As auto-configuration for Spring Security OAuth has been removed
from Spring Boot 2.0 and Spring Security 5 doesn't have OAuth
2.0 Authorization / Resource Server support yet, it has not
been obvious at all how to implement an OAUth 2.0 server with
Spring Boot 2.0.
For that reason, this new section briefly explains the current
temporary situation and points to the spring-security-oauth2-autoconfigure
module that restores the auto-configuration support for OAuth
2.0 Authorization and Resource Servers.
Closes gh-12491
Update `Map` and `Collection` binders to create a copy of the existing
collection whenever possible. Prior to this commit the binder would
always mutate the existing value and then call the setter with the
same instance. This could cause issues if the setter expected a
different instance.
Fixes gh-12322
Previously, the underlying RandomAccessDataFile was not closed when
the JarFile that was using it was closed. This causes a problem on
Windows as the open file handle prevents the file from being deleted.
This commit updates JarFile to close the underlying
RandomAccessDataFile when it is closed and has a JarFileType of
DIRECT.
Previously, when accessing the manifest of a jar file that maps to a
nested directory (BOOT-INF/classes) a new JarFile was created from the
root jar file, the manifest was retrieved, and the new JarFile was
closed. This could lead to the underlying RandomAccessDataFile being
closed while it was still in use.
This commit improves JarFile to retrieve the manifest from the
existing outer JarFile, thereby avoiding the need to create and close
a new JarFile.
Unfortunately, PropertiesLauncher creates a number of scenarios where
a JarFile with a type of direct is closed while it’s still being used.
To accommodate this behaviour, RandomAccessDataFile has been updated
so that it can re-open the underlying RandomAccessFile if it is used
after it has been closed.
Closes gh-12296
This commit disables the default HTML view in the WebFlux error handling
support when `server.error.whitelabel.enabled=false`.
In this case, the original exception will be forwarded down the stream
and handled by the default `WebExceptionHandler` provided by Spring
WebFlux (likely to respond a blank page and an error HTTP response
status).
Closes gh-12520
Update `SpringConfigurationPropertySources` adapter logic so that and
exact instance match is used when checking if the cache can be used.
Prior to this commit if a property source was replaced with one that
had exactly the same name, the adapted version would not change.
Fixes gh-12451
Even though War deployment is supported by Spring Framework itself for
WebFlux applications, this is not the case currently in Spring Boot.
Fixes gh-12455
This commit fixes 220f8cd and moves the order for
`WelcomePageHandlerMapping` to `2` since the previous order was
conflicting with the resource mapping.
Closes gh-12335
Refactor JSON parser wrappers to remove duplicate code portions in the
parseMap() and parseList() methods by adding an AbstractJsonParser.
See gh-12428
This commit orders the `WelcomePageHandlerMapping` at
`Ordered.LOWEST_PRECEDENCE -1` in order to give a chance to other
mappings to handle the incoming requests.
In this case, developers might provide a custom `ViewController` or
custom `HandlerMapping` for the `"/"` path and we should not override
that opinion.
Closes gh-12335
This commit updates WebTestClientAutoConfiguration to only create a
WebTestClient when running a WebFlux-based application as mocking the
context only works with that mode at the moment.
Closes gh-12318
This commit updates Spring Boot's DeferredImportSelector implementations
to group imports in a consistent set. This makes sure ordering is
applied consistently.
Closes gh-12366
This commit updates the annotation processor and the binder to ignore
any static or abstract method that has the characteristics of a JavaBean
accessor. As a result, no property is generated for those (invalid)
accessor and no binding occurs on them either.
Closes gh-12390
Prior to this commit, all `WebMvcConfigurer` instances provided by user
configuration were processed *before* the one provided by the
`WebMvcAutoConfiguration`.
For many options this has no consequence, but for some, like the
`ContentNegotiationConfigurer`, settings were overriden by the
auto-configuration even if developers provided an opinion.
This commit orders the `WebMvcConfigurer` provided by the
auto-configuration at `0`, so that custom configurers (unordered, at
`Ordered.LOWEST_PRECEDENCE`) are processed *after*.
This still gives room to developers for configuring things *before* the
auto-configuration - they can still order their own configuration
accordingly.
Fixes gh-12389
This commit fixes the binder so that it property identifies JavaBean
accessors. Previously an accessor named `get` or `is` was identified.
Similarly, a setter named `set` was identified.
Closes gh-12363
This commit defers the resolution of the default ddl auto mode only when
it is absolutely necessary. This prevents Spring Boot to attempt to get
a connection when it isn't necessary
Closes gh-12374
Previously, when performing lazy initialisation of the context,
ApplicationContextRequestMatcher assigned the context field before it
called initialized. The context being non-null is used as the signal
that it’s ok to call a subclass’s matches method. If one thread checks
for a non-null context in between the field being assigned and
initialized being called on another thread, matches will be called
before the subclass is ready.
This commit closes the window for the race condition by only assigning
the context field once the subclass’s initialized method has been
called.
There is a secondary problem in each of the subclasses. Due to the use
of double-checked locking in ApplicationContextRequestMatcher, it’s
possible for a subclass’s matches method to be called by a thread that
has not synchronised on the context lock that’s held when initialized
is called and the delegate field is assigned. This means that the
value assigned to the field may not be visible to that thread.
This commit declares the delegate field of each
ApplicationContextRequestMatcher subclass as volatile to ensure that,
following initialisation, its value is guaranteed to be visible to
all threads.
Closes gh-12380
This commit detects if a `ConnectionNameStrategy` bean exists in the
context and associates it with the auto-configured RabbitMQ's
`ConnectionFactory` when that is the case.
Closes gh-12367
With JDK 8 being the baseline and JDK 7 not being supported anymore we
can get rid of the workaround for a JDK 7 bug in
ProcessBuilder.inheritIO on Windows machines.
Closes gh-12337
Previously, the JDK 10 build would fail as we build the plugin using
Gradle 4.0.x (the lowest version of Gradle that we support) and
Gradle 4.0.x doesn't work with Java 10.
Upgrading to Gradle 4.1, which appears to work with Java 10, was
considered but rejected for now as it introduces the risk that we
inadvertently use an API that's new in 4.1 and break our 4.0 support.
This commit goes for the extreme option and disables building the
Gradle Plugin when building with JDK.
See gh-12028