This commit removes the now defunkt `ErrorAttributes.ERROR_ATTRIBUTE`
that was introduce to register handled errors as metrics. This has been
replaced since 3.0 by a direct support in Spring Framework and had no
effect whatsoever since that release.
This also updates the documentation to point to the Framework mechanism
that replaced it.
Fixes gh-33731
This introduces two different attributes for, e.g. the Spring Framework
version: the "normal" one, e.g. 6.1.0-SNAPSHOT, and the Antora one,
e.g. 6.1.
Spring Framework's reference documentation is still broken when using
SNAPSHOT versions, see spring-framework/gh-31480.
See gh-38000
Previously auto-configuration of a user details service (imperative
or reactive) would only back off on the presence of certain beans.
This led to situations where the im-memory service was
auto-configured and the default password was logged even though
another authentication mechanism was in use.
This commit updates the auto-configuration so that it backs off
when depending on Spring Security's OAuth2 Client and OAuth2
Resource Server modules. In the imperative case it will also back
off when depending on the SAML 2 provider.
Closes gh-35338
This commit removes the auto-configuration of the
`ServerHttpObservationFilter` bean for WebFlux applications as it's been
deprecated by Spring Framework.
The Observability instrumentation is now handled at the
`WebHttpHandlerBuilder` in Framework directly and doesn't need any
auto-configuration from Spring Boot.
Closes gh-37344
This commit documents the relative ordering of `HandlerMapping` support
in Spring MVC and WebFlux applications.
As of Spring Framework 6.1.0, the Welcome Page support acts as a
fallback in case no index route has been defined by the application as a
`RouterFunction` or within an annotated `@Controller`.
Closes gh-34846
* Add an OpenID Connect login client example
* Update redirect-uri examples to match Security docs and not require
any customization
* Update client-authentication-method for Spring Security 6 usage
* Update provider configuration example to align with Spring
Authorization Server
* Format Java DSL according to Spring Security docs
* Use Kotlin DSL
* Update redirection endpoint base uri example to use ant pattern
See gh-35679
