Previously, when Tomcat was configured to use relative redirects
and the ForwardedHeaderFilter is in use, the filter would ignore
the use of the relative redirects.
This commit corrects this misalignment by applying Tomcat's use
relative redirects setting to the filter, but only when Tomcat is
being used as the servlet container.
See gh-29333
We've seen some problems, particularly on CI, where Embedded Mongo
hangs while trying to start the Mongo process. To limit the problem,
this commit replaces the use of Embedded Mongo with Testcontainers
where we can, leaving Embedded Mongo in use only where we're
specifically testing our Embedded Mongo support.
Closes gh-28843
This commit maps the `server.servlet.session.cookie.same-site`
configuration property to the `DefaultCookieSerializer` bean configured
in the Spring Session auto-configuration.
See gh-28784
Update `ErrorPageSecurityFilterConfiguration` to guard against the case
where `spring-security-core` is on the classpath but
`spring-security-web` is not.
Fixes gh-28774
This commits exposes the RestClientBuilder as a bean even when the
RestHighLevelClient is not available. It allows users to create their
own RestClient beans using the Spring Boot configured RestClientBuilder
when they are not using the RestHighLevelClient.
Fixes gh-28655
Bean post-processors only apply to the context in which they're
registered. ValidationAutoConfiguration will only auto-configure the
MethodValidationPostProcessor if the post-processor is missing from
the current context and any of its ancestors. If an ancestor context
contains the post-processor it will not be auto-configured and the
descendant context will not have method validation configured.
This commit updates the auto-configuration to limit the search for
an existing MethodValidationPostProcessor bean to the current
context.
Fixes gh-27890
Guirong Hu
Stephane Nicoll
Mihail Cornescu
Yanming Zhou
Phillip Webb
Andy Wilkinson
izeye
Vedran Pavic
Željko Tomić
Madhura Bhave
Filip Hrisafov
Josh Cummings
Leo Li