The fact that the web security and the authentication manager are
controlled separately should hopefully now be clearer.

Fixes gh-3292

The InteractiveAuthenticationSuccessEvent is always shadowed by a
regulat AuthenticationSuccessEvent, so there's no need to listen for
all AbstractAuthenticationSuccessEvents.

Fixes gh-4355

* pr/4359:
  Fix linux service script command syntax

Closes gh-4359

The metric export configuration was still using the MetricWriter
interface where it should be using GaugeWriter

This way the MetricCopyExporter can make a sensible choice about
what to do with counter metrics, and cache the latest values, so that
they can be properly incremented.

Fixes gh-4305

Previously, the meta-data annotation processor was taking the first
setter that match the property name it has to handle. Contrary to
getters that are enforced by a return type (no argument), multiple
setter candidates may exist.

If a property's type got narrowed over time, the original setter may
have been marked as Deprecated. As the annotation processor takes the
first setter that matches based on the name only, it may pick up the
deprecated one and therefore mark the property as being (wrongly)
deprecatede in the meta-data.

It turns out that checking for the actual type of the setter parameter
brought a side effect: some primitive properties may use the primitive
or the Wrapper counter part. This commit not only look at the proper
setter based on the type but also fallback on the wrapper (or) primitive
if necessary.

Closes gh-4338

Create a set of core groups to gather properties logically: core, web,
security, data, integration, actuator and devtools.

In each of them, groups are ordered against their lexical order.

Closes gh-4344

Closes gh-3923

Update `EnableAutoConfigurationImportSelector` to directly use the
RelaxedDataBinder when obtaining excludes. This removes the need for
the additional getProperties method on RelaxedPropertyResolver.

See gh-4352

`spring.application.exclude` is retrieved via the
`RelaxedPropertyResolver` API explicitly and it does not have any
standard API to retrieve a list of values. As a consequence that property
could only be specified as a comma-separated value.

This felt convoluted in YAML. `RelaxedPropertyResolver` has now a
`getProperties` method that works with both comma-separated value and
index elements (i.e. list).

Closes gh-4352

- update script with valid exit status to ensure service stops cleanly
- clarify unused customization variables

Closes gh-4334

By default, start-stop-daemon will chdir to the root directory before
starting the process. This prevents an application.properties file that
sits alongside the jar from being found.

This commit updates the call to start-stop-daemon to use --chdir to
set the working directory to that of the jar that’s being launched.

Closes gh-4281

Closes gh-4351

Closes gh-4350

Closes gh-4349

Closes gh-4348

Closes gh-4347

Closes gh-4346

Previously, if security.ignored was set to none and the error controller
was disabled, there would be no paths to ignore and we would call
IgnoredRequestConfigurer.antMatchers with an empty array. While a bit
pointless, this had no effect on Spring Security’s configuration.

This behaviour has changed in the latest 4.0.3 snapshots [1]. An empty
array passed to IgnoredRequestConfigurer.antMatchers now maps to /**. As
Spring Boot configures its ignored paths with highest precedence this
means that security is now disabled for every path.

This commit updates both the management security and application
security configuration to avoid calling antMatchers with an empty
array, thereby ensuring that we don’t inadvertently ignore every path.
Even if the change to Spring Security is reverted we can keep this
change. The behaviour will remain the same and, arguably, it makes the
intent of our configuration clearer.

Closes gh-4345

[1] https://github.com/spring-projects/spring-security/commit/8663ac41731ead18c549a24c2c94b78ce0cceb1b

In 1.3, our Gradle plugin no longer automatically applies the
application plugin. This affects the default options that are
available for explicitly configuring a project's main class. This
commit updates the documentation accordingly.

Closes gh-3768

The syntax was a bit tortured. This should clarify things and also
de-emphasise the "production" use case for the file system
properties file (we want to be cloud native don't we?).

That way any properties that are needed for processing the config
files will be available in time. Makes sense given that env vars
is the main carrier of the inline JSON.

User can supply inline JSON as an env var (SPRING_APPLICATION_JSON)
or System property (spring.application.json).

Fixes gh-4239

(I mean it this thime)

See gh-4345

The HATEOAS sample does not support XML responses. Previously, the
controller doesn't constrain the media types that it could produce.
This would result in a failure when handling a request that prefers
XML responses.

This commit updates the produces clauses in the controller so that
the sample will only attempt to produce JSON.

Closes gh-4343

See gh-4345

The documentation recommends configuring the HTTP connector in code
and using application.properties to configure the HTTPS connector
as it's easier. This commit updates the sample to follow that
recommendation.

Closes gh-4342

Previously, the "Common application properties" appendix had no
consistent use of a configuration key value. It could just as well be
the default value or an example.

We now always document the default value after the "=" sign and
eventually add an example with the phrasing "For instance".

The keys have also been reordered so that they follow a natural (i.e.
lexical) order.

Closes gh-3230
Closes gh-3160
Closes gh-3155
Closes gh-3153