Spring Boot 2.1 Release Notes
Pages 184
-
- Spring Boot 2.1 Release Notes
- Upgrading from Spring Boot 2.0
- Deprecations from Spring Boot 2.0
- Spring Framework 5.1
- Bean Overriding
- Auto-Configuration Exclusion
- Actuator 'info' and 'health' Endpoint Security
- Servlet Path
- @WebMvcTest and @WebFluxTest Security Configuration
- Logging Refinements
- Narayana JTA Support
- ActiveMQ Pooling
- HttpPutFormContentFilter
- OAuth2 Client Configuration
- Micrometer 'all' SLA Handling
- InfluxDB HttpClient Customization
- Maven Plugin
- Spring Version POM Property
- Removal of 'spring.provides' Files
- Thymeleaf Spring Security Extras
- Json Simple
- Jersey 1
- Hibernate EhCache Support
- Endpoint ID names
- Lombok
- Java Persistence API dependency
- JpaProperties
- Consistent max HTTP header size across all embedded web servers
- New and Noteworthy
- Third-party Library Upgrades
- Java 11 Support
- DataSize Support
- Context ApplicationConversionService Support
- Profile Expression
- Task Execution
- Task Scheduling
- Logging Groups
- Maven Plugin
- Bootstrap mode for JPA setup
- Kafka Streams Support
- Spring Data JDBC Support
- JMS ConnectionFactory Caching
- Elasticsearch REST Clients
- JUnit 5
- Security
- OAuth2 WebFlux Support
- OAuth2 resource server support
- Non-web OAuth Applications
- Actuator Endpoints
- Caches Endpoint
- Spring Integration Graph Endpoint
- Health Endpoint
- Micrometer
- Common Micrometer Tags
- Auto-configuration Support For New Metrics
- Auto-configuration support for new registries
- Additional histogram configuration properties
- Miscellaneous
- Deprecations in Spring Boot 2.1
- Configuration Property Changes
Clone this wiki locally
Spring Boot 2.1 Release Notes
Upgrading from Spring Boot 2.0
Deprecations from Spring Boot 2.0
Classes, methods and properties that were deprecated in Spring Boot 2.0 have been removed in this release. Please ensure that you aren’t calling deprecated methods before upgrading.
Spring Framework 5.1
Spring Boot 2.1 uses Spring Framework 5.1. Please refer to its upgrade guide for any changes that may affect your application.
Bean Overriding
Bean overriding has been disabled by default to prevent a bean being accidentally overridden.
If you are relying on overriding, you will need to set spring.main.allow-bean-definition-overriding to true.
Auto-Configuration Exclusion
Exclusions are now applied consistently rather than only being applied locally. This applies to any exclusion defined on @EnableAutoConfiguration, @SpringBootApplication, @ImportAutoConfiguration or the spring.autoconfigure.exclude property.
Actuator 'info' and 'health' Endpoint Security
If spring-security is on the classpath without any security configuration, /info and /health are now exposed publicly for consistency.
If you have spring-security on your classpath and do not provide any security configuration, you will need to explicitly secure them.
Servlet Path
The server.servlet.path property has moved to spring.mvc.servlet.path.
If you were relying on that property programmatically to know the path of the DispatcherServlet please use DispatcherServletPath instead.
@WebMvcTest and @WebFluxTest Security Configuration
User configuration is now included automatically with web slice tests. @WebMvcTest looks for WebSecurityConfigurer beans while @WebFluxTest looks for ServerHttpSecurity beans.
Logging Refinements
Spring Framework 5.1 revisited the debug logging output while working on web applications (Spring MVC or Spring WebFlux).
If you are trying to debug an application and you want to restore Spring Boot 2.0 style logging you should add the following to your application.properties:
logging.level.web=debugYou might also want to set spring.http.log-request-details to true to log actual request details.
By default this property is false as it can potentially expose sensitive information.
Narayana JTA Support
The Narayana support has been removed in favor of the official support that is more aligned with Narayana releases.
If you were using spring-boot-starter-jta-narayana, the new coordinates are the following:
<dependency>
<groupId>me.snowdrop</groupId>
<artifactId>narayana-spring-boot-starter</artifactId>
<version>2.0.1</version>
</dependency>Check the documentation for more details.
ActiveMQ Pooling
If you were using activemq-pool, support has been removed in this release in favor of pooled-jms that offers the same features while being JMS 2.0 compliant.
You can update your build as follows:
<dependency>
<groupId>org.messaginghub</groupId>
<artifactId>pooled-jms</artifactId>
</dependency>HttpPutFormContentFilter
HttpPutFormContentFilter has been deprecated in favor of FormContentFilter.
As a result the spring.mvc.formcontent.putfilter.enabled property is no longer defined.
If you were using this feature, please update to spring.mvc.formcontent.filter.enabled.
OAuth2 Client Configuration
The structure of the spring.security.oauth2.client.registration has been reworked in a single tree rather than having an authorizationcode and clientcredentials sub namespace.
Micrometer 'all' SLA Handling
The description of management.metrics.distribution.sla wrongly described that a all meter ID could be used to set a SLA for all metrics.
This feature couldn’t be implemented properly given that the unit may differ based on the meter type.
InfluxDB HttpClient Customization
Previously, declaring a OkHttpClient.Builder bean was enough to customize the client used by InfluxDB.
To make sure such customizations are isolated, please define a InfluxDbOkHttpClientBuilderProvider bean instead.
Maven Plugin
The finalName property is no longer customizable to align with the behavior of standard Maven plugins.
If you were customizing the repackage goal, the main execution has now an id of repackage that must be specified, see the updated sample.
Spring Version POM Property
The spring.version property defined in the spring-boot-dependencies POM has been renamed.
To override the Spring Framework version you should now use the spring-framework.version property instead.
We generally recommend that you stick with the managed framework version unless absolutely necessary.
Removal of 'spring.provides' Files
A starter could declare a META-INF/spring.provides so that an IDE can figure out what dependencies it provides.
Scanning the starter POM for the immediate dependencies that it declares should be enough of an indication.
If you are responsible of a third-party starter and you declare this file, it can be removed.
Thymeleaf Spring Security Extras
Dependency management and auto-configuration for Thymeleaf’s Spring Security Extras module has switched from thymeleaf-extras-springsecurity4 to thymeleaf-extras-springsecurity5.
If you were using the module, you should update your pom.xml or build.gradle to depend upon thymeleaf-extras-springsecurity5.
Json Simple
Dependency management for json-simple is no longer provided and the JsonParser implementation using it has been removed.
Hibernate EhCache Support
If you are using hibernate-ehcache to use EhCache 2 as a second-level cache provider with Hibernate, it is deprecated as of Hibernate 5.3.
Endpoint ID names
If you have developed your own actuator @Endpoint beans you should ensure that they following the tighter naming rules introduced in Spring Boot 2.1.
Specifically, IDs should be alpha-numeric only and must start with a letter (see the EndpointId class documentation for full details).
If you use - or . characters Spring Boot 2.1 will log a warning and ask you to migrate to the correct format.
Lombok
Spring Boot 2.1 has upgraded to Lombok 1.18.x from 1.16.x. In 1.18, Lombok will no longer generate a private, no-args constructor by default. It can be enabled by setting lombok.noArgsConstructor.extraPrivate=true in a lombok.config configuration file. For further information about changes in Lombok, please refer to its changelog.
Java Persistence API dependency
As part of upgrading to Hibernate 5.3, the managed Java Persistence API dependency has changed from org.hibernate.javax.persistence:hibernate-jpa-2.1-api to javax.persistence:javax.persistence-api. If you are using spring-boot-starter-data-jpa or depending on the API transitively via Hibernate, you will be unaffected by this change.
JpaProperties
Hibernate-specific properties have been moved from JpaProperties into a separate class named HibernateProperties. If you were using JpaProperties.getHibernateProperties(HibernateSettings) you
should now inject both HibernateProperties and JpaProperties to determine the properties:
Map<String, Object> properties = hibernateProperties.determineHibernateProperties(
jpaProperties.getProperties(), new HibernateSettings());New and Noteworthy
|
Tip
|
Check the configuration changelog for a complete overview of the changes in configuration. |
Third-party Library Upgrades
Spring Boot 2.1 builds on and requires Spring Framework 5.1.
We’ve upgraded to the latest stable releases of other third-party jars wherever possible. Some notable dependency upgrades in this release include:
-
Tomcat 9
-
Undertow 2
-
Hibernate 5.3
-
JUnit 5.2
-
Micrometer 1.1
Java 11 Support
Spring Boot 2.1 remains compatible with Java 8 but now also supports Java 11. We have continuous integration configured to build and test Spring Boot against the latest Java 11 release.
DataSize Support
If a property needs to express a size in bytes or similar convenient unit, it can expose a org.springframework.util.unit.DataSize property.
Similar to our Duration support introduced in Spring Boot 2.0, the data size supports an easy format (i.e. 10MB for 10 megabytes) and metadata support.
All relevant configuration properties have been updated to use the new type.
Context ApplicationConversionService Support
The ApplicationConversionService is now registered by default with the Environment and BeanFactory created by SpringApplication.
This allows you to use application converters directly with core Spring Framework items such as the @Value annotation:
@Value("${my.duration:10s}")
private Duration duration;Profile Expression
Profile matching has been improved to support an expression format.
For instance production & (us-east | eu-central) indicates a match if the production profile is active and either the us-east or eu-central profiles are active.
Profile expression can be used as follows:
-
Enable componets using
@Profile -
Enable Logback configuration using
<springProfile>
Task Execution
Spring Boot now provides auto-configuration for ThreadPoolTaskExecutor.
If you are using @EnableAsync, your custom TaskExecutor can be removed in favor of customizations available from the spring.task.execution namespace.
Custom ThreadPoolTaskExecutor can be easily created using TaskExecutorBuilder.
Task Scheduling
Similarly to the new task execution support, Spring Boot auto-configures a ThreadPoolTaskScheduler when @EnableScheduling is specified.
The task scheduler can be customized using the spring.task.scheduling namespace.
A TaskSchedulerBuilder is also available by default.
Logging Groups
Logger groups can be defined to allow related loggers to be configured in one go.
For example, you could declare a tomcat group that allows you to configure org.apache.catalina, org.apache.coyote and org.apache.tomcat loggers with a single key:
# define the group
logging.group.tomcat=org.apache.catalina, org.apache.coyote, org.apache.tomcat
# use the group (possibly in a different configuration file)
logging.level.tomcat=TRACEConvenient web and sql groups are provided out-of-the-box. See the reference guide for details.
Maven Plugin
Specifying arguments has been improved with dedicated options for system properties and environment variables.
It is also possible to repackage and replace a classified artifact, see the updated documentation of the classifier attribute.
Bootstrap mode for JPA setup
Spring Data Lovelace introduces a 'bootstrap mode' for the repositories. Spring Boot exposes a property that can be set to control the boostrap mode of JPA repositories. For instance, to defer initialization of JPA repositories, simply add the following to your configuration:
spring.data.jpa.repositories.bootstrap-mode=deferredWhen setting the mode to deferred or lazy, JPA setup happens in a separate thread.
Kafka Streams Support
Auto-configuration is now provided for Kafa Streams when a org.apache.kafka:kafka-streams dependency is declared.
See the updated Spring Boot documentation and the Spring Kafka documentation for details.
Spring Data JDBC Support
Spring Data includes repository support for JDBC and will automatically generate SQL for the methods on CrudRepository.
Spring Boot will auto-configure Spring Data’s JDBC repositories when the necessary dependencies are on the classpath.
They can be added to your project with a single dependency on spring-boot-starter-data-jdbc.
For complete details of Spring Data JDBC, please refer to the reference documentation.
JMS ConnectionFactory Caching
The auto-configured ConnectionFactory is cached by default using CachingConnectionFactory until the pooling option is enabled or spring.jms.cache.enabled is set to false.
Pooling option has also been extended to Artemis (see spring.jms.artemis.pool.*).
Elasticsearch REST Clients
As an alternative option to Jest, auto-configurations for RestClient and RestHighLevelClient are provided with configurable options from the spring.elasticsearch.rest.* namespace.
JUnit 5
All @…​Test annotations are meta-annotated with @ExtendWith(SpringExtension.class) so this redundant part of the setup can be removed if you’re using JUnit 5.
Spring Boot also uses a maven-surefire-plugin version that does not require any custom setup to use JUnit 5.
Security
OAuth2 WebFlux Support
Support for WebFlux OAuth2 login has been added.
OpenID Connect providers are easier to configure using an issuer-uri which is the URI that the it asserts as its Issuer Identifier.
OAuth2 resource server support
If you have spring-security-oauth2-resource-server on your classpath, Spring Boot can set up an OAuth2 Resource Server as long as a JWK Set URI is specified.
For instance:
spring.security.oauth2.resource.jwt.jwk.set-uri=https://example.com/oauth2/default/v1/keysThis is supported for both MVC and WebFlux applications.
Non-web OAuth Applications
It’s now easier to write non-web OAuth applications as we provide an auto-configured InMemoryReactiveClientRegistrationRepository bean regardless of the application type.
If you’re writing an application that doesn’t use an embedded web server (such as a CLI application) you can now inject and use the configured registration repository directly.
Actuator Endpoints
Caches Endpoint
A new /actuator/caches endpoint lists the available CacheManager instances and their respective caches with basic metadata.
See the API for more details.
Spring Integration Graph Endpoint
If you are using Spring Integration, a graph representation of all Spring Integration components can be exposed at /actuator/integrationgraph.
Please see the API for more details.
Health Endpoint
An HealthIndicatorRegistry bean is now available to add and remove HealthIndicator at runtime.
The health endpoint has also been improved to query a specific indicator if necessary.
For instance /actuator/health/db executes only the "db" HealthIndicator.
Please see the API for more details.
A reactive HealthIndicator for Apache Cassandra is available.
Micrometer
Common Micrometer Tags
Common tags can be applied to all meters declaratively as show in the following example:
management.metrics.tags.region=us-east-1
management.metrics.tags.stack=prodThe example above adds a region and stack tags to all meters with a value of us-east-1 and prod respectively.
Auto-configuration Support For New Metrics
Metrics coverage has been improved to include:
-
Hibernate metrics
-
Spring Framework’s
WebClient -
Kafka consumer metrics
-
Log4j2 metrics
-
Jetty server thread pool metrics
-
Server-side Jersey HTTP request metrics
Miscellaneous
As well as the changes listed above, there have also been lots of minor tweaks and improvements including:
-
Jackson visibility can be configured using
spring.jackson.visiblity.*. -
It is easier to create a
WebServiceTemplateusing an auto-configuredWebServiceTemplateBuilder. -
Error page shows stacktraces when Devtools is in use.
-
It is no longer necessary to export a dummy
ResourceConfigto enable Jersey support. -
JNDI lookups have been improved to enable
resourceRefby default. -
Customization of the
RetryTemplateused by the Rabbit infrastructure is available viaRabbitRetryTemplateCustomizer. -
The receive queue of the default
RabbitTemplateis now configurable -
Tomcat’s max swallow size is now configurable using a property
-
HTTP/2 with Reactor Netty Server is now supported.
-
Kafka auto-configuation now supports
errorHandlertransactionManagerandafterRollbackProcessorbeans. -
Support has been added for generating unique JMX ObjectNames globally (rather than limiting this feature to Actuator Endpoints)
-
Configuration property meta-data is now ordered, with deprecated items appearing last.
-
The
withDetailsmethod onHealth.Buildernow also accepts aMap. -
A reactive
ReactiveJwtDecoderis now auto-configured when you have an issuer url defined. -
The
BackgroundPreinitializercan be disabled for if aspring.backgroundpreinitializer.ignoresystem property is set -
HiddenHttpMethodFiltercan be disabled using a property -
The JAP starter POM now works out-of-the-box on Java 9+
-
MongoDB auto-configuration will now back-off when a
com.mongodb.client.MongoClientbean is defined (as well as the more usualcom.mongodb.MongoClient). -
You can now optionally use Jetty RS as HTTP driver for WebClient
-
Several configuration options have been added in the
spring.quartznamespace. -
@ConditionalOnEnabledEndpointcan be used on any component (e.g. something that is only required by the endpoint and shouldn’t be created if the endpoint is disabled). -
@ConditionalOnMissingServletFilteris available to respectFilterRegistrationbeans when testing if aFilterbean is missing -
@WebMvcTestauto-configures Spring Data REST as well (e.g. support forSortandPageablerequest arguments). -
Slice tests now all have a
propertiesattribute to consistently customize the environment if necessary -
Support has been added for multiple
RestDocsMockMvcConfigurationCustomizer -
Security configuration is now applied to
WebTestClient. For more information on testing secured endpoints, please refer to the relevant section of Spring Security’s reference documentation. -
WebExceptionHandlersare now supported by@WebFluxTest -
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)can now generate a separate random port for the management server. -
Auto-configuration exclusions are now applied consistently.
Deprecations in Spring Boot 2.1
-
setConnectTimeout(int)andsetReadTimeout(int)have been deprecated in favor of similar methods that take aDuration. -
Methods used to set a data size using
inthave been deprecated and replaced with variants that take aDataSize. -
management.endpoints.jmx.unique-namesis deprecated in favor ofspring.jmx.unique-names -
The
secureattribute on@AutoConfigureMockMvchas been deprecated in favor of using Spring Security’s@WithMockUserannotation. -
RestTemplateBuilder.basicAuthorizationhas been deprecated in favor ofbasicAuthentication. -
REQUEST_WRAPPER_FILTER_MAX_ORDERinAbstractFilterRegistrationBeanandFilterRegistrationBeanhave been replaced byOrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER.
Configuration Property Changes
-
The
spring.security.oauth2.client.registration.login.*.redirect-uri-templateproperty is deprecated in favor ofspring.security.oauth2.client.registration.login.*.redirect-uri -
The
spring.security.oauth2.resource.jwt.jwk.set-uriproperty has been renamed tospring.security.oauth2.resourceserver.jwt.jwk-set-uri -
The
spring.cloud.enabledproperty has been removed (excludeCloudServiceConnectorsAutoConfigurationif you need to disable cloud connectors) -
All
management.metrics.binders.*.enabledproperties have been removed in favor of directly excluding the auto-configuration.