Prior to this commit, default error responses included the message
from a handled exception. When the exception was a BindException, the
error responses could also include an errors attribute containing the
details of the binding failure. These details could leak information
about the application.
This commit removes the exception message and binding errors detail
from error responses by default, and introduces a
`server.error.include-details` property that can be used to cause
these details to be included in the response.
Fixes gh-20505
Previously, DevToolsDataSourceCondition called
getBeanNamesForType(Class) which could trigger unwanted initialization
of lazy init singletons and objects created by FactoryBeans.
This commit updates DevToolsDataSourceCondition to prohibit eager
init when getting the names of the beans of a particular type.
Fixes gh-20430
This commit changes uses of ClassLoader.loadClass to Class.forName for
consistency with what was initiated in #19342 and better compatibility
with GraalVM.
Closes gh-19824
Update all dependencies declarations to use the form `scope(reference)`
rather than `scope reference`.
Prior to this commit we declared dependencies without parentheses unless
we were forced to add them due to an `exclude`.
Replace Gradle single quote strings with the double quote form
whenever possible. The change helps to being consistency to the
dependencies section where mostly single quotes were used, but
occasionally double quotes were required due to `${}` references.
This paves the way for publishing Gradle module metadata once the
problem caused by snapshot versions and our two-step publication
process has been addressed.
See gh-19609
This reverts commit b34a311d02 as,
having disabled the publishing of Gradle's module metadata (4f75ab5),
the changes are no longer needed.
See gh-19609
Previously, enforcedPlatform dependencies were using to pull in the
constraints defined in spring-boot-dependencies and
spring-boot-parent and applied them strictly so that the constrained
version had to be used. This worked as intended in Spring Boot's own
build but incorrectly enforced those same strict version requirements
on external consumers of Spring Boot's modules.
This commit reworks how Spring Boot defines its internal dependency
management so that platform dependencies are exposed to external
consumers while enforced platform dependencies are using internally.
See gh-19609
Previously, Maven's default behaviour was relied up which resulted
in the artifact ID being appended to each URL as it was inherited.
This behaviour can only be disabled in Maven 3.6 and later, a version
that we cannot use due to an incompatibility with the Flatten Plugin.
This commit works around Maven's default behaviour by defining
properties for the SCM URL, connection, and developer connection and
then explicitly defining the settings in each pom using these
properties. The explicit definition of the properties in each pom
prevents them being inherited from the parent, thereby disabling the
unwanted appending of the artifact ID to the URL.
Fixes gh-18328
This commit makes sure that any subsequent call on addProtocolResolver
on the context will impact the ResourceLoader implementation that
DevTools sets on the context.
This makes sure that any custom ProtocolResolver that is set later in
the lifecycle is taken into account.
Closes gh-17214
Meta-annotate `ClassPathExclusions` and `ClassPathOverrides` with
so that the `ModifiedClassPathExtension` no longer needs to be
used directly.
See gh-17491
Apply checkstyle rule to ensure that private and package private
classes do not have unnecessary public methods. Test classes have
also been unified as much as possible to use default scoped
inner-classes.
Closes gh-7316
Since the move to JUnit 5, a number of tests were failing on Windows.
The majority were failing due to open file handles preventing the
clean up of the tests' temporary directory. This commit addresses
these failures by updating the tests to close JarFiles, InputStreams,
OutputStreams etc.
A change has also been made to CachingOperationInvokerTests to make
a flakey test more robust. Due to System.currentTimeMillis() being
less precise on Windows than it is on *nix platforms, the test could
fail as it would not sleep for long enough for the TTL period to have
expired.
As of spring-projects/spring-hateoas#854, Spring HATEOAS is not relying
on Objenesis anymore and removed the cache that was being used for it.
This commit removes the support for clearing that cache when running an
application with Devtools enabled.
See gh-16833
This commit migrates `AnnotationConfigReactiveWebApplicationContext`
parent to the `GenericApplicationContext` abstraction. Any use of
`AnnotationConfigWebApplicationContext` is also removed as it also
inherits from the `AbstractRefreshableApplicationContext` outdated
hierarchy.
A new `AnnotationConfigServletWebApplicationContext` context is
introduced instead, extending from `GenericApplicationContext` and
providing the counter part of the reactive context for the Servlet-based
web app tests.
See gh-16096
Previously, DevTools would retry the upload of the changes to an
application in the event of a ConnectException. If a different
network-level failure occurred, it would not be retried and would
cause the file watching thread to die.
This commit attempts to make things more robust by retrying all
SocketExceptions and not just ConnectExceptions. A warning is
logged when a failure occurs. A separate debug message that
includes the exception is also logged.
Closes gh-10317
This covers the cases when:
* An Java agent based reloader (e.g. JRebel) is being used
* The reloader was disabled by using a system property
See gh-14807
Update `DevToolsPropertyDefaultsPostProcessor` to automatically set
the recently introduced `spring.messages.reloadable` property to
`true`.
Closes gh-14699
Rework `DevToolsPropertyDefaultsPostProcessor` so that web logging no
longer defaults to `DEBUG`. The post processor now logs an info hint
to suggest the user configure the logging themselves.
Closes gh-14575
Previously, if a class was added and then changed, a restart would be triggered
and things would behave as if the class had been deleted. This occurred
because, when looking for additional classes that were not on the original
classpath, only files that had been added were considered. The subsequent
change to the class was noticed as a modified rather than an addition,
resulting in the class being skipped.
This commit updates the resource resolver to only ignore deleted files and
consider both added files and modified files when looking for additional
resources.
Closes gh-14205
Reinstate `web` logging when devtools is in use, making use of the new
logging groups support. Devtools now also logs an `INFO` message
informing that properties defaults are offers an easy way to disable
them.
Closes gh-14450
Update `DevToolsPropertyDefaultsPostProcessor` to remove custom logging
level configuration. Unfortunately it's not easy to back-off logging
overrides when the user has a custom logback/log4j configuration.
Closes gh-14310
Since SPR-16946, Spring Framework revisited the DEBUG logging output
developers get while working on Spring MVC and Spring WebFlux
applications.
This commit aligns to those changes where DEBUG output was produced
in Spring Boot (especially in `DefaultErrorWebExceptionHandler`).
This also enables DEBUG logging on the related packages when running an
application with Spring Boot Developer Tools, providing a better
development experience.
This is also adding the new `spring.insights.web.log-request-details`
configuration property, which logs additional information about the
incoming requests at the DEBUG and TRACE levels. Since that information
can be sensitive (e.g. credentials, tokens, etc.), this property is not
enabled by default nor activated by the Developer Tools.
Closes: gh-13511