userDefinedMappingsSecureByDefault in
SampleSessionWebFluxApplicationTests may fail with an NPE if the
session times out before the initial response is sent due to the absence
of a SESSION cookie in the response. The test uses a short session
timeout (2 seconds) and we've seen the problem occur on CI when,
presumably, a noisy neighbour has caused some CPU starvation.
This commit increases the timeout to 5 seconds to reduce the chance of
a short period of CPU starvation causing the test to fail.
Closes gh-25572
Previously, actuator endpoints were registered with Jersey upon
injection of the ResourceConfig bean into a registrar class rather than
using a ResourceConfigCustomizer. This was done to fix a problem
when running the Actuator on a separate port where the main application
context's customizers were also applied to the management context,
breaking the singleton contract for those resources. This approach
meant that the registration could be performed at any point after the
ResourceConfig had been created. When Jersey's configured as a Filter
this resulted in the registration failing as the attempt was being made
after the Filter lifecyle callbacks which make the ResourceConfig
immutable.
This commit reworks the endpoint registration to be performed using a
ManagementContextResourceConfigCustomizer, a resource config customizer
that's only applied to the ResourceConfig that's used by the Actuator.
When there's a separate management context, this ResourceConfig is
created by the Actuator's auto-configuration and the management context
resource config customizers are applied to it during its creation. The
main application's customizers are not applied. When the actuator is
using the same context as the main application, this ResourceConfig is
created by the main application. In this case a
ResourceConfigCustomizer is defined that delegates to all
ManagementContextResourceConfigCustomizers, allowing them to register
the actuator endpoints with the main ResourceConfig.
Fixes gh-25262
Update `build.gradle` files to ensure that `junit-platform-launcher` is
a `testRuntimeOnly` dependency. This ensures that tests can be run from
Eclipse.
Closes gh-25074
Previously, the project version was included in the name of the
Ant-built jar and the integration test assumed that there would be a
single jar in the output directory. This assumption did not hold true
if the project's version had changed and the project had been built
again without a clean. This resulted in two jars, one for the previous
version and one for the current version, in the output directory. This
caused a test failure.
This commit updates the build.xml to remove the version from the name
of the Ant-built jar and updates the integration test to find it.
Closes gh-22782
Previously, Spring Boot's modules published Gradle Module Metadata
(GMM) the declared a platform dependency on spring-boot-dependencies.
This provided versions for each module's own dependencies but also had
they unwanted side-effect of pulling in spring-boot-dependencies
constraints which would influence the version of other dependencies
declared in the same configuration. This was undesirable as users
should be able to opt in to this level of dependency management, either
by using the dependency management plugin or by using Gradle's built-in
support via a platform dependency on spring-boot-dependencies.
This commit reworks how Spring Boot's build uses
spring-boot-dependencies and spring-boot-parent to provide its own
dependency management. Configurations that aren't seen by consumers are
configured to extend a dependencyManagement configuration that has an
enforced platform dependency on spring-boot-parent. This enforces
spring-boot-parent's version constraints on Spring Boot's build without
making them visible to consumers. To ensure that the versions that
Spring Boot has been built against are visible to consumers, the
Maven publication that produces pom files and GMM for the published
modules is configured to use the resolved versions from the module's
runtime classpath.
Fixes gh-21911
Prior to this commit, there was a property server.error.include-details
that allowed configuration of the message and errors attributes in a
server error response.
This commit separates the control of the message and errors attributes
into two separate properties named server.error.include-message and
server.error.include-binding-errors. When the message attribute is
excluded from a servlet response, the value is changed from a
hard-coded text value to an empty value.
Fixes gh-20505
This commit updates HazelcastHealthIndicator and
HazelcastCacheMeterBinderProvider so that they work with
Hazelcast 4 while retaining compatibility with Hazelcast 3. Reflection
is used when necessary.
This commit also adds a smoke test that validates those features are
working when Hazelcast 4 is on the classpath.
Closes gh-21169
Prior to this commit, default error responses included the message
from a handled exception. When the exception was a BindException, the
error responses could also include an errors attribute containing the
details of the binding failure. These details could leak information
about the application.
This commit removes the exception message and binding errors detail
from error responses by default, and introduces a
`server.error.include-details` property that can be used to cause
these details to be included in the response.
Fixes gh-20505
Rename the SAML `singleSignOn` nested property to `singleSignOn` so
that we don't get problems when using uppercase environment variable
names.
See gh-20584
This commit adds a section to the reference guide on how to initialize
a database using R2DBC. 2 smoke tests are also added to validate this
behaviour with Flyway and Liquibase.
Closes gh-20742
The upgrade to the Couchbase SDK v3 changed how errors are reported
when the cluster is not available. This commit updates the check to
look for the new exception in the hope a more solid check can be found
shortly.
This commit upgrades to the Couchbase SDK v3 which brings the following
breaking changes:
* Bootstrap hosts have been replaced by a connection string and the
authentication is now mandatory.
* A `Bucket` is no longer auto-configured. The
`spring.couchbase.bucket.*` properties have been removed
* `ClusterInfo` no longer exists and has been replaced by a dedicated
API on `Cluster`.
* `CouchbaseEnvironment` no longer exist in favour of
`ClusterEnvironment`, the customizer has been renamed accordingly.
* The bootstrap-related properties have been removed. Users requiring
custom ports should supply the seed nodes and initialize a Cluster
themselves.
* The endpoints-related configuration has been consolidated in a
single IO configuration.
The Spring Data Couchbase provides an integration with the new SDK. This
leads to the following changes:
* A convenient `CouchbaseClientFactory` is auto-configured.
* Repositories are configured against a bucket and a scope. Those can
be set via configuration in `spring.data.couchbase.*`.
* The default consistency property has been removed in favour of a more
flexible annotation on the repository query methods instead. You can now
specify different query consistency on a per method basis.
* The `CacheManager` implementation is provided, as do other stores for
consistency so a dependency on `couchbase-spring-cache` is no longer
required.
See gh-19893
Co-authored-by: Michael Nitschinger <michael@nitschinger.at>
Unfortunately, while redundant for new applications, removing the
leading slash adversely affected existing application upon upgrades as
it caused Liquibase to re-apply every change log.
Closes gh-20177
Andy Wilkinson
weixsun
Phillip Webb
dreis2211
Madhura Bhave
Stephane Nicoll
Gabriele Bianchet-David
Andy Wilkinson
Phillip Webb
Scott Frederick