Previously, the documentation did not provide any guidance on using
Jersey alongside Spring MVC or any other web framework.
This improves the documentation in two ways:
1. It notes that, in the presence of both Jersey and Spring MVC, the
Actuator will prefer Spring MVC for exposing HTTP endpoints.
2. It adds a how-to describing how to configure Jersey to forward
requests for which it has no handler on to the rest of the filter
chain. When Spring MVC is the other framework, this allows them to
be handled by its dispatcher servlet.
Closes gh-17523
This commit is a continuation of the work done in 987a5f81. In
addition to developers and licenses that are covered in the earlier
commit, a number of other settings are still inherited from the
starter parent. This commit updates the documentation to show them
being overridden as well.
Closes gh-18532
Previously, @EndpointFilter would only have an effect when used as
an annotation or meta-annotation on the endpoint class itself. It
would have no effect when used on a super-class of the endpoint
bean's class.
This commit updates EndpointDiscoverer so that an @EndpointFilter
annotation or meta-annotation on a super-class will be found and
applied to the discovery process. This is achieved by using find…
rather than get… when retrieving the attributes for the EndpointFilter
annotation.
Fixes gh-17866
Previously, AbstractDependsOnBeanFactoryPostProcessor was unordered
which meant that it was impossible to guarantee that another bean
factory post-processor would run after it. This prevented overriding
of the dependsOn relationships that is creates.
This commit updates AbstractDependsOnBeanFactoryPostProcessor to give
it a default order of zero. This will allow additional bean factory
post-processors to be configured with a lower precedence order (values
greater than 0) so that they run after any
AbstractDependsOnBeanFactoryPostProcessor and can override the
dependencies that it has configured.
Fixes gh-18362
Publishing to Maven Central requires spring-boot-starter-parent to
declare its license and developers. When a user then uses
spring-boot-starter-parent as their project's parent, these values
are inherited and this is almost certainly unwanted.
This commit updates the documentation to recommend and demonstrate
overriding the license and developers that are inherited from the
starter parent.
Closes gh-18532
Previously, the security risks and our recommendations on how to
mitigate them were not documented as clearly as they could have been.
This commit makes some changes to try to address this:
1. The security risk is now noted at the beginning of the section
2. The recommendation to use SSL is now documented more prominently
and an alternative recommendation to only use remote support on
a trusted network has been added.
3. The example secret has been removed to prevent copy and paste
4. A recommendation to use a secret that is unique and strong has been
added
Closes gh-18825
Previously, AopAutoConfiguration would only enable CGLib-based
proxies if aspectjweaver was on the classpath. The intention was for
CGLib-based proxies to always be used by default so this behaviour
was incorrect.
This commit updates AopAutoConfiguration to force the use of
CGLib-based proxies even in the absence of aspectjweaver.
Closes gh-18523
Previously, the endpoint tables in the documentation include an
"Enabled by default" column that listed whether or not an endpoint
was enabled by default. This resulted in some confusion as an endpoint
could be listed as being enabled by default but not actually be
enabled as the requirements for it being auto-configured has not been
met.
This commit removes the "Enabled by default" column and replaces it,
where needed, with some extra information in the "Description"
column that describes what is needed for the endpoint to be
auto-configured.
Closes gh-18633
In 2.2.0, @ConfigurationPropertiesScan was enabled by default.
Unfortunately, this had the unexpected side-effect of breaking
conditional enablement of a @ConfigurationProperties class via
@EnableConfigurationProperties if the @ConfigurationProperties class
was in a package covered by scanning.
This commit remove @ConfigurationPropertiesScan from
@SpringBootApplication so that it is no longer enabled by default.
2.1.x users who rely upon such conditional enablement of
@ConfigurationProperties classes can now upgrade to 2.2.x without
having to make any changes. Users who do not have such a need and are
in a position to use configuration properties scanning can now opt-in
by adding @ConfigurationPropertiesScan to their main application class
alongside @SpringBootApplication.
Closes gh-18674
Previously, all of the type exclude filters in
spring-boot-test-autoconfigure were package-private. This prevent a
user who was creating their own test slice from composing their own
TypeExcludeFilter with one of Boot's.
This commit updates all of the TypeExcludeFilters in the
test-autoconfigure module to make them public. The intention is only
to allow them to be composed with other type exclude filters when
referenced in a @TypeExcludeFilters annotation. Therefore, each
filter class is declared final and their constructors remain
package-private.
Closes gh-18746
This commit creates a new configuration property
`spring.codec.max-in-memory-size` which configures the maximum
amount of data to be buffered in memory by codecs (both client and
server).
This property has no default value - it will let Spring Framework handle
the default behavior, currently enforcing a 256KB for provided codecs.
Fixes gh-18828
Update `HealthEndpointConfiguration` to also include adapted reactive
health contributors when project reactor is on the classpath. Prior to
this commit, reactive contributors were only exposed in WebFlux
applications. This was a regression from Spring Boot 2.1 that we didn't
catch because all our own reactive contributors all have non-reactive
equivalents.
Closes gh-18805
This commit is a follow-up of a change in Spring Framework[1] to make
sure injection points that are expecting a specific bean by name use
a qualifier.
As a result of this change, MVC uses the dedicated MVC validator again
rather than the general one auto-configured by Spring Boot.
[1] https://github.com/spring-projects/spring-framework/issues/23887
Closes gh-18672
This commit restores the highest precedence of reactive
HealthContributor over imperative one. Previously, both would be
registered, leading to duplicate entries in health output.
Closes gh-18748
The configuration property is always cleared before bean instantiation
because the problem with bean instantiation might not necessarily be the
last bound property.
Fixes gh-18704
Previously, if a bean definition had no resource description, the
failure analysis description would state that the been had been
defined in null which was of no use to the user.
This commit updates the failure analysis to omit information about
where the bean was definied when the definition has no resource
description.
Fixes gh-18721
Update `ConfigurationPropertiesBean.getAll()` to limit the candidate
beans that will actually need a `getBean()` call. Prior to this commit
calling `getAll()` would trigger a get of every bean in the context,
some of which might fail.
Fixes gh-18714
Update `DataSourceHealthContributorAutoConfiguration` so that any
`AbstractRoutingDataSource` beans are still included in the overall
health. Prior to this commit, a regression in Spring Boot 2.2 meant
that if a single routing bean was found an `IllegalArgumentException`
would be thrown.
In Spring Boot 2.1 all `AbstractRoutingDataSource` would be filtered
from the results, but if no results existed the following was returned:
"details": {
"db": {
"status": "UNKNOWN"
},
In Spring Boot 2.2 we now always include routing datasource beans, even
if other non-routing database beans are found. The health details
includes `"routing" : true` to help users disambiguate any results.
Fixes gh-18661
Update `NamedContributorsMapAdapter` to check for `null` keys or values
during construction. Also update `HealthEndpointSupport` to allow
null component entries.
See gh-18687
Update `HealthEndpointSupport` so that aggregate elements that don't
ultimately provide a contribution are filtered out. Prior to this
commit an NPE was returned when calculating the aggregate status.
Fixes gh-18687
Rename `max-http-post-size` to `max-http-form-post-size` for Jetty and
Tomcat to make it clearer that they only apply to POSTed form content.
See gh-18566
Andy Wilkinson
Stephane Nicoll
dreis2211
Mark Pollack
Jens Teglhus Møller
wycm
Jaeyeon Kim
Johnny Lim
larrywest
Brian Clozel
Phillip Webb
mattisonchao
wwjay9
Cosmin Humeniuc
wonwoo
Madhura Bhave
Philippe De Neve
Alessandro Falappa
nkjackzhang
Rafiullah Hamedy