Fixes an issue where auto-configuration for Spring Authorization Server
was overriding the default exception handling (AuthenticationEntryPoint)
resulting in anonymous requests to the token endpoint being redirected
to the Spring Security login page instead of returning 401 Unauthorized.
Auto-configuration now registers a defaultAuthenticationEntryPointFor
that is added to any other entry points already configured.
See gh-35368
Replace `SessionRepositoryFilterConfiguration` filter registration bean
with a `DelegatingFilterProxyRegistrationBean` so that
`SessionRepository` beans are not initialized early.
Fixes gh-35240
The properties `spring.couchbase.env.ssl.key-store`
and `spring.couchbase.env.ssl.key-store-password`
are deprecated in favor of configuring an SSL bundle with
`spring.couchbase.env.ssl.bundle`. The older properties
have somewhat confusing names, since they are used to
configure a trust store in Couchbase, and they don't
provide all the options that an SSL bundle provides.
Closes gh-35135
Introduce `WebClientSsl` interface and auto-configuration to allow a
WebClient builder to have custom SSL configuration applied.
The previous `ClientHttpConnectorConfiguration` has been been changed
to now create `ClientHttpConnectorFactory` instances which can be used
directly or by `AutoConfiguredWebClientSsl`.
Closes gh-18556
Update `SslOptions` so that `null` is used for default values rather
than empty sets. Most libraries use `null` to indicate defaults so
aligning our class makes things easier.
See gh-34814
Update Tomcat, Jetty, Undertow and Netty servers so that an SslBundle
is used to apply SSL configuration. Existing `Ssl` properties are
internally adapted to an `SslBundle` using the `WebServerSslBundle`
class. Additionally, if `Ssl.getBundle()` returns a non-null value the
the `SslBundles` bean will be used to find a registered bundle by name.
See gh-34814
Add auto-configuration for SSL bundles including new configuration
properties that can be used to define a bundle.
SSL bundle properties are provided under the `spring.ssl.bundle` key.
Currently `jks` and `pem` variants are support. Both are configured
as a `Map` where the bundle name is the key.
A typical example would be:
spring:
ssl:
bundle:
pem:
mybundle
key:
password: secret
keystore:
certificate: classpath:mycert.pem
private-key: classpath:mykey.pem
A `SslBundleRegistrar` interface is also provided to allow programmatic
contributions to the auto-configured `SslBundleRegistry`.
See gh-34814
Prior to this commit, a failure to load a ConnectionDetailsFactory
caused startup to fail. This causes problems when some of a
factory's required classes were not available, for examle when using
spring-boot-docker-compose without Actuator.
Fixes gh-35100
This commit deprecates OAuth2ClientPropertiesRegistrationAdapter as
it wasn't really an adapter because it provides a static utility
method rather than adapting one contract to another. A replacement,
OAuth2ClientPropertiesMapper, is introduced that maps the OAuth2
client properties to the required types.
Closes gh-34714
This commit adds the following properties under
spring.security.oauth2.authorizationserver.client.[registration-id]:
* endpoint.device-authorization-uri
* endpoint.device-verification-uri
* token.device-code-time-to-live
See gh-34957
Previously, FlywayProperties returned an empty string when its
password had not been set. This prevented the desired fallback to
JdbcConnectionDetails.
Fixes gh-35046
Update restcontainers service connections support so that
technology specific `@ServiceConnector` annotations are not longer
required.
A single `@ServiceConnector` annotation can now be used to create
all `ConnectionDetail` beans.
Closes gh-35017
Update the auto-configuration gradle plugin so that the
configuration-properties plugin is not longer automatically applied.
This allows us to have auto-configuration modules that don't ship
configuration properties.
Closes gh-35028
Update Redis auto-configuration so that `RedisConnectionDetails`
beans may be optionally used to provide connection details.
See gh-34657
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Update Rabbit auto-configuration so that `RabbitConnectionDetails`
beans may be optionally used to provide connection details.
See gh-34657
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Update Neo4J auto-configuration so that `Neo4jConnectionDetails`
beans may be optionally used to provide connection details.
See gh-34657
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Update Mongo auto-configuration so that `MongoConnectionDetails`
beans may be optionally used to provide connection details.
See gh-34657
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Update Kafka auto-configuration so that `KafkaConnectionDetails`
beans may be optionally used to provide connection details.
See gh-34657
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Update Influx auto-configuration so that `InfluxDbConnectionDetails`
beans may be optionally used to provide connection details.
See gh-34657
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Update Elasticsearch auto-configuration so that
`ElasticsearchConnectionDetails` beans may be optionally used to
provide connection details.
See gh-34657
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Update Couchbase auto-configuration so that
`CouchbaseConnectionDetails` beans may be optionally used to provide
connection details.
See gh-34657
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Update Cassandra auto-configuration so that `CassandraConnectionDetails`
beans may be optionally used to provide connection details.
See gh-34657
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Update R2DBC auto-configuration so that `R2dbcConnectionDetails` beans
may be optionally used to provide connection details.
See gh-34657
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Update JDBC auto-configuration so that `JdbcConnectionDetails` beans
may be optionally used to provide connection details.
See gh-34657
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Add a `ConnectionDetails` tagging interface which will be used
to mark beans that are a source of configuration settings for
connection to a remove service. When such beans are available,
they will take precedence over any connection-related
configuration properties. Configuration properties that are not
related to the connection itself, such as properties that control
the size and behavior of a connection pool, will still used.
See gh-34657
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
This commit auto-configures the new pagination and sorting support for
Spring for GraphQL, if Spring Data is available.
The `GraphQlAutoConfiguration` now contributes a `CursorStrategy` bean
that is used to set up the pagination and sorting data fetching
infrastructure.
This commit also configures by default a
`ConnectionTypeDefinitionConfigurer` that automatically detects
`*Connection` types and contributes the relevant schema definitions
according to the Relay spec.
See gh-34677
To apply `@ControllerAdvice` exception handling to non-controller
DataFetcher implementations like QueryDslDataFetcher,
QueryByExampleDataFetcher, and others, this commit exposes the
DataFetcherExceptionResolver from AnnotatedControllerConfigurer as a
bean. The existing auto-configured for DataFetcherExceptionResolver
then picks this up and passes it into the builder used to create the
GraphQlSource.
Closes gh-34526
This commit adds a new configuration property,
`spring.reactor.context-propagation` that configures the context
propagation mode for Reactor operators. By default the value is set to
"AUTO" for reinstating automatically context values as ThreadLocals
within Reactor operators. The "LIMITED" mode restricts this feature ot
the "tap" and "handle" operators but has a slightly lower footprint.
Closes gh-34201
If the name is set, it is used. If not, the bean name is used. If that's
not set, the convention based name is taken.
Registration failures now throw an IllegalStateException instead of
being logged. DynamicRegistrationBean.setIgnoreRegistrationFailure
can be used to restore the old behavior.
See gh-33911
Remove instance suppliers in bean definitions and depend instead
on reflection. This allows the AOT engine to correctly process
the definitions.
Fixes gh-33763
GraalVM code reachability algorithm is not able to evaluate at build
time that ENABLED static field is always false in a native image,
shipping unreachable code.
Before this commit, building a native image with -H:+PrintAnalysisCallTree
shows that the following methods are included:
- BackgroundPreinitializer$1.<init>(BackgroundPreinitializer):void
- BackgroundPreinitializer$1.run():void
- BackgroundPreinitializer$1.runSafely(Runnable):void
- BackgroundPreinitializer$CharsetInitializer.run():void
- BackgroundPreinitializer$ConversionServiceInitializer.run():void
- BackgroundPreinitializer$JacksonInitializer.run():void
- BackgroundPreinitializer$MessageConverterInitializer.run():void
- BackgroundPreinitializer$ValidationInitializer.run():void
- BackgroundPreinitializer.<clinit>():void
- BackgroundPreinitializer.getOrder():int
- BackgroundPreinitializer.onApplicationEvent(ApplicationEvent):void
- BackgroundPreinitializer.onApplicationEvent(SpringApplicationEvent):void
- BackgroundPreinitializer.performPreinitialization():void
After this commit, only those are included:
- BackgroundPreinitializer.<clinit>():void
- BackgroundPreinitializer.getOrder():int
- BackgroundPreinitializer.onApplicationEvent(ApplicationEvent):void
- BackgroundPreinitializer.onApplicationEvent(SpringApplicationEvent):void
See gh-33240
SharedMetadataReaderFactoryContextInitializer exposes an additional
bean post processor that is only relevant when parsing the bean
factory, auto-configurations in particular. Given that this does not
happen in an AOT-optimized context, this commit excludes the bean
and makes sure the initializer does not do anything at runtime.
Closes gh-33216
AllEncompassingFormHttpMessageConverter already initializes
Jackson ObjectMapper. This commit updates BackgroundPreinitializer
in order to not run JacksonInitializer when
MessageConverterInitializer already takes care of initializing
ObjectMapper.
See gh-33220
This commit ensures that the default locations for GraphQL schema files
and the GraphiQL UI HTML page are included in the native image by
registering resource hints during the AOT phase.
Fixes gh-33208
Spring Integration has introduced a new observationPatterns attribute
on EnableIntegrationManagement. Spring Boot auto-configures
EnableIntegrationManagement so this commit adds a property that
allows users to configure the patterns without declaring the
annotation themselves.
See gh-33099
Commit 29f085bd1a690ff7281e00b3a925e1160850ffbb in Spring Framework
automatically registers hints for enclosing directories. This fixes the
tests to use a contains instead of exact match.
Commit 29f085bd1a690ff7281e00b3a925e1160850ffbb in Spring Framework
automatically registers hints for enclosing directories. This fixes the
tests to expect hints for those directories as well.
Relocate `ConfigurationPropertiesReflectionHintsProcessor` and refactor
it to be a general purpose `BindableRuntimeHintsRegistrar`.
Prior to this commit, `ConfigurationPropertiesReflectionHintsProcessor`
was used to declare binding hints for classes that were bound, but
might be `@ConfigurationProperties`. By moving and renaming the class,
it's now better aligned to the way it's used.
Support for `@NestedConfigurationProperties` has been implemented by
adding a `@Nestable` meta-annotation. This allow us to create the
appropriate hints, without the `Binder` needing to be directly aware of
the `@NestedConfigurationProperties` annotation.
Closes gh-32815
Spring Security now re-applies the authorization rules
to the error page by default. Additionally, it configures
RequestAttributeSecurityContextRepository as the default for
stateless applications allowing those applications to have access
to the original authentication during an error dispatch.
Closes gh-31703
The ResourceProviderCustomizer, which is used by FlywayAutoConfiguration
gets replaced with NativeImageResourceProviderCustomizer when running
in AOT mode. The NativeImageResourceProvider does the heavy lifting when
running in a native image: it uses PathMatchingResourcePatternResolver
to find the migration files.
Closes gh-31999
This commits adds a checkstyle rule to not use List.of(), Set.of()
and Map.of(), preferring Collections.emptyList(), emptySet(), and
emptyMap() respectively.
It replaces usages of these methods across the codebase.
See gh-32655
As of spring-projects/spring-framework#29293, the streaming mode on the
`DefaultPartHttpMessageReader` is deprecated as hard limitations have
been found with the design and won't be fixed. Instead, developers
should use the `PartEvent` API and the `PartEventHttpMessageReader`
(which is configured by default with the codecs).
This commit removes the `spring.webflux.multipart.streaming` property
and applies all `spring.webflux.multipart.*` properties that are
applicable to `PartEventHttpMessageReader`.
Closes gh-32658
This commit auto-configures ProblemDetails support for both Spring MVC
and Spring WebFlux, contributing a `@ControllerAdvice` annotated
`ResponseEntityExceptionHandler` bean if the
`spring.mvc.problemdetails.enabled` or
`spring.webflux.problemdetails.enabled` properties are set to `true`.
Closes gh-32634
This commit updates Spring Session auto-configuration to avoid usage of
deprecated methods, and moves to newly introduced Duration based
defaultMaxInactiveInterval setters across all session repository
implementations.
Additionally, this fixes several tests that are broken due to session
repository implementations now using Duration type for their
defaultMaxInactiveInterval fields.
See gh-32633
This commit reworks Spring Session auto-configuration to avoid
extending Spring Session's configuration classes. Instead, those
configuration classes are now imported and customizations are
applied using dedicated (Reactive)SessionRepositoryCustomizer beans.
See gh-32554
This commit adds an AOT contribution that replaces the scanning of
@JsonMixin by a mapping in generated code. This makes sure that such
components are found in a native image.
Closes gh-32567
This commit updates the bean factory methods for beans that can be
instantiated at build-time to be static. Doing so makes sure that
the enclosing configuration class does not have to be resolved in
order to create the instance.
Closes gh-32570
This commit updates Servlet based Spring Security auto-configuration
to use AuthorizationFilter, which is intended to supersede
FilterSecurityInterceptor.
See gh-31255
With this commit, loading `@AutoConfiguration`,
`@ImportAutoConfiguration`, and `@ManagementContextConfiguration`
classes is supported with `.imports` files only. Support for loading
these classes with `spring.factories` is removed.
Closes gh-29699
With Spring Session moving to RedisSessionRepository as the preferred
session repository, Spring Boot auto-configuration should make it
possible to easily switch back to the previous default
(RedisIndexedSessionRepository).
This commit introduces spring.session.redis.repository configuration
property that allows selecting the desired Redis-backed session
repository implementation.
See gh-32205
Batch is now auto-configured to use the context's
PlatformTransactionManager and DataSource or `@BatchDataSource`.
When this does not meet the user's needs, they can use
`@EnableBatchProcessing` or sub-class `DefaultBatchConfiguration` to
take complete control with the auto-configuration backing off.
Closes gh-32330
Previously, when using Tomcat, its web app class loader was the thread
context class loader when H2ConsoleAutoConfiguration triggered
initialization of Hikari's pool. This was the case because it's done
in the bean method of a ServletRegistrationBean. Such Servlet-related
beans are intentionally created with Tomcat's web app classloader as
the TCCL. This arrangement results in the pool's threads using
Tomcat's web app class loader as their TCCL which is not desirable.
One consequence of this was that Tomcat could log a warning at
shutdown about the thread being left running when it will, in fact,
be stopped as part of the context being closed.
This commit updates H2ConsoleAutoConfiguration to set the TCCL to its
own ClassLoader while the DataSource information is being logged.
Closes gh-32382
Fix a few issues preventing clean project import into Eclipse 2022-06:
- `buildSrc` need to limit module imports to prevent clashes
with those in the gradle API jar.
- The CLI app needs some classpath changes in order to allow
compileOnly project dependencies to resolve.
- `AbstractJpaAutoConfigurationTests` needs some minor refactoring
in order for generic captures to work with the Eclipse compiler.
At present, both Spring MVC and Spring WebFlux auto-configurations
hardcode the path pattern for WebJars resource handlers to
"/webjars/**", which means users are unable to change the path.
This commit introduces "spring.mvc.webjars-path-pattern" and
"spring.webflux.webjars-path-pattern" configuration properties that
allow customization of WebJars resource handler path pattern.
See gh-31769
This commit adds the `AutoConfigurationImportsAnnotationProcessor` to
the `spring-boot-autoconfigure-processor` annotation processor
module. When added to a project build, the annotation processor will
generate the
`org.springframework.boot.autoconfigure.AutoConfiguration.imports`
file automatically from `@AutoConfiguration`-annotated classes. It
also applies the annotation processor to the Spring Boot build.
Closes gh-31228
This commit refines ConfigurationPropertiesReflectionHintsProcessor
Java bean properties handling in order to register reflection hints
only for getters and setters, not for all methods.
It avoids including unconditionally method like SpringApplication#load
which in turn avoids shipping BeanDefinitionLoader and related transitively
used classes in the native image.
The gain is significant: it allows to remove up to 700 classes
(when no XML parser is used elsewhere) and to reduce the memory footprint
by 2M of RSS.
Closes gh-32186
Phillip Webb
Moritz Halbritter
Steve Riesenberg
Christoph Dreis
Stefano Cordio
Johnny Lim
Andy Wilkinson
davin111
Scott Frederick
Marc Leroux
Juhan Aasaru
Stephane Nicoll
Taeik Lim
Claudio Nave
Martin BENDA
SeasonPan
Sanghyuk Jung
Andrii Bohutskyi
Volkan Yazıcı
Brian Clozel
Madhura Bhave
Abhijeet Mishra
Guirong Hu
1993heqiang
dzcr
ath0s
Marten Deinum
Thomas Kåsene
Francois Rosiere
Michael Weidmann
lucas persson
Krzysztof Krason
Sébastien Deleuze
Aakarshit Uppal
Henning Poettker
Vedran Pavic
artembilan
Ralf Ueberfuhr
yuanhao18
Bertolt Meier
Vedran Pavic
Neil Stevenson
Łukasz Dziedziul
thegeekyasian