Update LogbackLoggingSystem to programmatically configure logback
defaults rather than parsing XML. This change shaves about 100ms off
the start up time.
Fixes gh-1796
GroovyWebConfiguration creates a GroovyTemplateViewResolver which is
a UrlBasedViewResolver sub-class. UrlBasedViewResolver is provided
by spring-webmvc. Previously, if a user configured a web application
but did not have spring-webmvc on the classpath, the application
would fail to start with a NoClassDefFoundError for
UrlBasedViewResolver.
This commit makes GroovyWebConfiguration conditional on
UrlBasedViewResolver being on the classpath so that it backs of in
the absence of spring-webmvc.
Fixes gh-1793
Previously, Spring Security's filter had no configured order. Due to
the use of AnnotationAwareOrderComparater this meant that its order
defaulted to LOWEST_PRECEDENCE. This meant that a user had to declare
a FilterRegistrationBean for the filter and explicitly set its order
if they want another filter to run after Spring Security's.
This commit updates the security auto-configuration to assign a
default order of zero to Spring Security's filter, allowing filters
to be easily configured to run before it or after it. This default
value can overridden using the server.filter-order property. The
default order is also exposed as a constant on SecurityProperties,
allowing it to be referenced from other filter declarations.
Closes gh-1640
Prior to this commit LoggingSystem initialization would happen multiple
times. Once to configure "quiet" logging, and again to configure correct
settings once the Application was initialized. This could cause problems
if `logging.groovy` logback files were used.
The logging system is now only initialized once (when possible) by
following these steps:
- Standard logging initialization occurs via the actual logging
implementation used (e.g. logback will load a logback.xml file if it
exists)
- beforeInitization() is called to prevent early log output.
Implementations now either use a Filter or simply set the root logging
level.
- initialize() is called with an optional log configuration file (e.g
a custom logback.xml location) and an optional log output file (the
default is null indicating console only output).
The initialize() method will attempt to prevent double initialization
by checking if a standard configuration file exists. Double
initialization now only occurs in the following situations:
- The user has a standard configuration file (e.g. classpath:logback.xml)
but also specifies a logging.config property. Double initialization is
required since the specified configuration file supersedes the default.
- The user has a standard configuration file (e.g. classpath:logback.xml)
and specifies a logging.file property. Double initialization is
required since the standard configuration may use a ${LOG_FILE}
reference.
In addition this commit removes the `logging.console` option and now
assumes that logging either occurs only to console or to both the
console and a file. This restriction helps simplify the LoggingSystem
implementations. If file only logging is required a custom logback.xml
can be used.
Fixes gh-1091
See gh-1612, gh-1770
Spring IO Platform already provides dependency management for JavaMail.
This commit updates Boot’s new JavaMail dependency management to align
with the Platform, thereby allowing the Platform to inherit Boot’s
dependency management instead of defining its own.
This commit adds a new starter to auto-configure a MailSender when the
necessary classes are present and when the property "spring.mail.host" is
set.
The auto-configuration also accepts any arbitrary properties that
JavaMail might need using the "spring.mail.properties" prefix.
Fixes gh-1760
There actually isn't anything much we can (or should) change here. Spring always
copies PropertySources and profiles down into the child context when you set its parent.
That seems sensible. So you can add a new profile in a child context but it will always
"inherit" from its parent.
See gh-1776
The CI build is failing, but, for some reason, the same tests are
working fine on developer machines. This commit increases the level
at which the logging calls are being made to severe in the hope that
some CI-specific configuration is filtering out the calls when
they're at info level.
Then we can optionally find a non-anonymous principal if there
is one. If the user is anonymous then the health result is cached
up to endpoints.health.ttl (default 1000ms) to prevent a DOS attack.
Fixes gh-1353
Phillip Webb
Andy Wilkinson
Stephane Nicoll
Dave Syer
Sebastien Deleuze
Christian Dupuis
David Liu
Nathan Voxland