Previously, an entry’s potentially aliased name would be used when
checking that it has a particular name. The alias would always be
applied, irrespective of the name in the header. As a result, when
there was a clashing hash and an entry with a particular index did
not have the expected name, this would be concealed by the alias
being applied and the name check being done with the alias.
This commit reworks JarEntry to store the name in its header in
addition to its alias, if any. When checking that the entry has the
expected name, the unaliased name is passed in and the entry compares
it with the name from the header rather than the alias.
Closes gh-15981
Previously, DevTools would retry the upload of the changes to an
application in the event of a ConnectException. If a different
network-level failure occurred, it would not be retried and would
cause the file watching thread to die.
This commit attempts to make things more robust by retrying all
SocketExceptions and not just ConnectExceptions. A warning is
logged when a failure occurs. A separate debug message that
includes the exception is also logged.
Closes gh-10317
This commit splits the management context configuration for jersey
into two separate configurations depending on if the type is SAME or
CHILD. The configuration for the SAME context should only kick in if
there is no existing ResourceConfig bean.
Fixes gh-15891
When Spring Security is misconfigured it's possible to switch from an anonymous user
to a normal user. When switching back again, the corresponding
AuthenticationSwitchUserEvent will have a null target user. Previously, Actuator's
AuthenticationAuditListener would throw a NullPointerException when it received such an
event.
This commit updates the audit listener to defensively handled events with a null target
user.
Closes gh-15767
Previously, the auto-configuration for both Jersey and WebMvc would auto-configure
a RequestContextFilter bean. In 2.1.0, this led to a startup failure due to the latter
attempting to override the bean defined by the former. In addition to the override there
were also problems with the order of the filter as Jersey uses -1 and MVC uses -105.
To avoid the above-described problems, the auto-configuration of the RequestContextFilter
was removed from JerseyAutoConfiguration in 2.1.1. Unfortunately, the broke
request-scoped beans for those using only Jersey.
This commit attempts to strike a better balance by reintroducing the auto-configuration
of RequestContextFilter in JerseyAutoConfiguration. It will back off if the user defines
their own filter or filter registration. WebMvcAutoConfiguration has been updated to
back off in the same manner. This leaves the potential for ordering problems, but they
are no worse than they were before. Furthermore, the user has the means to correct any
problems by using the various filter ordering properties that are provided for Jersey,
Spring Session, Spring Security, etc.
Closes gh-15376
This commit also ensures that Jersey-based actuator endpoints are
available before the user has configured a `ResourceConfig` bean
Fixes gh-15625
Fixes gh-15877
Prior to this commit, the `HttpTraceWebFilter` would collect the
response information (status and headers) for tracing purposes, after
the handling chain is done with the exchange - inside a
`doAfterSuccessOrError`.
Once the handler has processed the exchange, there is no strong
guarantee about the HTTP resources being still present. Depending on the
web server implementation, HTTP resources (including HTTP header maps)
might be recycled, because pooled in the first place.
This commit moves the collection and processing of the HTTP trace right
before the response is committed. This removes the need to handle
special cases with exceptions, since by that time all exception handlers
have processed the response and the information that we extract is the
information that's about to be written to the network.
Fixes gh-15819
Prior to this commit, errors unhandled by custom `WebExceptionHandler`
and resulting in an HTTP 500 status would not be logged at ERROR level,
giving no information to developers about the actual exception.
This commit ensures that such exceptions are logged at the ERROR level
with their exception. By the time the exception hits the
`DefaultErrorWebExceptionHandler`, if the response is already committed
or if the exception is due to a client disconnecting, the error is
delegated to Framework support as Spring Boot won't be able to render an
error page as expected.
Fixes gh-15769
Dmytro Nosan
Stephane Nicoll
Dan Zheng
Lars Grefer
Andy Wilkinson
Madhura Bhave
Robert Thornton
isank
Michael Simons
Sebastien Deleuze
Matthias Stock
Johnny Lim
Kedar Joshi
Eugene
ayudovin
Jeffrey van der Laan
wonwoo
dreis2211
Brian Clozel