As auto-configuration for Spring Security OAuth has been removed
from Spring Boot 2.0 and Spring Security 5 doesn't have OAuth
2.0 Authorization / Resource Server support yet, it has not
been obvious at all how to implement an OAUth 2.0 server with
Spring Boot 2.0.
For that reason, this new section briefly explains the current
temporary situation and points to the spring-security-oauth2-autoconfigure
module that restores the auto-configuration support for OAuth
2.0 Authorization and Resource Servers.
Closes gh-12491
Update `Map` and `Collection` binders to create a copy of the existing
collection whenever possible. Prior to this commit the binder would
always mutate the existing value and then call the setter with the
same instance. This could cause issues if the setter expected a
different instance.
Fixes gh-12322
Previously, the underlying RandomAccessDataFile was not closed when
the JarFile that was using it was closed. This causes a problem on
Windows as the open file handle prevents the file from being deleted.
This commit updates JarFile to close the underlying
RandomAccessDataFile when it is closed and has a JarFileType of
DIRECT.
Previously, when accessing the manifest of a jar file that maps to a
nested directory (BOOT-INF/classes) a new JarFile was created from the
root jar file, the manifest was retrieved, and the new JarFile was
closed. This could lead to the underlying RandomAccessDataFile being
closed while it was still in use.
This commit improves JarFile to retrieve the manifest from the
existing outer JarFile, thereby avoiding the need to create and close
a new JarFile.
Unfortunately, PropertiesLauncher creates a number of scenarios where
a JarFile with a type of direct is closed while it’s still being used.
To accommodate this behaviour, RandomAccessDataFile has been updated
so that it can re-open the underlying RandomAccessFile if it is used
after it has been closed.
Closes gh-12296
This commit disables the default HTML view in the WebFlux error handling
support when `server.error.whitelabel.enabled=false`.
In this case, the original exception will be forwarded down the stream
and handled by the default `WebExceptionHandler` provided by Spring
WebFlux (likely to respond a blank page and an error HTTP response
status).
Closes gh-12520
Update `SpringConfigurationPropertySources` adapter logic so that and
exact instance match is used when checking if the cache can be used.
Prior to this commit if a property source was replaced with one that
had exactly the same name, the adapted version would not change.
Fixes gh-12451
Even though War deployment is supported by Spring Framework itself for
WebFlux applications, this is not the case currently in Spring Boot.
Fixes gh-12455
This commit fixes 220f8cd and moves the order for
`WelcomePageHandlerMapping` to `2` since the previous order was
conflicting with the resource mapping.
Closes gh-12335
Refactor JSON parser wrappers to remove duplicate code portions in the
parseMap() and parseList() methods by adding an AbstractJsonParser.
See gh-12428
This commit orders the `WelcomePageHandlerMapping` at
`Ordered.LOWEST_PRECEDENCE -1` in order to give a chance to other
mappings to handle the incoming requests.
In this case, developers might provide a custom `ViewController` or
custom `HandlerMapping` for the `"/"` path and we should not override
that opinion.
Closes gh-12335
This commit updates WebTestClientAutoConfiguration to only create a
WebTestClient when running a WebFlux-based application as mocking the
context only works with that mode at the moment.
Closes gh-12318
This commit updates Spring Boot's DeferredImportSelector implementations
to group imports in a consistent set. This makes sure ordering is
applied consistently.
Closes gh-12366
This commit updates the annotation processor and the binder to ignore
any static or abstract method that has the characteristics of a JavaBean
accessor. As a result, no property is generated for those (invalid)
accessor and no binding occurs on them either.
Closes gh-12390
Prior to this commit, all `WebMvcConfigurer` instances provided by user
configuration were processed *before* the one provided by the
`WebMvcAutoConfiguration`.
For many options this has no consequence, but for some, like the
`ContentNegotiationConfigurer`, settings were overriden by the
auto-configuration even if developers provided an opinion.
This commit orders the `WebMvcConfigurer` provided by the
auto-configuration at `0`, so that custom configurers (unordered, at
`Ordered.LOWEST_PRECEDENCE`) are processed *after*.
This still gives room to developers for configuring things *before* the
auto-configuration - they can still order their own configuration
accordingly.
Fixes gh-12389
This commit fixes the binder so that it property identifies JavaBean
accessors. Previously an accessor named `get` or `is` was identified.
Similarly, a setter named `set` was identified.
Closes gh-12363
This commit defers the resolution of the default ddl auto mode only when
it is absolutely necessary. This prevents Spring Boot to attempt to get
a connection when it isn't necessary
Closes gh-12374
Previously, when performing lazy initialisation of the context,
ApplicationContextRequestMatcher assigned the context field before it
called initialized. The context being non-null is used as the signal
that it’s ok to call a subclass’s matches method. If one thread checks
for a non-null context in between the field being assigned and
initialized being called on another thread, matches will be called
before the subclass is ready.
This commit closes the window for the race condition by only assigning
the context field once the subclass’s initialized method has been
called.
There is a secondary problem in each of the subclasses. Due to the use
of double-checked locking in ApplicationContextRequestMatcher, it’s
possible for a subclass’s matches method to be called by a thread that
has not synchronised on the context lock that’s held when initialized
is called and the delegate field is assigned. This means that the
value assigned to the field may not be visible to that thread.
This commit declares the delegate field of each
ApplicationContextRequestMatcher subclass as volatile to ensure that,
following initialisation, its value is guaranteed to be visible to
all threads.
Closes gh-12380
This commit detects if a `ConnectionNameStrategy` bean exists in the
context and associates it with the auto-configured RabbitMQ's
`ConnectionFactory` when that is the case.
Closes gh-12367
With JDK 8 being the baseline and JDK 7 not being supported anymore we
can get rid of the workaround for a JDK 7 bug in
ProcessBuilder.inheritIO on Windows machines.
Closes gh-12337
Previously, the JDK 10 build would fail as we build the plugin using
Gradle 4.0.x (the lowest version of Gradle that we support) and
Gradle 4.0.x doesn't work with Java 10.
Upgrading to Gradle 4.1, which appears to work with Java 10, was
considered but rejected for now as it introduces the risk that we
inadvertently use an API that's new in 4.1 and break our 4.0 support.
This commit goes for the extreme option and disables building the
Gradle Plugin when building with JDK.
See gh-12028
Spring Integration no longer requires a `MicrometerMetricsFactory` to
support Micrometer metrics so there's nothing for Boot to
auto-configure.
See gh-12287
Prior to this commit, the `ApplicationContext` couldn't start with a
JDK-proxied `HikariDataSource` as the JMX auto-configuration was
attempting to inject a (too narrowed) `HikariDataSource`.
This commit rather injects a regular `DataSource` and attempt to unwrap
it as a `HikariDataSource`.
Closes gh-12271
Reactor Netty 0.7.5 now supports all Compression options.
Unlike previous Reactor Netty versions, the minimum compression
threshold is now based on the content-length instead of
accumulating for a while the data.
See gh-12268
Update `EndpointRequest` to that the `PathMappedEndpoints` bean is
optional. A missing bean is treated as if there are no path mapped
endpoints.
Fixes gh-12238
Update `ApplicationContextRequestMatcher` and
`ApplicationContextServerWebExchangeMatcher` to use a supplier for
the context, rather than the context itself.
This allow exceptions to be propagated to subclasses which may choose
to deal with them.
See gh-12238
Update `spring-boot-actuator-autoconfigure` so that it no longer has
a dependency on `spring-boot-test-autoconfigure`. This will allow us to
add test support for actuator concerns in the future if we need to.
Fixed gh-12270
This commit simplifies the HTTP compression configuration for Reactor
Netty servers.
Also, this commit removes a test for the
`server.compression.min-response-size` support, as this is only
supported when the HTTP response contains a `Content-Length` header.
Since most Spring WebFlux responses are using
`Transfer-Encoding: chunked`, we should not test for that case.
See gh-12268
Previously, if the project's group, name, or version changed the
BuildInfo task would still be considered up-to-date as the values of
the project's properties were not reflected in the fields of the
BuildInfo instance.
This commit updates BuildInfo to copy the value of the project's
property to the corresponding BuildInfo field when the property is
read using its getter method on BuildInfo.
Closes gh-12266
Previously, if a user declared a custom conversionService bean that
was not an ApplicationConversionService instance, the binder lost
the ability to convert a String to a Duration (along with any other
conversions that are specific to ApplicationConversionService).
This commit updates BindConverter so that, if the ConversionService
with which it is created is not an ApplicationConversionService, it
will use one as an additional service when performing conversion.
Closes gh-12237
Previously, working with a JarFile created a large amount of garbage
that was allocated on the thread local allocation buffer (TLAB).
The TLAB allocations made a significant contribution to GC pressure
and slowed down startup. This commit reduces the amount of garbage
by making a number of changes.
Reading from a RandomAccessDataFile has been reworked to avoid
creating new RandomAccessFile instances. A single RandomAccessFile
is now created for an entire jar file and it is used to read data from
anywhere in that jar file, including entries in nested jar files. To
ensure that reads remain thread-safe, a lock is taken on the
RandomAccessFile that is shared by all RandomAccessDataFile instances
that are provided access to (portions of) the same jar file.
Reading all of the bytes from a RandomAccessData has been reworked to
avoid the use of an InputStream that was created, used to read the
data, and then thrown away. In place of the InputStream-based
mechanism a method has been introduced that returns all of the
RandomAccessData as a byte[]. Building on this change, a method has
also been introduced to read a portion of a RandomAccessData as a
byte[]. This avoids the need to create a new RandomAccessData
subsection where the subsection was only used to read its entire
contents and then thrown away.
Decoding of an MS-DOS datetime has been reworked to use LocalDataTime
rather than GregorianCalendar. The former produces less garbage than
the latter.
Closes gh-12226
Update `PropertySourceLoader` so that it no longer needs to deal with
matching multi-document files using the `spring.profile` property. The
loader now simply returns one or more `PropertSource` instances for a
given `Resource`.
All property matching now occurs in the `ConfigFileApplicationListener`.
This allows document processing logic to be contained in a single place,
and allows us to rationalize the algorithm so that negative matching
profiles are processed last.
Fixes gh-12159
Update `ValidationBindHandler` so that validation only occurs when a
value is bound, or the bind depth is zero. This prevents validation from
triggering getters which may throw an exception.
Fixes gh-12227
This commit changes invocations to immediately return the expression
instead of assigning it to a temporary variable. The method name should
be sufficient for callers to know exactly what will be returned.
Closes gh-12211
Exclude `FileEditor` from the `BindConverter` since it uses slightly
unusual logic to create the file. Specifically, given a value of "."
the editor will locate a `ClassPathResource` then return `getFile()`
from that resource. For back-compatibility, binding should use the
simpler conversion service logic.
Fixes gh-12163
Update `BindConverter` so that delegation to `SimpleTypeConverter` also
works with Collections and Arrays.
Prior to this commit, conversion that relied on a `PropertyEditor` would
only work for simple types. For example, "String -> Class<?>" would use
the `ClassEditor` but "String -> List<Class<?>>" would fail.
The `BindConverter` now uses a minimal `ConversionService` as an adapter
to the `SimpleTypeConverter`. This allows us to use the same delimited
string conversion logic as the `ApplicationConverter`.
Fixes gh-12166
This commit ensures that Tomcat is the first reactive server configured
if the Tomcat dependency is on classpath.
Spring Boot chose Reactor Netty as the default for the reactive web
starter, but the Reactor Netty dependency can be used also for its HTTP
client. In case developers are adding Tomcat, Undertow or Jetty on their
classpath, we must configure those and consider Reactor Netty for the
client only.
Fixes gh-12176