Add a `NestedFileSystemProvider` implementation so that the JDK's
`ZipFileSystem` can load content from nested jars and nested
directory entries.
Creating a `ZipFileSystem` may be a relatively expensive operation as
zip structures need to be parsed and in the case of directory entries
a virtual datablock nees to be generated on the fly. As such, we
install the `ZipFileSystem` as late as possible since in a typical
application it may never be needed.
This commit also tweaks Gradle and Maven plugins to ensure that the
service loader file is written to repackaged jars.
Closes gh-7161
Update Gradle and Maven plugins to write an empty `META-INF/BOOT.SF`
file whenever there is a nested signed jar.
This update allows Oracle Java 17 to correctly verify the nested JARs.
The file is required because `JarVerifier` has code roughly equivalent
to:
if (!jarManifestNameChecked && SharedSecrets
.getJavaUtilZipFileAccess().getManifestName(jf, true) == null) {
throw new JarException("The JCE Provider " + jarURL.toString() +
" is not signed.");
}
The `SharedSecrets.getJavaUtilZipFileAccess().getManifestName(jf, true)`
call ends up in `ZipFile.getManifestName(onlyIfSignatureRelatedFiles)`
which is a private method that we cannot override in our `NestedJarFile`
subclass. By writing an empty `.SF` file we ensure that the `Manifest`
is always returned because there are always "signature related files".
Fixes gh-28837
Update `spring-boot-loader-tests` with a test that checks verified
BouncyCastle jars can be loaded. Currently the Oracle JDK only supports
verification if the jar is unpacked.
See gh-28837
Update `spring-boot-launch-script-tests` and `spring-boot-loader-tests`
so that JDK archives are now downloaded by Gradle and cached across
builds.
Closes gh-37450
Create alternative launcher classes under the package
`org.springframework.boot.loader.launch` and use them in favor
of the previous location.
This update is designed to improve compatibility with future
changes in the loader.
Closes gh-37667
* Simplify produce/consume verify via OutputCapture
* Remove spring-boot-smoke-test-pulsar-reactive as
no other smoke tests split them out
See gh-37196
Previously, when a Servlet-based WebServer was stopped it would also
stop the ServletContext. This led to problems as Tomcat and Undertow
would then not allow a restart. Jetty would allow a restart but
duplicate servlet registrations would then be attempted.
This commit modifies the WebServer lifecycle to separate stopping
and destruction for both servlet and reactive web servers. This
allows a WebServer's stop() implementation to leave some components
running so that they can be restarted. To completely shut down a
WebServer destroy() must now be called.
Both Tomcat and Jetty WebServers have been updated to stop their
network connections when stop() is called but leave other components
running. This works with both servlet and reactive web servers.
Note that an Undertow-based Servlet web server does not support
stop and restart. Once stopped, a Servlet Deployment cannot be
restarted and it does not appear to be possible to separate the
lifecycle of its network connections and a Servlet deployment.
Reactor Netty and Undertow-based reactive web servers can now also
be stopped and then restarted. Calling stop() stops the whole server
but this does not cause a problem as there's no (application-exposed)
ServletContext involved. There may be room to optimize this in the
future if the need arises.
Closes gh-34955
Docs related to gh-33280 (log correlation) and
gh-35593 (application name in each log line) need some polishing:
- Fix project names
- Show how to avoid having the application name duplicated in logs
- Call out that a trailing space is needed in the correlation pattern
Closes gh-36035
See gh-33280
See gh-35593
Update Logback and Log4J2 so that they include the application name on
each log line. If `spring.application.name` had not been set, or if
`logging.include-application-name` is `false` then the name is not
logged.
Closes gh-35593
Most notably, this commit splits the tests that use Spring REST Docs
out into a separate task for which predictive test selection is
disabled. This allows it to be cached and use Gradle's built-in
up-to-date checking, thereby avoiding the generation of new snippets
and the need to then run the asciidoctor and asciidoctorPdf tasks.
It also updates spring-boot-smoke-test-junit-vintage to disable
predictive test selection so that we can continue to assert that
the some tests were executed.
See gh-35869
Remove `@ImportAutoConfiguration(SslAutoConfiguration.class)`, since
`SslAutoConfiguration.class` is already provided as an
auto-configuration with `@SpringBootTest`
See gh-35655
Fixes an issue where auto-configuration for Spring Authorization Server
was overriding the default exception handling (AuthenticationEntryPoint)
resulting in anonymous requests to the token endpoint being redirected
to the Spring Security login page instead of returning 401 Unauthorized.
Auto-configuration now registers a defaultAuthenticationEntryPointFor
that is added to any other entry points already configured.
See gh-35368
Add auto-configuration for `Container` beans that are also
annotated with `@ServiceConnection`. This commit allow
testcontainers to be used at development time and a new section
has been added to the documentation to describe the feature.
Closes gh-35022
Update restcontainers service connections support so that
technology specific `@ServiceConnector` annotations are not longer
required.
A single `@ServiceConnector` annotation can now be used to create
all `ConnectionDetail` beans.
Closes gh-35017
Building upon the auto-configuration support for service connections,
this commit adds support for deriving connection details from a
Testcontainers-managed container. Several service-specific
annotations have been introduced. These annotations can be used on a
container field to indicate that it is a source of the details for
a service connection.
See gh-34658
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Update `spring-boot-smoke-test-ant` so that the ant lib folder is always
cleaned. Prior to this commit, it was possible for the folder to contain
stale artifacts.
Remove `spring-boot-smoke-test-webflux-ssl` since it's more of
an integration test than a smoke test. We could consider
relocating it to `spring-boot-integration-tests` but since we
have unit tests with a mock PCKCS11 security it's probably
best to see if we can get away without it.
See gh-32179
Rename `/actuator/httptrace` to `/actuator/httpexchanges` to better
describe its purpose and to remove confusion with distribute tracing.
This change also takes the opportunity to improve the code by making
the `HttpExchange` class (previously `HttpTrace`) fully immutable.
Closes gh-32885
Co-authored-by: Andy Wilkinson <wilkinsona@vmware.com>
This commit adds a `Build-Jdk-Spec` attribute to the manifest in a
jar or war file built with the Spring Boot Gradle plugin. This
aligns the Gradle plugin's behavior with the default Maven plugin
behavior.
This removes the need to set a `BP_JVM_VERSION` environment variable
when invoking Cloud Native Buildpacks, as the Paketo buildpacks will
honor `Build-Jdk-Spec` in a jar or war manifest to determine the
default JVM version.
Fixes gh-32829
Spring Security now re-applies the authorization rules
to the error page by default. Additionally, it configures
RequestAttributeSecurityContextRepository as the default for
stateless applications allowing those applications to have access
to the original authentication during an error dispatch.
Closes gh-31703
This commit migrates our remaining usage of the httpclient 4.x to use
instead httpclient5, now that the 4.x support has been removed in
`RestTemplate`.
Closes gh-32461
As htttpclient 4.x is not supported anymore by `RestTemplate`, this
commit changes such dependencies to httpclient5 instead. In some cases,
the httpclient 4.x was transitively brought by a non-Spring dependency.
See gh-32461
This commit updates Servlet based Spring Security auto-configuration
to use AuthorizationFilter, which is intended to supersede
FilterSecurityInterceptor.
See gh-31255
With Spring Session moving to RedisSessionRepository as the preferred
session repository, Spring Boot auto-configuration should make it
possible to easily switch back to the previous default
(RedisIndexedSessionRepository).
This commit introduces spring.session.redis.repository configuration
property that allows selecting the desired Redis-backed session
repository implementation.
See gh-32205
Batch is now auto-configured to use the context's
PlatformTransactionManager and DataSource or `@BatchDataSource`.
When this does not meet the user's needs, they can use
`@EnableBatchProcessing` or sub-class `DefaultBatchConfiguration` to
take complete control with the auto-configuration backing off.
Closes gh-32330
Add a new `useMainMethod` attribute to `SpringBootTest` which can be
used to determine how the test should run. The three available options
are:
- `ALWAYS`
- `NEVER`
- `WHEN_AVAILABLE`
The default is `WHEN_AVAILABLE` which will attempt to launch the test
using the `main` method if there is one.
The `SpringBootContextLoader` has been updated to use the new
`SpringApplicationHook` interface when the main method is being used.
Closes gh-22405
Eddú Meléndez
Phillip Webb
Tobias Lippert
Scott Frederick
Andy Wilkinson
Yanming Zhou
Brian Clozel
Moritz Halbritter
Andy Wilkinson
Scott Frederick
Phillip Webb
Claudio Nave
Moritz Halbritter
Christoph Dreis
Johnny Lim
Chris Bono
Stephane Nicoll
ThomazPassarelli
Jonatan Ivanov
Steve Riesenberg
Madhura Bhave
Michael Weidmann
Krzysztof Krason
cdanger
Brian Clozel
Vedran Pavic