Update exit code support to allow the ExitCodeGenerator interface to
be placed on an Exception. Any uncaught exception implementing the
interface and returning a non `0` status will now trigger a System.exit
with the code.
Fixes gh-4803
Ensure that Collections.isEmpty() is used to check if there are no
elements in a collections. This is more explicit and can be faster than
calling .size().
Closes gh-4783
This change permanently removes links from the endpoints that return
arrays or collections, and also disables them in the rest of the
endpoints (except /actuator) by default.
Fixes gh-4616
Add a `server.server-header` property which can be used to override the
`server` header usually sent back automatically by Tomcat/Jetty or
Undertow.
See https://www.owasp.org/index.php/Securing_tomcat for background.
Fixes gh-4461
Closes gh-4504
Previously, BasicErrorController would return the response status
set in the javax.servlet.error.status_code request attribute when
serving JSON but would also return a 200 OK response when serving
HTML. This didn’t cause much trouble when a person was browsing, but
proved problematic for machine clients that request text/html and care
about the response status. For example, the success handler would be
driven for an XHR request even though the response was really an error.
This commit updates BasicErrorController to set the response status for
text/html responses to match the status that it would use in an
application/json response.
Closes gh-4694
If user set the management.port *and* the management.context-path
then the /error path was in the wrong place because formerly it
was implemented (in this case) by an MvcEndpoint. If we
switch it to a regular @Controller (which are now supported in the
child context if there is one) then it won't disappear under the
management.context-path.
Also use lazy request matching in ignores as well as secure paths.
The problem was that the ignores were constructed eagerly from the
actuator paths before they were available (the EndpointHandlerMapping
needs to be lazily accessed to avoid a security-induced bean creation
cascade).
Fixes gh-4624
The Maven POM does all the dependency resolutions for the
spring-boot-antlib project. Delegating this task to Ivy, which is
buried deep in the Antrun/Antunit part of the build, makes any kind
of proxy configuration much more complex.
The ivysettings.xml already has the local M2 repository configured,
but because the folder "repository" is missing, the artifacts, already
downloaded by Maven cannot be resolved from this location.
The Spring and Maven Central repositories should be removed from the
ivysettings.xml files in order to force all resolves to be done through
the local M2 repository. The POM of joda-time version 2.8.1 has an
optional dependency to joda-convert 1.2, which lets the Ivy resolve
process fail, because this version of the joda-convert library was
not resolved by any of the Maven POMs. It seems as if Ivy does not
respect the optional scope, defined in the joda-time POM.
Pass proxy settings to the forked process to make the Gradle distribution download work
Create a gradle.properties file for each Gradle integration test and writes the forking
process' proxy settings as systemProp.http(s).Host/Port to the properties file.
This configures the external process with the right proxy settings to let it download
the Gradle distribution via the HTTP proxy server.
Added a hint for Windows users to get the core.autocrlf setting right
When the core.autocrlf setting under Windows is set to false for example
All files are not converted regarding their EOL characters to the
Windows format with CRLF at a line's end. There is a checkstyle
validation that checks that all files have the system's line endings
and in some test-cases the value from the system property "line.ending"
is used to check test output. So without the conversion, those checks
are going to fail, resulting in build errors.
Fixes gh-4367, fixes gh-3816
The InteractiveAuthenticationSuccessEvent is always shadowed by a
regulat AuthenticationSuccessEvent, so there's no need to listen for
all AbstractAuthenticationSuccessEvents.
Fixes gh-4355
The HATEOAS sample does not support XML responses. Previously, the
controller doesn't constrain the media types that it could produce.
This would result in a failure when handling a request that prefers
XML responses.
This commit updates the produces clauses in the controller so that
the sample will only attempt to produce JSON.
Closes gh-4343
The documentation recommends configuring the HTTP connector in code
and using application.properties to configure the HTTPS connector
as it's easier. This commit updates the sample to follow that
recommendation.
Closes gh-4342
FacesListener in Mojarra 2.2.12 (used in Glassfish 4.1.1) is a
ServletContainerInitializer that’s annotated to handle types annotated
with javax.annotation.Resource.
OAuth2RestOperationsConfiguration.SessionScopedConfiguration is one such
class. This leads to com.sun.faces.config.DelegatingAnnotationProvider
calling getAnnotations on SessionScopedConfiguration.class. This fails
with a java.lang.ArrayStoreException due to SessionScopedConfiguration
being annotated with @ConditionalOnBean(OAuth2ClientConfiguration) and
OAuth2ClientConfiguration not being on the classpath.
DelegatingAnnotationProvider currently catches NoClassDefFoundErrors
thrown during its annotation processing. It needs to be made more
robust so that it also copes with an ArrayStoreException, in a similar
way to how org.glassfish.apf.impl.AnnotationProcessorImpl was updated to
fix GLASSFISH-21265 [1]. I’ve opened an issue to this effect [2].
In the meantime, we can work around the brittleness in
DelegatingAnnotationProvider by restructuring
SessionScopedConfiguration. This commit moves the use of @Resource into
a nested inner class, ClientContextConfiguration, while leaving the use
of @ConditionalOnBean on SessionScopedConfiguration. This means that it
is now ClientContextConfiguration that is passed to FacesListener and
processed by DelegatingAnnotationProcessor, thereby avoiding exposing
it to the @ConditionalOnBean annotation that it does not handle
gracefully. A Glassfish-based deployment test has also been added to
verify the fix.
Closes gh-2079
Closes gh-4321
[1] https://java.net/jira/browse/GLASSFISH-21265
[2] https://java.net/jira/browse/JAVASERVERFACES-4076
Previously, OrderedRequestContextFilter was ordered such that it
ran after Spring Security's Filter. This meant that the request
context was unavailable to any Filters in Spring Security's Filter
chain. Specifically, this caused a failure when using @EnableOAuth2Sso
as OAuth2ClientAuthenticationProcessingFilter, which is added to
Spring Security's Filter chain would be unable to use the
request-scoped bean upon which it depends.
This commit updates the order of OrderedRequestContextFilter so that
the request context is set up before Spring Security's Filter runs.
The tests for SampleGitHubApplication have been updated to use
TestRestTemplate rather than MockMvc. This is necessary as the latter,
via ServletTestExecutionListener, automatically populates the request
context holder, masking the fact that the request context filter was
setting it up too late.
Closes gh-4270
Update TraceWebFilter to optionally trace more details from the
HttpServletRequest/HttpServletResponse. The `management.trace.include`
property can be used to change what aspects are logged.
Closes gh-3948
Prior to 8.0.28 Tomcat required the key store and trust store (if any)
to be available directly on the filesystem, i.e. classpath: resources
would not work. Tomcat 8.0.28 removed this limitation.
This commit updates to Tomcat 8.0.28, updates the tests to verify
the new Tomcat capability and removes the obsolete documentation of
the restriction.
Closes gh-4048
Update the samples and integration tests to use Java 8. There's no
specific reason to keep them on Java 6 and it helps keep Eclipse happy
if we upgrade.
Update the samples and integration tests to use Java 8. There's no
specific reason to keep them on Java 6 and it helps keep Eclipse happy
if we upgrade.
The redirect happens in two stages, first from / to /login on localhost
and then to github.com. This commit updates the test to check that the
first redirect has worked, i.e. from / to /login on localhost.
Commit c85f4df0ee broke the build as some tests are expecting HSQL to be
used. We now specify the name of the database rather than specifying the
jdbc url.
Use "return" instead of "exit" where possible, especially in
function definitions.
Also fixed the exit codes to match the LSB spec for some specific
conditions (fixes gh-3521).
Fixes gh-3199, fixes gh-3535
Previously, native cache libraries were favored over a standard JSR-107
implementation. If a user has a working setup using JCache with one
provider and switch to another provider, his setup may be broken if we
happen to provide a native support for the new provider.
We now consistently favor JSR-107 if it is present. Native support can
still be enabled via the `spring.cache.type` property.
Closes gh-3822
Given that Spring Boot uses java config accross the board, a new `value`
attribute is now aliased to the existing `classes` attribute such that
one could write the following:
@SpringApplicationConfiguration(MyConfig.class)
public class MyTest {}
Closes gh-3635
Update LinksMvcEndpoint and HalBrowserMvcEndpoint so that no longer try
to use the `/` context path. Links are now available from `/links` and
the HAL browser is available from `/hal`.
The actuator HAL browser now works with either WebJars or the Spring
Data version. It also now transforms the initial HTML so that the
form is pre-populated with `/links`.
When using Spring Data's HAL browser, the root includes a link to
`/links` with a rel of `actuator`.
See gh-3621
This commit updates the default output produced when using Log2J 2 to
be similar to the output produced by Logback. It introduces a new
converter for throwables that adds some whitespace around stacktraces
and a color converter that produces ANSI-colored output when enabled
via spring.output.ansi.enabled.
Closes gh-3548
Harmonize the configuration properties for Undertow to match the changes
made for gh-2491.
Move `spring.undertow.accessLog*` to `spring.undertow.accesslog.*`
Add an auto-configuration that avoid a Spring Boot user to add
`@EnableConfigurationProperties` to its configuration to benefit from
that feature.
As our own auto-configurations are tested independently, such annotation
is still present to avoid a useless reference to this new
auto-configuration.
Closes gh-2457
Since each sample has (supposedly) only one application class and not
a lot of the code, the `mainClassName` attribute in the gradle build is
not really useful and can lead to inconsistency if the application class
is moved.
See gh-3588
Embedded MongoDB is now auto-configured when it is on the classpath.
The Mongo instance will listen on the port specified by the
spring.data.mongodb.port property. If this property has a value of
zero and randomly allocated port will be used. In such an event, the
MongoClient created by MongoAutoConfiguration will be automatically
configured to use the port that was allocated.
By default, MongoDB 2.6.10 will be used. This can be configured using
the spring.embedded-mongodb.version property. Mongo's sync delay
feature is enabled by default. This can be configured using the
spring.embedded-mongobd.features property.
Closes gh-2002
When Spring Data REST is owning the home page it has its own
HandlerMapping with a fix (relatively) low priority. The /links
endpoint wants to own the home page as well, and our handler mapping
has a high priority for good reasons. This change addresses the
issue by checking if Spring Data REST is configured and if
the management context path (or more specifically, the links
endpoint) is the same as the home page.
Fixes gh-3486
When Spring Security sends 302 responses to a login page we don't get
any information about the request matching in Spring MVC. Consequently
apps can end up with a lot of counter.status.302.* metrics (where
"*" can be whatever the user sent).
This change treats 3xx the same as 4xx (if it is unmapped it just gets
added to a metric called "unmapped" instead of using the actual request
path).
Fixes gh-2563
Unfortunately, we have no other choice to flip the ignoreUnknownFields
attribute of `SecurityProperties` has many different target are now set
for that namespace outside the class. See gh-3445 for a potential way
to improve that.
Closes gh-3327
If spring-hateoas is on the classpath and an MvcEndpoint returns a
@ResponseBody it will be extended and wrapped into a Resource with links.
All the existing endpoints that return sensible JSON data can be extended
this way (i.e. not /logfile). The HAL browser will also be added as an
endpoint if available on the classpath. Finally, asciidocs for the
Actuator endpoints are available as a separate jar file, which if
included in an app will also generate a new (HTTP) endpoint.
Fixes gh-1390
There is a new spring.factories entry for
org.springframework.boot.actuate.autoconfigure.EndpointWebMvcConfiguration
which loads extra beans into the MVC config for the Actuator.
If the management context is a child context all the beans go in the
child (except the Spring Security filter still). A big bonus is that
you can add WebConfigurerAdapters to configure static resources etc.
A new component called ManagementContextResolver can be used to
locate the ApplicationContext for the MVC endpoints.
Fixes gh-3345
Include support for a new <springProfile> element which can be used in
`logback-spring.xml` files to selectively enable or disable parts of the
configuration. For example:
<configuration>
...
<springProfile name="staging">
<logger name="sample.logback" level="TRACE" />
</springProfile>
...
</configuration>
Fixes gh-3338
The default is now to reveal all details unless sensitive=true
(instead of only revealing then if sensitive was explicitly false).
The definition of "secure" also changes to something more sensible
where it is only true if security is enabled.
Fixes gh-2816
This commit adds support for automatically configuring Spring Session.
In a web application when both Spring Session and Spring Data Redis
are on the classpath, Spring Session's Redis Http Session support
will be auto-configured. The max inactive interval for Redis-backed
sessions can be configured via the environment using the existing
server.session-timeout property.
Closes gh-2318
Migrate `spring.view.prefix` and `spring.view.suffix` to
`spring.mvc.view.prefix` and `spring.mvc.view.suffix` respectively. The
former properties are still handled in a backward compatible way and are
defined as deprecated in the meta-data.
Closes gh-3250
Support loading a `.spring-boot-devtools.properties` file from the
users home folder. The property file can be used to customize settings
that make sense on a per-user basis, but might not want to be checked
into the project.
Fixes gh-3151
Users can add @ExportMetric[Reader,Writer] to readers and writers that
they want to participate in the default exporter. There is also still an
@ActuatorMetricWriter that is used for the legacy (non-Java8) Gauge and
CounterServices.
The redis export and aggregate use case is a lot nicer with this
shared data between the two component types.
Also made MetricExportProperties itself a Trigger (so the default
delay etc. can be configured via spring.metrics.export.*).
Log4j2 can auto-reload its configuration file as long as the reference
to a `java.io.File` is provided in the `ConfigurationSource`. Previously,
we always created such `ConfigurationSource` with only the URL regardless
of its type.
Detect when the configuration URL points to a File and create the
`ConfigurationSource` accordingly.
The `spring-boot-sample-actuator-log4j2` has been updated to reload the
logging configuration every 30 sec if necessary.
Fixes gh-3024, gh-3030
User can enable OAuth2 SSO by declaring the intent (@EnableOAuth2Sso)
and also configuring the client properties (spring.oauth2.client.*).
The spring.oauth2.sso.* are only needed to change the path for the
login (defaults to /login) - any other security configuration for the
protected resources can be added in a WebSecurityConfigurerAdapter
which carries the @EnableOAuth2Sso annotation.
* Automatically spin up Authorization Server and Resource Server
* Automatically configures method level security included OAuth2Expression handler
* Wrote extensive unit tests verifying default behavior as well as the auto-configuration backing off when custom Authorization/Resource servers are included
* Created org.springframework.boot.security.oauth2 subpackage to contain it
* Can also disable either resource of authorization server completely with a single property for each
* Print out the auto-generated secrets and other settings
* Added spring-boot-sample-secure-oauth2 to provide a sample that can be run and poked with curl as well as some automated tests.
* Make users ask for which servers to install by adding @Enable*
* User has to @EnableGlobalMethodSecurity instead of using properties files
Add Spring Security OAuth2 support to Spring Boot CLI
* Triggered from either @EnableAuthorizationServer or @EnableResourceServer
* Needs to have @EnableGlobalMethodSecurity to allow picking the annotation model.
* By default, comes with import support for @PreAuthorize, @PreFilter, @PostAuthorize, and @PostFilter via a single start import
* Also need import support for the enable annotations mentioned above.
* Added extra test case and sample (oauth2.groovy)
- Apply project’s code formatting and conventions
- Don’t use the IO and worker thread configuration when creating the
worker for the AccessLogReceiver. The IO and worker thread
configuration is for HTTP request processing and a worker in its
default configuration should be sufficient for the access log
receiver.
- Don’t use a temporary directory as the default for the access log
directory. A temporary directory makes (some) sense for Tomcat as it
requires a directory for its basedir. Undertow has no such
requirement and using a temporary directory makes it hard to locate
the logs. The default has been updated to a directory named logs,
created in the current working directory.
- Document the new properties in the application properties appendix
Closes gh-3014
This commit adds support for configuring Undertow's access log via the
environment using the following properties:
server.undertow.access-log-enabled
server.undertow.access-log-pattern
server.undertow.access-log-dir
See gh-3014
This avoids a potential problems with ordering between Dropwizard and
normal repository configuration. A Dropwizard sample has been added to
verify the behaviour.
In addition to the changes already made in 1.2.x, this commit updates
the tests in spring-boot-actuator to ensure that any Elasticsearch
data files are written into the target directory. This avoids problems
when switching branches caused by different versions of Elasticsearch
trying to read the files.
By default, Elasticsearch writes it data to ./data. This led to data
being left on the filesystem after a mvn clean which could cause
failures when moving between branches that use different versions of
Elasticsearch.
This commit updates the tests for the Elasticsearch sample and
the Elasticsearch auto-configuration classes to write the
Elasticsearch data and logs into the target directory.
This reverts commit b1c0a7cda4.
The plugin publishing process has moved to a new plugin-based approach
that brings with it some significant limitations:
- There's no staging to allow the promotion of good release builds
- There's no easy way to upload an existing artifact
- There's no control over the published pom.
The risk brought by these limitations, particularly the first, are
too great so we will no be publishing the Boot plugin to the Portal
until they're resolved.
Changing the plugin's ID was a breaking change that would require
users to do some work when they upgrade to Boot 1.3. The ID of the
plugin was changed purely so that it met the Portal's requirements.
Given that the plugin will not be published to the Portal for the
foreseaable future there's no need for us to inflict a breaking change
on people when there will be no benefit.
See gh-1567
The changes made in spring-projects/spring-framework@e403aefe cause
SampleTomcatTwoConnectorsApplication to fail to launch. The port bean,
typed as an int, is coerced into an Integer when the bean’s created. The
port() method is then called, and the proxy’s bean method interceptor
complains as it’s expecting the port bean to be an int but it’s actually
an Integer. Changing the port() bean method’s return type to Integer
works around the problem.
The versions in the dependency management for the various datastore
dependencies have been aligned with those used by Spring Data Fowler.
The Data REST tests and sample application has been updated to configure
the base path in favour of the deprecated base uri property
Closes gh-2673
Spring Framework’s ParamterizedRowMapper has been deprecated since
3.1 and has been removed in 4.2. Spring Batch currently relies on
ParameterizedRowMapper, making it incompatible with 4.2. To allow us to
build successfully against 4.2, this commit ignores Spring Boot’s tests
that use Spring Batch’s JDBC support.
See gh-2575
Gradle’s plugin portal requires each plugin’s ID to be in a namespace.
Our existing ID, spring-boot, does not meet this requirement. This
commit changes the plugin’s ID to org.springframework.boot.spring-boot.
Note that, as is recommended [1], the plugin’s ID does not include
“gradle”.
See gh-1567
[1] http://plugins.gradle.org/submit
The response produced by Spring Data REST to a search that will always
return a single result, i.e. the return type is Foo rather than
List<Foo> or Page<Foo> has improved in Fowler. Previously, the response
would contain a single embedded resource. In Fowler, the response now
contains the resource that used to be embedded as a top-level resource.
This commit updates the expectations in one of the sample’s tests to
match this new behaviour.
See gh-2673
Update ElasticsearchAutoConfiguration to ensure that local nodes are
closed when the context is closed. Prior to this commit the close()
method of the Client would be called which had no effect for local
Nodes.
Fixes gh-2480
Undertow’s WebSocket client sends an illegal Origin header – it does
not include the scheme, e.g. it’ll send “localhost” rather than
“http://localhost”. This commit works around the problem by allowing
access to the SockJS endpoints from any origin, thereby disabling
OriginHandlerInterceptor’s checking of the Origin header.
Spring Integration's FileWritingMessageHandler uses a .writing file
while it's in the process of writing a message to disk and then
performs a rename (depending on the OS and filesystem this may or may
not be atommic) to create the .msg file. Prior to this commit the
test was finding the temporary .writing files and examining them. This
could lead to a FileNotFoundException being thrown as the temporary
file was deleted while the test was trying to read its contents.
This commit updates the test to only look for files with a .msg suffix
Fixes gh-2428
Previously, SampleIntegrationParentApplicationTests assumed that when
an output file existed on disk its contents would have been written
in their entirety. This assumption does not hold true and causes the
test to fail intermittently as it incorrectly determines that the test
has produced no output.
This commit updates the test to wait for up to 30 seconds for the
output files to appear on disk and for the expected content to be
found in one of those files. If the files exist but do not
contain the expected content the test will keep trying until it does
or until too much time as elapsed.
Fixes gh-2380
Previously, the documentation only provided examples of the required
configuration for Maven users. This commit adds equivalent configuration
snippets for those using Gradle. It also removes the recommendation to
override the version of the Servlet API as this is unnecessary. The pom
files for the Jetty 8 and Tomcat 7 samples have also been updated
accordingly.
Closes gh-2346
Undertow, like Tomcat, uses "" for the context path of the root
context. Previously, the Undertow deployment was being configured with
"/" for the root context. This was leading to a silent failure in
AsyncContextImpl.dispatch when it failed to look up the deployment
manager for the current request.
This commit updates UndertowEmbeddedServletContainerFactory to use the
correct context path (an empty String) for the root context.
Fixes gh-2365
A dependency on org.glassfish.jersey.ext:jersey-bean-validation has
been added to spring-boot-starter-jersey. jersey-bean-validation’s EL
dependencies have been excluded in favour of those provided by
spring-boot-starter-tomcat (or starter-jetty or starter-undertow should
the user choose to use a different embedded container).
Closes gh-2315
The package names changed a bit from the prototype project, but wuth vanilla
autconfiguration usage that shouldn't matter. Follows closely the Groovy
templates support. Templates live in classpath:/templates/*.html by default.
Fixes gh-2242
Update ManagementSecurityAutoConfiguration so that MVC Endpoints that
have Principal arguments are not treated in any special way. This
restores Spring Boot 1.1.x behavior where the 'sensitive' flag is used
to determine access rules.
The HealthMvcEndpoint still uses the Principal (when available) to
determine if full status information can be displayed. It now also
explicitly checks the environment for `endpoints.health.sensitive`
to determine if the user has opted-out and requires complete health
details.
The health MVC endpoint should now work as follows:
* Default configuration - No login is required, full information is only
displayed if a Principal is available.
* endpoints.health.sensitive=true - Login is required, full information
is displayed.
* endpoints.health.sensitive=false - Login is not required, full
information is displayed.
Fixes gh-2211
Shares the /health endpoint request mapping between security config
and MVC dispatcher. Generalizes so that instead of a marker
interface (AnonymouslyAccessibleMvcEndpoint), an MvcEndpoint
signals that it wants to control its own access rules by adding
a Principal to the @RequestMapping method parameters (more @MVC).
Fixes gh-2015 slightly differently
The changes in 3bb598a overload the health endpoint's sensitive
property such that it's now considered sensitive if management
security is enabled. When an endpoint is sensitive anonymous
access is prevented. This breaks the health endpoint which should
return a filtered view of the server's health when it's accessed
anonymously rather than rejecting the request.
This commit introduces AnonymouslyAccessibleMvcEndpoint, a marker
extension of the MvcEndpoint interface. It is implemented by
HealthMvcEndpoint. ManagementSecurityAutoConfiguration has been
updated to allow anonymous access to endpoints that aren't sensitive
or that implement AnonymouslyAccessibleMvcEndpoint.
Fixes gh-2015
Previously, index.html used absolute paths to load its CSS and
JavaScript. This meant that it had to be deployed to /. This commit
updates the HTML to use relative paths for its CSS and JavaScript,
thereby ensuring that they can be loaded irrespective of the context
path to which the application is deployed.
Closes gh-1988
If you inject the class (via a servlet parameter) it seems that
Jersey tries to create all the beans for you (and fails). I thought
it was supposed to work (according to the docs), so I'm a bit confused
but the sample now has Spring DI and the tests pass.
Fixes gh-1981
Update MongoDataAutoConfiguration to provide easier configuration of
CustomConversions, the MappingMongoConverter, MongoMappingContext
and an authentication database.
Fixes gh-1619
Fixes gh-1730
Including maps and lists. Beans with no metadata (in
/META-INF/*spring-configuration-metadata.json) are just serialized
as they come (so might have problems like cycles). Serialization
errors are caught and rendered as an "error" for that bean. Any
problems can be fixed by preparing metadata and specifying which
properties are to be rendered that way.
Fixes gh-1746, fixes gh-1921
The http.mappers.* configuration properties assumed that the mapping
was JSON (on of the property names was jsonPrettyPrint) and also only
exposed a small subset of the configuration options supported by
Jackson (and GSON). The property names implied that it would configure
all HTTP mapping, however it was ignored by GsonAutoConfiguration.
This commit deprecates the support for http.mappers.* in favour of
configuring Jackson or Gson instead. Jackson can be configured
declaratively using the spring.jackson.* properties or programtically.
Gson can be configured programatically by using a GsonBuilder to
create a Gson instance with the desired configuration.
gh-1946 has been opened to add support for declarative configuration
of Gson.
Closes gh-1945
ServerConnector is in different packages in Jetty 8 and Jetty 9 which
was leading to a NoClassDefFounderError when SSL was used with
Jetty 8.
This commit updates SslServerConnectorFactory to return an
AbstractConnector, a super class of ServerConnector, that is in the
same package in both Jetty 8 and Jetty 9. This class does not provide
a setPort method so the setting of the port has been pushed down into
the SslServerConnectorFactory implementation.
SSL samples for both Jetty 8 and Jetty 9 have been added to verify
SSL with both supported versions of Jetty.
Closes gh-1925
The exception message for a connection timeout has been updated to
include the timeout period. The tests for the sample have been updated
accordingly.
Closes gh-1884
Traditionally, a @ServerEndpoint-annotated bean is found by a servlet
container initialiser, however Boot does not run servlet container
initialisers when an embedded container is being used. To be able to use
@ServerEndpoint in a Boot app that uses embedded Tomcat a
ServerEndpointExporter bean must be declared.
This commit updates the documentation to describe this requirement and
also updates the WebSockets sample to illustrate the use of
ServerEndpointExporter. The version of Spring Framework has been updated
to 4.0.8.BUILD-SNAPSHOT. This picks up the fix for SPR-12340.
Closes gh-1722
Change the default value of spring.datasource.jmx-enabled to false
to prevent InstanceAlreadyExistsException problems when using the
Spring Test Framework.
Fixes gh-1590
Switch the Tomcat 8 and Jetty 9 samples to Tomcat 7 and Jetty 8. Since
Tomcat 8 and Jetty 9 are now the default versions the previous samples
are no longer relevant, however, we do need integration tests to check
that we remain compatible with Tomcat 7 and Jetty 8.
See gh-1832
It *is* very useful to have filtering on by default, so that is now
the case (in spring-boot-starter-parent). Users can filter resources
by default by adding @*@ placeholders (so as not to clash with Spring
${} placeholders).
Fixes gh-1199
Prior to this commit LoggingSystem initialization would happen multiple
times. Once to configure "quiet" logging, and again to configure correct
settings once the Application was initialized. This could cause problems
if `logging.groovy` logback files were used.
The logging system is now only initialized once (when possible) by
following these steps:
- Standard logging initialization occurs via the actual logging
implementation used (e.g. logback will load a logback.xml file if it
exists)
- beforeInitization() is called to prevent early log output.
Implementations now either use a Filter or simply set the root logging
level.
- initialize() is called with an optional log configuration file (e.g
a custom logback.xml location) and an optional log output file (the
default is null indicating console only output).
The initialize() method will attempt to prevent double initialization
by checking if a standard configuration file exists. Double
initialization now only occurs in the following situations:
- The user has a standard configuration file (e.g. classpath:logback.xml)
but also specifies a logging.config property. Double initialization is
required since the specified configuration file supersedes the default.
- The user has a standard configuration file (e.g. classpath:logback.xml)
and specifies a logging.file property. Double initialization is
required since the standard configuration may use a ${LOG_FILE}
reference.
In addition this commit removes the `logging.console` option and now
assumes that logging either occurs only to console or to both the
console and a file. This restriction helps simplify the LoggingSystem
implementations. If file only logging is required a custom logback.xml
can be used.
Fixes gh-1091
See gh-1612, gh-1770
Then we can optionally find a non-anonymous principal if there
is one. If the user is anonymous then the health result is cached
up to endpoints.health.ttl (default 1000ms) to prevent a DOS attack.
Fixes gh-1353
Previously, there was a timing window where the output file had been
created but it was empty. This would cause the test to fail as the
output was read from the empty file and didn’t match the expected “Hello
World”.
This commit updates the test to only process the resources in the output
directory when all the resolved resources have a non-zero content
length. An @Before method has also been added to delete the output
produced by the test so that the outcome of the test isn’t affected by
files generated by previous runs.
Fixes gh-1735
Update FaviconConfiguration to allow favicon.ico files to be resolved
from static resource folders (/META-INF/resources, /resources, /static,
/public) in addition to the root classpath.
Fixes gh-1656
Previously, RepositoryRestMvcBootConfiguration was not annotated with
@Configuration. This meant that it was processed in lite mode.
Crucially, in lite mode, there’s no proxying so each call to the
config() @Bean method from within other @Bean methods resulted in the
creation of a new RepositoryRestConfiguration instance. Furthermore, as
each of these instances wasn’t a Spring bean the configuration
properties were not applied.
This commit updates RepositoryRestMvcBootConfiguration to annotate it
with @Configuration so that it’s no longer processed in lite mode. It
also updates the unit tests and the Spring Data REST sample to verify
that the baseUri can be configured using application.properties.
Fixes gh-1675
Jersey 2 has some Spring support built in but it's a bit awkward to
use in a Boot app, so autoconfiguration seems appropriate. The tests
and sample show how to use it, but the short story is that any
@Component can define JAX-RS endpoints via @GET etc.
There's a sample for Jersey 1 as well (pay careful attention to
the plugin configuration if you want to build an executable jar)
Fixes gh-1651
Without the @Param annotations, using either of the search URIs would
resulted in a 400 response and an error describing the lack of @Param
annotation.
See gh-1627
If the actuator endpoints are configured on a different port then there
are some settings in the main ServerProperties that we would like to
re-use (e.g. the access log). The easiest way to do that is to just
configure the management server using the same ServerProperties instance
and then overwrite the things that are different (and stored in
ManagementServerProperties).
Fixes gh-1581
There was too much state really in the old implementation of
AuthenticationManagerConfiguration, and it was leading occasionally
to null pointers when method A assumed that method B had already
been called and it hadn't. This change manages to concentrate all the
references to an AuthenticationManagerBuilder into a single method
call, removoing the need for storing it at all.
Fixes gh-1556
Prior to this commit, the repackage goal silently ignored the case of
two libraries having the same name and version but a different group.
As a result, the second library was overwriting the first one in the
repackaged jar.
This commit adds support for custom Library names and updates the
Maven and Gradle plugins so that the name includes the group ID
when there would otherwise be a duplicate.
Fixes gh-1475
Phillip Webb
Spring Buildmaster
Andy Wilkinson
Stephane Nicoll
Kirill Vlasov
Dave Syer
David Morley
Eddú Meléndez
kozazz
Ivan Chen
Johnny Lim
mrumpf
Huang YunKun
Wallace Wadge
Julien Dubois
herau
Thomas Traude
Vladimir Tsanev
Justin Garrick
Lucas Saldanha
Matt Benson
Ivan Sopov
Rob Baily
Alexander Heusingfeld
Greg Turnquist
Marcos Barbero
sopov.ivan
Daniel Fullarton
matzschmanski
Manuel Doninger
bangsen.yin
Stéphane DERACO
Dave Syer
Josh Long