Add a `NestedFileSystemProvider` implementation so that the JDK's
`ZipFileSystem` can load content from nested jars and nested
directory entries.
Creating a `ZipFileSystem` may be a relatively expensive operation as
zip structures need to be parsed and in the case of directory entries
a virtual datablock nees to be generated on the fly. As such, we
install the `ZipFileSystem` as late as possible since in a typical
application it may never be needed.
This commit also tweaks Gradle and Maven plugins to ensure that the
service loader file is written to repackaged jars.
Closes gh-7161
Update Gradle and Maven plugins to write an empty `META-INF/BOOT.SF`
file whenever there is a nested signed jar.
This update allows Oracle Java 17 to correctly verify the nested JARs.
The file is required because `JarVerifier` has code roughly equivalent
to:
if (!jarManifestNameChecked && SharedSecrets
.getJavaUtilZipFileAccess().getManifestName(jf, true) == null) {
throw new JarException("The JCE Provider " + jarURL.toString() +
" is not signed.");
}
The `SharedSecrets.getJavaUtilZipFileAccess().getManifestName(jf, true)`
call ends up in `ZipFile.getManifestName(onlyIfSignatureRelatedFiles)`
which is a private method that we cannot override in our `NestedJarFile`
subclass. By writing an empty `.SF` file we ensure that the `Manifest`
is always returned because there are always "signature related files".
Fixes gh-28837
Update `spring-boot-loader-tests` with a test that checks verified
BouncyCastle jars can be loaded. Currently the Oracle JDK only supports
verification if the jar is unpacked.
See gh-28837
Update `spring-boot-launch-script-tests` and `spring-boot-loader-tests`
so that JDK archives are now downloaded by Gradle and cached across
builds.
Closes gh-37450
Create alternative launcher classes under the package
`org.springframework.boot.loader.launch` and use them in favor
of the previous location.
This update is designed to improve compatibility with future
changes in the loader.
Closes gh-37667
* Simplify produce/consume verify via OutputCapture
* Remove spring-boot-smoke-test-pulsar-reactive as
no other smoke tests split them out
See gh-37196
Previously, when a Servlet-based WebServer was stopped it would also
stop the ServletContext. This led to problems as Tomcat and Undertow
would then not allow a restart. Jetty would allow a restart but
duplicate servlet registrations would then be attempted.
This commit modifies the WebServer lifecycle to separate stopping
and destruction for both servlet and reactive web servers. This
allows a WebServer's stop() implementation to leave some components
running so that they can be restarted. To completely shut down a
WebServer destroy() must now be called.
Both Tomcat and Jetty WebServers have been updated to stop their
network connections when stop() is called but leave other components
running. This works with both servlet and reactive web servers.
Note that an Undertow-based Servlet web server does not support
stop and restart. Once stopped, a Servlet Deployment cannot be
restarted and it does not appear to be possible to separate the
lifecycle of its network connections and a Servlet deployment.
Reactor Netty and Undertow-based reactive web servers can now also
be stopped and then restarted. Calling stop() stops the whole server
but this does not cause a problem as there's no (application-exposed)
ServletContext involved. There may be room to optimize this in the
future if the need arises.
Closes gh-34955
Docs related to gh-33280 (log correlation) and
gh-35593 (application name in each log line) need some polishing:
- Fix project names
- Show how to avoid having the application name duplicated in logs
- Call out that a trailing space is needed in the correlation pattern
Closes gh-36035
See gh-33280
See gh-35593
Update Logback and Log4J2 so that they include the application name on
each log line. If `spring.application.name` had not been set, or if
`logging.include-application-name` is `false` then the name is not
logged.
Closes gh-35593
Most notably, this commit splits the tests that use Spring REST Docs
out into a separate task for which predictive test selection is
disabled. This allows it to be cached and use Gradle's built-in
up-to-date checking, thereby avoiding the generation of new snippets
and the need to then run the asciidoctor and asciidoctorPdf tasks.
It also updates spring-boot-smoke-test-junit-vintage to disable
predictive test selection so that we can continue to assert that
the some tests were executed.
See gh-35869
Remove `@ImportAutoConfiguration(SslAutoConfiguration.class)`, since
`SslAutoConfiguration.class` is already provided as an
auto-configuration with `@SpringBootTest`
See gh-35655
Fixes an issue where auto-configuration for Spring Authorization Server
was overriding the default exception handling (AuthenticationEntryPoint)
resulting in anonymous requests to the token endpoint being redirected
to the Spring Security login page instead of returning 401 Unauthorized.
Auto-configuration now registers a defaultAuthenticationEntryPointFor
that is added to any other entry points already configured.
See gh-35368
Add auto-configuration for `Container` beans that are also
annotated with `@ServiceConnection`. This commit allow
testcontainers to be used at development time and a new section
has been added to the documentation to describe the feature.
Closes gh-35022
Update restcontainers service connections support so that
technology specific `@ServiceConnector` annotations are not longer
required.
A single `@ServiceConnector` annotation can now be used to create
all `ConnectionDetail` beans.
Closes gh-35017
Building upon the auto-configuration support for service connections,
this commit adds support for deriving connection details from a
Testcontainers-managed container. Several service-specific
annotations have been introduced. These annotations can be used on a
container field to indicate that it is a source of the details for
a service connection.
See gh-34658
Co-Authored-By: Phillip Webb <pwebb@vmware.com>
Co-Authored-By: Mortitz Halbritter <mkammerer@vmware.com>
Update `spring-boot-smoke-test-ant` so that the ant lib folder is always
cleaned. Prior to this commit, it was possible for the folder to contain
stale artifacts.
Remove `spring-boot-smoke-test-webflux-ssl` since it's more of
an integration test than a smoke test. We could consider
relocating it to `spring-boot-integration-tests` but since we
have unit tests with a mock PCKCS11 security it's probably
best to see if we can get away without it.
See gh-32179
Rename `/actuator/httptrace` to `/actuator/httpexchanges` to better
describe its purpose and to remove confusion with distribute tracing.
This change also takes the opportunity to improve the code by making
the `HttpExchange` class (previously `HttpTrace`) fully immutable.
Closes gh-32885
Co-authored-by: Andy Wilkinson <wilkinsona@vmware.com>
This commit adds a `Build-Jdk-Spec` attribute to the manifest in a
jar or war file built with the Spring Boot Gradle plugin. This
aligns the Gradle plugin's behavior with the default Maven plugin
behavior.
This removes the need to set a `BP_JVM_VERSION` environment variable
when invoking Cloud Native Buildpacks, as the Paketo buildpacks will
honor `Build-Jdk-Spec` in a jar or war manifest to determine the
default JVM version.
Fixes gh-32829
Spring Security now re-applies the authorization rules
to the error page by default. Additionally, it configures
RequestAttributeSecurityContextRepository as the default for
stateless applications allowing those applications to have access
to the original authentication during an error dispatch.
Closes gh-31703
This commit migrates our remaining usage of the httpclient 4.x to use
instead httpclient5, now that the 4.x support has been removed in
`RestTemplate`.
Closes gh-32461
As htttpclient 4.x is not supported anymore by `RestTemplate`, this
commit changes such dependencies to httpclient5 instead. In some cases,
the httpclient 4.x was transitively brought by a non-Spring dependency.
See gh-32461
This commit updates Servlet based Spring Security auto-configuration
to use AuthorizationFilter, which is intended to supersede
FilterSecurityInterceptor.
See gh-31255
With Spring Session moving to RedisSessionRepository as the preferred
session repository, Spring Boot auto-configuration should make it
possible to easily switch back to the previous default
(RedisIndexedSessionRepository).
This commit introduces spring.session.redis.repository configuration
property that allows selecting the desired Redis-backed session
repository implementation.
See gh-32205
Batch is now auto-configured to use the context's
PlatformTransactionManager and DataSource or `@BatchDataSource`.
When this does not meet the user's needs, they can use
`@EnableBatchProcessing` or sub-class `DefaultBatchConfiguration` to
take complete control with the auto-configuration backing off.
Closes gh-32330
Add a new `useMainMethod` attribute to `SpringBootTest` which can be
used to determine how the test should run. The three available options
are:
- `ALWAYS`
- `NEVER`
- `WHEN_AVAILABLE`
The default is `WHEN_AVAILABLE` which will attempt to launch the test
using the `main` method if there is one.
The `SpringBootContextLoader` has been updated to use the new
`SpringApplicationHook` interface when the main method is being used.
Closes gh-22405
This commit adds the `AutoConfigurationImportsAnnotationProcessor` to
the `spring-boot-autoconfigure-processor` annotation processor
module. When added to a project build, the annotation processor will
generate the
`org.springframework.boot.autoconfigure.AutoConfiguration.imports`
file automatically from `@AutoConfiguration`-annotated classes. It
also applies the annotation processor to the Spring Boot build.
Closes gh-31228
Any classes that rely on Spring Data being on the classpath
have been moved under a data package.
Certain configuration properties have also been updated to
accurately reflect whether Spring Data is required for the
auto-configuration to work.
Closes gh-11574
This commit adds the Spring for GraphQL auto-configuration back
into Spring Boot 3.0, now that a 1.1.0 release is scheduled with the
required baseline. This release also needs GraphQL Java 19.0 as a
baseline.
Closes gh-31809
Spring Security now filters every dispatch by default and not only
once-per-request. Security configuration has been updated in a number of
places to restore the old behavior as needed for the tests to pass.
gh-31703 has been opened to review this and to investigate if we can
now remove the error page security filter and rely on the filtering of
every dispatch instead.
In addition to switching to once-per-request filtering where needed,
this commit also restructures the configuration of the error page
security filter. The restructuring was necessary to ensure that the
privilege evaluator bean has been defined before the conditions on the
error page security filter are evaluated. Without the change, the filter
was no longer being configured as the privilege evaluator hadn't been
defined before the on bean condition was evaluated. We may want to back
port this change as the ordering doesn't appear to have been defined
before and we were just getting lucky.
See gh-31622
See spring-projects/spring-security#11466
This commit makes the following potentially breaking changes:
- Dependency management for modules that do not exist in Hibernate
6.1 has been removed.
- Hibernate's modules are now in the org.hibernate.orm group. Users
not using the starter or using modules that are not in the starter
will have to update their build configuration accordingly.
- spring.jpa.hibernate.use-new-id-generator-mappings has been removed
as Hibernate no longer supports switching back to the old ID
generator mappings.
Co-authored-by: Andy Wilkinson <wilkinsona@vmware.com>
Closes gh-31674
Phillip Webb
Tobias Lippert
Scott Frederick
Andy Wilkinson
Yanming Zhou
Brian Clozel
Moritz Halbritter
Andy Wilkinson
Scott Frederick
Eddú Meléndez
Phillip Webb
Claudio Nave
Moritz Halbritter
Christoph Dreis
Johnny Lim
Chris Bono
Stephane Nicoll
ThomazPassarelli
Jonatan Ivanov
Steve Riesenberg
Madhura Bhave
Michael Weidmann
Krzysztof Krason
cdanger
Brian Clozel
Vedran Pavic
thegeekyasian
Oliver Drotbohm