This commit removes the Servlet root context from the default values for
the `spring.resources.static-locations` configuration property. Servlet
and non-Servlet applications are sharing this property.
The Servlet root context is automatically configured as a resource
location for Spring MVC based applications.
Closes gh-9240
This commit makes the "spring.session.store-type" property optional,
adding an additional check when it is not present that validates only
one supported implementation is available on the classpath.
As Spring Session has been modularized, the chance that multiple
implementations are available on the classpath are lower. When only
one implementation is present, we attempt to auto-configure it. When
more than one implementation is present and no session store is
configured, a NonUniqueSessionRepositoryException is thrown.
Closes gh-9863
Update the security request matchers so that a bean is no longer needed
when the matcher is used. Matchers can now be build by starting from
the `EndpointRequest` or `StaticResourceRequest` classes. For example:
http.authorizeRequests()
.requestMatchers(EndpointRequest.to("status", "info")).permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")
.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
Closes gh-7958
Restructure actuator packages to improve structure. The following
changes have been made:
- Separate actuator and actuator auto-configuration into different
modules.
- Move endpoint code into `spring-boot-actuator`.
- Move `Endpoint` implementations from a single package into
technology specific packages.
- Move `HealthIndicator` implementations from a single package into
technology specific packages.
- As much as possible attempt to mirror the `spring-boot` package
structure and class naming in `spring-boot-actuator` and
`spring-boot-actuator-autoconfigure`.
- Move `DataSourceBuilder` and DataSource meta-data support from
`spring-boot-actuator` to `spring-boot`.
Fixes gh-10261
This commit makes sure that customizations on the
SessionRepositoryFilter are also applied when the user provides its
own SessionRepository.
Closes gh-10254
Previously, if a user's configuration class provided a custom
Validator bean, that configuration class would be initialized very
early so that the Validator could be used to create the
auto-configured MethodValidationPostProcessor. This early
initialization could problems as it may prevent any of the
configuration class's dependencies from being post-processed.
This commit updates the injection of the Validator bean to be lazy,
thereby preventing the creation of the auto-configured
MethodValidationPostProcessor from triggering early initialization.
Closes gh-9416
This commit adds new Conditional annotations on auto-configurations
creating the Servlet/Reactive web servers. These conditions only depend
on request primitives used by the servers themselves and aren't
framework specific.
Closes gh-10163
Previously, AutoConfigureOrder defaulted to Ordered.LOWEST_PRECEDENCE.
This made is impossible for an individual auto-configuration to
indicate that it wanted to go "last", i.e. after any
auto-configuration classes that didn't not specify an order, or
specified an order other than LOWEST_PRECEDENCE.
This commit changes to default to 0, allowing a single
auto-configuration to easily indicate that it should go last.
Closes gh-10142
This commit adds a strategy interface to specific if a given DataSource
has its schema managed. The Hibernate auto-configuration uses it to set
it to "none" if a mechanism to initialize the DataSource is
found and "create-drop" otherwise.
Both Flyway and Liquibase implements that strategy interface and
register it in the context accordingly.
Closes gh-9262
Since the autoconfig totally backs off in the presence
of a WebSecurityConfigurerAdapter, there is no need to
order them ahead of/after the one provided by Spring Boot.
See gh-7958
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.
Closes gh-7958
Stephane Nicoll
Martin Greber
Johnny Lim
Phillip Webb
Andy Wilkinson
Brian Clozel
Spring Buildmaster
Madhura Bhave
Paul Vorbach