This commit moves the existing Spring MVC Mustache support to its own
`servlet` package and adds a new one under `reactive` for the WebFlux
web applications.
New `MustacheView` and `MustacheViewResolver` types resolve and render
Mustache views for WebFlux applications.
Since this templating engine is now supported by two flavors of Spring
web apps, the `spring-boot-starter-mustache` does not depend anymore on
the `spring-boot-starter-web` one: it's up to the developer to add the
relevant starter `web` or `webflux` to their application.
Fixes gh-8648
The neo4j embedded driver no longer embeds the neo4j kernel and users are
expected to add that dependency manually. We don't provide dependency
management for any of them so this commit updates the documentation to
refers to the official documentation.
Closes gh-8567
Previously to this commit, transaction management was only enabled when
a `DataSource` is configured. The processing of `@Transactional`
annotations are now enabled as long as a `PlatformTransactionManager` is
present.
Also, the `spring.aop.proxy-target-class` is now honoured if set, still
defaulting to CGLIB mode.
Closes gh-8434
This commit our Neo4j OGM dependency with the Spring Data Neo4j
snapshots that are currently included in snapshots of Spring Data Kay.
It switches to using Neo4j's Bolt driver by default, aligning it with
the default of the latest Spring Data Neo4j 5 snapshots.
It also contains a workaround for a Neo4j OGM issue [1] and a change
to Neo4jDataAutoConfigurationTests that prevents the entire classpath
from being scanned.
See gh-8687
[1] https://github.com/neo4j/neo4j-ogm/issues/340
Restructure `org.springframework.boot.autoconfigure.web` to better align
with the new package structure in `spring-boot`.
Auto-configuration is now split into client, servlet and reactive
sub-packages. In addition a new `http` package now handles common
HTTP concerns.
Fixes gh-8616
Rework `org.springframework.boot.context.embedded` to relocate classes
to `org.springframework.boot.web`. Packages are now organized around
the following areas:
Packages for shared concerns, for example the `WebServer` interface
to start/stop a server and the common configuration elements:
- org.springframework.boot.web.context
- org.springframework.boot.web.server
Servlet specific packages:
- org.springframework.boot.web.servlet.server
- org.springframework.boot.web.servlet.context
- org.springframework.boot.web.servlet.filter
Reactive specific packages:
- org.springframework.boot.web.reactive.context
- org.springframework.boot.web.reactive.server
Embedded server implementations (both reactive and servlet):
- org.springframework.boot.web.embedded
In addition:
- Rename `EmbeddedServletContainerFactory` to `ServletWebServerFactory`
to align with the `ReactiveWebServerFactory`.
- Rename `EmbeddedWebApplicationContext` to
`ServletWebServerApplicationContext` and
- Rename `EmbeddedReactiveWebApplicationContext` to
`ReactiveWebServerApplicationContext`.
- Add checkstyle rules to restrict imports.
- Fixup all affected code to use the correct imports and local names.
Fixes gh-8532
As of Hazelcast 3.7, the bootstrap is pretty slow by default due to the
networking discovery. This commit disables both TCP/IP and multicast
discoveries.
This commit exposes a `WebTestClient` automatically in a reactive
integration test that uses an embedded web server. This is similar to
what we do with `TestRestTemplate` for servlet based integration tests.
Closes gh-8399
Previously, the custom layout sample could only be built successfully
if spring-boot-dependencies had be installed locally, making its
effective pom available in the local Maven cache.
This commit updates the sample's tests to look at its own pom to
determine the version of Spring Boot that should be used in the
Gradle tests.
Closes gh-8330
This commit refactors the `ServerProperties` property keys and
introduces a separate "server.servlet" namespace to isolate
servlet-specific properties from the rest.
Closes gh-8066
This contract is not specific to servlet containers and should be
reused by all web server implementations (including reactive variants).
Fixes gh-8208
This commit removes `ServerProperties` and `ManagementServerProperties`
auto-configurations. Those properties objects are now created using
`@EnableConfigurationProperties` only.
Closes gh-8108
This commit raises the minimum supported version of Thymeleaf to
3.0.x. It also upgrades Spring Social to a version that is compatible
with Thymeleaf 3.
Closes gh-7450
Closes gh-6258
See gh-7885
Update `ConfigurationPropertiesBindingPostProcessor` so that
`@Validated` is expected to be used to trigger JSR-330 validation.
Any existing configuration classes that use JSR-330 annotations but
don't have `@Validated` will currently still be validated, but will
now log a warning. This should give users a chance to add the requested
annotations before the next Spring Boot release where we will use them
as the exclusive signal that validation is required.
Closes gh-7579
The user property is only available on Unix-like platforms (due to
the USER environment variable). This commit updates the test to
explicitly set a specific property and then check that it's accessible
via the env endpoint rather than using one that is OS-specific.
See gh-7868
See gh-7881
When the context is closed, FileWritingMessageHandler is stopped and
it closes its output files. However, it appears to do so in a manner
which means that they may be closed after the call to close the
context is completed. This causes problems on Windows as files that
are still open cannot be deleted.
This commit adds a workaround to SampleIntegrationApplicationTests
so that it makes up to 10 attempts each 0.5s apart to clean up the
input and output directories.
Update `ManagementWebSecurityAutoConfiguration` to match nested path
for insensitive actuators.
Prior to this commit, when Spring Security was on the classpath
nested paths were considered sensitive (even if the actuator
endpoint was not sensitive). i.e. when setting
`endpoints.env.sensitive=false` `/env` could be accessed without
authentication but `/env/user` could not.
Fixes gh-7868
Closes gh-7881
The default is now SecurityProperties.ACCESS_OVERRIDE_ORDER-1
(instead of 3), and the user can set it with
security.oauth2.resource.filter-order (as opposed to being hard
coded). The filter is provided by Spring OAuth2 so this change is
a BeanPostProcessor to call a setter on that object.
Fixes gh-5072
Update ClassLoaderFilesResourcePatternResolver to support servlet
resources when it's being used with a WebApplicationContext.
Prior to commit 918e122ddc a `ResourceLoader` was not added to the
`ApplicationContext`, meaning that servlet resources could be found by
virtue of the protected `getResourceByPath()` method. Following commit
918e122ddc, the context `ResourceLoader` is set, meaning that all calls
to `getResource` delegate to the `ResourceLoader` and the
`ApplicationContext` methods are not invoked. Since the devtools
`ResourceLoader` wasn't Servlet aware, servlet resources could not
be found.
Fixes gh-7752
Update `JettyEmbeddedServletContainerFactory` to support Jetty 9.4
directly and Jetty 9.3 via reflection. The primary difference between
Jetty 9.3 and 9.4 are the session management classes. Websocket suppport
has also been updates, but this is handled transparently by the
Spring Framework support.
Fixes gh-7599
Update management security to require an `ACTUATOR` role rather than
`ADMIN` by default. This should reduce the risk of users accidentally
exposing actuator endpoints because they happen to use a role named
`ADMIN`.
Fixes gh-7569
This commit promotes the plugin dependency management for the
`maven-enforcer-plugin` and `maven-invoker-plugin` to the root. That way
these can be used in samples as well rather than having a separate copy.
Closes gh-7517
Update `ManagementServerProperties` so that `security.sessions` no
longer uses `SessionCreationPolicy` from Spring Security. We now
use our own enun which allows `management.security.*` properties to
be set without the risk of a `ClassNotFoundException`.
Fixes gh-3888