Add an `excludeDevtools` property to both the Maven and Gradle plugin
that removes `org.springframework.boot:spring-boot-devtools` (if
necessary) when repackaging the application.
Closes gh-3171
Update SecurityFilterAutoConfiguration to use a DelegatingFilterProxy
filter rather directly referencing the springSecurityFilterChain bean.
Using a DelegatingFilterProxy helps to prevent early initialization of
beans and makes Spring Security work in a similar to way to if were
installed in a regular WAR deployment.
Fixes gh-4154
Spring Boot will eagerly initialize a `ConversionService` named
`conversionService` for configuration keys processing. This commit adds
a note in the documentation regarding that special behaviour.
Closes gh-4162
Spring Security 4’s default configuration will, irrespective of any
other header writers that are added, enable writers for the following
headers:
- X-Content-Type
- X-XSS-Protection
- Cache-Control
- X-Frame-Options
Previously, SecurityProperties.headers used false as the default for the
properties that enable or disable these headers but the configuration is
only applied when the properties are true. This left us with the right
default behaviour (the headers are enabled) but meant that the
properties could not be used to switch off the headers.
This commit changes the defaults for the four properties to true and
updates SpringBootWebSecurityConfiguration to only apply the
configuration when the properties are false. This leaves us with the
desired defaults while allowing users to disable one or more of the
properties by setting the relevant property to false.
Closes gh-3517
So far we have wrongly advertized that the `spring-boot-starter-parent`
filters application configuration in such a way that standard Spring
placeholders are not processed.
In order to achieve such feature, the `useDefaultDelimiters` property
must be set to `false` as otherwise default delimiters are appended to
the list of custom delimiters.
This property is not enabled so that only keys surrounded by `@` are
filtered by the build.
Closes gh-3092
The second level cache of Hibernate can be configured with dedicated
factories that look up for the presence of a cache infrastructure. As
Hibernate shouldn't have to know about Spring, that lookup is done
against the respective proprietary APIs.
We now make sure that caching (and the general purpose Hazelcast
auto-configuration) is fully processed before JPA kicks in. In particular
an explicit `dependsOn` attribute on those beans is added when they are
processed.
Closes gh-4158
Update ConfigFileEnvironmentPostProcessor to load profile specific
sections for all previously processed profiles. Prior to this commit
multi-profile YAML files were only loaded from the root
`application.yml` file.
With the updated logic, an `application-test.yml` file containing the
following:
someTestProperty: xyz
---
spring:
profiles: profile1
specificProperty: one
Can have the profile sub-document loaded using:
-Dspring.profiles.active=test,profile1
Fixes gh-4132
Prior to 8.0.28 Tomcat required the key store and trust store (if any)
to be available directly on the filesystem, i.e. classpath: resources
would not work. Tomcat 8.0.28 removed this limitation.
This commit updates to Tomcat 8.0.28, updates the tests to verify
the new Tomcat capability and removes the obsolete documentation of
the restriction.
Closes gh-4048
Previously, the parent context was only considered when the builder
was used to run the application. If the application was built using
the builder and then run using SpringApplication.run, the parent
context was not considered.
This commit updates the builder to consider the parent both when it's
used to run the application and when it's used to build the
application that will later be run via SpringApplication.run
Closes gh-4014
When the actuator is enabled, Spring Boot provides two `MBeanExporter`
bean definitions: a general purpose one and a dedicated one for Actuator
endpoints.
This commit flag the general purpose one `@Primary` so that component
can safely inject it by type if necessary. In particular, this fix the
doc of the `JmxMetricWriter`.
Closes gh-4007
Gradle 2.0, and only 2.0, requires a Plugin implementation to be
public. The changes made in gh-4113 (9c14ed3) made the class
package-private.
Closes gh-4139
Instead of always creating a new ElasticSearch client, we now check for
the presence of a custom bean configuration and use that if it's
available.
Closes gh-4143
Closes gh-4146
Update the Eclipse product setup so that `checkout.location` is stored
as a workspace variable. Without this things get mixed up when trying
to run different installations for different branches.
See gh-4110
Update Eclipse settings to make use of a custom Spring formatter
implementation. Using a custom formatter allows us to fix a couple of
issues with the version that shipped with Eclipse Mars.1 (Eclipse bugs
The custom formatter also means that it is possible to use Groovy
Eclipse despite the fact that it has formatter regressions (see
https://github.com/groovy/groovy-eclipse/issues/142).
Fixes gh-4136
Stephane Nicoll
Phillip Webb
Andy Wilkinson
izeye
Marten Deinum