Prior to this commit, `NettyProperties` would use `DISABLED` as the
default level for leak detection in Netty. This is not the default value
enforced by Netty, which is `SIMPLE`.
This commit changes the default configuration property value and ensures
that both stay in sync.
Fixes gh-27046
The auto-config requires Spring JDBC for DataSource creation from
spring.flyway.url or spring.liquibase.url, checking Flyway migrations
exist, etc. Without it, the application fails to start due to missing
spring-jdbc classes.
This commit updates the auto-config so that it backs off in the
absence of spring-jdbc.
Closes gh-26849
Fix a bug in `DataSourceInitializationConfiguration` and in
`R2dbcInitializationConfiguration` that was stopping
custom username/password properties from being applied.
Fixes gh-26676
Update `DatabaseInitializationDependencyConfigurer` so that depends-on
ordering is applied based on the `DatabaseInitializerDetector` order.
Prior to this commit, if multiple DatabaseInitializer beans were
detected the order in which they were initialized was not defined.
See gh-26692
This commit fixes a flawed assertion that was relying on a log message
to validate the TaskExecutor is lazy. The level of the log message has
changed in framework and broke the test. We now rather check the bean
definition.
This commit fixes a flawed assertion that was relying on a log message
to validate the TaskExecutor is lazy. The level of the log message has
changed in framework and broke the test. We now rather check the bean
definition.
When we customize Couchbase's JacksonJsonSerializer with the
auto-configured ObjectMapper, Couchbase's JsonValueModule is lost.
This prevents the storage and retrieval of JSON objects.
This commit updates the Couchbase auto-configuration to use a copy
of the auto-configured ObjectMapper with the JsonValueModule added
to it.
Fixes gh-26363
Prior to this commit, the `spring.web.resources.cache.use-last-modified`
configuration property support was lost during a merge operation right
before 2.4.2.
This is due to an invalid test that missed this unintended change. This
commit fixes both problems.
Fixes gh-26212
This commit updates TaskSchedulingAutoConfiguration to contribute a
LazyInitializationExcludeFilter that processes beans that have
@Scheduled methods. This lets them be contributed to the context so
that scheduled methods are invoked as expected.
Closes gh-25315
Previously, the embedded database connection that would be used
could only be controlled via the classpath. If multiple embedded
database dependencies were present, it wasn't possible to control
the one that the auto-configured would use. It also wasn't possible
to disable auto-configuration of an embedded database.
This commit introduces a new configuration property,
spring.datasource.embedded-database-connection. It can be set to
one of the values of the EmbeddedDatabaseConnection enum to control
the auto-configuration of an embedded database. Setting it to none
will disable the auto-configuration and ensure that an external
database is used instead.
Closes gh-23412
This commit removes `org.springframework.data.annotation.Persistent`
from the annotation types used for MongoDB entity scanning to align
with Spring Data MongoDB.
Fixes gh-25797
This commit harmonizes our auto-configuration so that default converters
are configured the same way ElasticsearchConfigurationSupport does.
Closes gh-25087
Remove the restriction previously prevented `spring.mvc.servlet.path`
from being combined with a `spring.mvc.pathmatch.matching-strategy`
of `PATH_PATTERN_PARSER`. Spring Framework supports this combination
as of v5.3.4.
See gh-24805
Auto-configure `SessionAutoConfiguration` before
`WebFluxAutoConfiguration` to ensure that the correct
`WebSessionManager` bean is created.
See gh-20970
This commit adds a new `spring.webflux.session.cookie.same-site`
confuguration property that sets the default value for the "SameSite"
attribute in the WebFlux session cookies.
Closes gh-20970
Previously, using @EnableGlobalMethodSecurity would cause the
AutoProxyCreator to be created before the AOP auto-configuration had
called AopUtils.forceAutoProxyCreatorToUseClassProxying. Forcing
auto proxy creation changes the AutoProxyCreator's bean definition
so it has no effect when attempted after the creator has been created.
This commit updates the AOP auto-configuration to use a
BeanFactoryPostProcessor to force the use of class proxying. This
ensures that the changes to the auto proxy creator's bean definition
are in place before any bean creation has been performed.
Fixes gh-25413
This commit adds a new `spring.netty.leak-detection` configuration
property that selects the level of memory leak detection for the Netty
engine.
This configuration is applied statically to Netty; this means all
(non-shaded) Netty usages as client or server will be impacted by this
change.
Developers might use this property during development or tests to find
causes of memory leaks when dealing with Netty buffers.
Closes gh-14338
Restore the deprecated `JobLauncherCommandLineRunner` class and extend
removal until 2.6. The class is still needed by spring-cloud-task.
Closes gh-25807
Update the default reactive exception handler so that `MediaType.ALL`
is removed regardless of any quality setting. Prior to this commit,
the "match-all" media type was not properly ignored if it has a quality
value and would show HTML content if the accept header was
`application/json, */*;q=0.9`.
See gh-25778
Previously, the auto-configuration for DataSource initialization and
the properties used to configure it were part of the general
DataSource auto-configuration and properties.
This commit moves the auto-configuration of DataSource initialization
out into a separate top-level auto-configuration class. Similarly,
the properties for configuring DataSource initialization have been
moved from `spring.datasource.*` into `spring.sql.init.*`.
The old initialization-related `spring.datasource.*` properties have
been deprecated but can still be used. When they are used, they new,
separate initialization auto-configuration will back off. In other
words, the initialization related `spring.datasource.*` properties
and the `spring.sql.init.*` properties cannot be used in combination.
Closes gh-25323
Spring Integration comes with some global properties which can be
configured via `META-INF/spring.integration.properties`. The framework
then provides an `integrationGlobalProperties` bean as an
`org.springframework.integration.context.IntegrationProperties`
instance.
This commit allows users to configure these using regular
`application.properties`. If a `META-INF/spring.integration.properties`
file exists, the values are used as fallback.
See gh-25377
Update `FlywayAutoConfiguration`, `LiquibaseAutoConfiguration` and
`DataSourceInitializer` classes so that they no longer depend on
`DataSourceProperties`. DB migrations can now be performed against
a `@Bean` defined primary `DataSource` with an alternative
username/password.
This update also removed using fallback properties when a custom
connection `url` is defined with Flyway or Liquibase. We now assume
that `username`, `password` and `driver-class-name` will be provided
if the default values are unacceptable. Our previous logic was
particularly flawed if a custom URL caused a change of driver type.
Closes gh-25643
This commit updates EntityManagerFactoryBuilder so that persistence unit
post processors can be registered and applied when creating an
EntityManagerFactory.
See gh-25443
This commit updates EntityManagerFactoryBuilder so that persistence unit
post processors can be registered and applied when creating an
EntityManagerFactory.
See gh-25443
Previously, WebFluxAutoConfiguration's WebFluxConfigurer was unordered.
This mean that it had lowest precedence so it was not possible for a
user to provide their own configurer that was guaranteed to run after
the auto-configuration's configurer.
This commit updates the auto-configuration to order its configurer at
0. Any unordered user-defined configurer will now run after the
auto-configuration's configurer.
Closes gh-25302
This commit augments the configuration properties that are exposed for
InfluxDB, alongside an `InfluxDbCustomizer` that gives more control.
See gh-25319
This commit refactors CacheConfigurations implementation to make
it more native friendly by storing strings instead of classes in
order to avoid loading the configuration classes
when CacheConfigurations is initialized at build time.
See gh-25321
Previously, DataSource initialization was triggered via a
BeanPostProcessor or a schema created event from JPA. This caused
numerous problems with circular dependencies, bean lifecycle, etc and
added significant complexity.
This commit reworks DataSource initialization to remove the use of a
BeanPostProcessor entirely. In its place, DataSource initialization is
now driven by an InitializingBean with dependency relationships
between beans ensuring that initialization has been performed before
the DataSource is used. This aligns with the approach that's worked
well with Flyway and Liquibase.
More changes are planned to further simplify DataSource initialization.
The changes in this commit are a foundation for those changes. Any new
public API in this commit is highly likely to change before the next
GA.
Fixes gh-13042
Fixes gh-23736
Currently Spring Integration creates its own `TaskScheduler` bean if one
does not exist in the context yet. When we add `@EnableScheduling`,
Spring Boot auto-configures one for us, but this one comes with slightly
different options than the default in Spring Integration.
This commit makes sure that Spring Integration reuses the
auto-configured TaskScheduler if possible, regardless of the user
opting-in for `@EnabledScheduling`.
See gh-25109
This commit updates DataSourceUnwrapper to take a separate interface
type argument if the target datasource has to be unwrapped, given that
the target type is usually not an interface.
Closes gh-24697
Update `DataSourceTransactionManagerAutoConfiguration` to respect
the `spring.dao.exceptiontranslation` setting. If `exceptiontranslation`
is `false` then we create a classic `DataSourceTransactionManager`
rather than a `JdbcTransactionManager`.
Fixes gh-24321
This commit adds a customizer hook point for jOOQ's configuration. When
such a bean is present, it is invoked with the auto-configuration
`Configuration`. This effectively supersedes checking for a number of
jOOQ `*Provider`beans. The existing beans are still honoured, in a
deprecated fashion.
Closes gh-24732
Previously, an error would occur when a user contributed a
`ThemeResolver` or `FlashMapManager` bean because those beans would
would not properly override the default beans provided by Spring
Framework. This commit adds conditional auto-configuration of these
bean types, preferring user-provided beans and falling back to
Framework-provided defaults.
Fixes gh-24207
This commit changes the default value of bootstrap-mode to "default"
rather than "deferred" so that the JPA infrastructure starts in the
main thread rather than asynchronously.
Closes gh-24249
Web MVC and WebFlux look up by name the Locale(Context)Resolver beans
that they use. Previously, the auto-configured resolvers for MVC and
WebFlux would back off when any bean of the required type was defined,
irrespective of its name. If the name of the user's bean didn't match
the name used by MVC and WebFlux to find the custom resolver, the
custom resolver would be ignored and MVC and WebFlux would use their
defaults. There was no indication of this happening in the condition
evaluation report as all it would show is that the auto-configured
resolver had backed off in favour of the custom resolver. It wouldn't
show anything to explain why the custom resolver had not been used.
This commit updates the auto-configured resolvers to be conditional
on a missing bean of the name required by MVC and WebFlux. If the
user then defines a custom resolver with a different name, the
condition evaluation report will show that the auto-configured
resolver remained as the bean name didn't match.
Fixes gh-24209
Prior to this commit, packaging a Spring Boot application as a container
image with Cloud Native Buildpacks could result in unwanted browser
caching behavior, with "Last-Modified" HTTP response headers pointing to
dates in the far past.
This is due to CNB resetting the last-modified date metadata for static
files (for build reproducibility and container layer caching) and Spring
static resource handling relying on that information when serving static
resources.
This commit introduces a new configuration property
`spring.web.resources.cache.use-last-modified` that can be used to
disable this behavior in Spring if the application is meant to run as a
container image built by CNB.
The default value for this property remains `true` since this remains
the default value in Spring Framework and using that information in
other deployment models is a perfectly valid use case.
Fixes gh-24099
Previously, Quartz could be configured with a specific DataSource
using `@QuartzDataSource` but it was not possible to configure a
Quartz-specific transaction manager. This could result in the
different DataSources being used by Quartz itself and Quart'z
DataSourceTransactionManager.
This commit introduces a new qualifier, `@QuartzTransactionManager`,
that can be used to avoid the above-described problem. Any
`@QuartzTransactionManager`-annotated bean will be used by the
Quartz auto-configure configuration instead of the application's main
`TransactionManager`. If no such qualified bean is present, the
application's main TransactionManager, if any, will be used as before.
Fixes gh-20184
When running on Java 11 (where `@PostConstruct` is no longer part of
the JRE) and without a dependency on jakarta-annotation-api,
`@PostContruct` annotions are silently dropped. This leads to obscure and
hard-to-track down changes in the behaviour of our auto-configuration
as the `@PostConstruct`-annotated methods are not invoked.
To allow users to run on Java 11 without having jakarta-annotation-api
on the classpath, this commit removes use of `@PostConstruct` from main
code. A Checkstyle rule has also been added to prevent its usage in
main code from being reintroduced.
Closes gh-23723
Exclude `@ConfigurationProperties` beans from method validation so
that `@Validated` can be used on final classes without the method
validation post-processor throwing an exception.
This commit introduces a `FilteredMethodValidationPostProcessor` class
which will use `MethodValidationExcludeFilters` to exclude beans from
method validation processing. Using `@EnableConfigurationProperties`
will automatically register an appropriate filter.
Closes gh-21454
Previously, the locale context resolver used with WebFlux could only be
configured by provided a custom LocaleContextResolver bean. By
constrast, when using Spring MVC, the spring.mvc.locale and
spring.mvc.locale-resolver properties could be used to configure the
locale and the resolver (fixed or Accept header) respectively.
This commit introduces spring.web.locale and spring.web.locale-resolver
properties and deprecates their spring.mvc equivalents. The new
properties can be used to configure locale resolution with either
Spring MVC or WebFlux.
Closes gh-23449
Add a dedicate condition annotation to detect when Spring Security is
available but has not been configured by the user. The new annotation
helps simplify quite a few of our auto-configuration classes.
See gh-23421
Replace `WebSecurityConfigurer` and `WebSecurityConfigurerAdapter`
configurations with `WebSecurityCustomizer` or `SecurityFilterChain`
beans.
Closes gh-23421
Previously, @WebListeners were discovered via custom component scanning
and then registered programmatically via the ServletContext. The servlet
spec requires any ServletContextListener registered in this manner to be
prohibited from programatically configuring servlets, filters, and
listeners. This left us not strictly complying with the servlet spec
as a ServletContextListener registered via a @WebListener annotation
should be able to programatically configure other components.
This commit updates WebListenerHandler to register each @WebListener
component directly with Jetty, Tomcat, or Undertow rather than via the
ServletContext API. This ensure that any @WebListener-annoated
ServletContextListener registered via servlet component scanning is
able to programatically register servlets, filters, and listeners.
There is a small chance that this will be a breaking change for some
users:
1. The ServletListenerRegistrationBeans that were previously defined
for each @WebListener will now be
WebListenerHandler.WebListenerRegistrars
2. Each @WebListener-annotated class will now be instantiated by
Jetty, Tomcat, or Undertow. Jetty and Tomcat both require the class
to be public and have a public default constructor. Previously,
a package-private class or default constructor could be used as the
instantiation was performed by Spring Framework. Undertow is not
affected as it can instantiate a package-private type.
Fixes gh-18303
This commit fixes the auto-configuration of Spring Session to use
"server.servlet.session.timeout" as a fallback for Servlet-based web
applications only.
Closes gh-23752
Prior to this commit, the `StaticResourceLocation` for favicons would
point to `"/**/favicon.ico"`. This location does not reflect the current
web development landscape, since the png format and size variants are
not supported here. Also, the `"**"` pattern can be costly at runtime
and is deprecated by the new path pattern support in Spring Framework
(see gh-22833).
This commit changes the default locations to `"/favicon.*","/*/icon-*"`,
supporting common use cases such as `"/favicon.ico"`, `"/favicon.png"`
and `"/icons/icon-48x48.png"`.
Closes gh-23126
This commit adds support for Redis cache metrics. Users can opt-in for
statistics using the "spring.cache.redis.enable-statistics" property.
Closes gh-22701
Spring 5.3 introduced the JdbcTransactionManager with exception
translation on commit and rollback. This commit updates the
auto-configuration to use this implementation rather than
DataSourceTransactionManager.
See gh-23672
Constructor calls like new AtomicInteger(0) cause a volatile write that
can be saved in cases where the constructor parameter is the default
value.
See gh-23575
Previously, the default servlet was registered automatically when using
embedded Jetty, Tomcat, or Undertow. However, it is not used by the
majority of applications where Spring MVC's DispatcherServlet will be
the only servlet that's needed. As such configuring the default servlet
was wasting CPU and memory.
This commit changes the default for registering the default servlet to
false. It can be re-enabled by setting
server.servlet.register-default-servlet=true.
Closes gh-22915
Previously, spring.flyway.init-sqls was only applied to Flyway's
configuration if Flyway was being configured to create the DataSource.
If Flyway was being configured to use an existing DataSource, init-sqls
was not applied. This is a hangover from when the init SQLs support was
introduced. At that time, Flyway only supported SQL to initialize the
connection when it was creating the DataSource. Flyway 5.2 added init
SQL support no matter how Flyway's DataSource was configured.
This commit updates FlywayAutoConfiguration to always apply the
init-sqls property to Flyway's configuration. The property's
documentation does not describe the current limitation so this change
should align the behaviour with what the documentation leads people to
expect.
Fixes gh-23392
Refactor `BootstrapRegistry` support following initial prototype work
with the Spring Cloud team.
This update splits the `BootstrapRegistry` API into `BootstrapRegistry`,
`BootstrapContext` and `ConfigurableBootstrapContext` interfaces and
moves it to the same package as `SpringApplication`.
A new `Bootstrapper` interface has been introduced that can be added
to the `SpringApplication` to customize the `BootstrapRegistry` before
it's used.
Closes gh-23326
Remove casting "timestamp" to `java.util.Date` in
`ErrorMvcAutoConfiguration` as the cast is not necessary and it
prevents other types (e.g. `java.time`) from being used.
See gh-23256
Previous to this commit the connection idle timeout and heartbeat
interval were mapped to seconds whereas Cassandra expects ms for all
duration types.
This commit fixes the mapping and removes the default duration unit
since it should be considered ms like every other duration properties.
Closes gh-23249
The commit also includes an upgrade to Nimbus JOSE JWT 9.0. Spring
Security requires 9.0 and it is not backwards compatible with 8.19.
Closes gh-23225
Closes gh-23242
This commit deprecates the
`"spring.resources.chain.html-application-cache"` configuration property
and its support, since the feature has been deprecated in Spring
Framework.
The app-cache manifest feature is being removed from browsers in favor
of web workers.
Closes gh-23228
ReactiveDataAccessStrategy has been deprecated in Spring Data R2BC in
favor of R2dbcConverter (and StatementMapper and UpdateMapper). When
not using Boot, an R2dbcConverter bean is now defined by
AbstractR2dbcConfiguration. This commit updates
R2dbcDataAutoConfiguration to replace the definition of a
ReactiveDataAccessStrategy bean with the definition of an
R2dbcConverter bean.
See gh-23197
Prior to this commit, Spring Boot would auto-configure both
Elasticsearch variants: `RestClient` ("Low Level" client) and
`RestHighLevelClient` ("High Level" client).
Since one can be derived from the other, this would create complex and
unclear situations depending on what developers provided with their
configuration.
`RestHighLevelClient` is mostly for actual use of the Elasticsearch API,
with support for specific methods and (de)serialization. On the other
hand, `RestClient` is merely wrapping the Apache HTTP client for
load-balancing support and low level HTTP features.
This commit completely removes the support for `RestClient` in Spring
Boot and now requires the presence of the
`org.elasticsearch.client:elasticsearch-rest-high-level-client`
dependency for REST client support with Elasticsearch.
Closes gh-22358
This commit adds a protected method that lets an override customize the
configuration of the ClassPathScanningCandidateComponentProvider used
to scan entities.
Closes gh-23154
Previous to this commit, an auto-configuration would create a
PlatformTransactionManager if none is present and others conditions are
met. Spring Framework now has the notion of TransactionManager, a parent
interface that gathers both PlatformTransactionManager and
ReactiveTransactionManager.
Spring Boot should not be in a situation where both managers are defined
out-of-the-box. This commit makes sure to back-off if any
TransactionManager is available.
Closes gh-22851
Previously to this commit, a project that has several classpath
locations matching the template path may lead to some of those
locations to be ignored if one of them is a directory. This can easily
happen if you run your tests in your IDE.
This commit changes the default of "preferFileSystemAccess" to
false so that the complete classpath is always considered.
Closes gh-23051
Prior to this commit, values from MongoProperties would always
overwrite matching fields in MongoClientSettings. This commit
preserves all values in MongoClientSettings if the client app
provides the MongoClientSettings bean, and only overwrites from
MongoProperties if no MongoClientSettings bean is provided.
Fixes gh-22321
The current arrangement with Neo4j does not allow us to know for sure
that the user intends to use `@Transactional` for reactive or imperative
operations.
The main reason for that is that the only trigger for the reactive
auto-configuration is the presence of reactor on the classpath given
that the Neo4j driver ships with both styles in the same jar. And
reactor can be on the classpath for a number of reasons that are
unrelated to imperative access (typically `WebClient`).
This commits removes the auto-configuration of the
ReactiveNeo4jAutoConfiguration and makes sure that if the user defines
one, the regular `PlatformTransactionManager` backs off. This is
a temporarily situation until we can provide a better signal that the
user intends to primarily use imperative repositories.
Closes gh-22940
This commit switches the deprecation level of several properties in the
spring.data.neo4j namespace from error and warning. The server URI and
basic authentication can be used in a deprecated fashion to configure
the new neo4j driver.
Closes gh-22653
Update `SharedMetadataReaderFactoryContextInitializer` to optionally
support a `ConfigurationClassPostProcessor` provided via an instance
`Supplier`.
If the instance supplier is available then we can use that to set the
`MetadataReaderFactory` non-reflectively, instead of using a
`PropertyValue` (and the `BeanWrapper` eventually).
The previous behavior is left as a fallback and without a change in
Spring Framework will continue to be the default for most applications.
See gh-22858