Update AutoConfigurationPackages to log warnings on the first access,
rather than during setup. This works around the fact that the CLI
currently add multiple @EnableAutoConfiguration annotations.
Fixes gh-579
This commit updates the CLI so that it will decrypt any encrypted
passwords in a user's Maven settings.xml file.
The code that performs the decrytion has a transitive dependency on
three types in Plexus' logging API. There are tens of different
artifacts containing this API available in Maven Central. Rather than
bloating the API with a dependency on a complete Plexus container,
which could perhaps be considered the primary source, a dependency on
a considerably smaller artifact has been introduced.
Closes#574
Removed this link "The websocket sample shows you how to do that in Maven." since the example no longer has properties that show how this is done. Dave Syer edited the section in a previous issue by adding the example to the POM ( https://github.com/spring-projects/spring-boot/issues/430 ) but it appears that the bad link was not removed.
The management security autoconfiguration wanted to come last in the chain
but that won't suit the fallback that was already in place for gh-568. This
change re-orders the autoconfig so that @EnableWebSecurity is still added
if the user sets security.basic.enabled=false and includes the actuator
endpoints.
Fixes gh-568
If the user explicitly disables the basic security features and forgets to
@EnableWebSecurity, and yet still wants a bean of type
WebSecurityConfigurerAdapter, he is trying to use a custom
security setup and the app would fail in a confusing way without
this change.
Fixes gh-568
If the user adds a JAR file to the classpath in "spring jar -cp ..."
he expected it to end up in the classpath of the executable jar
(i.e. in the nested lib/ directory). Before this change it would
have gone in the root of the executable JAR, causing errors at runtime.
The fix is slightly awkward, since it assumes that any JAR in the
"roots" of the ResourceMatcher come from the classpath (which *is*
the case currently, but might not always be at least in principle).
Seems like a reasonable compromise given it's a quick change
and some tests have been included.
Fixes gh-565
If the user sets security.basic.enabled=false he has to remember
to @EnableWebSecurity. Possibly we could be more helpful about the
exception, but I think this might be pilot error.
Fixes gh-568
Introduce an extra `server.tomcat.uri-encoding` property used to
configure the URI encoding for the embedded tomcat container.
Defaults to `UTF-8` instead of the usual tomcat default of `ISO-8859-1`.
Fixes gh-540
Update the spring-boot-loader JarURLConnection class to decode entry
names in the same way as the stock JDK class. This allows encoded
entry names in the form `%c3%ab` to be loaded.
Fixes gh-556
- Add link to Spring Security's Global Method Security Java Configuration
- Fix link to SecurityProperties
- Add link to SECURITY Common application properties
- Remove unnecessary @Order from SecurityConfiguration
- Change method signature for @Autowired AuthenticationManagerBuilder to
compile / match Spring docs
When the child is listening for parent closed events
the parent has a reference to the listener which contains the chils.
Thust there is a cycle of references and a GC probalem waiting to
happen.
This change breaks the cycle by making the reference to the
child a WeakReference.
Fixes gh-559
If the user provides a JobExplorer and a BatchConfigurer that
don't require a DataSource we can back off on configuring ours
(and anything else that needs a DataSource).
Fixes gh-561
If user sets a ResourceLoader on the SpringApplication, he might
reasonably expect that it would be used to read the config files.
This change ensures that it is (instead of just using the
DefaultResourceLoader).
We can't support (yet) embedded containers inside a deployed war (class
loader conflicts are inevitable, really). Until we figure out a way to
do it, we should just log a warning and advise the user to switch to
JMX for the actuator endpoints.
See gh-552
ErrorPageFilter is itself an EmbeddedServletContainerFactory
but it runs in a non-embedded container. Any component that assumes
the presence of an EmbeddedServletContainerFactory implies we are
running embedded is therefore invalid. WebSocketAutoConfiguration
had that problem.
Fixes gh-551
The bean ID for the ContentNegotiatingViewResolver is now
"viewResolver" (it is the *one*). The conditions have been changed
so that a user only has to define a bean of the same name to switch
it off.
Fixes gh-546
Before this change the PropertySources loaded from external config
files were just added to the list for resolution in the order that
they were loaded. That worked for simple cases, but when there are
profiles active, and files themselves can activate profiles, it led
to users not being able to change default settings easily (either
on command line or in files, mostly in files).
The solution proposed here is to group PropertySources by profile
and resolve them in order of profile first, and then in order of
the files being loaded.
There are additional shenanigans because the order of the files
being loaded also has to be carefully defined. The rule for users
is that in a list of files to load (e.g. if set via
spring.config.location), the last one wins (natural if you think of
it as a merge of multiple maps). In addition, anything specified
by a user takes precedence over the defaults (which was broken in
some scenarios before).
Additionally, fixes profile ordering in @ConfigurationProperties(path=...)
Fixes gh-483
