Since the autoconfig totally backs off in the presence
of a WebSecurityConfigurerAdapter, there is no need to
order them ahead of/after the one provided by Spring Boot.
See gh-7958
This commit makes sure that we don't import a class from the Guava
library by mistake as it provides various utility classes with similar
names as our own.
Closes gh-10089
Following the rework on Security that expects web endpoints to be
disabled by default, this commit updates the metadata (including the
automatic generation) to reflect this decision.
Previously we didn't mention that the project must have been built
locally first (to get the sources for javadoc generation for instance).
This commit clarifies that.
Closes gh-10086
Since the handler interceptors have been removed, web endpoints
are all disabled by default to prevent accidental exposure of
sensitive information.
Closes gh-7958
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.
Closes gh-7958
This commit makes sure tht `HealthIndicatorAutoConfiguration` runs after
any producers of a `ConnectionFactory` and not only ActiveMQ. This was
identified as part of #10081: `JmsAutoConfiguration` is actually the
one that isn't necessary (spring-boot-actuator has no import on the
`org.springframework.jms` and only `javax.jms.ConnectionFactory` is used
as part of the JMS health indicator.
This library is required for parsing multipart requests asynchronously
in Spring WebFlux. Framework treats this as an optional dependency, but
Boot auto-configures multipart support with Servlet by default.
Closes gh-10073
This commit creates our own version of javax.servlet.DispatcherType for
configuration purpose as we can use the other one now the servlet api
is optional.
Closes gh-9856
This commit improves the json starter to bring the core starter (as any
other starters do). `spring-web` is now also added as it contains the
Spring's core jackson support.
Closes gh-10031