This commit downgrades the maven failsafe plugin version. As of 2.19, the
generated jar is used for integration tests rather than the
`target/classes` directory. The fat jar in 1.4 has changed to move
classes to `BOOT-INF/classes` and therefore these are not found anymore.
There isn't a way to configure the jar file to use in the plugin. Users
willing to use the latest version should configure a `classifier` for the
repackaged jar so that the original jar is used by failsafe.
Closes gh-6254
The upgrade to Hibernate 5.2.0.Final has provide to be too
problematic to live with. It requires Java 8, is incompatible with
a number of other projects in the Hibernate ecosystem, and it's
unclear for how long it will be maintained. We'd previously used
Hibernate 5.1.0.Final but its maintenance is also unclear with
Hibernate 5.1.1.Final being more than 3 months overdue.
This commit drops back to Hibernate 5.0.9.Final. This has a few
advantages:
- It's Java 7 compatible
- It's had some time to mature and should be reasonably free of
regressions for those moving from 4.3.x
- It's used in both Wildfly and JBoss EAP so there's a fair chance
that it will continue to be maintained.
Closes gh-6198
This commit changes the default version of Tomcat to 8.5.3 while
also retaining support for Tomcat 8.0 and 7.0. The main difference
in 8.5 is that the ServerSocketFactory abstraction that allowed the
TrustStore and KeyStore to be configured programatically no longer
exists. This logic has been replaced with the use of a custom URL
protocol (springbootssl) that provides access to the key store and
trust store of an SslStoreProvider. In addition to working with 8.5,
this approach has the advantage of also working with 8.0 and 7.0.
Closes gh-6164
Jetty 9.3 no longer has a jetty-jsap artifact and dependency
management for it was removed in ff602e6. It was inadvertently
reintroducved in b303b3f. This commit removes it again.
See gh-5290
See gh-5825
This commit adds auto-configuration support for Jest, an HTTP client for
Elasticsearch. If Jest is present, a `JestClient` targeting a local
elasticsearch instance is auto-configured. Several properties from the
`spring.jest.*` namespace allows to tune the client.
Closes gh-6032
Previously, Maven repositories definition was specified in a profile that
is active by default. It means that as soon as any profile is enabled by
the user, said profile is no longer enabled. This has the nasty
consequences of having copy/paste in several places to make sure our own
profiles still have the proper repositories definition.
This commit creates a single "repositories" profile that is always active
unless a given property is explicitely specified. This allows to remove
the duplication and make things more consistent.
Some Gradle-specific repositories were also hard-coded in two modules
without any profile at all, meaning they were polluting the build of
anybody using it. While the impacted modules are gradle specific, that
repository has been shared in the new "repositories" profile as well.
Closes gh-6031
This commit upgrades to MongoDB 3. Dependency management has been added
for the new and preferred mongodb-driver artifact. The starter has
been updated to use this new artifact rather than monogo-java-driver.
Dependency management for mongo-java-driver has been retained to avoid
causing problems for people who have declared the dependency explicitly.
The auto-configuration for Embedded Mongo has also been updated to
use 3.2.2 by default.
Closes gh-3011
Previously, dependency management was provided for artemis-jms-client
and artemis-jms-server, but none of the other Artermis modules upon
which they depend. This made it possible for a mixture of versions
to end up on the classpath.
This commit adds dependency management for all of the Artemis modules
upon which artemis-jms-client and artemis-jms-server depends. It also
adds dependency management for artermis-amqp-protocol as proposed
in gh-5818
Closes gh-5818
Closes gh-5914
This commit streamlines the Integration Starter by removing the file
http, ip, and stream modules as they are not always used by a majority
of apps that use Spring Integration and can also pull in other, unwanted
dependencies.
Additionally, a dependency on spring-integration-java-dsl has been
added. This makes it easy for users to configure Spring Integration
using Java configuration (the recommended approach), rather than via
XML. The Integration sample has been updated to use the DSL. Further
improvements could be made once the sample is using Java 8.
Closes gh-5528
Rename spring-boot-starter-webservices back to spring-boot-starter-ws.
Unfortunately the starter exists in Spring Boot 1.3 so we can't rename
it without consequence.
See gh-5711
Hibernate and Hibernate Validator depend on different versions of
Classmate (1.1 and 1.3 respectively). This can lead to build failures
when Maven's Enforcer plugin is used.
This commit adds dependency management for Classmate which ensures
that a consistent version is used and convergence errors are avoided.
Closes gh-5697
Auto-detection for Kotlin Jackson Module was added in Spring 4.3.0.RC1.
This commit provides the dependency management to handle the right
version.
Closes gh-5622
Upgrade to Hibernate 5.1, whilst still retaining compatibility with
Hibernate 4.3. This commit introduces the following changes:
* Add SpringPhysicalNamingStrategy to provides lowercase/underscore
table names support. This should be equivalent to the previous
SpringNamingStrategy that was used with Hibernate 4. No
ImplicitNamingStrategy is provided since the Hibernate 5 defaults
appear to be roughly equivalent to the conventions used in Spring
Boot 1.3
spring.jpa.hibernate.naming.
* Migrate `spring.jpa.hibernate.naming-strategy` to
`spring.jpa.hibernate.naming.strategy` and provide additional
properties for physical and implicit.
* Add `spring.jpa.hibernate.use-new-id-generator-mappings` property and
default to `false` when on Hibernate 5 to retain back compatibility.
See gh-2763
Previously, we only had dependency management for
selenium-htmlunit-driver. It depends on three other Selenium modules
for which dependency management was not provided. This means that there
was a risk that a mixture of versions would end up on the classpath.
This commit adds dependency management for the Selenium modules upon
which selenium-htmlunit-driver depends.
Closes gh-5520
While the benign exception that Gemfire outputs is unfortunate, it
isn't sufficient justification for adding dependency management for
Spring Shell.
Closes gh-5444
This commit polihes the original Neo4j contribution in several areas.
Rather than providing the packages to scan, this commit rearranges the
`EntityScan` and `EntityScanRegistrar` so that the logic can be shared
for other components. If no package is provided, scanning now defaults to
the "auto-configured" package(s) and a `@NodeEntityScan` annotation
allows to override that.
The configuration has also been updated to detect the driver based on the
`uri` property. If the embedded driver is available we use that by
default. If it is not available, we're trying to connect to a Neo4j
server running on localhost. It is possible to disable the embedded mode
or set the `uri` parameter explicitly to deviate from these defaults.
The sample no longer relies on the embedded driver for licensing reason:
rather it expects an instance running on localhost (like other
data-related samples) and gracefully ignore any connection error. A
README has been added in the sample to further explain the available
options;
Closes gh-5458
Provide variants of `WebClient` and `WebConnectionHtmlUnitDriver` that
automatically resolve relative URLs to "localhost:${local.server.port}".
Fixes gh-5472
This commit updates the cache auto-configuration to provide a
`CouchbaseCacheManager` if a `Bucket` has been configured.
The global customizer infrastructure allows to further tune the cache
manager if necessary.
Closes gh-5176
This commit separates the basic setup of Couchbase from Spring Data so
that a `Bucket` and `Cluster` bucket beans are exposed even if Spring
Data is not available.
A basic setup happens if `spring.couchbase.bootstrap-hosts` is specified,
configuring the `default` bucket with no authentication unless specified
otherwise.
If Spring Data is available, those beans are re-used by default to
configure the `CouchbaseTemplate` and other repository-related beans.
Closes gh-5347
Previously, only dependency management for logback-classic was
provided. This meant that it was possible for logback-core, upon
which logback-classic depends, to have a different version.
This commit adds dependency management for logback-core, thereby
ensuring that the two dependencies will have the same version.
Closes gh-5304
Upgrade to Jetty 9.2.15 and replace use of API that was deprecated
and changed to throw an UnsupportedOperationException in the same
release.
Closes gh-5218
Previously, the DatabaseDriver enumeration contained entries for
some databases without having dependency management for the database
driver dependency. This leads to the possibility of a user inadvertently
using the wrong version of a driver where the class names do not match
those listed in the enumeration. A further problem is that we do not
test that the class names listed in the enumeration match the
names of Driver and XADataSource implementations in the database driver.
This commit completes the database driver dependency management so that
dependency management is provided for every driver that is both listed
in DatabaseDriver and available in Maven Central. It also adds tests
for DatabaseDriver that ensures that each class that is listed exists
and implements the required interface (java.sql.Driver or
javax.sql.XADataSource).
Closes gh-4946
Add AssertJ as a managed dependency and also include it in
spring-boot-starter-test. Also provide a simple adapter class to allow
Hamcrest matchers to be used as AssertJ Conditions.
Fixes gh-5048
This reverts commit bb9e1be72c.
4.1.7.RELEASE is incompatible with Spring IO Platform 1.1.x due to a
new dependency on kryo-shaded. kryo-shaded was introduced in Kryo
3.0.x but IO Platform 1.1.x uses Kryo 2.
See gh-4719
Infinispan 8.0.2 has moved to Log4J2 for all logging, but still has a
transitive dependency on commons-logging. This resulted in
commons-logging 1.1 being on the classpath of spring-boot-docs which
breaks its javadoc generation.
Closes gh-4727
Tomcat 8.0.30 has changed to using relative URIs in its redirects
by default. To avoid any problems that this behaviour change may
causes we override the default and configure Tomcat to continue to
use absolute URIs.
Closes gh-4715
Remove 3.4.1 logger workaround (adding package to default service). See
CORE-2436 on the liquibase tracker for more details.
Closes gh-4591
Closes gh-4625
Several libraries that Spring Boot supports depend on JBoss Logging but
they use a variety of versions. This means that the actual version of
JBoss Logging that will be used depends on your build system. Gradle
will pick the latest version that’s in the dependency graph, Maven
will pick the version that’s nearest the root of the graph and, if two
dependencies are equidistant, it’ll pick the version that’s pulled in
by the dependency listed first in the pom. In short, it’s very hard to
reason about the version of JBoss Logging that you’ll actually use at
runtime.
This commit adds dependency management for JBoss Logging so that a
consistent version is used, irrespective of your build system or
dependencies.
Closes gh-4185
jersey-spring3 has a transtive dependencies on HK2’s bean-validator
module that embeds JBoss Logging, Hibernate Validator, and Classmate
without repackaging them. This makes it impossible to control the
version of those three libraries that will be used without relying on
classpath ordering.
This commit excludes the bean-validator dependency from jersey-spring3.
The Jersey starter already depends on our Validation starter which
pulls in the proper, and controllable, version of the three
dependencies listed above so users of our starters will be unaffected.
Closes gh-4186
This commit adds dependency management for Cassandra Driver’s three
modules. The version is the latest maintenance release of the minor version that’s used by Spring Data Cassandra in the Spring Data Gosling release train.
Closes gh-4167
Prior to 8.0.28 Tomcat required the key store and trust store (if any)
to be available directly on the filesystem, i.e. classpath: resources
would not work. Tomcat 8.0.28 removed this limitation.
This commit updates to Tomcat 8.0.28, updates the tests to verify
the new Tomcat capability and removes the obsolete documentation of
the restriction.
Closes gh-4048
Liquibase 3.4.0 contains a bug that causes the initialization of its
ServiceLocator to pollute its map of loggers with a DefaultLogger for
the logger named "liquibase". Liquibase 3.4.1 contains a change that
improves the situation, but does not address is completely. Creating a
CustomResolverServiceLocator, as we do, still causes the map of
loggers to be polluted due to logging that's performed in
ClassLoaderResourceAccessor.getResourcesAsStream.
The commit address the problem by upgrading to Liquibase 3.4.1 and
adding the package containing our custom logger to the default service
locator before we register our custom service locator. This ensures
that the logging that's performed during the creation of our custom
service locator will still use our custom logger.
Closes gh-3470
Closes gh-3616
Typically, a Spring Boot maintenance release would not move to a new
minor version of a dependency. However there is a security
vulnerability in Groovy [1] and 2.4.4 is the only release which
contains a fix for it.
The commit upgrades to 2.4.4, thereby ensuring that users of Groovy
are not vulnerable by default. Users of Groovy whose applications are
not affected by the vulnerability may choose to downgrade back to
2.3.11 by overriding Spring Boot's dependency management.
Closes gh-3540
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
Embedded MongoDB is now auto-configured when it is on the classpath.
The Mongo instance will listen on the port specified by the
spring.data.mongodb.port property. If this property has a value of
zero and randomly allocated port will be used. In such an event, the
MongoClient created by MongoAutoConfiguration will be automatically
configured to use the port that was allocated.
By default, MongoDB 2.6.10 will be used. This can be configured using
the spring.embedded-mongodb.version property. Mongo's sync delay
feature is enabled by default. This can be configured using the
spring.embedded-mongobd.features property.
Closes gh-2002
Add a new `spring-boot-configuration-metadata` module that provides an
API to manipulate Spring Boot configuration meta-data. Can read meta-data
from arbitrary locations, though the standard
`META-INF/spring-configuration-metadata.json` location must be preferred.
Closes gh-1970
Hazelcast introduced a regression in their dependency management as of
3.5 which brings freemarker. This has unfortunate side effect in a Spring
Boot application since the freemarker auto-configuration kicks in for no
apparent reason when hazelcast is used.
An exclusion has been applied until the issue is fixed in hazelcast.
Closes gh-3418
If spring-hateoas is on the classpath and an MvcEndpoint returns a
@ResponseBody it will be extended and wrapped into a Resource with links.
All the existing endpoints that return sensible JSON data can be extended
this way (i.e. not /logfile). The HAL browser will also be added as an
endpoint if available on the classpath. Finally, asciidocs for the
Actuator endpoints are available as a separate jar file, which if
included in an app will also generate a new (HTTP) endpoint.
Fixes gh-1390
Previously, spring-boot required org.json:json to be on the compile
classpath, but it was only there by virtue of it being a transitive
dependency of another of spring-boot’s dependency. This commit makes
it clear that spring-boot has an (optional) dependency on org.json:json
by having an explicit dependency declaration for it. Additionally, the
name of the version property and the alphabetical ordering in
spring-boot-dependencies have been corrected.
Closes gh-3290
Update `spring-boot-dependencies` to exclude `commons-logging` from
`infinispan-spring4`. The version pulled in was very old and included
a transitive dependency to `servlet-api` 2.4.
Fixes gh-3291
Add auto-configuration support for Apache Artemis which was formed when
HornetQ was donated to the Apache Foundation. The majority of this code
is based on the HornetQ auto-configuration.
Fixes gh-3154
Closes gh-3246
This commit aligns our dependency management for GemFire with the
version used by the version of Spring Data GemFire that we currently
depend upon.
Previously, some dependency management that was added (see #2884) to
work around problems with GemFire 8.0’s dependencies; specifically it
depended on different versions of org.eclipse.jdt.core.compiler:ecj and
xml-apis:xml-apis. The different dependency versions appear to no
longer be a problem with 8.1 so this dependency management is now
redundant and has been removed.
Closes gh-3284
This commit adds support for automatically configuring Spring Session.
In a web application when both Spring Session and Spring Data Redis
are on the classpath, Spring Session's Redis Http Session support
will be auto-configured. The max inactive interval for Redis-backed
sessions can be configured via the environment using the existing
server.session-timeout property.
Closes gh-2318
* Automatically spin up Authorization Server and Resource Server
* Automatically configures method level security included OAuth2Expression handler
* Wrote extensive unit tests verifying default behavior as well as the auto-configuration backing off when custom Authorization/Resource servers are included
* Created org.springframework.boot.security.oauth2 subpackage to contain it
* Can also disable either resource of authorization server completely with a single property for each
* Print out the auto-generated secrets and other settings
* Added spring-boot-sample-secure-oauth2 to provide a sample that can be run and poked with curl as well as some automated tests.
* Make users ask for which servers to install by adding @Enable*
* User has to @EnableGlobalMethodSecurity instead of using properties files
Add Spring Security OAuth2 support to Spring Boot CLI
* Triggered from either @EnableAuthorizationServer or @EnableResourceServer
* Needs to have @EnableGlobalMethodSecurity to allow picking the annotation model.
* By default, comes with import support for @PreAuthorize, @PreFilter, @PostAuthorize, and @PostFilter via a single start import
* Also need import support for the enable annotations mentioned above.
* Added extra test case and sample (oauth2.groovy)
Users that wish to override the version of Hibernate need to override
the hibernate.version property, as it’s the one used when declaring the
dependency management for Hibernate’s modules, so the
hibernate-entitymanager.version property is of little value.
Closes gh-3004
Updated to the `EmbeddedCacheManager` interface and added support for
default cache configuration.
Added dependencies management for the JCache support with tests
Fixes gh-2906, see gh-2633
Include auto-configuration support for Infinispan. It is possible
to specify the caches to create via `spring.cache.cache-names`.
Provider also allow to set configuration file via `spring.cache.config`.
See gh-2633
Without dependency management for org.apache.httpcomponents:httpcore,
it’s possible to get mismatched versions of httpcore and httpclient.
Closes gh-2941
Previously, the CLI’s dependency management used proprietary Properties
file-based metadata to configure its dependency management. Since
spring-boot-gradle-plugin’s move to using the separate dependency
management plugin the CLI was the only user of this format.
This commit updates the CLI to use Maven boms to configure its
dependency management. By default it uses the spring-boot-dependencies
bom. This configuration can be augmented and overridden using the new
@DependencyManagementBom annotation which replaces @GrabMetadata.
Closes gh-2688
Closes gh-2439
While this is a breaking change, continuing with Spring Social
Facebook 1.1.x is also broken as it is no longer compatible with
Facebook's API. Upgrading to 2.0.1.RELEASE may require some changes
to be made to users' applications, but it will allow their
applications to use the Facebook API once again.
Closes gh-2837
GemFire 8.0 depends on two different versions of xml-apis:xml-apis and
org.eclipse.jdt.core.compiler:ecj. This commit adds dependency
management for those two dependencies to address the dependency
convergence errors reported by Maven’s enforcer plugin.
GemFire 8.0 also depends on commons-logging and Spring Boot starters
should use jcl-over-slf4j instead. This commit adds an exclusion for
commons-logging
GemFire 8.0 depends (optionally) on spring-data-gemfire and
spring-data-gemfire depends on GemFire, i.e. there’s a dependency cycle
between the two projects. This commit breaks this cycle by adding an
exclusion for spring-data-gemfire to the dependency management for
com.gemstone.gemfire:gemfire.
This commit should be reverted once the problems with GemFire’s
dependencies have been addressed. See gh-2884.
Andy Wilkinson
Stephane Nicoll
Eddú Meléndez
Dave Syer
Jerome Loisel
Vladimir Tsanev
Gary Russell
Phillip Webb
Johnny Lim
Spring Buildmaster
Artem Bilan
Gytis Trikleris
Christopher Smith
John Blum
Huang YunKun
Igor Stepanov
Kazuki Shimizu
Michael Hunger
Felipe Rotilho
Marcel Overdijk
zhanhb
Jean de Klerk
Oliver Gierke
Vedran Pavic
Tommy Ludwig
Julien Dubois
Craig Andrews
Roy Clarkson
Henryk Konsek
Roy Clarkson
Onur Kağan Özcan
Andreas Ahlenstorf
dgomesbr
Mario A. Alvarez Garcia
Greg Turnquist
Davide Angelocola
Craig Walls
pasali