Previously, Spring Boot's modules published Gradle Module Metadata
(GMM) the declared a platform dependency on spring-boot-dependencies.
This provided versions for each module's own dependencies but also had
they unwanted side-effect of pulling in spring-boot-dependencies
constraints which would influence the version of other dependencies
declared in the same configuration. This was undesirable as users
should be able to opt in to this level of dependency management, either
by using the dependency management plugin or by using Gradle's built-in
support via a platform dependency on spring-boot-dependencies.
This commit reworks how Spring Boot's build uses
spring-boot-dependencies and spring-boot-parent to provide its own
dependency management. Configurations that aren't seen by consumers are
configured to extend a dependencyManagement configuration that has an
enforced platform dependency on spring-boot-parent. This enforces
spring-boot-parent's version constraints on Spring Boot's build without
making them visible to consumers. To ensure that the versions that
Spring Boot has been built against are visible to consumers, the
Maven publication that produces pom files and GMM for the published
modules is configured to use the resolved versions from the module's
runtime classpath.
Fixes gh-21911
Prior to this commit, the welcome page support implemented in gh-9785
would override existing index views in both annotation and functional
variants.
This comes from the fact that the feature was implemented as a
`RouterFunction` configured in the main `RouterFunctionMapping` bean.
Due to ordering issues between mappings, this would override existing
application mappings in some cases.
This commit ensures that the welcome page `RouterFunction` is
contributed to the context in its own handler mapping, ordered after the
application ones.
Fixes gh-21909
Previously, HttpMessageConvertersAutoConfiguration registered
ServerProperties. When this happened in a parent context, any child
contexts would skip registering ServerProperties due to its presence
in the parent context. This prevents the child contexts from
configuring their own server properties.
This commit updates HttpMessageConvertersAutoConfiguration to
bind server.servlet.encoding directly instead of enabling
ServerProperties. With ServerProperties no longer enabled in a parent
context, child contexts are now able to configure their own server
properties.
Fixes gh-21789
This commit makes sure that CassandraReactiveDataAutoConfiguration does
not create a reactiveCassandraSessionFactory bean if the user has
provided their own.
See gh-21769
Previously, when lazy initialization was enabled, STOMP-based WebSocket
messaging would not work as the stompWebSocketHandlerMapping bean was
not initialized and CONNECT requests would go unanswered.
This commit adds a LazyInitializationExcludeFilter that causes the
stompWebSocketHandlerMapping bean to always be initialized eagerly.
This triggers initialization of the WebSocket transport allowing
requests to be received and processed.
Fixes gh-19611
This commit improves the tests for BasicErrorController by decoupling
coverage for the include-message and include-binding-errors
parameters to ensure the options operate properly independent of
each other.
See gh-21702
Alter the logic of `MustacheEnvironmentCollector` so that the
native fetcher is always consulted if it exists.
When the context is a map (as it is in a web View for instance) you
can't assume a non-null fetcher actually contains the property you are
searching for.
See gh-21060
Prior to this commit, Spring Boot would auto-configure Spring MVC and
would keep the default `UrlPathHelper` configuration.
Since Spring Boot is in charge of configuring the `DispatcherServlet`
and its mapping, it is in a position to optimally configure the
`UrlPathHelper` depending on the chosen mapping.
This commit sets the `alwaysUseFullPath` property of `UrlPathHelper` if
the Servlet mapping is `"/"`. This is more efficient since this
configuration requires less processing of the request path.
Closes gh-21499
This commit adds the support for static and templated welcome pages with
Spring WebFlux. The implementation is backed by a `RouterFunction`
that's serving a static `index.html` file or rendering an `index` view.
Closes gh-9785
Restore the `getUseRelativeRedirects` method with a `Boolean` object
result and introduce `isUseRelativeRedirects` for the primitive boolean
variant.
See gh-20796
This commit improves the backward-compatibility of the ErrorAttributes
interfaces by providing a default implementation of a new method. It
also encapsulates several parameters that control the inclusion or
exclusion of error attributes into a new ErrorAttributeOptions type to
make it easier and less intrusive to add additional options in the
future. This encapsulation also makes the handling of the
includeException option more similar to other options.
Fixes gh-21324
Prior to this commit, the property was a Boolean with a null default.
If it was explicitly set by the user, a context customizer would use
that value to set it on the context. However, if it was not set, the default
wouldn't be tomcat's default but `false` because it was explicitly set to
`false` in `TomcatServletWebServerFactory`. This commit defaults the property
itself to `false` so that the default is more obvious to the user.
Fixes gh-20796
Prior to this commit, there was a property server.error.include-details
that allowed configuration of the message and errors attributes in a
server error response.
This commit separates the control of the message and errors attributes
into two separate properties named server.error.include-message and
server.error.include-binding-errors. When the message attribute is
excluded from a servlet response, the value is changed from a
hard-coded text value to an empty value.
Fixes gh-20505
This commit introduces a CookieSerializerCustomizer callback that
allows the customization of the auto-configured
DefaultCookieSerializer bean. This is particularly useful for
configuring cookie serializer's capabilities, such as SameSite, that
are not supported by the Servlet API and therefore not exposed via
server.servlet.session.cookie.* properties.
See gh-20961
This commit adds a new configuration property for configuring the
registration of the default Servlet in Servlet containers.
`"server.servlet.default-servlet.registered=false"`
The default of this property is still `true`, as it's been the case in
previous releases.
Closes gh-21214
Extend WebFlux and WebMvc properties with timeFormat and
dateTimeFormat properties to allow users to customize format of
LocalTime and LocalDateTime instances.
See gh-18772
Previously, only root auto-configuration classes could be excluded
eagerly via an AutoConfigurationImportFilter. Any configuration class
loaded as a result of processing a particular auto-configuration were
parsed and checked as usual.
This commit makes use of the `getExclusionFilter` callback to expand
this filter to all candidates that are considered. The annotation
processor has also be expanded to generate metadata for non-root
configuration classes.
Closes gh-12157
This commit upgrades to RSocket 1.0.0-RC7.
This new RC brings API changes we have to adapt to. As of this commit,
we're introducing a new `RSocketServerCustomizer` which replaces the now
deprecated `ServerRSocketFactoryProcessor`.
Closes gh-21046
This new customizer-like interface make it possible to configure the
Reactor Netty `HttpClient` that is going to be used by the
`WebClient.Builder` provided by Spring Boot.
Closes gh-21135
Starting the CouchbaseContainer fails intermittently when creation
of the primary index for the bucket fails with a read timeout. The
test doesn't require a primary index for the bucket so this commit
disables it creation in the hope that it will help to stabilise the
test.
Previously, DefaultResourceLoader instances were created using the
default constructor. This causes the resource loader to capture the
TCCL that was in place at that time. This can lead to a class loader
leak if the resource loader is referenced directly or indirectly from
a static field of a class loaded by a different class loader.
This commit updates the creation of DefaultResourceLoader instances
in main code so that the resource load will use the class loader of
the creating class. In almost all cases this will be the same class
loader as was the thread context class loader that was being captured
so the change in behavior is minimal. Crucially, it will still address
the situation where the TCCL was different.
Note the DevTools' ApplicationContextResourceLoader has been updated
to explicitly use the TCCL. This ensures that it uses the restart
class loader which is required for DevTools to function correctly.
Fixes gh-20900
At present, RestClientBuilderCustomizer allows general customization of RestClientBuilder.
This is troublesome for users that want to customize `HttpAsyncClientBuilder` and
`RequestConfig.Builder` since those are set on the `RestClientBuilder`. By customizing
those two builders user lose out on Spring Boot's support for binding username, password,
connection-timeout and read-timeout properties from `"spring.elasticsearch.rest"` namespace.
This commit enhances the `RestClientBuilderCustomizer` with support for customizing
`HttpAsyncClientBuilder` and `RequestConfig.Builder` by providing additional `customize`
methods that accept the aforementioned builders. Both new methods are optional as they have
no-op default implementations.
See gh-20994
Refine `DataSourceAutoConfiguration` conditions so that an empty
`spring.datasource.url` property can be used to enable the embedded
source.
Fixed gh-20996
This commit marks as deprecated an interface method that is no longer
used, and changes all internal implementations to return `null` to
make the fact that the return value is not used more obvious.
Fixes gh-19844
Prior to this commit, default error responses included the message
from a handled exception. When the exception was a BindException, the
error responses could also include an errors attribute containing the
details of the binding failure. These details could leak information
about the application.
This commit removes the exception message and binding errors detail
from error responses by default, and introduces a
`server.error.include-details` property that can be used to cause
these details to be included in the response.
Fixes gh-20505
Create a general purpose `AvailabilityState` interface and refactor
the existing `LivenessState` and `ReadinessState` to use it. A single
`AvailabilityChangeEvent` is now used to carry all availability state
updates.
This commit also renames `ApplicationAvailabilityProvider` to
`ApplicationAvailabilityBean` and extracts an `ApplicationAvailability`
interface that other beans can inject. The helps to hide the event
listener method, which is really internal.
Finally the state enums have been renamed as follows:
- `LivenessState.LIVE` -> `LivenessState.CORRECT`
- `ReadinessState.READY` -> `ReadinessState.ACCEPTING_TRAFFIC`
- `ReadinessState.UNREADY` -> `ReadinessState.REFUSING_TRAFFIC`
See gh-20962
Prior to this commit, the `HttpHandlerAutoConfiguration` would rely on
the `WebFluxProperties` bean being present - this is most of the time
true when the appplication is using the WebFlux auto-configuration.
If the application is overriding the WebFlux auto-configuration and
providing its own setup, the properties bean is not present and we
should skip its usage.
Fixes gh-20891
Rename the SAML `singleSignOn` nested property to `singleSignOn` so
that we don't get problems when using uppercase environment variable
names.
See gh-20584
Andy Wilkinson
Brian Clozel
Stephane Nicoll
Radek Koubsky
Tomek Szmytka
Scott Frederick
Aurdo
Phillip Webb
Dave Syer
Evgeniy Cheban
dreis2211
Madhura Bhave
Toshiaki Maki
olivier lamy
Phillip Webb
Johnny Lim
Aarti Gupta
Vedran Pavic
Brian Clozel
Daniel Knittl-Frank
K Zoli
dhimathu