the query.
This commit adds a new property `spring.mvc.log-resolved-exception` that
enables warning logs for supported `HandlerExceptionResolver` instances.
When Devtools is enabled, this flag is enabled by default.
Closes gh-2176
Add a new `@EntiyScan` annotation that's used by auto-configuration to:
* Set JPA packagesToScan.
* Set Neo4J's SessionFactory packages.
* Set the initial entity set for Spring Data MongoDB, Cassandra and
Couchbase mapping contexts.
Additionally deprecate `@org.springframework.boot.orm.jpa.EntityScan`.
See gh-6142
Move Neo4J auto-configuration from `autoconfigure.neo4j` to
`autoconfigure.data.neo4j` since it's intrinsically linked to Spring
Data.
See gh-5458
See gh-6142
The upgrade to Hibernate 5.2.0.Final has provide to be too
problematic to live with. It requires Java 8, is incompatible with
a number of other projects in the Hibernate ecosystem, and it's
unclear for how long it will be maintained. We'd previously used
Hibernate 5.1.0.Final but its maintenance is also unclear with
Hibernate 5.1.1.Final being more than 3 months overdue.
This commit drops back to Hibernate 5.0.9.Final. This has a few
advantages:
- It's Java 7 compatible
- It's had some time to mature and should be reasonably free of
regressions for those moving from 4.3.x
- It's used in both Wildfly and JBoss EAP so there's a fair chance
that it will continue to be maintained.
Closes gh-6198
Previously, when `spring.mvc.locale` was specified, that locale was used
regardless of the client's preferences. This commit adds an extra
`spring.mvc.locale-resolver` property that can control how the locale is
resolved. The default is `ACCEPT_HEADER` but can be set to `FIXED` to
restore the previous behaviour.
Closes gh-6083
This commit adds auto-configuration support for Jest, an HTTP client for
Elasticsearch. If Jest is present, a `JestClient` targeting a local
elasticsearch instance is auto-configured. Several properties from the
`spring.jest.*` namespace allows to tune the client.
Closes gh-6032
Add `WebMvcRegistrations` which can be used to provide custom
instances of `RequestMappingHandlerMapping`,
`RequestMappingHandlerAdapter` and `ExceptionHandlerExceptionResolver`.
Those instances are then used and processed by the Boot MVC
configuration.
Prior to this commit, developers could provide their custom instances
of MVC infrstructure components such as `RequestMappingHandlerMapping`
and `RequestMappingHandlerAdapter` only by using advanced configuration
strategies. Those advanced configurations involved subclassing
`WebMvcConfigurationSupport` which effectively turns off MVC
auto-configuration in Boot.
Fixes gh-5004
Closes gh-6100
Prior to this commit, defining a custom `DispatcherServlet` and/or a
`ServletRegistrationBean` with the default name would turn off
completely the `DispatcherServletAutoConfiguration`.
This commit splits this auto-configuration in two parts:
- First, a `DispatcherServlet` is automatically registered if no
instance is already defined with the default name.
- Then, a `ServletRegistrationBean` is registered is registered if a
`DispatcherServlet` instance exists with the default name *and* no
`ServletRegistrationBean` exists with the default name
This allows developers to register manually a `ServletRegistrationBean`
or a `DispatcherServlet` without having to redefine the whole
auto-configuration.
Fixes gh-4893
Closes gh-6108
Add auto-configuration for use with typical web clients. Currently
client auto-configuration consists of a RestTemplateBuilder
pre-configured with HttpMessageConverters.
Closes gh-5507
This commit upgrades to MongoDB 3. Dependency management has been added
for the new and preferred mongodb-driver artifact. The starter has
been updated to use this new artifact rather than monogo-java-driver.
Dependency management for mongo-java-driver has been retained to avoid
causing problems for people who have declared the dependency explicitly.
The auto-configuration for Embedded Mongo has also been updated to
use 3.2.2 by default.
Closes gh-3011
Extract TemplateAvailabilityProvider caching logic to a new
TemplateAvailabilityProviders class and provide property support to
disable it. Also update DevToolsPropertyDefaultsPostProcessor to
automatically set the property.
Fixes gh-5989
Update HttpEncodingProperties to offer explicit `force-request` and
`force-reponse` properties in additional to the existing `force`
property.
Closes gh-5459
Update TestRestTemplate so that it no longer directly extends
RestTemplate. Prior to this commit it was possible that TestRestTemplate
could interfere with user defined RestTemplate beans.
TestRestTemplate offers the same methods as RestTemplate so should be
a drop-in replacement. If access is needed to the actual underlying
template the `getRestTemplate()` method should be used.
Fixes gh-5915
Instead of using a @Bean, it is better to use an opaque factory
for an internal dependency that users are not going to want in
the context. OAuth2RestTemplate is a common enough bean type that
creating on in autoconfig makes it hard for users to add their own
for business use.
See gh-5967
This commit removes the creation of a `@Primary` `OAuth2RestTemplate`
and updates the documentation accordingly.
Once #5507 is implemented we could revisit this area to provide a way for
users to easily create such a bean.
Closes gh-5202
Commit b7e7bcf made `spring.session.store-type` explicit which means that
users of Spring Session in 1.3 have to set that property to restore the
auto-configuration support in 1.4.
This commit implicitly set the store type to redis if redis is present
and log a warning inviting the user to actually specify that in
configuration.
The entry in the auto-configuration report also mentions that such
arrangement is deprecated.
Closes gh-5838
The getContentType() accessor method on View appears to only be used
for content negotiation. For the Content-Type header to be included in
the response the view needs to set it explicitly when render is called.
Closes gh-5918
Previously, the name of a join table when using Hibernate 5 would
differ from those when using Hibernate 4 with the default
SpringNamingStrategy.
This commit introduces SpringImplicitNamingStrategy which customises the
name of join tables to match those produced by SpringNamingStrategy.
Closes gh-5880
This commit builds on the new abstraction introduced in 2a0b8a7 by
applying the standard JacksonProperties-based
Jackson2ObjectMapperBuilder configuration via a customizer.
It also applies some polishing to the original contribution:
- Code has been formatted
- Logic that applies the customizers has moved to be alongside the code
that creates the builder
- Logic that explicitly sorted the customisers has been removed as
they will be sorted automatically prior to injection
Previously, it was difficult to customize the auto-configured
Jackson2ObjectMapperBuilder. Typically, use of a bean post processor
was required.
This commit introduces Jackson2ObjectMapperBuilderCustomizer. Beans
that implement this interfaces are called during creation of the
auto-configured Jackson2ObjectMapperBuilder, providing an opportunity
to customize its configuration.
Closes gh-5803
The name of a JOOQ SQLDialect does not always match the name defined
in sql-error-codes.xml. For example, the Postgres translator was not
initialized correctly because in JOOQ the dialect is named
SQLDialect.POSTGRES, but in sql-error-codes.xml the bean is named
"PostgreSQL".
This commit updates the translator to use the dialects third-party
springDbName which ensures that it maps correctly to the entries in
sql-error-codes.xml.
Closes gh-5884
It is legal for an annotation to be annotated with itself. Previously,
when searching for meta annotations this could lead to a stack overflow.
This was likely to occur when using Kotlin as, like Java, its Target
annotation is annotated with itself. A stack overflow doesn’t occur
with Java’s Target annotation due to some short-circuiting logic for
annotations in java.lang.
This commit updates the logic for finding meta-annotations to
short-circuit when an annotation that has already been seen is
encountered.
Closes gh-5902
While working on gh-5309, a regression was introduced and fixed right the
way on master. Unfortunately, the fix wasn't applied to `1.3.x` as it
should have been.
This commit applies 6dd8415 to `1.3.x`
Closes gh-5901
Previously, Spring Session would be auto-configured by the mere presence
of Spring Session in the classpath. This was fragile as determining a
store type according to the environment could easily change when the
classpath of the project changes.
This commit makes the store-type property mandatory. If it is not set,
Spring Session is no longer auto-configured.
Closes gh-5838
This commit improves the `InfoContributor` infrastructure as follows:
* `InfoEndpoint` no longer breaks its public API and returns a Map as
before
* `Info` is now immutable
* All properties of the build are now displayed. Since we control the
generation of that file, there is no longer a mode to restrict what's
shown
* Build info is now generated in `META-INF/build-info.properties` by
default
Closes gh-5734
ErrorMvcAutoConfiguration creates a BeanNameViewResolver bean in case
the user has used @EnabledWebMvc and disabled WebMvcAutoConfiguration.
If the user hasn’t used @EnabledWebMvc, WebMvcAutoConfiguration will
creates its BeanNameViewResolver and override the one that’s already
been defined by ErrorMvcAutoConfiguration.
This commit makes WebMvcAutoConfiguration’s BeanNameViewResolver
definition conditional on there being no existing BeanNameViewResolver
bean definition.
Closes gh-5354
to stop it from being included in the enclosing @Configuration.
That way, if the app is not a web app, then there really is a
client_credentials OAuth2 resource (as claimed in the user guide).
Fixes gh-5735
A recent Spring Framework change in `CharacterEncodingFilter` allows to
configure the force flag separately for requests and responses. This
commit enables the flag only for requests which should provide a better
default with binary content.
Closes gh-5459
Previously, the auto-configured
`OAuth2ClientAuthenticationProcessingFilter` instance had no
`ApplicationEventPublisher`. As a result, no event was fired. This commit
makes sure to associate the event publisher instance.
Closes gh-5853
Add additional @ConditionalOnMissingBean guards to session
configurations to ensure that the first wins. Also reorder imports
to prefer Redis over JDBC.
See gh-5158
This implementation was inspired in large part by the cache
auto-configuration. In addition to the originally supported Redis, now
Hazelcast, an in-memory map, as well as a no-op option are supported. It
should be easy to extend this to include additional data stores in the
future.
Closes gh-3811
`JedisConnectionFactory` needs `commons-pool2` for quite some time now
and our auto-configuration had a special case to handle redis if
`commons-pool2` isn't available.
This commit removes that code as using it would lead to a failure anyway.
Closes gh-5718
Allow convention based status error pages. Static HTML or templates
can be used by placing the appropriately named file under a `/error`
folder. For example:
/src/main/resource/templates/error/404.ftl
or /src/main/resource/public/error/404.html
Pages can also be named after the status series (5xx or 4xx).
Fixes gh-2691
Create ErrorPageRegistry and ErrorPageRegistrar interfaces that allow
error page registration to be a first class concern.
Prior to this commit ErrorPageFilter needed to implement
ConfigurableEmbeddedServletContainer in order to receive ErrorPage
registrations.
Closes gh-5789
Reorganize web related classes for better separation of concerns.
Mainly this involves moving classes from `o.s.b.context.embedded`
that aren't directly tied to embedded servlet containers to
`o.s.b.web` and relocating everything from `o.s.b.context.web`.
See gh-5822
Move the @LocalServerPort to org.springframework.boot.context.embedded
since it's only really useful when working with embedded servlet
containers.
See gh-5822
Rabbit client 3.6.* uses TLSv1.1 as the default algorithm which
many brokers are deisabling these days. Spring AMQP supports
changing the algorithm by name, so this is just a pass thru for
that.
It sometimes has to catch an exception from the security filter so
it needs to be before, and somehow this hasn't been a problem up to
now, but probably only by some fluke.
Fixes gh-5792
Previously, spring.thymeleaf.cache was only applied to auto-configured
TemplateResolver. This commit also applies the propery to the
auto-configured ThymeleafViewResolver.
Closes gh-5395
Update UserInfoTokenServices.getPrincipal() so that it can be overridden
by subclasses to allow a custom authenticated principal to be returned
from the authorized request parameters.
Fixes gh-5053
Add support for Jetty `acceptors` and `selectors` configuration, either
directly on the `JettyEmbeddedServletContainerFactory` or via
`server.jetty.acceptors`/`server.jetty.selectors` server properties.
Fixes gh-5380
Closes gh-5649
Our Windows build is failing currently because the couchbase server does
not handle a socket connection within a second (the default). This commit
adds a property to customize this option and set it to 10 sec in the
sample.
While investigating this issue, it turns out that while
`CouchbaseConfiguration` is public, it is not really possible to extend
it in user's configuration. This commit fixes this problem and add a test
that demonstrates how it can be used.
Closes gh-5657
Update ServerProperties so that `null` values are not applied when
customizing the EmbeddedServletContainerFactory. Primarily changed to
stop `server.undertow.accesslog.enabled` from being blindly applied.
Fixes gh-5515
When @ConditionalOnBean or @ConditionalOnMissingBean are used on a
@Bean method, they will, in the absence of any other configuration,
attempt to deduce the bean's type by examining the method's return
type. This deduction can fail. See gh-4841, gh-4934, and gh-5624
for some examples of possible failure causes. Previously, this
failure was only logged as a debug message leaving the user with a
misleading message suggesting that the @ConditionalOnBean or
@ConditionalOnMissingBean annotation was not configured correctly.
This commit improves the diagnostics by mention the possibility of
type deduction in the exception message and including the exception
that caused deduction to fail as the cause.
Closes gh-4934
The Mustache support should still be usable outside a web application
because the properties only use web stuff in that context and don't
have any field or method signatures that depend on web.
Fixes gh-5626
Upgrade to Hibernate 5.1, whilst still retaining compatibility with
Hibernate 4.3. This commit introduces the following changes:
* Add SpringPhysicalNamingStrategy to provides lowercase/underscore
table names support. This should be equivalent to the previous
SpringNamingStrategy that was used with Hibernate 4. No
ImplicitNamingStrategy is provided since the Hibernate 5 defaults
appear to be roughly equivalent to the conventions used in Spring
Boot 1.3
spring.jpa.hibernate.naming.
* Migrate `spring.jpa.hibernate.naming-strategy` to
`spring.jpa.hibernate.naming.strategy` and provide additional
properties for physical and implicit.
* Add `spring.jpa.hibernate.use-new-id-generator-mappings` property and
default to `false` when on Hibernate 5 to retain back compatibility.
See gh-2763
In particular it now accepts a list of maps containing
"authority" keys (which is what you get from a standard JSON
decoding of a Spring Security Authentication).
Fixes gh-5482
Rework the new testing support so that @SpringApplicationTest can be
used for standard integration tests, web integration tests with a
mock Servlet environment and web integration tests with an embedded
servlet container. This means that it a replacement for 1.3's
@IntegrationTest and @WebIntegrationTest and allows all
SpringApplication testing to be configured using a common annotation.
The old @IntegrationTest and @WebIntegrationTest along with their
supporting classes have been reinstated to their previous form (while
remaining deprecated). This should ensure that they continue to work
in 1.4 exactly as they did in 1.3 giving users a smooth path to
@SpringApplicationTest.
See gh-5477
It was seeen that if a different plugin was used to package Spring Boot
that the project would load but no autoconfiguration actually took
place and many features were mysteriously not working. Adding a check
to ensure that some factories are always loaded as this is expected.
Closes gh-5465
This commit fixes `IntegrationAutoConfiguration` to actually rely on the
auto-configured `MBeanServer` rather than attempting to create it again.
If JMX support is disabled, no attempt to register integration-related
MBeans is made.
Closes gh-5309
This commit polihes the original Neo4j contribution in several areas.
Rather than providing the packages to scan, this commit rearranges the
`EntityScan` and `EntityScanRegistrar` so that the logic can be shared
for other components. If no package is provided, scanning now defaults to
the "auto-configured" package(s) and a `@NodeEntityScan` annotation
allows to override that.
The configuration has also been updated to detect the driver based on the
`uri` property. If the embedded driver is available we use that by
default. If it is not available, we're trying to connect to a Neo4j
server running on localhost. It is possible to disable the embedded mode
or set the `uri` parameter explicitly to deviate from these defaults.
The sample no longer relies on the embedded driver for licensing reason:
rather it expects an instance running on localhost (like other
data-related samples) and gracefully ignore any connection error. A
README has been added in the sample to further explain the available
options;
Closes gh-5458
Provide a way for full auto-configuration to be disabled
programmatically. Primarily added to allow special test annotations to
take over partial auto-configuration but still load
@SpringBootApplication classes.
See gh-4901
Add a new TypeFilter specifically for excluding candidate components.
The filter is applied to `@SpringBootApplication` and allows tests to
dynamically contribute exclude filters so that specific classes of
component can be excluded.
See gh-5295
See gh-4901
Add a new @SpringBootConfiguration annotation that can be used to
indicate the primary application configuration. The new annotation is
primarily indented to allow test automatically code to find the main
configuration class.
See gh-5295
Update `@EnableTransactionManagement` so that `proxyTargetClass` is
set to true. This ensures that @Transactional beans that aren't
interface based can still be proxied.
Fixes gh-5423
This is a follow-on from the work done in 5009933. Now that SPR-14015
has been fixed, constructor injection can also be used for parameterised
dependencies, including optional dependencies that are injected via
an ObjectProvider.
Closes gh-5306
Spring Boot does not support Thymeleaf 3 yet. This commit prevents the
auto-configuration to activate if Thymeleaf 3 is available on the
classpath.
Closes gh-5371
This commit prevents the Artemis embedded mode to kick-in if the
`EmbeddedJMS` class it not in the classpath. The previous condition would
match if only `artemis-server` was on the classpath while
`artemis-jms-server` is actually required.
Closes gh-5452
This commit adds a configuration option for the webAllowOthers option
for the H2 WebServlet. It will only be added it the
spring.h2.console.webAllowOthers is set to true, else it will be
ignored.
Closes gh-5416
The properties exposed by the ActiveMQ pooled connection factory are
quite specific and I felt it was arbitrary to expose some and not others.
However, the number of connections and the timeouts seem the most useful
so they have been kept and a `configuration` nested namespace can be
used to configure any additional settings.
The core properties have been renamed to be less "raw" and more compliant
with the structure of other properties. The documentation on fields has
also been aligned.
Closes gh-5372
This commit updates the cache auto-configuration to provide a
`CouchbaseCacheManager` if a `Bucket` has been configured.
The global customizer infrastructure allows to further tune the cache
manager if necessary.
Closes gh-5176
This commit updates various auto-configuration to use
`@ConditionalOnSingleCandidate` rather than assuming that at most one
bean of a given type will be available.
Closes gh-2784
This commit separates the basic setup of Couchbase from Spring Data so
that a `Bucket` and `Cluster` bucket beans are exposed even if Spring
Data is not available.
A basic setup happens if `spring.couchbase.bootstrap-hosts` is specified,
configuring the `default` bucket with no authentication unless specified
otherwise.
If Spring Data is available, those beans are re-used by default to
configure the `CouchbaseTemplate` and other repository-related beans.
Closes gh-5347
This commit updates the Maven plugin to generate a
`META-INF/boot/build.properties` file with various build-specific
settings (group, artifact, name, version and build time). Additionally,
the plugin can be configured to write an arbitrary number of additional
properties.
A new `BuildProperties` bean is automatically exposed when such a file is
present. If that bean is present, an `InfoContributor` is automatically
created to expose that information under the `build` key.
As for the git contributor, it is possible to only display the core
settings or everything using the `management.info.build.mode` property.
See gh-2559
Rather than exposing a raw String with the epoch time, GitProperties
now exposes the actual `java.util.Date`. `InfoProperties` has been
improved to return such data type when the raw value is an epoch time.
This commit polish the new info contributor infrastructure by migrating
`GitInfo` to `GitProperties`. `InfoProperties` provides an abstraction
that exposes unstructured data in an immutable way.
The `GitInfoContributor` now accepts a "mode" that determines if all data
should be exposed or only a sub-set of known keys.
Closes gh-2644
Add a `@JsonComponent` annotation that can be used to indicate that a
Bean is a JsonSerializer and/or JsonDeserializer that should be
registered with Jackson.
Support is provide via a new `JsonComponentModule` which is
auto-configured in `JacksonAutoConfiguration`.
Also add `JsonObjectSerializer` and `JsonObjectDeserializer` classes
which provided as a convenient base for serializers that work with
Objects.
Fixes gh-3898
Support for Velocity has been deprecated in Spring Framework 4.3 with
the plan being to remove it in 5.0. This commit deprecates Spring
Boot's support in 1.4, with the plan being to remove it in 2.0.
Closes gh-5276
Previously, if Couchbase was available on the classpath but not
configured, Spring Boot would attempt to scan the project for
repositories anyway.
This commit makes sure that it only happens if an infrastructure
bean required is present. The tests have also been rewritten to better
reflect what would happen in practice.
Closes gh-5349
This commit updates `GitInfo` to use a proper `java.util.Date` rather
than a raw String. Because the Maven and Gradle plugin do not agree on a
format, `ProjectInfoAutoConfiguration` now registers a `Converter` that
is taking care of translating the raw `String` to a `Date`.
See gh-2484
This commit updates "simple" configuration classes to use constructor
injection. Simple means that there are no optional dependencies
(@Autowired(required=false) is not used), and none of the dependencies
use generics.
Configuration classes that are not simple will be updated in a second
pass once https://jira.spring.io/browse/SPR-14015 has been fixed.
See gh-5306
This commit moves `GitInfo` to a general "project info" area that will be
further improved with others project related information.
Deprecate `spring.git.properties` in favour of `spring.info.git.location`
Closes gh-2484
If a `MessageConverter` bean is available, we now associate it to the
created `RabbitTemplate` and `RabbitListenerContainerFactory`. That way,
registering a custom `MessageConverter` is all that's needed.
The Rabbit auto-configuration is now using the new `ObjectProvider` that
offers a nicer API to detect if a primary candidate is available for
optional collaborators.
Closes gh-5088
If a `MessageConverter` bean is available, we now associate it to the
created `JmsTemplate` and `JmsListenerContainerFactory`. That way,
registering a custom `MessageConverter` is all that's needed.
The JMS auto-configuration is now using the new `ObjectProvider` that
offers a nicer API to detect if a primary candidate is available for
optional collaborators.
Closes gh-4282
Previously, if a bean of type `CacheResolver` was present in the context
the whole cache auto-configuration would back off. If said
`CacheResolver` hasn't been defined via the `CachingConfigurer`
infrastructure, the application context would fail with a rather
unpleasant error message.
It can be quite common to define custom `CacheResolver` beans as the cache
annotations allow to defines custom cache resolvers per operation. This
commit makes sure that the cache auto-configuration will back-off only if
the `CacheResolver` is named `cacheResolver`.
Closes gh-5201
If a JCache provider is started with hazelcast and the default settings,
the underlying `HazelcastInstance` is disposed at the end of the
process, not when the `CacheManager` is closed.
This commit fixes the only test that use such setup.
See also https://github.com/hazelcast/hazelcast/issues/7606
Closes gh-5209
An overhaul of the `RedisCacheManager` is expected in Hopper (to be
consumed by Spring Boot 1.4). One of those changes is to make sure every
key have a decent prefix by default.
This commit enables the use of prefix as it is disabled by default.
Closes gh-5175
This commit allows to customize the auto-configured `CacheManager` by
exposing a bean of type `CacheManagerCustomizer`. The implementation may
reference the type of a `CacheManager` to determine in which case it has
to be invoked.
Several implementations can be provided and ordered using the regular
`Ordered` interface and `@Order` annotation.
Closes gh-5039
Rework commit b726974 to avoid exposing setters that would permit anyone
to change Spring Boot's defaults. Also, since these are configurers of a
specific instance, they should be named accordingly.
Closes gh-5138
There's a long cycle when Spring Data REST, Data JPA and Actuator
are used in an app that retrieves its DataSource from JNDI. The cycle
is:
- WebMvcAutoConfiguration
- HttpMessageConverters
- MappingJackson2HttpMessageConverter (needs an ObjectMapper)
- SpringBootRepositoryRestMvcConfiguration
- ObjectMapper
- RepositoryResourceMappings (part of a custom Jackson module)
- Repositories
- EntityManagerFactory (Triggered by application's Spring Data JPA repository)
- HibernateJpaAutoConfiguration
- JndiDataSourceAutoConfiguration
- MBeanExporter (Used to prevent export of DataSource MBean that's already in JMX)
- EndpointMBeanExportAutoConfiguration
- ObjectMapper (Used to format JSON produced by the exported endpoints)
Spring Data Rest caused the ObjectMapper to depend on JPA. JPA depends
on the DataSource. JnidDataSourceAutoConfiguration depends on the
MBeanExporter. Actuator's MBeanExporter requires an ObjectMapper to
produce JSON strings.
This commit breaks the cycle by making JndiDataSourceAutoConfiguration
access the MBeanExporter lazily. Rather than using `@Lazy`. which does
not work with `@Autowired(required=false)`, the application context
is injected and the MBeanExporter is retrieved manually when it is
needed.
Closes gh-4980
Spring Boot supports the automatic configuration of an additional
HazelcastInstance if one already exists and an explicit property has been
set to use a different configuration for caching. So three cases are
supported really: no `HazelcastInstance` exists so we need to create one
anyway or an `HazelcastInstance` already exists; in that latter case, we
should either reuse it or create a new one.
Unfortunately, the conditions that checked those three use cases were
not ordered consistently and we could easily get in a situation where
both conditions were evaluated.
This commit makes sure that we first check if an `HazelcastInstance`
exists and then (and only then) we create the missing `HazelcastInstance`
used for caching. The tests have also been improved to validate the
proper `HazelcastInstance` is used for caching.
Closes gh-5181
We rarely use the same configuration in multiple test classes, but
Spring’s Test framework caches each context by default. For projects
with large numbers of integration tests, this can lead to tens of
contexts being cached. This increases memory usage, live thread count,
etc for no benefit.
This commit adds @DirtiesContext to the integration tests in
spring-boot, spring-boot-autoconfigure, and spring-boot-actuator so
that the context is closed once the test class has completed.
See gh-5141
Introduce configuration options for "spring.redis.cluster.nodes" and
"spring.redis.cluster.max-redirects". Properties such as "timeout" and
others remain available via "spring.redis.timeout" and do not have to be
configured on the cluster itself.
See gh-5128
This commit adds a new key that configures a GzipResourceResolver
in the resource handling chain.
Configuring an application with the following will add that resolver,
which checks for gzipped resources in the configured locations:
```
spring.resources.chain.gzipped=true
```
This means that if a resource "style.css" is requested, the
GzipResourceResolver will look for resources named "style.css.gz", which
should be a gzipped variant of the "style.css" file. Note that this
resolver only checks for variants if the client supports the "gzip"
encoding, as defined in the "Accept-Encoding" HTTP request headers.
Fixes#4683
Previously, both Atomikos and Bitronix were bound on the `spring.jta`
namespace which makes very hard to figure out which property belong to
which implementation. Besides, `AtomikosProperties` only exposed public
setter which does not generate any useful meta-data.
This commit moves the external configuration for Atomikos and Bitronix to
`spring.jta.atomikos.properties` and `spring.jta.bitronix.properties`
respectively. It also improves the meta-data support for those two
namespaces.
Closes gh-5165
Spring Data Couchbase 2.0 sets the default consistency to "update-after"
which is good for performance reason but can be quite confusing. Since
the team has decided to switch to "read-your-own-writes" in 2.1, Spring
Boot already offers the improved default right now.
This commit exposes an additional property that can be used to change
the Couchbase's default consistency.
Closes gh-5159
Expose an `auto-index` property that controls if views and indexes
should be created automatically.
Update the sample so that it uses this new property, lowering the manual
steps to make it working on a vanilla couchbase server.
See gh-3498
Previously, if one wants to create a custom `JmsListenerContainerFactory`
or `RabbitListenerContainerFactory`, a bunch of code from the auto-
configuration must be duplicated.
This commit introduces two services to configure such factory for JMS
and AMQP with the same sensible defaults that were applied by the
auto-configufrations.
Closes gh-5138
Previously, WebSocketMessagingAutoConfiguration added a single
additional converter. This was a MappingJackson2MessageConverter
configured with the auto-configured ObjectMapper.
AbstractMessageBrokerConfiguration places additional converters before
any of the default converters. This meant that the auto-configuration
had the unwanted side-effect of changing the ordering of the
converters. A MappingJackson2MessageConverter was now first in the
list, whereas, by default, it's last in the list after a
StringMessageConverter and a ByteArrayMessageConverter.
This commit updates WebSocketMessagingAutoConfiguration so that it
switches off the registration of the default converters and registers
a StringMessageConverter, ByteArrayMessageConverter and
MappingJackson2MessageConverter in that order. A test has been
added to verify that the types of these three converters match
the types of the default converters. A second test that verifies
that String responses are converted correctly has also been added
alongside the existing test that verified the behaviour for JSON
responses.
Closes gh-5123
Hikari and Commons DBCP2 are already validating that the connection is
valid before borrowing it from the pool. This commit makes that behaviour
consistent by enabling that feature for the Tomcat and Commons DBCP data
sources.
Since a validation query is required in those cases, the infrastructure
of `DataSourceHealthIndicator` has been merged in a single place: the
`DatabaseDriver` enum provides not only the driver class names but also
the validation query, if any.
Closes gh-4906
DriverClassNameProvider is unused but was probably restored by a merge
commit at some point. It wasn't obvious and updated that class rather
than `DatabaseDriver`.
This commit updates `DatabaseDriver` and deletes
`DriverClassNameProvider`.
Closes gh-5076
Update DataSourceAutoConfiguration so that pooled datasource
configurations are only loaded via an @Import. If left as nested
classes, the load order is JVM specific and can result in the wrong
configuration being loaded.
Closes gh-2183
Previously, Spring Boot mapped both `DataSourceProperties` and the actual
`DataSource` implementation to the same prefix. This results in a huge
amount of keys in the `spring.datasource` namespace with no way to
identify those that are valid for the pooled data source in use.
This commit maps the four pooled data sources we support in four isolated
namespace, keeping `spring.datasource` only for the common settings.
These are `spring.datasource.tomcat`, `spring.datasource.hikari`,
`spring.datasource.dbcp` and `spring.datasource.dbcp2` for the Tomcat,
Hikari, Commons DBCP and Commons DBCP2 implementations respectively.
Closes gh-2183
Add SharedMetadataReaderFactoryContextInitializer to ensure that a
shared caching MetadataReaderFactory is used between configuration
classes and auto-configure sorting.
Fixes gh-4993
The `DataSource` auto-configuration in Spring Boot supports two modes:
regular pooled DataSource and embedded database (via the
`EmbeddedDatabase` infrastructure provided by `spring-jdbc`. These were
previously named `NonEmbedded` and `Embedded` respectively.
This commit clarifies those mode and in particular that a pooled
`DataSource` can also handle an embedded database.
Closes gh-4634
Update `ResourceBundleCondition` to only enable the messages source
if `messages.properties` (and not `messages*.properties`) exists. This
operation is much faster that performing a pattern match since a full
jar entry scan is not required.
Since adding `messages.properties` is good practice and this change
allows us to delete the custom `PathMatchingResourcePatternResolver`
it seems like a fine compromise to make.
Fixes gh-4930
See gh-4811
When a Jersey app is deployed to a standalone container, Jersey’s
ServletContainerInitializer will run and register a servlet for a class
annotated with @ApplicationPath. If Jersey’s ServletContainerInitializer
runs before Spring’s, this servlet will take precedence over the
servlet registered by JerseyAutoConfiguration and will therefore not be
configured with any init parameters specified using spring.jersey.init
For the case where Jersey’s SCI runs first, this commit updates
JerseyAutoConfiguration to examine the servlet context for an existing
registration of Jersey’s servlet (Jersey names the registration using
the fully-qualified name of the ResourceConfig subclass). If a
registration is found its init parameters are configured using the
configuration provided by spring.jersey.init.
For the case where Spring’s SCI runs first, this commit updates
JerseyAutoConfiguration so that it names its registration using the
fully-qualified name of the ResourceConfig sub-class. This allows
Jersey’s SCI to find the existing registration rather than attempting
to configure its own.
Closes gh-2471
While Flyway's `MigrationVersion` is a String value, a simple "0" is
also a valid number. When such value is not wrapped in YAML, an integer
is injected rather than a String which leads to a failure as we can't
convert it.
This commit updates the `StringToMigrationVersionConverter` to also
supports conversion from a Number. This is a convenience for users
using YAML for configuration
Closes gh-4981
The same initializer will receive multiple ContextRefreshedEvents
when their is an application context hierarchy. This commit updates
the initializer to correctly handle multiple ContextRefreshedEvents
and only act upon the first that it receives.
See gh-4871
This commit is a continuation of the changes made in b85b608. It
addresses an additional problem when testing applications where two
contexts are refreshed in quick succession. In this scenario, it
was possible, theoretically at least, for the first context’s background preinitialization to still be in progress and creating loggers when the
second is refreshed and resets the logger context.
This commit updates BackgroundPreinitializer so that, upon receipt of
a ContextRefreshedEvent, it waits for preinitialization to have
completed. In the scenario described above, this ensures that
preinitialization has completed before the call to refresh() for the
first context returns, thereby preventing it from running in parallel
with the refresh of the second context.
Closes gh-4871
If Both Hazelcast and Hibernate are available, Spring Boot takes the
opinion that Hazelcast can be used for 2nd level caching and therefore
need to start before Hibernate.
Unfortunately, some users require Hibernate in some of their hazelcast
use case so the link is actually reversed. One way for such user is to
disable the auto-configuration that deals with this link. This class is
now public so that users can locate them and exclude them if necessary.
Closes gh-4960
Previously, BackgroundPreinitializer would kick off preinitialization
on a separate thread in response to an ApplicationStartedEvent. This
work would then race with the logging system being set up in response
to an ApplicationEnvironmentPreparedEvent. When Logback’s being used
this race is problematic. As part of Logback’s setup,
LoggerContext.stop() is called. This calls LoggerContext.reset() which
can fail with a ConcurrentModificationException if another thread tries
to create a Logger at the same time. This is a known bug in Logback [1].
This commit updates BackgroundPreinitializer to respond to
an ApplicationEnvironmentPreparedEvent and to order itself so that it’s
called after LoggingApplicationListener has responded to the same event
by initializing the logging system.
Closes gh-4871
[1] http://jira.qos.ch/browse/LOGBACK-397
Mongo’s 2.x driver allowed the credentials list to be null, however
the 3.x driver requires an empty list instead. The behaviour of the 2.x
driver is the same whether the client is created with a null credential
list or an empty credential list.
This commit aligns with the requirements of the 3.x driver by ensuring
that we never pass in a null credential list when creating the client.
Closes gh-4076
Webjars locator is a good hint that the resource chain should be
enabled. The sole presence of the library now enables the resource chain
unless the configuration states otherwise.
Closes gh-4403
Previously, MustacheViewResolver would create an InputStreamReader
that wraps the template Resource's InputStream but would fail to close
the Reader. When the InputStream was a FileInputStream, this caused
the resolver to leak file handles.
This commit updates the resolver to close the Reader once the Template
has been compiled, thereby allowing any underlying resources to be
cleaned up immediately, rather than having to wait for the JVM to exit.
Closes gh-4921
This commit completes the changes to consistently used static final
fields for Log instances that were started in ec2f33f9. Specifically it:
- Removes this. when accessing logger fields that are now static
- Renames some fields from log to logger
- Makes some logger fields static
See gh-4784
SecurityFilterAutoConfiguration uses SecurityProperties which uses
SessionCreationPolicy from spring-security-config. This commit makes
SecurityFilterAutoConfiguration conditional on SessionCreationPolicy,
thereby preventing a startup failure if spring-security-web is on the
classpath but spring-security-config is not.
Closes gh-4919
Issue #4533 was supposed to make BasicBatchConfigurer public again but
unfortunately only the class visibility was changed. This commit makes
sure it can be overridden.
Closes gh-4888
Ensure that Collections.isEmpty() is used to check if there are no
elements in a collections. This is more explicit and can be faster than
calling .size().
Closes gh-4783
Spring Data’s web support includes a handler method argument resolver,
ProxyingHandlerMethodArgumentResolver, that inaccurately claims that it
can handle all interface handler method arguments. This causes problems
for handler methods that take Spring Mobile’s Device as an argument as
the proxied Device instance does not behave correctly.
This commit works around the problem by assigning an order to the
WebMvcConfigurerAdapter that registers Spring Mobile’s argument resolver
with Spring MVC. This ordering ensures that Spring Mobile’s resolver
takes precedence over Spring Data’s for Device arguments.
Closes gh-4163
Extend ElasticsearchDataAutoConfiguration to also configure an
ElasticsearchConverter and SimpleElasticsearchMappingContext both
of which are required for Spring Data REST.
Closes gh-3847
Google App Engine probits the creation of new threads. This leads to a
failure in BackgroundPreinitializer when the single thread executor
attempts to create its single thread.
This commit enhances the existing fail safety of
BackgroundPreinitializer by catching any exceptions thrown while
creating the executor and submitting the tasks to it. Any initialisation
that has not performed in the background will be performed in the
foreground instead.
Closes gh-4662
Previously, ActiveMQ's pooled connection factory was not closed as
part of the application context being closed. This would leave
non-daemon threads running which could cause shutdown to hang unless
the JVM itself was shutting down (in which case a shutdown hook would
stop the pool).
This commit configures each pooled connection factory bean with a
custom destroy method so that the pool is stopped as part of the
application context being closed. To allow the destroy method to only
be declared when the connection factory is pooled, the bean method
has been split into two; one for pooled and one for non-pooled. This
is a partial backport of the changes made in bedf2edf.
Closes gh-4748
Add a `server.server-header` property which can be used to override the
`server` header usually sent back automatically by Tomcat/Jetty or
Undertow.
See https://www.owasp.org/index.php/Securing_tomcat for background.
Fixes gh-4461
Closes gh-4504
In bedf2edf, the return type of the auto-configuration method that
creates batch's ExitCodeGenerator was changed from ExitCodeGenerator
to JobExecutionExitCodeGenerator but the on missing bean condition
was left unchanged. This means that the auto-configured bean can
only be switched off by a JobExecutionExitCodeGenerator bean, rather
than any bean that implements ExitCodeGenerator.
This commit corrects the use of @ConditionalOnMissingBean to allow any
ExitCodeGenerator bean to switch off the auto-configured one.
Closes gh-4752
Previously, BasicErrorController would return the response status
set in the javax.servlet.error.status_code request attribute when
serving JSON but would also return a 200 OK response when serving
HTML. This didn’t cause much trouble when a person was browsing, but
proved problematic for machine clients that request text/html and care
about the response status. For example, the success handler would be
driven for an XHR request even though the response was really an error.
This commit updates BasicErrorController to set the response status for
text/html responses to match the status that it would use in an
application/json response.
Closes gh-4694
Previously, the auto-configuration for embedded Mongo did not specify
a bind IP so Mongo was started without one. This would lead to Mongo
binding to all available network interfaces. This caused some friction
with the Windows firewall as it would ask for permission every time
embedded Mongo was launched.
This commit updates the auto-configuration to use
spring.data.mongodb.host to configure the bind IP for embedded Mongo.
If spring.data.mongodb.host is null, the auto-configuration will use
the loopback address instead.
Closes gh-4630
Previously, disabling SecurityAutoConfiguration could cause
SecurityFilterAutoConfiguration to fail if Spring Security’s filter
chain bean existing in the context. SecurityFilterAutoConfiguration
relies on SecurityProperties which is created by
SecurityAutoConfiguration. When SecurityAutoConfiguration is disabled,
there’s no SecurityProperties bean so SecurityFilterAutoConfiguration
would fail due to the missing dependency.
This commit updates SecurityFilterAutoConfiguration to create a
SecurityProperties bean if one does not already exist.
Closes gh-4525
A dependency on the Servlet API (the filter's dispatcher types) causes
a failure when Spring Security is used in a non-web application.
This commit removes the dependency on javax.servlet.DispatcherType
in favour of using a Set of Strings. SecurityFilterAutoConfiguration,
which is only enabled for web applications, is the responsible for
converting each String to a DispatcherType.
Closes gh-4505
This commit adds a new property, security.filter-dispatcher-types
that can be used to configure the dispatcher types of Spring
Security's filter chain. The default remains unchanged.
Closes gh-4505
Previously, JerseyAutoConfiguration was a WebApplicationInitializer.
This was problematic as auto-configuration classes should not be ordered
(they should use AutoConfigureBefore etc instead) but the web
application initializer needs to be ordered so that it can run early and
configure Jersey before it runs.
This commit has moved the WebApplicationInitializer implementation into
a separate class so that it can be ordered independently of the
auto-configuration class. Note that the new class must be public for
the servlet container (Tomcat at least) to be able to instantiate it.
Closes gh-4527
The need to set the order of ResourceServerConfiguration was
a bad assumption. The value of the order seems strange as well
(-10), and a comment explaining it makes no sense (a resource
server normally wants its filter *after* not *before* the existing
auth server filter). Removing the bean post processor didn't
fail any tests.
In case there are multiple resource servers in the same context
there was also a problem that they ended up with the same order.
Previously, the `spring.datasource.name` property was ignored when Spring
Boot configures an embedded data source with a connection pool.
`EmbeddedDatabaseConnection` is now aligned to the purely embedded case
to take that property into account.
Closes gh-4586
The SsoSecurityConfigurer that gets added when a user has a custom
WebSecurityConfigurer with @EnableOAuth2Sso is quite opinionated, and
this is preventing users from custimizing the exception handling in the
customized UI security. This change makes it less opinionated, using
request matchers to configure the default instead of ovewriting the
single authentication entry point.
Also adds an entry point responding with a 401 for XHR clients (just like
the vanilla HTTP Basic auth).
Fixes gh-4629
Add a `spring.mvc.static-path-pattern` property which can be used to
configure the path pattern used to serve static resources.
Fixes gh-4444
Closes gh-4448
Update MongoProperties to use `MongoCredential.createCredential` rather
than `MongoCredential.createMongoCRCredential`. This allows connections
to Mongo 3.0 servers to authenticate using the SCRAM-SHA-1 mechanism.
Closes gh-4237
Make sure that the general Hazelcast auto-configuration is processed
before the cache auto-configuration. This was supposed to be fixed and
tested in 721b5a2 but unfortunately the `@AutoConfigureAfter` annotation
was placed on a regular `@Configuration` class (which has no effect).
The tests were passing because the ordering is actually hardcoded in the
test. The relevant tests now use `ImportAutoConfiguration` that simulates
the same order as the one use by the actual application.
Closes gh-4389
Commit 8e0a94f introduced a post processor that adds an explicit link
between the `HazelcastInstance` and the `EntityManagerFactory` so that
Hazelcast is fully initialized before Hibernate actually kicks in.
Unfortunately, the conditions that were implemented to register this post
processor are wrong and any app that has both JPA and Hazelcast support
blows up if no bean with name `hazelcastInstance` is defined.
This commit fixes the situation and reworks the configuration in a
separate auto-configuration that runs after the Hazelcast and JPA support
and check both the presence of an `EntityManagerFactory` and a bean of
name `hazelcastInstance`. If any of those conditions does not apply the
post processor is no longer registered.
Closes gh-4158
Add a BackgroundPreinitializer to trigger early initialization in a
background thread of time consuming tasks. By moving certain
initialization tasks to background thread and triggering them early
we can improve the critical path when the application starts. For
example, Tomcat's MBeanFactory class parses several XML files when
first loaded. If we trigger the load in a background thread it completes
before Tomcat actually needs to use it.
The initial set of initializers included with this commit are:
- Tomcat MBeanFactory
- javax.validation
- Spring's AllEncompassingFormHttpMessageConverter
See gh-4252
Allows users to configure "allowed" file extensions for controller
mappings, so that browsers will not switch to downloading "f.txt"
(part of the recent RFD attack fixes in Spring MVC).
See gh-4220
We can expect that occasionally a user clicks on a login link when
the token is expired. If the UserInfoTokenServices tries to
authenticate the user at that point, it can retain the option to
refresh the expired token if we preserve the state. Since the
state is in session scope all we need to do is to check that the
token that is being checked has the same value as the one in the
OAuth2ClientContext and re-use the context if it is.
Fixes gh-4251
Update `EnableAutoConfigurationImportSelector` to directly use the
RelaxedDataBinder when obtaining excludes. This removes the need for
the additional getProperties method on RelaxedPropertyResolver.
See gh-4352
`spring.application.exclude` is retrieved via the
`RelaxedPropertyResolver` API explicitly and it does not have any
standard API to retrieve a list of values. As a consequence that property
could only be specified as a comma-separated value.
This felt convoluted in YAML. `RelaxedPropertyResolver` has now a
`getProperties` method that works with both comma-separated value and
index elements (i.e. list).
Closes gh-4352
Previously, if security.ignored was set to none and the error controller
was disabled, there would be no paths to ignore and we would call
IgnoredRequestConfigurer.antMatchers with an empty array. While a bit
pointless, this had no effect on Spring Security’s configuration.
This behaviour has changed in the latest 4.0.3 snapshots [1]. An empty
array passed to IgnoredRequestConfigurer.antMatchers now maps to /**. As
Spring Boot configures its ignored paths with highest precedence this
means that security is now disabled for every path.
This commit updates both the management security and application
security configuration to avoid calling antMatchers with an empty
array, thereby ensuring that we don’t inadvertently ignore every path.
Even if the change to Spring Security is reverted we can keep this
change. The behaviour will remain the same and, arguably, it makes the
intent of our configuration clearer.
Closes gh-4345
[1] 8663ac4173
The PROPERTIES creator mode has the unfortunate side-effect of stopping
mixins from working. This commit updates the auto-configured module to
use the DEFAULT creator mode instead.
Closes gh-4336
Make sure that `autoApprove`, `accessTokenValiditySeconds`, and
`refreshTokenValiditySeconds` properties from the `ClientDetails`
are used
Closes gh-4306
Previously it was possible to bind a bean to the root prefix by just
adding `@EnableConfigurationProperties` with the class of said bean.
This use case is misleading and prevents any meta-data to be generated
for that object since the annotation processor reacts on the presence of
the `@ConfigurationProperties` annotation.
If a class is included in the list of configuration properties bean to
create via the `@EnableConfigurationProperties` annotation we now make
sure that the `@configurationProperties` annotation is present on it.
Closes gh-3460
We have some requirements for filter ordering:
1. The character encoding filter must go first
2. Spring Session’s filter should go early
3. RequestContextFilter should go late so that it any request wrapping
performed by other filters is reflected in the request that’s set
in the RequestContextHolder
4. Spring Security’s Filter must go after RequestContextFilter so that
any code called by Filters in Spring Security’s Filter chain can
retrieve the request from RequestContextHolder, for example
OAuth2ClientContextFilter.
See gh-4331
FacesListener in Mojarra 2.2.12 (used in Glassfish 4.1.1) is a
ServletContainerInitializer that’s annotated to handle types annotated
with javax.annotation.Resource.
OAuth2RestOperationsConfiguration.SessionScopedConfiguration is one such
class. This leads to com.sun.faces.config.DelegatingAnnotationProvider
calling getAnnotations on SessionScopedConfiguration.class. This fails
with a java.lang.ArrayStoreException due to SessionScopedConfiguration
being annotated with @ConditionalOnBean(OAuth2ClientConfiguration) and
OAuth2ClientConfiguration not being on the classpath.
DelegatingAnnotationProvider currently catches NoClassDefFoundErrors
thrown during its annotation processing. It needs to be made more
robust so that it also copes with an ArrayStoreException, in a similar
way to how org.glassfish.apf.impl.AnnotationProcessorImpl was updated to
fix GLASSFISH-21265 [1]. I’ve opened an issue to this effect [2].
In the meantime, we can work around the brittleness in
DelegatingAnnotationProvider by restructuring
SessionScopedConfiguration. This commit moves the use of @Resource into
a nested inner class, ClientContextConfiguration, while leaving the use
of @ConditionalOnBean on SessionScopedConfiguration. This means that it
is now ClientContextConfiguration that is passed to FacesListener and
processed by DelegatingAnnotationProcessor, thereby avoiding exposing
it to the @ConditionalOnBean annotation that it does not handle
gracefully. A Glassfish-based deployment test has also been added to
verify the fix.
Closes gh-2079
Closes gh-4321
[1] https://java.net/jira/browse/GLASSFISH-21265
[2] https://java.net/jira/browse/JAVASERVERFACES-4076
Add a BeanFactoryPostProcessor to set PRESERVE_TARGET_CLASS_ATTRIBUTE
to true on all ErrorController bean definitions. Without this attribute
AOP advice on @Controllers causes ErrorController beans to be created
as JDK proxies (since they implement a single valid looking interface)
and therefore not get found by Spring MVC.
Fixes gh-4236
Provide a property to customize the application path that serves as the
base URI for a JAX-RS compliant application. If both `spring.jersey.path`
and an `@ApplicationPath` are present, the property takes precedence.
Closes gh-4201
Update WebMvcAutoConfiguration to use a RequestContextFilter instead of
a RequestContextListener.
Using a filter is required for some Spring Session operations (see
https://github.com/spring-projects/spring-session/issues/129).
This update also has the added benefit of allowing the Response to be
accessed from RequestContextHolder.getRequestAttributes() by casting it
to ServletRequestAttributes.
Fixes gh-2637
Previously, HornetQ and Artemis tests were using a test configuration
class listing the configuration classes to use explicitly in the purpose
of disabling the XA support.
This had a very unfortunate side effect for Artemis as we forgot to add
an import on the "real" configuration and this got unnoticed because of
this duplication.
It turns out that this special configuration class is no longer necessary
as XA backs off automatically anyway now. The tests have been updated
to use the regular auto-configuration and were failing with Artemis. The
import has now be added.
Closes gh-4226
Previously, no `errors` attribute is made available in the standard JSON
error document if a request body object is invalid. This is due to the
fact that the framework throws a `MethodArgumentNotValidException holding
a `BindingResult` object that was not detected.
We now make sure to extract the `BindingResult` from such exception.
Closes gh-4166
Previously, SecurityFilterAutoConfiguration would be created even if
spring-security-web was not on the classpath. This didn't cause a
failure as all of its beans were disabled. It was, however, wasteful,
as the configuration class was processed and a bean created for it
unnecessarily.
This commit makes the whole class conditional on the presence of
spring-security-web so that it will be skipped entirely when the
dependency is not available.
Closes gh-4160
Update SecurityFilterAutoConfiguration to use a DelegatingFilterProxy
filter rather directly referencing the springSecurityFilterChain bean.
Using a DelegatingFilterProxy helps to prevent early initialization of
beans and makes Spring Security work in a similar to way to if were
installed in a regular WAR deployment.
Fixes gh-4154
Spring Security 4’s default configuration will, irrespective of any
other header writers that are added, enable writers for the following
headers:
- X-Content-Type
- X-XSS-Protection
- Cache-Control
- X-Frame-Options
Previously, SecurityProperties.headers used false as the default for the
properties that enable or disable these headers but the configuration is
only applied when the properties are true. This left us with the right
default behaviour (the headers are enabled) but meant that the
properties could not be used to switch off the headers.
This commit changes the defaults for the four properties to true and
updates SpringBootWebSecurityConfiguration to only apply the
configuration when the properties are false. This leaves us with the
desired defaults while allowing users to disable one or more of the
properties by setting the relevant property to false.
Closes gh-3517
The second level cache of Hibernate can be configured with dedicated
factories that look up for the presence of a cache infrastructure. As
Hibernate shouldn't have to know about Spring, that lookup is done
against the respective proprietary APIs.
We now make sure that caching (and the general purpose Hazelcast
auto-configuration) is fully processed before JPA kicks in. In particular
an explicit `dependsOn` attribute on those beans is added when they are
processed.
Closes gh-4158
When the actuator is enabled, Spring Boot provides two `MBeanExporter`
bean definitions: a general purpose one and a dedicated one for Actuator
endpoints.
This commit flag the general purpose one `@Primary` so that component
can safely inject it by type if necessary. In particular, this fix the
doc of the `JmxMetricWriter`.
Closes gh-4007
Instead of always creating a new ElasticSearch client, we now check for
the presence of a custom bean configuration and use that if it's
available.
Closes gh-4143
Closes gh-4146
Previously, if Solr 5 was on the classpath, SolrAutoConfiguration
would fail with a rather cryptic error message due to a change in the
inheritance hierarchy of CloudSolrServer between Solr 4 and Solr 5.
This commit updates SolrAutoConfiguration to be conditional on a
class that exists in Solr 4 but was removed in Solr 5. This has the
effect of switching off the auto-configuration when Solr 5 is on
the classpath, allowing the auto-configuration report to be used to
identify why the configuration was disabled. The documentation has
also been updated to state that Spring Boot does not currently support
Solr 5.0.
Closes gh-2795
Default will extract an "authorities" key from the map coming from the
server. No existing servers I am aware of actually send that data, but
it might be helpful as a default nevertheless. User can override the
default by adding a bean of that type.
Fixes gh-3711
The latest Spring Framework 4.2.2 snapshots have reworked
EventListenerMethodProcessor so that it no longer queries a proxies
target class. Previously, when this was happening, it happened early
in the context's lifecycle when the bean's concrete type was unknown.
The led to the target class being set as the proxied interface.
With the latest 4.2.2 snapshots, the first call to
AopUtils.getTargetClass() happens in the test, by which time the
actual concrete type of the bean is known. This commit updates the
test so that its expectations match the more precise result.
ClassUtils.isPresent(String, ClassLoader) swallows all Throwables when
trying to load a class by name. For this reason
UnsupportedClassVersionError will also be swallowed when user code is
trying to use a driver library which has been compiled with a later
JDK than the one the application is running with. All the user would
see was "Cannot load driver class". This change simply propagates the
UnsupportedClassVersionNumberError so that it is easier for users to
find the root cause of the problem.
Closes gh-4082
Closes gh-4091
If a DataSource class is found in the classpath then
EmbeddedDataSourceConfiguration will not be used, so the in-memory
database will not be shutdown on application context closing.
As a result, unnecessary database initialization may cause subsequent
tests to fail, for example see [1].
[1] https://github.com/spring-projects/spring-boot/issues/1712
Previously, if an application used JPA and declared its own Flyway bean,
startup would fail. The custom Flyway bean would switch off
auto-configuration of the FlywayMigrationInitializer bean but the
context’s entity manager factory beans would still be configured to
depend on the migration initialiser.
This commit splits the post-processor that configures the dependencies
into two. One that configures the dependency on the Flyway bean and
one that configures the dependency on the FlywayMigrationInitializer
bean. When to auto-configuration of the FlywayMigrationInitializer is
switched off, the auto-configuration of the latter dependency is also
switched off.
Closes gh-4079
For reasons I don't (yet?) understand, shutting down the databases
proactively triggers a StackOverflowError in Jersey. Reverting the
change while I try to figure out what's going in.
Update all TemplateAvailabilityProvider implementations to use the
relaxed property binder. Also fix FreeMarkerTemplateAvailabilityProvider
to use `template-loader-path` rather than `path`.
Fixes gh-4085
Update the logged auto-configuration report so that each line includes
"matched", "did not match" text. This helps when looking to see if a
specific auto-configuration class was applied or not.
Fixes gh-4084
This commit updates ConditionalOnJava to remove a dependency on the
deprecated JdkVersion API from Spring Framework. In its place it now
looks for the presence of certain classes to determine the version of
Java on which its running.
Closes gh-4005
Previously `spring.velocity.charset` only controlled the output encoding
with the templates being loaded with the default encoding. We now
consistently set the same value for both the input and output encodings.
It is still possible to override it to a different value using
`spring.velocity.properties.input.encoding`
Closes gh-3994
Stephane Nicoll
Johnny Lim
Andy Wilkinson
Eddú Meléndez
Vedran Pavic
Spring Buildmaster
Phillip Webb
Brian Clozel
Kazuki Shimizu
Christoffer Sawicki
Dave Syer
Mark Paluch
Misagh Moayyed
Nasko Vasilev
Julien May
Artem Bilan
Stéphane Lagraulet
dziesio
tfeiner
Tommy Ludwig
Venil Noronha
Fabrizio Cucci
Gary Russell
Jakub Narloch
oEmbedler Inc
Sergey Pauk
Anand Shah
Yogesh Lonkar
Gytis Trikleris
Mohamed Gazal
Huang YunKun
Quinten De Swaef
Rob Baily
Michael Hunger
Marten Deinum
n27
Christoph Strobl
Patrick Bray
mnhock
Jacques-Etienne Beaudet
Kirill Vlasov
Jacob Swanson
Artur Konczak
Jean de Klerk
cornelcreanga@yahoo.com
Bohuslav Burghardt
awgtek
Kyle Lieber
Benedikt Ritter
Alexander Tokarev