Prior to this commit, packaging a Spring Boot application as a container
image with Cloud Native Buildpacks could result in unwanted browser
caching behavior, with "Last-Modified" HTTP response headers pointing to
dates in the far past.
This is due to CNB resetting the last-modified date metadata for static
files (for build reproducibility and container layer caching) and Spring
static resource handling relying on that information when serving static
resources.
This commit introduces a new configuration property
`spring.web.resources.cache.use-last-modified` that can be used to
disable this behavior in Spring if the application is meant to run as a
container image built by CNB.
The default value for this property remains `true` since this remains
the default value in Spring Framework and using that information in
other deployment models is a perfectly valid use case.
Fixes gh-24099
Previously, Quartz could be configured with a specific DataSource
using `@QuartzDataSource` but it was not possible to configure a
Quartz-specific transaction manager. This could result in the
different DataSources being used by Quartz itself and Quart'z
DataSourceTransactionManager.
This commit introduces a new qualifier, `@QuartzTransactionManager`,
that can be used to avoid the above-described problem. Any
`@QuartzTransactionManager`-annotated bean will be used by the
Quartz auto-configure configuration instead of the application's main
`TransactionManager`. If no such qualified bean is present, the
application's main TransactionManager, if any, will be used as before.
Fixes gh-20184
This commit removes `<version>` from the Maven Plugin documentation
where it makes sense so that versions aren't hardcoded unnecessarily.
Rather, a plugin or dependency management should be in place so those
are not needed.
Closes gh-23909
Update `OriginTrackedPropertiesLoader` with stricter logic around the
document separator. If the preceding or following lines are comments
then the separator will be ignored.
Closes gh-22963
Update `ConfigTreeConfigDataResource` so that a wildcard suffix can
be used to import multiple folders. The pattern logic from
`StandardConfigDataLocationResolver` has been extracted into a new
`LocationResourceLoader` class so that it can be reused.
Closes gh-22958
Previously, the base path of a servlet-based management server could be
configured using management.server.servlet.context-path but there was no
equivalent property for WebFlux.
This commit introduces a new property, management.server.base-path,
that can be used with both servlet and reactive management servers. The
existing servlet-specific property has been deprecated in favour of the
new general property. When using the servlet stack, if both the general
property and the servlet-specific property are set, the new general
property takes precedence. When using the reactive stack, only the new
general property is considered.
Closes gh-22906
This commit fixes the auto-configuration of Spring Session to use
"server.servlet.session.timeout" as a fallback for Servlet-based web
applications only.
Closes gh-23752
Prior to this commit, the `StaticResourceLocation` for favicons would
point to `"/**/favicon.ico"`. This location does not reflect the current
web development landscape, since the png format and size variants are
not supported here. Also, the `"**"` pattern can be costly at runtime
and is deprecated by the new path pattern support in Spring Framework
(see gh-22833).
This commit changes the default locations to `"/favicon.*","/*/icon-*"`,
supporting common use cases such as `"/favicon.ico"`, `"/favicon.png"`
and `"/icons/icon-48x48.png"`.
Closes gh-23126
Deprecate and provide alternatives for logging properties that are
specific to Logback.
The following Spring Boot properties have been changed:
* logging.pattern.rolling-file-name ->
logging.logback.rollingpolicy.file-name-pattern
* logging.file.clean-history-on-start ->
logging.logback.rollingpolicy.clean-history-on-start
* logging.file.max-size ->
logging.logback.rollingpolicy.max-file-size
* logging.file.total-size-cap ->
logging.logback.rollingpolicy.total-size-cap
* logging.file.max-history ->
logging.logback.rollingpolicy.max-history
As have the system environment properties that they map to:
* ROLLING_FILE_NAME_PATTERN ->
LOGBACK_ROLLINGPOLICY_FILE_NAME_PATTERN
* LOG_FILE_CLEAN_HISTORY_ON_START ->
LOGBACK_ROLLINGPOLICY_CLEAN_HISTORY_ON_START
* LOG_FILE_MAX_SIZE ->
LOGBACK_ROLLINGPOLICY_MAX_FILE_SIZE
* LOG_FILE_TOTAL_SIZE_CAP ->
LOGBACK_ROLLINGPOLICY_TOTAL_SIZE_CAP
* LOG_FILE_MAX_HISTORY ->
LOGBACK_ROLLINGPOLICY_MAX_HISTORY
This commit also cleans up and simplifies `DefaultLogbackConfiguration`.
Closes gh-23609
Prior to this commit, the how-to documentation would say that Spring
Boot does not support the h2c protocol. While it's not supported
out-of-the-box with a configuration property, this protocol can still be
configured using server customizers.
This commit documents, with code snippets, the server customizers one
should use to configure the h2c protocol in an application - for each
supported server.
Closes gh-21997
Refactor `ConfigData` processing code to make it less awkward to
follow.
Prior to this commit the `ConfigDataLocationResolver` would take a
String location and return a `ConfigDataLocation` instance. This was
a little confusing since sometimes we would refer to `location` as the
String value, and sometimes it would be the typed instance. We also
had nowhere sensible to put the `optional:` prefix logic and we needed
to pass a `boolean` parameter to a number of methods. The recently
introduced `Orgin` support also didn't have a good home.
To solve this, `ConfigDataLocation` has been renamed to
`ConfigDataResource`. This frees up `ConfigDataLocation` to be used
as a richer `location` type that holds the String value, the `Orgin`
and provides a home for the `optional:` logic.
This commit also cleans up a few other areas of the code, including
renaming `ResourceConfigData...` to `StandardConfigData...`. It also
introduces a new exception hierarchy for `ConfigDataNotFoundExceptions`.
Closes gh-23711
This commit adds support for Redis cache metrics. Users can opt-in for
statistics using the "spring.cache.redis.enable-statistics" property.
Closes gh-22701
Update all configuration examples in the docs to YAML and make use of
the new `configblocks` spring-asciidoctor-extensions feature to
automatically create both "Properties" and "Yaml" versions.
Closes gh-23515
This commit rework the tip on locating templates when running the app
in the IDE. Using classpath* should not change anything as this won't
make a difference without a pattern in the path.
Closes gh-23068
Rename `@ConfigurationPropertiesImport` to
`@ImportAsConfigurationPropertiesBean` and also refine the registrar
so that it can be used with type directly annotated with
`@ConfigurationProperties`.
Closes gh-23172
Prior to this commit, Actuator would sanitize properties values when
serializing them on the dedicated endpoint. Keys like "password" or
"secret" are entirely sanitized, but other keys like "uri" or "address"
are considered as URI types and only the password part of the user info
is sanitized.
This commit fixes the sanitization process where lists of such URI types
would not match the first entries of the list since they're starting
with `'['`. This commit improves the regexp matching process to sanitize
all URIs within a collection.
The documentation is also updated to better underline the processing
difference between complete sanitization and selective sanitization for
URIs.
Fixes gh-23037
This commit updates the Maven Plugin to filter dependencies based on
the Spring-Boot-Jar-Type entry in their manifest. Jars with a
Spring-Boot-Jar-Type of dependencies-starter or annotation-processor
are excluded.
See gh-22036
Add repeatable `@ImportConfigurationPropertiesBean` annotation that can
be used to import types and treat them as `@ConfigurationProperties`
beans. This annotation is specifically designed to support third-party
classes that can't contain any Spring annotations.
Closes gh-23172
With the introduction of health indicators that only require the
CqlSession, this commit deprecates the health indicators that require
Spring Data since the latter build on top of the former.
Closes gh-23226
Prior to this commit, Spring Boot would auto-configure both
Elasticsearch variants: `RestClient` ("Low Level" client) and
`RestHighLevelClient` ("High Level" client).
Since one can be derived from the other, this would create complex and
unclear situations depending on what developers provided with their
configuration.
`RestHighLevelClient` is mostly for actual use of the Elasticsearch API,
with support for specific methods and (de)serialization. On the other
hand, `RestClient` is merely wrapping the Apache HTTP client for
load-balancing support and low level HTTP features.
This commit completely removes the support for `RestClient` in Spring
Boot and now requires the presence of the
`org.elasticsearch.client:elasticsearch-rest-high-level-client`
dependency for REST client support with Elasticsearch.
Closes gh-22358
This commit builds on top of gh-22603 and exposes data collected by the
`BufferingApplicationStartup` on a dedicated `"/startup"` Actuator
endpoint.
Closes gh-23213
As of spring-projects/spring-framework#24878, Spring Framework provides
an `ApplicationStartup` infrastructure that applications can use to
collect and track events during the application startup phase.
This commit adds a new `BufferingApplicationStartup` implementation that
buffer `StartupStep`s and tracks their execution time. Once buffered,
these steps can be pushed to an external metrics system or drained
through a web endpoint, to a file...
Closes gh-22603
Support a `spring.config.all-locations-optional` property which can be
set to `true` if all config data locations should be considered
optional.
Closes gh-23097
Update config data processing code so that import locations are
mandatory by default. Any import request will now throw a
`ConfigDataLocationNotFoundException` if the specified import
location cannot be found. For optional imports, the user can
use the `optional:` prefix to indicate that the application should
continue to start, even if the location does not exist.
Closes gh-23032
This commit adds a check to the `layertools extract` command to
ensure that the jar file being processed is readable and has a
valid directory.
Fixes gh-22993
Prior to this commit, values from MongoProperties would always
overwrite matching fields in MongoClientSettings. This commit
preserves all values in MongoClientSettings if the client app
provides the MongoClientSettings bean, and only overwrites from
MongoProperties if no MongoClientSettings bean is provided.
Fixes gh-22321
With the upgrade to the new Couchbase SDK and the related changes in
Spring Data Couchbase, CacheManagerCustomizer can no longer be used to
customize the Couchbase cache manager as it is an immutable class.
This commit introduces a dedicated callback for the
CouchbaseCacheManagerBuilder that is used by the auto-configuration and
update the documentation to refer to it with a sample usage.
Closes gh-22573
Prior to this commit, the HTTP/2 server auto-configuration for Jetty
would require Conscrypt as a hard dependency.
This commit updates the auto-configuration for more flexibility and now
allows the following deployments:
* JDK9+ with the JDK ALPN implementation
* JDK8u252+ with the backported ALPN implementation
* Conscrypt with no JDK requirement
The auto-configuration now improves detection and guides developers in
case there is a missing `jetty-alpn-*-server` dependency.
The reference docs in the HOWTO section has been updated accordingly.
Closes gh-22188
This commit adapts the auto-configuration for the new core r2dbc support
in Spring Framework and provides auto-configuration for
R2dbcEntityOperations.
Closes gh-22708
Add support for volume mounted directories where the filename becomes
the property key and the file contents becomes the value.
Support is provided via a dedicated `VolumeMountDirectoryPropertySource`
class which can either be used directly, or via a "volumemount:/..."
`spring.config.import` location.
Closes gh-19990
Co-authored-by: Phillip Webb <pwebb@vmware.com>
Prior to this commit, the application availability infrastructure
would mix the `AvailabilityState`, the `HealthIndicator` and the
`HealthGroup` concepts and would not align with the rest.
This commit auto-configures the livenessState and readinessState
health indicators with the relevant configuration properties.
Unlike other indicators, they are not enabled by default but might
be in future versions.
This also moves the `management.health.probes.enabled` property
to `management.endpoint.health.probes.enabled` since "probes" here
is not a health indicator but rather a configuration flag for the
health endpoint.
Finally, the probes auto-configuration is refined to automatically
add liveness and readiness indicators for the probes group if
they're not already present.
Closes gh-22107
As of Spring Framework 5.3, it is now possible to use `PathPatternParser`
to parse and match request mapping path patterns, as an alternative to
the current default `AntPathMatcher`.
This new implementation has been used for a while in Spring WebFlux and
it’s been designed for consistency and performance.
This commit introduces a new configuration property for opting-in this
new variant:
`spring.mvc.pathmatch.matching-strategy=path_pattern_parser`
The default option is still `ant_path_matcher` for now, but we might
change the default in future versions since Spring Framework considers
it the best choice for modern applications.
There are several behavior differences with this new variant:
* double wildcards `"**"` are rejected when used in the middle patterns,
this is only allowed as the last matching segment in a pattern.
* it is incompatible with some path matching options, like
suffix-pattern, registered-suffix-pattern or configuring a Servlet
prefix on the `DispatcherServlet` (`spring.mvc.servlet.path=/test`)
This commit introduces two `FailureAnalyzer` implementations to guide
developers when facing those issues.
Closes gh-21694
Previously, spring-boot-docs used the java-base-plugin and then added
configuration on top. This has proven to be error prone, with the most
recent problem being that the tests were not being compiled and run.
This commit changes approach and applies the java plugin to the project
instead of the java-base plugin. Now, rather than adding the necessary
configuration to the base, the unwanted pieces of the java plugin's
configuration – specifically the jar and javadoc tasks – are disabled
instead. The DeployedPlugin has also been updated so that it does not
create a publication from the java component for projects that have a
disabled jar task.
Closes gh-22284
Previously, the configuration property table generation was reading
both the main metadata and the additional metadata from each project.
This was unnecessary as the annotation processor will have already
merged the additional metadata into the main metadata before writing
it to disk. Processing both the main and additional metadata led to
a clash as the metadata overlapped. When the entry in the additional
metadata won the clash, the resulting entry in the configuration
property table would lose any details that aren't contained in the
additional metadata.
This commit updates the property table generation code to only use
the main metadata files.
Fixes gh-21131
Previously, Spring Boot's modules published Gradle Module Metadata
(GMM) the declared a platform dependency on spring-boot-dependencies.
This provided versions for each module's own dependencies but also had
they unwanted side-effect of pulling in spring-boot-dependencies
constraints which would influence the version of other dependencies
declared in the same configuration. This was undesirable as users
should be able to opt in to this level of dependency management, either
by using the dependency management plugin or by using Gradle's built-in
support via a platform dependency on spring-boot-dependencies.
This commit reworks how Spring Boot's build uses
spring-boot-dependencies and spring-boot-parent to provide its own
dependency management. Configurations that aren't seen by consumers are
configured to extend a dependencyManagement configuration that has an
enforced platform dependency on spring-boot-parent. This enforces
spring-boot-parent's version constraints on Spring Boot's build without
making them visible to consumers. To ensure that the versions that
Spring Boot has been built against are visible to consumers, the
Maven publication that produces pom files and GMM for the published
modules is configured to use the resolved versions from the module's
runtime classpath.
Fixes gh-21911
This commit mentions the `management.health.probes.enabled`
configuration property in the Kubernetes Probes section of the Actuator
chapter.
Enabling this property is required if we need to expose Kubernetes
Probes in a non-Kubernetes environment.
Fixes gh-21505
This commit adds the support for static and templated welcome pages with
Spring WebFlux. The implementation is backed by a `RouterFunction`
that's serving a static `index.html` file or rendering an `index` view.
Closes gh-9785
Prior to this commit, the published Maven POMs would not pass the Maven
Central mandatory checks.
This commit adds the missing project name and description metadata for
most artifacts. The Spring Boot Gradle plugin artifact was also missing
this information and this is now added in the plugin metadata itself.
This is also updating the project page URL which is now hosted directly
on spring.io.
Fixes gh-21457
This commit restricts how wildcards can be used in search
locations for property files. If a search location contains
a pattern, there must be only one '*' and the location should
end with a '*/'. For search locations that specify the file
name, the pattern should end with '*/<filename>'.
The list of files read from wildcard locations are now sorted
alphabetically according to the absolute path of the file.
Closes gh-21217
Previously, the developmentOnly configuration, typically used for
Devtools, had to be declared manually. The BootJar and BootWar tasks
then had a property, excludeDevtools, that could be used to control
whether or not Devtools would be excluded from the executable archive.
This commit updates the reaction to the Java plugin being applied to
automatically create the developmentOnly configuration. The classpaths
of bootJar and bootWar are then configured not to include the contents
of the developmentOnly configuration. As a result of this, the
excludeDevtools property is no longer needed and has been deprecated.
Its default has also been changed from true to false to make it easy
to opt in to Devtools, when configured as a development-only
dependency, being included in executable jars and wars by adding
developmentOnly to the classpath of the archive task.
Closes gh-16599
This commit removes the support for Reactor Netty metrics since it
seems that Spring Boot should not use this feature:
* HTTP metrics are already covered by WebFlux
* TCP metrics are only meant to TCP server/clients
* allocator metrics are already provided by Netty and there is
no specific API to enable them here.
Closes gh-19388
This commit enables the production of TCP and buffer allocator metrics
for Reactor Netty, client and server.
When applications use auto-configured server
(`NettyReactiveWebServerFactory`) and client (through
`WebClient.Builder`) instances, metrics will be enabled.
Note that HTTP metrics are not enabled here, since similar metrics are
already produced at the WebFlux level. Also, to avoid cardinality
explosion of metrics (through the URI tag), Reactor Netty offers
configurable infrastructure to deduplicate URI tags by turning expanded
URI instances into templated URIs. This is not targeted for Spring
usage.
Closes gh-19388
Improve "@ConfigurationProperties vs. @Value" documentation with the
recommendation that kebab-case is used with the `@Value` annotation.
Closes gh-20507
When using constructor binding, if no properties are bound to
a nested property, the top-level instance will be created with a
null value for the nested property.
This commit introduces support for an empty `@DefaultValue` which
indicates that an instance of the nested property must be created
even if nothing is bound to it. It honors any `@DefaultValue`
annotations that the nested property might have in its constructor.
Closes gh-18917
Rework the rename logic used to include the reference PDF to try
and workaround the following local build error:
Encountered duplicate path "reference/pdf/spring-boot-reference.pdf"
during copy operation configured with DuplicatesStrategy.FAIL
See gh-20829
This commit combines index adoc files for single-page HTML and PDF
into one file to remove duplication. It also renames index files to
reflect the separation between source format and generated output
format.
Finishes gh-20829
This commit moves Maven plugin content from several sections in the
main Spring Boot reference documentation to the plugin-specific
documentation.
Fixes gh-19165
This commit adds a section to the reference guide on how to initialize
a database using R2DBC. 2 smoke tests are also added to validate this
behaviour with Flyway and Liquibase.
Closes gh-20742
This commit restores the port option that was removed in an earlier
milestone. Contact points that do not define a port already are
automatically transformed to include the one configured, with a default
matching Cassandra's default port.
This makes upgrades easier in the case a cluster uses consistent ports
everywhere.
Closes gh-19672
Prior to this commit, we were relying on the
`"spring.main.cloud-platform"` property for overriding cloud platform
detection and enabling liveness and readiness probes. Changes made in
gh-20553 have now been reverted.
This commit adds the `"management.health.probes.enabled"` configuration
property. The auto-configuration now enables the HTTP Probes and
`HealthIndicator` if this property is enabled, or if the Kubernetes
cloud platform is detected.
This property is `false` by default for now, since enabling this for all
Spring Boot applications would be a breaking change. In this case, the
global `"/actuator/health"` endpoint could report `OUT_OF_SERVICE`
during startup time because the application now reports the readiness as
well.
See gh-19593
This commit moves the core Liveness and Readiness support to its own
`availability` package. We've made this a core concept independent of
Kubernetes.
Spring Boot now produces `LivenessStateChanged` and
`ReadinessStateChanged` events as part of the typical application
lifecycle.
Liveness and Readiness Probes (`HealthIndicator` components and health
groups) are still configured only when deployed on Kubernetes.
This commit also improves the documentation around Probes best practices
and container lifecycle considerations.
See gh-19593
Prior to this commit and as of Spring Boot 2.2.0, we would advise
developers to use the Actuator health groups to define custom "liveness"
and "readiness" groups and configure them with subsets of existing
health indicators.
This commit addresses several limitations with that approach.
First, `LivenessState` and `ReadinessState` are promoted to first class
concepts in Spring Boot applications. These states should not only based
on periodic health checks. Applications should be able to track changes
(and adapt their behavior) or update states (when an error happens).
The `ApplicationStateProvider` can be injected and used by applications
components to get the current application state. Components can also
track specific `ApplicationEvent` to be notified of changes, like
`ReadinessStateChangedEvent` and `LivenessStateChangedEvent`.
Components can also publish such events with an
`ApplicationEventPublisher`. Spring Boot will track startup event and
application context state to update the liveness and readiness state of
the application. This infrastructure is available in the
main spring-boot module.
If Spring Boot Actuator is on the classpath, additional
`HealthIndicator` will be contributed to the application:
`"LivenessProveHealthIndicator"` and `"ReadinessProbeHealthIndicator"`.
Also, "liveness" and "readiness" Health groups will be defined if
they're not configured already.
Closes gh-19593
`compileJava.dependsOn(processResources)` is not enough to ensure the
correct behavior. Using `dependsOn` only affects the execution order
(`processResources` before `compileJava`) but not the up-to-date check
of `compileJava`. After modifying
`META-INF/additional-spring-configuration-metadata.json`, the
`processResouces` task will considered out-of-date and will be
re-executed, but after that `compileJava` will still be considered
up-to-date which causes the changes not to be merged into
`META-INF/spring-configuration-metadata.json`
With this change the up-do-date check of `compileJava` is affected,
too. Therefore, it will correctly re-execute the
configuration-processor when
`META-INF/additional-spring-configuration-metadata.json` was changed.
See gh-20323
This commit upgrades to the Couchbase SDK v3 which brings the following
breaking changes:
* Bootstrap hosts have been replaced by a connection string and the
authentication is now mandatory.
* A `Bucket` is no longer auto-configured. The
`spring.couchbase.bucket.*` properties have been removed
* `ClusterInfo` no longer exists and has been replaced by a dedicated
API on `Cluster`.
* `CouchbaseEnvironment` no longer exist in favour of
`ClusterEnvironment`, the customizer has been renamed accordingly.
* The bootstrap-related properties have been removed. Users requiring
custom ports should supply the seed nodes and initialize a Cluster
themselves.
* The endpoints-related configuration has been consolidated in a
single IO configuration.
The Spring Data Couchbase provides an integration with the new SDK. This
leads to the following changes:
* A convenient `CouchbaseClientFactory` is auto-configured.
* Repositories are configured against a bucket and a scope. Those can
be set via configuration in `spring.data.couchbase.*`.
* The default consistency property has been removed in favour of a more
flexible annotation on the repository query methods instead. You can now
specify different query consistency on a per method basis.
* The `CacheManager` implementation is provided, as do other stores for
consistency so a dependency on `couchbase-spring-cache` is no longer
required.
See gh-19893
Co-authored-by: Michael Nitschinger <michael@nitschinger.at>
This commit configures Spring Data Couchbase explicitly rather than
relying on the abstract configuration class. This has the advantage of
simplifying the auto-configuration and let it us proxy-free
configuration classes.
Spring Boot no longer uses or interacts with CouchbaseConfigurer. Users
relying on that to teach Spring Boot which components to use should
rely on `@Primary` flag instead in case of multiple beans of the same
type.
`CouchbaseConfiguration` is no longer public as extending from it is
no longer necessary. If the `CouchbaseEnvironment` has to be
customized, a `CouchbaseEnvironmentBuilderCustomizer` bean can be
registered to tune the auto-configured environment.
Closes gh-20533
Previously, any HTTP request to an endpoint that included a principal
would bypass the cache. This prevented authenticated requests from
making use of the cache and its configurable time-to-live.
This commit updates the caching operation invoker to include the
principal, if any, in its cache key. As a result, requests that
include a principal will make use of the cache, potentially returning
the result of a previous invocation of the same endpoint by the same
principal.
Closes gh-19538
This commit adds support for gracefully shutting down the embedded
web server. When a grace period is configured
(server.shutdown.grace-period), upon shutdown, the web server will no
longer permit new requests and will wait for up to the grace period
for active requests to complete.
Closes gh-4657
This commit adds a new auto-configuration for RSocket support in Spring
Integration.
Given an application with `spring-messaging`, `spring-integration-rsocket`
and RSocket dependencies, developers are now able to leverage Spring
Integration features with RSocket.
It is now possible to configure an RSocket server with
`"spring.rsocket.server.*"` properties and let it use
`IntegrationRSocketEndpoint` or `RSocketOutboundGateway` components to
handle incoming RSocket messages. This infrastructure can handle Spring
Integration RSocket channel adapters and `@MessageMapping` handlers
(given `"spring.integration.rsocket.server.message-mapping-enabled"`is
configured.
If the `"spring.integration.rsocket.client.host"` and
`"spring.integration.rsocket.client.port"` (for TCP protocol), or
`"spring.integration.rsocket.client.uri"` (for WebSocket) is configured
then a `ClientRSocketConnector` will be configured accordingly.
Closes gh-18834
Co-authored-by: Brian Clozel <bclozel@pivotal.io>
Previously, the configprop macro was being used in the source but the
extension that implements the macro was not available to Asciidoctor.
This led to the references not being checked at build time and the
macro being left as-is in the rendered documentation.
This commit updates the dependencies that are available to Asciidoctor
to include the extension and the projects which define the
configuration properties referenced in the documentation.
Closes gh-20149
With the introduction of Gradle we lost the list of version properties
that were previously in the spring-boot-dependencies POM and were also
linked inside the documentation. This commit introduces an appendix
section in the docs and links the appropriate places to the new section
to restore discoverability.
See gh-19898
Update all dependencies declarations to use the form `scope(reference)`
rather than `scope reference`.
Prior to this commit we declared dependencies without parentheses unless
we were forced to add them due to an `exclude`.
Replace Gradle single quote strings with the double quote form
whenever possible. The change helps to being consistency to the
dependencies section where mostly single quotes were used, but
occasionally double quotes were required due to `${}` references.
The Elasticsearch transport client has been deprecated since Spring Boot
2.2.0 and is about to be removed from Spring Data Elasticsearch and
Elasticsearch itself in their next major releases.
The available REST client support variants are now the preferred way of
using Elasticsearch features.
Closes gh-19668
This commit movers the auto-configuration of RabbitTemplate to a
dedicated class that can be reused to create additional template with
similar settings.
CLoses gh-19440
This commit migrates JobLauncherCommandLineRunner to an
ApplicationRunner implementation. The latter allows to parse option
arguments (i.e. `--spring.something=value`) and makes it easy to ignore
arguments that are not meant to be passed to batch jobs.
Closes gh-19442
In general we do not recommend using @PropertySource due to them being
added to the environment too late for auto-configuration to use them. This
commit updates the documentation to mention them in the list of external
sources along with a note.
Closes gh-18900
Previously, our Gradle plugin was not tested against Gradle 6.0,
a number of deprecation warnings were output when using the plugin
with Gradle 6, and some functionality related to the application
plugin did not work as expected.
This commit tests the plugin against Gradle 6. It also avoids calling
deprecated APIs. The plugin is compatibile against Gradle 4.10 where
the deprecated APIs' replacements are not available so reflection is
used to call the replcaements. Lastly, the way in which the base name
of the boot distribution that is created when the application plugin
is applied has been modified to ensure that it is effective when using
Gradle 6.
Closes gh-18663
Previously, the documentation did not provide any guidance on using
Jersey alongside Spring MVC or any other web framework.
This improves the documentation in two ways:
1. It notes that, in the presence of both Jersey and Spring MVC, the
Actuator will prefer Spring MVC for exposing HTTP endpoints.
2. It adds a how-to describing how to configure Jersey to forward
requests for which it has no handler on to the rest of the filter
chain. When Spring MVC is the other framework, this allows them to
be handled by its dispatcher servlet.
Closes gh-17523
This commit is a continuation of the work done in 987a5f81. In
addition to developers and licenses that are covered in the earlier
commit, a number of other settings are still inherited from the
starter parent. This commit updates the documentation to show them
being overridden as well.
Closes gh-18532
Publishing to Maven Central requires spring-boot-starter-parent to
declare its license and developers. When a user then uses
spring-boot-starter-parent as their project's parent, these values
are inherited and this is almost certainly unwanted.
This commit updates the documentation to recommend and demonstrate
overriding the license and developers that are inherited from the
starter parent.
Closes gh-18532
Previously, the security risks and our recommendations on how to
mitigate them were not documented as clearly as they could have been.
This commit makes some changes to try to address this:
1. The security risk is now noted at the beginning of the section
2. The recommendation to use SSL is now documented more prominently
and an alternative recommendation to only use remote support on
a trusted network has been added.
3. The example secret has been removed to prevent copy and paste
4. A recommendation to use a secret that is unique and strong has been
added
Closes gh-18825
Previously, the endpoint tables in the documentation include an
"Enabled by default" column that listed whether or not an endpoint
was enabled by default. This resulted in some confusion as an endpoint
could be listed as being enabled by default but not actually be
enabled as the requirements for it being auto-configured has not been
met.
This commit removes the "Enabled by default" column and replaces it,
where needed, with some extra information in the "Description"
column that describes what is needed for the endpoint to be
auto-configured.
Closes gh-18633
In 2.2.0, @ConfigurationPropertiesScan was enabled by default.
Unfortunately, this had the unexpected side-effect of breaking
conditional enablement of a @ConfigurationProperties class via
@EnableConfigurationProperties if the @ConfigurationProperties class
was in a package covered by scanning.
This commit remove @ConfigurationPropertiesScan from
@SpringBootApplication so that it is no longer enabled by default.
2.1.x users who rely upon such conditional enablement of
@ConfigurationProperties classes can now upgrade to 2.2.x without
having to make any changes. Users who do not have such a need and are
in a position to use configuration properties scanning can now opt-in
by adding @ConfigurationPropertiesScan to their main application class
alongside @SpringBootApplication.
Closes gh-18674
This commit creates a new configuration property
`spring.codec.max-in-memory-size` which configures the maximum
amount of data to be buffered in memory by codecs (both client and
server).
This property has no default value - it will let Spring Framework handle
the default behavior, currently enforcing a 256KB for provided codecs.
Fixes gh-18828
Previously, the documentation did not describe how to combine
multiple security components when one component's
WebSecurityConfigurerAdapter or SecurityWebFilterChain would cause
the other components' beans of the same type to back off.
This commit adds a note that such cases should be handled by the user
defining their own WebSecurityConfigurerAdapter or
SecurityWebFilterChain that configures the use of all of the
components as required.
Closes gh-18507
Prior to this commit, all supported servers would share the same
configuration property `server.connection-timeout`. Unfortunately, in
many cases the behavior of this timeout changes depending on the server.
From actual connection setup timeout, to detecting and closing idle
connections, this property cannot be properly translated from one server
implementation to another.
This commit deprecates this configuration property and introduces server
specific properties:
* `server.jetty.connection-idle-timeout`
(Time that the connection can be idle before it is closed.)
* `server.netty.connection-timeout`
(Connection timeout of the Netty channel.)
* `server.tomcat.connection-timeout`
(Amount of time the connector will wait, after accepting a connection,
for the request URI line to be presented.)
* `server.undertow.no-request-timeout`
(Amount of time a connection can sit idle without processing a request,
before it is closed by the server.)
`server.connection-timeout` is now deprecated and will be removed in a
future release.
Fixes gh-18473