Previously, spring-boot required org.json:json to be on the compile
classpath, but it was only there by virtue of it being a transitive
dependency of another of spring-boot’s dependency. This commit makes
it clear that spring-boot has an (optional) dependency on org.json:json
by having an explicit dependency declaration for it. Additionally, the
name of the version property and the alphabetical ordering in
spring-boot-dependencies have been corrected.
Closes gh-3290
Update `spring-boot-dependencies` to exclude `commons-logging` from
`infinispan-spring4`. The version pulled in was very old and included
a transitive dependency to `servlet-api` 2.4.
Fixes gh-3291
Add auto-configuration support for Apache Artemis which was formed when
HornetQ was donated to the Apache Foundation. The majority of this code
is based on the HornetQ auto-configuration.
Fixes gh-3154
Closes gh-3246
This commit aligns our dependency management for GemFire with the
version used by the version of Spring Data GemFire that we currently
depend upon.
Previously, some dependency management that was added (see #2884) to
work around problems with GemFire 8.0’s dependencies; specifically it
depended on different versions of org.eclipse.jdt.core.compiler:ecj and
xml-apis:xml-apis. The different dependency versions appear to no
longer be a problem with 8.1 so this dependency management is now
redundant and has been removed.
Closes gh-3284
This commit adds support for automatically configuring Spring Session.
In a web application when both Spring Session and Spring Data Redis
are on the classpath, Spring Session's Redis Http Session support
will be auto-configured. The max inactive interval for Redis-backed
sessions can be configured via the environment using the existing
server.session-timeout property.
Closes gh-2318
* Automatically spin up Authorization Server and Resource Server
* Automatically configures method level security included OAuth2Expression handler
* Wrote extensive unit tests verifying default behavior as well as the auto-configuration backing off when custom Authorization/Resource servers are included
* Created org.springframework.boot.security.oauth2 subpackage to contain it
* Can also disable either resource of authorization server completely with a single property for each
* Print out the auto-generated secrets and other settings
* Added spring-boot-sample-secure-oauth2 to provide a sample that can be run and poked with curl as well as some automated tests.
* Make users ask for which servers to install by adding @Enable*
* User has to @EnableGlobalMethodSecurity instead of using properties files
Add Spring Security OAuth2 support to Spring Boot CLI
* Triggered from either @EnableAuthorizationServer or @EnableResourceServer
* Needs to have @EnableGlobalMethodSecurity to allow picking the annotation model.
* By default, comes with import support for @PreAuthorize, @PreFilter, @PostAuthorize, and @PostFilter via a single start import
* Also need import support for the enable annotations mentioned above.
* Added extra test case and sample (oauth2.groovy)
Users that wish to override the version of Hibernate need to override
the hibernate.version property, as it’s the one used when declaring the
dependency management for Hibernate’s modules, so the
hibernate-entitymanager.version property is of little value.
Closes gh-3004
Updated to the `EmbeddedCacheManager` interface and added support for
default cache configuration.
Added dependencies management for the JCache support with tests
Fixes gh-2906, see gh-2633
Include auto-configuration support for Infinispan. It is possible
to specify the caches to create via `spring.cache.cache-names`.
Provider also allow to set configuration file via `spring.cache.config`.
See gh-2633
Without dependency management for org.apache.httpcomponents:httpcore,
it’s possible to get mismatched versions of httpcore and httpclient.
Closes gh-2941
Previously, the CLI’s dependency management used proprietary Properties
file-based metadata to configure its dependency management. Since
spring-boot-gradle-plugin’s move to using the separate dependency
management plugin the CLI was the only user of this format.
This commit updates the CLI to use Maven boms to configure its
dependency management. By default it uses the spring-boot-dependencies
bom. This configuration can be augmented and overridden using the new
@DependencyManagementBom annotation which replaces @GrabMetadata.
Closes gh-2688
Closes gh-2439
While this is a breaking change, continuing with Spring Social
Facebook 1.1.x is also broken as it is no longer compatible with
Facebook's API. Upgrading to 2.0.1.RELEASE may require some changes
to be made to users' applications, but it will allow their
applications to use the Facebook API once again.
Closes gh-2837
GemFire 8.0 depends on two different versions of xml-apis:xml-apis and
org.eclipse.jdt.core.compiler:ecj. This commit adds dependency
management for those two dependencies to address the dependency
convergence errors reported by Maven’s enforcer plugin.
GemFire 8.0 also depends on commons-logging and Spring Boot starters
should use jcl-over-slf4j instead. This commit adds an exclusion for
commons-logging
GemFire 8.0 depends (optionally) on spring-data-gemfire and
spring-data-gemfire depends on GemFire, i.e. there’s a dependency cycle
between the two projects. This commit breaks this cycle by adding an
exclusion for spring-data-gemfire to the dependency management for
com.gemstone.gemfire:gemfire.
This commit should be reverted once the problems with GemFire’s
dependencies have been addressed. See gh-2884.
Hibernate depends on antlr:antlr:2.7.7 (the latest version on Antlr 2)
and fails with earlier 2.7.x versions due to a missing method. This
can cause problems for Maven users if they also depend on something that
pulls in an earlier version of Antlr, such as
spring-boot-starter-velocity. Gradle users are unaffected as, when
multiple versions of a dependency are found in the graph, Gradle will
choose the latest version.
This commit adds dependency management for antlr:antlr:2.7.7 to ensure
that the latest, and Hibernate compatible, version of Antlr 2 is used.
Closes gh-2814
This commit updates Spring Boot to use Spring Security 4. As a result
of this, the coordinates of Thmyeleaf's Spring Security extra, for
which dependency management and auto-configuration is provided, have
been updated to the Spring Security 4 variant.
Closes gh-2727