Reverting arguments in assertEquals where constant was placed on
the "actual" place. Replacing assertEquals with assertFalse, assertTrue
and assertNull where applicable.
Fixes gh-735
For some reason the exception mappings are only created with the
publisher is initialized in the constructor of DefaultAuthenticationEventPublisher.
Changed SpringBootWebSecurityConfiguration to do that rather then
relying on the ApplicationEventPublisherAware behaviour to inject it.
Fixes gh-719
The username/password option stil lonly works for a single host (to
connect to a cluster I suspect you need to set the URI). Also added
a MongoClientOptions (if a bean of that type exists it will be
used to populate the options that aren't in the URI).
Fixed gh-536
Polish couchbase support to:
- Extract properties into its own class
- Remove unnecessary inner configuration class
- Add since tags
- Format code and add `this.` references
Prior to this commit, a JmsTemplate bean created automatically by Boot
had its "pubSubDomain" flag enabled. It's far more usual to fallback on
queue rather than topic.
This commit flips the default value of the configuration property.
If the user sets spring.mvc.locale and doesn't provide a @Bean
of type LocaleResolver then a FixedLocaleResolver will be provided.
Fixes gh-697, fixes gh-669
User can specify the content type in external properties now, optionally
ommitting the charset (since that is duplicated). If charset is not
appended by user Spring will do it.
Fixes gh-671
A more thorough check is needed to avoid the false assumption
that the DataSource is embedded just because an embedded database
is on the classpath. You really have to try and look in the connection
metadata, so that's what we now do.
Fixes gh-621, fixes gh-373
Update AutoConfigurationPackages to log warnings on the first access,
rather than during setup. This works around the fact that the CLI
currently add multiple @EnableAutoConfiguration annotations.
Fixes gh-579
The management security autoconfiguration wanted to come last in the chain
but that won't suit the fallback that was already in place for gh-568. This
change re-orders the autoconfig so that @EnableWebSecurity is still added
if the user sets security.basic.enabled=false and includes the actuator
endpoints.
Fixes gh-568
If the user explicitly disables the basic security features and forgets to
@EnableWebSecurity, and yet still wants a bean of type
WebSecurityConfigurerAdapter, he is trying to use a custom
security setup and the app would fail in a confusing way without
this change.
Fixes gh-568
Introduce an extra `server.tomcat.uri-encoding` property used to
configure the URI encoding for the embedded tomcat container.
Defaults to `UTF-8` instead of the usual tomcat default of `ISO-8859-1`.
Fixes gh-540
If the user provides a JobExplorer and a BatchConfigurer that
don't require a DataSource we can back off on configuring ours
(and anything else that needs a DataSource).
Fixes gh-561
ErrorPageFilter is itself an EmbeddedServletContainerFactory
but it runs in a non-embedded container. Any component that assumes
the presence of an EmbeddedServletContainerFactory implies we are
running embedded is therefore invalid. WebSocketAutoConfiguration
had that problem.
Fixes gh-551
The bean ID for the ContentNegotiatingViewResolver is now
"viewResolver" (it is the *one*). The conditions have been changed
so that a user only has to define a bean of the same name to switch
it off.
Fixes gh-546
Remove README files that have been since been migrated to the reference
documentation. Also updated remaining markdown files to asciidoctor to
save having a mix of different formats.
Fixed gh-503
This is quite a big step, but I think it helps a lot. Since Spring
Boot always creates an AuthenticationManager if it doesn't find one
already registered, it makes sense to also make it into a @Bean.
Spring Security does not register its AuthenticationManager by
default though, so we have to do that for it if the user has created
one with an @Autowired AuthenticationManagerBuilder, but not registered
it as a @Bean.
Having the @Bean (marked @Primary to prevent issues with @Autowired)
makes it easier to reason about what Spring Boot has done for you, and
easier to default in simple use cases to the boot-created
AuthenticationManager. For example, if I want an OAuth2 Authorization
Server with password grant, it makes total sense for the
AuthenticationManager for users to be the same as the @Primary one.
Now it is easy to set that up (just @Autowire it).
...bean with no explicit @Bean DispatcherServlet. We still have to check
by bean name (slightly unfortunate, but we need to avoid instantiating
too early) so there's now another magic
bean name for the registration bean ("dispatcherServletRegistration")
that the user has to replace if he wants the registration without
defining a servlet @Bean
Fixes gh-482
Rename ConfigurableEmbeddedServletContainerFactory to
ConfigurableEmbeddedServletContainer and extract
AbstractConfigurableEmbeddedServletContainer from
AbstractEmbeddedServletContainerFactory.
There's no explicit support for older Servlet specs in Spring Boot,
but we can at least make it easy for others to provide such
support by not adding stuff to the context when in an older container.
Some assumptions were being made in tests, e.g. about
there being an AuthenticationManager @Bean, which were
false with the new Security 3.2.1 updates from Rob.
Also parent-child contexts with the actuator were
problematic because they didn't exclude the web configuration
for the management security in the parent context.
Fixes gh-244
Also change strategy for defaulting of Authentication. Spring
Boot authentication defaults are now encapsulated and can easily
be overridden by a user defined AuthenticationManager.
The existing behaviour of JobLauncherCommandLineRunner was really too
basic. It has now been enhanced (at the expense of duplicating a lot
of code in Spring Batch it seems) to automatically increment job
parameters if it can, and to retry a failed or stopped execution
if it can (without incrementing, but with additional job parameters
added from command line if they are non-identifying).
The JobLauncherCommandLineRunner is more extendable and exposes
its DI wiring points now as well, so hopefully users can make
use of it independently of autoconfig (by providing a @Bean of
that type).
Not everything from the wishlist in gh-325 is implememented yet,
but it should be a good platform to work with and to extend.
Better even than logging would be to fail fast? Surely it's a
mistake not to have any /templates if Thymeleaf is in use.
User can disable failfast by exlcuding thymeleaf configuration
or by providing their own ITemplateResolver.
Fixes gh-294
User can switch the behaviour on and off with
spring.datasource.continueOnError:true|false. I decided
not to add an extra nested level of property resolution
because of the existing spring.datasource.schema
(and other properties relating to initialization) because
concision seemed like a good thing with those more common
settings.
Fixes gh-374
The DispatcherServletAutoConfiguration had a condition on it that
meant it wasn't used at all if there was no EmbeddedServletContainerFactory.
It's amazing that any WAR ever deployed.
Also added some info logging to servlet and filter registrations.
Update OnBeanCondition to attempt to consider FactoryBean classes
for bean type matches. To ensure early instantiation does not occur, the
object type from the FactoryBean is deduced by resolving generics on the
declaration.
Fixes gh-355
Update AbstractRepositoryConfigurationSourceSupport to use the newly
introduced RepositoryConfigurationDelegate instead of effectively
reimplementing Spring Data Commons functionality which was prone to
changes in the API (code that wasn't considered to be API in the first
place).
Switch from implementing BeanClassLoaderAware to ResourceLoaderAware
to avoid having to set up a DefaultResourceLoader which should also
improve IDE integration.
Fixes gh-236
Disable Mongo auto-configuation when @EnableMongoRepositories is used
and adapt the test helper classes accordingly.
Change the property prefix and dependency management version property
from `...mongo` to `...mongodb` for consistency with Spring Data.
Fixes gh-315
Update SpringApplication so that ApplicationListener and
ApplicationInitializer methods must be called separately. This helps
to prevent unexpected side effects when calling the setters and
also encourages separation of concerns.
The few situations where a class was both an ApplicationInitializer
and ApplicationListener are now handled by registering an inner
listener from the `initialize` method.
BeanFactory.getBean() already looks in the parent context
so we have to be careful and not use the parent when locating
the report singleton
Fixes gh-290
Spring Boot provides a default AuthenticatiomManager for getting
started quickly with security and never exposing insecure
endpoints. To override that feature as users move to the next
stage in their project, they may have to do something slightly
different depending on whether it is a webapp or not.
In any app (web or not), providing a @Bean of type
AuthenticationManager always works, but you don't get the benefit of
the builder features.
In a webapp the user can also extend WebSecurityConfigurerAdapter
to provides a custom AuthenticationManager, and the preferred
way of doing that is via a void method that is autowired with an
AuthenticationManagerBuilder. The default AuthenticationManager is
built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so
to override it the user's confugrer must have higher precedence
(lower @Order).
@EnableGlobalMethodSecurity can also be used in a non-webapp, and
Spring Boot will still provide a default AuthenticationManager.
To override it the user has to either extend
GlobalMethodSecurityConfiguration or provide a @Bean of type
AuthenticationManager (there's no other way to
capture the AuthenticationManagerBuilder that doesn't happen too late
in the beans lifecyle).
Fixes gh-244
If any @Import (or @Enable*, especially @EnableScheduling) has registered
bean *names* as ApplicationListeners, and the application context wasn't
refreshed fully when it failed, then the listener lookup could fail and
mask the original exception
Fixes gh-253
Upgrade to Tomcat 7.0.50, working around the potential
NullPointerException by also adding dependencies to
tomcat-embedded-jasper (which is now also required for Hibernate
Validator 5.0, see commit 377953babd)
Fixes gh-245
sopov.ivan
Dave Syer
Phillip Webb
Josh Long
Michael Nitschinger
Stephane Nicoll
Rob Winch
Roy Clarkson
Spring Buildmaster
Marcel Overdijk
Jean Detoeuf
Chris Savory
Piotr Maj
Andy Piper
Rob Winch
Oliver Gierke
hoserdude
Christian Dupuis
Jakub Kubrynski
Christopher Smith