Previously the management endpoint filter was applied to all requests
if the user had disabled security.management.enabled, but since it
had no security applied it was letting all requests through.
The fix was to explicitly exclude the whole enclosing configuration
and carefully ignore the management endpoints in the normal security
chain.
Fixes gh-100.
In some cases the websocket communication fails and Snake#sendMessage throws an exception.
In that case the send loop is interrupted and later clients are not update.
The RC1 version had some websocket issues, that prevented propper websocket communication.
In some cases the SocketJS communication was downgraded to 'xhr_streaming'.
Builder for SpringApplication and ApplicationContext instances with
convenient fluent API and context hierarchy support. Simple example
of a context hierarchy:
new SpringApplicationBuilder(ParentConfig.class)
.child(ChildConfig.class).run(args);
Another common use case is setting default arguments, e.g.
active Spring profiles, to set up the environment for an application:
new SpringApplicationBuilder(Application.class).profiles("server")
.defaultArgs("--transport=local").run(args);
If your needs are simpler, consider using the static convenience
methods in SpringApplication instead.
[#49703716] [bs-116] Parent context for some beans maybe?
Update SpringBootServletInitializer with separate getConfigClass() and
getAdditionalConfigClasses() methods. This change makes it easier to
use the SpringBootServletInitializer with the common use case of a
single config class.
The `Tomcat.start()` has to happen to initialize the `ServletContext`
but we can immediately stop the connector and then restart it when
the context is finished refreshing. Seems to make curl fail quickly
if an app is slow to start.
A side effect is that spring-boot-starter-data-jpa needs
to include an aspectjweaver depdendency. Hope that doesn't
hurt anything else.
[Fixes#56780004]
Fix TomcatEmbeddedServletContainerFactory to set a MERGED_WEB_XML
attribute when JSPs are used. This is required for EL support with
JSPs since Jasper checks the version number in the web.xml. Without
any web.xml Jasper default to disabling EL.
Issue: #55752948
Remove '/resources/**' mapping since it can cause problems with the
'/**' when the developer defines their own 'resources' sub-folder.
Also remove default servlet config since the resources mapping renders
it redundant.
Issue: #55494446
The management endpoints were still all mixed up
with the user endpoints. Fixed that and extracted
user endpoints in to conditional block so not
protected if path explicitly set to empty string.
[#53029715]
Rework several aspects of database auto-configuration:
- Use RelaxedPropertyResolver to obtain property values
- Extract EmbeddedDatabaseConnection from EmbeddedDatabaseConfiguration
- Rename several configuration classes for consistency
Issue: #53028397
Management endpoints are still secure by default if
Spring Security is present, but now the default
user details have an ADMIN role, and a random password
(which is logged at INFO level if not overridden).
To override you add management.user.password (name, role)
to external properties.
[Fixes#53029715] [bs-203]
Opinionated defaults for WebSockets:
* If spring-websocket is on the classpath and so is
the Tomcat WSci initializer then it is added to the context
* A DefaultSockJsService is added if none is present
* User has only to define @Beans of type WebSocketHandler with
name starting "/"
* Each one is converted to a SockJsHttpRequestHandler and
mapped to "/<beanName>/**"
The DispatcherServlet adds a default InternalViewResolver
which was used by some apps, but when the actuator was
available it added an "/error" bean and effectively
switched off the default view resolver. The net fix was
to add an InternalViewResolver at the same time as
adding any other ViewResolvers.
[Fixes#55357516] [bs-290] Actuator UI app cannot serve static index.html