We can expect that occasionally a user clicks on a login link when
the token is expired. If the UserInfoTokenServices tries to
authenticate the user at that point, it can retain the option to
refresh the expired token if we preserve the state. Since the
state is in session scope all we need to do is to check that the
token that is being checked has the same value as the one in the
OAuth2ClientContext and re-use the context if it is.
Fixes gh-4251
The InteractiveAuthenticationSuccessEvent is always shadowed by a
regulat AuthenticationSuccessEvent, so there's no need to listen for
all AbstractAuthenticationSuccessEvents.
Fixes gh-4355
This way the MetricCopyExporter can make a sensible choice about
what to do with counter metrics, and cache the latest values, so that
they can be properly incremented.
Fixes gh-4305
Previously, the meta-data annotation processor was taking the first
setter that match the property name it has to handle. Contrary to
getters that are enforced by a return type (no argument), multiple
setter candidates may exist.
If a property's type got narrowed over time, the original setter may
have been marked as Deprecated. As the annotation processor takes the
first setter that matches based on the name only, it may pick up the
deprecated one and therefore mark the property as being (wrongly)
deprecatede in the meta-data.
It turns out that checking for the actual type of the setter parameter
brought a side effect: some primitive properties may use the primitive
or the Wrapper counter part. This commit not only look at the proper
setter based on the type but also fallback on the wrapper (or) primitive
if necessary.
Closes gh-4338
Create a set of core groups to gather properties logically: core, web,
security, data, integration, actuator and devtools.
In each of them, groups are ordered against their lexical order.
Closes gh-4344
Update `EnableAutoConfigurationImportSelector` to directly use the
RelaxedDataBinder when obtaining excludes. This removes the need for
the additional getProperties method on RelaxedPropertyResolver.
See gh-4352
`spring.application.exclude` is retrieved via the
`RelaxedPropertyResolver` API explicitly and it does not have any
standard API to retrieve a list of values. As a consequence that property
could only be specified as a comma-separated value.
This felt convoluted in YAML. `RelaxedPropertyResolver` has now a
`getProperties` method that works with both comma-separated value and
index elements (i.e. list).
Closes gh-4352
By default, start-stop-daemon will chdir to the root directory before
starting the process. This prevents an application.properties file that
sits alongside the jar from being found.
This commit updates the call to start-stop-daemon to use --chdir to
set the working directory to that of the jar that’s being launched.
Closes gh-4281
Previously, if security.ignored was set to none and the error controller
was disabled, there would be no paths to ignore and we would call
IgnoredRequestConfigurer.antMatchers with an empty array. While a bit
pointless, this had no effect on Spring Security’s configuration.
This behaviour has changed in the latest 4.0.3 snapshots [1]. An empty
array passed to IgnoredRequestConfigurer.antMatchers now maps to /**. As
Spring Boot configures its ignored paths with highest precedence this
means that security is now disabled for every path.
This commit updates both the management security and application
security configuration to avoid calling antMatchers with an empty
array, thereby ensuring that we don’t inadvertently ignore every path.
Even if the change to Spring Security is reverted we can keep this
change. The behaviour will remain the same and, arguably, it makes the
intent of our configuration clearer.
Closes gh-4345
[1] 8663ac4173
In 1.3, our Gradle plugin no longer automatically applies the
application plugin. This affects the default options that are
available for explicitly configuring a project's main class. This
commit updates the documentation accordingly.
Closes gh-3768
The syntax was a bit tortured. This should clarify things and also
de-emphasise the "production" use case for the file system
properties file (we want to be cloud native don't we?).
That way any properties that are needed for processing the config
files will be available in time. Makes sense given that env vars
is the main carrier of the inline JSON.
The HATEOAS sample does not support XML responses. Previously, the
controller doesn't constrain the media types that it could produce.
This would result in a failure when handling a request that prefers
XML responses.
This commit updates the produces clauses in the controller so that
the sample will only attempt to produce JSON.
Closes gh-4343
The documentation recommends configuring the HTTP connector in code
and using application.properties to configure the HTTPS connector
as it's easier. This commit updates the sample to follow that
recommendation.
Closes gh-4342
Previously, the "Common application properties" appendix had no
consistent use of a configuration key value. It could just as well be
the default value or an example.
We now always document the default value after the "=" sign and
eventually add an example with the phrasing "For instance".
The keys have also been reordered so that they follow a natural (i.e.
lexical) order.
Closes gh-3230
Closes gh-3160
Closes gh-3155
Closes gh-3153
The PROPERTIES creator mode has the unfortunate side-effect of stopping
mixins from working. This commit updates the auto-configured module to
use the DEFAULT creator mode instead.
Closes gh-4336
The latest Spring Framework 4.2.3 snapshots appear to be trimming
whitespace as part of the binding process. This commit updates the
test's expectations accordingly.
During a restart, the Restarter runs all registered shutdown hooks. This
breaks Log4J2 as it leaves it in a shutdown state that leaves logging
switched off such that no output it produced when the application starts
up again.
This commit introduces a new RestartListener abstraction.
RestartListeners are notified prior to the application being restarted.
A Log4J2-specific implementation is provided that prepares Log4J2 for
restart by removing any shutdown callbacks from its shutdown callback
registry. This prevents the restart from shutting down Log4J2, ensuring
that it still functions when the application restarts.
Closes gh-4279
Previously, it had the same plugin name as
WhitespaceThrowablePatternConverter which meant that only one of the
two plugins was available and the other’s converter keys didn’t work.
Closes gh-4337
Make sure that `autoApprove`, `accessTokenValiditySeconds`, and
`refreshTokenValiditySeconds` properties from the `ClientDetails`
are used
Closes gh-4306
As there is no way to copy all the converters of a `ConversionService` to
another, `RelaxedConversionService` uses a fallback `ConversionService`
when the user-provided one failed.
That fallback is taking care of converting `String` to `Enum` in a case
insensitive way but it has no registered converter to convert a comma
separated String to a collection of something.
Ironically, our current test suite has plenty of cases where we map a
`String` to a collection of enums and they all pass. This is because
the tests do not provide a custom `ConverterService` so we end up
immediately in the fallback scenario. Since no converter is able to
convert the String to a collection, the property editor support of the
binder takes care of that for us and try to convert each individual
value.
In a regular use case however, a `ConversionService` is provided and
fails to map the collection if the String value(s) don't have the exact
same case as the annotations they represent. Since the original
`ConversionService` has claimed it was able to convert a collection,
the raw `String` value is passed to the fallback converter and that one
fails to convert the raw String.
The fallback converter now registers the necessary converters to
convert collections. Additional tests have been added to test that in
a more explicit way.
Closes gh-4322
Dave Syer
Stephane Nicoll
ZakarFin
Andy Wilkinson
Phillip Webb
Vedran Pavic
Kyle Lieber