This commit improves the LDAP auto-configuration to detect if a
DirContextAuthenticationStrategy bean is defined and, if so, associates
it with the auto-configured `LdapContextSource`.
See gh-19328
There is a direct link between the sslEnabled flag and the default port
that should be used by an address. The checks are currently set in two
places:
* Determine which port should be used
* Determine if SSL should be enabled
This commit polishes the initial proposal so that secureConnection is
only set if a protocol is available.
See gh-19109
Previously, AbstractDependsOnBeanFactoryPostProcessor was unordered
which meant that it was impossible to guarantee that another bean
factory post-processor would run after it. This prevented overriding
of the dependsOn relationships that is creates.
This commit updates AbstractDependsOnBeanFactoryPostProcessor to give
it a default order of zero. This will allow additional bean factory
post-processors to be configured with a lower precedence order (values
greater than 0) so that they run after any
AbstractDependsOnBeanFactoryPostProcessor and can override the
dependencies that it has configured.
Fixes gh-18362
Previously, AopAutoConfiguration would only enable CGLib-based
proxies if aspectjweaver was on the classpath. The intention was for
CGLib-based proxies to always be used by default so this behaviour
was incorrect.
This commit updates AopAutoConfiguration to force the use of
CGLib-based proxies even in the absence of aspectjweaver.
Closes gh-18523
In 2.2.0, @ConfigurationPropertiesScan was enabled by default.
Unfortunately, this had the unexpected side-effect of breaking
conditional enablement of a @ConfigurationProperties class via
@EnableConfigurationProperties if the @ConfigurationProperties class
was in a package covered by scanning.
This commit remove @ConfigurationPropertiesScan from
@SpringBootApplication so that it is no longer enabled by default.
2.1.x users who rely upon such conditional enablement of
@ConfigurationProperties classes can now upgrade to 2.2.x without
having to make any changes. Users who do not have such a need and are
in a position to use configuration properties scanning can now opt-in
by adding @ConfigurationPropertiesScan to their main application class
alongside @SpringBootApplication.
Closes gh-18674
This commit creates a new configuration property
`spring.codec.max-in-memory-size` which configures the maximum
amount of data to be buffered in memory by codecs (both client and
server).
This property has no default value - it will let Spring Framework handle
the default behavior, currently enforcing a 256KB for provided codecs.
Fixes gh-18828
This commit is a follow-up of a change in Spring Framework[1] to make
sure injection points that are expecting a specific bean by name use
a qualifier.
As a result of this change, MVC uses the dedicated MVC validator again
rather than the general one auto-configured by Spring Boot.
[1] https://github.com/spring-projects/spring-framework/issues/23887
Closes gh-18672
Rename `max-http-post-size` to `max-http-form-post-size` for Jetty and
Tomcat to make it clearer that they only apply to POSTed form content.
See gh-18566
This commit renames the `server.jetty.idle-timeout` property to
`server.jetty.thread-idle-timeout`, since there are other timeout
properties that are not tied to the threadpool configuration (e.g. the
connection idle timeout).
We might regroup thread-related properties in a dedicated group in the
future, see gh-18620.
Fixes gh-18615
Previously, the methods were named addServerProcessors and
setServerProcessors which wasn't aligned with them taking
socket factory processors (ServerRSocketFactoryProcessor) as an
argument.
This commit renames the methods to align them more closely with the
type of their arguments.
Closes gh-18617
Prior to this commit, all supported servers would share the same
configuration property `server.connection-timeout`. Unfortunately, in
many cases the behavior of this timeout changes depending on the server.
From actual connection setup timeout, to detecting and closing idle
connections, this property cannot be properly translated from one server
implementation to another.
This commit deprecates this configuration property and introduces server
specific properties:
* `server.jetty.connection-idle-timeout`
(Time that the connection can be idle before it is closed.)
* `server.netty.connection-timeout`
(Connection timeout of the Netty channel.)
* `server.tomcat.connection-timeout`
(Amount of time the connector will wait, after accepting a connection,
for the request URI line to be presented.)
* `server.undertow.no-request-timeout`
(Amount of time a connection can sit idle without processing a request,
before it is closed by the server.)
`server.connection-timeout` is now deprecated and will be removed in a
future release.
Fixes gh-18473
Previously, a WebSecurityConfigurerAdapter would be configured
irrespective of whether or not the user had provided their own
WebSecurityConfigurerAdapter. This then required them to use ordering
to diambiguate the configuration and made it harder to take complete
control of security configuration.
This commit updates the configuration of the SAML 2 login configurer
adapter to be conditional on missing bean, aligning it with other
security configuration such as the equivalent OAuth 2 configurer
adapter.
Closes gh-18530
Previously, when a NoSuchBeanDefinitionException was being analyzed,
the possibility of a missing @ConstructorBinding annotation on a
@ConfigurationProperties class was not considered.
This commit updates the failure analysis for failed constructor
injection of an instance of a @ConfigurationProperties-annotated
class. When such a failure occurs, adding @ConstructorBinding is
now suggested as an action.
Closes gh-18545
Previously, Maven's default behaviour was relied up which resulted
in the artifact ID being appended to each URL as it was inherited.
This behaviour can only be disabled in Maven 3.6 and later, a version
that we cannot use due to an incompatibility with the Flatten Plugin.
This commit works around Maven's default behaviour by defining
properties for the SCM URL, connection, and developer connection and
then explicitly defining the settings in each pom using these
properties. The explicit definition of the properties in each pom
prevents them being inherited from the parent, thereby disabling the
unwanted appending of the artifact ID to the URL.
Fixes gh-18328
Add an appication context initializer to detect and store the
active RSocket port in the Environment under
`local.rsocket.server.port`.
Additionally add a `@LocalServerPort` that provides a convenient
alternative to `@Value`.
See gh-18287
Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
Update `DataSourceInitializedPublisher` to fallback to the
`LocalContainerEntityManagerFactoryBean` if the
`javax.persistence.nonJtaDataSource` property is not defined.
As of Hibernate 4.3 the property is no longer set if the `EntityManager`
is created from a `PersistenceUnitInfo` instance rather than actual
properties.
Although this is being addressed in Hibernate issue HHH-13432, it's
not strictly a requirement of the JPA spec that the property is set.
Fixes gh-17061
This will ensure that ReactiveManagementWebSecurityAutoConfiguration backs
off and that the actuator endpoints are also secured via OAuth2.
Fixes gh-17949
Previously, a number of usages of @ConditionalOnMissingBean prevented
a bean that implements an auto-configured bean's "main" interface from
causing the auto-configuration of the bean to back off. This would
happen when @ConditionalOnMissingBean did not specify a type, the
@Bean method returned the bean's concrete type, and that concreate
type implements a "main" interface.
This commit updates such usages of @ConditionalOnMissingBean to
specify the "main" interface as the type of the bean that must be
missing. This will allow, for example, the auto-configured
MongoTemplate bean to back off when a MongoOperations bean is defined.
Fixes gh-18101
After a change in Spring Framework (see
spring-projects/spring-framework#23314), the `RouteMatcher` to be used
with the RSocket infrastructure is configured on the `RSocketStrategies`
directly.
This commit moves the auto-configuration of the
`PathPatternRouteMatcher` from the message handling parts to the RSocket
strategy one.
Closes gh-17571
Previously, the upgrade to Flyway 6 broke compatibility with Flyway
5.2 due to the use of method references that refer to two methods
that do not exist in Flyway 5.2.
This commit replaces the method references with lambdas that are only
called if the user sets the related property. Unless a new-in-Flyway-6
property is set, the auto-configuration will work as before. When such
a property is set the auto-configuration will fail with a
NoSuchMethodError. This approach was chosen to make the
incompatibility clear.
We have also introduced support for passing any JavaMigration beans
in the context into Flyway. This too relies on API that is new in
Flyway 6. It is possible (although unlikely) that users had
JavaMigration beans in Spring Boot 2.1 that were being ignored. This
commit restores this behaviour when using Flyway 5.2.
Closes gh-18193
This commit applies `ServerRSocketFactoryCustomizer` beans to RSocket
setups when the RSocket server is being plugged into an existing Reactor
Netty web server.
Fixes gh-18208
Previously, a number of usages of @ConditionalOnMissingBean prevented
a bean that implements an auto-configured bean's "main" interface from
causing the auto-configuration of the bean to back off. This would
happen when @ConditionalOnMissingBean did not specify a type, the
@Bean method returned the bean's concrete type, and that concreate
type implements a "main" interface.
This commit updates such usages of @ConditionalOnMissingBean to
specify the "main" interface as the type of the bean that must be
missing. This will allow, for example, the auto-configured
MongoTemplate bean to back off when a MongoOperations bean is defined.
Update the javadoc to note that `scanBasePackages` only affects the
`@ComponentScan` annotation and isn't a replacement for `@EntityScan`
or `@Enable...Repositories`.
Closes gh-18109
Previously, a custom FlywayMigrationInitializer bean named anything
other than flywayInitializer could result in a
NoSucBeanDefinitionException as the dependencies set up for JPA and
JDBC components used the bean name flywayInitializer.
This commit updates the configuration of the dependencies to depend
on FlywayMigrationInitializer beans by type rather than name.
Fixes gh-18105
Previously, a custom Flyway bean named anything other than flyway
could result in a NoSucBeanDefinitionException as the dependencies
set up for JPA and JDBC components used the bean name flyway.
This commit updates the configuration of the dependencies to depend
on Flyway beans by name rather than type.
Fixes gh-18102
Fix caching issues in `ApplicationContextRequestMatcher` and allow
subclasses to ignore an application context entirely. Update existing
matcher implementations so that they deal with the management context
correctly.
Prior to this commit, the `ApplicationContextRequestMatcher` would
return a context cached from the first request. It also didn't
provide any way to ignore a context. This meant that if the user was
running the management server on a different port the matching results
could be inconsistent depending on if the first request arrived on
the regular context or the management context. It also meant that we
could not distinguish between the regular context and the management
context when matching.
Closes gh-18012
This commit also changes the request matcher for MVC
endpoints to use an AntPathRequestMatcher instead of an
MvcRequestMatcher. The endpoint is always available
under the mapped endpoint path and this way the same matcher
can be used for both MVC and Jersey.
Fixes gh-17912
Co-authored-by: Phillip Webb <pwebb@pivotal.io>
The userDn and password in LdapContextSource are not nullable. The
default values for userDn and password in LdapProperties are null. When
the values are set to null there will eventually be a
NullPointerException during
AbstractContextSource#setupAuthenticatedEnvironment since HashTable
doesn't allow null for values.
See gh-17861
Missing change logs would lead to an exception even
if the checkChangeLogLocation was set to false. Spring Boot's check
would pass but Liquibase would fail later making this property redundant.
Fixes gh-16232
This commit separates the auto-configuration of the `SessionFactory` in
an isolated class so that the rest of the auto-configuration is still
applied if the user provides a custom `SessionFactory` bean.
See gh-17662
This significantly rework the auto-configuration to reflect the order
in which things are expected. Rather than keeping a conceptual cycle
between the builder and the two inner classes that are processed first,
the configuration is now split in three parts:
* The builder that is required and common
* The configuration when the HighLevelClient is available
* The RestClient configuration when that's not the case
See gh-17488
* pr/17646:
Polish "Default password shouldn't be generated for resource server"
Default password should not be generated when using resource server
Closes gh-17646
This commit adds an extra condition to JdbcRepositoriesAutoConfiguration
so that it doesn't scan for repositories if a transaction manager is not
available as this dependency is now mandatory.
Closes gh-17654
Since spring-projects/spring-framework#23314 and the following commit
spring-projects/spring-framework@be4facef1b, the RSocket codec selection
is relaxed and the order of configured commits matters again.
This commit ensures that the CBOR codec is configured ahead of the JSON
codec so that it can be chosen first if no data mime type is specified
when a connection is established with a client requester.
Since spring-projects/spring-framework#23314, the `RSocketStrategies`
provide more codecs by default, and there is no need to order them to
avoid conflicts during mime type selection.
This commit also ensures that the `PayloadDecoder.ZERO_COPY` is
configured on the RSocket server if the configured `DataBufferFactory`
is compatible with that strategy.
This commit updates the `RouteMatcher` configuration after the latest
Spring Framework changes. The default route matcher implementation based
on the `PathPattern` infrastructure is now tailored for the messaging
use case (path separator, path encoding options and trailing separator).
See spring-projects/spring-framework#23310
Previously, Jackson2ObjectMapperBuilder was a singleton bean. This
meant that if it was injected and mutated in one injection point,
usage in a subsequent injection point would see the previous
injection point's mutation which can lead to unexpected failures.
This commit updates the auto-configuration of the builder to make it
a protoype bean. Mutation of the builder that is intended to apply
globally should be made using a customizer.
Closes gh-17477
Meta-annotate `ClassPathExclusions` and `ClassPathOverrides` with
so that the `ModifiedClassPathExtension` no longer needs to be
used directly.
See gh-17491
The `reactor-tools` dependency now brings a new Reactor Debug Agent
which instruments loaded classes for better Reactor stacktraces.
This commit removes the `spring.reactor.stacktrace-mode.enabled`
configuration property since the related Reactor Hook is about to be
removed.
As a replacement, we're introducing `spring.reactor.debug-agent.enabled`
which tells whether the Reactor Debug Agent should be loaded, given that
the `reactor-tools` dependency is available. This option is enabled by
default, since adding the dependency on classpath is a strong signal
already.
Fixes gh-17128
Prior to this commit, having the `spring-boot-starter-rsocket` and the
`jackson-dataformat-xml` dependencies on classpath would result in a
`ClassCastException` when the RSocket auto-configuration tries to
configure Jackson CBOR codecs for RSocket strategies.
This commit disables the Jackson XML support for the CBOR codec in
RSocket.
Fixes gh-17425
HiddenHttpMethodFilter can be problematic as it causes early
consumption of a request body if the body may contain parameters. This
happens as the filter needs to read the parameters to see if an
_method parameter is present. The filter is only beneficial for web
applications that are the hidden HTTP method functionality but is
potentially detriimental to all applications that are not. As such
we no longer believe that it should be enabled by default and users
should be required to opt in.
Closes gh-16953
Previously, if a user defined a MongoDbFactory bean but did not define
a client bean, MongoDataAutoConfiguration would back off leaving the
context without a MongoTemplate, etc.
This commit reworks the auto-configuration so that only the
auto-configuration of a MongoDbFactory is dependent on the existence
of a Mongo client bean. Auto-configuration of the other components
that depend on a MongoDbFactory will now continue in the absence of a
Mongo client bean.
Closes gh-17416
Apply checkstyle rule to ensure that private and package private
classes do not have unnecessary public methods. Test classes have
also been unified as much as possible to use default scoped
inner-classes.
Closes gh-7316
spring-kafka.2.3.0.M3 introduced a new property `RecordInterceptor` to
the container factory.
Auto-configure the property if a single instance is present.
See gh-17322
`@EmbeddedKafka` now supports JUnit 5 without the need for a Spring
test application context. Remove the previous workaround that replaced
the JUnit4 `@ClassRule` and use `TopicBuilder` to build the
topic bean.
See gh-17355
This commit removes the now outdated `HibernateEntityManagerCondition`
in favour of a simple check of `SessionImplementor`. As of
Hibernate 5.2, a single `hibernate-core` jar is required so a single
class check is enough.
Closes gh-17288
This commit removes the now outdated `HibernateEntityManagerCondition`
in favour of a simple check of `SessionImplementor`. As of
Hibernate 5.2, a single `hibernate-core` jar is required so a single
class check is enough.
Closes gh-17283
Spring Framework recently removed the `MessageHandlerAcceptor` (which is
a sub-class of `RSocketMessageHandler`).
Instead of implementing directly the `SocketAcceptor` contract, it now
exposes them through `clientAcceptor()` and `serverAcceptor()` methods.
See gh-17280
Update `NettyWebServerFactoryCustomizer` to deal with the fact that
Netty treats `0` and negative connection timeout values differently to
Tomcat, Undertow and Jetty.
See gh-16535
Both Flyway and Liquibase makes use of DataSourceProperties to get
default properties. Previously, both used strictly the configuration
properties and failed to consider embedded datasource properties
autoconfigured by @AutoConfigureTestDatabase. In case a database layer
test e.g. @JdbcTest relies on the autoconfigured embedded datasource,
Flyway and Liquibase autoconfiguration fails as they are not aware of
the embedded datasource properties.
See gh-16814
Deprecate the existing `BindResult.orElseCreate` method in favor of
`bindOrCreate` methods on the `Binder`. These new methods allow us to
implement custom creation logic depending on the type of object being
bound. Specifically, it allows constructor based binding to create new
instances that respect the `@DefaultValue` annotations.
Closes gh-17098
Co-authored-by: Phillip Webb <pwebb@pivotal.io>
Update `WebMvcAutoConfiguration` and `WebFluxAutoConfiguration` so that
`Printer<T>` and `Parser<T>` beans are automatically registered with
the conversion service.
Prior to this commit only `GenericConverter`, `Converter` and
`Formatter` beans were automatically registered.
See gh-17064
Add a new property to `RedisSessionProperties` that allows the default
`ConfigureRedisAction` to be changed. Users can still also configure
the action using a `@Bean`.
See gh-17022
Broaden the scope of customizer support so that instead of focusing
just on headers, we can now customize any outgoing `HttpClientRequest`.
Also update auto-configuration to automatically add any
`RestTemplateRequestCustomizer` beans to the builder.
See gh-17091
This commit changes the default file extension for Freemarker templates
from `*.ftl` to `*.ftlh`. This commit also enables by default the
Freemarker setting `"recognize_standard_file_extensions"` to ensure that
HTML escaping is performed by default in Spring Boot applications.
Applications should adapt to this change by changing the file extensions
of existing templates to `.ftlh`.
Closes gh-15131
This commit configures a `PathPatternRouteMatcher` in the RSocket
support if spring-web is on the classpath. This `RouteMatcher`
implementation is more efficient than the `SimpleRouteMatcher`, which is
based on the `AntPathMatcher`.
Closes gh-16865
As of Spring Data Moore, a new reactive template and the
corresponding repositories support have been added.
This commit auto-configures a `ReactiveElasticsearchTemplate`
with the configuration properties under the
`spring.data.elasticsearch.client.reactive` namespace.
To enable this feature, applications require both Spring Data
Elasticsearch dependencies (typically
`spring-boot-starter-data-elasticsearch`) and dependencies
for a `WebClient` (often `spring-boot-starter-webflux`).
The support for the reactive Elasticsearch repositories is
also provided.
Closes gh-16214
This commit auto-configures the Elasticsearch REST client support
as a template for Spring Data Elasticsearch. As of this commit,
using the transport client is still possible but developers
should migrate.
This commit also removes the deprecated annotation on the
Elasticsearch auto-configuration for the transport client, since
this deprecation notice is already present on the configuration
property.
Closes gh-17024
Closes gh-16542
Split the JUnit 5 `OutputCapture` class into separate `OutputExtension`
and `CapturedOutput` classes. The JUnit 5 callback methods are now
contained only in the `OutputExtension` class so no longer pollute the
public API that users will interact with.
The `CapturedOutput` class has also been updated to capture System.err
and System.out separately to allow distinct assertions if required.
Closes gh-17029
Update Spring Session auto-configuration to ensure that the
`DefaultCookieSerializer` doesn't break when Spring Security is not
present on the classpath.
Closes gh-16889