Closes gh-3869

Closes gh-3779

Closes gh-3868

Closes gh-3846

Refine commit 8a964814 to set the web environment to false if spring web
is not available in the classpath. Thanks to @mjustin for spotting that
mistake.

Closes gh-3856

Previously, deployment tests were storing the container archives in the
default location (that is `/tmp`) for a total weight of 160MB. In case
the temp directory is cleaned on CI, these have to be downloaded again.

We're now configuring cargo to store these archives in the home directory
instead. This should improve the speed and the stability of the
deployment tests

Closes gh-3861

SpringApplication wrongly expects spring-web to be on the classpath to
figure out whether or not the web environment should be enabled for a
custom context class.

We now properly guard this check so that the web environment is not
enabled (read: not checked) if `spring-web` is not available.

Closes gh-3856

Closes gh-3843

Closes gh-3406
Closes gh-3526

Closes gh-3823

Closes gh-3792

The DataSource health indicator uses `JdbcTemplate` behind the scenes
but nothing was checking that it is actually available.

`DataSourcesHealthIndicatorConfiguration` is now disabled if
`spring-jdbc` is not on the classpath.

Fixes gh-3765

Closes gh-3760

Closes gh-3423

This commit adds support for using the environment to configure the
Freemarker and Velocity view resolvers to allow session overrides.

Closes gh-3410

Closes gh-3421

The annotation processor detects `@ConfigurationProperties` bean or
method definition and merges manual meta-data. The former step will fail
with a NPE if the annotation is not present on the classpath. This could
happen if the annotation processor is added to a module that is not
actually using Spring Boot.

We now have a defensive check that skips that steps but still attempts to
merge manual meta-data if present.

Closes gh-3720

Closes gh-3715

Closes gh-3700

Closes gh-3681

Closes gh-3674

Closes gh-3673

Closes gh-3672

Closes gh-3671

Closes gh-3670

Closes gh-3669

Previously, BeanTypeRegistry would only look for a @Bean method
with no arguments when trying to determine the type that will be
created by a factory bean. This meant that the type produced by a
factory bean declared via a @Bean that has one or more arguments would
be unknown and any on missing bean conditions look for a bean of the
type produced by the factory bean would match in error.

This commit updates BeanTypeRegistry to, where possible, use the
factory method metadata for the bean definition when determining the
type that will be created. This allows it to determine the type for
factory bean created by @Bean methods that take arguments and also
avoids the use reflection to find the factory method. Where factory
method metadata is not available, the existing reflection-based
approach is used as a fallback.

Closes gh-3657

- Extract the logic that coerces the string into a LogLevel into a
  separate method.
- Add a test that verifies that false is mapped to LogLevel.OFF

Closes gh-3628

A level named off is used to disable logging for a particular logger.
YAML interprets off as false, leading to a failed attempt to get the
LogLevel for FALSE. A workaround is to quote the level, i.e. use "off"
rather than off.

This commit updates LoggingApplicationListener to coerce the string
false back to the level off.

Closes gh-3631
See gh-3628

When nested jars are being used, hasMoreElements requires opening a
connection for an entry in every nested jar. If that entry doesn't
exist, a FileNotFoundException is thrown to indicate that a particular
jar doesn't contain the requested entry. This exception is used to
indicate the lack of an entry and is then swallowed, i.e. its stack
trace is of no importance. This means that the performance of
hasMoreElements can be improved by switching on fast exceptions while
it's being called. When fast exceptions are switched on a general
purpose pre-initialized FileNotFoundException is thrown rather than
creating a new FileNotFoundException instance each time.

In certain situations, the use of fast exceptions as described above
can improve performance fairly significantly. The JRE's default SAAJ
implementation uses META-INF/services-based discovery for _every_
request that's handled by Spring Web Services. Each discovery attempt
results in hasMoreElements being called making its performance
critical to throughput.

See gh-3640

Closes gh-3604

 Closes gh-3601

Closes gh-3583

Previously, a customer was set regardless of the fact that it is
supported on the target bean. DataBinder has an actual assertion check
that would fail in such a case.

We now associate the custom validator only if it supports the target
bean.

Fixes gh-3581

Previously getLoggerConfig(loggerName) was used to retrieve the
LoggerConfig object on which the level was to be set. As described in the
method’s javadoc it will “remove tokens from the package name as
necessary or return the root LoggerConfig if no other matches were found”.
This is problematic as, if there’s no configuration for the logger whose
level is being configured, the level will be applied to a logger from an
outer package or to the root logger.

This commit updates Log4J2LoggingSystem to use the configuration’s map of
LoggerConfigs, rather than calling getLoggerConfig. In the event of the
level being set on an unconfigured logger, this will produce a null
LoggerConfig. When a null LoggerConfig is encountered, a new one is
created with the appropriate level. If the config already exists, its
level is set as it was before.

The code that was accessing the root logger using a magic null value
(which was then coerced into the root logger’s name (an empty string))
has also been updated to make it clearer that they are purposefully
dealing with the root logger.

Closes gh-3550

Typically, a Spring Boot maintenance release would not move to a new
minor version of a dependency. However there is a security
vulnerability in Groovy [1] and 2.4.4 is the only release which
contains a fix for it.

The commit upgrades to 2.4.4, thereby ensuring that users of Groovy
are not vulnerable by default. Users of Groovy whose applications are
not affected by the vulnerability may choose to downgrade back to
2.3.11 by overriding Spring Boot's dependency management.

Closes gh-3540

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253

Various areas of the code expect the management's context path to not
contain any trailing slash but nothing is enforcing it. We now make sure
to remove any trailing slash, including the one for '/' and make that
explicit via the Javadoc of the getter.

Fixes gh-3553