Rename `@ConfigurationPropertiesImport` to
`@ImportAsConfigurationPropertiesBean` and also refine the registrar
so that it can be used with type directly annotated with
`@ConfigurationProperties`.
Closes gh-23172
Update `JarFileEntries` so that the interface is obtained rather than
the concrete implementation. This allows `JarEntry` values to be used
without causing a ClassCastException.
Closes gh-19041
Update the performance improvements to push certificate loading
and storage into the `JarFileEntries` class. This allows us to
keep certificates without needing to cache all entry data. We
now also keep certificates and code signers in a dedicated class
which is set whenever the full jar stream as been read, even if
the contained values are `null`. The logic that assumes META-INF
entries are not signed has been removed in favor of delegating to
the streamed entry results.
See gh-19041
Update Spring Boot nested JarFile support to improve the performance of
signed jars. Prior to this commit, `certificates` and `codeSigners`
were read by streaming the entire jar whenever the existing values
were `null`. Unfortunately, the contract for `getCertificates` and
get `getCodeSigners` states that `null` is a valid return value. This
meant that full jar streaming would occur whenever either method was
called on an entry that had no result. The problem was further
exacerbated by the fact that entries might not be cached.
See gh-19041
Update `ValidationBindHandler` so that pushed fields that reference
map keys can be used. This fixes a regression that was introduced in
commit 4483f417 when we switched to a `AbstractBindingResult` that no
longer required public getters/setters.
Closes gh-20350
Remove casting "timestamp" to `java.util.Date` in
`ErrorMvcAutoConfiguration` as the cast is not necessary and it
prevents other types (e.g. `java.time`) from being used.
See gh-23256
Prior to this commit, Actuator would sanitize properties values when
serializing them on the dedicated endpoint. Keys like "password" or
"secret" are entirely sanitized, but other keys like "uri" or "address"
are considered as URI types and only the password part of the user info
is sanitized.
This commit fixes the sanitization process where lists of such URI types
would not match the first entries of the list since they're starting
with `'['`. This commit improves the regexp matching process to sanitize
all URIs within a collection.
The documentation is also updated to better underline the processing
difference between complete sanitization and selective sanitization for
URIs.
Fixes gh-23037
Previous to this commit the connection idle timeout and heartbeat
interval were mapped to seconds whereas Cassandra expects ms for all
duration types.
This commit fixes the mapping and removes the default duration unit
since it should be considered ms like every other duration properties.
Closes gh-23249
This commit updates the Gradle Plugin to filter dependencies based on
the Spring-Boot-Jar-Type entry in their manifest. Jars with a
Spring-Boot-Jar-Type of dependencies-starter are excluded. Unlike the
Maven plugin, jars with a type of annotation-processor are not
excluded. It is not necessary with Gradle as use of the
annotationProcessor configuration for such dependencies already ensures
that they are not included.
See gh-22036
This commit updates the Maven Plugin to filter dependencies based on
the Spring-Boot-Jar-Type entry in their manifest. Jars with a
Spring-Boot-Jar-Type of dependencies-starter or annotation-processor
are excluded.
See gh-22036
The commit also includes an upgrade to Nimbus JOSE JWT 9.0. Spring
Security requires 9.0 and it is not backwards compatible with 8.19.
Closes gh-23225
Closes gh-23242
Previously, PropertiesLauncher would close each archive that it
iterated over when creating its ClassLoader. This was not aligned
with JarLauncher's behaviour and left the ClassLoader with closed
archives. The close was introduced in [1] and became more apparent
following the change to fail operations on closed archives [2].
This commit updates Launcher to remove the close() that was added in
[1]. This aligns the behavior of PropertiesLauncher with JarLauncher
and ensures that the ClassLoader does not have entries backed by
closed archives on its classpath.
Fixes gh-23165
[1] ad72f86bdb
[2] ed7a5db174
Add repeatable `@ImportConfigurationPropertiesBean` annotation that can
be used to import types and treat them as `@ConfigurationProperties`
beans. This annotation is specifically designed to support third-party
classes that can't contain any Spring annotations.
Closes gh-23172
Prior to this commit, the `WebClientExchangeTags`, when given a request
without a string template, would only get the request path to create the
"uri" tag for metrics. This is inconsistent with the
`RestTemplateExchangeTags`, which are taking the full request URI minus
the protocol+host+port.
This commit aligns the `WebClientExchangeTags` behavior in this case.
Closes gh-22832
This commit deprecates the
`"spring.resources.chain.html-application-cache"` configuration property
and its support, since the feature has been deprecated in Spring
Framework.
The app-cache manifest feature is being removed from browsers in favor
of web workers.
Closes gh-23228
With the introduction of health indicators that only require the
CqlSession, this commit deprecates the health indicators that require
Spring Data since the latter build on top of the former.
Closes gh-23226
ReactiveDataAccessStrategy has been deprecated in Spring Data R2BC in
favor of R2dbcConverter (and StatementMapper and UpdateMapper). When
not using Boot, an R2dbcConverter bean is now defined by
AbstractR2dbcConfiguration. This commit updates
R2dbcDataAutoConfiguration to replace the definition of a
ReactiveDataAccessStrategy bean with the definition of an
R2dbcConverter bean.
See gh-23197
Prior to this commit, Spring Boot would auto-configure both
Elasticsearch variants: `RestClient` ("Low Level" client) and
`RestHighLevelClient` ("High Level" client).
Since one can be derived from the other, this would create complex and
unclear situations depending on what developers provided with their
configuration.
`RestHighLevelClient` is mostly for actual use of the Elasticsearch API,
with support for specific methods and (de)serialization. On the other
hand, `RestClient` is merely wrapping the Apache HTTP client for
load-balancing support and low level HTTP features.
This commit completely removes the support for `RestClient` in Spring
Boot and now requires the presence of the
`org.elasticsearch.client:elasticsearch-rest-high-level-client`
dependency for REST client support with Elasticsearch.
Closes gh-22358
This commit builds on top of gh-22603 and exposes data collected by the
`BufferingApplicationStartup` on a dedicated `"/startup"` Actuator
endpoint.
Closes gh-23213
As of spring-projects/spring-framework#24878, Spring Framework provides
an `ApplicationStartup` infrastructure that applications can use to
collect and track events during the application startup phase.
This commit adds a new `BufferingApplicationStartup` implementation that
buffer `StartupStep`s and tracks their execution time. Once buffered,
these steps can be pushed to an external metrics system or drained
through a web endpoint, to a file...
Closes gh-22603
This commit adds a protected method that lets an override customize the
configuration of the ClassPathScanningCandidateComponentProvider used
to scan entities.
Closes gh-23154
Update `OriginTrackedYamlLoader` to remove node limits and recursive
parsing restrictions. SnakeYAML 1.26 introduced these options in order
to protect against the "billion laugh attacks" but since we consider
`application.yml` files to be trusted, we don't need these restrictions.
Fixes gh-23096
Extend `initializeSystem` to search the exception stack for a
FileNotFoundException before reporting the error. This allows
us to provide a similar stack trace to the one that used to be
thrown when we had the `ResourceUtils.getURL` check.
See gh-22946
Remove `ResourceUtils.getURL` checking from `LoggingApplicationListener`
so that logging systems can implement custom location support.
Prior to this commit, we checked in the listener if the specified config
location could be opened as a URL. This unfortunately prevents Log4J
extensions such as `log4j-spring-cloud-config-client` from implementing
configurable SSL and credentials support.
See gh-22946
In some cases, a call to the Docker image load API will fail but
return a 200 OK response status code and an empty response. This
commit detects that the response from this call is empty and
treats this condition as an error instead of a silent failure.
Fixes gh-23130
Allow `ConfigDataLocationResolvers` to access `Origin` information for
locations so that they can be used as a parent origin of loaded items.
The `ResourceConfigData...` classes have been reworked so that loaded
`PropertySources` include the parent origin.
See gh-23018
Update the `Origin` interface to include a default `getParent()` method
which can be used to get the parent origin. The `TextResourceOrigin`
has been updated to implement the method against the source `Resource`.
A new `OriginTrackedResource` implementation allows any `Resource` to
be decorated and carry an optional `Origin`.
Ultimately this will allow us to include parent `Origin` information
on properties loaded via a `PropertySourceLoader` without needing any
changes to that interface.
See gh-23018
Update `DefaultBindConstructorProvider` so that binding to objects with
multiple constructors is allowed, as long as there is only one
non-public candidate.
Closes gh-23117
Support a `spring.config.all-locations-optional` property which can be
set to `true` if all config data locations should be considered
optional.
Closes gh-23097
Update config data processing code so that import locations are
mandatory by default. Any import request will now throw a
`ConfigDataLocationNotFoundException` if the specified import
location cannot be found. For optional imports, the user can
use the `optional:` prefix to indicate that the application should
continue to start, even if the location does not exist.
Closes gh-23032
Previous to this commit, an auto-configuration would create a
PlatformTransactionManager if none is present and others conditions are
met. Spring Framework now has the notion of TransactionManager, a parent
interface that gathers both PlatformTransactionManager and
ReactiveTransactionManager.
Spring Boot should not be in a situation where both managers are defined
out-of-the-box. This commit makes sure to back-off if any
TransactionManager is available.
Closes gh-22851
Previously to this commit, a project that has several classpath
locations matching the template path may lead to some of those
locations to be ignored if one of them is a directory. This can easily
happen if you run your tests in your IDE.
This commit changes the default of "preferFileSystemAccess" to
false so that the complete classpath is always considered.
Closes gh-23051
Allow `${..}` property placeholders to be used in `spring.config.import`
properties. Prior to this commit, placeholders were not resolved when
binding the `ConfigDataProperty` instance. Furthermore, binding happened
too early for all placeholders to be resolved correctly. The
`ConfigDataEnvironmentContributor` class now has two states for imported
contributors, `UNBOUND_IMPORT` has the initial unbound state and is
eventually replaced with a `BOUND_IMPORT`.
Closes gh-23020
Expose the `BootstrapRegisty` to both `ConfigDataLocationResolver` and
`ConfigDataLoader` implementations. The registry is exposed via the
context interfaces and may be used to reuse instances that are expensive
to create. It may also be used to ultimately register beans with the
`ApplicationContext`.
Closes gh-22956
Add a simple `BootstrapRegistry` that can be used to store and share
object instances across `EnvironmentPostProcessors`. The registry
can be injected into the constructor of any `EnvironmentPostProcessor`.
Registrations can also perform additional actions when the
`ApplicationContext` has been prepared. For example, they could register
the the bootstrap instances as beans so that they become available to
the application.
See gh-22956
This commit changes the path used to invoke lifecycle binaries in
CNB builders from `/lifecycle` to `/cnb/lifecycle` to conform to
the CNB spec. This will ensure the build plugin image-building
goals and tasks are compatible with future versions of builders
that may not support both paths.
See gh-23009
Update `BuildImageMojo` so that commons HTTP wire logging is configured
to ERROR. Without this update, running `mvn -X` will produce a great
deal of logging since by default HTTP Client logs all bytes transfered
at DEBUG and Maven will enable DEBUG for all logs.
Closes gh-22674
Update `Repackager` to ensure that `getLayout` is called before we
backup the source file. This restores earlier behavior that some
custom `ModuleFactory` implementations were relying on.
Closes gh-22995
This commit adds a check to the `layertools extract` command to
ensure that the jar file being processed is readable and has a
valid directory.
Fixes gh-22993
Create a new `JarFileWrapper` class so that we can wrap and existing
`JarFile` and offer a version that can be safely closed.
Prior to this commit, we provided wrapper functionality in the `JarFile`
class itself. Unfortunately, because we override `close` and also create
a lot of wrappers this caused memory issues when running on Java 11.
With Java 11 `java.util.zip.ZipFile` class uses `FinalizableResource`
for any implementation that overrides `close()`. This means that any
wrapper classes will not be garbage collected until the JVM finalizer
thread runs.
Closes gh-22991
Rename `CompositeMeterRegistryAutoConfiguration` to
`MeterRegistryAutoConfiguration` since it can also create non-composite
registries.
Closes gh-22988
Update metrics auto-configurations so that they are auto-configured
after `CompositeMeterRegistryAutoConfiguration` in order to ensure
the `MeterRegistry` bean has been defined.
Prior to this commit, metrics auto-configurations that depended on a
`MeterRegistry` has `@AutoConfigureAfter(MetricsAutoConfiguration.class)`
which is not sufficient since `MetricsAutoConfiguration` does not export
a `MeterRegistry`.
See gh-21134
Prior to this commit, values from MongoProperties would always
overwrite matching fields in MongoClientSettings. This commit
preserves all values in MongoClientSettings if the client app
provides the MongoClientSettings bean, and only overwrites from
MongoProperties if no MongoClientSettings bean is provided.
Fixes gh-22321
The current arrangement with Neo4j does not allow us to know for sure
that the user intends to use `@Transactional` for reactive or imperative
operations.
The main reason for that is that the only trigger for the reactive
auto-configuration is the presence of reactor on the classpath given
that the Neo4j driver ships with both styles in the same jar. And
reactor can be on the classpath for a number of reasons that are
unrelated to imperative access (typically `WebClient`).
This commits removes the auto-configuration of the
ReactiveNeo4jAutoConfiguration and makes sure that if the user defines
one, the regular `PlatformTransactionManager` backs off. This is
a temporarily situation until we can provide a better signal that the
user intends to primarily use imperative repositories.
Closes gh-22940
This commit adds a pullPolicy option to the configuration of the Maven
plugin spring-boot:build-image goal and the Gradle plugin bootBuildImage
task. The new option gives users control over pulling the builder image
and run image from a remote image registry to the local Docker daemon.
See gh-22736
This commit switches the deprecation level of several properties in the
spring.data.neo4j namespace from error and warning. The server URI and
basic authentication can be used in a deprecated fashion to configure
the new neo4j driver.
Closes gh-22653
Update `SharedMetadataReaderFactoryContextInitializer` to optionally
support a `ConfigurationClassPostProcessor` provided via an instance
`Supplier`.
If the instance supplier is available then we can use that to set the
`MetadataReaderFactory` non-reflectively, instead of using a
`PropertyValue` (and the `BeanWrapper` eventually).
The previous behavior is left as a fallback and without a change in
Spring Framework will continue to be the default for most applications.
See gh-22858
Update `SpringApplicationRunListeners` so that the step action
is optional and does not need to call `end()`.
This commit also introduces a test for the failure case showing
that there is a missed call to end with the initial solution.
See gh-22845
With the upgrade to the new Couchbase SDK and the related changes in
Spring Data Couchbase, CacheManagerCustomizer can no longer be used to
customize the Couchbase cache manager as it is an immutable class.
This commit introduces a dedicated callback for the
CouchbaseCacheManagerBuilder that is used by the auto-configuration and
update the documentation to refer to it with a sample usage.
Closes gh-22573
Previously, UrlPathHelper's full path optimization was enabled when
there was a dispatcher servlet mapped to /. The UrlPathHelper is used
across Spring MVC and if there are multiple dispatcher servlets they
all share the sample UrlPathHelper. This meant that any additional
dispatcher servlets mapping to locations other than / would not be able
to map requests correctly as the UrlPathHelper would use the full path,
ignoring the url mapping of the dispatcher servlet.
This commit updates the MVC auto-configuration so that use of the full
path is only enabled if there's a single dispatcher servlet
registration.
Fixes gh-22682
Prior to this commit, DebugAgentEnvironmentPostProcessor throws a
RuntimeException with a generic error message if its initialization
fails. The causing exception is discarded, which makes error analysis
unnecessarily difficult.
This commit attaches the cause to the newly thrown RuntimeException.
See gh-22777
Previously, the Maven plugin integration tests used a settings.xml file
that defined https://repo.spring.io/snapshot as a repository. This
allowed them to resolve snapshots of the plugin's Spring Framework
dependencies but it had the unfortunate side-effect of also allowing
them to resolve snapshots of other Spring Boot modules from Artifactory
rather than using those currently being built.
This commit replaces the repositories in settings.xml with a Gradle
task that resolves the necessary dependencies and populates a local
repository with the dependencies' jars and pom files. This is achieved
using a ComponentMetadataRule that creates a custom variant of each
dependency that includes its pom file, inspired by the example in
gradle/gradle/#11449. A configuration that extends the
runtimeClasspath configuration and select the custom variant via its
attribute is then used to resolve the jars and pom files of the runtime
classpath such that they can then be used to populate the local
repository.
Closes gh-22828
Prior to this commit, the HTTP/2 server auto-configuration for Jetty
would require Conscrypt as a hard dependency.
This commit updates the auto-configuration for more flexibility and now
allows the following deployments:
* JDK9+ with the JDK ALPN implementation
* JDK8u252+ with the backported ALPN implementation
* Conscrypt with no JDK requirement
The auto-configuration now improves detection and guides developers in
case there is a missing `jetty-alpn-*-server` dependency.
The reference docs in the HOWTO section has been updated accordingly.
Closes gh-22188
This commit removes usage of methods and classes that were previously
deprecated in RSocket and Spring Framework and have been removed.
Closes gh-22764
This commit allows the configuration of a custom `ApplicationStartup`
implementation on the `SpringApplication` and
`SpringApplicationBuilder` for collecting `StartupStep` metrics.
This also instruments Spring Boot run listeners and server-specific
application context implementations for collecting Spring Boot
application events during startup.
Closes gh-22600
Previously, the endpoints' responses could occasionally exceed
WebClient's in-memory buffer limt, for example if the threads endpoint
was reporting a large number of threads or the threads had large
stacks.
This commit disables WebClient's in-memory buffer size limit so that
the tests passing is not dependent on the size of the endpoints'
responses.
Closes gh-22743
Previously, waitsForQuietPeriod would iterate 10 times, touching a new
file and then sleeping for 100ms at it did so. With a quiet period of
200ms, this was intended to result in a single change set containing
10 files. However, the test would fail occasionally as multiple change
sets were detected. The test is multi-threaded and is, therefore, at
the mercy of the scheduler. If the thread that is iterating and
touching the files takes over 200ms to be scheduled – exceeding the
watcher's quiet period – the watcher may detect a change set while the
changes are still being made. Eliminating this possibilty would require
the test to participate in the watcher's synchronization, which would
require some changes to its implementation. Instead, this commit
aims to avoid the problem by sleeping for 1/10 of the time (10ms) and
expecting a single change set of 100 files. The hope is that the much
shorter sleep time will result in the file touching thread being
scheduled well within the 200ms quiet period.
Closes gh-22732
Prior to this commit, an entry in the environment map provided to the
build plugin image building goal or task that had a null value would
result in a failure with a message that was difficult to diagnose.
This commit treats env map entries with a null value as an empty
entry to prevent the failure and also make it easier to provide an
explicit empty entry in the Maven XML.
Fixes gh-22703
This commit adapts the auto-configuration for the new core r2dbc support
in Spring Framework and provides auto-configuration for
R2dbcEntityOperations.
Closes gh-22708
Prior to this commit, the livenessState and readinessState health
indicators would not be configured automatically and would be missing
from the "liveness" and "readiness" health groups, leading to 404s when
hitting the `/actuator/health/liveness` or `/actuator/health/readiness`.
This commit ensures that the health indicators beans have the proper
name and revisits the auto-configuration conditions to reflect that as
well.
Fixes gh-22562