Only affects the default AuthenticationManagerBuilder (so when users
are not overriding the default global user details). Makes the
UserDetailsService effectively available as it would be if we used
AuthenticationManagerBuilder.inMemoryAuthentication() as a
shared object in the HttpSecurity.
Fixes gh-3152
Add an explicit link to the `RedisAutoConfiguration` to make sure it is
applied before the cache counter-part. Request the general
`redisTemplate` so that non String-values can be handled by default as
well.
See gh-2633
Remove `spring.cache.config` as it is too generic and does not express
enough what is configured. This property is replaced by cache library
specific properties, that is `spring.cache.ehcache.config`,
`spring.cache.hazelcast.config`, `spring.cache.infinispan.config` and
`spring.cache.jcache.config`.
See gh-2633
Allow SSL to be configured via standard configuration as well as the
requestedHeartbeat. Switch to RabbitConnectionFactoryBean.
Closes gh-2655, gh-2676
User can enable OAuth2 SSO by declaring the intent (@EnableOAuth2Sso)
and also configuring the client properties (spring.oauth2.client.*).
The spring.oauth2.sso.* are only needed to change the path for the
login (defaults to /login) - any other security configuration for the
protected resources can be added in a WebSecurityConfigurerAdapter
which carries the @EnableOAuth2Sso annotation.
* Automatically spin up Authorization Server and Resource Server
* Automatically configures method level security included OAuth2Expression handler
* Wrote extensive unit tests verifying default behavior as well as the auto-configuration backing off when custom Authorization/Resource servers are included
* Created org.springframework.boot.security.oauth2 subpackage to contain it
* Can also disable either resource of authorization server completely with a single property for each
* Print out the auto-generated secrets and other settings
* Added spring-boot-sample-secure-oauth2 to provide a sample that can be run and poked with curl as well as some automated tests.
* Make users ask for which servers to install by adding @Enable*
* User has to @EnableGlobalMethodSecurity instead of using properties files
Add Spring Security OAuth2 support to Spring Boot CLI
* Triggered from either @EnableAuthorizationServer or @EnableResourceServer
* Needs to have @EnableGlobalMethodSecurity to allow picking the annotation model.
* By default, comes with import support for @PreAuthorize, @PreFilter, @PostAuthorize, and @PostFilter via a single start import
* Also need import support for the enable annotations mentioned above.
* Added extra test case and sample (oauth2.groovy)
- Apply project’s code formatting and conventions
- Don’t use the IO and worker thread configuration when creating the
worker for the AccessLogReceiver. The IO and worker thread
configuration is for HTTP request processing and a worker in its
default configuration should be sufficient for the access log
receiver.
- Don’t use a temporary directory as the default for the access log
directory. A temporary directory makes (some) sense for Tomcat as it
requires a directory for its basedir. Undertow has no such
requirement and using a temporary directory makes it hard to locate
the logs. The default has been updated to a directory named logs,
created in the current working directory.
- Document the new properties in the application properties appendix
Closes gh-3014
This commit adds support for configuring Undertow's access log via the
environment using the following properties:
server.undertow.access-log-enabled
server.undertow.access-log-pattern
server.undertow.access-log-dir
See gh-3014
Previously, JacksonAutoConfiguration would register any Jackson Module
beans with every ObjectMapper found in the application context. This
was not consistent with the rest of the Jackson auto-configuration,
which is only applied to ObjectMappers that are created or configured
via the auto-configured Jackson2ObjectMapperBuilder.
This commit removes the code that registers Jackson Module beans with
every ObjectMapper. Such beans will still be registered with
ObjectMappers created or configured using the auto-configured
Jackson2ObjectMapperBuilder. This aligns the configuration of Module
with the rest of the ObjectMapper configuration and makes it possible
for users to create an ObjectMapper bean and still have complete control
over the modules that are registered with it.
Closes gh-2489
A recent change to the internals of RequestMappingHandlerMapping
broke to Spring Mobile-related tests as they were using reflection
to verify that the configuration had been applied correctly.
This commit makes the tests more robust by using the Java API to
access the interceptors for a request and verify that the expected
interceptor is present. To further simplify the tests, the unnecessary
use of an embedded servlet container factory has also been removed.
SpringApplicationLifecycle provides basic lifecycle operations on the
current Spring Boot application (that is checking if the application has
fully started and gracefully terminate the app). It can be registered as
an MBean of the platform MBean server if a specific property is set.
The Maven plugin uses that MBean to check that the application is ready
before ending the "start" phase. It uses it to trigger a proper shutdown
of the application during the "stop" phase.
If the process has to be forked, the platform MBean server is exposed on
a configurable port so that the maven plugin can connect to it.
Such change permits the maven plugin to integrate a classical integration
test scenario where the "start" goal is invoked during the
pre-integration phase and the "stop" goal during the post-integration
phase.
Closes gh-2525
Allow the display-name of the application to be customized when deployed
in an embedded container via the `server.display-name` property.
Closes gh-2600
Updated to the `EmbeddedCacheManager` interface and added support for
default cache configuration.
Added dependencies management for the JCache support with tests
Fixes gh-2906, see gh-2633
Include auto-configuration support for Infinispan. It is possible
to specify the caches to create via `spring.cache.cache-names`.
Provider also allow to set configuration file via `spring.cache.config`.
See gh-2633
Work in 1b3efd4 actually introduced a regression: if a CacheManager is
created via a custom configuration file, it is no longer post-processed.
This commit makes sure to also customize a CacheManager that was
created that way.
See gh-2848
Expose the underlying cache infrastructure bean if Boot auto-configures
it. This is the case for ehCache, hazelcast and JCache. This change has
two side effects:
1. It is now possible to customize the underlying cache infrastructure
and let Boot only wrap it in the Spring's CacheManager abstraction. No
customizations are applied if the caching-specific service is customized
2. Such infrastructure is disposed when the application terminates as
it is now defined as `@Bean` and both `close()` and `shutdown()` methods
are invoked if present on the target type.
While the latter can be troublesome, we feel that a particular cache
instance is not meant to be shared and must be disposed when the
application terminates.
Closes gh-2848
This commit adds support for configuring the JSP servlet’s init
parameters via the environment using server.jsp-servlet.init-parameters.*.
As part of this change the configuration of registerJspServlet and
jspServletClassName have been moved onto a new type, JspServlet, and the
existing setters on ConfigurableEmbeddedServletContainer have been
deprecated. In addition to providing a model for configuring the JSP
servlet that’s consistent with the model for other configuration (SSL,
for example), this change also means that the class name and whether or
not the servlet is registered at all can now also be configured via the
environment.
Closes gh-2825
While this is a breaking change, continuing with Spring Social
Facebook 1.1.x is also broken as it is no longer compatible with
Facebook's API. Upgrading to 2.0.1.RELEASE may require some changes
to be made to users' applications, but it will allow their
applications to use the Facebook API once again.
Closes gh-2837
In addition to the changes already made in 1.2.x, this commit updates
the tests in spring-boot-actuator to ensure that any Elasticsearch
data files are written into the target directory. This avoids problems
when switching branches caused by different versions of Elasticsearch
trying to read the files.
By default, Elasticsearch writes it data to ./data. This led to data
being left on the filesystem after a mvn clean which could cause
failures when moving between branches that use different versions of
Elasticsearch.
This commit updates the tests for the Elasticsearch sample and
the Elasticsearch auto-configuration classes to write the
Elasticsearch data and logs into the target directory.
Remove the configuration map defined in `GroovyTemplateProperties` which
isn't used. Ironically, that configuration map was exposed with the exact
same prefix as `GroovyMarkupConfigurer`, which broke IDEs support since
two entries had the exact same prefix.
Fixes gh-2840
SpringApplicationLifecycle provides lifecycle operations on the current
Spring Boot application. It can be registered as an MBean of the platform
MBean server if a specific property is set. Besides, the JMX name can
also be customized via a property in case more than one Spring Boot
application is started in the same process.
The Maven plugin uses that MBean to check that the application is ready
before ending the "start" phase. It uses it to trigger a proper shutdown
of the application during the "stop" phase.
If the process has to be forked, the platform MBean server is exposed on
a configurable port so that the maven plugin can connect to it.
Such change permits the maven plugin to integrate a classical integration
test scenario where the "start" goal is invoked during the
pre-integration phase and the "stop" goal during the post-integration
phase.
Closes gh-2525
To allow us to determine the type that Spring Integration’s
GatewayProxyFactoryBean will create, the bean definition created by
MessagingGatewayRegistrar needs to set the factoryBeanObjectType
attribute. The current implementation of BeanTypeRegistry requires the
attribute’s value to be a Class, however this would require Spring
Integration’s namespace handler to load the class and class loading
should be avoided in namespace handlers.
This commit updates BeanTypeRegistry so that it supports both Class and
String values for the factoryBeanObjectType. If the value is a String
it will interpret it as a class name and attempt to load it.
See gh-2811
Provide a TransactionTemplate if one PlatformTransactionManager is
present.
Relocated the jta support as a nested package of the new transaction
package that hosts the transaction template auto-configuration. To avoid
package tangles, links between auto-configurations have been reversed.
Closes gh-2464
Closes gh-2809
Update FlywayAutoConfiguration to support pluggable migration
strategies. Rather than always calling flyway.migrate(), users can now
provide a FlywayMigrationStrategy @Bean to call whatever methods they
wish.
Fixes gh-1814
This commit updates Spring Boot to use Spring Security 4. As a result
of this, the coordinates of Thmyeleaf's Spring Security extra, for
which dependency management and auto-configuration is provided, have
been updated to the Spring Security 4 variant.
Closes gh-2727
The versions in the dependency management for the various datastore
dependencies have been aligned with those used by Spring Data Fowler.
The Data REST tests and sample application has been updated to configure
the base path in favour of the deprecated base uri property
Closes gh-2673
This commit adds support for configuring an ObjectMapper's
serialization inclusion using the environment via the
spring.jackson.serialization-inclusion property. The property's value
should be one of the values on the JsonInclude.Include enumeration.
Relaxed binding of the property value to the enum is supported. For
example:
spring.jackson.serialization-inclusion: non_null
Closes gh-2532
Previously GsonHttpMessageConvertersConfiguration was unconditional
with its nested configuration class being
@ConditionalOnClass(Gson.class). This led to the unnecessary
registration of the GsonHttpMessageConvertersConfiguration bean when
Gson isn't on the classpath.
This commit moves the condition up onto the outer class so that no
Gson-related beans are created when Gson is not on the classpath.
Closes gh-2778
Add a new ConditionalOnSingleCandidate condition that determines if the
condition should match only if autowiring by type is guaranteed to
succeed. Used by auto-configuration that relies on a single candidate of
a given type (for instance, the JdbcTemplate auto-configuration relies on
the presence of a DataSource).
Such wiring by type will succeed if only one bean of that type is present
or if one matching instance is flagged "primary" amongst the candidates.
ConditionalOnSingleCandidate is a basic version of ConditionalOnBean that
only accepts a single type and does not determine a defaut based on its
presence on a bean definition.
Closes gh-1702
According to the spec, specifying a custom URI when retrieving a
`javax.cache.CacheManager` might be used as a way to transmit the
location of a custom configuration file to initialize the underlying
cache manager.
If `spring.cache.config` is set, we use that information to retrieve a
CacheManager with that configuration file. Unfortunately, hazelcast does
not support this feature so we are setting the property key it expects
instead.
See https://github.com/hazelcast/hazelcast/issues/4943
Closes gh-2743
Previously, EhCacheCacheConfiguration could be triggered even if the
ehcache library is not present. This commit adds the missing
`ConditionalOnType` that now guards the configuration properly.
See gh-2633
Certain cache manager implementations are located in the
spring-context-support module that isn't pulled automatically.
As a result, the related cache auto-configurations should make sure that
the relevant CacheManager implementation is available.
See gh-2633
Prior to this commit, the auto-configuration report (both in its logged
form and the actuator endpoint) listed the positive and negative matches
but did not list the classes, if any, that the user had excluded.
This commit updates the logged report and the actuator endpoint to
expose a list of the excluded class names configured via the exclude
attribute on @EnableAutoConfiguration.
Closes gh-2085
Dave Syer
Stephane Nicoll
Eddú Meléndez
Phillip Webb
Spring Buildmaster
izeye
Greg Turnquist
Andy Wilkinson
Marcos Barbero
Craig Walls