This commit updates CORS handling according to Framework changes
introduced via [1]. It also fixes tests according to the new behavior.
See gh-16410
[1] d27b5d0ab6.
Prior to this commit, exceptions nested in
`NestedServletExceptions` would not be recorded by the
`WebMvcMetricsFilter`. This commit ensures that exceptions
happening downstream (e.g. happening while writing the response
body itself) are properly recorded.
See https://github.com/micrometer-metrics/micrometer/issues/1190
See gh-16014
Update the `BaseConfiguration` class in `ScheduledTasksEndpointTests`
to be package private so that it can be enhanced by cglib.
Prior to merge commit 361437f4 the class was a lite configuration so
it didn't matter that it was a private class.
loadOnStartup property was missing from EndpointServlet and cannot be set
inside ServletEndpointRegistrar. Now it can be set and register a Servlet
with that integer property ready to act upon registration.
See gh-16053
When Spring Security is misconfigured it's possible to switch from an anonymous user
to a normal user. When switching back again, the corresponding
AuthenticationSwitchUserEvent will have a null target user. Previously, Actuator's
AuthenticationAuditListener would throw a NullPointerException when it received such an
event.
This commit updates the audit listener to defensively handled events with a null target
user.
Closes gh-15767
Andy Wilkinson
Sebastien Deleuze
Spring Operator
Madhura Bhave
Brian Clozel
Johnny Lim
Stephane Nicoll
Phillip Webb
Gómez Díaz, Julio José
Dmytro Nosan
Mehmed Baždar
Michael Simons