FacesListener in Mojarra 2.2.12 (used in Glassfish 4.1.1) is a
ServletContainerInitializer that’s annotated to handle types annotated
with javax.annotation.Resource.
OAuth2RestOperationsConfiguration.SessionScopedConfiguration is one such
class. This leads to com.sun.faces.config.DelegatingAnnotationProvider
calling getAnnotations on SessionScopedConfiguration.class. This fails
with a java.lang.ArrayStoreException due to SessionScopedConfiguration
being annotated with @ConditionalOnBean(OAuth2ClientConfiguration) and
OAuth2ClientConfiguration not being on the classpath.
DelegatingAnnotationProvider currently catches NoClassDefFoundErrors
thrown during its annotation processing. It needs to be made more
robust so that it also copes with an ArrayStoreException, in a similar
way to how org.glassfish.apf.impl.AnnotationProcessorImpl was updated to
fix GLASSFISH-21265 [1]. I’ve opened an issue to this effect [2].
In the meantime, we can work around the brittleness in
DelegatingAnnotationProvider by restructuring
SessionScopedConfiguration. This commit moves the use of @Resource into
a nested inner class, ClientContextConfiguration, while leaving the use
of @ConditionalOnBean on SessionScopedConfiguration. This means that it
is now ClientContextConfiguration that is passed to FacesListener and
processed by DelegatingAnnotationProcessor, thereby avoiding exposing
it to the @ConditionalOnBean annotation that it does not handle
gracefully. A Glassfish-based deployment test has also been added to
verify the fix.
Closes gh-2079
Closes gh-4321
[1] https://java.net/jira/browse/GLASSFISH-21265
[2] https://java.net/jira/browse/JAVASERVERFACES-4076
Previously, OrderedRequestContextFilter was ordered such that it
ran after Spring Security's Filter. This meant that the request
context was unavailable to any Filters in Spring Security's Filter
chain. Specifically, this caused a failure when using @EnableOAuth2Sso
as OAuth2ClientAuthenticationProcessingFilter, which is added to
Spring Security's Filter chain would be unable to use the
request-scoped bean upon which it depends.
This commit updates the order of OrderedRequestContextFilter so that
the request context is set up before Spring Security's Filter runs.
The tests for SampleGitHubApplication have been updated to use
TestRestTemplate rather than MockMvc. This is necessary as the latter,
via ServletTestExecutionListener, automatically populates the request
context holder, masking the fact that the request context filter was
setting it up too late.
Closes gh-4270
Update TraceWebFilter to optionally trace more details from the
HttpServletRequest/HttpServletResponse. The `management.trace.include`
property can be used to change what aspects are logged.
Closes gh-3948
Prior to 8.0.28 Tomcat required the key store and trust store (if any)
to be available directly on the filesystem, i.e. classpath: resources
would not work. Tomcat 8.0.28 removed this limitation.
This commit updates to Tomcat 8.0.28, updates the tests to verify
the new Tomcat capability and removes the obsolete documentation of
the restriction.
Closes gh-4048
Update the samples and integration tests to use Java 8. There's no
specific reason to keep them on Java 6 and it helps keep Eclipse happy
if we upgrade.
Update the samples and integration tests to use Java 8. There's no
specific reason to keep them on Java 6 and it helps keep Eclipse happy
if we upgrade.
The redirect happens in two stages, first from / to /login on localhost
and then to github.com. This commit updates the test to check that the
first redirect has worked, i.e. from / to /login on localhost.
Commit c85f4df0ee broke the build as some tests are expecting HSQL to be
used. We now specify the name of the database rather than specifying the
jdbc url.
Use "return" instead of "exit" where possible, especially in
function definitions.
Also fixed the exit codes to match the LSB spec for some specific
conditions (fixes gh-3521).
Fixes gh-3199, fixes gh-3535
Previously, native cache libraries were favored over a standard JSR-107
implementation. If a user has a working setup using JCache with one
provider and switch to another provider, his setup may be broken if we
happen to provide a native support for the new provider.
We now consistently favor JSR-107 if it is present. Native support can
still be enabled via the `spring.cache.type` property.
Closes gh-3822
Given that Spring Boot uses java config accross the board, a new `value`
attribute is now aliased to the existing `classes` attribute such that
one could write the following:
@SpringApplicationConfiguration(MyConfig.class)
public class MyTest {}
Closes gh-3635
Update LinksMvcEndpoint and HalBrowserMvcEndpoint so that no longer try
to use the `/` context path. Links are now available from `/links` and
the HAL browser is available from `/hal`.
The actuator HAL browser now works with either WebJars or the Spring
Data version. It also now transforms the initial HTML so that the
form is pre-populated with `/links`.
When using Spring Data's HAL browser, the root includes a link to
`/links` with a rel of `actuator`.
See gh-3621
This commit updates the default output produced when using Log2J 2 to
be similar to the output produced by Logback. It introduces a new
converter for throwables that adds some whitespace around stacktraces
and a color converter that produces ANSI-colored output when enabled
via spring.output.ansi.enabled.
Closes gh-3548
Harmonize the configuration properties for Undertow to match the changes
made for gh-2491.
Move `spring.undertow.accessLog*` to `spring.undertow.accesslog.*`
Add an auto-configuration that avoid a Spring Boot user to add
`@EnableConfigurationProperties` to its configuration to benefit from
that feature.
As our own auto-configurations are tested independently, such annotation
is still present to avoid a useless reference to this new
auto-configuration.
Closes gh-2457
Since each sample has (supposedly) only one application class and not
a lot of the code, the `mainClassName` attribute in the gradle build is
not really useful and can lead to inconsistency if the application class
is moved.
See gh-3588
Embedded MongoDB is now auto-configured when it is on the classpath.
The Mongo instance will listen on the port specified by the
spring.data.mongodb.port property. If this property has a value of
zero and randomly allocated port will be used. In such an event, the
MongoClient created by MongoAutoConfiguration will be automatically
configured to use the port that was allocated.
By default, MongoDB 2.6.10 will be used. This can be configured using
the spring.embedded-mongodb.version property. Mongo's sync delay
feature is enabled by default. This can be configured using the
spring.embedded-mongobd.features property.
Closes gh-2002
When Spring Data REST is owning the home page it has its own
HandlerMapping with a fix (relatively) low priority. The /links
endpoint wants to own the home page as well, and our handler mapping
has a high priority for good reasons. This change addresses the
issue by checking if Spring Data REST is configured and if
the management context path (or more specifically, the links
endpoint) is the same as the home page.
Fixes gh-3486
When Spring Security sends 302 responses to a login page we don't get
any information about the request matching in Spring MVC. Consequently
apps can end up with a lot of counter.status.302.* metrics (where
"*" can be whatever the user sent).
This change treats 3xx the same as 4xx (if it is unmapped it just gets
added to a metric called "unmapped" instead of using the actual request
path).
Fixes gh-2563
Unfortunately, we have no other choice to flip the ignoreUnknownFields
attribute of `SecurityProperties` has many different target are now set
for that namespace outside the class. See gh-3445 for a potential way
to improve that.
Closes gh-3327
If spring-hateoas is on the classpath and an MvcEndpoint returns a
@ResponseBody it will be extended and wrapped into a Resource with links.
All the existing endpoints that return sensible JSON data can be extended
this way (i.e. not /logfile). The HAL browser will also be added as an
endpoint if available on the classpath. Finally, asciidocs for the
Actuator endpoints are available as a separate jar file, which if
included in an app will also generate a new (HTTP) endpoint.
Fixes gh-1390
There is a new spring.factories entry for
org.springframework.boot.actuate.autoconfigure.EndpointWebMvcConfiguration
which loads extra beans into the MVC config for the Actuator.
If the management context is a child context all the beans go in the
child (except the Spring Security filter still). A big bonus is that
you can add WebConfigurerAdapters to configure static resources etc.
A new component called ManagementContextResolver can be used to
locate the ApplicationContext for the MVC endpoints.
Fixes gh-3345