Previously, Spring Boot mapped both `DataSourceProperties` and the actual
`DataSource` implementation to the same prefix. This results in a huge
amount of keys in the `spring.datasource` namespace with no way to
identify those that are valid for the pooled data source in use.
This commit maps the four pooled data sources we support in four isolated
namespace, keeping `spring.datasource` only for the common settings.
These are `spring.datasource.tomcat`, `spring.datasource.hikari`,
`spring.datasource.dbcp` and `spring.datasource.dbcp2` for the Tomcat,
Hikari, Commons DBCP and Commons DBCP2 implementations respectively.
Closes gh-2183
Add a `server.server-header` property which can be used to override the
`server` header usually sent back automatically by Tomcat/Jetty or
Undertow.
See https://www.owasp.org/index.php/Securing_tomcat for background.
Fixes gh-4461
Closes gh-4504
Commit 8c14009 removed the endpoints.metrics.filter.enabled property so
that endpoints.metrics.enabled is used for both disabling the endpoint
and the servlet filter that records interactions.
This was an unfortunate decision as it was no longer possible to only
disable the servlet filter. The endpoints.metrics.filter.enabled property
has therefore been restored.
Closes gh-4365
This commit adds a new property, security.filter-dispatcher-types
that can be used to configure the dispatcher types of Spring
Security's filter chain. The default remains unchanged.
Closes gh-4505
Add a `spring.mvc.static-path-pattern` property which can be used to
configure the path pattern used to serve static resources.
Fixes gh-4444
Closes gh-4448
Set `CachedIntrospectionResults.IGNORE_BEANINFO_PROPERTY_NAME` by
default to improve startup performance. The `spring.beaninfo.ignore`
property can be set in `application.properties` if BeanInfo classes
should be searched.
Fixes gh-4390
Create a set of core groups to gather properties logically: core, web,
security, data, integration, actuator and devtools.
In each of them, groups are ordered against their lexical order.
Closes gh-4344
Previously, the "Common application properties" appendix had no
consistent use of a configuration key value. It could just as well be
the default value or an example.
We now always document the default value after the "=" sign and
eventually add an example with the phrasing "For instance".
The keys have also been reordered so that they follow a natural (i.e.
lexical) order.
Closes gh-3230
Closes gh-3160
Closes gh-3155
Closes gh-3153
Previously, LoggingApplicationListener used %rEx as the default
exception conversion word. This would result in the nested causes
being logging in reverse order, i.e. the most deeply nested cause
would be logged first.
This commit updates the default to be %wEx and adds a test to verify
the default behaviour.
Closes gh-4247
Update TraceWebFilter to optionally trace more details from the
HttpServletRequest/HttpServletResponse. The `management.trace.include`
property can be used to change what aspects are logged.
Closes gh-3948
Spring Security 4’s default configuration will, irrespective of any
other header writers that are added, enable writers for the following
headers:
- X-Content-Type
- X-XSS-Protection
- Cache-Control
- X-Frame-Options
Previously, SecurityProperties.headers used false as the default for the
properties that enable or disable these headers but the configuration is
only applied when the properties are true. This left us with the right
default behaviour (the headers are enabled) but meant that the
properties could not be used to switch off the headers.
This commit changes the defaults for the four properties to true and
updates SpringBootWebSecurityConfiguration to only apply the
configuration when the properties are false. This leaves us with the
desired defaults while allowing users to disable one or more of the
properties by setting the relevant property to false.
Closes gh-3517
This commit adds a new property, logging.register-shutdown-hook, that
when set to true, will cause LoggingApplicationListener to register
a shutdown hook the first time it initializes a logging system. When
the JVM exits, the shutdown hook shuts down each of the supported
logging systems, ensuring that all of their appenders have been
flushed and closed.
Closes gh-4026
This commit changes the new mode-based configuration to use two new
methods – setBannerMode on SpringApplication and bannerMode on
SpringApplicationBuilder. The old methods, setShowBanner and
showBanner on SpringApplication and SpringApplicationBuilder
respectively, have been reinstated and deprecated.
Closes gh-4001
Previously `spring.velocity.charset` only controlled the output encoding
with the templates being loaded with the default encoding. We now
consistently set the same value for both the input and output encodings.
It is still possible to override it to a different value using
`spring.velocity.properties.input.encoding`
Closes gh-3994
Previously `spring.velocity.charset` only controlled the output encoding
with the templates being loaded with the default encoding. We now
consistently set the same value for both the input and output encodings.
It is still possible to override it to a different value using
`spring.velocity.properties.input.encoding`
Closes gh-3994
This commit adds two new properties, spring.devtools.remote.proxy.host
and spring.devtools.remote.proxy.port that can be used to configure
RemoteSpringApplication to connect to the remote application through
an HTTP proxy.
Closes gh-3968
In order to have more control on the structure of the configuration, we
do not bind to `RepositoryRestConfiguration` directly anymore. This
commit introduces `RepositoryProperties` instead.
See gh-3854
Closes gh-4073
Stephane Nicoll
Eddú Meléndez
Phillip Webb
Johnny Lim
Andy Wilkinson
cornelcreanga@yahoo.com
Bohuslav Burghardt
zhanhb
Wallace Wadge
Dave Syer