By configuring security.oauth2.client.grantType=client_credentials the
user signals that (even in a web application) he doesn't want to use
the auth code grant (and hence session and request scoped beans for
client context).
This commit improves ValidationAutoConfiguration so that a `Validator`
bean is exposed if JSR 303 is available. This has the side effect of
automatically enable Spring Data Couchbase's entity validation rather
than requiring to expose a `Validator` bean.
Closes gh-5178
Previously, ValidationAutoConfiguration would configure a
MethodValidationPostProcessor if any Bean Validation 1.0 or later
implementation was available, however the underlying infrastructure
requires Bean Validation 1.1 with any implementation or
Bean Validation 1.0 with Hibernate Validator 4.3.
This caused a problem on TomEE which uses Apache BVal, and Bean
Validation 1.0 implementation. Spring Framework would identify that
Bean Validaton 1.0 was being used and then try to load Hibernate
Validator classes that are not present.
This commit fixes the problem by requiring Bean Validation 1.1 before
auto-configuring a MethodValidationPostProcessor.
Closes gh-7665
Update `SpringBootWebSecurityConfiguration` to ignore requests by
delegating to `IgnoredRequestCustomizer` beans. This allows a single
Spring Boot `WebSecurityConfigurer<WebSecurity>` bean to be used which
prevents potential exceptions caused by duplicate `@Order` values.
Fixes gh-7106
Previously, if a user specifies a path to a schema or data DDL that does
not exist, the application will start up fine and the missing DDL would
not be reported.
This commit validates that user-defined resources actually exist and
throw a new `ResourceNotFoundException` if they don't.
Closes gh-7088
Previously, if `spring.couchbase.bootstrap-hosts` was specified in YAML
or with the `[Idx]` notation, the auto-configuration would not kick in.
This is due to a limitation of `@ConditionalOnProperty` on a property of
type Collection. This commit workarounds this limitation for now with a
dedicated condition.
Closes gh-7508
Checking for the presence of a `ValidationProvider` resource is
unfortunately not enough to trigger the validation auto-configuration.
If `hibernate-validator` is added on the classpath without a `javax.el`
implementation, the former will blow up on startup. So far this was a
pilot error so we didn't have to care about it. Now that we have an
auto-configuration that may lead to this error, we need to be extra
careful and check that scenario ourselves.
This commit adds an extra condition that runs as late as possible and
attempt to actually initialize a `Validator`. If that fails for whatever
reason, the auto-configuration will now back off.
Several additional tests have been added to exercise this scenario.
Closes gh-6228
This commit deprecates `server.max-http-post-size` and introduces a
dedicated property for each supported container. In particular, Undertow
can now define a max size higher than 2GB.
Closes gh-7362
This commit auto-configures `MethodValidationPostProcessor` if necessary
when a JSR-303 validator implementation is detected on the classpath.
Closes gh-6228
Johnny Lim
Phillip Webb
Marco Aust
Gary Russell
Kazuki Shimizu
Dave Syer
Stephane Nicoll
Andy Wilkinson
Madhura Bhave
Mark Paluch
Oscar Utbult