Since the autoconfig totally backs off in the presence
of a WebSecurityConfigurerAdapter, there is no need to
order them ahead of/after the one provided by Spring Boot.
See gh-7958
This commit makes sure that we don't import a class from the Guava
library by mistake as it provides various utility classes with similar
names as our own.
Closes gh-10089
Following the rework on Security that expects web endpoints to be
disabled by default, this commit updates the metadata (including the
automatic generation) to reflect this decision.
Previously we didn't mention that the project must have been built
locally first (to get the sources for javadoc generation for instance).
This commit clarifies that.
Closes gh-10086
Since the handler interceptors have been removed, web endpoints
are all disabled by default to prevent accidental exposure of
sensitive information.
Closes gh-7958
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.
Closes gh-7958
This commit makes sure tht `HealthIndicatorAutoConfiguration` runs after
any producers of a `ConnectionFactory` and not only ActiveMQ. This was
identified as part of #10081: `JmsAutoConfiguration` is actually the
one that isn't necessary (spring-boot-actuator has no import on the
`org.springframework.jms` and only `javax.jms.ConnectionFactory` is used
as part of the JMS health indicator.
This library is required for parsing multipart requests asynchronously
in Spring WebFlux. Framework treats this as an optional dependency, but
Boot auto-configures multipart support with Servlet by default.
Closes gh-10073
Stephane Nicoll
Paul Vorbach
Johnny Lim
Phillip Webb
Madhura Bhave
Brian Clozel