This commit removes auto-configuration support for Spring Security
OAuth, paving the way for the introduction of auto-configuration for
Spring Security 5's new OAuth-related features.
Closes gh-10255
Rework `org.springframework.boot.context.embedded` to relocate classes
to `org.springframework.boot.web`. Packages are now organized around
the following areas:
Packages for shared concerns, for example the `WebServer` interface
to start/stop a server and the common configuration elements:
- org.springframework.boot.web.context
- org.springframework.boot.web.server
Servlet specific packages:
- org.springframework.boot.web.servlet.server
- org.springframework.boot.web.servlet.context
- org.springframework.boot.web.servlet.filter
Reactive specific packages:
- org.springframework.boot.web.reactive.context
- org.springframework.boot.web.reactive.server
Embedded server implementations (both reactive and servlet):
- org.springframework.boot.web.embedded
In addition:
- Rename `EmbeddedServletContainerFactory` to `ServletWebServerFactory`
to align with the `ReactiveWebServerFactory`.
- Rename `EmbeddedWebApplicationContext` to
`ServletWebServerApplicationContext` and
- Rename `EmbeddedReactiveWebApplicationContext` to
`ReactiveWebServerApplicationContext`.
- Add checkstyle rules to restrict imports.
- Fixup all affected code to use the correct imports and local names.
Fixes gh-8532
This contract is not specific to servlet containers and should be
reused by all web server implementations (including reactive variants).
Fixes gh-8208
This commit raises the minimum supported version of Thymeleaf to
3.0.x. It also upgrades Spring Social to a version that is compatible
with Thymeleaf 3.
Closes gh-7450
Closes gh-6258
See gh-7885
User can enable OAuth2 SSO by declaring the intent (@EnableOAuth2Sso)
and also configuring the client properties (spring.oauth2.client.*).
The spring.oauth2.sso.* are only needed to change the path for the
login (defaults to /login) - any other security configuration for the
protected resources can be added in a WebSecurityConfigurerAdapter
which carries the @EnableOAuth2Sso annotation.
* Automatically spin up Authorization Server and Resource Server
* Automatically configures method level security included OAuth2Expression handler
* Wrote extensive unit tests verifying default behavior as well as the auto-configuration backing off when custom Authorization/Resource servers are included
* Created org.springframework.boot.security.oauth2 subpackage to contain it
* Can also disable either resource of authorization server completely with a single property for each
* Print out the auto-generated secrets and other settings
* Added spring-boot-sample-secure-oauth2 to provide a sample that can be run and poked with curl as well as some automated tests.
* Make users ask for which servers to install by adding @Enable*
* User has to @EnableGlobalMethodSecurity instead of using properties files
Add Spring Security OAuth2 support to Spring Boot CLI
* Triggered from either @EnableAuthorizationServer or @EnableResourceServer
* Needs to have @EnableGlobalMethodSecurity to allow picking the annotation model.
* By default, comes with import support for @PreAuthorize, @PreFilter, @PostAuthorize, and @PostFilter via a single start import
* Also need import support for the enable annotations mentioned above.
* Added extra test case and sample (oauth2.groovy)
This commit deprecates the proprietary EnableRabbitMessaging annotation
in favour of the standard @EnableRabbit introduced as of Spring Rabbit
1.4.
Fixes gh-1494
This commit avoids a script duplication: the integration test runs the
sample instead of a copy of it in the repro directory.
Also switched the sample from ActiveMQ to HornetQ as #323 revealed
some locking on CI. Hopefully that should fix it as HornetQ is non
persistent and can be embedded several times in the same VM.
Fixes gh-1456
This commit deprecates the proprietary EnableJmsMessaging annotation in
favour of the standard @EnableJms introduced as of Spring 4.1. This
commit also updates the sample and adds an integration test as the
feature was actually broken.
Fixes gh-1456
Actually the web-secure sample is misusing
security.basic.enabled=false (IMO) - it should be a flag
to say that you want to temporarily disable the basic security
fallback on application endpoins, not way to disable all
security autoconfiguration.
Added test case to web-secure sample to ensure a user
can log in.
Fixes gh-979
User can add (a single) beans{} DSL declaration (see GroovyBeanDefinitionReader
in Spring 4 for more detail) anywhere at the top level of an application source
file. It will be compiled to a closure and fed in to the application context
through a GroovyBeanDefinitionReader. Cool!
The example spring-boot-cli/samples/beans.groovy runs in an integration test
and passes (see SampleIntegrationTests).
Previously, the default classpath was empty. Now, in the absence of the
user providing a classpath via the -cp option, the default classpath
will be ".". If the user does specify a classpath, the classpath that's
used will be exactly what they have specified, i.e. "." will no longer
be on the classpath unless specified by the user.
The app sample integration test has been updated to verify that "." is
only the classpath by default.
Fixes#115
Rework classloading for launched applications so that CLI classes and
dependencies are not visible. This change allows many of the previous
hacks and workarounds to be removed.
With the exception of the 'org.springframework.boot.groovy' package
and 'groovy-all' all user required depndencies are now pulled in
via @Grab annotations.
The updated classloading algorithm has enabled the following changes:
- AetherGrapeEngine is now back in the cli project and the
spring-boot-cli-grape project has been removed. The AetherGrapeEngine
has also been simplified.
- The TestCommand now launches a TestRunner (similar in design to the
SpringApplicationRunner) and report test failures directly using
the junit TextListener. Adding custom 'testers' source to the users
project is no longer required. The previous 'double compile' for
tests has also been removed.
- Utility classes have been removed in favor of using versions from
spring-core.
- The CLI jar is now packaged using the 'boot-loader' rather than using
the maven shade plugin.
This commit also applied minor polish refactoring to a number of
classes.
Previously, simple @Grab annotations only worked on classes. This commit
updates the simple @Grab support so that they can be used on anything
that can be annotated with @Grab.
The simplified @Grab support relies upon springcli.properties having
been generated. This commit adds an M2E lifecycle mapping for the
antrun plugin so that springcli.properties is generated as part of an
Eclipse build, thereby making it easier to run tests in Eclipse that
rely upon the simplified @Grab support.
Usually, use of @Grab requires you to specify a group, module, and
version when identifying a dependency. This can be done in two
different ways:
@Grab(group='alpha', module='bravo', version='1.0.0')
@Grab('alpha:bravo:1.0.0')
This commit allows users to only specify a module: the group is
inferred and the version is the one dictated by the boot CLI. Both
forms are supported:
@Grab(module='bravo')
@Grab('bravo')
Groovy's global AST transformations, which is how Grab is implemented,
do not support ordering and we need to augment the AST for the Grab
annotation before its processed by the Grab AST transformation. To
work around this, reflection is used to get hold of the compile
operations in the conversion phase, and a new AST transformation is
inserted immediately before the first AST transformation operation.
To allow a module's groupId and version to be resolved consistently,
META-INF/springcli.properties has been enhanced to include properties
for each module that we want to support in the following form:
<module>.groudId = <groudId>
<module>.version = <version>
<groupId> and <version> are taken from the Maven project's
dependencies and VPP, a Velocity-based pre-processor, is used to
automatically generate the enhanced properties file.
To prevent pollution of spring-boot-cli's class path with the
dependencies that are only required to populate springcli.properties,
a separate project, spring-boot-cli-properties, has been created.
spring-boot-cli depends upon this now project causing it to, via the
shade plug, include the properties file in its jar.
Previously DependencyCustomizer allow a dependency to be added by
specifying its full coordinates, i.e. a group ID, artifact ID, and
version. This commit updates DependencyCustomizer to only require
an artifact/module ID. The group ID and version are then resolved
using the same mechanism as the enhanced @Grab support.
[#56328644] [bs-312] Allow @Grab without version
- If RabbitTemplate is on the classpath, turn on autodetection.
- Create a RabbitTemplate, a Rabbit ConnectionFactory, and a RabbitAdmin is spring.rabbitmq.dynamic:true
- Enable some **spring.rabbitmq** properties like host, port, username, password, and dynamic
- Add tests to verify functionality
- Add Groovy CLI functionality. Base it on @EnableRabbitMessaging. Add spring-amqp to the path.
- Create rabbit.groovy test to prove it all works.
- Make Queue and TopicExchange top-level Spring beans in rabbit.groovy test script
* application.properties support for spring.jms and spring.activemq
* more tests to verify ActiveMQConnectionFactory pooling
* Groovy support and simple sample with activemq
* Groovy detection mechanism is @EnableJmsMessaging annotation
* Add ability to detect spring-jms on the path and create a JmsTemplate with
ActiveMQConnectionFactory
* Create tests showing autoconfigured JmsTemplate with ActiveMQ, but prove it
backs off if a separate ConnectionFactory exists.
* Add support to spring-boot-cli to that it detects JmsTemplate, DefaultMessageListenerContainer,
or SimpleMessageListenerContainer, and turns on autoconfiguration as well as
add proper @Grab's and import statements.
* Write a jms.groovy test showing proper CLI support
Simplify ActiveMQ configuration
Update ActiveMQ to 5.7.0
* @EnableTransactionManagement triggers spring-tx imports
* Field or method of type JdbcTemplate or NamedParameterJdbcTemplate
of DataSource triggers spring-jdbc imports
Andy Wilkinson
Phillip Webb
Brian Clozel
Johnny Lim
Dave Syer
Greg Turnquist
Stephane Nicoll
Phillip Webb
Dave Syer
Gary Russell
Artem Bilan
Andy Wilkinson
Roy Clarkson