Previously it was possible to bind a bean to the root prefix by just
adding `@EnableConfigurationProperties` with the class of said bean.
This use case is misleading and prevents any meta-data to be generated
for that object since the annotation processor reacts on the presence of
the `@ConfigurationProperties` annotation.
If a class is included in the list of configuration properties bean to
create via the `@EnableConfigurationProperties` annotation we now make
sure that the `@configurationProperties` annotation is present on it.
Closes gh-3460
We have some requirements for filter ordering:
1. The character encoding filter must go first
2. Spring Session’s filter should go early
3. RequestContextFilter should go late so that it any request wrapping
performed by other filters is reflected in the request that’s set
in the RequestContextHolder
4. Spring Security’s Filter must go after RequestContextFilter so that
any code called by Filters in Spring Security’s Filter chain can
retrieve the request from RequestContextHolder, for example
OAuth2ClientContextFilter.
See gh-4331
FacesListener in Mojarra 2.2.12 (used in Glassfish 4.1.1) is a
ServletContainerInitializer that’s annotated to handle types annotated
with javax.annotation.Resource.
OAuth2RestOperationsConfiguration.SessionScopedConfiguration is one such
class. This leads to com.sun.faces.config.DelegatingAnnotationProvider
calling getAnnotations on SessionScopedConfiguration.class. This fails
with a java.lang.ArrayStoreException due to SessionScopedConfiguration
being annotated with @ConditionalOnBean(OAuth2ClientConfiguration) and
OAuth2ClientConfiguration not being on the classpath.
DelegatingAnnotationProvider currently catches NoClassDefFoundErrors
thrown during its annotation processing. It needs to be made more
robust so that it also copes with an ArrayStoreException, in a similar
way to how org.glassfish.apf.impl.AnnotationProcessorImpl was updated to
fix GLASSFISH-21265 [1]. I’ve opened an issue to this effect [2].
In the meantime, we can work around the brittleness in
DelegatingAnnotationProvider by restructuring
SessionScopedConfiguration. This commit moves the use of @Resource into
a nested inner class, ClientContextConfiguration, while leaving the use
of @ConditionalOnBean on SessionScopedConfiguration. This means that it
is now ClientContextConfiguration that is passed to FacesListener and
processed by DelegatingAnnotationProcessor, thereby avoiding exposing
it to the @ConditionalOnBean annotation that it does not handle
gracefully. A Glassfish-based deployment test has also been added to
verify the fix.
Closes gh-2079
Closes gh-4321
[1] https://java.net/jira/browse/GLASSFISH-21265
[2] https://java.net/jira/browse/JAVASERVERFACES-4076
Add a BeanFactoryPostProcessor to set PRESERVE_TARGET_CLASS_ATTRIBUTE
to true on all ErrorController bean definitions. Without this attribute
AOP advice on @Controllers causes ErrorController beans to be created
as JDK proxies (since they implement a single valid looking interface)
and therefore not get found by Spring MVC.
Fixes gh-4236
Provide a property to customize the application path that serves as the
base URI for a JAX-RS compliant application. If both `spring.jersey.path`
and an `@ApplicationPath` are present, the property takes precedence.
Closes gh-4201
Update WebMvcAutoConfiguration to use a RequestContextFilter instead of
a RequestContextListener.
Using a filter is required for some Spring Session operations (see
https://github.com/spring-projects/spring-session/issues/129).
This update also has the added benefit of allowing the Response to be
accessed from RequestContextHolder.getRequestAttributes() by casting it
to ServletRequestAttributes.
Fixes gh-2637
Previously, HornetQ and Artemis tests were using a test configuration
class listing the configuration classes to use explicitly in the purpose
of disabling the XA support.
This had a very unfortunate side effect for Artemis as we forgot to add
an import on the "real" configuration and this got unnoticed because of
this duplication.
It turns out that this special configuration class is no longer necessary
as XA backs off automatically anyway now. The tests have been updated
to use the regular auto-configuration and were failing with Artemis. The
import has now be added.
Closes gh-4226
Previously, no `errors` attribute is made available in the standard JSON
error document if a request body object is invalid. This is due to the
fact that the framework throws a `MethodArgumentNotValidException holding
a `BindingResult` object that was not detected.
We now make sure to extract the `BindingResult` from such exception.
Closes gh-4166
Previously, SecurityFilterAutoConfiguration would be created even if
spring-security-web was not on the classpath. This didn't cause a
failure as all of its beans were disabled. It was, however, wasteful,
as the configuration class was processed and a bean created for it
unnecessarily.
This commit makes the whole class conditional on the presence of
spring-security-web so that it will be skipped entirely when the
dependency is not available.
Closes gh-4160
Update SecurityFilterAutoConfiguration to use a DelegatingFilterProxy
filter rather directly referencing the springSecurityFilterChain bean.
Using a DelegatingFilterProxy helps to prevent early initialization of
beans and makes Spring Security work in a similar to way to if were
installed in a regular WAR deployment.
Fixes gh-4154
Spring Security 4’s default configuration will, irrespective of any
other header writers that are added, enable writers for the following
headers:
- X-Content-Type
- X-XSS-Protection
- Cache-Control
- X-Frame-Options
Previously, SecurityProperties.headers used false as the default for the
properties that enable or disable these headers but the configuration is
only applied when the properties are true. This left us with the right
default behaviour (the headers are enabled) but meant that the
properties could not be used to switch off the headers.
This commit changes the defaults for the four properties to true and
updates SpringBootWebSecurityConfiguration to only apply the
configuration when the properties are false. This leaves us with the
desired defaults while allowing users to disable one or more of the
properties by setting the relevant property to false.
Closes gh-3517
The second level cache of Hibernate can be configured with dedicated
factories that look up for the presence of a cache infrastructure. As
Hibernate shouldn't have to know about Spring, that lookup is done
against the respective proprietary APIs.
We now make sure that caching (and the general purpose Hazelcast
auto-configuration) is fully processed before JPA kicks in. In particular
an explicit `dependsOn` attribute on those beans is added when they are
processed.
Closes gh-4158
When the actuator is enabled, Spring Boot provides two `MBeanExporter`
bean definitions: a general purpose one and a dedicated one for Actuator
endpoints.
This commit flag the general purpose one `@Primary` so that component
can safely inject it by type if necessary. In particular, this fix the
doc of the `JmxMetricWriter`.
Closes gh-4007
Instead of always creating a new ElasticSearch client, we now check for
the presence of a custom bean configuration and use that if it's
available.
Closes gh-4143
Closes gh-4146
Previously, if Solr 5 was on the classpath, SolrAutoConfiguration
would fail with a rather cryptic error message due to a change in the
inheritance hierarchy of CloudSolrServer between Solr 4 and Solr 5.
This commit updates SolrAutoConfiguration to be conditional on a
class that exists in Solr 4 but was removed in Solr 5. This has the
effect of switching off the auto-configuration when Solr 5 is on
the classpath, allowing the auto-configuration report to be used to
identify why the configuration was disabled. The documentation has
also been updated to state that Spring Boot does not currently support
Solr 5.0.
Closes gh-2795
Default will extract an "authorities" key from the map coming from the
server. No existing servers I am aware of actually send that data, but
it might be helpful as a default nevertheless. User can override the
default by adding a bean of that type.
Fixes gh-3711
The latest Spring Framework 4.2.2 snapshots have reworked
EventListenerMethodProcessor so that it no longer queries a proxies
target class. Previously, when this was happening, it happened early
in the context's lifecycle when the bean's concrete type was unknown.
The led to the target class being set as the proxied interface.
With the latest 4.2.2 snapshots, the first call to
AopUtils.getTargetClass() happens in the test, by which time the
actual concrete type of the bean is known. This commit updates the
test so that its expectations match the more precise result.
ClassUtils.isPresent(String, ClassLoader) swallows all Throwables when
trying to load a class by name. For this reason
UnsupportedClassVersionError will also be swallowed when user code is
trying to use a driver library which has been compiled with a later
JDK than the one the application is running with. All the user would
see was "Cannot load driver class". This change simply propagates the
UnsupportedClassVersionNumberError so that it is easier for users to
find the root cause of the problem.
Closes gh-4082
Closes gh-4091
If a DataSource class is found in the classpath then
EmbeddedDataSourceConfiguration will not be used, so the in-memory
database will not be shutdown on application context closing.
As a result, unnecessary database initialization may cause subsequent
tests to fail, for example see [1].
[1] https://github.com/spring-projects/spring-boot/issues/1712
Previously, if an application used JPA and declared its own Flyway bean,
startup would fail. The custom Flyway bean would switch off
auto-configuration of the FlywayMigrationInitializer bean but the
context’s entity manager factory beans would still be configured to
depend on the migration initialiser.
This commit splits the post-processor that configures the dependencies
into two. One that configures the dependency on the Flyway bean and
one that configures the dependency on the FlywayMigrationInitializer
bean. When to auto-configuration of the FlywayMigrationInitializer is
switched off, the auto-configuration of the latter dependency is also
switched off.
Closes gh-4079
For reasons I don't (yet?) understand, shutting down the databases
proactively triggers a StackOverflowError in Jersey. Reverting the
change while I try to figure out what's going in.
Update all TemplateAvailabilityProvider implementations to use the
relaxed property binder. Also fix FreeMarkerTemplateAvailabilityProvider
to use `template-loader-path` rather than `path`.
Fixes gh-4085
Update the logged auto-configuration report so that each line includes
"matched", "did not match" text. This helps when looking to see if a
specific auto-configuration class was applied or not.
Fixes gh-4084
This commit updates ConditionalOnJava to remove a dependency on the
deprecated JdkVersion API from Spring Framework. In its place it now
looks for the presence of certain classes to determine the version of
Java on which its running.
Closes gh-4005
Previously `spring.velocity.charset` only controlled the output encoding
with the templates being loaded with the default encoding. We now
consistently set the same value for both the input and output encodings.
It is still possible to override it to a different value using
`spring.velocity.properties.input.encoding`
Closes gh-3994
Previously `spring.velocity.charset` only controlled the output encoding
with the templates being loaded with the default encoding. We now
consistently set the same value for both the input and output encodings.
It is still possible to override it to a different value using
`spring.velocity.properties.input.encoding`
Closes gh-3994
Update `ServerProperties` to automatically enable `use-forward-headers`
when running on a cloud platform.
A new `CloudPlatform` enum has been introduced that detects Heroku and
Cloud Foundry.
See gh-4018
Add a new `server.use-forward-headers` property which can be used to
switch on X-Forwarded-For header support in all supported embedded
servlet containers.
This commit reverts the decision to enable `RemoteIpValve` with Tomcat
by default (gh-3782) and requires that either `user-forward-headers` is
set to true or that `server.tomcat.protocol-header` or
`server.tomcat.remote-ip-header` are set.
See gh-4018
See gh-3782
In order to have more control on the structure of the configuration, we
do not bind to `RepositoryRestConfiguration` directly anymore. This
commit introduces `RepositoryProperties` instead.
See gh-3854
Closes gh-4073
This commit adds auto-configuration support for WebSocket-based
messaging. When the user enables WebSocket messaging (typically via
@EnableWebSocket and @EnableWebSocketMessageBroker) and an ObjectMapper
bean exists, a MappingJackson2MessageConverter that uses the
ObjectMapper will be configured. This causes any spring.jackson.*
configuration to affect WebSocket message conversion in the same way
as it affects HTTP message conversion.
Closes gh-2445
Add `error.include-stacktrace` configuration option to determine when
stack trace attributes should be added. Options are `never`, `always`
or `on-trace-param`.
Prior to this commit stacktrace attributes were never includes in HTML
responses, and only included in JSON responses when a `trace` request
parameter was set to `true`. This has now been changed so that,
by default, stacktrace attributes are never included.
The BasicErrorController includes a protected method that can be
overridden if includes should be different depending on the `produces`
mapping.
Closes gh-2371
This commit simplifies the Jackson-related auto-configuration that’s
applied when Spring HATEOAS and Spring Data REST are on the classpath.
Previously, Boot used Jackson2HalModule to apply the HAL-related
ObjectMapper configuration to the context’s primary ObjectMapper. This
was to allow HAL-formatted responses to be sent for requests accepted
application/json (see gh-2147). This had the unwanted side-effect of
polluting the primary ObjectMapper with HAL-specific functionality.
Furthermore, Jackson2HalModule is an internal of Spring HATEOAS that
@olivergierke has asked us to avoid using.
This commit replaces the use of Jackson2HalModule with a new approach.
Now, the message converters of any RequestMappingHandlerAdapter beans
are examined and any TypeConstrainedMappingJackson2HttpMessageConverter
instances are modified to support application/json in addition to their
default support for application/hal+json. This behaviour can be disabled
by setting spring.hateoas.use-hal-as-default-json-media-type to false.
This property is named after Spring Data REST’s configuration option
which has the same effect when using Spring Data REST. The new property
replaces the old spring.hateoas.apply-to-primary-object-mapper property.
Previously, when Spring Data REST was on the classpath,
JacksonAutoConfiguration would be switched off resulting in the context
containing multiple ObjectMappers, none of which was primary.
This commit configures RepositoryRestMvcAutoConfiguration to run after
JacksonAutoConfiguration. This gives the latter a chance to create its
primary ObjectMapper before the former adds its ObjectMapper beans to
the context.
Previously, the actuator’s hypermedia support assumed that the
HttpMessageConverters bean would contain every HttpMessageConverter
being used by Spring MVC. When Spring HATEOAS is on the classpath this
isn’t the case as it post-processes RequestMappingHandlerAdapter beans
and adds a TypeConstrainedMappingJackson2HttpMessageConverter to them.
This wasn’t a problem in the past as the primary ObjectMapper, used by a
vanilla MappingJackson2HttpMessageConverter, was configured with Spring
HATEOAS’sJackson2HalModule. Now that this pollution has been tidied up
the assumption described above no longer holds true. MvcEndpointAdvice,
which adds links to the actuator’s json responses, has been updated
to look at the HttpMessageConverters of every
RequestMappingHandlerAdapter when it’s trying to find a converter to
use to write a response with additional hypermedia links.
Integration tests have been added to spring-boot-actuator to ensure
that the changes described above have not regressed the ability to
configure its json output using spring.jackson.* properties (see
gh-1729).
Closes gh-3891
Update DataSourceProperties exceptions to include a less misleading
message. Errors message now note that you may need to add an embedded
database to the classpath or active a profile to pickup specific
settings.
Fixes gh-4012
Relocate several auto-configuration classes to `...autoconfigure.data`
to make it clearer that they are Spring Data specific.
Also moved `EntityManagerFactoryBuilder` to `spring-boot` since it is
generally useful and doesn't need to be directly tied to the
auto-configuration module.
Fixes gh-4002
The parameter names module allows users of Java 8 that have compiled
their code with the -parameters option to avoid the name for
annotations to map the json onto constructor and method parameters
with the names of the parameters being used instead.
This commit adds auto-configuration for the module that will only
be enabled when running on Java 8.
Closes gh-3804
For the character encoding filter to work, it's vital that it sets
the request's encoding before any other filters attempt to read the
request. This commit updates the order of
OrderedCharacterEncodingFilter to be HIGHEST_PRECEDENCE and improves
the existing test to check that the ordering is as required.
Closes gh-3912
- Rename local variable to avoid shadowing field with the same name
- Add a test to verify that local.mongo.port is set on the parent
context
Closes gh-3955
Previously, a StackOverflowError would occur when using a random port
for embedded mongo as the logic for propagating the property up the
context hierarchy would repeatedly use the leaf context's parent.
This commit updates the logic to look to see if the current context
has a parent, only calling the method again if it does.
Closes gh-3956
Update HibernateJpaAutoConfiguration to catch LinkageError rather than
NoClassDefFoundError. Required due to the fact that JBoss EAP 6 wraps
NoClassDefFoundErrors.
Fixes gh-3605
Since the meta-data now provide an explicit support for value hints, we
should not copy/paste them in the description as the IDE is able to
process them any way it wants.
Closes gh-3863
All the filters added explicitly by Spring Boot now have order <=
FilterRegistrationBean.REQUEST_WRAPPER_FILTER_MAX_ORDER (value 0).
There is nothing we can do about the DispatcherServlet and anything
else downstream of the filter chain.
Fixes gh-3613
Spring HATEOAS 0.19.0.RELEASE provide support for resolving a link’s
title by looking up the key _links.$rel.title. For us to take advantage
of this in Spring Boot, HalHandlerInstantiator must be created using
the link relation message source that’s automatically created by
HateoasConfiguration.
Closes gh-3860
Add aliases for `@ComponentScan`attributes on `@SpringBootApplication`
so that it is possible to customize how the component scan should be
applied on the project.
Previously, one would have to revert to `@EnableAutoConfiguration` to
achieve the same result.
Closes gh-3368
Provide a general purpose Hazelcast integration (i.e. not tied to caching).
Auto-configure a `HazelcastInstance` either based on the presence of a
`Config` bean or a configuration file. Said configuration file can be
specified explicitly or automatically found from default locations.
The cache integration already supports Hazelcast so it has been reworked
to automatically reuse an existing `HazelcastInstance` if available.
Closes gh-2942
This commit ensures that even when a user specifies a
WebSecurityConfiguration that the order of Spring Security's Filter
is still configured.
Closes gh-3824
See gh-3703
Spring MVC requires all handlers for the same path to be on the same handler
so if anyone wants to add new handlers for different content types they
have to copy a lot of code from BasicErrorController. This change increases
the visibility of the basic utility methods in BasicErrorController so that
custom handlers can be added easily.
Fixes gh-3828
Previously, native cache libraries were favored over a standard JSR-107
implementation. If a user has a working setup using JCache with one
provider and switch to another provider, his setup may be broken if we
happen to provide a native support for the new provider.
We now consistently favor JSR-107 if it is present. Native support can
still be enabled via the `spring.cache.type` property.
Closes gh-3822
Previously we had to create a fake Properties object as the factory did
not provide individual setters for the SSL configuration. This has been
added as part of Spring AMQP 1.5.0.RC1 so we're using those instead.
Closes gh-3754
Previously, `ResourceUrlEncodingFilter` was registered even if the
resource chain handling was disabled (which is the default).
We now take care of registering it only if the resource chain handling is
enabled.
Closes gh-3353
Given that Spring Boot uses java config accross the board, a new `value`
attribute is now aliased to the existing `classes` attribute such that
one could write the following:
@SpringApplicationConfiguration(MyConfig.class)
public class MyTest {}
Closes gh-3635
The `spring.datasource.name` property was hidden behind the 'name'
attribute of the Tomcat connection pool (since we are mapping all
datasource implementations on the `spring.datasource` namespace.
This commit replace the injected value by hand with the use of the
regular `DataSourceProperties`. That way, we generate proper meta-data
for it as well.
Closes gh-3755
A new `spring.datasource.type` property can now be used to configure the
connection pool implementation to use (rather than only relying on Boot's
preferences).
Closes gh-3705
Previously, to use a custom ConfigurableWebBindingInitializer, it was
necessary to extend WebMvcConfigurationSupport and override
getConfigurableWebBindingInitializer. This had the unwanted
side-effect of switching off the auto-configuration of Spring MVC.
This commit updates the auto-configuration to look for a
ConfigurableWebBindingInitializer bean and register it with Spring
MVC.
Closes gh-2526
Add a new `@ImportAutoConfiguration` annotation that can be used by
tests that wish to selectively import certain auto-configuration
classes. Also add `@AutoConfigurationPackage` so that package
registration is decoupled from `@EnableAutoConfiguration`.
An added benefit of the change is @EnableAutoConfigurationImportSelector
can now be subclassed to provide custom annotation support if needed.
Fixes gh-3660
See gh-2772
Harmonize the configuration properties for Undertow to match the changes
made for gh-2491.
Move `spring.undertow.accessLog*` to `spring.undertow.accesslog.*`
Add `directory`, `prefix` and `suffix` properties to further customize
how access logs are configured on Tomcat. Relocate all properties to the
`server.tomcat.accesslog` namespace.
`server.tomcat.accessLogPattern` and `server.tomcat.accessLogEnabled` are
deprecated and replaced by `server.tomcat.accesslog.pattern` and
`server.tomcat.accesslog.enabled` respectively.
Closes gh-2491
Three conditions must be met for the console to be enabled:
- H2 is on the classpath
- The application is a web application
- spring.h2.console.enabled is set to true
If spring-boot-devtools is on the classpath, spring.h2.console.enabled
will be set to true automatically. Without the dev tools, the enabled
property will have to be set to true in application.properties.
By default, the console is available at /h2-console. This can be
configured via the spring.h2.console.path property. The value of this
property must begin with a '/'.
When Spring Security is on the classpath the console will be secured
based on the user's security.* configuration. When the console is
secured, CSRF protection is disabled and frame options is set to
SAMEORIGIN for its path. Both settings are required in order for the
console to function.
Closes gh-766
Update the `@EnableAutoConfiguration` annotation to include an `include`
attribute which can be used to specify specific auto-configuration
classes.
Primarily added to so that tests can selectively auto-configure without
needing to worry about class import order.
Fixes gh-3660
Add an auto-configuration that avoid a Spring Boot user to add
`@EnableConfigurationProperties` to its configuration to benefit from
that feature.
As our own auto-configurations are tested independently, such annotation
is still present to avoid a useless reference to this new
auto-configuration.
Closes gh-2457
Previously, BeanTypeRegistry would only look for a @Bean method
with no arguments when trying to determine the type that will be
created by a factory bean. This meant that the type produced by a
factory bean declared via a @Bean that has one or more arguments would
be unknown and any on missing bean conditions look for a bean of the
type produced by the factory bean would match in error.
This commit updates BeanTypeRegistry to, where possible, use the
factory method metadata for the bean definition when determining the
type that will be created. This allows it to determine the type for
factory bean created by @Bean methods that take arguments and also
avoids the use reflection to find the factory method. Where factory
method metadata is not available, the existing reflection-based
approach is used as a fallback.
Closes gh-3657
Add `spring.autoconfigure.exclude` to control the list of
auto-configuration classes to exclude via configuration. Merge the
exclusions defined on the `@EnableAutoConfiguration` or
`@SpringBooApplication` if any.
Closes gh-2435
Stephane Nicoll
Johnny Lim
Vedran Pavic
Andy Wilkinson
Dave Syer
Phillip Webb
Eddú Meléndez
Spring Buildmaster
Marten Deinum
Benedikt Ritter
Alexander Tokarev
mackeprm
Michael Stummvoll
Julien Dubois
Fabricio Colombo
Paweł Doleciński
Pei-Tang Huang
james
Barry Lagerweij
Rob Winch
madorb
Eric Fenderbosch
Martin Lippert
Joao Pedro Evangelista
Eric Bottard
jhernan