Update the jar `Handler` class to support a non-reflective fallback
mechanism when possible. The updated code attempts to capture a regular
jar URL before our handler is installed. It can then use that URL as
context when creating the a fallback URL. The JDK jar `Handler` will
be copied from the context URL to the fallback URL.
Without this commit, resolving new Tomcat URLs of the form
`jar:war:file:...` would result in an ugly "Illegal reflective access"
warning.
Fixes gh-18631
This commit upgrades the docker image for CentOS to Centos 7.9 as
CentOs 6 is EOL since November 30. Given that CentOS 7 does no longer
support SysVinit, this commit also updates the integration tests to not
test this OS anymore.
Closes gh-24344
Exclude `@ConfigurationProperties` beans from method validation so
that `@Validated` can be used on final classes without the method
validation post-processor throwing an exception.
This commit introduces a `FilteredMethodValidationPostProcessor` class
which will use `MethodValidationExcludeFilters` to exclude beans from
method validation processing. Using `@EnableConfigurationProperties`
will automatically register an appropriate filter.
Closes gh-21454
Replace `WebSecurityConfigurer` and `WebSecurityConfigurerAdapter`
configurations with `WebSecurityCustomizer` or `SecurityFilterChain`
beans.
Closes gh-23421
Previously, the base path of a servlet-based management server could be
configured using management.server.servlet.context-path but there was no
equivalent property for WebFlux.
This commit introduces a new property, management.server.base-path,
that can be used with both servlet and reactive management servers. The
existing servlet-specific property has been deprecated in favour of the
new general property. When using the servlet stack, if both the general
property and the servlet-specific property are set, the new general
property takes precedence. When using the reactive stack, only the new
general property is considered.
Closes gh-22906
Refactor `ConfigData` processing code to make it less awkward to
follow.
Prior to this commit the `ConfigDataLocationResolver` would take a
String location and return a `ConfigDataLocation` instance. This was
a little confusing since sometimes we would refer to `location` as the
String value, and sometimes it would be the typed instance. We also
had nowhere sensible to put the `optional:` prefix logic and we needed
to pass a `boolean` parameter to a number of methods. The recently
introduced `Orgin` support also didn't have a good home.
To solve this, `ConfigDataLocation` has been renamed to
`ConfigDataResource`. This frees up `ConfigDataLocation` to be used
as a richer `location` type that holds the String value, the `Orgin`
and provides a home for the `optional:` logic.
This commit also cleans up a few other areas of the code, including
renaming `ResourceConfigData...` to `StandardConfigData...`. It also
introduces a new exception hierarchy for `ConfigDataNotFoundExceptions`.
Closes gh-23711
Constructor calls like new AtomicInteger(0) cause a volatile write that
can be saved in cases where the constructor parameter is the default
value.
See gh-23575
Previously, the default servlet was registered automatically when using
embedded Jetty, Tomcat, or Undertow. However, it is not used by the
majority of applications where Spring MVC's DispatcherServlet will be
the only servlet that's needed. As such configuring the default servlet
was wasting CPU and memory.
This commit changes the default for registering the default servlet to
false. It can be re-enabled by setting
server.servlet.register-default-servlet=true.
Closes gh-22915
Refactor `BootstrapRegistry` support following initial prototype work
with the Spring Cloud team.
This update splits the `BootstrapRegistry` API into `BootstrapRegistry`,
`BootstrapContext` and `ConfigurableBootstrapContext` interfaces and
moves it to the same package as `SpringApplication`.
A new `Bootstrapper` interface has been introduced that can be added
to the `SpringApplication` to customize the `BootstrapRegistry` before
it's used.
Closes gh-23326
Previously, the project version was included in the name of the
Ant-built jar and the integration test assumed that there would be a
single jar in the output directory. This assumption did not hold true
if the project's version had changed and the project had been built
again without a clean. This resulted in two jars, one for the previous
version and one for the current version, in the output directory. This
caused a test failure.
This commit updates the build.xml to remove the version from the name
of the Ant-built jar and updates the integration test to find it.
Closes gh-22782
This commit adapts the auto-configuration for the new core r2dbc support
in Spring Framework and provides auto-configuration for
R2dbcEntityOperations.
Closes gh-22708
This commit also switches to RSocket SNAPSHOTs and updates the
repository configuration to rely on "libs-snapshot", since the RSocket
SNAPSHOTs are mirrored there.
See gh-22640
Deprecate `ConfigFileApplicationListener` and provide a replacement
mechanism that supports arbitrary config data imports.
This commit updates the following areas:
- Extract `EnvironmentPostProcessor` invocation logic from the
`ConfigFileApplicationListener` to new dedicated listener. Also
providing support for `Log` injection.
- Extract `RandomPropertySource` adding logic from the
`ConfigFileApplicationListener` to a dedicated class.
- Migrate to the recently introduced `DefaultPropertiesPropertySource`
class when moving the defaultProperties `PropertySource`
- Replace processing logic with a phased approach to ensure that
profile enablement happens in a distinct phase and that profiles
can no longer be activated on an ad-hoc basis.
- Provide a more predictable and logical import order for processing
`application.properties` and `application.yml` files.
- Add support for a `spring.config.import` property which can be used
to import additional config data. Also provide a pluggable API
allowing third-parties to resolve and load locations themselves.
- Add `spring.config.activate.on-profile` support which replaces the
existing `spring.profiles` property.
- Add `spring.config.activate.on-cloud-platform` support which allows
a config data document to be active only on a given cloud platform.
- Support a `spring.config.use-legacy-processing` property allowing the
previous processing logic to be used.
Closes gh-22497
Co-authored-by: Madhura Bhave <mbhave@vmware.com>
Previously, Spring Boot's modules published Gradle Module Metadata
(GMM) the declared a platform dependency on spring-boot-dependencies.
This provided versions for each module's own dependencies but also had
they unwanted side-effect of pulling in spring-boot-dependencies
constraints which would influence the version of other dependencies
declared in the same configuration. This was undesirable as users
should be able to opt in to this level of dependency management, either
by using the dependency management plugin or by using Gradle's built-in
support via a platform dependency on spring-boot-dependencies.
This commit reworks how Spring Boot's build uses
spring-boot-dependencies and spring-boot-parent to provide its own
dependency management. Configurations that aren't seen by consumers are
configured to extend a dependencyManagement configuration that has an
enforced platform dependency on spring-boot-parent. This enforces
spring-boot-parent's version constraints on Spring Boot's build without
making them visible to consumers. To ensure that the versions that
Spring Boot has been built against are visible to consumers, the
Maven publication that produces pom files and GMM for the published
modules is configured to use the resolved versions from the module's
runtime classpath.
Fixes gh-21911
Prior to this commit, there was a property server.error.include-details
that allowed configuration of the message and errors attributes in a
server error response.
This commit separates the control of the message and errors attributes
into two separate properties named server.error.include-message and
server.error.include-binding-errors. When the message attribute is
excluded from a servlet response, the value is changed from a
hard-coded text value to an empty value.
Fixes gh-20505
This commit updates HazelcastHealthIndicator and
HazelcastCacheMeterBinderProvider so that they work with
Hazelcast 4 while retaining compatibility with Hazelcast 3. Reflection
is used when necessary.
This commit also adds a smoke test that validates those features are
working when Hazelcast 4 is on the classpath.
Closes gh-21169
Prior to this commit, default error responses included the message
from a handled exception. When the exception was a BindException, the
error responses could also include an errors attribute containing the
details of the binding failure. These details could leak information
about the application.
This commit removes the exception message and binding errors detail
from error responses by default, and introduces a
`server.error.include-details` property that can be used to cause
these details to be included in the response.
Fixes gh-20505
Phillip Webb
Madhura Bhave
Stephane Nicoll
Andy Wilkinson
Stephane Nicoll
dreis2211
Andy Wilkinson
Gabriele Bianchet-David
Danilo Piazzalunga
Alexey Vinogradov
Gerrit Meier
Brian Clozel
jfarcand
Phillip Webb
Scott Frederick