There were some residual issues to do with the changes to the implementation
of security.basic.enabled=false. It was a good idea to have a filetr chain
triggered by the flag being off because it smooths the way for user-defined
filter chains to use the Boot AuthenticationManager (as a first step at least),
but it wasn't a goog idea to add any actual secuity features to that filter.
E.g. if it has HSTS then even an app like Sagan that has some secure endpoints
that it manages itself and the rest is unsecured has issues because it can't
accept connections over HTTP even on unsecure endpoints.

TODO: find a way for security.ssl_enabled=true to apply to only the user-
defined security filter (maybe not possible or worth the effort, since they
can inject a SecurityProperties if they need it?).

See gh-928

This commit changes the default behavior of the HornetQ auto
configuration. Prior to this commit, an embedded broker was only
started when it was requested explicitly by a configuration option.

This is inconsistent with the ActiveMQ support and boot favors the
easiest route. If the necessary classes are available, HornetQ is
embedded in the application by default.

Fixes gh-1029

HypermediaAutoConfiguration didn't consider an @EnableHypermediaSupport 
annotation being present in the user configuration which could've caused 
it to be evaluated twice.

This is especially the case if both the auto-configuration for Spring 
HATEOAS and Spring Data REST kick in as Spring Data REST actively declares
@EnableHypermediaSupport. The double evaluation then causes injection
ambiguities as we now get multiple beans of e.g. LinkDiscoverers deployed.

Due to the lack of dependency management in Gradle a number of the
starters were pulling in old versions of spring-tx (and in some cases
spring-context-support as well) as the only dependency was a
transitive one that pulled in an older version.

This commit adds explicit dependencies on spring-context-support and
spring-tx where appropriate. These dependencies will specify Boot's
preferred version of Spring causing Gradle to do the right thing as it
prefers the latest version of a dependency when there is more than one
to choose from.

Fixes #1028

The list continuation character '+' can be used to prevent a blank
line from ending a list, thereby allowing code blocks to be included
in a list. See "Complex content in outline lists" [1] for more
details.

[1] http://asciidoctor.org/docs/asciidoc-syntax-quick-reference/#lists

Fixes #1025

Gradle hasn’t different exclusion semantics to Maven. In Maven you can
exclude spring-core’s commons-logging dependency once and it’ll be
honoured even if you have multiple transitive routes to commons-logging
via spring-core. In Gradle you have to exclude commons-logging from
everything that has a transitive spring-core dependency. To make matters
worse this doesn’t only apply to dependencies and exclusions declared in
build.gradle but also to dependencies and exclusions declared in the pom
files of the artifacts that a Gradle build depends upon.

In short, to make our starters work as intended with Gradle, this commit
adds many, many exclusions for commons-logging. It also removes
commons-logging exclusions from spring-boot-dependencies’
<dependencyManagement> as they have no effect with Gradle and their
presence can cause us to miss required exclusions in a starter

Fixes #987

This commit documents Boot's JMS support, in particular how Boot
can auto-configure the ConnectionFactory for ActiveMQ and
HornetQ.

Fixes gh-1026

Not having READMEs in github is a mistake IMO, so here's one
restored and with a link to the docs. Docs also updated to
more accurately reflect the location of the actuator features
in implementation.

See https://github.com/spring-guides/gs-actuator-service/pull/7
for the Getting started guide change

Fixes gh-1014

Closes #998

Schema initialization now happens in @PostConstruct (effectively)
whether it is via the Hibernate EntityManagerFactory or the
Boot DataSourceInitialization (in addition or instead). The data.sql
script if it exists is still executed on an event fired from the
other places, so those tests are passing.

Flyway and liquibase have bean factory post processors (like
the one they use to order the audit aspect in Spring Data) that
enforce a dependency on those components from the EntityManagerFactory.
So Hibernate validation is still happy (and there are 2 tests to
prove it now as well).

Fixes gh-1022

ElasticSearchAutoConfiguration depends on two Spring Data Elasticsearch
classes (TransportClientFactoryBean and NodeClientFactoryBean), however
it’s only conditional on Elasticsearch itself being on the classpath.
This lead to start up failures due to a ClassNotFoundException. Its
@ConditionalOnClass configuration has been updated so that the
auto-configuration will only be enabled if both Elasticsearch and Spring
Data Elasticsearch are on the classpath.

The dependencies on TransportClientFactoryBean and NodeClientFactoryBean
were ‘hidden’ in ElasticsearchProperties. The logic that uses these
types has been moved into ElasticSearchAutoConfiguration so that the
usage of the types and the related @ConditionalOnClass configuration
is in the same file.

Fixes #1023

Despite Javassist 3.18.2-GA being available, it has not be upgraded.
This is to keep it in sync with Hibernate.

In the absence of a @GrabMetadata annotation,
DependencyResolutionContext provided no dependency management. This
was leading to incorrect dependency versions being pulled in. This
commit intializes the context with default dependency management that
will be replaced should @GrabMetadata be encountered.

Fixes #1021

Irritatingly a ResourceBundleMessageSource never gives up trying to
create a resource bundle for every message resolution, so to stop
it logging all those warnings (and probably sucking performance-wise)
we need to disable the MessageSource if a bundle is not provided.

Fixes gh-1019

Fixes gh-668 (if the asciicdoc compiles)

fixes #1018

The maven plugin now forks a process to start the application so
mvnDebug cannot be used anymore. This commit replaces the reference
of mvnDebug to a link to an example of the maven plugin.

Fixes gh-992

Fixes gh-999

Fixes gh-1011

Fixes gh-1012

(If we ever want to modularize this will make it less painful)

Fixes gh-1015

This is *really* nasty (and led me to discover a related bug
https://jira.spring.io/browse/SPR-11844), but fortunately easy to
hide from users once you have a test case.

The problem is that Spring Security registers a `BeanPostProcessor`
to handle `GlobalAuthenticationConfigurerAdapters`, and Boot
registers a `BeanPostProcessor` to handle injecting the packages
to scan into an `EntityManagerFactory` from `@EntityScan`. The
clash comes because the `EntityScanBeanPostProcessor` wants to be
postprocessed by the Security postprocessor, but if the Security
configuration depends on JPA it won't be ready in time.

The fix (or workaround) depending on how you look at it is to
prevent the other bean post processors from taking an interest in
`EntityScanBeanPostProcessor` at all (mark it as synthetic).

Fixes gh-1008

Added 2 new spring.datasource.* properties ("data" like
"schema", and "deferDdl" like the "spring.jpa.hibernate.*"
flag). The SQL scripts are then run separately and the "data"
ones are triggered by a new DataSourceInitializedEvent,
which is also published by the Hibernate DDL schema export.

Fixes gh-1006

Fix package tangle in CLI my extracting ExitStatus to a status package.

See gh-1004

Fix package tangle by moving DependencyResolutionContext from the
compiler package to grape.

See gh-1004

Reorganize the `jms` package into `hornetq` and `activemq` sub-pacakges.

Fixes gh-1005

Restore test classes accidentally deleted and ignored in c43fd04f.

See gh-408

Add unit tests for elasticsearch packages. Also refactor some
of the existing tests to prevent Repository clashes.

See gh-408