Update `ConfigurationPropertiesBindingPostProcessor` so that
`@Validated` is expected to be used to trigger JSR-330 validation.
Any existing configuration classes that use JSR-330 annotations but
don't have `@Validated` will currently still be validated, but will
now log a warning. This should give users a chance to add the requested
annotations before the next Spring Boot release where we will use them
as the exclusive signal that validation is required.
Closes gh-7579
The user property is only available on Unix-like platforms (due to
the USER environment variable). This commit updates the test to
explicitly set a specific property and then check that it's accessible
via the env endpoint rather than using one that is OS-specific.
See gh-7868
See gh-7881
When the context is closed, FileWritingMessageHandler is stopped and
it closes its output files. However, it appears to do so in a manner
which means that they may be closed after the call to close the
context is completed. This causes problems on Windows as files that
are still open cannot be deleted.
This commit adds a workaround to SampleIntegrationApplicationTests
so that it makes up to 10 attempts each 0.5s apart to clean up the
input and output directories.
Update `ManagementWebSecurityAutoConfiguration` to match nested path
for insensitive actuators.
Prior to this commit, when Spring Security was on the classpath
nested paths were considered sensitive (even if the actuator
endpoint was not sensitive). i.e. when setting
`endpoints.env.sensitive=false` `/env` could be accessed without
authentication but `/env/user` could not.
Fixes gh-7868
Closes gh-7881
The default is now SecurityProperties.ACCESS_OVERRIDE_ORDER-1
(instead of 3), and the user can set it with
security.oauth2.resource.filter-order (as opposed to being hard
coded). The filter is provided by Spring OAuth2 so this change is
a BeanPostProcessor to call a setter on that object.
Fixes gh-5072
Update ClassLoaderFilesResourcePatternResolver to support servlet
resources when it's being used with a WebApplicationContext.
Prior to commit 918e122ddc a `ResourceLoader` was not added to the
`ApplicationContext`, meaning that servlet resources could be found by
virtue of the protected `getResourceByPath()` method. Following commit
918e122ddc, the context `ResourceLoader` is set, meaning that all calls
to `getResource` delegate to the `ResourceLoader` and the
`ApplicationContext` methods are not invoked. Since the devtools
`ResourceLoader` wasn't Servlet aware, servlet resources could not
be found.
Fixes gh-7752
Update `JettyEmbeddedServletContainerFactory` to support Jetty 9.4
directly and Jetty 9.3 via reflection. The primary difference between
Jetty 9.3 and 9.4 are the session management classes. Websocket suppport
has also been updates, but this is handled transparently by the
Spring Framework support.
Fixes gh-7599
Update management security to require an `ACTUATOR` role rather than
`ADMIN` by default. This should reduce the risk of users accidentally
exposing actuator endpoints because they happen to use a role named
`ADMIN`.
Fixes gh-7569
This commit promotes the plugin dependency management for the
`maven-enforcer-plugin` and `maven-invoker-plugin` to the root. That way
these can be used in samples as well rather than having a separate copy.
Closes gh-7517
Update `ManagementServerProperties` so that `security.sessions` no
longer uses `SessionCreationPolicy` from Spring Security. We now
use our own enun which allows `management.security.*` properties to
be set without the risk of a `ClassNotFoundException`.
Fixes gh-3888
Cassandra sometimes takes a long time when dropping the test keyspace.
This results in the test failing due to an exception being thrown.
This commit attempts to make the tests more robust by catching and
logging any exceptions thrown during server cleanup.
To be compatible with Gradle's plugin portal, plugins must have an
ID that uses a reverse domain name. This means that spring-boot is
not compatible.
This commit introduces a new ID, org.springframework.boot, and
deprecates the old ID.
Closes gh-6997
To be compatible with Gradle's plugin portal, plugins must have an
ID that uses a reverse domain name. This means that spring-boot is
not compatible.
This commit introduces a new ID, org.springframework.boot, and
deprecates the old ID.
Closes gh-6997
Update dependency management to exclude commons-logging and add
an enforcer rule to spring-boot-samples to try and prevent unwanted
commons-logging dependencies from sneaking back in again.
Closes gh-7067
In addition, dependency management for `hazelcast-hibernate5` module has
been added, and a separate dependency version was introduced for
`hazelcast-hibernate4` module.
Closes gh-7023
This commit enables compatibility build against Spring Framework 5.
The Velocity and Guava support that are deprecated in the 1.x line have
been removed and few other classes contain minor change to comply to non
backward compatible changes in Spring Framework 5.
This commit also switches the required java version to 8.
Closes gh-6977
Switch `@AutoConfigureJsonTesters` to use regular `@Autowired` injection
for JSON testers. Prior to this commit JSON Tester fields were
initialized directly which caused IDE issues and was also a little
confusing.
Fixes gh-6451
Update @AutoConfigureMockMvc to support extended print options including
`System.err` and `log.debug`. In addition the "default" print option
can now be overridden by adding `spring.test.mockmvc.print=...` to
`src/test/resources/application.properties`.
Fixes gh-6455
Previously, an entry had to be added to spring.factories using the
name of one of the @AutoConfigure… meta-annotations on the @…Test
annotation as the key. This indirection was unnecessarily complicated.
This commit simplifies things by allowing the name of the @…Test
annotation itself to be used as the key.
Closes gh-6335
Where possible, code that previously synchronized on this (or on the
class in the case of static methods) has been updated to use an
internal monitor object instead. This allows the locking model that's
employed to be an implementation detail rather than part of the
class's API.
Classes that override a synchronized method continue to declare
the overriding method as synchronized. This ensures that locking
is consistent across the superclass and its subclass.
Closes gh-6262
springloaded isn't required in any of the samples, yet some of them
make use of it without being a springloaded-specific sample. This
is creating the false impression that springloaded is necessary in
cases where it's not.
The upgrade to Hibernate 5.2.0.Final has provide to be too
problematic to live with. It requires Java 8, is incompatible with
a number of other projects in the Hibernate ecosystem, and it's
unclear for how long it will be maintained. We'd previously used
Hibernate 5.1.0.Final but its maintenance is also unclear with
Hibernate 5.1.1.Final being more than 3 months overdue.
This commit drops back to Hibernate 5.0.9.Final. This has a few
advantages:
- It's Java 7 compatible
- It's had some time to mature and should be reasonably free of
regressions for those moving from 4.3.x
- It's used in both Wildfly and JBoss EAP so there's a fair chance
that it will continue to be maintained.
Closes gh-6198
This commit changes the default version of Tomcat to 8.5.3 while
also retaining support for Tomcat 8.0 and 7.0. The main difference
in 8.5 is that the ServerSocketFactory abstraction that allowed the
TrustStore and KeyStore to be configured programatically no longer
exists. This logic has been replaced with the use of a custom URL
protocol (springbootssl) that provides access to the key store and
trust store of an SslStoreProvider. In addition to working with 8.5,
this approach has the advantage of also working with 8.0 and 7.0.
Closes gh-6164
This commit removes HSQLDB dependency from Batch Starter as most apps
that use Spring Batch will prefer to use a RDBMS of their choice to store
batch metadata.
Additionally, explicit spring-jdbc dependency has been replaced with JDBC
Starter dependency.
See gh-6081
Update RemoteVehicleDetailsService and the related test to use the new
RestTemplateBuilder class and @RestClientTest annotation.
See gh-6030
See gh-5507
Neither Cassandra nor Elasticsearch starts reliably on Windows. This
commit adds a custom class rule to the associated sample application
tests to skip them on Windows. A class rule is used rather than a
Unit assumption as we want to avoid starting Elasticsearch (done by
the application context) and Cassandra (done by a test execution
listener) and an assumption would be too late.