Update `SpringApplication` so that the `DefaultPropertiesPropertySource`
is moved to the end after `@PropertySource` annotations have been
processed. This restores functionality that used to be handled by
the `ConfigFileApplicationListener` and was inadvertently dropped
when the `ConfigDataEnvironmentPostProcessor` was developed.
Fixes gh-31068
In all likelihood there will not be a 2.9 release so this commit
updates the message for deprecations made in 2.7 to indicate that
removal will not occur until 3.0.
See gh-30903
Since version 2.15.0 `log4j-jul` contains a `Log4jBridgeHandler`,
that forwards JUL to Log4j 2.x and synchronizes the logger levels of
the two frameworks.
This commmit adds support for the `Log4jBridgeHandler` and sets it as
the bridge handler for the Log4j 2.x stack, replacing the existing
JUL to SLF4J bridge that was used previously.
See gh-30003
Fix package tangle by changing `ApplicationContextFactory.DEFAULT` to
use `spring.factories` to discover implementations rather than needing
direct access to our own `ApplicationContext` classes.
Closes gh-30272
This commit adds the ability to configure SSL in embedded web containers
using PEM-encoded certificate and private key files, as an alternative
to configuring SSL with Java KeyStore files.
Closes gh-29273
All `FailureAnalyzer` implementations should use constructor
injection for `BeanFactory` and `Environment` instead of implementing
`BeanFactoryAware` or `EnvironmentAware` interfaces.
Fixes gh-30585
This works around spring-projects/spring-framework#28298. The bug
means that when a @Configuration class is annotated with
@ConfigurationProperties any bean defined by a static @Bean method
is considered to be annotated with @ConfigurationProperties.
See gh-30068
- Adds a new @DisableOnOs annotation, which is inspired from JUnit5s
@DisableOnOs annotation. This new annotation supports the architecture
and is repeatable
Closes gh-30082
There's a known issue [1] where property expansion changes the input
files line endings to the operating system's default. This causes
problems for us on Windows as the line endings become \r\n which
breaks our formatting checks.
This commit tunes the checkFormatMain task to exclude the generated
source files from checking. In their place, the original templates
are added. This ensures that the inputs are correctly formatted and,
therefore, that the output should be too (other than the line endings
on Windows).
Closes gh-30039
[1] https://github.com/gradle/gradle/issues/1151
This commit clarifies the build as a test needs inject-api and it works
only by side effect as another library has repackaged this API.
Closes gh-29990
This commit adds support for instantiating FailureAnalyzer
implementations with BeanFactory and/or an Environment constructor
arguments and deprecates support for setter injection of these values
using BeanFactoryAware and EnvironmentAware.
Closes gh-29811
Prior to this change, SpringApplication would register contexts to
SpringApplicationShutdownHook and only deregister them when they're
properly closed. A failed refresh attempt does not deregister the
context from the shutdown hook.
When a test suite runs lots of tests failing because of failed contexts,
this can build up and consume lots of resources.
This commit fixes this leak and deregisters failed contexts.
Fixes gh-29874
This commit makes @ConstructorBinding optional for a type
that has a single parameterized constructor. An @Autowired annotation
on any of the constructors indicates that the type should not be constructor
bound.
Since @ConstructorBinding is now deduced for a single parameterized constructor,
the annotation is no longer needed at the type level.
Closes gh-23216
The regular expression in the new test is intended to match the
documented [1] ABNF for a media type:
type-name = reg-name
subtype-name = reg-name
reg-name = 1*127reg-name-chars
reg-name-chars = ALPHA / DIGIT / "!" /
"#" / "$" / "&" / "." /
"+" / "-" / "^" / "_"
Closes gh-29746
[1] https://datatracker.ietf.org/doc/html/rfc4288#section-4.2
Previously, the error page security filter passed the request's URI
to the privilege evaluator. This was incorrect in applications with
a custom context path as the privilege evaluator must be passed a
path that does not include the context path and the request URI
includes the context path.
This commit updates the filter to use UrlPathHelper's
pathWithinApplication instead. The path within the application does
not include the context path. In addition, pathWithinAppliation
also correctly handles applications configured with a servlet
mapping other than the default of /.
Closes gh-29299
Co-Authored-By: Andy Wilkinson <wilkinsona@vmware.com>
This commit updates DatabaseInitializationDependencyConfigurer so that
it does not inject the Environment anymore. Doing so in such a low-level
callback can lead to early resolution of factory beans. Rather, this
commit uses the EnvironmentAware callback that short-circuit dependency
resolution.
Closes gh-29475
Update `ConfigDataEnvironmentContributor.isActive` so that unbound
imports are no longer considered active. Prior to this commit, any
`ConfigDataEnvironmentContributor` that had `null` properties was
considered active. This is incorrect for `Kind.UNBOUND_IMPORT`
contributors since we haven't yet bound the `spring.config.*`
properties.
The `ConfigDataEnvironmentContributorPlaceholdersResolver` has been
updated to handle the refined logic. A placeholder can now be resolved
from the current contributor, or from an unbound contributor by binding
it on the fly.
Fixes gh-29386
Refine the logic introduced in 64270eca to use a side-effect free
Environment implementation rather than converting the Environment early.
Early conversion can cause condition evaluation issues if
`src/test/resources/application.properties` files are bound to the
`SpringApplication`. Specifically the `spring.main.web-application-type`
property can change the `Environment` type which must happen before
conditions are evaluated.
Fixes gh-29169
Prior to this commit, the `ErrorPageSecurityFilter` verified if
access to the error page was allowed by invoking the
`WebInvocationPrivilegeEvaluator` with the Authentication from the
`SecurityContextHolder`.
This meant that access to the error page was denied for a `null` Authentication
or `AnonymousAuthenticationToken` in cases where the error page required
authenticated access. This prevented authorized users from accessing the
error page in case the Authentication wasn't retrievable for the error dispatch,
which is the case for `@Transient` authentication or stateless session policy.
This commit updates the `ErrorPageSecurityFilter` to check access to the error page
only if the error is an authn or authz error in cases where an authentication object
is not found in the SecurityContextHolder. This makes the error response consistent
when bad credentials or no credentials are used while also allowing access to previously
authorized users.
Fixes gh-28953
When `setUseCodeAsDefaultMessage(true)` was set on a message source,
attempting to interpolate the default message returned from the message
source would result in the code being unusable by upstream message
resolvers.
Fixes gh-28930
Update `ErrorPageSecurityFilter` to defensively check that the
`DispatcherType` is `ERROR`. Although this check isn't necessary
for regular applications, it is needed if MockMvc is being used.
Fixes gh-28759
This commit aligns `SpringBootTest`s to also use `ApplicationEnvironment`
instead of `StandardEnvironment`. This prevents the side-effect of active
profiles from `@ActiveProfiles` from being added to the environment when
doGetActiveProfiles is called. In this case, calling `addActiveProfiles()`
in the environment post processor would result in `@ActiveProfiles` being
added to the environment first, resulting in the wrong order.
The additional call to `setActiveProfiles()` is also not necessary when using
ApplicationEnvironment because that call was put in place to prevent the side-effect
which `ApplicationEnvironment` does not have.
Fixes gh-28530
The charset "default" is an alias for US-ASCII, not the JVM's default
charset. This commit updates the built-in Logback configuration to
use Charset.defaultCharset().name() in place of "default" in the
Java-based configuration. In the XML-based configuration where
Charset.defaultCharset().name() cannot be called, we emulate its
behaviour [1] by using the file.encoding system property, falling back
to UTF-8 when it's not set.
Fixes gh-27230
[1] 19be6113dd/jdk/src/share/classes/java/nio/charset/Charset.java (L604-L617)
Update Tomcat, Jetty and Undertow `ServletWebServerFactory`
implementations so that they can write SameSite cookie attributes.
The session cookie will be customized whenever the
`server.servlet.session.cookie.same-site` property is set.
Other cookies can be customized with the new `CookieSameSiteSupplier`
interface which can be registered using `@Bean` methods.
Closes gh-20971
Co-authored-by Andy Wilkinson <wilkinsona@vmware.com>
Relocate the recently introduced `spring.webflux.session` properties
to `server.reactive.session` and create a unified `Cookie` properties
class.
Reactive session properties now mirror the existing
`server.servlet.session` properties and better reflect the fact that
they are related to the server and not just for WebFlux.
See gh-26714
While still present and marked as deprecated, the getPassword()
method on UCP's PoolDataSource has been implemented to throw a
NoSuchMethodError making it useless for our purposes.
This commit updates DataSourceBuilder to avoid using the getter. This
means that a password must now be provided when trying to derive a
new DataSource from an existing PoolDataSource.
Closes gh-28127
Add `MutuallyExclusiveConfigurationPropertiesException` and a related
failure analyzer so that a nice message can be displayed if more than
one mutually exclusive property is defined.
Closes gh-28121
Co-authored-by: Phillip Webb <pwebb@vmware.com>
Previously, the detector for AbstractDataSourceInitializers used the
default detector order. This resulted in the initializers detected
initializers running before Flyway. Constrastingly, the detector for
DataSourceScriptDatabaseInitializers uses a custom order so its
detected initializers would run after Flyway.
This commit aligns the order of the detector for
AbstractDataSourceInitializers with the order of the detector for
DataSourceScriptDatabaseInitializers. This ensures that script-based
initialization runs in the same order with respect to Flyway,
irrespective of which initializer implementation is driving it.
Fixes gh-28079
Previously, SpringApplicationShutdownHook would always register a
shutdown hook, even if SpringApplication was configured not to
use a shutdown hook, such as in a war deployment. This could
result in a memory leak when the war was undeployed. The shutdown
hook registered by SpringApplicationShutdownHook would remain
registered, pinning the web application's class loader in memory.
This commit updates SpringApplicationShutdownHook so that it
registers a shutdown hook with the JVM lazily, upon registeration
of the first application context.
Fixes gh-27987
This commit reworks the configuration properties registrar to use
RootBeanDefinition and a standard attribute rather than relying on
a package private sub-class. This allows other components to inspect
the metadata if necessary.
Closes gh-27821
Add `CustomNumberEditor` and `CustomBooleanEditor` to the editor
exclusions sine the regular `ConversionService` should be able to
handle them.
Closes gh-27829
Update `TypeConverterConverter` do that a new `SimpleTypeConverter` is
obtained for each `convert` operation. Prior to this commit the same
`SimpleTypeConverter` could be accessed concurrently from multiple
threads which is not allowed.
Fixes gh-27829
Some of the Jetty graceful shutdown tests were flaky due to the way
in which Jetty behaves when it is stopped.
Stopping the Jetty web server interrupts the thread that's handling
the active request. This initiates a race between the request-handling
thread which will decrement the number of active requests and the
main thread which expects an active request to cause the shutdown
result to be REQUESTS_ACTIVE. The test passes when the main thread
wins and fails as a request is active which it's checked. When the
request-handling thread wins the test fails as the count of active
requests has been deprecated before it is checked.
The blocking servlet that's used to stall a request and keep it
active needs to be updated to ignore the thread being interrupted
and continue waiting. This will ensure that a request remains active
until the main thread has checked the active request count and
determine the result of the shutdown.
Closes gh-27464
Previously, database initializers were detected and were configured
with dependencies based on their detection order. For example, if
detectors a, b, and c detected initializers a1, b1, b2, and c1,
c1 would depend on b2, b2 on b1, and b1 on a1:
------ ------ ------ ------
| c1 | --> | b2 | --> | b1 | --> | a1 |
------ ------ ------ ------
This could cause a dependency cycle in certain situations, for
example because the user had already configured b1 to depend on b2.
This commit reduces the risk of a cycle being created by batching
the initializers by their detector, with dependencies being
configured between each batch rather than between every initializer.
In the example above, this results in c1 depending on b1 and b2,
and b1 and b2 depending on a1:
------
------ | b1 | ------
| c1 | --> | | --> | a1 |
------ | b2 | ------
------
As b1 and b2 were detected by the same detector, no dependency
between those initializers is defined.
Closes gh-27131
Previously, the presence of a file with the same name
as an optional wildcard location would cause a failure. With
this change the pattern is resolved only if the resource is a
directory.
Additionally, if an optional wildcard search location that was a file
would also fail with an exception. This commit fixes that so that those
locations are not resolved.
Fixes gh-27120
Fixes gh-27209
Previously, SpringApplicationShutdownHook would call close() on any
registered application context even if it wasn't active as it had
already been closed. This could lead to deadlock if the context was
closed and System.exit was called during application context refresh.
This commit updates SpringApplicationShutdownHook so that it only
calls close() on active contexts. This prevents deadlock as it avoids
trying to sychronize on the context's startupShutdownMonitor on
the shutdown hook thread while it's still held on the main thread
which called System.exit and is waiting for all of the shutdown hooks
to complete.
Fixes gh-27049
Update `Instantiator` so that it can accept a `ClassLoader` when
creating instances and rework `EnvironmentPostProcessorsFactory` to
use the new methods.
Prior to this commit we would use the `ClassLoader` to get the class
names from `SpringFactories` but not when actually creating the
instances.
Fixes gh-27043
Previously, Log4j2's own shutdown hook was only disabled when Log4j2
detected javax.servlet.Servlet on the classpath and, therefore,
determined that it was running in a web application. In an application
without Servlet on the classpath, this could lead to both Log4j2's shut
down hook and and logging system's shutdown handler both stopping
Log4j2. This could result in a failure as the second attempt at stopping
would result in reinitialization which would fail as the JVM is already
shutting down.
This commit introduces a new Log4j2 PropertySource implementation,
registered via META-INF/services, that sets the
log4j.shutdownHookEnabled property to false. This will ensure that
Log4j2's own shutdown hook is disabled by default whenever Spring Boot
is on the classpath and not just in Servlet-based web applications.
Fixes gh-26953
Effectively revert commit 0da0d2d46 so that the `resolveProfileSpecific`
method of `ConfigDataLocationResolver` is again called when resolving
imports declared in a profile-specific file.
Fixes gh-26960
This commit modifies the output of BeanNotOfRequiredTypeFailureAnalyzer
to include type information for both the actual and the required types
and to remove ambiguity.
Fixes gh-26821
Add `SpringApplicationShutdownHook` to manage orderly application
shutdown, specifically around the `LoggingSystem`. `SpringApplication`
now offers a `getShutdownHandlers()` method that can be used to add
handlers that are guaranteed to only run after the `ApplicationContext`
has been closed and is inactive.
Fixes gh-26660
Change the order of `DataSourceScriptDatabaseInitializerDetector` so
that it always runs last. This update allows script initialization to
be combined with a high-level migration tool such as Flyway.
Closes gh-26692
Update `DatabaseInitializationDependencyConfigurer` so that depends-on
ordering is applied based on the `DatabaseInitializerDetector` order.
Prior to this commit, if multiple DatabaseInitializer beans were
detected the order in which they were initialized was not defined.
See gh-26692
Update `ConfigurationPropertySourcesPropertyResolver` so that calls to
the `DefaultResolver` do not attempt conversion.
Prior to this commit, the delegate resolver was accidentally called
with the target type which could cause a `ConversionFailedException`
to be thrown. We should have always used `Object.class` and let the
`convertValueIfNecessary` method perform conversion.
Fixes gh-26732
Allow groups to be used with standard locations so that order of
profile-specific files is consistent.
Prior to this commit, the default search locations considered for
application properties/yaml files was the following:
optional:classpath:/
optional:classpath:/config/
optional:file:./
optional:file:./config/
optional:file:./config/*/
Each of these locations was independent which could cause confusion
if certain combinations were used. For example, if profile-specific
files were added to `classpath:/` and `classpath:/config/` then the
latter would always override the former regardless of the profile
ordering.
This commit updates `StandardConfigDataLocationResolver` so that a
group of locations can be specified for each item. This allows us to
define the following set of search locations which provide more logical
ordering for profile-specific files
optional:classpath:/;optional:classpath:/config/
optional:file:./;optional:file:./config/;optional:file:./config/*/
Closes gh-26593
Update the `ConfigDataEnvironment` so that the `resolveProfileSpecific`
method of `ConfigDataLocationResolver` is no longer called when
resolving imports declared in a profile-specific file.
Fixes gh-26753
Update `StandardConfigDataLocationResolver` so that profile-specific
imports can only be used when there is no parent import.
Prior to this commit, given the following application.properties file:
spring.profiles.active=p1,p2
spring.config.import=other.properties
We would attempt to import `other.properties`, `other-p1.properties`
and `other-p2.properties`. This seems quite confusing and when we really
only need to support profile-specific properties for the initial root
set of locations.
Fixes gh-26752
This commit aligns int and long so that a random number is generated
by delegating to ints/longs in the JDK's Random API. In the case of a
single bound value, it needs to be greater than 0 because 0 is used as
the lower bound.
Fixes gh-26628
Previously, LoggingSystem#get would chose Logback by the sole presence
of a class in logback-core, with the assumption that logback-classic is
also on the classpath. An app that only had the former would therefore
fail.
This commit updates the condition to check for a class in
logback-classic instead.
Closes gh-26711
Fix `DataSourceBuilder` so that the type used to access `deriveFrom`
properties is based on the actual instance type rather than the
user-defined type which could have been changed.
Fixes gh-26644
Update `DataSourceBuilder` so that the `driverClassName` may be optional
and silently ignored if it set but the underlying type does not have
a getter/setter.
This restores Spring Boot 2.4 behavior.
Fixes gh-26631
Co-authored-by: Phillip Webb <pwebb@vmware.com>
Update `DataSourceBuilder` so that setters are not longer called for
`null` values. This restores Spring Boot 2.4 behavior.
Fixes gh-26633
Co-authored-by: Phillip Webb <pwebb@vmware.com>
Update `DataSourceBuilder` so that the url property attempts both
`getUrl()` / `setUrl(...)` and `getURL()`/`setURL(...)`.
Fixes gh-26647
Co-authored-by: Phillip Webb <pwebb@vmware.com>
Update `StandardConfigDataLocationResolver` so that directory resources
are only required when the location is not optional.
Closes gh-26627
Co-authored-by: Phillip Webb <pwebb@vmware.com>
Update `ConfigData` so that it signal if is considered optional. This
update allows `ConfigDataLocationResolvers` to return results that
behave in the same way as `optional:` prefixed locations without the
user themselves needing to prefix the location string.
Closes gh-25894
Update `StandardConfigDataLocationResolver` to deal with patterns when
resolving empty directories. This update also fixes the handling of
mandatory pattern locations which would previously throw an exception.
The error message returned when a location with a pattern does not
contain any subdirectories has also been improved.
Fixes gh-26468
Fixes gh-26577
Fixes gh-26415
Update `Profiles` so that any profiles set programmatically on the
`Environment` are merged with `spring.profiles.active` properties.
Fixes gh-26151
Co-authored-by: Phillip Webb <pwebb@vmware.com>
Previously, @ConfigurationProperties was not annotated with @Indexed.
This meant that @ConfigurationPropertiesScan would not be able to
find them when the underlying
ClassPathScanningCandidateComponentProvider is using a
CandidateComponentsIndex.
This commit annotated @ConfigurationProperties with @Indexed so that
they can be found by index-based scanning.
Fixes gh-26459
Update `BufferingApplicationStartup` to use thread safe data structures.
Prior to this commit, it was possible for calls from different threads
(for example due to request scope beans) to cause a
NoSuchElementException to be thrown.
Closes gh-25792
Previously, classes involved in config loading used a variety of
potentially different class loaders when calling SpringFactoriesLoader.
Some classes would use their own class loader and others would use null
which results in SpringFactoriesLoader's class loader being used.
This commit updates the config loading classes to consistently use the
resource loader's class loader.
Fixes gh-26126
Additional profiles were being processed after config file processing
when legacy processing was used.
This commit also restores the order in which additional profiles are added
when legacy processing is used.
Active profiles take precedence over additional profiles.
See gh-25817
Additional profiles were being processed after config file processing
when legacy processing was used.
This commit also restores the order in which additional profiles are added
when legacy processing is used.
Active profiles take precedence over additional profiles.
See gh-25817
Update `ConfigDataEnvironment.checkMandatoryLocations` to use the
actual locations that were imported, including those that were skipped
because the related `ConfigDataResource` had already been imported by a
different location.
Prior to this commit, any location that was skipped because it had
already been imported would throw a `ConfigDataNotFoundException`.
Closes gh-26147
Co-authored-by: Scott Frederick <sfrederick@vmware.com>
Co-authored-by: Madhura Bhave <mbhave@vmware.com>
Update `StandardConfigDataLoader` to mark profile specific files with
`Option.PROFILE` so that they are added in the correct order. This is
a variation of the same issue described in commit 5774ea3f0c.
Closes gh-26400
Co-authored-by: Scott Frederick <sfrederick@vmware.com>
Co-authored-by: Madhura Bhave <mbhave@vmware.com>
This commit updates config data property binding to ignore empty
elements in `spring.config.location` and `spring.config.import`
property values when a value is a comma-delimited string
representing a collection.
Fixes gh-26342
Phillip Webb
Andy Wilkinson
izeye
Piotr P. Karwasz
Madhura Bhave
Scott Frederick
Stephane Nicoll
Guirong Hu
prd
Brian Clozel
qxo
dugenkui
Moritz Halbritter
dugenkui03
Chris Hut
Vikey Chen
Moritz Halbritter
Pavel Anisimov
gcoppex
Henning Poettker
Yanming Zhou
minkyu-jo
Lachlan Roberts
Jonatan Ivanov
Stefano Cordio
Artur Signell
Leo Li
Guillaume Husta
fml2
dreis2211
Susmitha
smoothbear
bono007
Julien Dubois
wuwen
Dmytro Nosan
saraswathy-krish
marckchr
fengyuanwei
Sviatoslav Hryb
Jamin Hitchcock
weixsun
ChangYong
nguyensach