Previously, OAuth2MethodSecurityConfiguration set the
PermissionEvaluator on the expression evaluator by looking in the
context for a PermissionEvaluator bean. This is unnecessary as
GlobalMethodSecurityConfiguration already does the same thing and does
so after the post-processor in OAuth2MethodSecurityConfiguration has
run. This commit removes the redundant logic and adds tests to check
that both the PermissionEvaluator and the RoleHierarchy are set use
beans in the context.
Closes gh-7979
The default is now SecurityProperties.ACCESS_OVERRIDE_ORDER-1
(instead of 3), and the user can set it with
security.oauth2.resource.filter-order (as opposed to being hard
coded). The filter is provided by Spring OAuth2 so this change is
a BeanPostProcessor to call a setter on that object.
Fixes gh-5072
Upgrade to `hibernate-validator` 5.3.4 and introduce a new
`MessageInterpolatorFactory` that creates a suitable
`MessageInterpolator` (taking into account missing EL dependencies).
Rework `ConfigurationPropertiesBindingPostProcessor` and
`ValidationAutoConfiguration` to make use of the new factory.
Fixes gh-7598
This commit removes the automatic enabling of Redis as the Spring Session
store when it is available. This case is covered by a warning in `1.4.x`
that this commit removes as well.
Closes gh-7858
Previously, property `spring.jpa.database` should be provided. This
commit allows to detect the database when `spring.datasource.url` is
provided.
Closes gh-7708
Update `ImportAutoConfigurationImportSelector` to ignore excludes for
classes that aren't loaded. Since the import classes for tests tend to
be much more limited, the exception isn't really helpful.
Closes gh-6809
Update `CacheManagerCustomizers` to deal directly with
`ClassCastException` assuming that they are because a customizer is
implemented using a lambda.
Closes gh-7788
Update `CacheManagerCustomizers` to deal directly with
`ClassCastException` assuming that they are because a customizer is
implemented using a lambda.
Closes gh-7788
Update `@ImportAutoConfiguration` with support for an exclude attribute
that works in a similar way to `@EnableAutoConfiguration`.
Also update existing `@Test...` annotation with exclude attribute
aliases.
Fixes gh-6809
Update `TransactionManagerCustomizers` to deal directly with
`ClassCastExceptions` assuming that they are because a customizer is
implemented using a lambda.
See gh-7561
Add a `TransactionManagerCustomizer` callback interface that can be
used to customize auto-configured `PlatformTransactionManagers`.
Also update `...transaction.*` properties under a single unified
`spring.transaction...` key since the existing auto-configurations
would often share a transaction manager (the technology specific
transaction managers are `@ConditionalOnMissingBean` and may use
a manager created by a previous auto-configuration).
See gh-7561
Consistently use the simple name for ObjectProvider parameter and
field names. For example:
`ObjectProvider<Something> something`
rather than
`ObjectProvider<Something> somethingProvider`
Since the `JestClient` is auto-configured as a bean, it must have its
multi-threaded support enabled by default. This commit exposes a new
`spring.elasticsearch.jest.multi-threaded` property that is `true` by
default.
Closes gh-6806
Rework cb3d14a so that the customizer operates on the Builder rather than
the Cluster. The former exposes many more options.
See gh-7320
Closes gh-7669
Update Spring Integration auto-configuration so that
`@IntegrationComponentScan` from `AutoConfigurationPackages` is
implicitly applied. Prior to this commit `@MessagingGateway` interfaces
would only get picked up if `@IntegrationComponentScan` was added
alongside with the `@SpringBootApplication`.
Fixes gh-2037
Closes gh-7718
Update Spring Integration metrics support since Spring Integration
`4.3.6`+ no longer needs `spring-integration-jmx` enable
`MessageChannel`, `MessageHandler` and `MessageSource` metrics.
- Add `IntegrationManagementConfiguration` conditional auto-configuration
to provide `@EnableIntegrationManagement` when JMX is `enabled` or there
is no `IntegrationManagementConfigurer.MANAGEMENT_CONFIGURER_NAME` bean.
By default this bean doesn't exist and you explicitly should declare it
(e.g. via `@EnableIntegrationManagement`) if you would like to collect
metrics. At the same time Spring Integration enables it when JMX
management is present (that is a purpose of that new
`IntegrationManagementConfiguration`)
- Change `SpringIntegrationMetricReader` to read metrics from the
`IntegrationManagementConfigurer`, not `IntegrationMBeanExporter`
- Change `PublicMetricsAutoConfiguration` to register
`IntegrationManagementConfigurer.MANAGEMENT_CONFIGURER_NAME` bean if
not present. Since we are here in `actuator`, therefore we are
interested in the metrics for SI as well.
- Since we don't need JMX for the metrics any more, remove SI-JMX
dependency from the `spring-boot-starter-integration`.
- Remove `IntegrationManagementConfiguration` modification from the
`integrationMbeanExporter()`, since that looks like mutation of an
external object, when end-user would prefer their own options.
Therefore we don't need `ObjectProvider<IntegrationManagementConfigurer>`, too
- Add missed `MessageSourceMetrics` gathering for the
`SpringIntegrationMetricReader`
Closes gh-7722
Update KafkaProperties since Apache Kafka `0.10.1` changed the type
for the `ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG` from the
`Long` to `Integer`.
Kafka includes the following conversion logic:
case LONG:
if (value instanceof Integer)
return ((Integer) value).longValue();
if (value instanceof Long)
return (Long) value;
else if (value instanceof String)
return Long.parseLong(trimmed);
So we remain compatible with both `0.10.0` and `0.10.1`
Closes gh-7723
By configuring security.oauth2.client.grantType=client_credentials the
user signals that (even in a web application) he doesn't want to use
the auth code grant (and hence session and request scoped beans for
client context).
This commit improves ValidationAutoConfiguration so that a `Validator`
bean is exposed if JSR 303 is available. This has the side effect of
automatically enable Spring Data Couchbase's entity validation rather
than requiring to expose a `Validator` bean.
Closes gh-5178
Previously, ValidationAutoConfiguration would configure a
MethodValidationPostProcessor if any Bean Validation 1.0 or later
implementation was available, however the underlying infrastructure
requires Bean Validation 1.1 with any implementation or
Bean Validation 1.0 with Hibernate Validator 4.3.
This caused a problem on TomEE which uses Apache BVal, and Bean
Validation 1.0 implementation. Spring Framework would identify that
Bean Validaton 1.0 was being used and then try to load Hibernate
Validator classes that are not present.
This commit fixes the problem by requiring Bean Validation 1.1 before
auto-configuring a MethodValidationPostProcessor.
Closes gh-7665
Update `SpringBootWebSecurityConfiguration` to ignore requests by
delegating to `IgnoredRequestCustomizer` beans. This allows a single
Spring Boot `WebSecurityConfigurer<WebSecurity>` bean to be used which
prevents potential exceptions caused by duplicate `@Order` values.
Fixes gh-7106
Previously, if a user specifies a path to a schema or data DDL that does
not exist, the application will start up fine and the missing DDL would
not be reported.
This commit validates that user-defined resources actually exist and
throw a new `ResourceNotFoundException` if they don't.
Closes gh-7088
Previously, if `spring.couchbase.bootstrap-hosts` was specified in YAML
or with the `[Idx]` notation, the auto-configuration would not kick in.
This is due to a limitation of `@ConditionalOnProperty` on a property of
type Collection. This commit workarounds this limitation for now with a
dedicated condition.
Closes gh-7508
Checking for the presence of a `ValidationProvider` resource is
unfortunately not enough to trigger the validation auto-configuration.
If `hibernate-validator` is added on the classpath without a `javax.el`
implementation, the former will blow up on startup. So far this was a
pilot error so we didn't have to care about it. Now that we have an
auto-configuration that may lead to this error, we need to be extra
careful and check that scenario ourselves.
This commit adds an extra condition that runs as late as possible and
attempt to actually initialize a `Validator`. If that fails for whatever
reason, the auto-configuration will now back off.
Several additional tests have been added to exercise this scenario.
Closes gh-6228
This commit deprecates `server.max-http-post-size` and introduces a
dedicated property for each supported container. In particular, Undertow
can now define a max size higher than 2GB.
Closes gh-7362
This commit auto-configures `MethodValidationPostProcessor` if necessary
when a JSR-303 validator implementation is detected on the classpath.
Closes gh-6228
If `OnBeanCondition` is used with a `String` literal representing the
fully qualified name of a bean and such type does not exist, it
gracefully manages it as if it was not found. Prior to this commit, an
exception would be thrown if any related class such as the parent
class does not exist.
This commit handles this additional case, catching `NoClassDefFoundError`
the same way it did handle `ClassNotFoundException`. That way, a
missing type will now be considered as absent if it's not on the
classpath.
Closes gh-7459
This commit reverts 7e2d0fd so that the Couchbase auto-configuration can
work without Spring Data again. It also removes the `Class` reference to
a Spring Data class to a `String` reference to make sure the condition
operates properly when said class isn't on the classpath.
Closes gh-7453
- Apply code formatting
- Move configuration of excepted exception to immediately before line
that will throw the exception
- Use String.format with %n to produce platform-specific new lines
See gh-7407
Previously, both HypermediaAutoConfiguration and HttpMessageConverters
assumed that if Spring HATEOAS was on the class path, then Jackson
would be too. When this was not the case, an application would fail
to start.
This commit updates both classes to back off appropriately when
Spring HATEOAS is on the classpath but Jackson is not.
Closes gh-7434
We use some internal Mockito classes and some breaking API changes
have been made to them in Mockito 2. This commit introduces a utility
class, SpringBootMockUtil, to shield our code from these differences.
Mockito 1 is called directly and Mockito 2 is called via reflection.
To allow these changes to be tested, FilteredClassPathRunner has been
enhanced to also support overriding a dependency on the class path.
As a result it has been renamed to ModifiedClassPathRunner. The new
ClassPathOverrides annotation can be used to provide the Maven
coordinates of one or more dependencies that should be resolved and
added to the class path. Such additions are added to the start of
the class path so that they override any existing dependency that
contains the same classes.
Closes gh-6520
This commit adds an extra property to the `server.tomcat.accesslog` to
control the `reqestAttributesEnabled` flag. This flag sets request
attributes for IP address, Hostname, protocol and port used for the
request.
Closes gh-7367
Add `content-security-policy` and `content-security-policy-mode`
`security.header` properties and update auto-configuration to apply
them when specified.
Fixes gh-7373
Closes gh-7357
Update JpaBaseConfiguration so that the persistenceUnitRootLocation is
no longer detected. The update to gh-7003 means that we can now rely on
the standard detection mechanism.
Fixes gh-6983
See gh-6635
Previously, if an auto-configuration class was (wrongly) located in a
candidate package for component scanning, the class was silently loaded
as an app configuration (i.e. with the wrong lifecycle).
This commit adds an `AutoConfigurationExcludeFilter` to
`@SpringBootApplication` so that such classes are automatically
filtered. Since they are registered in `spring.factories`, we can
silently ignore them since we know they'll be loaded later on.
Closes gh-7168
This commit improves `TomcatEmbeddedServletContainerFactory` so that tld
skip patterns can be set or added to an existing set. An additional
`server.tomcat.additional-tld-skip-patterns` is now being exposed to
easily add patterns via configuration.
Closes gh-5010
This commit improves database initializers for Spring Batch and Spring
Session by introducing `AbstractDatabaseInitializer` which eliminates
duplicated logic in existing initializers. Additionally, database
platform resolution now relies on `DatabaseDriver`.
See gh-6543
Previously, an URI and individual client attributes can be set to
configure the mongo client. In such a scenario, the URI is ignored.
This commit changes the URI to be "null" and the creation of the client
to fail if both the uri and client attributes are set. If no client
attributes are set, the uri is used as before.
Closes gh-6739
In addition, dependency management for `hazelcast-hibernate5` module has
been added, and a separate dependency version was introduced for
`hazelcast-hibernate4` module.
Closes gh-7023
This commit improves the startup error message so that it does not
reference `--debug` anymore. Such command-line switch only works when
the application is started using `java -jar`.
The error message now refers directly to a section of the documentation
that provides more details and links to more useful examples.
Closes gh-6593
This commit fixes the documentation that wrongly states that
SpringBootWebSecurityConfiguration is an auto-configuration. Rather than
excluding this class, we should exclude SecurityAutoConfiguration that
imports it.
Closes gh-6861
Change the auto-configure MongoMappingContext to use the
SimpleTypesHolder instance `Set` that's produced by a CustomConversions
bean, which we in turn now default, too.
This update is necessary as `CustomConversions` registers converters by
inspecting the classpath (to automatically detect Java 8, JodaTime etc.)
and by that rendering the types for which we find converters for as
simple ones, i.e. non-entities.
Fixes gh-6881
Closes gh-6882
This commit adds Spring Batch configuration validation that disables
database initializer in case custom table prefix is configured with
default schema.
See gh-6651
This commit adds Spring Session JDBC configuration validation that
disables database initializer in case custom table name is configured
with default schema.
See gh-6649
This commit adds a new `spring.thymeleaf.check-template` property which
is only used for Thymeleaf 3.0+.
Since thymeleaf/thymeleaf#419, the Thymeleaf template resolver
implementations can implement the `setCheckExistence` method - this
enables the template existence verification at **resolution** time,
which means the resolver can return null as a `TemplateResolution`
and let other template resolvers in the chain try.
This new property is set to `true` by default and can be disabled if the
application only has a single resolver and the template existence check
is considered as a performance penalty with the configured resolver.
Fixes gh-6500
This commit adds the `spring.http.multipart.resolve-lazily`
property, in order to configure whether the multipart request
should be resolved lazily, as the parameters are accessed.
Add a `FailureAnalyzer` that handles the case where the context does
not start because no candidate bean was found for an `InjectionPoint`.
The implementation inspects the auto-configuration report for beans
that are candidate and output the condition(s) that lead to such beans
to be discarded on startup. If a whole auto-configuration class is
disabled (or excluded), its beans are inspected and candidates are
extracted in a similar way.
This works for both injection by type and by name.
Closes gh-6612
Rework commit 4a69755b to remove the need for the ApplicationInfo class.
The updated code now uses the auto-configuration class to compute a
default persistence unit root location
Closes gh-6635
Previously, BeanTypeRegistry did not correctly determine the type
that would be created by a factory bean if that factory bean was
returned from a bean method with arguments on a configuration class
found via component scanning.
The key difference is that bean definitions for bean methods on
configuration classes found via component scanning use ASM-based
metadata rather than reflection-based metadata. The ASM-based method
data does not provide direct access to the Method that will create the
bean. In this case, BeanTypeRegistry was falling back to looking for
a method with the matching name and no arguments. Therefore, if
the bean method had any arguments it would fail to find the method
and would, therefore, be unable to determine the type of bean
produced by the factory bean.
This commit updates BeanTypeRegistry to use logic that is very similar
to Spring Framework's ConstructorResolver's
resolveFactoryMethodIfPossible method to locate the method that will
produce the factory bean. It looks for a single method with
the required name with any number of arguments. If it finds multiple
methods with the required name and different arguments it returns
null, just as ConstructorResolver does.
Closes gh-6755
Due to the layout format change in 1.4, Spring Framework is no longer
able to compute a default persistence unit root URL. If a Spring Boot 1.4
application has JPA but does not have any entity, the application started
from a fat jar now fails with a quite cryptic exception.
This commit introduces `ApplicationInfo` as a general replacement for
the `ApplicationArguments` and `Banner` singleton beans that
`SpringApplication` registers on startup. `ApplicationInfo` also defines
the detected "main" `Class` that can be used to compute a last resort
URL that makes sense.
If such bean is available, `EntityManagerFactoryBuilder` now sets the
default persistence unit root location, preventing Spring Framework to
attempt to resolve an unknown location. Note that in our case the
persistence unit root location is actually useless: given the way the
persistence unit is created, nothing actually uses it but Hibernate, as a
compliant JPA provider, has to make sure this setting is set to a valid
URL nevertheless.
Closes gh-6635
Hikari can configure both an underlying Driver or DataSource. Spring Boot
only supports the former so any attempt to trigger the creation of the
latter will lead to an exception since the auto-configuration has set
driver-specific field.
This commit adds an analyzer that intercepts such faulty scenario and
indicate that users should configure Hikari with an underlying DataSource
themselves.
Closes gh-6568
This commit marks the auto-configured `JdbcTemplate` as `Primary`. Spring
session creates its own so we could end up with two in a fully auto
configured context.
Closes gh-6717
Previously, Tomcat’s background processing was only enabled on the
context but access logging was configured on the engine. This means that
the access log valve’s background processing method was never called
and, therefore, that it wasn’t flushed periodically.
This commit moves the enablement of background processing up to the
engine, thereby ensuring that the access log is flushed periodically.
Background processing cascades down the container hierarchy so, after
this change, background processing will still be performed on the
context as well.
Closes gh-6646
We make Liquibase aware of our custom Commons Logging-based logger by
adding its package to the Liquibase ServiceLocator’s packages to scan.
Previously, this was happening too late so Liquibase may have already
initialized and cached a particular logger.
This commit moves the registration of the extra package from the
Liquibase auto-configuration to the application listener that customises
Liquibase’s ServiceLocator. This ensures that the package is added
before Liquibase is used. Unfortunately, configuring Liquibase’s
ServiceLocator and its packages to scan causes it to try to perform
some logging, resulting in it caching the wrong type of logger. We
work around this problem by resetting Liquibase’s LogFactory once we’ve
finished setting everything up.
Closes gh-6713
As of Spring Boot 1.4, IDEs are supposed to provide auto-completion for
hints and enum values. This commit removes the hard-coded copy of
allowed values for enum-based properties. This was mostly the case
already and this commit fixes the few ones remaining.
Closes gh-6654
This commit restores the support of "spring.datasource.type". If this
property is set to an unsupported `DataSource` implementation, we now
properly create it again, rather than ignoring it because its value did
not match any value we support.
Since Spring Boot 1.4 now redirects `DataSource` implementation settings
to dedicated namespaces, the documentation has been updated to explicitly
mention how one can create such arrangement for an unsupported
implementation.
As a convenience, `DataSourceProperties` can initialize a
`DataSourceBuilder` based on its internal state, making it very easy for
anyone to create a `DataSource` from a `DataSourceProperties` instance.
Closes gh-6695
This commit adds a new configuration key:
spring.http.encoding.mapping.<locale>=<charset>
This allows to specify which default charset should be used for any
given Locale, if none has been provided already in the response itself.
This applies to all supported embedded servlet containers.
Fixes gh-6453
Prior to this commit parsing addresses had an inconsistent effect on the
various properties that can be contained in an address (host, port,
username, password, and virtual host).
Three different approaches were used:
1. Return the property if no addresses were set. If there was one
address set, return the property from the address. Otherwise return
null. (host)
2. Return the property if no address were set, otherwise return the
property from the first address (port)
3. Return the property if no addresses were set, otherwise return the
property from the last address that had such property (username,
password, virtual host).
This commit aims to make the behaviour consistent. If no addresses
were set the property is returned. Otherwise the value extracted from
the first address is returned. If the first address has no such value
the property is returned.
Closes gh-6424
Previously, one SpringApplicationAdminMXBeanRegistrar was created
per context. When there was more then one context this would result
in a javax.management.InstanceAlreadyExistsException being thrown
as an attempt was made to register the MBean more than once.
This commit updates SpringApplicationAdminJmxAutoConfiguration so
that the registrar is only created when there's no such existing bean
in the context hierarchy.
Closes gh-6378
Commit 3ea84f9e1 has wrongly introduced a `@Primary` marker on
`IntegrationMBeanExporter` so any use of both Spring's JMX support
and Spring Integration's JMX support leads to an exception. This commit
makes sure to remove the unnecessary `@Primary`
Closes gh-6328
This commit makes sure to use `getAliasedStringArray` rather than
`getStringArray` as the latter does not work with ASM. While this will
probably be fixed in the core framework, this commit also adds dedicated
tests with ASM to ensure that the code works as expected.
Closes gh-6337
By default Jersey configures Jackson to use both Jackson annotations
and JAXB annotations when introspective types for (de)serialization.
However, the changes made in 5776d6a8 mean that Jersey no longer uses
its default ObjectMapper configuration and uses the auto-configured
ObjectMapper instead. This had the unwanted side-effect of leaving
Jersey with an ObjectMapper that only uses Jackson annotations and
ignores JAXB annotations.
This commit updates JerseyAutoConfiguration so that it will add the
JaxbAnnotationIntrospector to the auto-configured ObjectMapper for
both serialization and deserialization. It uses
AnnotationIntrospectorPair to ensure retain any existing
introspectors.
Closes gh-6310
This commit adds a new property, server.tomcat.redirect-context-root,
that can be used to configure the Tomcat Context’s
mapperContextRootRedirectEnabled property. The default is to not apply
any configuration and, therefore, to use Tomcat’s default of true.
Closes gh-6248
Change WebMvcAutoConfigurationAdapter.requestContextFilter() to a static
method so that the configuration class isn't needed when creating it.
This helps to prevent early initialization of beans.
See gh-6178
Previously, Spring Mobile was only supported for Thymeleaf and JSPs. This
commit improves the auto-configuration to also provide device delegating
support for Freemarker, Groovy Templates and Mustache.
Closes gh-5140
This commit makes sure that the condition that links a `MongoClient` to
the embedded mongo server kicks in only if `MongoClientFactoryBean` is
also on the classpath.
Previously, only a condition on the mongo driver existed, leading to
`ClassNotFoundException` if Spring Data MongoDB wasn't available.
See gh-6203
Previously, if an exception was resolved by a `HandlerExceptionResolver`
nothing the log indicated a failure to process the query.
This commit adds a new property `spring.mvc.log-resolved-exception` that
enables warning logs for supported `HandlerExceptionResolver` instances.
When Devtools is enabled, this flag is enabled by default.
Closes gh-2176
Add a new `@EntiyScan` annotation that's used by auto-configuration to:
* Set JPA packagesToScan.
* Set Neo4J's SessionFactory packages.
* Set the initial entity set for Spring Data MongoDB, Cassandra and
Couchbase mapping contexts.
Additionally deprecate `@org.springframework.boot.orm.jpa.EntityScan`.
See gh-6142
Move Neo4J auto-configuration from `autoconfigure.neo4j` to
`autoconfigure.data.neo4j` since it's intrinsically linked to Spring
Data.
See gh-5458
See gh-6142
The upgrade to Hibernate 5.2.0.Final has provide to be too
problematic to live with. It requires Java 8, is incompatible with
a number of other projects in the Hibernate ecosystem, and it's
unclear for how long it will be maintained. We'd previously used
Hibernate 5.1.0.Final but its maintenance is also unclear with
Hibernate 5.1.1.Final being more than 3 months overdue.
This commit drops back to Hibernate 5.0.9.Final. This has a few
advantages:
- It's Java 7 compatible
- It's had some time to mature and should be reasonably free of
regressions for those moving from 4.3.x
- It's used in both Wildfly and JBoss EAP so there's a fair chance
that it will continue to be maintained.
Closes gh-6198
Previously, when `spring.mvc.locale` was specified, that locale was used
regardless of the client's preferences. This commit adds an extra
`spring.mvc.locale-resolver` property that can control how the locale is
resolved. The default is `ACCEPT_HEADER` but can be set to `FIXED` to
restore the previous behaviour.
Closes gh-6083
This commit adds auto-configuration support for Jest, an HTTP client for
Elasticsearch. If Jest is present, a `JestClient` targeting a local
elasticsearch instance is auto-configured. Several properties from the
`spring.jest.*` namespace allows to tune the client.
Closes gh-6032