This commit replaces the use of ConfigurationProperties in
ValidationAutoConfiguration by an explicit environment check, as it
was already the case for the spring.aop.proxy-target-class property.
Closes gh-45618
Update `IgnoredCloudFoundryPathsWebSecurityConfiguration` to use a
`SecurityFilterChain` and `permit...` methods rather than
`ignoring()` which is no longer recommended.
Fixes gh-32622
Previously, OAuth2 client auto-configuration was managed by a single
class:
- OAuth2ClientAutoConfiguration for servlet apps
- ReactiveOAuth2ClientAutoConfiguration for reactive apps
OAuth2ClientAutoConfiguration being for servlet apps meant that
a blocking OAuth2 client was not availabile in a non-web application.
The auto-configuration classes did two things:
- Auto-configured beans that are specific to server-side web security
that uses an OAuth2 client
- Auto-configured OAuth2 client beans that may be used client- or
server-side
Combining these two things into a single auto-configuration class
meant that you could not choose to use one or the other. For example,
you may want to make use of an OAuth2 client in a web application
without also using OAuth2 client-based web security.
This commit restructures the auto-configuration to address these
problems. There are now two auto-configurations for non-reactive apps:
- OAuth2ClientAutoConfiguration
- OAuth2ClientWebSecurityAutoConfiguration
and two auto-configurations for reactive apps:
- ReactiveOAuth2ClientAutoConfiguration
- ReactiveOAuth2ClientWebSecurityAutoConfiguration
This separation allows one to be used without the other. Furthermore,
the conditions have been updated so that, for example, the blocking
OAuth2 client is available in a non-web application.
Closes gh-40997
Closes gh-44906
Co-authored-by: Moritz Halbritter <moritz.halbritter@broadcom.com>
This commit updates the conditions in Neo4jReactiveDataAutoConfiguration
so that it gracefully backs off if certain beans are not present, rather
than assuming its sibling Neo4jDataAutoConfiguration has run.
Closes gh-44930
Prior to this commit, certain rules, like BeanPostProcessor,
did not work with external classes. This commit ensures that
ArchRules are executed within a context ClassLoader that includes
all classes from the compile classpath.
See gh-45202
Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
This commit updates jOOQ's DefaultExceptionTranslatorExecuteListener to
fallback on Spring Framework's default if no dbName is available.
See gh-44954
Signed-off-by: Dennis Melzer <dennis.melzer@de.bosch.com>
Refine `RestClientAutoConfiguration` conditional so that it
applies in reactive web applications if virtual threads are
active and a task executor is configured.
See gh-44952
Signed-off-by: Dmitry Sulman <dmitry.sulman@gmail.com>
Prior to this commit, RestClientSsl always used the
default settings from ClientHttpRequestFactorySettings, overriding any
user-defined settings (e.g., HttpClientProperties).
With this commit, RestClientSsl now respects and uses
ClientHttpRequestFactorySettings when they are provided.
See gh-44979
Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
Update auto-configured `IntegrationMBeanExporter` to be created from
a static method since it's a post-processor. Relevant injection now
occurs by overriding the `afterSingletonsInstantiated()` method.
Closes gh-45186
Prior to this change, introspection of the auto-configuration could
fail due to insufficient protection against missing classes.
This commit introduces an extra class-level check for Nimbus's
JWKSource which ensures that the auto-configuration backs off if
nimbus-jose-jwt has been excluded. It also introduces an inner-class
for the case where spring-security-oauth2-jose is not on the
classpath. This ensures that the method defining the jwtDecoder bean
does not cause an introspection failure when JwtDecoder is missing.
Closes gh-45177
If there's no bean named bootstrapExecutor but there's a bean named
applicationTaskExecutor, we create an alias named 'bootstrapExecutor'
for the 'applicationTaskExecutor' bean.
Closes gh-39791
Refine the submitted pull-request to remove the configuration
property with the assumption that the context classloader will
work for all cases.
See gh-45014
Update `ConnectionDetailsFactories` so that the context classloader
can be used to load factories.
See gh-45014
Signed-off-by: lengors <24527258+lengors@users.noreply.github.com>
Tran Ngoc Nhan
Stéphane Nicoll
Johnny Lim
Phillip Webb
Yanming Zhou
Andy Wilkinson
Moritz Halbritter
Dmytro Nosan
Dennis Melzer
Dmitry Sulman
lengors
DimaVilda