Previously, whitespace in between the keys and values in the JSON was
not trimmed correctly in BasicJsonParser which lead to it incorrectly
parsing JSON with whitespace between the opening of a list ([) and the
opening of a map ({).
This commit updates the parser to trim unwanted whitespace and adds a
test to AbstractJsonParserTests to verify the whitespace handling
behaviour across all JsonParser implementations.
Closes gh-18911
Previously @ServletComponentScan did not work when there was a
component index on the classpath as it made an assumption about
the concrete type of the BeanDefinitions produced by scanning that
does not hold true when an index is present.
This commit updates the scanning and the handlers to correct the
assumpution by working with a bean definition type that is produced
by scanning both when there is and when there is not an index present.
To prevent the problem from reoccuring, a test that uses and index
has been added and the import of ScannedGenericBeanDefinition is now
prohibited by Checkstyle.
Closes gh-18910
This commit makes sure that the health endpoint returns a default health
status when no contributors are available. Previously, it was returning
`null` which leads to a 404 when exposed via HTTP.
Closes gh-18676
Prior to this commit constructor bound configuration properties could
not be mocked because it would fail validation from
ConfigurationPropertiesBeanDefinitionValidator. The MockitoPostProcessor
registers the mocked bean as a singleton and validation can be skipped if a
singleton for the type is found in the bean factory.
Fixes gh-18652
This commit fixes a few bugs related to constructor binding.
The ContructorFilter on the Bindable has been replaced with a
Binder level BinderConstructorProvider so that it can be used to
determine the constructor to use for nested properties as well.
Fixes gh-18810
Fixes gh-18670
Closes gh-18685
Closes gh-18894
Co-authored-by: Phillip Webb <pwebb@pivotal.io>
Previously, when the configuration properties annotation processor
encountered a property that was the same as an outer type that had
already been processed, it would fail with a stack overflow error.
This commit introduces the use of a stack to track the types that
have been processed. Types that have been seen before are skipped,
thereby preventing a failure from occurring. We do not fail upon
encountering a recursive type to allow metadata generation to
complete. At runtime, the recursive property will not cause a problem
if it is not bound.
Fixes gh-18365
Previously, the documentation did not provide any guidance on using
Jersey alongside Spring MVC or any other web framework.
This improves the documentation in two ways:
1. It notes that, in the presence of both Jersey and Spring MVC, the
Actuator will prefer Spring MVC for exposing HTTP endpoints.
2. It adds a how-to describing how to configure Jersey to forward
requests for which it has no handler on to the rest of the filter
chain. When Spring MVC is the other framework, this allows them to
be handled by its dispatcher servlet.
Closes gh-17523
This commit is a continuation of the work done in 987a5f81. In
addition to developers and licenses that are covered in the earlier
commit, a number of other settings are still inherited from the
starter parent. This commit updates the documentation to show them
being overridden as well.
Closes gh-18532
Previously, @EndpointFilter would only have an effect when used as
an annotation or meta-annotation on the endpoint class itself. It
would have no effect when used on a super-class of the endpoint
bean's class.
This commit updates EndpointDiscoverer so that an @EndpointFilter
annotation or meta-annotation on a super-class will be found and
applied to the discovery process. This is achieved by using find…
rather than get… when retrieving the attributes for the EndpointFilter
annotation.
Fixes gh-17866
Previously, AbstractDependsOnBeanFactoryPostProcessor was unordered
which meant that it was impossible to guarantee that another bean
factory post-processor would run after it. This prevented overriding
of the dependsOn relationships that is creates.
This commit updates AbstractDependsOnBeanFactoryPostProcessor to give
it a default order of zero. This will allow additional bean factory
post-processors to be configured with a lower precedence order (values
greater than 0) so that they run after any
AbstractDependsOnBeanFactoryPostProcessor and can override the
dependencies that it has configured.
Fixes gh-18362
Publishing to Maven Central requires spring-boot-starter-parent to
declare its license and developers. When a user then uses
spring-boot-starter-parent as their project's parent, these values
are inherited and this is almost certainly unwanted.
This commit updates the documentation to recommend and demonstrate
overriding the license and developers that are inherited from the
starter parent.
Closes gh-18532
Previously, the security risks and our recommendations on how to
mitigate them were not documented as clearly as they could have been.
This commit makes some changes to try to address this:
1. The security risk is now noted at the beginning of the section
2. The recommendation to use SSL is now documented more prominently
and an alternative recommendation to only use remote support on
a trusted network has been added.
3. The example secret has been removed to prevent copy and paste
4. A recommendation to use a secret that is unique and strong has been
added
Closes gh-18825
Andy Wilkinson
Stephane Nicoll
Johnny Lim
Madhura Bhave
Phillip Webb
dreis2211
Mark Pollack
Jens Teglhus Møller