Merge branch '2.5.x'

Closes gh-28789

spring-boot-project/spring-boot-devtools/build.gradle

@@ -76,9 +76,7 @@ dependencies {
 	testImplementation("org.springframework:spring-websocket")
 	testImplementation("org.springframework.hateoas:spring-hateoas")
 	testImplementation("org.springframework.security:spring-security-test")
-	testImplementation("org.thymeleaf:thymeleaf")
-	testImplementation("org.thymeleaf:thymeleaf-spring5")
-	testImplementation("nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect")
+	testImplementation("org.freemarker:freemarker")
 
 	testRuntimeOnly("org.aspectj:aspectjweaver")
 	testRuntimeOnly("org.yaml:snakeyaml")

spring-boot-project/spring-boot-devtools/src/test/java/org/springframework/boot/devtools/RemoteUrlPropertyExtractorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2019 the original author or authors.
+ * Copyright 2012-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -64,7 +64,6 @@ void multipleUrls() {
 	void validUrl() {
 		ApplicationContext context = doTest("http://localhost:8080");
 		assertThat(context.getEnvironment().getProperty("remoteUrl")).isEqualTo("http://localhost:8080");
-		assertThat(context.getEnvironment().getProperty("spring.thymeleaf.cache")).isNull();
 	}
 
 	@Test

spring-boot-project/spring-boot-devtools/src/test/java/org/springframework/boot/devtools/autoconfigure/LocalDevToolsAutoConfigurationTests.java

@@ -29,12 +29,11 @@
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.thymeleaf.spring5.templateresolver.SpringResourceTemplateResolver;
 
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
-import org.springframework.boot.autoconfigure.thymeleaf.ThymeleafAutoConfiguration;
+import org.springframework.boot.autoconfigure.freemarker.FreeMarkerAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.WebProperties;
 import org.springframework.boot.autoconfigure.web.WebProperties.Resources;
 import org.springframework.boot.autoconfigure.web.servlet.ServletWebServerFactoryAutoConfiguration;
@@ -55,6 +54,7 @@
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.test.util.ReflectionTestUtils;
+import org.springframework.web.servlet.view.AbstractTemplateViewResolver;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@@ -83,18 +83,11 @@ void cleanup() {
 		}
 	}
 
-	@Test
-	void thymeleafCacheIsFalse() throws Exception {
-		this.context = getContext(() -> initializeAndRun(Config.class));
-		SpringResourceTemplateResolver resolver = this.context.getBean(SpringResourceTemplateResolver.class);
-		assertThat(resolver.isCacheable()).isFalse();
-	}
-
 	@Test
 	void defaultPropertyCanBeOverriddenFromCommandLine() throws Exception {
-		this.context = getContext(() -> initializeAndRun(Config.class, "--spring.thymeleaf.cache=true"));
-		SpringResourceTemplateResolver resolver = this.context.getBean(SpringResourceTemplateResolver.class);
-		assertThat(resolver.isCacheable()).isTrue();
+		this.context = getContext(() -> initializeAndRun(Config.class, "--spring.freemarker.cache=true"));
+		AbstractTemplateViewResolver resolver = this.context.getBean(AbstractTemplateViewResolver.class);
+		assertThat(resolver.isCache()).isTrue();
 	}
 
 	@Test
@@ -103,8 +96,8 @@ void defaultPropertyCanBeOverriddenFromUserHomeProperties() throws Exception {
 		System.setProperty("user.home", new File("src/test/resources/user-home").getAbsolutePath());
 		try {
 			this.context = getContext(() -> initializeAndRun(Config.class));
-			SpringResourceTemplateResolver resolver = this.context.getBean(SpringResourceTemplateResolver.class);
-			assertThat(resolver.isCacheable()).isTrue();
+			AbstractTemplateViewResolver resolver = this.context.getBean(AbstractTemplateViewResolver.class);
+			assertThat(resolver.isCache()).isTrue();
 		}
 		finally {
 			System.setProperty("user.home", userHome);
@@ -257,7 +250,6 @@ private ConfigurableApplicationContext initializeAndRun(Class<?> config, Map<Str
 
 	private Map<String, Object> getDefaultProperties(Map<String, Object> specifiedProperties) {
 		Map<String, Object> properties = new HashMap<>();
-		properties.put("spring.thymeleaf.check-template-location", false);
 		properties.put("spring.devtools.livereload.port", 0);
 		properties.put("server.port", 0);
 		properties.putAll(specifiedProperties);
@@ -266,14 +258,14 @@ private Map<String, Object> getDefaultProperties(Map<String, Object> specifiedPr
 
 	@Configuration(proxyBeanMethods = false)
 	@Import({ ServletWebServerFactoryAutoConfiguration.class, LocalDevToolsAutoConfiguration.class,
-			ThymeleafAutoConfiguration.class })
+			FreeMarkerAutoConfiguration.class })
 	static class Config {
 
 	}
 
 	@Configuration(proxyBeanMethods = false)
 	@ImportAutoConfiguration({ ServletWebServerFactoryAutoConfiguration.class, LocalDevToolsAutoConfiguration.class,
-			ThymeleafAutoConfiguration.class })
+			FreeMarkerAutoConfiguration.class })
 	static class ConfigWithMockLiveReload {
 
 		@Bean

spring-boot-project/spring-boot-devtools/src/test/resources/user-home/.spring-boot-devtools.properties

@@ -1 +1 @@
-spring.thymeleaf.cache=true
+spring.freemarker.cache=true

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-devtools/build.gradle

@@ -13,7 +13,6 @@ configurations {
 dependencies {
 	developmentOnly project(":spring-boot-project:spring-boot-devtools")
 
-	implementation(project(":spring-boot-project:spring-boot-starters:spring-boot-starter-thymeleaf"))
 	implementation(project(":spring-boot-project:spring-boot-starters:spring-boot-starter-web"))
 
 	testImplementation(project(":spring-boot-project:spring-boot-starters:spring-boot-starter-test"))

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-devtools/src/main/java/smoketest/devtools/MyController.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2019 the original author or authors.
+ * Copyright 2012-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,15 +16,9 @@
 
 package smoketest.devtools;
 
-import java.util.Date;
-
 import javax.annotation.PostConstruct;
-import javax.servlet.http.HttpSession;
 
 import org.springframework.stereotype.Controller;
-import org.springframework.ui.ModelMap;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.servlet.ModelAndView;
 
 @Controller
 public class MyController {
@@ -34,15 +28,4 @@ public void slowRestart() throws InterruptedException {
 		Thread.sleep(5000);
 	}
 
-	@GetMapping("/")
-	public ModelAndView get(HttpSession session) {
-		Object sessionVar = session.getAttribute("var");
-		if (sessionVar == null) {
-			sessionVar = new Date();
-			session.setAttribute("var", sessionVar);
-		}
-		ModelMap model = new ModelMap("message", Message.MESSAGE).addAttribute("sessionVar", sessionVar);
-		return new ModelAndView("hello", model);
-	}
-
 }

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/build.gradle

@@ -8,7 +8,6 @@ description = "Spring Boot web method security smoke test"
 dependencies {
 	implementation(project(":spring-boot-project:spring-boot-starters:spring-boot-starter-actuator"))
 	implementation(project(":spring-boot-project:spring-boot-starters:spring-boot-starter-security"))
-	implementation(project(":spring-boot-project:spring-boot-starters:spring-boot-starter-thymeleaf"))
 	implementation(project(":spring-boot-project:spring-boot-starters:spring-boot-starter-web"))
 
 	testImplementation(project(":spring-boot-project:spring-boot-starters:spring-boot-starter-test"))

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2020 the original author or authors.
+ * Copyright 2012-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,9 +16,6 @@
 
 package smoketest.security.method;
 
-import java.util.Date;
-import java.util.Map;
-
 import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
@@ -32,7 +29,6 @@
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
@@ -71,17 +67,11 @@ public InMemoryUserDetailsManager inMemoryUserDetailsManager() throws Exception
 	protected static class ApplicationSecurity {
 
 		@Bean
-		SecurityFilterChain appSecurity(HttpSecurity http) throws Exception {
-			http.authorizeRequests((requests) -> {
-				requests.antMatchers("/login").permitAll();
-				requests.anyRequest().fullyAuthenticated();
-			});
-			http.formLogin((form) -> {
-				form.loginPage("/login");
-				form.failureUrl("/login?error");
-			});
-			http.logout((logout) -> logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout")));
-			http.exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access?error"));
+		SecurityFilterChain configure(HttpSecurity http) throws Exception {
+			http.csrf().disable();
+			http.authorizeRequests((requests) -> requests.anyRequest().fullyAuthenticated());
+			http.formLogin((form) -> form.loginPage("/login").permitAll());
+			http.exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access"));
 			return http.build();
 		}
 
@@ -93,6 +83,7 @@ protected static class ActuatorSecurity {
 
 		@Bean
 		SecurityFilterChain actuatorSecurity(HttpSecurity http) throws Exception {
+			http.csrf().disable();
 			http.requestMatcher(EndpointRequest.toAnyEndpoint());
 			http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
 			http.httpBasic();
@@ -106,10 +97,7 @@ protected static class HomeController {
 
 		@GetMapping("/")
 		@Secured("ROLE_ADMIN")
-		public String home(Map<String, Object> model) {
-			model.put("message", "Hello World");
-			model.put("title", "Hello Home");
-			model.put("date", new Date());
+		public String home() {
 			return "home";
 		}
 

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/resources/application.properties

@@ -1,3 +1,4 @@
-spring.thymeleaf.cache: false
-logging.level.org.springframework.security: INFO
+logging.level.org.springframework.security=INFO
 management.endpoints.web.exposure.include=*
+spring.mvc.view.prefix=/templates/
+spring.mvc.view.suffix=.html

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/webapp/templates/access.html

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>Error</title>
+</head>
+<body>
+	<div class="container">
+		<p>Access denied: you do not have permission for that resource</p>
+	</div>
+</body>
+</html>