Merge branch '1.2.x'

spring-boot-dependencies/pom.xml

@@ -153,7 +153,7 @@
 		<thymeleaf-extras-conditionalcomments.version>2.1.1.RELEASE</thymeleaf-extras-conditionalcomments.version>
 		<thymeleaf-layout-dialect.version>1.2.9</thymeleaf-layout-dialect.version>
 		<thymeleaf-extras-data-attribute.version>1.3</thymeleaf-extras-data-attribute.version>
-		<tomcat.version>8.0.26</tomcat.version>
+		<tomcat.version>8.0.28</tomcat.version>
 		<undertow.version>1.3.0.Final</undertow.version>
 		<velocity.version>1.7</velocity.version>
 		<velocity-tools.version>2.0</velocity-tools.version>

spring-boot-docs/src/main/asciidoc/howto.adoc

@@ -476,10 +476,6 @@ typically in `application.properties` or `application.yml`. For example:
 See {sc-spring-boot}/context/embedded/Ssl.{sc-ext}[`Ssl`] for details of all of the
 supported properties.
 
-NOTE: Tomcat requires the key store (and trust store if you're using one) to be directly
-accessible on the filesystem, i.e. it cannot be read from within a jar file. This
-limitation doesn't apply to Jetty and Undertow.
-
 Using configuration like the example above means the application will no longer support
 plain HTTP connector at port 8080. Spring Boot doesn't support the configuration of both
 an HTTP connector and an HTTPS connector via `application.properties`. If you want to

spring-boot-samples/spring-boot-sample-tomcat-ssl/src/main/resources/application.properties

@@ -1,4 +1,4 @@
 server.port = 8443
-server.ssl.key-store = sample.jks
+server.ssl.key-store = classpath:sample.jks
 server.ssl.key-store-password = secret
 server.ssl.key-password = password

spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java

@@ -326,9 +326,7 @@ public class TomcatEmbeddedServletContainerFactory
 
 	private void configureSslKeyStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
 		try {
-			assertNotClasspathResource(ssl.getKeyStore());
+			protocol.setKeystoreFile(ResourceUtils.getURL(ssl.getKeyStore()).toString());
-			File file = ResourceUtils.getFile(ssl.getKeyStore());
-			protocol.setKeystoreFile(file.getAbsolutePath());
 		}
 		catch (FileNotFoundException ex) {
 			throw new EmbeddedServletContainerException(
@@ -345,9 +343,8 @@ public class TomcatEmbeddedServletContainerFactory
 	private void configureSslTrustStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
 		if (ssl.getTrustStore() != null) {
 			try {
-				assertNotClasspathResource(ssl.getTrustStore());
+				protocol.setTruststoreFile(
-				File file = ResourceUtils.getFile(ssl.getTrustStore());
+						ResourceUtils.getURL(ssl.getTrustStore()).toString());
-				protocol.setTruststoreFile(file.getAbsolutePath());
 			}
 			catch (FileNotFoundException ex) {
 				throw new EmbeddedServletContainerException(
@@ -363,14 +360,6 @@ public class TomcatEmbeddedServletContainerFactory
 		}
 	}
 
-	private void assertNotClasspathResource(String resource)
-			throws FileNotFoundException {
-		if (resource.startsWith(ResourceUtils.CLASSPATH_URL_PREFIX)) {
-			throw new FileNotFoundException("Unable to load '" + resource
-					+ "' since Tomcat doesn't support classpath resources");
-		}
-	}
-
 	/**
 	 * Configure the Tomcat {@link Context}.
 	 * @param context the Tomcat context

spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java

@@ -330,14 +330,19 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
 	}
 
 	@Test
-	public void basicSsl() throws Exception {
+	public void basicSslFromClassPath() throws Exception {
+		testBasicSslWithKeyStore("classpath:test.jks");
+	}
+
+	@Test
+	public void basicSslFromFileSystem() throws Exception {
 		testBasicSslWithKeyStore("src/test/resources/test.jks");
 	}
 
 	@Test
 	public void sslDisabled() throws Exception {
 		AbstractEmbeddedServletContainerFactory factory = getFactory();
-		Ssl ssl = getSsl(null, "password", "src/test/resources/test.jks");
+		Ssl ssl = getSsl(null, "password", "classpath:test.jks");
 		ssl.setEnabled(false);
 		factory.setSsl(ssl);
 		this.container = factory.getEmbeddedServletContainer(
@@ -393,8 +398,8 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
 	public void pkcs12KeyStoreAndTrustStore() throws Exception {
 		AbstractEmbeddedServletContainerFactory factory = getFactory();
 		addTestTxtFile(factory);
-		factory.setSsl(getSsl(ClientAuth.NEED, null, "src/test/resources/test.p12",
+		factory.setSsl(getSsl(ClientAuth.NEED, null, "classpath:test.p12",
-				"src/test/resources/test.p12"));
+				"classpath:test.p12"));
 		this.container = factory.getEmbeddedServletContainer();
 		this.container.start();
 		KeyStore keyStore = KeyStore.getInstance("pkcs12");
@@ -417,8 +422,8 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
 			throws Exception {
 		AbstractEmbeddedServletContainerFactory factory = getFactory();
 		addTestTxtFile(factory);
-		factory.setSsl(getSsl(ClientAuth.NEED, "password", "src/test/resources/test.jks",
+		factory.setSsl(getSsl(ClientAuth.NEED, "password", "classpath:test.jks",
-				"src/test/resources/test.jks"));
+				"classpath:test.jks"));
 		this.container = factory.getEmbeddedServletContainer();
 		this.container.start();
 		KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
@@ -441,8 +446,7 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
 			throws Exception {
 		AbstractEmbeddedServletContainerFactory factory = getFactory();
 		addTestTxtFile(factory);
-		factory.setSsl(
+		factory.setSsl(getSsl(ClientAuth.NEED, "password", "classpath:test.jks"));
-				getSsl(ClientAuth.NEED, "password", "src/test/resources/test.jks"));
 		this.container = factory.getEmbeddedServletContainer();
 		this.container.start();
 		SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
@@ -460,8 +464,7 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
 			throws Exception {
 		AbstractEmbeddedServletContainerFactory factory = getFactory();
 		addTestTxtFile(factory);
-		factory.setSsl(
+		factory.setSsl(getSsl(ClientAuth.WANT, "password", "classpath:test.jks"));
-				getSsl(ClientAuth.WANT, "password", "src/test/resources/test.jks"));
 		this.container = factory.getEmbeddedServletContainer();
 		this.container.start();
 		KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
@@ -484,8 +487,7 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
 			throws Exception {
 		AbstractEmbeddedServletContainerFactory factory = getFactory();
 		addTestTxtFile(factory);
-		factory.setSsl(
+		factory.setSsl(getSsl(ClientAuth.WANT, "password", "classpath:test.jks"));
-				getSsl(ClientAuth.WANT, "password", "src/test/resources/test.jks"));
 		this.container = factory.getEmbeddedServletContainer();
 		this.container.start();
 		SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(

spring-boot/src/test/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactoryTests.java

@@ -40,7 +40,6 @@ import org.apache.coyote.http11.AbstractHttp11JsseProtocol;
 import org.junit.Test;
 import org.mockito.InOrder;
 import org.springframework.boot.context.embedded.AbstractEmbeddedServletContainerFactoryTests;
-import org.springframework.boot.context.embedded.EmbeddedServletContainerException;
 import org.springframework.boot.context.embedded.Ssl;
 import org.springframework.util.SocketUtils;
 
@@ -316,13 +315,6 @@ public class TomcatEmbeddedServletContainerFactoryTests
 
 	}
 
-	@Test
-	public void basicSslClasspathKeyStore() throws Exception {
-		this.thrown.expect(EmbeddedServletContainerException.class);
-		this.thrown.expectMessage("Tomcat doesn't support classpath resources");
-		testBasicSslWithKeyStore("classpath:test.jks");
-	}
-
 	@Test
 	public void jspServletInitParameters() {
 		Map<String, String> initParameters = new HashMap<String, String>();