Previously, any valid property was added to the meta-data of the current
group. This can be annoying for types that are not meant to be bound from
a simple string value. ClassLoader is one example.
A list of well-known types has been added: if the property type matches
an element of this list, it is ignored.
Fixes gh-2012
Update YamlPropertySourceLoader to use a MapPropertySource rather than
a PropertiesPropertySource to ensure that the underlying order is
retained.
Fixes gh-2022
Add ConfigurationWarningsApplicationContextInitializer to report
warnings for common configuration mistakes. Currently the initializer
will log a warning if @ComponentScan is used on a @Configuration class
in the "default" package.
Fixes gh-2050
Previously, tuning the pubSubDomain flag only impacted the created
JmsTemplate leaving any default listeners with the default settings.
If no default JmsListenerContainerFactory is defined, the created
one is using that property as well now.
SecurityAutoConfiguration, via its import of
AuthenticationManagerConfiguration, requires spring-security-config
to be on the classpath as AuthenticationManagerConfiguration extends
GlobalAuthenticationConfigurerAdapter from spring-security-config.
This commit makes SecurityAutoConfiguration conditional on the
presence of GlobalAuthenticationConfigurerAdapter so that the
auto-configuration will be disabled in its absence rather than causing
an app to fail to start.
Closes gh-2046
This commit adds support to the CLI for launching a custom
SpringApplication implementation. The class that is launched can be
configured using the spring.application.class.name System property
or the SPRING_APPLICATION_CLASS_NAME environment variable with the
former taking priority.
Closes gh-2030
When the user provides their own AuthenticationManager we do a lazy
initialization and didn't (till now) inject the AuthenticationEventPublisher
Fixes gh-2033
Shares the /health endpoint request mapping between security config
and MVC dispatcher. Generalizes so that instead of a marker
interface (AnonymouslyAccessibleMvcEndpoint), an MvcEndpoint
signals that it wants to control its own access rules by adding
a Principal to the @RequestMapping method parameters (more @MVC).
Fixes gh-2015 slightly differently
The changes in 3bb598a overload the health endpoint's sensitive
property such that it's now considered sensitive if management
security is enabled. When an endpoint is sensitive anonymous
access is prevented. This breaks the health endpoint which should
return a filtered view of the server's health when it's accessed
anonymously rather than rejecting the request.
This commit introduces AnonymouslyAccessibleMvcEndpoint, a marker
extension of the MvcEndpoint interface. It is implemented by
HealthMvcEndpoint. ManagementSecurityAutoConfiguration has been
updated to allow anonymous access to endpoints that aren't sensitive
or that implement AnonymouslyAccessibleMvcEndpoint.
Fixes gh-2015
Previously, any property defined in a @Deprecated class were not marked
as deprecated as only the getter or field was inspected for the
annotation.
An additional check on the class has been added to handle this case.
Fixes gh-2014
Set the field javadoc of many properties that are managed via
configuration so that the "description" field is available in the
meta-data.
Closes gh-1808
Previously, the host had to have a custom value for the configuration
of the port or credentials (username and password) to take effect. This
meant, for example, that you couldn’t just set the port or just set the
username and password while using the default host.
This commit allows the port or username and password to be configured
without also configuring the host. The default host (localhost) and
port (27017) are retained.
Fixes gh-2008
Previously, when @EnableAutoConfiguration was used in multiple packages,
the last @EnableAutoConfiguration that was processed would
win and only its package would be stored as an auto-configuration
package.
This commit updates AutoConfigurationPackages to allow multiple package
name registrations. AutoConfigurationPackages.set(…) has been altered to
augment the constructor arguments of the BeanDefinition registered for
the initial call to the method so that the packages handed to the method
call will be added to the bean definition and not replace the previous
ones. The method has been renamed register(…) to reflect the changed
behavior.
Closes gh-1994
before checking isEnabled(). It is explicitly constructed as null
in ManagementServerProperties to prevent class not found errors
at runtime when Security is not on the classpath.
Fixes gh-2003, fixes gh-2004
Spring MVC drives the postHandle method on any interceptors after the
response has been sent to the client. This meant that there was a
race between the test receiving the response and asserting that the
interceptor had been driven and Spring MVC driving the interceptor.
This commit updates the interceptor to use a CountDownLatch to track
whether or not it's been called. The test now waits for up to 30
seconds for the latch to be decremented.
Closes gh-1997
In a properties file, a backslash is used as an escape character for
the line terminator sequence to allow values to be split across
multiple lines. When a backslash is used elsewhere they're stripped
out of the property's value.
This commit updates .properties-based examples for configuring
server.tomcat.internal-proxies to escape the backslahes so that they
are retained in the property's value at runtime.
See gh-1989