This commit improves support of the Resource Handling features
introduced in Spring Framework 4.1. Those features add new ways to
resolve and transform static resources in applications.
See [this blog
post](https://spring.io/blog/2014/07/24/spring-framework-4-1-handling-static-web-resources)
for more details.
The `ResourceUrlEncodinFilter` is added for compatible template engines:
Velocity and Thymeleaf. It assists them with rewriting the URLs of
static resources when rendering templates.
New keys are added in the `ResourceProperties` in order to configure
the Resource Handling chain. `ResourceResolvers` and
`ResourceTransformers` are registered accordingly in
`WebMvcAutoConfiguration`.
Here is an example of enabling a `ContentVersionStrategy` on all
static resources, meaning their names will be changed for cache
busting purposes by adding a content hash at the end of the file name.
Like "/js/jquery.js -> /js/jquery-872ca6a9fdda9e2c1516a84cff5c3bc6.js".
```
spring.resources.chain.enabled:true
spring.resources.chain.strategy.content.enabled:true
spring.resources.chain.strategy.content.paths:/**
```
Closes gh-1604
Closes gh-3123
Previously, an address that ended in a "/" would result in the virtual
host being an empty string. This was inconsistent with setVirtualHost
which would map an empty string to "/".
This commit updates the address parsing logic to call setVirtualHost
rather than assigning the value directly to this.virtualHost. This
ensures that the special handling for an empty string is applied
consistently.
Closes gh-3304
Update ElasticsearchAutoConfiguration to allow `http.enabled` and
`node.local` settings to be specified by ElasticsearchProperties.
Fixes gh-2805
Closes gh-2913
Add auto-configuration support for Apache Artemis which was formed when
HornetQ was donated to the Apache Foundation. The majority of this code
is based on the HornetQ auto-configuration.
Fixes gh-3154
Closes gh-3246
This commit adds support for automatically configuring Spring Session.
In a web application when both Spring Session and Spring Data Redis
are on the classpath, Spring Session's Redis Http Session support
will be auto-configured. The max inactive interval for Redis-backed
sessions can be configured via the environment using the existing
server.session-timeout property.
Closes gh-2318
Migrate `spring.view.prefix` and `spring.view.suffix` to
`spring.mvc.view.prefix` and `spring.mvc.view.suffix` respectively. The
former properties are still handled in a backward compatible way and are
defined as deprecated in the meta-data.
Closes gh-3250
Improve SpringApplicationAdminMXBean to expose additional information:
* Whether the application uses an embedded container
* The properties exposed by the `Environment`
This allows to know if the application is web-based and the HTTP port
on which it is running.
Closes gh-3067
Update MongoAutoConfiguration to create a `MongoClient` bean rather than
`Mongo` and update `MongoDataAutoConfiguration` to remove the call to
the deprecated `SimpleMongoDbFactory`.
Fixes gh-3105
Closes gh-3126
Add a new `spring.mvc.async.request-timeout` property which can be used
to configure AsyncSupportConfigurer.setDefaultTimeout(..).
Fixes gh-2900
Closes gh-3236
Create an EmbeddedVelocityToolboxView which supports loading toolbox.xml
files from the application classpath as well as the ServletContext. The
VelocityAutoConfiguration class has been updated to use the new view.
This change allows the `spring.velocity.toolbox-config-location`
property to work with embedded servlet containers.
Fixes gh-2912
CacheConfigFileCondition was not properly tested, leading to various
potential source of errors (that last one being gh-3233). This condition
is now tested properly.
This is related to 38cca9c but for the Rabbit support. Update
RabbitAnnotationDrivenConfiguration to only associate a JTA transaction
manager, if any.
Closes gh-3222
Make sure that the EhCache support is triggered if
`spring.cache.ehcache.config` is set and the cache type is set to `auto`.
Same thing for Hazelcast.
Closes gh-3227
It can just catch all exceptions from the remote /user endpoint
because in a resource server it needs to throw `InvalidTokenException`
and in an SSO setting it will never be called.
Fixes gh-3205
Previously, spring.groovy.template.configuration.* was mapped onto both
GroovyTemplateProperties.configuration and GroovyMarkupConfigurer. The
former being a Map and the latter being specific type with getters and
setters. This clash caused problems with the IDE support.
GroovyTemplateProperties.configuration appeared to be dead code so it
was removed in 326bdf2. Unfortunately this broke the use of
spring.groovy.template.configuration.* properties as
GroovyTemplateProperties uses a prefix of spring.groovy.template and it
no longer had a configuration property.
This commit addresses the problem by updating GroovyTemplateProperties
to ignore unknown fields. This allows
spring.groovy.template.configuration.* properties to be used and bound
to GroovyMarkupConfigurer without reintroducing the clash which prompted
the initial change.
Closes gh-3198
The JMS MessageListenerContainer supports the PlatformTransactionManager
abstraction with either a `JmsTransactionManager` for local transactions
or `JtaTransactionManager` for distributed transactions. The former is
kind of deprecated (`setTransacted` should be used instead). In any case,
any other `PlatformTransactionManager` implementation is not supported.
Update JmsAnnotationDrivenConfiguration to only associated a JTA
transaction manager, if any.
Closes gh-3150
hibernate.ejb.naming_strategy_delegator and hibernate.ejb.naming_strategy
cannot be used at the same time but Boot sets the latter automatically.
We now only set the naming strategy if no delegator has been specified
via configuration
Closes gh-3149
Only affects the default AuthenticationManagerBuilder (so when users
are not overriding the default global user details). Makes the
UserDetailsService effectively available as it would be if we used
AuthenticationManagerBuilder.inMemoryAuthentication() as a
shared object in the HttpSecurity.
Fixes gh-3152
Add an explicit link to the `RedisAutoConfiguration` to make sure it is
applied before the cache counter-part. Request the general
`redisTemplate` so that non String-values can be handled by default as
well.
See gh-2633
Remove `spring.cache.config` as it is too generic and does not express
enough what is configured. This property is replaced by cache library
specific properties, that is `spring.cache.ehcache.config`,
`spring.cache.hazelcast.config`, `spring.cache.infinispan.config` and
`spring.cache.jcache.config`.
See gh-2633
Allow SSL to be configured via standard configuration as well as the
requestedHeartbeat. Switch to RabbitConnectionFactoryBean.
Closes gh-2655, gh-2676
User can enable OAuth2 SSO by declaring the intent (@EnableOAuth2Sso)
and also configuring the client properties (spring.oauth2.client.*).
The spring.oauth2.sso.* are only needed to change the path for the
login (defaults to /login) - any other security configuration for the
protected resources can be added in a WebSecurityConfigurerAdapter
which carries the @EnableOAuth2Sso annotation.
* Automatically spin up Authorization Server and Resource Server
* Automatically configures method level security included OAuth2Expression handler
* Wrote extensive unit tests verifying default behavior as well as the auto-configuration backing off when custom Authorization/Resource servers are included
* Created org.springframework.boot.security.oauth2 subpackage to contain it
* Can also disable either resource of authorization server completely with a single property for each
* Print out the auto-generated secrets and other settings
* Added spring-boot-sample-secure-oauth2 to provide a sample that can be run and poked with curl as well as some automated tests.
* Make users ask for which servers to install by adding @Enable*
* User has to @EnableGlobalMethodSecurity instead of using properties files
Add Spring Security OAuth2 support to Spring Boot CLI
* Triggered from either @EnableAuthorizationServer or @EnableResourceServer
* Needs to have @EnableGlobalMethodSecurity to allow picking the annotation model.
* By default, comes with import support for @PreAuthorize, @PreFilter, @PostAuthorize, and @PostFilter via a single start import
* Also need import support for the enable annotations mentioned above.
* Added extra test case and sample (oauth2.groovy)
- Apply project’s code formatting and conventions
- Don’t use the IO and worker thread configuration when creating the
worker for the AccessLogReceiver. The IO and worker thread
configuration is for HTTP request processing and a worker in its
default configuration should be sufficient for the access log
receiver.
- Don’t use a temporary directory as the default for the access log
directory. A temporary directory makes (some) sense for Tomcat as it
requires a directory for its basedir. Undertow has no such
requirement and using a temporary directory makes it hard to locate
the logs. The default has been updated to a directory named logs,
created in the current working directory.
- Document the new properties in the application properties appendix
Closes gh-3014
This commit adds support for configuring Undertow's access log via the
environment using the following properties:
server.undertow.access-log-enabled
server.undertow.access-log-pattern
server.undertow.access-log-dir
See gh-3014
Stephane Nicoll
Brian Clozel
Phillip Webb
cohee016
Andreas Ahlenstorf
Andy Wilkinson
Artur Konczak
Eddú Meléndez
izeye
Kamil Szymanski
dgomesbr
Sebastien Deleuze
Dave Syer
Spring Buildmaster
Greg Turnquist
Marcos Barbero