This commit adds a new section in the Spring Boot reference
documentation to mention potential throughput limitations with Java
virtual threads support.
This section links to the official Java documentation which expands much
more on this matter.
Closes gh-38883
Prior to the introduction of SSL bundles, the `server.ssl` properties
allowed PEM and JKS certificate files types to be mixed when
configuring keystores and truststores. This was lost when adapting to
SSL bundles using `WebServerSslBundle`. This commit restores the
previous behavior for back compatibility.
Fixes gh-39105
Address a series of minor typos and phrasing inconsistencies
identified in few sections of documentation to enhance overall
clarity and readability.
See gh-38942
Improve `SpringApplication` by removing the unreachable throw statement
in favor of returning an exception from `handleRunFailure`. This commit
also removes the if statements in favor of dedicated catch blocks.
See gh-39107
Update `TestcontainersLifecycleBeanPostProcessor` so that containers
are now initialized either on the first `postProcessAfterInitialization`
call with a frozen configuration or just before a test container
property is supplied.
Prior to this commit, it was assumed that the first post-process call
after the configuration was frozen was suitably early to initialize
the containers. This turns out to not be no always the case.
Specifically, in the `finishBeanFactoryInitialization` method of
`AbstractApplicationContext` we see that `LoadTimeWeaverAware` beans
are obtained before the configuration is frozen. One such bean is
`DefaultPersistenceUnitManager` which is likely to need datasource
properties that will require a started container.
To fix the problem, the `TestcontainersPropertySource` now publishes
a `BeforeTestcontainersPropertySuppliedEvent` to the ApplicationContext
just before any value is supplied. By listening for this event, we can
ensure that containers are initialized and started before any dynamic
property is read.
Fixes gh-38913
Prior to this commit, the GraphQL auto-configuration would consider many
bean types like `DataFetcherExceptionResolver` and
`SubscriptionExceptionResolver` to configure the `GraphQlSource`.
It would also configure a default `ConnectionTypeDefinitionConfigurer`.
This commit will detect all `TypeDefinitionConfigurer` beans defined in
the application and configure them in addition to the
`ConnectionTypeDefinitionConfigurer`.
Closes gh-39118
Prior to this commit, the Micrometer annotations support (`@Timed`,
`@Counted`...) was guarded by the presence of both Micrometer and
AspectJ on the classpath.
This signal is too weak, considering the startup performance impact and
the fact that the AspectJ dependency can be brought transitively in many
cases.
This commit adds a new `micrometer.observations.annotations.enabled`
property that is set to `false` by default to only process the
annotations support when this property is enabled.
Fixes gh-39128
This is a follow-on from afad358 and ensures that the auto-configured
security for Actuator in a WebFlux app has an authentication manager
to back its use of HTTP basic and form login.
Fixes gh-39069
The JwtConverter bean is only supplied, if one of the following
properties is there:
* spring.security.oauth2.resourceserver.jwt.authority-prefix
* spring.security.oauth2.resourceserver.jwt.principal-claim-name
* spring.security.oauth2.resourceserver.jwt.authorities-claim-name
See gh-38105
PatternParseException.toDetailedString() return a String
with a mark to specify the error position in the pattern.
The mark takes place in the second line in the String
returned. Because PatternParseFailureAnalyzer.analyze
appended "Invalid mapping pattern detected:" at the
beginning of the returned String, the mark was not well
positioned.
Now, a "\n" is inserted after "Invalid mapping pattern detected:"
and the mark is well positioned
See gh-38944
Update `NestedJarFile` so that the `getManifest()` method returns the
manifest from the parent jar file for nested jars based on directory
entries.
This restores the previous behavior supported by Spring Boot 3.1 and
allows class methods such as `getPackage().getImplementationVersion()`
to return non `null` results.
Fixes gh-38996
Update `AutoConfigurationSorter` so that `getClassesRequestedAfter()`
results are sorted to match the earlier name/order sorting. Prior to
this commit the order of items added via `@AutoConfigureAfter` was in
an undetermined order which could cause very subtle `@ConditionalOnBean`
bugs.
Thanks very much to Alexandre Baron for their help in diagnosing and
reproducing this issue.
Fixes gh-38904
Update `ZipContent` so that `META-INF` entries are no longer duplicated
in nested jars created from directory entries. This aligns with the
behavior of the classic loader and prevents the same META-INF file from
being discovered twice.
Fixes gh-38862
Update log4j configuration so that an empty value is used when
`LOGGED_APPLICATION_NAME` is missing. Prior to this commit when
`logging.include-application-name` was `false` the logged output
would include the raw `${sys:LOGGED_APPLICATION_NAME}` value.
See gh-38847
Update `JarFileArchive` so that unpacked jars use `file:` URLs rather
than `jar:file:`. This aligns with the behavior of Spring Boot 3.1 and
allows calls to `class.getSigners()` to work again.
Fixes gh-38833
Update `PulsarPropertiesMapper` to use JSON encoded parameters rather
than a `Map` since the `Map` method is deprecated in Pulsar. This
commit simply takes the auth params map and converts them to the
expected encoded JSON string of auth parameters.
See gh-38839
Update `TestcontainersLifecycleBeanPostProcessor` so that containers
can actually be started in parallel.
Prior to this commit, `initializeStartables` would collect beans
and in the process trigger the `postProcessAfterInitialization` method
on each bean. This would see that `startablesInitialized` was `true`
and call `startableBean.start` directly. The result of this was that
beans were actually started sequentially and when the `start` method
was finally called it had nothing to do.
The updated code uses an enum rather than a boolean so that the
`postProcessAfterInitialization` method no longer attempts to start
beans unless `initializeStartables` has finished.
Fixes gh-38831
Update `SpringApplication` so that `ApplicationRunner` and
`CommandLineRunner` beans are not considered from the parent
`ApplicationContext`.
The restores the behavior that applied before commit 7d6532cac4
whilst still retaining the correct run order.
Fixes gh-38647
Update `LoadedPemSslStore` so that it loads content lazily. This
restores the behavior of Spring Boot 3.1 and allows bundles to be
defined with files that don't exist as long as they are never accessed.
Fixes gh-38659
This commit removes the now defunkt `ErrorAttributes.ERROR_ATTRIBUTE`
that was introduce to register handled errors as metrics. This has been
replaced since 3.0 by a direct support in Spring Framework and had no
effect whatsoever since that release.
This also updates the documentation to point to the Framework mechanism
that replaced it.
Fixes gh-33731
There are some notable differences in the behavior of Spring
Security's reactive and servlet-based web security. Notably,
Servlet-based web security (`@EnableWebSecurity`) works without
any authentication manager, rejecting requests as not authorized.
By contrast reactive-based web security (`@EnableWebFluxSecurity`)
fails to start up when there's no authentication manager, either
provided directly as a bean or derived from a
ReactiveUserDetailsService. There are also further differences at
runtime where empty Monos from all ReactiveAuthenticationManagers
results in an internal error and a 500 response whereas a similar
situation in the servlet implementation results in a 401.
Previously, to accommodate these differences in behavior, Spring
Boot's auto-configuration would behave differently. In the Servlet
case, web security would be enabled whenever the necessary
dependencies were on the classpath. In the reactive case, web
security would back off in the absence of an authentication manager
to prevent a start up failure. While this difference is rooted in
Spring Security, it is undesirable and something that we want to
avoid Spring Boot users being exposed to where possible.
Unfortunately, the situation is more likely to occur than before
as ReactiveUserDetailsServiceAutoConfiguration now backs off more
readily (gh-35338). This makes it more likely that the context will
contain neither a reactive authetication manager not a reactive
user details service.
This commit reworks the auto-configurations related to reactive
security. ReactiveSecurityAutoConfiguration will now auto-configure
an "empty" reactive authentication manager that denies access through
Mono.error in the absence of a ReactiveAuthenticationManager,
ReactiveUserDetailsService, or SecurityWebFilterChain. The last of
these is to allow for the situation where a filter chain has been
defined with an authentication manager configured directly on it.
This configuration of an authentication manager allows
`@EnableWebFluxSecurity` to be auto-configured more readily,
removing one of the differences between reactive- and Servlet-based
security.
Corresponding updates to the auto-configurations for reactive OAuth2
support have also been made. They no longer try to auto-configure
`@EnableWebFluxSecurity`, relying instead upon
ReactiveSecurityAutoConfiguration, which they are ordered before, to
do that instead.
Closes gh-38713
The stream auto-configuration is tested in RabbitStreamConfigurationTests,
and excluding it prevents the creation of the "rabbitStreamEnvironment"
Environment bean, which delays the application context close by 1 second
because it has to wait for some Netty resources to gracefully shut down.
Closes gh-38750
If @AutoConfigureObservability is applied to a sliced test, it
auto-configures:
- An in-memory MeterRegistry
- A no-op Tracer
- An ObservationRegistry
Closes gh-38568
This auto-configuration ensures, if Micrometer Tracing is on the
classpath, that there is always a tracer. It backs off if there is
already a tracer, for example contributed by the Brave or the Otel
auto-configurations, which are run before.
See gh-38568
Following the changes in gh-37504, the reactive resource server
auto-configuration could enable WebFlux security in situations where
it was otherwise in active. This could then result in an application
failing to start as no authentication manager is available.
This commit updates the configurations that enable WebFlux security
so that they fully back off unless their related configurations are
active. Previously, only the configuration of the
SecurityWebFilterChain would back off. This has been expanded to
cover `@EnableWebFluxSecurity` as well. This has required splitting
the configuration classes up so that the condition evaluation order
can be controlled more precisely. We need to ensure that the JWT
decoder bean or the opaque token introspector bean has been defined
before evaluation of the conditions for `@EnableWebFluxSecurity`.
Without this control, the import through `@EnableWebFluxSecurity` in
one location where the conditions do not matchcan prevent a
successful import in another where they do.
Fixes gh-38713
1. remove unused imports
2. remove redundant semicolon
3. remove empty class body
4. remove redundant 'constructor' keyword
5. remove redundant 'Unit' return type
6. use non-null type if possible
See gh-38708
In gh-38154, we started handling ClosedByInterruptException. The
FileChannel was repaired by recreating it and then the exception was
rethrown. This allowed other threads to use the channel that had been
read by an interrupted thread while allowing that interruption to
continue.
This approach has proven to be insufficient as there are scenarios
where the read needs to succeed on the interrupted thread. This
commit updates the handling of ClosedByInterruptException so that
this is the case. The FileChannel is recreated as before but the
thread's interrupted flag is now cleared before retrying the read.
The flag is then reinstated so that any subsequent actions that
should fail due to the interruption will do so.
We could clear and reinstate the interrupted flag before the first
read, rather than catching ClosedByInterruptException. This approach
was rejected as it will have an impact on the performance of the
happy path where the thread hasn't been interrupted.
Fixes gh-38611
Add addition description and action text to help point to the
fact that the `NoUniqueBeanDefinitionException` can be thrown
due to a missing `-parameters` compiler setting.
Closes gh-38652
Update `DataObjectBinder` interface and `ValueObjectBinder`
implementation so that suppressed exceptions are added whenever
parameter names cannot be discovered.
See gh-38603
Prior to this commit, we set in gh-37388 the ObservationRegistry on the
auto-configured JmsTemplate bean. This enables observations and context
propagation when sending JMS messages.
This commit applies the same to the `DefaultJmsListenerContainerFactory`
and the `DefaultJmsListenerContainerFactoryConfigurer`, in order to
enable observations on `@JmsListener` annotated methods.
This commit also refactors the support implemented in gh-37388 to avoid
relying on a bean post processor and instead set the observation
registry directly in the main auto-configuration: while Micrometer core
is an actuator-only dependency, Micrometer Observation API is a compile
dependnecy for spring-jms itself and there is no need to separate
concerns there.
Fixes gh-38613
If a connector is bound on init, it won't be unbound when stop()
is called. This leaves the connector running when it should have
been stopped. We currently disable bind on init for the main
connector but not for any additional connectors. This commit
disables bind on it for all connectors unless it is been
explicitly enabled through the bindOnInit property.
Closes gh-38564
Co-authored-by: Moritz Halbritter <moritz.halbritter@broadcom.com>
Relax the constraint that a `NestedLocation` must have a nested entry
name specified so that URLs can be split and rebuilt.
Prior to this commit, given a URL of the following form:
jar:nested:/myjar.jar!/nested.jar!/my/file
It was possible to create a FileSystem from
"jar:nested:/myjar.jar!/nested.jar" and from that create a path to
"my/file".
However, it wasn't possible to create a FileSystem from
"jar:nested:/myjar.jar", then create another file system from the path
"nested.jar" and then finally create a path to "/nested.jar".
This was because `nested:/myjar.jar` was not considered a value URL
because it didn't include a nested entry name.
Projects such as `JobRunr` were relying on the ability to compose file
systems, so it makes sense to remove our somewhat artificial
restriction.
Fixes gh-38592
Update `NestedByteChannel.read` so that it loops until all
remaining data has been read into the buffer. Prior to this
commit, it was possible for to read only some bytes into the
buffer. Although it looks like this should be OK according to
the API documentation, the `ZipFileSystem` relies on all
remaining bytes being returned.
Fixes gh-38595
Update `ZipContent` so that `eocd.totalNumberOfCentralDirectoryEntries`
is converted from a short to an unsigned int to prevent a negative
number from being used.
This commit also updates the code to consistently use `X.toUnsigned...`
helper methods rather than using bitwise operators.
Fixed gh-38572
Instead of creating the thread directly in the constructor, the thread
is now created when the context is refreshed and stopped when the
context is closed.
As AOT processing never refreshes the context, the thread is never
started and can't block the AOT processing task.
Closes gh-38531
Update jar `Handler` code so that the `parseUrl` method can accept an
empty `spec`. Prior to this commit, a `classLoader.getResource("")`
call would result in a `null` result. This breaks a number of things
including `ClassPathResource` and `PathMatchingResourcePatternResolver`.
Fixes gh-38524
Previously, the child management context was created when the
parent context's web server was initialized and it wasn't stopped
or closed until the parent context was closed. This resulted in
the child context being left running when the parent context was
stopped. This would then cause a failure when the parent context
was started again as another web server initialized event would be
received and a second child management context would be started.
This commit updates the initialization of the child management
context to integrate it with the lifecycle of the parent context.
The management context is now created the first time the parent
context is started. It is stopped when the parent context is
stopped and restarted if the parent context is started again.
This lifecycle management is done using a phase that ensures
that the child context is not started until the parent context's
web server has been started.
Fixes gh-38502
Phillip Webb
Wzy19930507
Andy Wilkinson
Scott Frederick
Moritz Halbritter
Sébastien Deleuze
Brian Clozel
amparab
Olga MaciaszekSharma
Won Joon Thomas Choi
BenchmarkingBuffalo
Tobias Lippert
teacmity
Zhiyang.Wang1
Kai Zander
Yan Kardziyaka
Swamy Mavuri
Lenin Jaganathan
John Niang
Yanming Zhou
Onur Kagan Ozcan
skcskitano
Fabrice Bibonne
Christoph Dreis
Jonatan Ivanov
adispezo
Moritz Halbritter
Andrei Navrotski
Chris Bono
Sandra Ahlgrimm
meiyese
Iliès BELDJILALI
Donghun Shin
Georg Pirklbauer
Lars Uffmann
Arthur Gavlyukovskiy
Tom Frenken
Phillip Webb
Andy Wilkinson
Alex Serbin
Johnny Lim