Spring Boot provides a default AuthenticatiomManager for getting
started quickly with security and never exposing insecure
endpoints. To override that feature as users move to the next
stage in their project, they may have to do something slightly
different depending on whether it is a webapp or not.

In any app (web or not), providing a @Bean of type
AuthenticationManager always works, but you don't get the benefit of
the builder features.

In a webapp the user can also extend WebSecurityConfigurerAdapter
to provides a custom AuthenticationManager, and the preferred
way of doing that is via a void method that is autowired with an
AuthenticationManagerBuilder. The default AuthenticationManager is
built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so
to override it the user's confugrer must have higher precedence
(lower @Order).

@EnableGlobalMethodSecurity can also be used in a non-webapp, and
Spring Boot will still provide a default AuthenticationManager.
To override it the user has to either extend
GlobalMethodSecurityConfiguration or provide a @Bean of type
AuthenticationManager (there's no other way to
capture the AuthenticationManagerBuilder that doesn't happen too late
in the beans lifecyle).

Fixes gh-244

A new command, jar, has been added to the CLI. The command can be
used to create a self-contained executable JAR file from a CLI app.

Basic usage is:

spring jar <jar-name> <source-files>

For example:

spring jar my-app.jar *.groovy

The resulting jar will contain the classes generated by compiling the
source files, all of the application's dependencies, and entries
on the application's classpath.

By default a CLI application has the current working directory on
its classpath. This can be overridden using the --classpath option.
Any file that is referenced directly by the classpath is always
included in the jar. Any file that is found a result of being
contained within a directory that is on the classpath is subject to
filtering to determine whether or not it should be included. The
default includes are public/**, static/**, resources/**,
META-INF/**, *. The default excludes are .*, repository/**, build/**,
target/**. To be included in the jar, a file must match one of the
includes and none of the excludes. The filters can be overridden using
the --include and --exclude options.

Closes #241

* pull285:
  Fix TomcatContextCustomizers Assert.notNull checks

Correct null assertion checks on setters for TomcatContextCustomizers
and TomcatContextCustomizers

Beans annotated with @ConfigurationProperties can be their own validators when implementing Spring's Validator interface

fixes #255

Fixes gh-258

/configprops output now contains the prefix from @ConfigurationProperties as wells as bean name and actual properties

fixes #267

Register @ConfigurationProperties beans with <prefix>.CONFIGURATION_PROPERTIES in case no value or name is specified on the class level annotation

Fixes gh-273

By convention, Ruby code is indented using two spaces (  ) per-level.
The code used tabs (\t) previously and therefore wasn't idiomatic.
This change updates the indenting to use two spaces.

This change adds support for --HEAD builds to the Homebrew formula. It
defines a conditional dependency on Maven and builds the -cli project
during install.  The location to install from is abstracted out so
that code is identical regardless of whether the build is --HEAD or
mainline.

Fixes gh-275

If the context hierarchy is from a SpringApplication we can control
the shutdown semantics a bit. Specifically we need a listener in the child context
that will shut it down when the parent closes (since assummably the child relies
on beans in the arent that may now be disposed).

Fixes gh-275

Fixed the nested jar URLHandler to correctly deal with files on
Windows.

Fixes gh-269

Remove what appears to be unused CLI code.

Remove the custom JodaModule support which is not necessary with
Spring 4.0.1.

Fixes gh-186

Upgrade to the latest 4.0.x SNAPSHOT of the Spring Framework in
preparation for the 4.0.1 release.

Add a LevelRemappingAppender that can remap the level of logback events
as they are written.

Also update the base configuration to change the somewhat noisy
Thymeleaf INFO logging to DEBUG.

Fixes gh-265

Change TomcatEmbeddedServletContainerFactory to allow per context
skip patterns to be defined, rather than using a global system property.

This commit also renames `skipPatterns` to `tldSkip` to align it with
Tomcat context.xml configuration.

Updates gh-256

...without any deprecation warnings and with some chance that it will
still work with Hibernate 5.

Fixes gh-256

I'd prefer a fix that wasn't global for the VM, but the default values shoudl be harmless
at least.

Fixes gh-274

Addresses gh-263 to some extent.

Also new section of README for propery keys used by the
launcher.

Update JarFile to allow the custom registration of a JAR
`URLStreamHandler` that allows `jar:` URLs to be constructed from
Strings. This removes the previous requirement that all nested JAR URLs
be created with a 'context'.

To supported nested JARs the `java.protocol.handler.pkgs` system
property is changed so that our custom URLHandler is picked for 'jar'
protocols in preference to the Java default.

Fixes gh-269

I guess this didn't get done before because of the legacy structure of the
class hierarchy of TestContextLoaders. It makes sense that we should just prefer
netsted @Configuration though, so that's what this change does.

Fixes gh-271

Update `GroovyCompiler` and `AetherGrapeEngineFactory` to use the
recently added `spring-boot-dependency-tools` in favor of loading
dependency information from a generated properties file.

Add a gradle `ResolutionStrategy` that resolves missing version numbers
using the `spring-boot-dependencies` POM.

This commit also introduces a new `spring-boot-dependency-tools` module
that provides programmatic access to the `dependencyManagement` section
of the dependencies POM.

Fixed gh-262

--verbose seems to be only for CLI logging (so really only
for dependency resolution). --debug is interpreted by SpringApplication
but up to now has been extracted and deleted from the command line
by the CommandRunner. This change makes --debug set a System property
*and* pass it down to the application (if used with -- separator).

Fixes gh-266