Remove accidentally committed SNAPSHOT dependency.

Update AutoConfigurationPackages to log warnings on the first access,
rather than during setup. This works around the fact that the CLI
currently add multiple @EnableAutoConfiguration annotations.

Fixes gh-579

This commit updates the CLI so that it will decrypt any encrypted
passwords in a user's Maven settings.xml file.

The code that performs the decrytion has a transitive dependency on
three types in Plexus' logging API. There are tens of different
artifacts containing this API available in Maven Central. Rather than
bloating the API with a dependency on a complete Plexus container,
which could perhaps be considered the primary source, a dependency on
a considerably smaller artifact has been introduced.

Closes #574

Removed this link "The websocket sample shows you how to do that in Maven." since the example no longer has properties that show how this is done. Dave Syer edited the section in a previous issue by adding the example to the POM ( https://github.com/spring-projects/spring-boot/issues/430 ) but it appears that the bad link was not removed.

The management security autoconfiguration wanted to come last in the chain
but that won't suit the fallback that was already in place for gh-568. This
change re-orders the autoconfig so that @EnableWebSecurity is still added
if the user sets security.basic.enabled=false and includes the actuator
endpoints.

Fixes gh-568

Fixes gh-576

If the user explicitly disables the basic security features and forgets to
@EnableWebSecurity, and yet still wants a bean of type
WebSecurityConfigurerAdapter, he is trying to use a custom
security setup and the app would fail in a confusing way without
this change.

Fixes gh-568

If the user adds a JAR file to the classpath in "spring jar -cp ..."
he expected it to end up in the classpath of the executable jar
(i.e. in the nested lib/ directory). Before this change it would
have gone in the root of the executable JAR, causing errors at runtime.

The fix is slightly awkward, since it assumes that any JAR in the
"roots" of the ResourceMatcher come from the classpath (which *is*
the case currently, but might not always be at least in principle).
Seems like a reasonable compromise given it's a quick change
and some tests have been included.

Fixes gh-565

Fixes gh-572

Fixes gh-573

If the user sets security.basic.enabled=false he has to remember
to @EnableWebSecurity.  Possibly we could be more helpful about the
exception, but I think this might be pilot error.

Fixes gh-568

* gh-540:
  Support Tomcat uri encoding (with UTF-8 default)

Introduce an extra `server.tomcat.uri-encoding` property used to
configure the URI encoding for the embedded tomcat container.

Defaults to `UTF-8` instead of the usual tomcat default of `ISO-8859-1`.

Fixes gh-540

Remove direct reference to spring-data-commons, instead favoring
transitive dependency.

Fixes gh-557

* Issue-556:
  Escape URL characters in JAR URLs

Update the spring-boot-loader JarURLConnection class to decode entry
names in the same way as the stock JDK class. This allows encoded
entry names in the form `%c3%ab` to be loaded.

Fixes gh-556

- Add link to Spring Security's Global Method Security Java Configuration
- Fix link to SecurityProperties
- Add link to SECURITY Common application properties
- Remove unnecessary @Order from SecurityConfiguration
- Change method signature for @Autowired AuthenticationManagerBuilder to
  compile / match Spring docs

Rename `name` to `prefix` and `path` to `locations`.

Update reference docs to link to the community starters README.

Fix formatting for the recent ParentContextCloserApplicationListener
change, also some minor internal renames.

When the child is listening for parent closed events
the parent has a reference to the listener which contains the chils.
Thust there is a cycle of references and a GC probalem waiting to
happen.

This change breaks the cycle by making the reference to the
child a WeakReference.

Fixes gh-559

If the user provides a JobExplorer and a BatchConfigurer that
don't require a DataSource we can back off on configuring ours
(and anything else that needs a DataSource).

Fixes gh-561

If user sets a ResourceLoader on the SpringApplication, he might
reasonably expect that it would be used to read the config files.
This change ensures that it is (instead of just using the
DefaultResourceLoader).

Fixes gh-558

Basic README content plus a short table of community-
contributed additional starters.

See gh-539

Annoyingly this is necessary if we want to support Tomcat 7 and 8
since the package name changed.

Fixes gh-554

We can't support (yet) embedded containers inside a deployed war (class
loader conflicts are inevitable, really). Until we figure out a way to
do it, we should just log a warning and advise the user to switch to
JMX for the actuator endpoints.

See gh-552

ErrorPageFilter is itself an EmbeddedServletContainerFactory
but it runs in a non-embedded container. Any component that assumes
the presence of an EmbeddedServletContainerFactory implies we are
running embedded is therefore invalid. WebSocketAutoConfiguration
had that problem.

Fixes gh-551

Fixes gh-543

Since there is no atomic remove/register operation for
Gauges, we need to synchronize.

The bean ID for the ContentNegotiatingViewResolver is now
"viewResolver" (it is the *one*). The conditions have been changed
so that a user only has to define a bean of the same name to switch
it off.

Fixes gh-546

(via spring.thymeleaf.*).

Fixes gh-548

Fixes gh-549