Previously, the documentation did not provide any guidance on using
Jersey alongside Spring MVC or any other web framework.
This improves the documentation in two ways:
1. It notes that, in the presence of both Jersey and Spring MVC, the
Actuator will prefer Spring MVC for exposing HTTP endpoints.
2. It adds a how-to describing how to configure Jersey to forward
requests for which it has no handler on to the rest of the filter
chain. When Spring MVC is the other framework, this allows them to
be handled by its dispatcher servlet.
Closes gh-17523
This commit is a continuation of the work done in 987a5f81. In
addition to developers and licenses that are covered in the earlier
commit, a number of other settings are still inherited from the
starter parent. This commit updates the documentation to show them
being overridden as well.
Closes gh-18532
Publishing to Maven Central requires spring-boot-starter-parent to
declare its license and developers. When a user then uses
spring-boot-starter-parent as their project's parent, these values
are inherited and this is almost certainly unwanted.
This commit updates the documentation to recommend and demonstrate
overriding the license and developers that are inherited from the
starter parent.
Closes gh-18532
Previously, the security risks and our recommendations on how to
mitigate them were not documented as clearly as they could have been.
This commit makes some changes to try to address this:
1. The security risk is now noted at the beginning of the section
2. The recommendation to use SSL is now documented more prominently
and an alternative recommendation to only use remote support on
a trusted network has been added.
3. The example secret has been removed to prevent copy and paste
4. A recommendation to use a secret that is unique and strong has been
added
Closes gh-18825
Previously, the endpoint tables in the documentation include an
"Enabled by default" column that listed whether or not an endpoint
was enabled by default. This resulted in some confusion as an endpoint
could be listed as being enabled by default but not actually be
enabled as the requirements for it being auto-configured has not been
met.
This commit removes the "Enabled by default" column and replaces it,
where needed, with some extra information in the "Description"
column that describes what is needed for the endpoint to be
auto-configured.
Closes gh-18633
In 2.2.0, @ConfigurationPropertiesScan was enabled by default.
Unfortunately, this had the unexpected side-effect of breaking
conditional enablement of a @ConfigurationProperties class via
@EnableConfigurationProperties if the @ConfigurationProperties class
was in a package covered by scanning.
This commit remove @ConfigurationPropertiesScan from
@SpringBootApplication so that it is no longer enabled by default.
2.1.x users who rely upon such conditional enablement of
@ConfigurationProperties classes can now upgrade to 2.2.x without
having to make any changes. Users who do not have such a need and are
in a position to use configuration properties scanning can now opt-in
by adding @ConfigurationPropertiesScan to their main application class
alongside @SpringBootApplication.
Closes gh-18674
This commit creates a new configuration property
`spring.codec.max-in-memory-size` which configures the maximum
amount of data to be buffered in memory by codecs (both client and
server).
This property has no default value - it will let Spring Framework handle
the default behavior, currently enforcing a 256KB for provided codecs.
Fixes gh-18828
Previously, the documentation did not describe how to combine
multiple security components when one component's
WebSecurityConfigurerAdapter or SecurityWebFilterChain would cause
the other components' beans of the same type to back off.
This commit adds a note that such cases should be handled by the user
defining their own WebSecurityConfigurerAdapter or
SecurityWebFilterChain that configures the use of all of the
components as required.
Closes gh-18507
Prior to this commit, all supported servers would share the same
configuration property `server.connection-timeout`. Unfortunately, in
many cases the behavior of this timeout changes depending on the server.
From actual connection setup timeout, to detecting and closing idle
connections, this property cannot be properly translated from one server
implementation to another.
This commit deprecates this configuration property and introduces server
specific properties:
* `server.jetty.connection-idle-timeout`
(Time that the connection can be idle before it is closed.)
* `server.netty.connection-timeout`
(Connection timeout of the Netty channel.)
* `server.tomcat.connection-timeout`
(Amount of time the connector will wait, after accepting a connection,
for the request URI line to be presented.)
* `server.undertow.no-request-timeout`
(Amount of time a connection can sit idle without processing a request,
before it is closed by the server.)
`server.connection-timeout` is now deprecated and will be removed in a
future release.
Fixes gh-18473
This commit adds a note to spring-boot-features.adoc to clarify that
using javadoc tags to format configuration property descriptions is not
supported.
See gh-18578
Previously, Maven's default behaviour was relied up which resulted
in the artifact ID being appended to each URL as it was inherited.
This behaviour can only be disabled in Maven 3.6 and later, a version
that we cannot use due to an incompatibility with the Flatten Plugin.
This commit works around Maven's default behaviour by defining
properties for the SCM URL, connection, and developer connection and
then explicitly defining the settings in each pom using these
properties. The explicit definition of the properties in each pom
prevents them being inherited from the parent, thereby disabling the
unwanted appending of the artifact ID to the URL.
Fixes gh-18328
Update `@ConfigurationProperties` constructor binding support to only
apply when a `@ConstructorBinding` annotation is present on either the
type or the specific constructor to use.
Prior to this commit we didn't have a good way to tell when constructor
binding should be used vs regular autowiring.
For convenience, an `@ImmutableConfigurationProperties` meta-annotation
has also been added which is composed of `@ConfigurationProperties` and
`@ConstructorBinding`.
Closes gh-18469
Add a `show-components` property under `management.endpoint.health` and
`management.endpoint.health.group.<name>` that can be used to change
when components are displayed.
Prior to this commit it was only possible to set `show-details` which
offered an "all or nothing" approach to the resulting JSON. The new
switch allows component information to be displayed whilst still hiding
potentially sensitive details returned from the actual `HealthIndicator`.
Closes gh-15076
This commit warns developers about the fact that plugging RSocket into
an existing web server is only possible with Reactor Netty web servers.
RSocket itself is using Reactor Netty, so this is why we can plug an
RSocket over websocket handler in an existing Reactor Netty handler.
This feature is not possible with other web servers, as existing APIs do
not make that possible.
Fixes gh-17494
This new property allows to customize `fileNamePattern` if it is set.
Otherwise, a default pattern remains. Also, new property is supported
`logging.pattern.rolling-file-name`.
See gh-18151
Update configuration properties support to allow the `@Component`
annotation to be used on `@ConfigurationProperties` beans as long
as they are mutable.
This restores the behavior of Spring Boot 2.1 for mutable beans whilst
still allowing us to enforce the stricter rules for immutable value
object configuration properties.
Closes gh-18138
Update the MockMvc documentation to provide more details about the
pros and cons of such an approach, specifically calling out the
difference with error page handling.
See gh-16718
This commit renames ApplicationHealthIndicator to PingHealthIndicator
and changes the auto-configuration so that it is now always configured
by default.
Closes gh-17926
Update the `HealthEndpoint` to support health groups. The
`HealthEndpointSettings` interface has been replaced with
`HealthEndpointGroups` which provides access to the primary group
as well as an optional set of additional groups.
Groups can be configured via properties and may have custom
`StatusAggregator` and `HttpCodeStatusMapper` settings.
Closes gh-14022
Co-authored-by: Stephane Nicoll <snicoll@pivotal.io>
Overhaul `HealthEndpoint` support to make it easier to support health
groups. Prior to this commit the `HealthIndicator` interface was used
for both regular indicators and composite indicators. In addition the
`Health` result was used to both represent individual, system and
composite health. This design unfortunately means that all health
contributors need to be aware of the `HealthAggregator` and could not
easily support heath groups if per-group aggregation is required.
This commit reworks many aspects of the health support in order to
provide a cleaner separation between a `HealthIndicator`and a
composite. The following changes have been made:
- A `HealthContributor` interface has been introduced to represent
the general concept of something that contributes health information.
A contributor can either be a `HealthIndicator` or a
`CompositeHealthContributor`.
- A `HealthComponent` class has been introduced to mirror the
contributor arrangement. The component can be either
`CompositeHealth` or `Health`.
- The `HealthAggregator` interface has been replaced with a more
focused `StatusAggregator` interface which only deals with `Status`
results.
- `CompositeHealthIndicator` has been replaced with
`CompositeHealthContributor` which only provides access to other
contributors. A composite can no longer directly return `Health`.
- `HealthIndicatorRegistry` has been replaced with
`HealthContributorRegistry` and the default implementation now
uses a copy-on-write strategy.
- `HealthEndpoint`, `HealthEndpointWebExtension` and
`ReactiveHealthEndpointWebExtension` now extend a common
`HealthEndpointSupport` class. They are now driven by a
health contributor registry and `HealthEndpointSettings`.
- The `HealthStatusHttpMapper` class has been replaced by a
`HttpCodeStatusMapper` interface.
- The `HealthWebEndpointResponseMapper` class has been replaced
by a `HealthEndpointSettings` strategy. This allows us to move
role related logic and `ShowDetails` to the auto-configure module.
- `SimpleHttpCodeStatusMapper` and `SimpleStatusAggregator`
implementations have been added which are configured via constructor
arguments rather than setters.
- Endpoint auto-configuration has been reworked and the
`CompositeHealthIndicatorConfiguration` class has been replaced
by `CompositeHealthContributorConfiguration`.
- The endpoint JSON has been changed make `details` distinct from
`components`.
See gh-17926
Missing change logs would lead to an exception even
if the checkChangeLogLocation was set to false. Spring Boot's check
would pass but Liquibase would fail later making this property redundant.
Fixes gh-16232
Update `@Selector` with a `match` attribute that can be used to select
all remaining path segments. An endpoint method like this:
select(@Selector(match = Match.ALL_REMAINING) String... selection)
Will now have all reaming path segments injected into the `selection`
parameter.
Closes gh-17743
Andy Wilkinson
Stephane Nicoll
Jens Teglhus Møller
Brian Clozel
wwjay9
Madhura Bhave
Philippe De Neve
nkjackzhang
Dave Syer
leoli
Rafiullah Hamedy
Sebastien Deleuze
Ted M. Young
Johnny Lim
Phillip Webb
dreis2211
Rossen Stoyanchev
Wagner Macedo
Alessandro Falappa
Harald Brabenetz
Eddú Meléndez
Peter Sauer
Tetsuya Hasegawa
michal
Sergei Petunin
Tomas Aschan
Artem Bilan