This commit changes the default version of Tomcat to 8.5.3 while
also retaining support for Tomcat 8.0 and 7.0. The main difference
in 8.5 is that the ServerSocketFactory abstraction that allowed the
TrustStore and KeyStore to be configured programatically no longer
exists. This logic has been replaced with the use of a custom URL
protocol (springbootssl) that provides access to the key store and
trust store of an SslStoreProvider. In addition to working with 8.5,
this approach has the advantage of also working with 8.0 and 7.0.

Closes gh-6164

This commit adds `@AliasFor` meta-data to annotations that declare an
alias attribute.

`@ConditionalOnProperty` and `@AutoconfigureRestDocs` were not migrated
due to the use of `AnnotationMetadata#getAnnotationAttributes`.

Closes gh-5187

* pr/6188:
  Reuse objects in JsonParser implementations

Closes gh-6188

* pr/6184:
  Fix relaxed binding of SI JMX config

Instead of using an expression for JMX-related properties, this commit
properly honors relaxed binding.

Closes gh-6184

Fixing #5939 lead to a build failure as OAuth2 related configuration was
defined twice. This is also related to #5973.

This commit detects case where the same set of keys are exposed several
times and prevents the compilation to complete. Previously, duplicate
keys were silently added to the meta-data.

Closes gh-5939

* pr/6185:
  Fix default value for dispatch-options-request in doc

Closes gh-6185

Previously, if the `contextPath` of the application wasn't the root, the
HAL browser could not initialize since the `entryPoint` was referring to
an invalid location.

This commit makes sure to take the `contextPath` into account.

Closes gh-5814

See gh-6174

By default, Tomcat forces the generation of a session id during startup
to ensure that a SecureRandom instance has been initialized. When there
is a lack of entropy (as is often the case on a newly booted VPS, for
example) this can block for a long time (several minutes in some cases)
causing users to incorrectly believe that their application has hung
during startup. This is particularly problematic for applications that
don't use HTTP sessions as they are paying the startup cost for no
benefit.

This commit address the problem by configuring a custom
SessionIdGenerator that does not initialize itself during startup.
Instead, the initialization is now deferred until a request for a
session id is made.

Closes gh-6174

Closes gh-5099

Previously, SimpleInMemoryRepository used a ConcurrentReferenceHashMap
to store its locks. The type of map will discard its entries when the
JVM comes under GC pressure. With the code in its previous form, this
could lead to a NullPointerException when the following occurred:

1. putIfAbsent returned null indicating that a new entry has been added
   to the map
2. GC pressure caused the map to discard the new entry
3. get returned null as the entry has been discard

There are two problems with the existing code:

1. Its usage of a ConcurrentMap is incorrect. The correct usage is:
   a. Call get to see if the map already contains a lock
   b. If the lock is null, create a new one
   c. Call putIfAbsent to add the new lock
   d. If the return value is non-null, another thread has created the
      lock and it should be used. If the return value is null, use the
      new lock created in b.
2. Once the use of ConcurrentMap has been corrected, the fact that it is
   a ConcurrentReferenceHashMap means that different threads could
   access the same value using different locks. This would occur if one
   thread has retrieved a lock from the map and is using it, while GC
   causes the lock to be removed from the map. Another thread then
   attempts to get the lock and, as GC pressure has remove it, a new
   lock is created allowing concurrent access to the same value.

This commit updates the code to use the ConcurrentMap correctly and also
replaces the ConcurrentReferenceHashMap with a ConcurrentHashMap. This
means that the repository will now use slightly more memory but this is
outweighed by the benefits of thread-safe updates and no risk of an NPE.

Closes gh-6115

See gh-6111

DevTools deliberately throws an uncaught exception on the main thread
as a safe way of causing it to stop processing. This exception is
caught and swallowed by an uncaught exception handler. Unfortunately,
this has the unwanted side-effect of causing the JVM to exit with 1
once all running threads are daemons.

Normally, this isn't a problem. Non-daemon threads, such as those
started by an embedded servlet container, will keep the JVM alive and
restarts of the application context will occur when the user makes to
their application. However, if the user adds DevTools to an
application that doesn't start any non-daemon threads, i.e. it starts,
runs, and then exits, it will exit with 1. This causes both
bootRun in Gradle and spring-boot:run in Maven to report that the
build has failed. While there's no benefit to using DevTools with an
application that behaves in this way, the side-effect of causing the
JVM to exit with 1 is unwanted.

This commit address the problem by updating the uncaught exception
handler to call System.exit(0) if the JVM is going to exit as a
result of the uncaught exception causing the main thread to die. In
other words, if the main thread was the only non-daemon thread, its
death as a result of the uncaught exception will now cause the JVM
to exit with 1 rather than 0. If there are other non-daemon threads
that will keep the JVM alive, the behaviour is unchanged.

Closes gh-5968

This commit aligns the feature introduced in gh-6071 to Artemis.

Closes gh-6179

* pr/6071:
  Polish "Secured HornetQ" contribution
  Add a secured connection factory for Hornetq.

Closes gh-6071

See gh-6071

* pr/6116:
  Upgrade to Elasticsearch 2.3.3

Closes gh-6116

Closes gh-5653

Previously, when `spring.mvc.locale` was specified, that locale was used
regardless of the client's preferences. This commit adds an extra
`spring.mvc.locale-resolver` property that can control how the locale is
resolved. The default is `ACCEPT_HEADER` but can be set to `FIXED` to
restore the previous behaviour.

Closes gh-6083

Closes gh-6172

* pr/6081:
  Polish contribution
  Remove HSQLDB dependency from Batch Starter

Closes gh-6081

This commit removes HSQLDB dependency from Batch Starter as most apps
that use Spring Batch will prefer to use a RDBMS of their choice to store
batch metadata.

Additionally, explicit spring-jdbc dependency has been replaced with JDBC
Starter dependency.

See gh-6081

Jetty 9.3 no longer has a jetty-jsap artifact and dependency
management for it was removed in ff602e60. It was inadvertently
reintroducved in b303b3fe. This commit removes it again.

See gh-5290
See gh-5825