Commit Graph

1657 Commits

Author SHA1 Message Date
mnhock e0ec607735 Use a platform-specific line separator
See gh-4707
2016-01-25 14:37:38 +01:00
Stephane Nicoll 4ff5afc636 Polish contribution
Removing all deprecated code

Closes gh-4905
Closes gh-4917
2016-01-25 14:06:20 +01:00
Eddú Meléndez 7b9cd20e98 Remove deprecated code
See gh-4905
2016-01-25 14:05:53 +01:00
Phillip Webb fbaf209240 Move master to 1.4.0.BUILD-SNAPSHOT 2016-01-24 10:45:24 -08:00
Johnny Lim 9a31e02806 Polish
Closes gh-5013
2016-01-24 19:13:01 +01:00
Spring Buildmaster 504d3e97ba Next development version 2016-01-21 18:41:30 -08:00
Phillip Webb e520c47c4f Refine `messages.properties` detection
Update `ResourceBundleCondition` to only enable the messages source
if `messages.properties` (and not `messages*.properties`) exists. This
operation is much faster that performing a pattern match since a full
jar entry scan is not required.

Since adding `messages.properties` is good practice and this change
allows us to delete the custom `PathMatchingResourcePatternResolver`
it seems like a fine compromise to make.

Fixes gh-4930
See gh-4811
2016-01-21 15:13:33 -08:00
Phillip Webb cf93f84e87 Polish 2016-01-21 14:15:49 -08:00
Phillip Webb 93c3b22bb4 Merge branch '1.2.x' 2016-01-21 11:14:20 -08:00
Phillip Webb c71aa32fbb Polish 2016-01-21 10:53:25 -08:00
Phillip Webb af36bf6864 Remove TODO in FlywayAutoConfiguration
Now tracked by gh-4995
2016-01-21 10:42:33 -08:00
Stephane Nicoll 44f508208a Merge branch '1.2.x' 2016-01-21 14:16:24 +01:00
Stephane Nicoll 58ebfdcbd3 Polish contribution
Closes gh-4973
2016-01-21 14:10:35 +01:00
Jacques-Etienne Beaudet a749855cb5 Allow indexed access of `flyway.locations`
This commit allows to use the `flyway.locations` in an indexed fashion
(i.e. typically in YAML configuration).

See gh-4973
2016-01-21 14:08:39 +01:00
Andy Wilkinson e33221aae1 Configure existing Jersey servlet registration created by the SCI
When a Jersey app is deployed to a standalone container, Jersey’s
ServletContainerInitializer will run and register a servlet for a class
annotated with @ApplicationPath. If Jersey’s ServletContainerInitializer
runs before Spring’s, this servlet will take precedence over the
servlet registered by JerseyAutoConfiguration and will therefore not be
configured with any init parameters specified using spring.jersey.init

For the case where Jersey’s SCI runs first, this commit updates
JerseyAutoConfiguration to examine the servlet context for an existing
registration of Jersey’s servlet (Jersey names the registration using
the fully-qualified name of the ResourceConfig subclass). If a
registration is found its init parameters are configured using the
configuration provided by spring.jersey.init.

For the case where Spring’s SCI runs first, this commit updates
JerseyAutoConfiguration so that it names its registration using the
fully-qualified name of the ResourceConfig sub-class. This allows
Jersey’s SCI to find the existing registration rather than attempting
to configure its own.

Closes gh-2471
2016-01-21 11:48:31 +00:00
Stephane Nicoll 9f728b3d59 Fix wrong import 2016-01-21 10:37:40 +01:00
Stephane Nicoll ea8e0cfc48 Support for simple numeric Flyway version
While Flyway's `MigrationVersion` is a String value, a simple "0" is
also a valid number. When such value is not wrapped in YAML, an integer
is injected rather than a String which leads to a failure as we can't
convert it.

This commit updates the `StringToMigrationVersionConverter` to also
supports conversion from a Number. This is a convenience for users
using YAML for configuration

Closes gh-4981
2016-01-21 10:26:12 +01:00
Andy Wilkinson 6f8d4c77e6 Handle multiple ContextRefreshedEvents in BackgroundPreinitializer
The same initializer will receive multiple ContextRefreshedEvents
when their is an application context hierarchy. This commit updates
the initializer to correctly handle multiple ContextRefreshedEvents
and only act upon the first that it receives.

See gh-4871
2016-01-20 22:23:57 +00:00
Andy Wilkinson 992e90f43d Ensure that background preinit has completed before refresh returns
This commit is a continuation of the changes made in b85b608. It
addresses an additional problem when testing applications where two
contexts are refreshed in quick succession. In this scenario, it
was possible, theoretically at least, for the first context’s background preinitialization to still be in progress and creating loggers when the
second is refreshed and resets the logger context.

This commit updates BackgroundPreinitializer so that, upon receipt of
a ContextRefreshedEvent, it waits for preinitialization to have
completed. In the scenario described above, this ensures that
preinitialization has completed before the call to refresh() for the
first context returns, thereby preventing it from running in parallel
with the refresh of the second context.

Closes gh-4871
2016-01-20 21:56:54 +00:00
Stephane Nicoll 179467bdd9 Make HazelcastJpaDependencyAutoConfiguration public
If Both Hazelcast and Hibernate are available, Spring Boot takes the
opinion that Hazelcast can be used for 2nd level caching and therefore
need to start before Hibernate.

Unfortunately, some users require Hibernate in some of their hazelcast
use case so the link is actually reversed. One way for such user is to
disable the auto-configuration that deals with this link. This class is
now public so that users can locate them and exclude them if necessary.

Closes gh-4960
2016-01-20 18:40:45 +01:00
Andy Wilkinson b85b60828c Perform background preinitialization after logging system setup
Previously, BackgroundPreinitializer would kick off preinitialization
on a separate thread in response to an ApplicationStartedEvent. This
work would then race with the logging system being set up in response
to an ApplicationEnvironmentPreparedEvent. When Logback’s being used
this race is problematic. As part of Logback’s setup,
LoggerContext.stop() is called. This calls LoggerContext.reset() which
can fail with a ConcurrentModificationException if another thread tries
to create a Logger at the same time. This is a known bug in Logback [1].

This commit updates BackgroundPreinitializer to respond to
an ApplicationEnvironmentPreparedEvent and to order itself so that it’s
called after LoggingApplicationListener has responded to the same event
by initializing the logging system.

Closes gh-4871

[1] http://jira.qos.ch/browse/LOGBACK-397
2016-01-20 11:49:57 +00:00
Andy Wilkinson 112b707b67 Ensure that MongoClient is not created with a null credentials list
Mongo’s 2.x driver allowed the credentials list to be null, however
the 3.x driver requires an empty list instead. The behaviour of the 2.x
driver is the same whether the client is created with a null credential
list or an empty credential list.

This commit aligns with the requirements of the 3.x driver by ensuring
that we never pass in a null credential list when creating the client.

Closes gh-4076
2016-01-18 16:06:38 +00:00
Stephane Nicoll 7d975ecd2e Polish 2016-01-18 10:53:04 +01:00
Stephane Nicoll af5d765a08 Enable resource chain if webjars locator is present
Webjars locator is a good hint that the resource chain should be
enabled. The sole presence of the library now enables the resource chain
unless the configuration states otherwise.

Closes gh-4403
2016-01-18 10:35:26 +01:00
mnhock 8f1f8dd680 Use entrySet() rather than using keySet() and then calling get(key)
Closes gh-4813
2016-01-15 17:01:58 +00:00
Andy Wilkinson 1107079683 Merge branch '1.2.x' 2016-01-15 11:20:01 +00:00
Andy Wilkinson b56eef236e Close Reader used by MustacheViewResolver when compiling a Template
Previously, MustacheViewResolver would create an InputStreamReader
that wraps the template Resource's InputStream but would fail to close
the Reader. When the InputStream was a FileInputStream, this caused
the resolver to leak file handles.

This commit updates the resolver to close the Reader once the Template
has been compiled, thereby allowing any underlying resources to be
cleaned up immediately, rather than having to wait for the JVM to exit.

Closes gh-4921
2016-01-15 11:19:24 +00:00
Andy Wilkinson 24fd503743 Merge branch '1.2.x' 2016-01-14 15:57:13 +00:00
Andy Wilkinson b99739212a Correct the name of MySQL's XADataSource implementation
Closes gh-4942
2016-01-14 15:53:00 +00:00
Andy Wilkinson 27a81e1463 Complete static final logger changes that were started in ec2f33f9
This commit completes the changes to consistently used static final
fields for Log instances that were started in ec2f33f9. Specifically it:

 - Removes this. when accessing logger fields that are now static
 - Renames some fields from log to logger
 - Makes some logger fields static

See gh-4784
2016-01-13 16:22:35 +00:00
Andy Wilkinson 150a6f0f5c Switch off Security Filter auto-config when spring-security-config is absent
SecurityFilterAutoConfiguration uses SecurityProperties which uses
SessionCreationPolicy from spring-security-config. This commit makes
SecurityFilterAutoConfiguration conditional on SessionCreationPolicy,
thereby preventing a startup failure if spring-security-web is on the
classpath but spring-security-config is not.

Closes gh-4919
2016-01-13 15:01:31 +00:00
Phillip Webb d2fed8bb07 Polish 2016-01-13 11:58:42 +00:00
Stephane Nicoll 72754c27b2 Allow to override BasicBatchConfigurer
Issue #4533 was supposed to make BasicBatchConfigurer public again but
unfortunately only the class visibility was changed. This commit makes
sure it can be overridden.

Closes gh-4888
2016-01-05 17:53:42 +00:00
Stephane Nicoll b1c2226e23 Merge branch '1.2.x'
# Conflicts:
#	spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/websocket/WebSocketAutoConfiguration.java
2015-12-28 13:51:18 +01:00
Stephane Nicoll 12cefd2c2b Only enable Tomcat's websocket support on Java7+
Tomcat's websocket support requires Java7 or later. That commit makes
sure to register its support only when such requirement is met.

Closes gh-4846
2015-12-28 13:49:12 +01:00
Spring Buildmaster 8db59059a5 Next Development Version 2015-12-18 05:43:02 -08:00
Stephane Nicoll bb736e255b Fix SNAPSHOT version 2015-12-17 14:15:14 +01:00
Phillip Webb 945b42588b Refine server.server-header documentation
Fixes gh-4461
2015-12-16 21:11:49 +00:00
Kirill Vlasov ec2f33f986 Make loggers private static final
Apply consistency across all static loggers.

Closes gh-4784
2015-12-16 21:02:53 +00:00
Kirill Vlasov 786aacf2e9 Use Collections.isEmpty() instead of .size() == 0
Ensure that Collections.isEmpty() is used to check if there are no
elements in a collections. This is more explicit and can be faster than
calling .size().

Closes gh-4783
2015-12-16 20:59:33 +00:00
Andy Wilkinson 3352e60631 Remove use of diamond operator in tests so that they’re Java 6 compatible
See gh-4163
2015-12-16 11:40:17 +00:00
Andy Wilkinson 037a27e257 Add a workaround for DATACMNS-776
Spring Data’s web support includes a handler method argument resolver,
ProxyingHandlerMethodArgumentResolver, that inaccurately claims that it
can handle all interface handler method arguments. This causes problems
for handler methods that take Spring Mobile’s Device as an argument as
the proxied Device instance does not behave correctly.

This commit works around the problem by assigning an order to the 
WebMvcConfigurerAdapter that registers Spring Mobile’s argument resolver
with Spring MVC. This ordering ensures that Spring Mobile’s resolver
takes precedence over Spring Data’s for Device arguments.

Closes gh-4163
2015-12-16 11:13:34 +00:00
Jacob Swanson ae565b805a Fix mail connection test exception message
Closes gh-4780
2015-12-16 10:25:47 +00:00
Artur Konczak 786f025818 Auto-configure Elasticsearch converter and context
Extend ElasticsearchDataAutoConfiguration to also configure an
ElasticsearchConverter and SimpleElasticsearchMappingContext both
of which are required for Spring Data REST.

Closes gh-3847
2015-12-15 20:03:41 +00:00
Andy Wilkinson bcaee0ebee Perform initialization in foreground if BackgroundPreinitializer fails
Google App Engine probits the creation of new threads. This leads to a
failure in BackgroundPreinitializer when the single thread executor
attempts to create its single thread.

This commit enhances the existing fail safety of
BackgroundPreinitializer by catching any exceptions thrown while
creating the executor and submitting the tasks to it. Any initialisation
that has not performed in the background will be performed in the
foreground instead.

Closes gh-4662
2015-12-15 14:59:24 +00:00
Phillip Webb 543a746de7 Fix checkstyle issues
See gh-4763
2015-12-14 19:07:48 +00:00
Phillip Webb 5719fab142 Merge branch '1.2.x' 2015-12-14 18:58:25 +00:00
Phillip Webb edb16a13ee Protect against SpEL injections
Prevent potential SpEL injection attacks by ensuring that whitelabel
error view SpEL placeholders are not recursively resolved.

Fixes gh-4763
2015-12-14 18:49:59 +00:00
Andy Wilkinson 5cb9b9a9e9 Merge branch '1.2.x' 2015-12-14 16:49:55 +00:00
Andy Wilkinson 7d5cc3da63 Stop ActiveMQ pooled connection factory when context is closed
Previously, ActiveMQ's pooled connection factory was not closed as
part of the application context being closed. This would leave
non-daemon threads running which could cause shutdown to hang unless
the JVM itself was shutting down (in which case a shutdown hook would
stop the pool).

This commit configures each pooled connection factory bean with a
custom destroy method so that the pool is stopped as part of the
application context being closed. To allow the destroy method to only
be declared when the connection factory is pooled, the bean method
has been split into two; one for pooled and one for non-pooled. This
is a partial backport of the changes made in bedf2edf.

Closes gh-4748
2015-12-14 16:49:18 +00:00
Eddú Meléndez 1b81d9f0b5 Add support for server.server-header property
Add a `server.server-header` property which can be used to override the
`server` header usually sent back automatically by Tomcat/Jetty or
Undertow.

See https://www.owasp.org/index.php/Securing_tomcat for background.

Fixes gh-4461
Closes gh-4504
2015-12-12 21:24:29 +00:00
mnhock fcf6e5d6eb Prefer valueOf() to create Number values
Update Long/Integer constructor calls with `valueOf` which can make use
of global caches.

Closes gh-4688
2015-12-11 14:04:25 +00:00
Andy Wilkinson 0bb4de490d Allow any ExitCodeGenerator bean to switch of auto-configured bean
In bedf2edf, the return type of the auto-configuration method that
creates batch's ExitCodeGenerator was changed from ExitCodeGenerator
to JobExecutionExitCodeGenerator but the on missing bean condition
was left unchanged. This means that the auto-configured bean can
only be switched off by a JobExecutionExitCodeGenerator bean, rather
than any bean that implements ExitCodeGenerator.

This commit corrects the use of @ConditionalOnMissingBean to allow any
ExitCodeGenerator bean to switch off the auto-configured one.

Closes gh-4752
2015-12-11 11:07:33 +00:00
Phillip Webb 0489a3b4de Polish 2015-12-10 19:43:29 +00:00
Andy Wilkinson 4f7752d467 Merge branch '1.2.x' 2015-12-10 13:45:15 +00:00
Andy Wilkinson ce541bebcf Align BasicErrorController’s HTML response status with non-HTML status
Previously, BasicErrorController would return the response status
set in the javax.servlet.error.status_code request attribute when
serving JSON but would also return a 200 OK response when serving
HTML. This didn’t cause much trouble when a person was browsing, but
proved problematic for machine clients that request text/html and care
about the response status. For example, the success handler would be
driven for an XHR request even though the response was really an error.

This commit updates BasicErrorController to set the response status for
text/html responses to match the status that it would use in an
application/json response.

Closes gh-4694
2015-12-10 13:40:16 +00:00
mnhock 9775d40822 Fix possible null pointer dereference
Closes gh-4685
2015-12-08 10:28:15 +01:00
Johnny Lim ec7fed1ecc Polish
Closes gh-4677
2015-12-07 20:46:36 +01:00
Andy Wilkinson 91674b2c94 Don’t use Java 7 API in EmbeddedMongoAutoConfiguration
Closes gh-4630
2015-12-04 15:26:58 +00:00
Andy Wilkinson c58ebae419 Bind embedded Mongo to configured host or loopback address
Previously, the auto-configuration for embedded Mongo did not specify
a bind IP so Mongo was started without one. This would lead to Mongo
binding to all available network interfaces. This caused some friction
with the Windows firewall as it would ask for permission every time
embedded Mongo was launched.

This commit updates the auto-configuration to use
spring.data.mongodb.host to configure the bind IP for embedded Mongo.
If spring.data.mongodb.host is null, the auto-configuration will use
the loopback address instead.

Closes gh-4630
2015-12-04 15:04:14 +00:00
Andy Wilkinson 007ec9e46b Make SecurityFilterAutoConfig work when SecurityAutoConfig is disabled
Previously, disabling SecurityAutoConfiguration could cause
SecurityFilterAutoConfiguration to fail if Spring Security’s filter
chain bean existing in the context. SecurityFilterAutoConfiguration
relies on SecurityProperties which is created by
SecurityAutoConfiguration. When SecurityAutoConfiguration is disabled,
there’s no SecurityProperties bean so SecurityFilterAutoConfiguration
would fail due to the missing dependency.

This commit updates SecurityFilterAutoConfiguration to create a
SecurityProperties bean if one does not already exist.

Closes gh-4525
2015-12-04 13:39:54 +00:00
Andy Wilkinson ffd6e8d7eb Handle null security filter dispatcher types gracefully
See gh-4505
2015-12-02 14:00:30 +00:00
Andy Wilkinson f47449c800 Remove Servlet API dependency from SecurityProperties
A dependency on the Servlet API (the filter's dispatcher types) causes
a failure when Spring Security is used in a non-web application.

This commit removes the dependency on javax.servlet.DispatcherType
in favour of using a Set of Strings. SecurityFilterAutoConfiguration,
which is only enabled for web applications, is the responsible for
converting each String to a DispatcherType.

Closes gh-4505
2015-12-02 10:50:11 +00:00
Andy Wilkinson 4260b0c765 Remove ignoreUnknownFields accidentally added in 524a328 2015-12-01 18:59:27 +00:00
Andy Wilkinson 524a32879f Allow security filter's dispatcher types to be configured via env
This commit adds a new property, security.filter-dispatcher-types
that can be used to configure the dispatcher types of Spring
Security's filter chain. The default remains unchanged.

Closes gh-4505
2015-12-01 17:50:31 +00:00
Stephane Nicoll fc5e3d6441 Refine exception message
Closes gh-4569
2015-12-01 10:22:03 +01:00
Andy Wilkinson 40427cdb82 Separate Jersey WebApplicationInitializer from auto-configuration class
Previously, JerseyAutoConfiguration was a WebApplicationInitializer.
This was problematic as auto-configuration classes should not be ordered
(they should use AutoConfigureBefore etc instead) but the web
application initializer needs to be ordered so that it can run early and
configure Jersey before it runs.

This commit has moved the WebApplicationInitializer implementation into
a separate class so that it can be ordered independently of the
auto-configuration class. Note that the new class must be public for
the servlet container (Tomcat at least) to be able to instantiate it.

Closes gh-4527
2015-11-30 17:59:09 +00:00
Dave Syer 521ae35f56 Do not set order of ResourceServerConfiguration instances
The need to set the order of ResourceServerConfiguration was
a bad assumption. The value of the order seems strange as well
(-10), and a comment explaining it makes no sense (a resource
server normally wants its filter *after* not *before* the existing
auth server filter). Removing the bean post processor didn't
fail any tests.

In case there are multiple resource servers in the same context
there was also a problem that they ended up with the same order.
2015-11-28 12:24:03 +00:00
Stephane Nicoll 9d29ab73a4 Fix customization of database name
Previously, the `spring.datasource.name` property was ignored when Spring
Boot configures an embedded data source with a connection pool.

`EmbeddedDatabaseConnection` is now aligned to the purely embedded case
to take that property into account.

Closes gh-4586
2015-11-27 17:01:06 +01:00
Dave Syer cccc3867eb Allow users to customize authentication entry point in OAuth2 SSO
The SsoSecurityConfigurer that gets added when a user has a custom
WebSecurityConfigurer with @EnableOAuth2Sso is quite opinionated, and
this is preventing users from custimizing the exception handling in the
customized UI security. This change makes it less opinionated, using
request matchers to configure the default instead of ovewriting the
single authentication entry point.

Also adds an entry point responding with a 401 for XHR clients (just like
the vanilla HTTP Basic auth).

Fixes gh-4629
2015-11-27 10:36:29 +00:00
Jean de Klerk 91a10e12b6 BasicBatchConfigurer is public again
Closes gh-4533
Closes gh-4608
2015-11-25 09:51:33 +01:00
Stephane Nicoll 0c387a82b7 Add datasource meta-data for Commons DBCP2
Closes gh-4562
2015-11-23 10:41:56 +01:00
Johnny Lim efff4a0051 Polish
Closes gh-4554
2015-11-20 11:02:08 +01:00
Dave Syer 8708a07a98 Ensure RestTemplate interceptors remain mutable
Fixes gh-4553
2015-11-19 10:01:38 +00:00
Johnny Lim 36ed0f5c20 Polish
Closes gh-4537
2015-11-19 09:49:33 +00:00
Johnny Lim da16d6d306 Polishing
Closes gh-4503
2015-11-18 11:40:19 +00:00
Spring Buildmaster 3f6f57a80e Next Development Version 2015-11-16 03:18:54 -08:00
Phillip Webb c4f653e8e3 Upgrade to Jackson 2.6.3
Closes gh-4170
2015-11-13 18:40:06 -08:00
Stephane Nicoll 0c8d302a98 Polish
See gh-4448
2015-11-13 09:50:04 +01:00
Eddú Meléndez 066533de7e Add `spring.mvc.static-path-pattern` property
Add a `spring.mvc.static-path-pattern` property which can be used to
configure the path pattern used to serve static resources.

Fixes gh-4444
Closes gh-4448
2015-11-12 10:46:27 -08:00
cornelcreanga@yahoo.com 190b0d4fe9 Add Cassandra username/password properties
Allow Cassandra credentials to be specified using properties.

Fixes gh-4431
Closes gh-4432
2015-11-11 14:12:04 -08:00
Johnny Lim 12a9a6e195 Remove redundant assertions
Closes gh-4428
2015-11-11 09:52:09 +01:00
Phillip Webb 287a62c8f3 Update Johannes Edmeier author attribution
Congratulations to Johannes Edmeier on getting married!
2015-11-10 15:29:44 -08:00
Bohuslav Burghardt 88cf65427f Make OPTIONS/TRACE request handling configurable
Add properties to WebMvcProperties allowing control of if TRACE/OPTIONS
requests should go through the regular dispatching chain.

Closes gh-4300
2015-11-10 13:10:27 -08:00
Phillip Webb a8b23f9deb Fix import order 2015-11-10 13:03:33 -08:00
awgtek deaa9051bc Switch MongoCredential method
Update MongoProperties to use `MongoCredential.createCredential` rather
than `MongoCredential.createMongoCRCredential`. This allows connections
to Mongo 3.0 servers to authenticate using the SCRAM-SHA-1 mechanism.

Closes gh-4237
2015-11-10 12:59:32 -08:00
Johnny Lim 83e8bfedb2 Use Ordered.HIGHEST_PRECEDENCE constants
Use Ordered.HIGHEST_PRECEDENCE rather than Integer.MIN_VALUE.

Closes gh-4335
2015-11-10 12:13:15 -08:00
Johnny Lim 8540d80b84 Remove unused parameter in Security configuration
Update SecurityFilterAutoConfiguration.securityFilterChainRegistration
to remove unused ApplicationContext parameter.

Closes gh-4399
2015-11-09 14:43:15 -08:00
Phillip Webb e06198e9cb Polish 2015-11-06 13:21:53 -08:00
Stephane Nicoll 2c4f88e221 Fix Hazelcast auto-configuration ordering
Make sure that the general Hazelcast auto-configuration is processed
before the cache auto-configuration. This was supposed to be fixed and
tested in 721b5a2 but unfortunately the `@AutoConfigureAfter` annotation
was placed on a regular `@Configuration` class (which has no effect).

The tests were passing because the ordering is actually hardcoded in the
test. The relevant tests now use `ImportAutoConfiguration` that simulates
the same order as the one use by the actual application.

Closes gh-4389
2015-11-06 17:02:12 +01:00
Stephane Nicoll 157c0b6cae Register hazelcast post processor only when necessary
Commit 8e0a94f introduced a post processor that adds an explicit link
between the `HazelcastInstance` and the `EntityManagerFactory` so that
Hazelcast is fully initialized before Hibernate actually kicks in.

Unfortunately, the conditions that were implemented to register this post
processor are wrong and any app that has both JPA and Hazelcast support
blows up if no bean with name `hazelcastInstance` is defined.

This commit fixes the situation and reworks the configuration in a
separate auto-configuration that runs after the Hazelcast and JPA support
and check both the presence of an `EntityManagerFactory` and a bean of
name `hazelcastInstance`. If any of those conditions does not apply the
post processor is no longer registered.

Closes gh-4158
2015-11-06 12:01:59 +01:00
Stephane Nicoll 6dbdd575a5 Polish 2015-11-05 10:18:34 +01:00
Phillip Webb d88210f626 Improve performance with BackgroundPreinitializer
Add a BackgroundPreinitializer to trigger early initialization in a
background thread of time consuming tasks. By moving certain
initialization tasks to background thread and triggering them early
we can improve the critical path when the application starts. For
example, Tomcat's MBeanFactory class parses several XML files when
first loaded. If we trigger the load in a background thread it completes
before Tomcat actually needs to use it.

The initial set of initializers included with this commit are:

- Tomcat MBeanFactory
- javax.validation
- Spring's AllEncompassingFormHttpMessageConverter

See gh-4252
2015-11-05 00:23:23 -08:00
Phillip Webb 9432ee6a6b Polish 2015-11-05 00:19:58 -08:00
Phillip Webb 3492f1bcca Fix typo in HibernateJpaAutoConfiguration 2015-11-05 00:14:23 -08:00
Dave Syer a3c73cad4a Merge branch '1.2.x'
Conflicts:
	spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ResourceProperties.java
	spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/WebMvcAutoConfiguration.java
	spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/WebMvcProperties.java
2015-11-05 08:21:53 +01:00
Dave Syer 124574e345 Add mediaTypes (extension to media type mapping) in MVC resources
Allows users to configure "allowed" file extensions for controller
mappings, so that browsers will not switch to downloading "f.txt"
(part of the recent RFD attack fixes in Spring MVC).

See gh-4220
2015-11-05 08:10:07 +01:00
Phillip Webb 6c2ea4648f Polish 2015-11-03 20:36:20 -08:00
Stephane Nicoll 8188060edf Fix broken build 2015-11-02 13:38:08 +01:00
Dave Syer 96ba5ed32c Ensure OAuth2 context state is not reset if access tokens match
We can expect that occasionally a user clicks on a login link when
the token is expired. If the UserInfoTokenServices tries to
authenticate the user at that point, it can retain the option to
refresh the expired token if we preserve the state. Since the
state is in session scope all we need to do is to check that the
token that is being checked has the same value as the one in the
OAuth2ClientContext and re-use the context if it is.

Fixes gh-4251
2015-11-02 12:03:58 +00:00
Dave Syer cfb12fc7c2 Clarify how to switch off security autoconfiguration
The fact that the web security and the authentication manager are
controlled separately should hopefully now be clearer.

Fixes gh-3292
2015-11-02 10:44:54 +00:00
Phillip Webb 0ccd33705d Use RelaxedDataBinder for excludes
Update `EnableAutoConfigurationImportSelector` to directly use the
RelaxedDataBinder when obtaining excludes. This removes the need for
the additional getProperties method on RelaxedPropertyResolver.

See gh-4352
2015-10-30 14:36:53 -07:00
Stephane Nicoll abfd139d8f Fix `spring.application.exclude` YAML property
`spring.application.exclude` is retrieved via the
`RelaxedPropertyResolver` API explicitly and it does not have any
standard API to retrieve a list of values. As a consequence that property
could only be specified as a comma-separated value.

This felt convoluted in YAML. `RelaxedPropertyResolver` has now a
`getProperties` method that works with both comma-separated value and
index elements (i.e. list).

Closes gh-4352
2015-10-30 17:23:40 +01:00
Andy Wilkinson 02d7e2826c Don’t call ignoring.antMatchers([]) as empty array now maps to /**
Previously, if security.ignored was set to none and the error controller
was disabled, there would be no paths to ignore and we would call
IgnoredRequestConfigurer.antMatchers with an empty array. While a bit
pointless, this had no effect on Spring Security’s configuration.

This behaviour has changed in the latest 4.0.3 snapshots [1]. An empty
array passed to IgnoredRequestConfigurer.antMatchers now maps to /**. As
Spring Boot configures its ignored paths with highest precedence this
means that security is now disabled for every path.

This commit updates both the management security and application
security configuration to avoid calling antMatchers with an empty
array, thereby ensuring that we don’t inadvertently ignore every path.
Even if the change to Spring Security is reverted we can keep this
change. The behaviour will remain the same and, arguably, it makes the
intent of our configuration clearer.

Closes gh-4345

[1] 8663ac4173
2015-10-30 11:26:00 +00:00
Stephane Nicoll 00e207dcaf Temporary fix the build
See gh-4345
2015-10-30 10:13:54 +01:00
Andy Wilkinson eaa4d900eb Update auto-configured ParameterNamesModule to use DEFAULT creator mode
The PROPERTIES creator mode has the unfortunate side-effect of stopping
mixins from working. This commit updates the auto-configured module to
use the DEFAULT creator mode instead.

Closes gh-4336
2015-10-29 15:41:04 +00:00
Stephane Nicoll 7742dafccf Improve meta-data description 2015-10-29 16:31:34 +01:00
Stephane Nicoll 10a079fb07 Polish contribution
Closes gh-4316
2015-10-29 11:09:43 +01:00
Kyle Lieber c6783e8663 Add missing properties to OAuth2AutorizationServer
Make sure that `autoApprove`, `accessTokenValiditySeconds`, and
`refreshTokenValiditySeconds` properties from the `ClientDetails`
are used

Closes gh-4306
2015-10-29 10:39:01 +01:00
Andy Wilkinson 04c87138b4 Add missing javadoc to AuthorizationServerProperties 2015-10-29 09:19:51 +00:00
Dave Syer ae0eed5bf5 Be more defensive about exceptions from resource
Otherwise you can get an exception here that is unuseful, e.g. from
a ServletContext that isn't properly initialized.
2015-10-29 08:41:51 +00:00
Dave Syer abd7bc0466 Add OAuth2 resource server sample
Shows how to use @EnableResourceServer in a pure resource
server and configure the secure paths.
2015-10-29 08:41:51 +00:00
Stephane Nicoll 3740c817d3 Ensure that `@ConfigurationProperties` is mandatory
Previously it was possible to bind a bean to the root prefix by just
adding `@EnableConfigurationProperties` with the class of said bean.

 This use case is misleading and prevents any meta-data to be generated
 for that object since the annotation processor reacts on the presence of
 the `@ConfigurationProperties` annotation.

 If a class is included in the list of configuration properties bean to
 create via the `@EnableConfigurationProperties` annotation we now make
 sure that the `@configurationProperties` annotation is present on it.

 Closes gh-3460
2015-10-28 20:12:13 +01:00
Johnny Lim f76322263b Remove unnecessary String concatenation
Closes gh-4330
2015-10-28 18:12:52 +01:00
Stephane Nicoll 90a4d1df2b Polish contribution
Closes gh-4317
2015-10-28 18:12:02 +01:00
Vedran Pavic 40351c40ed Fix binding of Flyway's baselineVersion property
See gh-4317
2015-10-28 18:12:02 +01:00
Andy Wilkinson 791c50d1e7 Add an integration test to verify filter ordering
We have some requirements for filter ordering:

1. The character encoding filter must go first
2. Spring Session’s filter should go early
3. RequestContextFilter should go late so that it any request wrapping
   performed by other filters is reflected in the request that’s set
   in the RequestContextHolder
4. Spring Security’s Filter must go after RequestContextFilter so that
   any code called by Filters in Spring Security’s Filter chain can
   retrieve the request from RequestContextHolder, for example
   OAuth2ClientContextFilter.

See gh-4331
2015-10-28 16:58:34 +00:00
Andy Wilkinson 222ca74c62 Fix Checkstyle violations 2015-10-28 12:49:40 +00:00
Andy Wilkinson c4122b8f8d Work around brittle annotation scanning in Mojarra
FacesListener in Mojarra 2.2.12 (used in Glassfish 4.1.1) is a
ServletContainerInitializer that’s annotated to handle types annotated
with javax.annotation.Resource.
OAuth2RestOperationsConfiguration.SessionScopedConfiguration is one such
class. This leads to com.sun.faces.config.DelegatingAnnotationProvider
calling getAnnotations on SessionScopedConfiguration.class. This fails
with a java.lang.ArrayStoreException due to SessionScopedConfiguration
being annotated with @ConditionalOnBean(OAuth2ClientConfiguration) and
OAuth2ClientConfiguration not being on the classpath.
DelegatingAnnotationProvider currently catches NoClassDefFoundErrors
thrown during its annotation processing. It needs to be made more
robust so that it also copes with an ArrayStoreException, in a similar
way to how org.glassfish.apf.impl.AnnotationProcessorImpl was updated to
fix GLASSFISH-21265 [1]. I’ve opened an issue to this effect [2].

In the meantime, we can work around the brittleness in
DelegatingAnnotationProvider by restructuring
SessionScopedConfiguration. This commit moves the use of @Resource into
a nested inner class, ClientContextConfiguration, while leaving the use
of @ConditionalOnBean on SessionScopedConfiguration. This means that it
is now ClientContextConfiguration that is passed to FacesListener and
processed by DelegatingAnnotationProcessor, thereby avoiding exposing
it to the @ConditionalOnBean annotation that it does not handle
gracefully. A Glassfish-based deployment test has also been added to
verify the fix.

Closes gh-2079
Closes gh-4321

[1] https://java.net/jira/browse/GLASSFISH-21265
[2] https://java.net/jira/browse/JAVASERVERFACES-4076
2015-10-28 12:18:22 +00:00
Dave Syer 5c0ef308aa Test that client-id can be hyphen or camel-cased 2015-10-28 11:50:31 +00:00
Johnny Lim 396bea22b9 Polish docs
See gh-4309
2015-10-27 08:58:12 +01:00
Phillip Webb 15fbb8ddf9 Polish 2015-10-20 13:57:21 -07:00
Phillip Webb c2a46b8e3b Polish 2015-10-20 13:53:29 -07:00
Phillip Webb 673b4f6de5 Merge branch '1.2.x' 2015-10-20 13:52:45 -07:00
Phillip Webb cfbac20807 Ensure ErrorControllers work when using AOP
Add a BeanFactoryPostProcessor to set PRESERVE_TARGET_CLASS_ATTRIBUTE
to true on all ErrorController bean definitions. Without this attribute
AOP advice on @Controllers causes ErrorController beans to be created
as JDK proxies (since they implement a single valid looking interface)
and therefore not get found by Spring MVC.

Fixes gh-4236
2015-10-20 13:42:38 -07:00
Stephane Nicoll bc0eb996ff Polish contribution
Closes gh-4202
2015-10-20 11:35:35 +02:00
Eddú Meléndez 396cf76ef5 Add spring.jersey.path property
Provide a property to customize the application path that serves as the
base URI for a JAX-RS compliant application. If both `spring.jersey.path`
and an `@ApplicationPath` are present, the property takes precedence.

Closes gh-4201
2015-10-20 10:55:43 +02:00
Phillip Webb 89fe0794a9 Switch RequestContextListener to Filter
Update WebMvcAutoConfiguration to use a RequestContextFilter instead of
a RequestContextListener.

Using a filter is required for some Spring Session operations (see
https://github.com/spring-projects/spring-session/issues/129).

This update also has the added benefit of allowing the Response to be
accessed from RequestContextHolder.getRequestAttributes() by casting it
to ServletRequestAttributes.

Fixes gh-2637
2015-10-19 16:05:37 -07:00
Phillip Webb 634bb770b2 Organize imports with new settings
See gh-4234
2015-10-19 12:58:34 -07:00
Phillip Webb 1e4d974ec0 Merge remote-tracking branch 'local12x/1.2.x' 2015-10-19 12:56:55 -07:00
Phillip Webb a79131f8d2 Organize imports with new settings
See gh-4234
2015-10-19 12:55:44 -07:00
Stephane Nicoll fd525077bd Improve HornetQ/Artemis embedded tests
Previously, HornetQ and Artemis tests were using a test configuration
class listing the configuration classes to use explicitly in the purpose
of disabling the XA support.

This had a very unfortunate side effect for Artemis as we forgot to add
an import on the "real" configuration and this got unnoticed because of
this duplication.

It turns out that this special configuration class is no longer necessary
as XA backs off automatically anyway now. The tests have been updated
to use the regular auto-configuration and were failing with Artemis. The
import has now be added.

Closes gh-4226
2015-10-19 11:46:15 +02:00
Spring Buildmaster 2b38a861e3 Next Development Version 2015-10-16 05:57:24 -07:00
Andy Wilkinson 56977c037d Merge branch '1.2.x' 2015-10-16 11:19:14 +01:00
Andy Wilkinson c236db04ef Ignore parent contexts in message source auto-configuration
This commit applies the changes made in 68b55ad to 1.2.x (it was
originally only made in 1.0.x and master). It also adds some tests.

Closes gh-3803
2015-10-16 11:07:39 +01:00
Stephane Nicoll 092b2aa4e7 Polish
See gh-4191
2015-10-15 10:38:28 +02:00
Phillip Webb 922f8b6ba6 Add `server.session.store-dir` support
Add support for a `server.session.store-dir` property which can be used
to specify where session data source be saved.

Fixes gh-4191
2015-10-14 22:56:01 -07:00
Phillip Webb 143536f72d Polish 2015-10-14 12:52:38 -07:00
Andy Wilkinson f770dbab52 Apply HttpMessageConverter auto-config to form part converters
Closes gh-3525
2015-10-14 17:36:04 +01:00
Stephane Nicoll 266335339d Extract BindingResult if necessary
Previously, no `errors` attribute is made available in the standard JSON
error document if a request body object is invalid. This is due to the
fact that the framework throws a `MethodArgumentNotValidException holding
a `BindingResult` object that was not detected.

We now make sure to extract the `BindingResult` from such exception.

Closes gh-4166
2015-10-14 13:29:16 +02:00
izeye 033823f493 Disable SecurityFilterAutoConfiguration when spring-security-web is missing
Previously, SecurityFilterAutoConfiguration would be created even if
spring-security-web was not on the classpath. This didn't cause a
failure as all of its beans were disabled. It was, however, wasteful,
as the configuration class was processed and a bean created for it
unnecessarily.

This commit makes the whole class conditional on the presence of
spring-security-web so that it will be skipped entirely when the
dependency is not available.

Closes gh-4160
2015-10-14 10:16:31 +01:00
Phillip Webb ff0daa8d5c Use DelegatingFilterProxy for Spring Security
Update SecurityFilterAutoConfiguration to use a DelegatingFilterProxy
filter rather directly referencing the springSecurityFilterChain bean.

Using a DelegatingFilterProxy helps to prevent early initialization of
beans and makes Spring Security work in a similar to way to if were
installed in a regular WAR deployment.

Fixes gh-4154
2015-10-14 00:20:25 -07:00
Andy Wilkinson 3e79647b35 Fix import ordering 2015-10-13 16:02:25 +01:00
Andy Wilkinson 25e719f549 Fix handling of security.headers.* to allow headers to be disabled
Spring Security 4’s default configuration will, irrespective of any
other header writers that are added, enable writers for the following
headers:

 - X-Content-Type
 - X-XSS-Protection
 - Cache-Control
 - X-Frame-Options

Previously, SecurityProperties.headers used false as the default for the
properties that enable or disable these headers but the configuration is
only applied when the properties are true. This left us with the right
default behaviour (the headers are enabled) but meant that the
properties could not be used to switch off the headers.

This commit changes the defaults for the four properties to true and
updates SpringBootWebSecurityConfiguration to only apply the
configuration when the properties are false. This leaves us with the
desired defaults while allowing users to disable one or more of the
properties by setting the relevant property to false.

Closes gh-3517
2015-10-13 15:43:57 +01:00
Stephane Nicoll 8e0a94f1d7 Make sure Caching is initialized before JPA support
The second level cache of Hibernate can be configured with dedicated
factories that look up for the presence of a cache infrastructure. As
Hibernate shouldn't have to know about Spring, that lookup is done
against the respective proprietary APIs.

We now make sure that caching (and the general purpose Hazelcast
auto-configuration) is fully processed before JPA kicks in. In particular
an explicit `dependsOn` attribute on those beans is added when they are
processed.

Closes gh-4158
2015-10-13 10:54:15 +02:00
Stephane Nicoll 00af1f5c10 Flag main MbeanExporter `@Primary`
When the actuator is enabled, Spring Boot provides two `MBeanExporter`
bean definitions: a general purpose one and a dedicated one for Actuator
endpoints.

This commit flag the general purpose one `@Primary` so that component
can safely inject it by type if necessary. In particular, this fix the
doc of the `JmxMetricWriter`.

Closes gh-4007
2015-10-12 11:43:16 +02:00
Stephane Nicoll fb4cc718c2 Reuse existing ElasticSearch client
Instead of always creating a new ElasticSearch client, we now check for
the presence of a custom bean configuration and use that if it's
available.

Closes gh-4143
Closes gh-4146
2015-10-12 09:47:48 +02:00
Phillip Webb 877e6e034c Polish 2015-10-09 17:08:28 -07:00
Phillip Webb b6667e8495 Reformat code using Spring code formatter plugin 2015-10-09 13:54:33 -07:00
Phillip Webb 6333426cbf Reformat package-info.java files with Eclipse Mars 2015-10-09 13:54:25 -07:00