The default is now SecurityProperties.ACCESS_OVERRIDE_ORDER-1
(instead of 3), and the user can set it with
security.oauth2.resource.filter-order (as opposed to being hard
coded). The filter is provided by Spring OAuth2 so this change is
a BeanPostProcessor to call a setter on that object.
Fixes gh-5072
This commit removes the automatic enabling of Redis as the Spring Session
store when it is available. This case is covered by a warning in `1.4.x`
that this commit removes as well.
Closes gh-7858
Improve support for MBeans without a backing endpoint by introducing
a `JmxEndpoint` interface. The `JmxEndpoint` is intentionally
similar in design to the `MvcEndpoint` from the `mvc` package and
allows for completely custom JMX beans that are not backed by any
real actuator `Endpoint`.
The `AuditEventsMBean` has been refactored to use the new interface and
has been renamed to `AuditEventsJmxEndpoint`.
See gh-6579
Add a `TransactionManagerCustomizer` callback interface that can be
used to customize auto-configured `PlatformTransactionManagers`.
Also update `...transaction.*` properties under a single unified
`spring.transaction...` key since the existing auto-configurations
would often share a transaction manager (the technology specific
transaction managers are `@ConditionalOnMissingBean` and may use
a manager created by a previous auto-configuration).
See gh-7561
Since the `JestClient` is auto-configured as a bean, it must have its
multi-threaded support enabled by default. This commit exposes a new
`spring.elasticsearch.jest.multi-threaded` property that is `true` by
default.
Closes gh-6806
Create a parameter `STOP_WAIT_TIME` for the startup script
that configures the time in seconds to wait for a normal
shutdown. Because of #4941 we also send a shutdown half
way the countdown.
Fixes gh-7121
This commits documents the fact that, amongst its property defaults,
devtools is disabling the HTTP cache headers when serving static
resources with Spring MVC.
Fixes gh-7516
Expose the Required-Start and Require-Stop lines in the launch script
INIT INFO section as customizable embedded launch script properties.
This way one can express dependencies fron other init services by simply
changing the configuration in the build script.
Closes gh-7555
Previously, if a user specifies a path to a schema or data DDL that does
not exist, the application will start up fine and the missing DDL would
not be reported.
This commit validates that user-defined resources actually exist and
throw a new `ResourceNotFoundException` if they don't.
Closes gh-7088
Allow support for custom Lyout implementations with both the Maven
and Gradle plugin. Implementations of `LayoutFactory` can now be
specified to allow customization of the layout. In addition a
layout may now implement `CustomLoaderLayout` if it wishes to
write custom loader classes.
See gh-7263
This commit deprecates `server.max-http-post-size` and introduces a
dedicated property for each supported container. In particular, Undertow
can now define a max size higher than 2GB.
Closes gh-7362
This commit auto-configures `MethodValidationPostProcessor` if necessary
when a JSR-303 validator implementation is detected on the classpath.
Closes gh-6228
We use some internal Mockito classes and some breaking API changes
have been made to them in Mockito 2. This commit introduces a utility
class, SpringBootMockUtil, to shield our code from these differences.
Mockito 1 is called directly and Mockito 2 is called via reflection.
To allow these changes to be tested, FilteredClassPathRunner has been
enhanced to also support overriding a dependency on the class path.
As a result it has been renamed to ModifiedClassPathRunner. The new
ClassPathOverrides annotation can be used to provide the Maven
coordinates of one or more dependencies that should be resolved and
added to the class path. Such additions are added to the start of
the class path so that they override any existing dependency that
contains the same classes.
Closes gh-6520
This commit adds an extra property to the `server.tomcat.accesslog` to
control the `reqestAttributesEnabled` flag. This flag sets request
attributes for IP address, Hostname, protocol and port used for the
request.
Closes gh-7367
Add `content-security-policy` and `content-security-policy-mode`
`security.header` properties and update auto-configuration to apply
them when specified.
Fixes gh-7373
Closes gh-7357