Update `SslAutoConfiguration` to the `ApplicationContext` class loader
when loading SSL resources. Prior to this commit, the thread context
class loader was used to load resources which could be incorrect.
Specifically, when using a `ForkJoinPool` the thread context classloader
defaults to the JRE `AppClassLoader` which does not include uber jar
content.
The underlying `JksSslStoreBundle` class and `PemSslStore.load(...)`
method have been updated so support using a provided `ResourceLoader`.
Fixes gh-42468
This commit adapts code that was using GenericBeanDefinition to use
RootBeanDefinition instead. Spring Framework recommend to use
RootBeanDefinition if it's pre-determined as root bean.
See gh-42611
This commit adapts code that was using GenericBeanDefinition to use
RootBeanDefinition instead. Spring Framework recommend to use
RootBeanDefinition if it's pre-determined as root bean.
See gh-42611
Update `OnBeanCondition` to consider the annotations attribute as well
as the types and names when determining if the bean type can be deduced.
Fixes gh-42484
This commit adds the ability for users to customize the auto-configured
Spring for Apache Pulsar message container factories. Each container
factory holds a set of container properties that is a common target for
users to configure. Allowing the customization of these properties
prevents a rapid increase of configuration properties.
See gh-42182
Support `AutoConfiguration.replacements` file that can be placed
alongside an `AutoConfiguration.imports` to replace deprecated
auto-configurations.
Closes gh-14860
This commit restores auto-configuration for using an Embedded broker
with ActiveMQ classic.
Contrary to its 2.7.x version, "spring-boot-starter-activemq" no longer
adds the broker for consistency with Artemis, and to keep the existing
3.x behavior. Rather than "inMemory", a "s.a.embedded.enabled"
property has been reintroduced that matches the name used by Artemis.
The documentation has been updated to mention that the broker
dependency must be added to use it.
Closes gh-38404
This is a follow-up to gh-42062 that utilizes newly introduced
`concurrency` property in `PulsarContainerProperties` to simplify
auto-configuration support for Pulsar listener container concurrency.
See: https://github.com/spring-projects/spring-pulsar/issues/820
See gh-42120
The subscription name config prop was not being set on the Pulsar
listener container properties. This commit adds the subscription
name to the Pulsar property mappers.
See gh-42067
Refine the fix introduced in commit 60b7e6cf23 so that the
`getErrorAttributes()` method is not called multiple times. If the
status is missing, the `DefaultErrorWebExceptionHandler` will now
call an internal `DefaultErrorAttributes` instance in order to obtain
the actual status result.
Fixes gh-41732
This commit allows Pulsar users to configure a default tenant
and/or namespace to be used when producing or consuming messages
to topic URLs that are not fully-qualified.
See gh-41851
Artemis does not work on Java 23, this commit therefore disables those
tests when running against a Java version higher than 22.
See https://issues.apache.org/jira/browse/ARTEMIS-4975
Unfortunately, the version of JUnit that we use has no value for Java
23, so we have to use OTHER for that purpose.
Infinispan 14 does not work on Java 23, an upgrade to 15 is required.
This commit therefore disables those tests when running against a Java
version higher than 22.
Unfortunately, the version of JUnit that we use has no value for Java
23, so we have to use OTHER for that purpose.
This commit moves the setup of vendor properties (e.g. Hibernate) from
the auto-configured LocalContainerEntityManagerFactoryBean to the
auto-configured EntityManagerFactoryBuilder. This way, custom use of
the latter retains additional auto-configuration logic such as the
naming strategy and DDL mode to use.
Closes gh-15318
This commit updates the configuration metadata and the reference guide
to mention that certain FreeMarker features are not available with
WebFlux.
This stems mostly from the fact that the WebFlux integration is not
based on a AbstractTemplateView.
Closes gh-11199
This commit updates the auto-configuration to allow custom FreeMarker
variables to be provided programmatically. As these variables are
usually objects, they cannot be specified via properties.
Closes gh-8965
Prior to this commit, the configured GraphQL routes would reply with an
HTTP 404 status when a POST request is sent with an unsupported content
type, such as "text/plain". While such requests are not supported in the
first place, we should help developers and let them know that the
content type sent is the problem.
This commit configures new routes that reply with HTTP 415 "Unsupported
Media Type" for these cases.
Closes gh-41675
This commit gathers `HandlerMethodArgumentResolver` beans contributed by
the application and sets them up on the auto-configured
`AnnotatedControllerConfigurer` bean.
This allows easier registrationsfor custom argument resolvers in Spring
for GraphQL applications.
Closes gh-40393
This commit updates the auto-configuration to use the native connection
factory for configuring message listener containers. Previously, the
connection factory that could have been wrapped in a caching connection
factory was used.
While using a caching connection factory is suitable for sending
messages (i.e. JmsTemplate usage), it isn't for message listeners as
they need to own the connection for local recovery purposes.
Closes gh-39816
Previously, if a failure occurred when evaluating conditions on a
separate thread, an NPE would occur on the main thread as the
expected array of outcomes was null.
This commit avoids the NPE and the lack of error reporting by
rethrowing on the main thread any failure that occurs on the
separate thread that's spawned to parallelize the evaluation.
Closes gh-41492
This is a follow-up to spring-projects/spring-framework#27619
This commit adds support for "org.webjars:webjars-locator-lite" for
enabling the statis resources chain.
As of this commit, support for "org.webjars:webjars-locator-core" is
deprecated for obvious performance reasons.
Closes gh-40146
Kafka back-off policy properties "delay", "max-delay", "multiplier",
and "random-back-off" are now defined in a common "backoff" group:
- spring.kafka.retry.topic.backoff.delay
- spring.kafka.retry.topic.backoff.maxDelay
- spring.kafka.retry.topic.backoff.multiplier
- spring.kafka.retry.topic.backoff.random
See gh-41335
Gradle doesn't support excluding a dependency that's declared with a
classifier. Instead, this commit replaces the test-qualified
kafka-server-common dependency with the plain dependency. The plain
dependency was already present so this is equivalent to excluding
the test-qualified dependency.
Closes gh-41446
Replace `DockerImageNames` with a enum and relocate it from the
`testcontainers` to `container` package. The enum now also
becomes a common location that we can use to apply container
configuration such as timeouts.
Closes gh-41164
Co-authored-by: Phillip Webb <phil.webb@broadcom.com>
Update `ErrorAttributeOptions` to allow the `status` and `error`
fields to be excluded from the response without throwing a
NullPointerException.
Fixes gh-30011
This reverts commit b6467ed826. Changes
in Spring Data Neo4j mean that these changes are no longer necessary.
They also caused a problem with multiple transaction managers being
present when mixing Neo4j and, say, Data JPA.
Closes gh-40895
The values in the `spring.pulsar.client.authentication.param`
config props map are not currently JSON encoded. For simple
values this is fine. However, some custom auth modules may
require more complex parameter values that may contain special
characters that results in invalid JSON. This commmit encodes
the parameter values using a very simple hand-rolled escape
function.
See gh-40493
Update `RabbitProperties` and `RabbitTemplateConfigurer` to support a
`spring.rabbitmq.template.allowed-list-patterns` property.
The can be used to prevent errors of the form:
java.lang.SecurityException: Attempt to deserialize unauthorized
class com.example.domain.Message; add allowed class name patterns
to the message converter or, if you trust the message orginiator,
set environment variable 'SPRING_AMQP_DESERIALIZATION_TRUST_ALL'
or system property 'spring.amqp.deserialization.trust.all' to true
See gh-40421
Adds auto-config for Spring for Apache Pulsar transactions.
Introduces a new `spring.pulsar.transaction.enabled` property
which can be used to enable transactions. This feature is
opt-in and remains disabled by default.
See gh-40189
Co-authored-by: Andy Wilkinson <andy.wilkinson@broadcom.com>
Co-authored-by: Phillip Webb <phil.webb@broadcom.com>
As of spring-projects/spring-graphql#534, Spring for GraphQL supports
the configuration of keep-alive PINGs for WebSocket connections.
This commit auto-configures this value in the `GraphQlWebSocketHandler`
WebFlux and MVC implementations if the
`spring.graphql.websocket.keep-alive` property is configured.
Closes gh-40320
Though the CqlSession provided by the CassandraAutoConfiguration can
be lazy, the configuration for Data Cassandra triggers early bean
instantiation. This commit uses new APIs in Data Cassandra to make
use of the intended lazy bean initialization and therefore prevents
the application from failing to start up when Cassandra might not yet
be ready.
See gh-39948
Properties under `server.ssl.server-name-bundles` and
`management.server.ssl.server-name-bundles` can be used to configure
mappings of host names to SSL bundles to support SNI in embedded web
servers.
Closes gh-26022
An ApplicationResourceLoader has been introduced to support loading
resources using registered ProtocolResolvers. All usages of
DefaultResourceLoader and ResourceUtils have been changed to use
the ApplicationResourceLoader.
A Base64ProtocolResolver has been added to support resources of type
`base64:` that contain base64 encoded values.
Closes gh-36033
The PulsarTemplate recently replaced its list of ProducerInterceptors
with a list of ProducerBuilderCustomizers that customize the builder by
adding each interceptor to the builder. The PulsarAutoConfigurationTests
previosuly relied on the previous field. This commit adjusts the tests
to instead use the Customizers testing utility to verify the
interceptors.
(cherry picked from commit 9c054a021f)
See gh-39946
The PulsarTemplate recently replaced its list of ProducerInterceptors
with a list of ProducerBuilderCustomizers that customize the builder by
adding each interceptor to the builder. The PulsarAutoConfigurationTests
previosuly relied on the previous field. This commit adjusts the tests
to instead use the Customizers testing utility to verify the
interceptors.
See gh-39912
Prior to this commit, Spring Boot auto-configurations for GraphQL web
endpoint were implementing their own `RequestPredicate` instances for
HTTP endpoints. Those were composing predicates with the provided DSL.
While this is functionnally right, Spring for GraphQL now provides
predicates in order to:
* host the implementation in spring-graphql directly
* provide optimized predicates for faster matching and lower overhead
This commit switches the auto-configurations to using these new
predicates.
Closes gh-39652
This commit adapts the error controller tests that need the request
to fail with a bind issue, and simulate the behavior of
ModelAttributeMethodProcessor.
As of Spring Framework 6.0.x, this processor no longer throws a
BindingException, but rather a MethodArgumentNotValidException and
the handing of BindException itself is deprecated.
This makes sure that those tests can smoothly be executed against
Spring Framework 6.2.x as throwing a BindingException now results
into an unresolved exception, and an internal server error rather than
the expected bad request.
See gh-39767
This commit moves the resolution check for ConnectionDetailsFactory
to a dedicated method to make it more clear that it is meant to verify
that the implementation is resolved and can be loaded from the
classpath.
The previous algorithm relied on a behavior of ResolvableType that only
resolves the first level generics. Further improvements in Spring
Framework 6.2 make this check invalid as some implementations use a
Container that can hold a nested generic.
See gh-39737
Add a new property called 'mime-mappings' under the 'server' property.
This is a key-value-map, which is added to the default MimeMappings.
See gh-39430
Add the new property nameIdFormat to the Saml2RelyingPartyProperties and
the corresponding mapping to the
Saml2RelyingPartyRegistrationConfiguration.
See gh-39395
This commit removes the use of the Pulsar ObjectMapperFactory when
converting the authentication config props map to a JSON string. The
Pulsar factory operates on a shaded returned value of Jackson
ObjectMapper which may not exist when users are using the
non-shaded version of the Pulsar client lib.
See https://github.com/spring-projects/spring-pulsar/issues/562
See gh-39389
Introduce an jOOQ `ExecuteListener` sub-interface specifically
for exception translation with the auto-configured
`DefaultExecuteListenerProvider` instance.
Users can now define a bean that implements the interface or
omit it and continue to use the existing exception translation
logic.
See gh-38762
Prior to this commit, the GraphQL auto-configuration would consider many
bean types like `DataFetcherExceptionResolver` and
`SubscriptionExceptionResolver` to configure the `GraphQlSource`.
It would also configure a default `ConnectionTypeDefinitionConfigurer`.
This commit will detect all `TypeDefinitionConfigurer` beans defined in
the application and configure them in addition to the
`ConnectionTypeDefinitionConfigurer`.
Closes gh-39118
The JwtConverter bean is only supplied, if one of the following
properties is there:
* spring.security.oauth2.resourceserver.jwt.authority-prefix
* spring.security.oauth2.resourceserver.jwt.principal-claim-name
* spring.security.oauth2.resourceserver.jwt.authorities-claim-name
See gh-38105
Update `AutoConfigurationSorter` so that `getClassesRequestedAfter()`
results are sorted to match the earlier name/order sorting. Prior to
this commit the order of items added via `@AutoConfigureAfter` was in
an undetermined order which could cause very subtle `@ConditionalOnBean`
bugs.
Thanks very much to Alexandre Baron for their help in diagnosing and
reproducing this issue.
Fixes gh-38904
Update `PulsarPropertiesMapper` to use JSON encoded parameters rather
than a `Map` since the `Map` method is deprecated in Pulsar. This
commit simply takes the auth params map and converts them to the
expected encoded JSON string of auth parameters.
See gh-38839
Update `LoadedPemSslStore` so that it loads content lazily. This
restores the behavior of Spring Boot 3.1 and allows bundles to be
defined with files that don't exist as long as they are never accessed.
Fixes gh-38659
There are some notable differences in the behavior of Spring
Security's reactive and servlet-based web security. Notably,
Servlet-based web security (`@EnableWebSecurity`) works without
any authentication manager, rejecting requests as not authorized.
By contrast reactive-based web security (`@EnableWebFluxSecurity`)
fails to start up when there's no authentication manager, either
provided directly as a bean or derived from a
ReactiveUserDetailsService. There are also further differences at
runtime where empty Monos from all ReactiveAuthenticationManagers
results in an internal error and a 500 response whereas a similar
situation in the servlet implementation results in a 401.
Previously, to accommodate these differences in behavior, Spring
Boot's auto-configuration would behave differently. In the Servlet
case, web security would be enabled whenever the necessary
dependencies were on the classpath. In the reactive case, web
security would back off in the absence of an authentication manager
to prevent a start up failure. While this difference is rooted in
Spring Security, it is undesirable and something that we want to
avoid Spring Boot users being exposed to where possible.
Unfortunately, the situation is more likely to occur than before
as ReactiveUserDetailsServiceAutoConfiguration now backs off more
readily (gh-35338). This makes it more likely that the context will
contain neither a reactive authetication manager not a reactive
user details service.
This commit reworks the auto-configurations related to reactive
security. ReactiveSecurityAutoConfiguration will now auto-configure
an "empty" reactive authentication manager that denies access through
Mono.error in the absence of a ReactiveAuthenticationManager,
ReactiveUserDetailsService, or SecurityWebFilterChain. The last of
these is to allow for the situation where a filter chain has been
defined with an authentication manager configured directly on it.
This configuration of an authentication manager allows
`@EnableWebFluxSecurity` to be auto-configured more readily,
removing one of the differences between reactive- and Servlet-based
security.
Corresponding updates to the auto-configurations for reactive OAuth2
support have also been made. They no longer try to auto-configure
`@EnableWebFluxSecurity`, relying instead upon
ReactiveSecurityAutoConfiguration, which they are ordered before, to
do that instead.
Closes gh-38713
The stream auto-configuration is tested in RabbitStreamConfigurationTests,
and excluding it prevents the creation of the "rabbitStreamEnvironment"
Environment bean, which delays the application context close by 1 second
because it has to wait for some Netty resources to gracefully shut down.
Closes gh-38750
Following the changes in gh-37504, the reactive resource server
auto-configuration could enable WebFlux security in situations where
it was otherwise in active. This could then result in an application
failing to start as no authentication manager is available.
This commit updates the configurations that enable WebFlux security
so that they fully back off unless their related configurations are
active. Previously, only the configuration of the
SecurityWebFilterChain would back off. This has been expanded to
cover `@EnableWebFluxSecurity` as well. This has required splitting
the configuration classes up so that the condition evaluation order
can be controlled more precisely. We need to ensure that the JWT
decoder bean or the opaque token introspector bean has been defined
before evaluation of the conditions for `@EnableWebFluxSecurity`.
Without this control, the import through `@EnableWebFluxSecurity` in
one location where the conditions do not matchcan prevent a
successful import in another where they do.
Fixes gh-38713
Phillip Webb
Andy Wilkinson
Dmytro Nosan
Tran Ngoc Nhan
Moritz Halbritter
Misagh Moayyed
Stéphane Nicoll
Yanming Zhou
qingbozhang
Johnny Lim
Chris Bono
Vedran Pavic
Scott Frederick
Piyal Ahmed
facewise
Brian Clozel
maxhov
shenqicheng
Travis Riegler
Rui Figueira
임수현
rohit patidar
Ahmed Ashour
Maziz
Tobias Laatsch
Christoph Strobl
Jens Schauder
Scott Frederick
Matt Pavlovich
BenchmarkingBuffalo
Patrick Strawderman
junhyung
JonasG
Wzy19930507
Eddú Meléndez
Claudio Nave
Tobias Lippert
Dennis Melzer
PhilKes
amparab
teacmity
Kai Zander
Yan Kardziyaka
Swamy Mavuri
John Niang
skcskitano
Christoph Dreis
Moritz Halbritter
Chris Bono