Previously, when a session attribute that had been stored in Redis was
being deserialized, the app class loader would be used. This would
result in a ClassCastException if the attribute was an instance of a
class visible to the restart class loader.
This commit auto-configures Spring Session’s RedisTemplate to use a
custom deserializer that uses the restart class loader when
deserializing session attributes.
Closes gh-3805
During a restart, the Restarter runs all registered shutdown hooks. This
breaks Log4J2 as it leaves it in a shutdown state that leaves logging
switched off such that no output it produced when the application starts
up again.
This commit introduces a new RestartListener abstraction.
RestartListeners are notified prior to the application being restarted.
A Log4J2-specific implementation is provided that prepares Log4J2 for
restart by removing any shutdown callbacks from its shutdown callback
registry. This prevents the restart from shutting down Log4J2, ensuring
that it still functions when the application restarts.
Closes gh-4279
Previously, if an app had Spring Security on the classpath the remote
devtools server would be secured using basic authentication. This
prevented RemoteSpringApplication from uploading changes to the server
as they would be rejected with a 401.
This commit updates RemoteDevToolsAutoConfiguration to allow anonymous
access to the remote server. CSRF protection is also disabled so that
POST requests without a CSRF token will be accepted.
Closes gh-3889
Phillip Webb
Spring Buildmaster
Andy Wilkinson
Martin Lippert