Вот так не заглядываешь в Spring годами, а там оказывается программирование на многотонных XML утонуло вместе с JSP, аннотации, магия, Spring Boot и человеческое лицо прорезается. И можно Undertow бандлить.
As of Spring Framework 4.2, CORS is supported out of the box. CORS requests (including preflight ones with an OPTIONS method) are automatically dispatched to the various registered HandlerMappings. They handle CORS preflight requests and intercept CORS simple and actual requests thanks to a CorsProcessor implementation (DefaultCorsProcessor by default) in order to add the relevant CORS response headers (like Access-Control-Allow-Origin) based on the CORS configuration you have provided. А-хе-реть. Вот что с людьми конкуренция-то делает. ‎- наполнил котомку котом
Spring Session provides support for managing a user’s session information. If you are writing a web application and Spring Session and Spring Data Redis are both on the classpath, Spring Boot will auto-configure Spring Session through its @EnableRedisHttpSession. Session data will be stored in Redis and the session timeout can be configured using the server.session.timeout property. Яка няка! ‎- наполнил котомку котом
Spring MVC 3.2 introduced Servlet 3 based asynchronous request processing. Instead of returning a value, as usual, a controller method can now return a java.util.concurrent.Callable and produce the return value from a Spring MVC managed thread. Meanwhile the main Servlet container thread is exited and released and allowed to process other requests. ‎- наполнил котомку котом