Remove `spring-boot-smoke-test-webflux-ssl` since it's more of
an integration test than a smoke test. We could consider
relocating it to `spring-boot-integration-tests` but since we
have unit tests with a mock PCKCS11 security it's probably
best to see if we can get away without it.
See gh-32179
Rename `/actuator/httptrace` to `/actuator/httpexchanges` to better
describe its purpose and to remove confusion with distribute tracing.
This change also takes the opportunity to improve the code by making
the `HttpExchange` class (previously `HttpTrace`) fully immutable.
Closes gh-32885
Co-authored-by: Andy Wilkinson <wilkinsona@vmware.com>
This commit adds a `Build-Jdk-Spec` attribute to the manifest in a
jar or war file built with the Spring Boot Gradle plugin. This
aligns the Gradle plugin's behavior with the default Maven plugin
behavior.
This removes the need to set a `BP_JVM_VERSION` environment variable
when invoking Cloud Native Buildpacks, as the Paketo buildpacks will
honor `Build-Jdk-Spec` in a jar or war manifest to determine the
default JVM version.
Fixes gh-32829
Spring Security now re-applies the authorization rules
to the error page by default. Additionally, it configures
RequestAttributeSecurityContextRepository as the default for
stateless applications allowing those applications to have access
to the original authentication during an error dispatch.
Closes gh-31703
This commit migrates our remaining usage of the httpclient 4.x to use
instead httpclient5, now that the 4.x support has been removed in
`RestTemplate`.
Closes gh-32461
As htttpclient 4.x is not supported anymore by `RestTemplate`, this
commit changes such dependencies to httpclient5 instead. In some cases,
the httpclient 4.x was transitively brought by a non-Spring dependency.
See gh-32461
This commit updates Servlet based Spring Security auto-configuration
to use AuthorizationFilter, which is intended to supersede
FilterSecurityInterceptor.
See gh-31255
With Spring Session moving to RedisSessionRepository as the preferred
session repository, Spring Boot auto-configuration should make it
possible to easily switch back to the previous default
(RedisIndexedSessionRepository).
This commit introduces spring.session.redis.repository configuration
property that allows selecting the desired Redis-backed session
repository implementation.
See gh-32205
Batch is now auto-configured to use the context's
PlatformTransactionManager and DataSource or `@BatchDataSource`.
When this does not meet the user's needs, they can use
`@EnableBatchProcessing` or sub-class `DefaultBatchConfiguration` to
take complete control with the auto-configuration backing off.
Closes gh-32330
Add a new `useMainMethod` attribute to `SpringBootTest` which can be
used to determine how the test should run. The three available options
are:
- `ALWAYS`
- `NEVER`
- `WHEN_AVAILABLE`
The default is `WHEN_AVAILABLE` which will attempt to launch the test
using the `main` method if there is one.
The `SpringBootContextLoader` has been updated to use the new
`SpringApplicationHook` interface when the main method is being used.
Closes gh-22405
This commit adds the `AutoConfigurationImportsAnnotationProcessor` to
the `spring-boot-autoconfigure-processor` annotation processor
module. When added to a project build, the annotation processor will
generate the
`org.springframework.boot.autoconfigure.AutoConfiguration.imports`
file automatically from `@AutoConfiguration`-annotated classes. It
also applies the annotation processor to the Spring Boot build.
Closes gh-31228
Any classes that rely on Spring Data being on the classpath
have been moved under a data package.
Certain configuration properties have also been updated to
accurately reflect whether Spring Data is required for the
auto-configuration to work.
Closes gh-11574
This commit adds the Spring for GraphQL auto-configuration back
into Spring Boot 3.0, now that a 1.1.0 release is scheduled with the
required baseline. This release also needs GraphQL Java 19.0 as a
baseline.
Closes gh-31809
Spring Security now filters every dispatch by default and not only
once-per-request. Security configuration has been updated in a number of
places to restore the old behavior as needed for the tests to pass.
gh-31703 has been opened to review this and to investigate if we can
now remove the error page security filter and rely on the filtering of
every dispatch instead.
In addition to switching to once-per-request filtering where needed,
this commit also restructures the configuration of the error page
security filter. The restructuring was necessary to ensure that the
privilege evaluator bean has been defined before the conditions on the
error page security filter are evaluated. Without the change, the filter
was no longer being configured as the privilege evaluator hadn't been
defined before the on bean condition was evaluated. We may want to back
port this change as the ordering doesn't appear to have been defined
before and we were just getting lucky.
See gh-31622
See spring-projects/spring-security#11466
This commit makes the following potentially breaking changes:
- Dependency management for modules that do not exist in Hibernate
6.1 has been removed.
- Hibernate's modules are now in the org.hibernate.orm group. Users
not using the starter or using modules that are not in the starter
will have to update their build configuration accordingly.
- spring.jpa.hibernate.use-new-id-generator-mappings has been removed
as Hibernate no longer supports switching back to the old ID
generator mappings.
Co-authored-by: Andy Wilkinson <wilkinsona@vmware.com>
Closes gh-31674
Update `CompositeHandlerExceptionResolver` to search for beans in
all contexts. Note that `BeanFactoryUtils.beansOfTypeIncludingAncestors`
cannot not be used since we need to pick up all beans, even if they
have the same name.
See gh-31495
Update `JarFile` and related classes so that `close()` is not longer
called early.
Prior to this commit, we would always immediately close the underlying
jar file to prevent file locking issues with our build. This causes
issues on certain JVMs when they attempt to verify a signed jar.
The file lock issues have now been solved by returning a custom input
stream from `JarUrlConnection` which captures and delegates the close
method.
Fixes gh-29356
This commit updates several smoke tests in order to avoid conflicts
with NAME environment variable that is present in WSL and causes
project build to fail. Previous attempt to fix this in 7da42d71 was
incomplete.
See gh-31267
spring.security.saml2.relyingparty.registration.*.asserting-party.* is
now named spring.security.saml2.relyingparty.registration.*.assertingparty.*
Closes gh-30785
Rename spring.security.saml2.relyingparty.registration.*.identity-provider.*
to spring.security.saml2.relyingparty.registration.*.asserting-party.*
The old property names are still supported, but will lead to a warning
in the logs.
Closes gh-30642
This commit temporarily disables the Redis Session smoke test, as it
relies on the Session Actuator endpoint being present.
Since spring-projects/spring-session#1711, the default session
repository contributed is not of type `FindByIndexNameSessionRepository`
and thus cannot support the Session endpoint use case.
Until gh-30673 is resolved, this test is disabled.
See gh-30673
Previously, if spring.main.web-application-type was configured in
application.properties to servlet or reactive, setting
webEnvironment=NONE on @SpringBootTest would not work correctly and
a servlet or reactive web application context would be created
based on the value of spring.main.web-application-type.
This commit updates the test context bootstapper to set
spring.main.web-application-type to none when webEnvironment has been
set to none. This is done in the merged context configuration's
property source properties which are applied to the environment in a
high-precedence test property source that will override configuration
in application.properties.
Closes gh-29695
Phillip Webb
Moritz Halbritter
cdanger
Andy Wilkinson
Stephane Nicoll
Madhura Bhave
Johnny Lim
Scott Frederick
Brian Clozel
Vedran Pavic
dreis2211
thegeekyasian
Oliver Drotbohm
Guirong Hu
Lars Grefer