Closes gh-3601

Closes gh-3583

Previously, a customer was set regardless of the fact that it is
supported on the target bean. DataBinder has an actual assertion check
that would fail in such a case.

We now associate the custom validator only if it supports the target
bean.

Fixes gh-3581

Previously getLoggerConfig(loggerName) was used to retrieve the
LoggerConfig object on which the level was to be set. As described in the
method’s javadoc it will “remove tokens from the package name as
necessary or return the root LoggerConfig if no other matches were found”.
This is problematic as, if there’s no configuration for the logger whose
level is being configured, the level will be applied to a logger from an
outer package or to the root logger.

This commit updates Log4J2LoggingSystem to use the configuration’s map of
LoggerConfigs, rather than calling getLoggerConfig. In the event of the
level being set on an unconfigured logger, this will produce a null
LoggerConfig. When a null LoggerConfig is encountered, a new one is
created with the appropriate level. If the config already exists, its
level is set as it was before.

The code that was accessing the root logger using a magic null value
(which was then coerced into the root logger’s name (an empty string))
has also been updated to make it clearer that they are purposefully
dealing with the root logger.

Closes gh-3550

Typically, a Spring Boot maintenance release would not move to a new
minor version of a dependency. However there is a security
vulnerability in Groovy [1] and 2.4.4 is the only release which
contains a fix for it.

The commit upgrades to 2.4.4, thereby ensuring that users of Groovy
are not vulnerable by default. Users of Groovy whose applications are
not affected by the vulnerability may choose to downgrade back to
2.3.11 by overriding Spring Boot's dependency management.

Closes gh-3540

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253

Various areas of the code expect the management's context path to not
contain any trailing slash but nothing is enforcing it. We now make sure
to remove any trailing slash, including the one for '/' and make that
explicit via the Javadoc of the getter.

Fixes gh-3553

Closes gh-3546, closes gh-3547

Never inject a transaction manager (user can create his own
"rabbitListenerContainerFactory" bean if he wants an actual
non-JTA transaction manager.

See gh-3432

If set *and* there is a transaction manager in the context, then the
listener container created by Spring Boot will use the transaction
manager to execute the listeners.

Fixes gh-3432 (by virtue of not requiring a JtaTransactionManager any
more).

When Spring Security sends 302 responses to a login page we don't get
any information about the request matching in Spring MVC. Consequently
apps can end up with a lot of counter.status.302.* metrics (where
"*" can be whatever the user sent).

This change treats 3xx the same as 4xx (if it is unmapped it just gets
added to a metric called "unmapped" instead of using the actual request
path).

Fixes gh-2563

Closes gh-3417

Closes gh-3466

When writing a jar, once an entry has been written it will never be
overwritten, i.e. the first write of a given entry will win. Previously,
when repackaging a jar, the existing contents were written followed by
any libraries. This caused a problem when repackaged a WAR file and
a library needed to be unpacked as the existing entry in WEB-INF/lib
would prevent the library with the UNPACK comment from being written.
This was addressed in f761916b by inverting the order so libraries
would take precedence over entries in the source jar.

It’s now become apparent that this change in the order causes a problem
for users who are obfuscating their code. The obfuscated code exists in
the source jar but is also provided to the repackager in its original
form as a library. When libraries take precedence, this means that the
code in its original form ends up in the repackaged war and the
obfuscation is lost.

This commit updates the repackager to write libraries that require
unpacking first. This allows the UNPACK comment to be written even if
there’s also a source entry for the library. Next, source entries are
written. This allows obfuscated source entries to take precedence over
any unobfuscated library equivalents. Lastly, standard libraries that
do not require unpacking are written into the repackaged archive.

Closes gh-3444

Ensure that FlywayAutoConfiguration and LiquibaseAutoConfiguration occur
after HibernateJpaAutoConfiguration so that the DependsOnPostProcessor
condition can correctly check for a LocalContainerEntityManagerFactory
bean.

Fixes gh-3437

Clarify how the default JMS listener container factory is created if none
exists with regards to transactions.

Issue: SPR-3407

The order of property values is only preserved if we check carefully
that each property is actually present in the source being inspected.

Fixes gh-3385

Update RelaxedDataBinder to so that property ordering is respected even
if relaxed names are used. Prior to this commit a System property named
`FOO_BAR` would never get bound to a `fooBar` field if `foo-bar` was
defined in application.properties.

Fixes gh-3385

Update MetricWriterMessageHandler to deal with 'reset' messages and to
log unsupported payload types.

Fixes gh-3378

Fixes gh-3384

See gh-3392

If a JtaTransactionManager is present, it is associated with the
auto-created JmsListenerContainerFactory. However, if no such transaction
manager is present, local transaction support is not enabled.

This gives a default situation where the message is acknowledged even
before the listener is invoked. We now make sure to turn on local JMS
transactions if no JtaTransactionManager is present.

Fixes gh-3393

Closes gh-3382

Closes gh-3381
Closes gh-3383

Closes gh-3380

Closes gh-3379

Previously, JacksonHttpMessageConvertersConfiguration would configure a
general-purpose MappingJackson2HttpMessageConverter only if there was
no existing MappingJackson2HttpMessageConverter in the application
context. This was problematic when a
TypeConstrainedMappingJackson2HttpMessageConverter bean was present.
Such a bean is only capable of performing conversion for a specific
type, and therefore is no substitute for a general purpose converter,
yet its presence was causing the auto-configuration of a general
purpose converters to be turned off. This would leave Spring MVC’s
default converter being used for application/json requests which would
not honour the user’s Jackson configuration.

This commit enhances @ConditionalOnMissingBean so that the annotation
can be used to specify one or more types that should be ignored when
searching for beans. This allows the
TypeConstrainedMappingJackson2HttpMessageConverter beans that are
published by Spring Data REST to be ignored such that the
general-purpose MappingJackson2HttpMessageConverter is still
auto-configured.

Fixes gh-2914

Closes gh-3369

Closes gh-3375

Update MustacheViewResolver so that buildView() is called to create
the MustacheView. This sets fields such as `contentType` and allows us
to remove explicit setApplicationContext() and setServletContext()
calls.

Fixes gh-3265

Fixes gh-3276

Fixes gh-3356

GzipFilterProperties uses HttpMethod so GzipFilterAutoConfiguration,
which uses GzipFilterProperties, needs to be conditional on HttpMethod
being on the classpath.

Closes gh-3362

* pr/3324:
  Fixup sample Ant build

Fixes gh-3324