Update TraceWebFilter to optionally trace more details from the
HttpServletRequest/HttpServletResponse. The `management.trace.include`
property can be used to change what aspects are logged.
Closes gh-3948
Spring Security 4’s default configuration will, irrespective of any
other header writers that are added, enable writers for the following
headers:
- X-Content-Type
- X-XSS-Protection
- Cache-Control
- X-Frame-Options
Previously, SecurityProperties.headers used false as the default for the
properties that enable or disable these headers but the configuration is
only applied when the properties are true. This left us with the right
default behaviour (the headers are enabled) but meant that the
properties could not be used to switch off the headers.
This commit changes the defaults for the four properties to true and
updates SpringBootWebSecurityConfiguration to only apply the
configuration when the properties are false. This leaves us with the
desired defaults while allowing users to disable one or more of the
properties by setting the relevant property to false.
Closes gh-3517
This commit adds a new property, logging.register-shutdown-hook, that
when set to true, will cause LoggingApplicationListener to register
a shutdown hook the first time it initializes a logging system. When
the JVM exits, the shutdown hook shuts down each of the supported
logging systems, ensuring that all of their appenders have been
flushed and closed.
Closes gh-4026
This commit changes the new mode-based configuration to use two new
methods – setBannerMode on SpringApplication and bannerMode on
SpringApplicationBuilder. The old methods, setShowBanner and
showBanner on SpringApplication and SpringApplicationBuilder
respectively, have been reinstated and deprecated.
Closes gh-4001
Previously `spring.velocity.charset` only controlled the output encoding
with the templates being loaded with the default encoding. We now
consistently set the same value for both the input and output encodings.
It is still possible to override it to a different value using
`spring.velocity.properties.input.encoding`
Closes gh-3994
This commit adds two new properties, spring.devtools.remote.proxy.host
and spring.devtools.remote.proxy.port that can be used to configure
RemoteSpringApplication to connect to the remote application through
an HTTP proxy.
Closes gh-3968
In order to have more control on the structure of the configuration, we
do not bind to `RepositoryRestConfiguration` directly anymore. This
commit introduces `RepositoryProperties` instead.
See gh-3854
Closes gh-4073
Add `error.include-stacktrace` configuration option to determine when
stack trace attributes should be added. Options are `never`, `always`
or `on-trace-param`.
Prior to this commit stacktrace attributes were never includes in HTML
responses, and only included in JSON responses when a `trace` request
parameter was set to `true`. This has now been changed so that,
by default, stacktrace attributes are never included.
The BasicErrorController includes a protected method that can be
overridden if includes should be different depending on the `produces`
mapping.
Closes gh-2371
Update MetricExportAutoConfiguration to auto-configure statsd metrics
export when a `spring.metrics.export.statsd.host` property is set.
Closes gh-3719
Provide a general purpose Hazelcast integration (i.e. not tied to caching).
Auto-configure a `HazelcastInstance` either based on the presence of a
`Config` bean or a configuration file. Said configuration file can be
specified explicitly or automatically found from default locations.
The cache integration already supports Hazelcast so it has been reworked
to automatically reuse an existing `HazelcastInstance` if available.
Closes gh-2942
The default value of `spring.devtools.restart.exclude` is quite long and
any override requires to copy/paste it to add additional exclusions. To
avoid that, a new `spring.devtools.restart.additional-exclude` property
has been added.
Both properties are now used to compute the full list of exclusions that
is used by PatternClassPathRestartStrategy.
Closes gh-3774
The `spring.datasource.name` property was hidden behind the 'name'
attribute of the Tomcat connection pool (since we are mapping all
datasource implementations on the `spring.datasource` namespace.
This commit replace the injected value by hand with the use of the
regular `DataSourceProperties`. That way, we generate proper meta-data
for it as well.
Closes gh-3755
A new `spring.datasource.type` property can now be used to configure the
connection pool implementation to use (rather than only relying on Boot's
preferences).
Closes gh-3705
This commit provides a single endpoint, /actuator, that serves HTML
(the HAL browser) or JSON depending on the request’s accept header
that enables discovery of all of the actuator’s other endpoints.
When the management context path is configured, the /actuator endpoint
moves to the configured path, e.g. if the management context path is
set to /management, the actuator endpoint will be available from
/management.
Closes gh-3696
This commit adds a new property, logging.exception-conversion-word,
that can be used to configure the conversion word that is used when
logging exceptions. The default value, %rEx, will log exceptions
with the root cause first and include class packaging information in
the stack trace. The new property is supported when using either
Logback or Log4J2.
Closes gh-3684
Harmonize the configuration properties for Undertow to match the changes
made for gh-2491.
Move `spring.undertow.accessLog*` to `spring.undertow.accesslog.*`
Add `directory`, `prefix` and `suffix` properties to further customize
how access logs are configured on Tomcat. Relocate all properties to the
`server.tomcat.accesslog` namespace.
`server.tomcat.accessLogPattern` and `server.tomcat.accessLogEnabled` are
deprecated and replaced by `server.tomcat.accesslog.pattern` and
`server.tomcat.accesslog.enabled` respectively.
Closes gh-2491
Previously, only folders on the classpath would be watched and used
to trigger a restart/reload of the application. This commit adds a
new property spring.devtools.restart.additional-paths that can be
used to configure additional paths that should be watched for
changes. When a change occurs in one of those paths a restart or
reload will be triggered, depending on the full restart exclude
patterns configured via the existing spring.devtools.restart.exclude
property.
Closes gh-3469
Three conditions must be met for the console to be enabled:
- H2 is on the classpath
- The application is a web application
- spring.h2.console.enabled is set to true
If spring-boot-devtools is on the classpath, spring.h2.console.enabled
will be set to true automatically. Without the dev tools, the enabled
property will have to be set to true in application.properties.
By default, the console is available at /h2-console. This can be
configured via the spring.h2.console.path property. The value of this
property must begin with a '/'.
When Spring Security is on the classpath the console will be secured
based on the user's security.* configuration. When the console is
secured, CSRF protection is disabled and frame options is set to
SAMEORIGIN for its path. Both settings are required in order for the
console to function.
Closes gh-766
Add `spring.autoconfigure.exclude` to control the list of
auto-configuration classes to exclude via configuration. Merge the
exclusions defined on the `@EnableAutoConfiguration` or
`@SpringBooApplication` if any.
Closes gh-2435
Add a "management.health.defaults.enabled" property that controls whether
the default health indicators are enabled. This allow to disable them all
by default and still enable individual ones using their respective
specific property.
Closes gh-2298
Johnny Lim
Stephane Nicoll
Phillip Webb
Wallace Wadge
Andy Wilkinson
Dave Syer
zhanhb
Michael Stummvoll
Julien Dubois
Simon Buettner
Fabricio Colombo
Eddú Meléndez