Previously, if a failure analyzer threw an exception from its
analyze method, failure analysis would stop.
This commit updates FailureAnalyzers to catch and log any Throwable
thrown by an analyzer and continue to the next available analyzer.
Closes gh-7956
Previously, ErrorPageFilter set the value of
javax.servlet.error.exception_type to be the name of the exception,
(a java.lang.String). This commit changes it to be a java.lang.Class
as required by the Servlet spec.
Closes gh-7925
Previously, OAuth2MethodSecurityConfiguration set the
PermissionEvaluator on the expression evaluator by looking in the
context for a PermissionEvaluator bean. This is unnecessary as
GlobalMethodSecurityConfiguration already does the same thing and does
so after the post-processor in OAuth2MethodSecurityConfiguration has
run. This commit removes the redundant logic and adds tests to check
that both the PermissionEvaluator and the RoleHierarchy are set use
beans in the context.
Closes gh-7979
This commit reverts the upgrade from HTMLUnit 2.11 to 2.23. As of HTMLUnit
2.22, `websocket-client` is no longer provided and triggers the following
issue:
https://github.com/SeleniumHQ/htmlunit-driver/issues/22
See gh-7232
See gh-7895
Most of the config keys defined by the `spring-boot-test-autoconfigure`
module can't be overridden because they are mapped with `@PropertyMapping`
on an annotation. It is confusing that such keys are exposed in content
assistance as using them will have no effect.
This commit removes the annotation processor from the build so that the
`@ConfigurationProperties` beans aren't processed anymore. Instead, manual
metadata is written for the two only keys that are effectively used in
regular configuration.
As a result, the `additional-spring-configuration-metadata` file has been
renamed to `spring-configuration-metadata` since nothing is processing it
anymore.
Closes gh-7887
Update `ManagementWebSecurityAutoConfiguration` to match nested path
for insensitive actuators.
Prior to this commit, when Spring Security was on the classpath
nested paths were considered sensitive (even if the actuator
endpoint was not sensitive). i.e. when setting
`endpoints.env.sensitive=false` `/env` could be accessed without
authentication but `/env/user` could not.
Fixes gh-7868
Closes gh-7881
Andy Wilkinson
Stephane Nicoll
Phillip Webb
drumonii
Michael J. Simons
Kazuki Shimizu
Eddú Meléndez
Madhura Bhave