This commit removes the Servlet root context from the default values for
the `spring.resources.static-locations` configuration property. Servlet
and non-Servlet applications are sharing this property.
The Servlet root context is automatically configured as a resource
location for Spring MVC based applications.
Closes gh-9240
This commit makes the "spring.session.store-type" property optional,
adding an additional check when it is not present that validates only
one supported implementation is available on the classpath.
As Spring Session has been modularized, the chance that multiple
implementations are available on the classpath are lower. When only
one implementation is present, we attempt to auto-configure it. When
more than one implementation is present and no session store is
configured, a NonUniqueSessionRepositoryException is thrown.
Closes gh-9863
Update the security request matchers so that a bean is no longer needed
when the matcher is used. Matchers can now be build by starting from
the `EndpointRequest` or `StaticResourceRequest` classes. For example:
http.authorizeRequests()
.requestMatchers(EndpointRequest.to("status", "info")).permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")
.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
Closes gh-7958
Restructure actuator packages to improve structure. The following
changes have been made:
- Separate actuator and actuator auto-configuration into different
modules.
- Move endpoint code into `spring-boot-actuator`.
- Move `Endpoint` implementations from a single package into
technology specific packages.
- Move `HealthIndicator` implementations from a single package into
technology specific packages.
- As much as possible attempt to mirror the `spring-boot` package
structure and class naming in `spring-boot-actuator` and
`spring-boot-actuator-autoconfigure`.
- Move `DataSourceBuilder` and DataSource meta-data support from
`spring-boot-actuator` to `spring-boot`.
Fixes gh-10261
This commit makes sure that customizations on the
SessionRepositoryFilter are also applied when the user provides its
own SessionRepository.
Closes gh-10254
Previously, if a user's configuration class provided a custom
Validator bean, that configuration class would be initialized very
early so that the Validator could be used to create the
auto-configured MethodValidationPostProcessor. This early
initialization could problems as it may prevent any of the
configuration class's dependencies from being post-processed.
This commit updates the injection of the Validator bean to be lazy,
thereby preventing the creation of the auto-configured
MethodValidationPostProcessor from triggering early initialization.
Closes gh-9416
This commit adds new Conditional annotations on auto-configurations
creating the Servlet/Reactive web servers. These conditions only depend
on request primitives used by the servers themselves and aren't
framework specific.
Closes gh-10163
Previously, AutoConfigureOrder defaulted to Ordered.LOWEST_PRECEDENCE.
This made is impossible for an individual auto-configuration to
indicate that it wanted to go "last", i.e. after any
auto-configuration classes that didn't not specify an order, or
specified an order other than LOWEST_PRECEDENCE.
This commit changes to default to 0, allowing a single
auto-configuration to easily indicate that it should go last.
Closes gh-10142
This commit adds a strategy interface to specific if a given DataSource
has its schema managed. The Hibernate auto-configuration uses it to set
it to "none" if a mechanism to initialize the DataSource is
found and "create-drop" otherwise.
Both Flyway and Liquibase implements that strategy interface and
register it in the context accordingly.
Closes gh-9262
Since the autoconfig totally backs off in the presence
of a WebSecurityConfigurerAdapter, there is no need to
order them ahead of/after the one provided by Spring Boot.
See gh-7958
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.
Closes gh-7958
This commit creates our own version of javax.servlet.DispatcherType for
configuration purpose as we can use the other one now the servlet api
is optional.
Closes gh-9856
This commit updates database initializers configuration to enable them
automatically only when an embedded `DataSource` is used. Related
configuration properties have been updated to use a more expressive
`DatabaseInitializerMode` enum rather than `Boolean` flag.
See gh-9752
Neo4jDataAutoConfiguration is meant to kick in when Spring Data Neo4J is
on the classpath. Yet, we were only checking for the presence of neo4j
itself and the transaction manager provided by spring-tx.
This commit makes sure to back off if Spring Data Neo4J is not present.
Closes gh-10038
This commit also makes sure to generate unique embedded data source and
disable datasource initialization as this is not required by those
tests.
See gh-9889
This commit adds an additional class check to AopAutoConfiguration as
it is main role is to configure `@EnableAspectJAutoProxy` which won't
work properly if `aspectjweaver` is not present.
Closes gh-9880
Previously, background preinitialization was started in response to
an ApplicationEnvironmentPreparedEvent and would complete at an
undetermined time later. This opened a window where SpringApplication
run could return and background preinitialization could still be
in progress. If, within this window, something attempted to configure
the logging system, an IO failure could occur as logging on the
background preinitialization thread would attempt to use resources
that had been closed.
This commit updates BackgroundPreinitializer so that it waits for
preinitialization to have completed when it receives an application
ready or application failed event. This prevents SpringApplication
run from returning while preinitialization is still in progress,
closing the window described above.
With info level logging enabled it appears that background
preinitialization consistently completes before the application ready
event is published. As a result, waiting should have no adverse effect
on performance in normal circumstances. With logging configured such
that background preinitialization outputs a large volume of log
messages (enabling trace logging for the root logger, for example), it
will be slowed down sufficiently for waiting to be necessary.
Closes gh-5669
Background preinitialization triggers static initialization of a
number of components that are slow to initialize. As the
initialization is static, it's only necessary once per class loader.
Previously, a new background preinitialization thread would be
created and started for each ApplicationEnvironmentPreparedEvent.
This commit updates the preinitializer to only create and start the
thread if preinitialization has not already been started for the
current class loader.
Closes gh-9869
Rename `ApplicationContextTester` and related classes to
`ApplicationContextRunner` and refactor existing tests to use correctly
named variables.
See gh-9875
This commit resets the artificial use of the http driver now the bolt
driver doesn't check if the connection to the Neo4J server is valid
on startup.
See neo4j/neo4j-java-driver#380
Closes gh-9500
Stephane Nicoll
Andy Wilkinson
Brian Clozel
Spring Buildmaster
Phillip Webb
Johnny Lim
Madhura Bhave
Paul Vorbach
Vedran Pavic
Oleg Zhurakousky
Christian Bühler
Gytis Trikleris
Eddú Meléndez
Emanuel Campolo