Rename `max-http-post-size` to `max-http-form-post-size` for Jetty and
Tomcat to make it clearer that they only apply to POSTed form content.
See gh-18566
Previously, the documentation did not describe how to combine
multiple security components when one component's
WebSecurityConfigurerAdapter or SecurityWebFilterChain would cause
the other components' beans of the same type to back off.
This commit adds a note that such cases should be handled by the user
defining their own WebSecurityConfigurerAdapter or
SecurityWebFilterChain that configures the use of all of the
components as required.
Closes gh-18507
This commit renames the `server.jetty.idle-timeout` property to
`server.jetty.thread-idle-timeout`, since there are other timeout
properties that are not tied to the threadpool configuration (e.g. the
connection idle timeout).
We might regroup thread-related properties in a dedicated group in the
future, see gh-18620.
Fixes gh-18615
Previously, the methods were named addServerProcessors and
setServerProcessors which wasn't aligned with them taking
socket factory processors (ServerRSocketFactoryProcessor) as an
argument.
This commit renames the methods to align them more closely with the
type of their arguments.
Closes gh-18617
Prior to this commit, all supported servers would share the same
configuration property `server.connection-timeout`. Unfortunately, in
many cases the behavior of this timeout changes depending on the server.
From actual connection setup timeout, to detecting and closing idle
connections, this property cannot be properly translated from one server
implementation to another.
This commit deprecates this configuration property and introduces server
specific properties:
* `server.jetty.connection-idle-timeout`
(Time that the connection can be idle before it is closed.)
* `server.netty.connection-timeout`
(Connection timeout of the Netty channel.)
* `server.tomcat.connection-timeout`
(Amount of time the connector will wait, after accepting a connection,
for the request URI line to be presented.)
* `server.undertow.no-request-timeout`
(Amount of time a connection can sit idle without processing a request,
before it is closed by the server.)
`server.connection-timeout` is now deprecated and will be removed in a
future release.
Fixes gh-18473
Previously, a WebSecurityConfigurerAdapter would be configured
irrespective of whether or not the user had provided their own
WebSecurityConfigurerAdapter. This then required them to use ordering
to diambiguate the configuration and made it harder to take complete
control of security configuration.
This commit updates the configuration of the SAML 2 login configurer
adapter to be conditional on missing bean, aligning it with other
security configuration such as the equivalent OAuth 2 configurer
adapter.
Closes gh-18530
Previously, when a NoSuchBeanDefinitionException was being analyzed,
the possibility of a missing @ConstructorBinding annotation on a
@ConfigurationProperties class was not considered.
This commit updates the failure analysis for failed constructor
injection of an instance of a @ConfigurationProperties-annotated
class. When such a failure occurs, adding @ConstructorBinding is
now suggested as an action.
Closes gh-18545
Due to a current limitation of Spring Framework, when bean metadata
caching is disabled, a merged bean definition may have a null
resolved factory method that would have been non-null if bean metadata
caching was enabled. Configuration property binding for @Bean methods
annotated with @ConfigurationProperties relied upon the resolved
factory method being enabled to find the @ConfigurationProperties
annotation and trigger property binding. As a result, when bean
metadata caching is disabled on the bean factory, such
@ConfigurationProperties beans would not be bound.
This commit works around the limitation by adding a fallback that
performs a reflection-based search for the factory method when the
resolved factory method on the bean definition is null. This allows
the bean's factory method and any @ConfigurationProperties annotation
on it to be found, ensuring that propoerty binding is then performed.
Fixes gh-18440
This commit adds a note to spring-boot-features.adoc to clarify that
using javadoc tags to format configuration property descriptions is not
supported.
See gh-18578
The upgrade to Jackson 2.10.0 means that the possibility of getting
an incompatible combination of Woodstox and the StAX API when
building with Maven has gone. This commit removes the dependency
management as it was only added to work around the incompatibility
in Jackson's transitive dependencies.
Closes gh-18500
Update `NewRelicProperties` so that the event type sent with each
metric can be configured. An additional `boolean` property has
also been added if the previous behavior using the "meter-name"
is required.
NewRelic's own agents publish metrics to eventTypes aligned with broader
categories. To align with their recommendation the default behavior is
to publish metrics under a "SpringBootSample" category. When doing so,
additional context is provided by including "metricName" and
"metricType" attributes.
See gh-18472
Add `String` -> `File` support to the `ApplicationConversionService`
that can support both simple filename as well as file URLs.
This allows Spring Boot application to work in a similar way to vanilla
Spring applications where Spring's `FileEditor` provides similar
support.
Closes gh-16931
Update `AutoConfigureAnnotationProcessor` to no longer store
`@Configuration.value` in the meta-data JSON since we never actually
read it.
Closes gh-16608
Fix a regression caused by e41c5a43 which incorrectly allowed the
`ValueObjectBinder` to be picked when the `JavaBeanBinder` should
have been used.
Closes gh-18485
Update the configuration processor to use the newly introduced
`@ConstructorBinding` annotation to determine when meta data
should be generated from constructor parameters.
Prior to this commit, the processor had no good way to tell when
constructor parameters should be used instead of getters/setters.
Closes gh-17035
Add a bean definition post-processor that throws a better exception
if @ConstructorBinding property beans are being instantiated as
regular Spring beans.
Prior to this commit, a constructor bound properties bean would fail
with an unsatisfied dependency exception which isn't all that helpful.
Closes gh-17831
Previously, Maven's default behaviour was relied up which resulted
in the artifact ID being appended to each URL as it was inherited.
This behaviour can only be disabled in Maven 3.6 and later, a version
that we cannot use due to an incompatibility with the Flatten Plugin.
This commit works around Maven's default behaviour by defining
properties for the SCM URL, connection, and developer connection and
then explicitly defining the settings in each pom using these
properties. The explicit definition of the properties in each pom
prevents them being inherited from the parent, thereby disabling the
unwanted appending of the artifact ID to the URL.
Fixes gh-18328
Update `@ConfigurationProperties` constructor binding support to only
apply when a `@ConstructorBinding` annotation is present on either the
type or the specific constructor to use.
Prior to this commit we didn't have a good way to tell when constructor
binding should be used vs regular autowiring.
For convenience, an `@ImmutableConfigurationProperties` meta-annotation
has also been added which is composed of `@ConfigurationProperties` and
`@ConstructorBinding`.
Closes gh-18469
Update `JerseyManagementContextConfiguration` so that customizer beans
are not longer applied. The endpoint resource endpoints are now added
with a registrar bean `@PostConstruct` method.
Prior to this commit, when running the management server on a different
port a `Resource` added by a customizer could be added two different
`ResourceConfig` instance. This breaks the singleton contract expected
by Jersey.
Fixes gh-17801
Co-authored-by: Phillip Webb <pwebb@pivotal.io>
Johnny Lim
dreis2211
Phillip Webb
Rafiullah Hamedy
Stephane Nicoll
Dmytro Nosan
wycm
Leo Li
Alessandro Falappa
xiaokeliu666
Andy Wilkinson
Brian Clozel
contextshuffling
Dave Syer
Sebastien Deleuze
Ted M. Young
clove506
Michael Simons
Kant Leung
Neil Powell
Madhura Bhave
kenneth
Vedran Pavic