This commit adds support for using the environment to configure the
Freemarker and Velocity view resolvers to allow session overrides.

Closes gh-3410

Closes gh-3421

The annotation processor detects `@ConfigurationProperties` bean or
method definition and merges manual meta-data. The former step will fail
with a NPE if the annotation is not present on the classpath. This could
happen if the annotation processor is added to a module that is not
actually using Spring Boot.

We now have a defensive check that skips that steps but still attempts to
merge manual meta-data if present.

Closes gh-3720

Closes gh-3715

Closes gh-3700

Closes gh-3681

Closes gh-3674

Closes gh-3673

Closes gh-3672

Closes gh-3671

Closes gh-3670

Closes gh-3669

Previously, BeanTypeRegistry would only look for a @Bean method
with no arguments when trying to determine the type that will be
created by a factory bean. This meant that the type produced by a
factory bean declared via a @Bean that has one or more arguments would
be unknown and any on missing bean conditions look for a bean of the
type produced by the factory bean would match in error.

This commit updates BeanTypeRegistry to, where possible, use the
factory method metadata for the bean definition when determining the
type that will be created. This allows it to determine the type for
factory bean created by @Bean methods that take arguments and also
avoids the use reflection to find the factory method. Where factory
method metadata is not available, the existing reflection-based
approach is used as a fallback.

Closes gh-3657

- Extract the logic that coerces the string into a LogLevel into a
  separate method.
- Add a test that verifies that false is mapped to LogLevel.OFF

Closes gh-3628

A level named off is used to disable logging for a particular logger.
YAML interprets off as false, leading to a failed attempt to get the
LogLevel for FALSE. A workaround is to quote the level, i.e. use "off"
rather than off.

This commit updates LoggingApplicationListener to coerce the string
false back to the level off.

Closes gh-3631
See gh-3628

When nested jars are being used, hasMoreElements requires opening a
connection for an entry in every nested jar. If that entry doesn't
exist, a FileNotFoundException is thrown to indicate that a particular
jar doesn't contain the requested entry. This exception is used to
indicate the lack of an entry and is then swallowed, i.e. its stack
trace is of no importance. This means that the performance of
hasMoreElements can be improved by switching on fast exceptions while
it's being called. When fast exceptions are switched on a general
purpose pre-initialized FileNotFoundException is thrown rather than
creating a new FileNotFoundException instance each time.

In certain situations, the use of fast exceptions as described above
can improve performance fairly significantly. The JRE's default SAAJ
implementation uses META-INF/services-based discovery for _every_
request that's handled by Spring Web Services. Each discovery attempt
results in hasMoreElements being called making its performance
critical to throughput.

See gh-3640

Closes gh-3604

 Closes gh-3601

Closes gh-3583

Previously, a customer was set regardless of the fact that it is
supported on the target bean. DataBinder has an actual assertion check
that would fail in such a case.

We now associate the custom validator only if it supports the target
bean.

Fixes gh-3581

Previously getLoggerConfig(loggerName) was used to retrieve the
LoggerConfig object on which the level was to be set. As described in the
method’s javadoc it will “remove tokens from the package name as
necessary or return the root LoggerConfig if no other matches were found”.
This is problematic as, if there’s no configuration for the logger whose
level is being configured, the level will be applied to a logger from an
outer package or to the root logger.

This commit updates Log4J2LoggingSystem to use the configuration’s map of
LoggerConfigs, rather than calling getLoggerConfig. In the event of the
level being set on an unconfigured logger, this will produce a null
LoggerConfig. When a null LoggerConfig is encountered, a new one is
created with the appropriate level. If the config already exists, its
level is set as it was before.

The code that was accessing the root logger using a magic null value
(which was then coerced into the root logger’s name (an empty string))
has also been updated to make it clearer that they are purposefully
dealing with the root logger.

Closes gh-3550

Typically, a Spring Boot maintenance release would not move to a new
minor version of a dependency. However there is a security
vulnerability in Groovy [1] and 2.4.4 is the only release which
contains a fix for it.

The commit upgrades to 2.4.4, thereby ensuring that users of Groovy
are not vulnerable by default. Users of Groovy whose applications are
not affected by the vulnerability may choose to downgrade back to
2.3.11 by overriding Spring Boot's dependency management.

Closes gh-3540

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253

Various areas of the code expect the management's context path to not
contain any trailing slash but nothing is enforcing it. We now make sure
to remove any trailing slash, including the one for '/' and make that
explicit via the Javadoc of the getter.

Fixes gh-3553

Closes gh-3546, closes gh-3547

Never inject a transaction manager (user can create his own
"rabbitListenerContainerFactory" bean if he wants an actual
non-JTA transaction manager.

See gh-3432

If set *and* there is a transaction manager in the context, then the
listener container created by Spring Boot will use the transaction
manager to execute the listeners.

Fixes gh-3432 (by virtue of not requiring a JtaTransactionManager any
more).

When Spring Security sends 302 responses to a login page we don't get
any information about the request matching in Spring MVC. Consequently
apps can end up with a lot of counter.status.302.* metrics (where
"*" can be whatever the user sent).

This change treats 3xx the same as 4xx (if it is unmapped it just gets
added to a metric called "unmapped" instead of using the actual request
path).

Fixes gh-2563

Closes gh-3417

Closes gh-3466

When writing a jar, once an entry has been written it will never be
overwritten, i.e. the first write of a given entry will win. Previously,
when repackaging a jar, the existing contents were written followed by
any libraries. This caused a problem when repackaged a WAR file and
a library needed to be unpacked as the existing entry in WEB-INF/lib
would prevent the library with the UNPACK comment from being written.
This was addressed in f761916b by inverting the order so libraries
would take precedence over entries in the source jar.

It’s now become apparent that this change in the order causes a problem
for users who are obfuscating their code. The obfuscated code exists in
the source jar but is also provided to the repackager in its original
form as a library. When libraries take precedence, this means that the
code in its original form ends up in the repackaged war and the
obfuscation is lost.

This commit updates the repackager to write libraries that require
unpacking first. This allows the UNPACK comment to be written even if
there’s also a source entry for the library. Next, source entries are
written. This allows obfuscated source entries to take precedence over
any unobfuscated library equivalents. Lastly, standard libraries that
do not require unpacking are written into the repackaged archive.

Closes gh-3444

Ensure that FlywayAutoConfiguration and LiquibaseAutoConfiguration occur
after HibernateJpaAutoConfiguration so that the DependsOnPostProcessor
condition can correctly check for a LocalContainerEntityManagerFactory
bean.

Fixes gh-3437

Clarify how the default JMS listener container factory is created if none
exists with regards to transactions.

Issue: SPR-3407

The order of property values is only preserved if we check carefully
that each property is actually present in the source being inspected.

Fixes gh-3385