Registers required components in application context if not available to
set up environment for usage with Spring Data Solr. Will listen on
SolrServer and SolrRepositories for configuration.
By default an HttpSolrServer is registered unless a zkHost (zookeeper
host) is defined. In that case an instance of CloudSolrServer will be
created.
By default multicore support is enabled, creating instances of
SolrServer for each core defined via @SolrDocument.
With this commit the state of a component or subsystem becomes a first-class citizen in Boot's application health support. HealthIndicators now return a Health instance with status and some contextual details.
An aggregation strategy has been introduced to aggregate several Health instances into one final application Health instance. Out of the box OrderedHealthAggregator can be configured to allow different ordering or a custom HealthAggregator bean can be registered.
Since Flyway has bean properties (with getters and setters)
it can be used to bin directly to the Environment (instead of
copying all the properties into FlywayProperties).
Fixes gh-806
A callback is added in autoconfig, so that if users inject the EntityManagerFactoryBuilder
into their app and use it to create multiple EntityManagerFactories, they all get the
same deferred DDL behaviour. The deferred DDL can also be disabled by setting
spring.jpa.hibernate.deferDdl=true.
Fixes gh-894
We now have a much simpler DataSourceAutoConfiguration that binds to whatever
DataSource concrete type it finds at runtime. To be able to quickly switch between
Hikari and the other types of DataSource there's a minute shim for translating
the common properties (username, password, url, driverClassName), but actually
only url is different. The shim and also DataSource initialization is supported
through DataSourceProperties, but the other native properties get bound directly
through the concrete runtime type of the DataSource.
The /configprops endpoint works (and is exposed in the actuator sample).
Fixes gh-840, fixes gh-477, see also gh-808.
For the convenience of users who want to selectively override the
access rules in an application without taking complete control of the
security configuration we now have some constants:
* SecurityProperties.ACCESS_OVERRIDE_ORDER for overriding just the
application endpoint access rules
* ManagementServerProperties.ACCESS_OVERRIDE_ORDER for overriding the
application endpoint and management endpoint access rules
Fixes gh-803
In addition to the upgrade to Dijkstra (#743) Spring HATEOAS has been
upgraded to 0.11.0 (#801) and Mongo's Java driver has been upgraded to
2.12.1 (#689). In both cases this is the same version as is used by
Dijkstra RC1.
The new version of Mongo's Java driver changes the exception that's
thrown when Mongo isn't running and a connection attempt fails. The
Mongo sample has been updated accordingly.
RepositoryRestMvcAutoConfiguration has been updated to be configured
before JpaRepositoriesAutoConfiguration. This ensures that the
former's transitive import of SpringDataJacksonConfiguration takes
precedence over the latter's import of the same. This is necessary as
RepositoryRestMvcConfiguration requires a bean that's declared by
SpringDataJacksonConfiguration and, if JpaRepositoriesAutoConfiguration
is processed first, its conditions may cause the import
SpringDataJacksonConfiguration to be skipped causing instantiation
of RepositoryRestMvcConfiguration to fail.
Closes#689Closes#743
If Liquibase is on the classpath it will fire up on startup. Various
config options are available (as well as the option to disable it).
Liquibase uses a YAML format for changes (in classpath:db/changelog).
This commit replaces the "index" property of Review to use a custom
column name ("idx") as index is a reserved keyword in some RDMS such
as Oracle and MySQL.
Fixes gh-752
This commit adds auto-configuration and a starter,
spring-boot-starter-freemarker, for using FreeMarker view templates in
a web application.
A new abstraction, TemplateAvailabilityProvider, has been introduced.
This decouples ErrorMvcAutoConfiguration from the various view
technologies that Spring Boot now supports, allowing it to determine
when a custom error template is provided without knowing the details of
each view technology.
Closes#679
Since Spring supports gobal error handling through
@ControllerAdvice, it is quite easy to set up more meta-data
about an exception for the BasicErrorController. You need
to be careful not to swallow Security exceptions, and probably
others (optionally) so this feature needs a bit more work.
See gh-538
This fixes a bug in the sample, where the AuthenticationManager it builds
is a local one for the filter chain containing "/login", whereas it was
expecting to override the Boot default, which is "global". The fix is
to extract the authentication configuration out into a
GlobalAuthenticationConfigurerAdapter.
Fixes gh-699
User can now set up default properties in the Environment using
@IntegrationTest("foo:bar", "x:y") etc. Using "server.port:0" you
can get Tomcat or Jetty to spin up on a random port. We also add
a test listener that populates "local.server.port" with the actual
port the server started on so you can @Value("${local.server.port}")
inject it into the test case.
See gh-607 (this should make the extension of that PR to samples
much easier)
Apparently springloaded 1.1.5 was released to Maven Central with a
different groupId than to repo.spring.io. It would have worked in
milestones because the repository was declared.
See gh-648
Spring Security doesn't know that Spring MVC maps /foo, /foo.json
and /foo/ all to the same handler. This change explicitly adds
suffixes to the actuator endpoint matchers so they are properly
protected.
Rename the RestTemplates to TestRestTemplate to help indicate that it's
primarily intended for testing. Also now extend RestTemplate to allow
direct use, rather than via factory methods.
Fixes gh-599
If the user explicitly disables the basic security features and forgets to
@EnableWebSecurity, and yet still wants a bean of type
WebSecurityConfigurerAdapter, he is trying to use a custom
security setup and the app would fail in a confusing way without
this change.
Fixes gh-568
If the user sets security.basic.enabled=false he has to remember
to @EnableWebSecurity. Possibly we could be more helpful about the
exception, but I think this might be pilot error.
Fixes gh-568
Remove README files that have been since been migrated to the reference
documentation. Also updated remaining markdown files to asciidoctor to
save having a mix of different formats.
Fixed gh-503
Makes them a lot more readable IMO, and also enables @Autowiring
from the context into the test case (sweeet). I added @DirtiesContext
to all of them as well to be on the safe side, but possbly that can be
optimized in some way as well.
The management.contextPath property should now be respected in a
secure application, whether or not the management.port is different.
Added some test cases in the sample to verify.
Fixes gh-469
Use org.springframework.boot instead of ${project.groupId}
groupId in order to make it easier to use spring-boot-samples
modules as a starting point for new projects.
Some assumptions were being made in tests, e.g. about
there being an AuthenticationManager @Bean, which were
false with the new Security 3.2.1 updates from Rob.
Also parent-child contexts with the actuator were
problematic because they didn't exclude the web configuration
for the management security in the parent context.
Fixes gh-244
Requires Loaded 1.1.5 (or better).
For Maven you can just add springloaded to the dependencies of the
spring-boot plugin (and also set MAVEN_OPTS=-noverify).
For Gradle add springloaded to the build dependencies (-noverify
can be added by the plugin).
In both cases there is also support for adding an arbitrary java agent
via configuration. Samples are provided in
spring-boot-sample-[simple,web-ui].
The ApplicationPlugin is only added if there is no JavaExec task
already present, and additionally it computes its own man class if
none is provided. So "gradle run" and "gradle bootRun" look
superficially similar, but "bootRun" has extra options, including
the agent and Loaded support.
Fixes gh-251, gh-183
Detect when an application is running in development (by the presence
of a build file) and automatically add a 'development' profile.
Additional detectors can be developed by implementing the
`ProfileDetector` interface and registering with the `SpringApplication`
Fixes gh-296
Spring Boot provides a default AuthenticatiomManager for getting
started quickly with security and never exposing insecure
endpoints. To override that feature as users move to the next
stage in their project, they may have to do something slightly
different depending on whether it is a webapp or not.
In any app (web or not), providing a @Bean of type
AuthenticationManager always works, but you don't get the benefit of
the builder features.
In a webapp the user can also extend WebSecurityConfigurerAdapter
to provides a custom AuthenticationManager, and the preferred
way of doing that is via a void method that is autowired with an
AuthenticationManagerBuilder. The default AuthenticationManager is
built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so
to override it the user's confugrer must have higher precedence
(lower @Order).
@EnableGlobalMethodSecurity can also be used in a non-webapp, and
Spring Boot will still provide a default AuthenticationManager.
To override it the user has to either extend
GlobalMethodSecurityConfiguration or provide a @Bean of type
AuthenticationManager (there's no other way to
capture the AuthenticationManagerBuilder that doesn't happen too late
in the beans lifecyle).
Fixes gh-244
Add a new `SpringNamingStrategy` hibernate `NamingStrategy` that
extends `ImprovedNamingStrategy` to improve the name of foreign
key columns.
Fixes gh-213
Usage:
$ gradle bootRun
...
Edit files in src/main/resources and see the changes live in a web app
(e.g. static resources in /static).
The old functionality of bootRun has been replaced (since it didn't add
a lot of value and also didn't expose any JMV argument setters of anything).
This new feature set is backed by any existing "run" task configuration.
In addition autodetects a main class if there is one in the project
sources, so no need for mainClassName = '...' in build.gradle.
Applies the 'application' plugin (so no need to declare that either).
Fixes gh-225
Update SpringApplication to run by default in 'headless' mode. This
prevents the AWT system from creating a Java icon (for example in the
OSX dock).
Also update builds to run tests in 'headless' mode.
