Add `NestedJarResourceSet` which can be used for nested jar URLs
and unlike the standard Tomcat implementation does not assume that
the JAR is backed by a single file.
Closes gh-37452
Rewrite nested jar code to better align with the implementations
provided in Java 17. This update makes two fundamental changes to
the previous implementation:
- Resource cleanup is now handled using the `java.lang.ref.Cleaner`
- Jar URLs now use the form `jar:nested:/my.jar/!nested.jar!/entry`
Unlike the previous `jar🫙/my,jar!/nested.jar!/entry` URL format,
the new format is compatible with Java's default Jar URL handler.
Specifically, it now only uses a single `jar:` prefix and it no longer
includes multiple `!/` separators.
In addition to the changes above, many of the ancillary classes have
also been refactored and updated to create cleaner APIs.
Closes gh-37668
Create alternative launcher classes under the package
`org.springframework.boot.loader.launch` and use them in favor
of the previous location.
This update is designed to improve compatibility with future
changes in the loader.
Closes gh-37667
The default socket timeout with HttpClient 5 is not long enough
in some cases where Docker images are built that require the
GraalVM native image compiler to run in a buildpack. This commit
increases the timeout to 30 minutes.
Fixes gh-37665
Co-authored-by: Scott Frederick <sfrederick@vmware.com>"
When the filter is exposed as a bean (directly or through a
registration bean), it's picked up by the auto-configuration of
MockMvc. This causes a problem as MockMvc does not call init on a
filter before it's used and WebSocketUpgradeFilter fails with a
NullPointerException if its doFilter method is called when its init
method has not been called.
This commit reworks the WebSocket auto-configuration to use a
ServletContextInitalizer to register WebSocketUpgradeFilter rather
than a FilterRegistrationBean. This ensure that the filter is still
registered at the required position in the chain (last filter before
the servlet) while also preventing it from being registered with the
auto-configured MockMvc in tests.
Closes gh-37660
This commit correct a mistake where AuthenticationManager was used
instead of ReactiveAuthenticationManager. It also expands the
conditions so that WebFlux security will be enabled when the user
has defined their own SecurityWebFilterChain. In such a situation
no other security-related beans may be needed to use WebFlux
security as things may have been configured directly using the DSL.
Closes gh-37504
This commit adds support for configuring a `RestClient.Builder` and
`MockRestServiceServer` support for the `RestClient` when using
`@RestClientTest` sliced tests.
Closes gh-37033
Unfortunately there's no good way to configure connect and read timeout
separately, which works for all supported reactive clients. This
implementation applies a timeout through Reactor's timeout method. The
timeout from the properties is summed together and this is the applied
timeout. While not perfect, this is better than no timeout at all.
Closes gh-31496
The Apache ActiveMQ project has adopted the label "Classic" for the 5.x
broker in order to more easily compare and contrast it with the broker
code-named Artemis.
See gh-37606
This commit introduces `spring.jms.listener.session-transacted` property
in order to enable explicit configuration of `sessionTransacted` on the
`DefaultMessageListenerContainer`.
Prior to this commit, `sessionTransacted` would be configured implicitly
based on presence of `JtaTransactionManager`.
See gh-37473
There's a window where the deny-all turbo filter has been removed but
Logback has not yet been configured. If any logging that would have
reached an appender is performed in this window, unwanted status
messages will be logged. This window can be closed by ensuring that
the turbo filter is in place while Logback is being configured.
Closes gh-34505
Previously auto-configuration of a user details service (imperative
or reactive) would only back off on the presence of certain beans.
This led to situations where the im-memory service was
auto-configured and the default password was logged even though
another authentication mechanism was in use.
This commit updates the auto-configuration so that it backs off
when depending on Spring Security's OAuth2 Client and OAuth2
Resource Server modules. In the imperative case it will also back
off when depending on the SAML 2 provider.
Closes gh-35338
If there's no authentication manager bean or no bean from which
one can be created, Spring Security's reactive support may fail to
bootstrap due to a null authentication manager.
This commit causes the auto-configuration that enables WebFlux
security to back off in the absence of an AuthenticationManager bean
and a ReactiveUserDetailsService (from which Spring Security can
create an AuthenticationManager) bean. Other reactive security
auto-configuration that can configure things such that WebFlux security
can be bootstrapped without an AuthenticationManager has been updated
to enable WebFlux security rather than relying on another
auto-configuration class to do so.
Fixes gh-37504
Update JMS listener concurrency configuration to set the same minimum
and maximum number of consumers when users specify only the minimum
using `spring.jms.listener.concurrency` property.
Prior to this commit, when using `spring.jms.listener.concurrency` to
set the minimum number of consumers without also specifying
`spring.jms.listener.max-concurrency` would result in effective
concurrency where the actual minimum number of consumers is always 1,
while the maximum number of consumers is the value of
`spring.jms.listener.concurrency`.
See gh-37180
Prior to this change, this test would create files in the project
directory. This can cause issues with Gradle caching and up-to-date
checks.
To address this, the value of the working directory is mocked to a
temporary directory like all the other tests.
See gh-37395
This commit renames `spring.jms.listener.concurrency` property to
`spring.jms.listener.min-concurrency` in order to better align it with
`spring.jms.listener.max-concurrency`.
See gh-37451