Previously, when the configuration properties annotation processor
encountered a property that was the same as an outer type that had
already been processed, it would fail with a stack overflow error.
This commit introduces the use of a stack to track the types that
have been processed. Types that have been seen before are skipped,
thereby preventing a failure from occurring. We do not fail upon
encountering a recursive type to allow metadata generation to
complete. At runtime, the recursive property will not cause a problem
if it is not bound.
Fixes gh-18365
Previously, the documentation did not provide any guidance on using
Jersey alongside Spring MVC or any other web framework.
This improves the documentation in two ways:
1. It notes that, in the presence of both Jersey and Spring MVC, the
Actuator will prefer Spring MVC for exposing HTTP endpoints.
2. It adds a how-to describing how to configure Jersey to forward
requests for which it has no handler on to the rest of the filter
chain. When Spring MVC is the other framework, this allows them to
be handled by its dispatcher servlet.
Closes gh-17523
This commit is a continuation of the work done in 987a5f81. In
addition to developers and licenses that are covered in the earlier
commit, a number of other settings are still inherited from the
starter parent. This commit updates the documentation to show them
being overridden as well.
Closes gh-18532
Previously, @EndpointFilter would only have an effect when used as
an annotation or meta-annotation on the endpoint class itself. It
would have no effect when used on a super-class of the endpoint
bean's class.
This commit updates EndpointDiscoverer so that an @EndpointFilter
annotation or meta-annotation on a super-class will be found and
applied to the discovery process. This is achieved by using find…
rather than get… when retrieving the attributes for the EndpointFilter
annotation.
Fixes gh-17866
Previously, AbstractDependsOnBeanFactoryPostProcessor was unordered
which meant that it was impossible to guarantee that another bean
factory post-processor would run after it. This prevented overriding
of the dependsOn relationships that is creates.
This commit updates AbstractDependsOnBeanFactoryPostProcessor to give
it a default order of zero. This will allow additional bean factory
post-processors to be configured with a lower precedence order (values
greater than 0) so that they run after any
AbstractDependsOnBeanFactoryPostProcessor and can override the
dependencies that it has configured.
Fixes gh-18362
Publishing to Maven Central requires spring-boot-starter-parent to
declare its license and developers. When a user then uses
spring-boot-starter-parent as their project's parent, these values
are inherited and this is almost certainly unwanted.
This commit updates the documentation to recommend and demonstrate
overriding the license and developers that are inherited from the
starter parent.
Closes gh-18532
Previously, the security risks and our recommendations on how to
mitigate them were not documented as clearly as they could have been.
This commit makes some changes to try to address this:
1. The security risk is now noted at the beginning of the section
2. The recommendation to use SSL is now documented more prominently
and an alternative recommendation to only use remote support on
a trusted network has been added.
3. The example secret has been removed to prevent copy and paste
4. A recommendation to use a secret that is unique and strong has been
added
Closes gh-18825
Previously, if a bean definition had no resource description, the
failure analysis description would state that the been had been
defined in null which was of no use to the user.
This commit updates the failure analysis to omit information about
where the bean was definied when the definition has no resource
description.
Fixes gh-18721
Rename `max-http-post-size` to `max-http-form-post-size` for Jetty and
Tomcat to make it clearer that they only apply to POSTed form content.
See gh-18566
Prior to this commit, all supported servers would share the same
configuration property `server.connection-timeout`. Unfortunately, in
many cases the behavior of this timeout changes depending on the server.
From actual connection setup timeout, to detecting and closing idle
connections, this property cannot be properly translated from one server
implementation to another.
This commit deprecates this configuration property and introduces server
specific properties:
* `server.jetty.connection-idle-timeout`
(Time that the connection can be idle before it is closed.)
* `server.netty.connection-timeout`
(Connection timeout of the Netty channel.)
* `server.tomcat.connection-timeout`
(Amount of time the connector will wait, after accepting a connection,
for the request URI line to be presented.)
* `server.undertow.no-request-timeout`
(Amount of time a connection can sit idle without processing a request,
before it is closed by the server.)
`server.connection-timeout` is now deprecated and will be removed in a
future release.
Fixes gh-18473
This commit adds a note to spring-boot-features.adoc to clarify that
using javadoc tags to format configuration property descriptions is not
supported.
See gh-18578
Previously, Maven's default behaviour was relied up which resulted
in the artifact ID being appended to each URL as it was inherited.
This behaviour can only be disabled in Maven 3.6 and later, a version
that we cannot use due to an incompatibility with the Flatten Plugin.
This commit works around Maven's default behaviour by defining
properties for the SCM URL, connection, and developer connection and
then explicitly defining the settings in each pom using these
properties. The explicit definition of the properties in each pom
prevents them being inherited from the parent, thereby disabling the
unwanted appending of the artifact ID to the URL.
Fixes gh-18328
Update `JerseyManagementContextConfiguration` so that customizer beans
are not longer applied. The endpoint resource endpoints are now added
with a registrar bean `@PostConstruct` method.
Prior to this commit, when running the management server on a different
port a `Resource` added by a customizer could be added two different
`ResourceConfig` instance. This breaks the singleton contract expected
by Jersey.
Fixes gh-17801
Co-authored-by: Phillip Webb <pwebb@pivotal.io>
Extract reactor specific code to an inner class to protect
against ClassNotFound exceptions if reactor is not in use.
Also add support for `Flux`.
See gh-18339
Update `CachingOperationInvoker` so that TTL caching is applied directly
to reactive types. Prior to this commit, a `Mono` would be cached, but
the values that it emitted would not.
See gh-18339
Update `DataSourceInitializedPublisher` to fallback to the
`LocalContainerEntityManagerFactoryBean` if the
`javax.persistence.nonJtaDataSource` property is not defined.
As of Hibernate 4.3 the property is no longer set if the `EntityManager`
is created from a `PersistenceUnitInfo` instance rather than actual
properties.
Although this is being addressed in Hibernate issue HHH-13432, it's
not strictly a requirement of the JPA spec that the property is set.
Fixes gh-17061
This will ensure that ReactiveManagementWebSecurityAutoConfiguration backs
off and that the actuator endpoints are also secured via OAuth2.
Fixes gh-17949
Previously, a number of usages of @ConditionalOnMissingBean prevented
a bean that implements an auto-configured bean's "main" interface from
causing the auto-configuration of the bean to back off. This would
happen when @ConditionalOnMissingBean did not specify a type, the
@Bean method returned the bean's concrete type, and that concreate
type implements a "main" interface.
This commit updates such usages of @ConditionalOnMissingBean to
specify the "main" interface as the type of the bean that must be
missing. This will allow, for example, the auto-configured
MongoTemplate bean to back off when a MongoOperations bean is defined.
Fixes gh-18101
Update `ApplicationContextRequestMatcher` to ensure that the `matches`
method is never called before `initialized`. This fixes an issue
accidentally introduced in commit 5938ca78 where concurrent calls
to `matches` could trigger unexpected errors due to the fact that the
second call proceeded before the `initialized` method had returned.
Fixes gh-18211
This commit makes sure that any subsequent call on addProtocolResolver
on the context will impact the ResourceLoader implementation that
DevTools sets on the context.
This makes sure that any custom ProtocolResolver that is set later in
the lifecycle is taken into account.
Closes gh-17214
Previously, calling getComment() on a nested jar file would result
in the outer jar file's comment being returned.
This commit updates the loader's JarFile to read the file's comment
from the central directory end record and return it from getComment().
Fixes gh-18128
Update the MockMvc documentation to provide more details about the
pros and cons of such an approach, specifically calling out the
difference with error page handling.
See gh-16718
Update the javadoc to note that `scanBasePackages` only affects the
`@ComponentScan` annotation and isn't a replacement for `@EntityScan`
or `@Enable...Repositories`.
Closes gh-18109
Update `SolrHealthIndicator` to fallback to a basic ping operation if
the `baseUrl` references a particular core rather than the root context.
Prior to this commit, if the Solr `baseUrl` pointed to a particular
core then the health indicator would incorrectly report `DOWN`.
See gh-16477
Previously, a custom FlywayMigrationInitializer bean named anything
other than flywayInitializer could result in a
NoSucBeanDefinitionException as the dependencies set up for JPA and
JDBC components used the bean name flywayInitializer.
This commit updates the configuration of the dependencies to depend
on FlywayMigrationInitializer beans by type rather than name.
Fixes gh-18105
Previously, a custom Flyway bean named anything other than flyway
could result in a NoSucBeanDefinitionException as the dependencies
set up for JPA and JDBC components used the bean name flyway.
This commit updates the configuration of the dependencies to depend
on Flyway beans by name rather than type.
Fixes gh-18102
This reverts commit f6f99d7855 as 9.4.20
includes an incompatible class change where an abstract class in
Jetty's public API was changed to an interface, making it incompatible
with Framework 5.1.9.
See gh-18035
Fix caching issues in `ApplicationContextRequestMatcher` and allow
subclasses to ignore an application context entirely. Update existing
matcher implementations so that they deal with the management context
correctly.
Prior to this commit, the `ApplicationContextRequestMatcher` would
return a context cached from the first request. It also didn't
provide any way to ignore a context. This meant that if the user was
running the management server on a different port the matching results
could be inconsistent depending on if the first request arrived on
the regular context or the management context. It also meant that we
could not distinguish between the regular context and the management
context when matching.
Closes gh-18012
Previously, when the Spring Boot CLI ran the Java command line for an
application it did a straight invocation which suppressed propagation of
signals to the JVM in certain circumstances (e.g within Docker containers).
This change prepends the command with exec which causes the Java process to
replace the script process in a shell ensuring that signals are propagated to
the Java process without suppression.
See gh-17976
Signed-off-by: Ben Hale <bhale@pivotal.io>
Previously, MetaInfResourceManager that we use with Undertow to serve
static resources from jar's META-INF/resources did not correctly
handle characters in the path that should be percent-encoded when
used in a URL.
This commit updates MetaInfResourceManager to encode the path before
it is used to create a URL. Prior to this encoding, encoded slashes
(%2F) are decoded as, unlike other encoded characters in the request's
URL, encoded slashes are not decoded prior to calling the
ResourceManager.
Fixes gh-17853
This commit also changes the request matcher for MVC
endpoints to use an AntPathRequestMatcher instead of an
MvcRequestMatcher. The endpoint is always available
under the mapped endpoint path and this way the same matcher
can be used for both MVC and Jersey.
Fixes gh-17912
Co-authored-by: Phillip Webb <pwebb@pivotal.io>
Move management `ErrorPage` registration from the
`WebMvcEndpointChildContextConfiguration` to
`WebMvcEndpointChildContextConfiguration` and only add it when the
error controller is registered.
Fixes gh-17938
Previously, when spying on a scoped bean the creation of the spy
would be performed using the scoped proxy. This would result in
the spy being unable to spy on any of the target bean's methods as
the scoped proxy's implementations of those methods would be final.
This commit updates MockitoPostProcessor so that the creation of the
spy and injection of the @SpyBean-annotated field is performed using
the scoped target. The scoped target has not be proxied so this
allows Mockito to spy on all of its methods.
Closes gh-17817
The versions of Jackon's bom and the versions of Jackson are often
not the same. For example, at the time of writing, the latest bom
version is 2.9.9.20190807 but the latest version of Jackson's core
is 2.9.9 and the latest version of Jackson's databind is 2.9.9.3.
spring-boot-dependencies using a property, jackson.version, to control
the version of jackson-bom that is imported. To make it clear that the
version property controls the version of Jackson's bom and not of
Jackson itself, this commit deprecates jackson.version in favour of
a new jackson-bom.version property.
An additional benefit of this change is that it addresses a problem
when using Gradle and the dependency management plugin. Jackson's bom
uses a jackson.version property to control the version
of core Jackson modules. This names clashes with the name of the
property used by spring-boot-dependencies. Specifying a custom
jackson.version to control the version of the bom that is imported
would also have the unwanted side-effect of customizing the version of
the core Jackson modules declared in Jackson's bom.
Fixes gh-17808
The userDn and password in LdapContextSource are not nullable. The
default values for userDn and password in LdapProperties are null. When
the values are set to null there will eventually be a
NullPointerException during
AbstractContextSource#setupAuthenticatedEnvironment since HashTable
doesn't allow null for values.
See gh-17861
Missing change logs would lead to an exception even
if the checkChangeLogLocation was set to false. Spring Boot's check
would pass but Liquibase would fail later making this property redundant.
Fixes gh-16232
This commit separates the auto-configuration of the `SessionFactory` in
an isolated class so that the rest of the auto-configuration is still
applied if the user provides a custom `SessionFactory` bean.
See gh-17662
This significantly rework the auto-configuration to reflect the order
in which things are expected. Rather than keeping a conceptual cycle
between the builder and the two inner classes that are processed first,
the configuration is now split in three parts:
* The builder that is required and common
* The configuration when the HighLevelClient is available
* The RestClient configuration when that's not the case
See gh-17488
Update `UndertowServletWebServerFactory` so that only our own mime type
mappings are included. Prior to this commit both our mime mappings and
Undertow's default mime mappings would always be included.
Fixes gh-17687
Previously, DeferredLinesWriter would collect MockMvc output from
every test that has executed. If a test eventually failed, the
output from every test up to including the one that had failed would
be output, rather than just the output for the test that has just
failed.
This commit clears the deferred lines after each test, thereby
ensuring that when a failure occurs only the lines from the failing
test are output.
Fixes gh-17551
Using a random value for the logfile name caused
the logfile endpoint to return a 404 as the name
was resolved from the environment on every request.
This commit registers a bean for LogFile which is then
used by the logfile endpoint.
Fixes gh-17434
Previously, if a user defined a MongoDbFactory bean but did not define
a client bean, MongoDataAutoConfiguration would back off leaving the
context without a MongoTemplate, etc.
This commit reworks the auto-configuration so that only the
auto-configuration of a MongoDbFactory is dependent on the existence
of a Mongo client bean. Auto-configuration of the other components
that depend on a MongoDbFactory will now continue in the absence of a
Mongo client bean.
Closes gh-17416
Previously, the context path was set to an empty string. The led to
Jetty logging a warning about an empty context path and then using
/ instead.
This commit avoids the warning while leaving the context path's end
result unchanged by setting the context path to /.
Closes gh-17399
This commit adds dependency management for Infinispan's Spring 5
modules that are introduced in 9.4.9.Final. It also removes redundant
exclusions for the dependency management for its Spring 4 modules.
Closes gh-17346
Update `StringToEnumIgnoringCaseConverterFactory` so that the
`getLettersAndDigits` method correctly appends `char` elements
rather than `int` elements.
Closes gh-17327