Update `ManagementServerProperties` so that `security.sessions` no
longer uses `SessionCreationPolicy` from Spring Security. We now
use our own enun which allows `management.security.*` properties to
be set without the risk of a `ClassNotFoundException`.
Fixes gh-3888
Previously, if an exception was thrown during request handling after
the response had been committed, i.e. after the status and headers
had been written, the metrics filter would assume that it was a 500
response. This was potentially inaccurate as the status had already
been sent to the client and before the exception was thrown and it
may have been something other than a 500.
This commit updates MetricsFilter so that it will use the
status from the response if the response has been committed even when
an exception is thrown.
Closes gh-7277
If the resource chain is used, such as by using the
`"spring.resources.chain.strategy.content.enabled"` property,
resource chain caching can prevent the developer from seeing
changes made to resources, so that caching should be disabled
when DevTools is enabled.
This commit sets the `"spring.resources.chain.cache"` property
to `true` when devtools is enabled.
Previously, there were two problems with servlet context initializer
beans that are a scoped proxy:
1. When there's no explicit registration bean the target of the scoped
proxy is registered rather than the proxy. This meant that the
proxy had no effect as it was being bypassed.
2. When there is an explicit registration bean, the registration is
performed twice: the faulty implicit registration described above
and explicit registration.
A fix (SPR-14816) has been made in Spring Framework so that we can
correctly determine the type of bean that will be produced by a
scoped proxy's factory bean. That change, coupled with the change in
this commit that ignored beans that are the target of a scoped proxy
addresses both of the problems described above. A single registration
is now performed and its the scoped proxy, rather than its target,
that is registered.
Closes gh-7150
Update `DevToolsPropertyDefaultsPostProcessor` so that property defaults
are only added at development time. Properties are now added only when
`Restarter` is initialize or remote devtools is enabled.
Fixes gh-7014
Update `ApplicationPidFileWriter` to support `ApplicationReadyEvent` in
addition to the already supported `ApplicationEnvironmentPreparedEvent`
and `ApplicationPreparedEvent` events.
Closes gh-7066
Fixes gh-7027
Update JpaBaseConfiguration so that the persistenceUnitRootLocation is
no longer detected. The update to gh-7003 means that we can now rely on
the standard detection mechanism.
Fixes gh-6983
See gh-6635
Previously, if Boot's JarURLConnection pointed to the root of a nested
entry, e.g. /BOOT-INF/classes, a call to getInputStream() would throw
an IOException. This behavior is reasonable for a URL that points
to the root of a normal jar as the jar itself is on the class path
anyway. However, for a nested jar it meant that a call to
ClassLoader.getResources("") would not include URLs for any nested
jars and directories (/BOOT-INF/classes and jars in /BOOT-INF/lib).
This is due to some logic in URLClassPath.Loader.findResource that
verifies a URL by opening a connection and calling getInputStream().
The result of missing URLs for the root of nested jars and directories
is that classpath scanning that scans from the root (not a good idea
for performance reasons, but something that we should support) would
not find entries in /BOOT-INF/classes or in jars in /BOOT-INF/lib.
This commit updates our JarURLConnection so that it no longer throws
an IOException when asked for an InputStream for the root of a nested
entry (directory or jar).
Fixes gh-7003
Stephane Nicoll
Johnny Lim
Phillip Webb
Andy Wilkinson
Madhura Bhave
Craig Andrews
Mike Youngstrom
Greg Potter