Commit Graph

1029 Commits (b719b0271cf9878c6665ddf97a401642ec11446e)

Author SHA1 Message Date
Phillip Webb edb16a13ee Protect against SpEL injections
Prevent potential SpEL injection attacks by ensuring that whitelabel
error view SpEL placeholders are not recursively resolved.

Fixes gh-4763
9 years ago
Andy Wilkinson 7d5cc3da63 Stop ActiveMQ pooled connection factory when context is closed
Previously, ActiveMQ's pooled connection factory was not closed as
part of the application context being closed. This would leave
non-daemon threads running which could cause shutdown to hang unless
the JVM itself was shutting down (in which case a shutdown hook would
stop the pool).

This commit configures each pooled connection factory bean with a
custom destroy method so that the pool is stopped as part of the
application context being closed. To allow the destroy method to only
be declared when the connection factory is pooled, the bean method
has been split into two; one for pooled and one for non-pooled. This
is a partial backport of the changes made in bedf2edf.

Closes gh-4748
9 years ago
Andy Wilkinson ce541bebcf Align BasicErrorController’s HTML response status with non-HTML status
Previously, BasicErrorController would return the response status
set in the javax.servlet.error.status_code request attribute when
serving JSON but would also return a 200 OK response when serving
HTML. This didn’t cause much trouble when a person was browsing, but
proved problematic for machine clients that request text/html and care
about the response status. For example, the success handler would be
driven for an XHR request even though the response was really an error.

This commit updates BasicErrorController to set the response status for
text/html responses to match the status that it would use in an
application/json response.

Closes gh-4694
9 years ago
Phillip Webb 9432ee6a6b Polish 9 years ago
Dave Syer 124574e345 Add mediaTypes (extension to media type mapping) in MVC resources
Allows users to configure "allowed" file extensions for controller
mappings, so that browsers will not switch to downloading "f.txt"
(part of the recent RFD attack fixes in Spring MVC).

See gh-4220
9 years ago
Phillip Webb cfbac20807 Ensure ErrorControllers work when using AOP
Add a BeanFactoryPostProcessor to set PRESERVE_TARGET_CLASS_ATTRIBUTE
to true on all ErrorController bean definitions. Without this attribute
AOP advice on @Controllers causes ErrorController beans to be created
as JDK proxies (since they implement a single valid looking interface)
and therefore not get found by Spring MVC.

Fixes gh-4236
9 years ago
Phillip Webb a79131f8d2 Organize imports with new settings
See gh-4234
9 years ago
Spring Buildmaster 2b38a861e3 Next Development Version 9 years ago
Andy Wilkinson c236db04ef Ignore parent contexts in message source auto-configuration
This commit applies the changes made in 68b55ad to 1.2.x (it was
originally only made in 1.0.x and master). It also adds some tests.

Closes gh-3803
9 years ago
Phillip Webb 94736719f1 Reformat package-info.java files with Eclipse Mars 9 years ago
Phillip Webb 6ab376e2e8 Reformat code use Eclipse Mars 9 years ago
Andy Wilkinson a94f3a0cbf Only try to auto-configure Jetty when jetty-webapp is on the classpath
Closes gh-4089
9 years ago
Phillip Webb 87a515f6a0 Fix TemplateAvailabilityProvider binding issues
Update all TemplateAvailabilityProvider implementations to use the
relaxed property binder. Also fix FreeMarkerTemplateAvailabilityProvider
to use `template-loader-path` rather than `path`.

Fixes gh-4085
9 years ago
Phillip Webb 891faa9d35 Fix test cleanup to reset commons logging 9 years ago
Stephane Nicoll 8978f54cc3 Use spring.velocity.charset for template encoding
Previously `spring.velocity.charset` only controlled the output encoding
with the templates being loaded with the default encoding. We now
consistently set the same value for both the input and output encodings.

It is still possible to override it to a different value using
`spring.velocity.properties.input.encoding`

Closes gh-3994
9 years ago
Spring Buildmaster 9409c49c10 Next development version 9 years ago
Pei-Tang Huang a5430d8a0c Catch more general Hibernate 4.2 LinkageError
Update HibernateJpaAutoConfiguration to catch LinkageError rather than
NoClassDefFoundError. Required due to the fact that JBoss EAP 6 wraps
NoClassDefFoundErrors.

Fixes gh-3605
9 years ago
Phillip Webb b7e9f805c9 Set ignoreUnknownFields=true on ServerProperties
Update ServerProperties so that unknown SERVER_* environment properties
do not cause startup failures.

Fixes gh-3903
9 years ago
Phillip Webb 15686ed4fd Reformat code 9 years ago
Phillip Webb 0f6b60d8c8 Organize imports 9 years ago
Barry Lagerweij 8d75aa0ea9 Fix Oracle XA datasource class name
Closes gh-3846
9 years ago
Andy Wilkinson a2f4c1cc4a Add support for configuring allowSessionOverride via the environment
This commit adds support for using the environment to configure the
Freemarker and Velocity view resolvers to allow session overrides.

Closes gh-3410
9 years ago
Andy Wilkinson 905346d0cd Consider @Bean methods with args to determine type created by factory
Previously, BeanTypeRegistry would only look for a @Bean method
with no arguments when trying to determine the type that will be
created by a factory bean. This meant that the type produced by a
factory bean declared via a @Bean that has one or more arguments would
be unknown and any on missing bean conditions look for a bean of the
type produced by the factory bean would match in error.

This commit updates BeanTypeRegistry to, where possible, use the
factory method metadata for the bean definition when determining the
type that will be created. This allows it to determine the type for
factory bean created by @Bean methods that take arguments and also
avoids the use reflection to find the factory method. Where factory
method metadata is not available, the existing reflection-based
approach is used as a fallback.

Closes gh-3657
9 years ago
Pei-Tang Huang 3953baba81 Add SQLServer XA DataSource class name
Closes gh-3604
9 years ago
Dave Syer ff79138aa5 Alternative fix for Rabbit listener transactions
Never inject a transaction manager (user can create his own
"rabbitListenerContainerFactory" bean if he wants an actual
non-JTA transaction manager.

See gh-3432
9 years ago
Dave Syer 67933ab01f Add boolean flag spring.rabbit.listener.useTransactionManager
If set *and* there is a transaction manager in the context, then the
listener container created by Spring Boot will use the transaction
manager to execute the listeners.

Fixes gh-3432 (by virtue of not requiring a JtaTransactionManager any
more).
9 years ago
Phillip Webb 7da808918f Fix Flyway and Liquibase JPA 'depends-on' setup
Ensure that FlywayAutoConfiguration and LiquibaseAutoConfiguration occur
after HibernateJpaAutoConfiguration so that the DependsOnPostProcessor
condition can correctly check for a LocalContainerEntityManagerFactory
bean.

Fixes gh-3437
10 years ago
Spring Buildmaster 7ce391db4f Next development version 10 years ago
Phillip Webb 04dfac1c6c Formatting 10 years ago
Stephane Nicoll 441049cf4e Auto-detect JMS sessionTransacted flag
If a JtaTransactionManager is present, it is associated with the
auto-created JmsListenerContainerFactory. However, if no such transaction
manager is present, local transaction support is not enabled.

This gives a default situation where the message is acknowledged even
before the listener is invoked. We now make sure to turn on local JMS
transactions if no JtaTransactionManager is present.

Fixes gh-3393
10 years ago
Andy Wilkinson b1ad2c30eb Ignore type-constrained converter when auto-configuring Jackson converter
Previously, JacksonHttpMessageConvertersConfiguration would configure a
general-purpose MappingJackson2HttpMessageConverter only if there was
no existing MappingJackson2HttpMessageConverter in the application
context. This was problematic when a
TypeConstrainedMappingJackson2HttpMessageConverter bean was present.
Such a bean is only capable of performing conversion for a specific
type, and therefore is no substitute for a general purpose converter,
yet its presence was causing the auto-configuration of a general
purpose converters to be turned off. This would leave Spring MVC’s
default converter being used for application/json requests which would
not honour the user’s Jackson configuration.

This commit enhances @ConditionalOnMissingBean so that the annotation
can be used to specify one or more types that should be ignored when
searching for beans. This allows the
TypeConstrainedMappingJackson2HttpMessageConverter beans that are
published by Spring Data REST to be ignored such that the
general-purpose MappingJackson2HttpMessageConverter is still
auto-configured.

Fixes gh-2914
10 years ago
Phillip Webb 8ec10c8425 Use buildView() to create MustacheView
Update MustacheViewResolver so that buildView() is called to create
the MustacheView. This sets fields such as `contentType` and allows us
to remove explicit setApplicationContext() and setServletContext()
calls.

Fixes gh-3265
10 years ago
Andy Wilkinson 5a1e66b3d6 Make GzipFilterAutoConfiguration conditional on HttpMethod
GzipFilterProperties uses HttpMethod so GzipFilterAutoConfiguration,
which uses GzipFilterProperties, needs to be conditional on HttpMethod
being on the classpath.

Closes gh-3362
10 years ago
Andy Wilkinson 8681a8ad2a Map empty virtual host to "/" when parsed from an address
Previously, an address that ended in a "/" would result in the virtual
host being an empty string. This was inconsistent with setVirtualHost
which would map an empty string to "/".

This commit updates the address parsing logic to call setVirtualHost
rather than assigning the value directly to this.virtualHost. This
ensures that the special handling for an empty string is applied
consistently.

Closes gh-3304
10 years ago
Andy Wilkinson 01ba0f7571 Make RemoteIpValve's protocolHeaderHttpsValue configurable via the env
Closes gh-3289
10 years ago
Phillip Webb cca0b76ac8 Support Velocity toolbox configurations from jar
Create an EmbeddedVelocityToolboxView which supports loading toolbox.xml
files from the application classpath as well as the ServletContext. The
VelocityAutoConfiguration class has been updated to use the new view.

This change allows the `spring.velocity.toolbox-config-location`
property to work with embedded servlet containers.

Fixes gh-2912
10 years ago
Phillip Webb 75ffd1b017 Polish 10 years ago
Phillip Webb a83d999f27 Add missing MultipartProperties.enabled property
Fixes gh-3209
10 years ago
Phillip Webb 135e9d10a6 Polish 10 years ago
Stephane Nicoll 321a149297 Only associate JTA transaction manager
This is related to 38cca9c but for the Rabbit support. Update
RabbitAnnotationDrivenConfiguration to only associate a JTA transaction
manager, if any.

Closes gh-3222
10 years ago
Stephane Nicoll dc94fafaaa Fix dependency of AmqpAdmin
AmqpAdmin does not require a CachingConnectionFactory. Using the more
general CachingConnectionFactory provides more flexibility.

Closes gh-3220
10 years ago
Andy Wilkinson defceec90c Reinstate support for spring.groovy.template.configuration.*
Previously, spring.groovy.template.configuration.* was mapped onto both
GroovyTemplateProperties.configuration and GroovyMarkupConfigurer. The
former being a Map and the latter being specific type with getters and
setters. This clash caused problems with the IDE support.

GroovyTemplateProperties.configuration appeared to be dead code so it
was removed in 326bdf2. Unfortunately this broke the use of
spring.groovy.template.configuration.* properties as
GroovyTemplateProperties uses a prefix of spring.groovy.template and it
no longer had a configuration property.

This commit addresses the problem by updating GroovyTemplateProperties
to ignore unknown fields. This allows
spring.groovy.template.configuration.* properties to be used and bound
to GroovyMarkupConfigurer without reintroducing the clash which prompted
the initial change.

Closes gh-3198
10 years ago
Stephane Nicoll 38cca9c1f3 Only associate JTA transaction manager to JMS factory
The JMS MessageListenerContainer supports the PlatformTransactionManager
abstraction with either a `JmsTransactionManager` for local transactions
or `JtaTransactionManager` for distributed transactions. The former is
kind of deprecated (`setTransacted` should be used instead). In any case,
any other `PlatformTransactionManager` implementation is not supported.

Update JmsAnnotationDrivenConfiguration to only associated a JTA
transaction manager, if any.

Closes gh-3150
10 years ago
Dave Syer 1c0bcc13cf Set UserDetailsService in default AuthenticationManagerBuilder
Only affects the default AuthenticationManagerBuilder (so when users
are not overriding the default global user details). Makes the
UserDetailsService effectively available as it would be if we used
AuthenticationManagerBuilder.inMemoryAuthentication() as a
shared object in the HttpSecurity.

Fixes gh-3152
10 years ago
Spring Buildmaster 5d81c87b43 Next Development Version 10 years ago
Phillip Webb df8c311280 Add OrderedHiddenHttpMethodFilter
Add OrderedHiddenHttpMethodFilter and use it in WebMvcAutoConfiguration
to ensure that it is applied before Spring Security.

Fixes gh-2773
10 years ago
Phillip Webb 968b68c322 Polish 10 years ago
Stephane Nicoll 160f2d341f Fix Gzip filter properties
Fix `excludeAgentPatterns`, `excludePaths` and `excludePathPatterns`
properties. Introduce `excludedMimeTypes` property.

Fixes gh-3042
10 years ago
Craig Walls 88d72e0598 Upgrade to Spring Social Facebook 2.0.1.RELEASE
While this is a breaking change, continuing with Spring Social
Facebook 1.1.x is also broken as it is no longer compatible with
Facebook's API. Upgrading to 2.0.1.RELEASE may require some changes
to be made to users' applications, but it will allow their
applications to use the Facebook API once again.

Closes gh-2837
10 years ago
Andy Wilkinson dabbb02dfe Prevents tests that use Elasticsearch from polluting the filesystem
By default, Elasticsearch writes it data to ./data. This led to data
being left on the filesystem after a mvn clean which could cause
failures when moving between branches that use different versions of
Elasticsearch.

This commit updates the tests for the Elasticsearch sample and
the Elasticsearch auto-configuration classes to write the
Elasticsearch data and logs into the target directory.
10 years ago