Previously, the error page security filter passed the request's URI
to the privilege evaluator. This was incorrect in applications with
a custom context path as the privilege evaluator must be passed a
path that does not include the context path and the request URI
includes the context path.
This commit updates the filter to use UrlPathHelper's
pathWithinApplication instead. The path within the application does
not include the context path. In addition, pathWithinAppliation
also correctly handles applications configured with a servlet
mapping other than the default of /.
Closes gh-29299
Co-Authored-By: Andy Wilkinson <wilkinsona@vmware.com>
Update `ConventionsPluginTests` so that dependency resolution is
not required. This provides a work-around for our currently failing
Windows build.
Closes gh-29490
This commit updates DatabaseInitializationDependencyConfigurer so that
it does not inject the Environment anymore. Doing so in such a low-level
callback can lead to early resolution of factory beans. Rather, this
commit uses the EnvironmentAware callback that short-circuit dependency
resolution.
Closes gh-29475
Update `ConfigDataEnvironmentContributor.isActive` so that unbound
imports are no longer considered active. Prior to this commit, any
`ConfigDataEnvironmentContributor` that had `null` properties was
considered active. This is incorrect for `Kind.UNBOUND_IMPORT`
contributors since we haven't yet bound the `spring.config.*`
properties.
The `ConfigDataEnvironmentContributorPlaceholdersResolver` has been
updated to handle the refined logic. A placeholder can now be resolved
from the current contributor, or from an unbound contributor by binding
it on the fly.
Fixes gh-29386
Janne Valkealahti
Spring Builds
Madhura Bhave
Andy Wilkinson
Stephane Nicoll
Phillip Webb
Jerome Prinet