Spring Security now re-applies the authorization rules
to the error page by default. Additionally, it configures
RequestAttributeSecurityContextRepository as the default for
stateless applications allowing those applications to have access
to the original authentication during an error dispatch.
Closes gh-31703
The ResourceProviderCustomizer, which is used by FlywayAutoConfiguration
gets replaced with NativeImageResourceProviderCustomizer when running
in AOT mode. The NativeImageResourceProvider does the heavy lifting when
running in a native image: it uses PathMatchingResourcePatternResolver
to find the migration files.
Closes gh-31999
This commits adds a checkstyle rule to not use List.of(), Set.of()
and Map.of(), preferring Collections.emptyList(), emptySet(), and
emptyMap() respectively.
It replaces usages of these methods across the codebase.
See gh-32655
As of spring-projects/spring-framework#29293, the streaming mode on the
`DefaultPartHttpMessageReader` is deprecated as hard limitations have
been found with the design and won't be fixed. Instead, developers
should use the `PartEvent` API and the `PartEventHttpMessageReader`
(which is configured by default with the codecs).
This commit removes the `spring.webflux.multipart.streaming` property
and applies all `spring.webflux.multipart.*` properties that are
applicable to `PartEventHttpMessageReader`.
Closes gh-32658
This commit auto-configures ProblemDetails support for both Spring MVC
and Spring WebFlux, contributing a `@ControllerAdvice` annotated
`ResponseEntityExceptionHandler` bean if the
`spring.mvc.problemdetails.enabled` or
`spring.webflux.problemdetails.enabled` properties are set to `true`.
Closes gh-32634
This commit updates Spring Session auto-configuration to avoid usage of
deprecated methods, and moves to newly introduced Duration based
defaultMaxInactiveInterval setters across all session repository
implementations.
Additionally, this fixes several tests that are broken due to session
repository implementations now using Duration type for their
defaultMaxInactiveInterval fields.
See gh-32633
This commit reworks Spring Session auto-configuration to avoid
extending Spring Session's configuration classes. Instead, those
configuration classes are now imported and customizations are
applied using dedicated (Reactive)SessionRepositoryCustomizer beans.
See gh-32554
This commit adds an AOT contribution that replaces the scanning of
@JsonMixin by a mapping in generated code. This makes sure that such
components are found in a native image.
Closes gh-32567
This commit updates the bean factory methods for beans that can be
instantiated at build-time to be static. Doing so makes sure that
the enclosing configuration class does not have to be resolved in
order to create the instance.
Closes gh-32570
This commit updates Servlet based Spring Security auto-configuration
to use AuthorizationFilter, which is intended to supersede
FilterSecurityInterceptor.
See gh-31255
With this commit, loading `@AutoConfiguration`,
`@ImportAutoConfiguration`, and `@ManagementContextConfiguration`
classes is supported with `.imports` files only. Support for loading
these classes with `spring.factories` is removed.
Closes gh-29699
With Spring Session moving to RedisSessionRepository as the preferred
session repository, Spring Boot auto-configuration should make it
possible to easily switch back to the previous default
(RedisIndexedSessionRepository).
This commit introduces spring.session.redis.repository configuration
property that allows selecting the desired Redis-backed session
repository implementation.
See gh-32205
Batch is now auto-configured to use the context's
PlatformTransactionManager and DataSource or `@BatchDataSource`.
When this does not meet the user's needs, they can use
`@EnableBatchProcessing` or sub-class `DefaultBatchConfiguration` to
take complete control with the auto-configuration backing off.
Closes gh-32330
Previously, when using Tomcat, its web app class loader was the thread
context class loader when H2ConsoleAutoConfiguration triggered
initialization of Hikari's pool. This was the case because it's done
in the bean method of a ServletRegistrationBean. Such Servlet-related
beans are intentionally created with Tomcat's web app classloader as
the TCCL. This arrangement results in the pool's threads using
Tomcat's web app class loader as their TCCL which is not desirable.
One consequence of this was that Tomcat could log a warning at
shutdown about the thread being left running when it will, in fact,
be stopped as part of the context being closed.
This commit updates H2ConsoleAutoConfiguration to set the TCCL to its
own ClassLoader while the DataSource information is being logged.
Closes gh-32382
Fix a few issues preventing clean project import into Eclipse 2022-06:
- `buildSrc` need to limit module imports to prevent clashes
with those in the gradle API jar.
- The CLI app needs some classpath changes in order to allow
compileOnly project dependencies to resolve.
- `AbstractJpaAutoConfigurationTests` needs some minor refactoring
in order for generic captures to work with the Eclipse compiler.
At present, both Spring MVC and Spring WebFlux auto-configurations
hardcode the path pattern for WebJars resource handlers to
"/webjars/**", which means users are unable to change the path.
This commit introduces "spring.mvc.webjars-path-pattern" and
"spring.webflux.webjars-path-pattern" configuration properties that
allow customization of WebJars resource handler path pattern.
See gh-31769
This commit adds the `AutoConfigurationImportsAnnotationProcessor` to
the `spring-boot-autoconfigure-processor` annotation processor
module. When added to a project build, the annotation processor will
generate the
`org.springframework.boot.autoconfigure.AutoConfiguration.imports`
file automatically from `@AutoConfiguration`-annotated classes. It
also applies the annotation processor to the Spring Boot build.
Closes gh-31228
This commit refines ConfigurationPropertiesReflectionHintsProcessor
Java bean properties handling in order to register reflection hints
only for getters and setters, not for all methods.
It avoids including unconditionally method like SpringApplication#load
which in turn avoids shipping BeanDefinitionLoader and related transitively
used classes in the native image.
The gain is significant: it allows to remove up to 700 classes
(when no XML parser is used elsewhere) and to reduce the memory footprint
by 2M of RSS.
Closes gh-32186
This commit exposes a PersistenceManagedTypes bean with the entities
to consider in a typical auto-configuration scenario. This allows the
result of the scanning to be optimized AOT, if necessary.
Closes gh-32119
Any classes that rely on Spring Data being on the classpath
have been moved under a data package.
Certain configuration properties have also been updated to
accurately reflect whether Spring Data is required for the
auto-configuration to work.
Closes gh-11574
This commit adds the Spring for GraphQL auto-configuration back
into Spring Boot 3.0, now that a 1.1.0 release is scheduled with the
required baseline. This release also needs GraphQL Java 19.0 as a
baseline.
Closes gh-31809
We have hazelcast configuration files that are used with multiple
versions of Hazelcast. Version 3's scheme doesn't allow us to set
<auto-detection enabled="false" />. To work around this, we
configure a system property that causes Hazelcast to disable schema
validation.
See gh-38163
This only registers the default locations, not the one users can provide
via 'spring.sql.init.schema-locations' and
'spring.sql.init.data-locations'.
Closes gh-31533
This commit introduces auto-configuration for the new Elasticsearch
clients that are based upon their new Java client. The new Java
client builds on top of their existing low-level REST client,
replacing the high-level REST client which has been deprecated.
As part of introducing support for the new Elasticsearch client,
the auto-configuration for the templates (both imperative and
reactive) provided by Spring Data has also been updated to use the
new templates that build upon the new Java client.
As part of these changes, support for the high-level REST client and
the old Spring Data Elasticsearch templates has been removed. One
significant change is that the new reactive template is no longer
based on WebClient. As a result, the WebClient-specific configuration
property has been removed.
Closes gh-30647
Closes gh-28597
Closes gh-31755
With the 1.0 release of the SPI, R2DBC's bom is no longer published.
This commit updates Spring Boot's dependency management to no longer
use the bom. Tests have also been updated to adapt to slight changes
in R2DBC's configuration options and their default values.
Closes gh-31702
Spring Security now filters every dispatch by default and not only
once-per-request. Security configuration has been updated in a number of
places to restore the old behavior as needed for the tests to pass.
gh-31703 has been opened to review this and to investigate if we can
now remove the error page security filter and rely on the filtering of
every dispatch instead.
In addition to switching to once-per-request filtering where needed,
this commit also restructures the configuration of the error page
security filter. The restructuring was necessary to ensure that the
privilege evaluator bean has been defined before the conditions on the
error page security filter are evaluated. Without the change, the filter
was no longer being configured as the privilege evaluator hadn't been
defined before the on bean condition was evaluated. We may want to back
port this change as the ordering doesn't appear to have been defined
before and we were just getting lucky.
See gh-31622
See spring-projects/spring-security#11466
This commit makes the following potentially breaking changes:
- Dependency management for modules that do not exist in Hibernate
6.1 has been removed.
- Hibernate's modules are now in the org.hibernate.orm group. Users
not using the starter or using modules that are not in the starter
will have to update their build configuration accordingly.
- spring.jpa.hibernate.use-new-id-generator-mappings has been removed
as Hibernate no longer supports switching back to the old ID
generator mappings.
Co-authored-by: Andy Wilkinson <wilkinsona@vmware.com>
Closes gh-31674
This reverts commit 47993c094b.
Couchbase and Spring Data Couchbase are not compatibile with the
latest Reactor snapshots as they use deprecated API that has now
been removed.
See gh-31609
Update `CassandraAutoConfiguration` so that properties in a
`spring.data.cassandra.config` file can override the default values
defined in `CassandraProperties`.
This commit changes two things:
1. Any primitive on `CassandraProperties` are replaced with object values.
This allows distinguishing between defaults values and no-values. Then
CassandraAutoConfiguration.mapConfig() can use whenNonNull() predicate
to ignore those.
2. `CassandraProperties` no longer populate default values on any
property. With that, the defaults can be applied on top of the file
spring.data.cassandra.config; i.e. the config file have higher
precedence than the defaults, but lower that any spring.data.cassandra.*
property.
See gh-31238
Madhura Bhave
Phillip Webb
Andy Wilkinson
Henning Poettker
yuanhao18
Moritz Halbritter
Bertolt Meier
Brian Clozel
Vedran Pavic
Stephane Nicoll
Vedran Pavic
Scott Frederick
dreis2211
Neil Stevenson
Łukasz Dziedziul
Johnny Lim
Sébastien Deleuze
thegeekyasian
Russell You
puppylpg
Kalpesh
Adrian Bob
Marc Wrobel
lihan
aoyvx
Michael Kreis
Felix Scheinost
Oliver Drotbohm
Mark Paluch
Stern, Ittay (is9613)