GraphiQL is useful when working on a GraphQL API - it allows
developers to craft queries and test newly developed feature. This
is not enabled by default, as this should not be exposed in production
without the developer's knowledge.
This commit flips this value when Spring Boot devtools is active for a
better developer experience.
See gh-29140
Add `DevToolsR2dbcAutoConfiguration` to automatically shutdown in-memory
R2DBC databases before restarting. Prior to this commit, restarts that
involved SQL initialization scripts could fail due to dirty database
content.
The `DevToolsR2dbcAutoConfiguration` class is similar in design to
`DevToolsDataSourceAutoConfiguration`, but it applies to both pooled
and non-pooled connection factories. The `DataSource` variant does not
need to deal with non-pooled connections due to the fact that
`EmbeddedDataSourceConfiguration` calls `EmbeddedDatabase.shutdown`
as a `destroyMethod`. With R2DB we don't have an `EmbeddedDatabase`
equivalent so we can always trigger a shutdown for devtools.
Fixes gh-28345
Polish commit 5ca687c9a6 had an accidental side-effect of changing
the 'Sec-WebSocket-Key' header value to lowercase. This breaks
connections since the value needs to be echoed unchanged in the
"Sec-WebSocket-Accept" header.
Fixes gh-27147
Previously, the restart initializer that enables restart when
-Dspring.devtools.restart.enabled=true is set had no effect when the
ClassLoader's name did not contain AppClassLoader. This commit updates
RestartApplicationListener to use the correct RestartInitializer when
the system property has forcibly enabled restart.
When restart is enabled a SilentExitException is thrown and it should be
caught and handled by the SilentExitExceptionHandler. When the
application is invoked via one of the loader's LauncherClasses
reflection is used and this exception becomes wrapped in an
InvocationTargetEception. Previously, this wrapping prevented
SilentExitExceptionHandler from handling the exception. This commit
updates the handler to look for an InvocationTargetException with a
SilentExitException target in addition to continuing to look for a
SilentExitException directly.
Fixes gh-24797
Replace `WebSecurityConfigurer` and `WebSecurityConfigurerAdapter`
configurations with `WebSecurityCustomizer` or `SecurityFilterChain`
beans.
Closes gh-23421
Add a simple `BootstrapRegistry` that can be used to store and share
object instances across `EnvironmentPostProcessors`. The registry
can be injected into the constructor of any `EnvironmentPostProcessor`.
Registrations can also perform additional actions when the
`ApplicationContext` has been prepared. For example, they could register
the the bootstrap instances as beans so that they become available to
the application.
See gh-22956
Update `EnvironmentPostProcessorApplicationListener` so that it can
either use values from `spring.factories` or use a factory interface.
Closes gh-22529
Deprecate `ConfigFileApplicationListener` and provide a replacement
mechanism that supports arbitrary config data imports.
This commit updates the following areas:
- Extract `EnvironmentPostProcessor` invocation logic from the
`ConfigFileApplicationListener` to new dedicated listener. Also
providing support for `Log` injection.
- Extract `RandomPropertySource` adding logic from the
`ConfigFileApplicationListener` to a dedicated class.
- Migrate to the recently introduced `DefaultPropertiesPropertySource`
class when moving the defaultProperties `PropertySource`
- Replace processing logic with a phased approach to ensure that
profile enablement happens in a distinct phase and that profiles
can no longer be activated on an ad-hoc basis.
- Provide a more predictable and logical import order for processing
`application.properties` and `application.yml` files.
- Add support for a `spring.config.import` property which can be used
to import additional config data. Also provide a pluggable API
allowing third-parties to resolve and load locations themselves.
- Add `spring.config.activate.on-profile` support which replaces the
existing `spring.profiles` property.
- Add `spring.config.activate.on-cloud-platform` support which allows
a config data document to be active only on a given cloud platform.
- Support a `spring.config.use-legacy-processing` property allowing the
previous processing logic to be used.
Closes gh-22497
Co-authored-by: Madhura Bhave <mbhave@vmware.com>
Prior to this commit, there was a property server.error.include-details
that allowed configuration of the message and errors attributes in a
server error response.
This commit separates the control of the message and errors attributes
into two separate properties named server.error.include-message and
server.error.include-binding-errors. When the message attribute is
excluded from a servlet response, the value is changed from a
hard-coded text value to an empty value.
Fixes gh-20505
Previously, DefaultResourceLoader instances were created using the
default constructor. This causes the resource loader to capture the
TCCL that was in place at that time. This can lead to a class loader
leak if the resource loader is referenced directly or indirectly from
a static field of a class loaded by a different class loader.
This commit updates the creation of DefaultResourceLoader instances
in main code so that the resource load will use the class loader of
the creating class. In almost all cases this will be the same class
loader as was the thread context class loader that was being captured
so the change in behavior is minimal. Crucially, it will still address
the situation where the TCCL was different.
Note the DevTools' ApplicationContextResourceLoader has been updated
to explicitly use the TCCL. This ensures that it uses the restart
class loader which is required for DevTools to function correctly.
Fixes gh-20900
Prior to this commit, default error responses included the message
from a handled exception. When the exception was a BindException, the
error responses could also include an errors attribute containing the
details of the binding failure. These details could leak information
about the application.
This commit removes the exception message and binding errors detail
from error responses by default, and introduces a
`server.error.include-details` property that can be used to cause
these details to be included in the response.
Fixes gh-20505
Previously, DevToolsDataSourceCondition called
getBeanNamesForType(Class) which could trigger unwanted initialization
of lazy init singletons and objects created by FactoryBeans.
This commit updates DevToolsDataSourceCondition to prohibit eager
init when getting the names of the beans of a particular type.
Fixes gh-20430
This commit makes sure that any subsequent call on addProtocolResolver
on the context will impact the ResourceLoader implementation that
DevTools sets on the context.
This makes sure that any custom ProtocolResolver that is set later in
the lifecycle is taken into account.
Closes gh-17214
Apply checkstyle rule to ensure that private and package private
classes do not have unnecessary public methods. Test classes have
also been unified as much as possible to use default scoped
inner-classes.
Closes gh-7316
As of spring-projects/spring-hateoas#854, Spring HATEOAS is not relying
on Objenesis anymore and removed the cache that was being used for it.
This commit removes the support for clearing that cache when running an
application with Devtools enabled.
See gh-16833
Brian Clozel
Andy Wilkinson
Scott Frederick
Phillip Webb
Leo Li
dreis2211
sfeldstein
Stephane Nicoll
Francis Lavoie
Madhura Bhave
izeye
Stephane Nicoll
Andy Wilkinson
XenoAmess
Scott Frederick
Phillip Webb
wycm
Kant Leung
rajadilipkolli
HaiTao Zhang
LiangYong
周武栋
Brian Clozel