Previously, an entry’s potentially aliased name would be used when
checking that it has a particular name. The alias would always be
applied, irrespective of the name in the header. As a result, when
there was a clashing hash and an entry with a particular index did
not have the expected name, this would be concealed by the alias
being applied and the name check being done with the alias.
This commit reworks JarEntry to store the name in its header in
addition to its alias, if any. When checking that the entry has the
expected name, the unaliased name is passed in and the entry compares
it with the name from the header rather than the alias.
Closes gh-15981
Previously, DevTools would retry the upload of the changes to an
application in the event of a ConnectException. If a different
network-level failure occurred, it would not be retried and would
cause the file watching thread to die.
This commit attempts to make things more robust by retrying all
SocketExceptions and not just ConnectExceptions. A warning is
logged when a failure occurs. A separate debug message that
includes the exception is also logged.
Closes gh-10317
This commit splits the management context configuration for jersey
into two separate configurations depending on if the type is SAME or
CHILD. The configuration for the SAME context should only kick in if
there is no existing ResourceConfig bean.
Fixes gh-15891
When Spring Security is misconfigured it's possible to switch from an anonymous user
to a normal user. When switching back again, the corresponding
AuthenticationSwitchUserEvent will have a null target user. Previously, Actuator's
AuthenticationAuditListener would throw a NullPointerException when it received such an
event.
This commit updates the audit listener to defensively handled events with a null target
user.
Closes gh-15767
Previously, the auto-configuration for both Jersey and WebMvc would auto-configure
a RequestContextFilter bean. In 2.1.0, this led to a startup failure due to the latter
attempting to override the bean defined by the former. In addition to the override there
were also problems with the order of the filter as Jersey uses -1 and MVC uses -105.
To avoid the above-described problems, the auto-configuration of the RequestContextFilter
was removed from JerseyAutoConfiguration in 2.1.1. Unfortunately, the broke
request-scoped beans for those using only Jersey.
This commit attempts to strike a better balance by reintroducing the auto-configuration
of RequestContextFilter in JerseyAutoConfiguration. It will back off if the user defines
their own filter or filter registration. WebMvcAutoConfiguration has been updated to
back off in the same manner. This leaves the potential for ordering problems, but they
are no worse than they were before. Furthermore, the user has the means to correct any
problems by using the various filter ordering properties that are provided for Jersey,
Spring Session, Spring Security, etc.
Closes gh-15376
Andy Wilkinson
Robert Thornton
Stephane Nicoll
isank
Madhura Bhave
Michael Simons
Sebastien Deleuze
Matthias Stock
Johnny Lim
Kedar Joshi