-
Notifications
You must be signed in to change notification settings - Fork 78
Spring Boot 2.1 release notes and OpenRerewrite migrations
Classes, methods and properties that were deprecated in Spring Boot 2.0 have been removed in this release. Please ensure that you aren’t calling deprecated methods before upgrading.
Spring Boot 2.1 uses Spring Framework 5.1. Please refer to its upgrade guide for any changes that may affect your application.
Bean overriding has been disabled by default to prevent a bean being accidentally overridden.
If you are relying on overriding, you will need to set spring.main.allow-bean-definition-overriding
to true
.
Exclusions are now applied consistently rather than only being applied locally. This applies to any exclusion defined on @EnableAutoConfiguration
, @SpringBootApplication
, @ImportAutoConfiguration
or the spring.autoconfigure.exclude
property.
If spring-security
is on the classpath without any security configuration, /info
and /health
are now exposed publicly for consistency.
If you have spring-security
on your classpath and do not provide any security configuration, you will need to explicitly secure them.
The server.servlet.path
property has moved to spring.mvc.servlet.path
.
If you were relying on that property programmatically to know the path of the DispatcherServlet
please use DispatcherServletPath
instead.
User configuration is now included automatically with web slice tests. @WebMvcTest
looks for WebSecurityConfigurer
beans while @WebFluxTest
looks for ServerHttpSecurity
beans.
Spring Framework 5.1 revisited the debug
logging output while working on web applications (Spring MVC or Spring WebFlux).
If you are trying to debug an application and you want to restore Spring Boot 2.0 style logging you should add the following to your application.properties
:
logging.level.web=debug
You might also want to set spring.http.log-request-details
to true
to log actual request details.
By default this property is false
as it can potentially expose sensitive information.
The Narayana support has been removed in favor of the official support that is more aligned with Narayana releases.
If you were using spring-boot-starter-jta-narayana
, the new coordinates are the following:
<dependency>
<groupId>me.snowdrop</groupId>
<artifactId>narayana-spring-boot-starter</artifactId>
<version>2.0.1</version>
</dependency>
Check the documentation for more details.
If you were using activemq-pool
, support has been removed in this release in favor of pooled-jms
that offers the same features while being JMS 2.0 compliant.
You can update your build as follows:
<dependency>
<groupId>org.messaginghub</groupId>
<artifactId>pooled-jms</artifactId>
</dependency>
HttpPutFormContentFilter
has been deprecated in favor of FormContentFilter
.
As a result the spring.mvc.formcontent.putfilter.enabled
property is no longer defined.
If you were using this feature, please update to spring.mvc.formcontent.filter.enabled
.
The structure of the spring.security.oauth2.client.registration
has been reworked in a single tree rather than having an authorizationcode
and clientcredentials
sub namespace.
The description of management.metrics.distribution.sla
wrongly described that a all
meter ID could be used to set a SLA for all metrics.
This feature couldn’t be implemented properly given that the unit may differ based on the meter type.
Previously, declaring a OkHttpClient.Builder
bean was enough to customize the client used by InfluxDB.
To make sure such customizations are isolated, please define a InfluxDbOkHttpClientBuilderProvider
bean instead.
The finalName
property is no longer customizable to align with the behavior of standard Maven plugins.
If you were customizing the repackage
goal, the main execution has now an id of repackage
that must be specified, see the updated sample.
The spring.version
property defined in the spring-boot-dependencies
POM has been renamed.
To override the Spring Framework version you should now use the spring-framework.version
property instead.
We generally recommend that you stick with the managed framework version unless absolutely necessary.
A starter could declare a META-INF/spring.provides
so that an IDE can figure out what dependencies it provides.
Scanning the starter POM for the immediate dependencies that it declares should be enough of an indication.
If you are responsible of a third-party starter and you declare this file, it can be removed.
Dependency management and auto-configuration for Thymeleaf’s Spring Security Extras module has switched from thymeleaf-extras-springsecurity4
to thymeleaf-extras-springsecurity5
.
If you were using the module, you should update your pom.xml
or build.gradle
to depend upon thymeleaf-extras-springsecurity5
.
Dependency management for json-simple
is no longer provided and the JsonParser
implementation using it has been removed.
If you are using hibernate-ehcache
to use EhCache 2 as a second-level cache provider with Hibernate, it is deprecated as of Hibernate 5.3.
If you have developed your own actuator @Endpoint
beans you should ensure that they following the tighter naming rules introduced in Spring Boot 2.1.
Specifically, IDs should be alpha-numeric only and must start with a letter (see the EndpointId
class documentation for full details).
If you use -
or .
characters Spring Boot 2.1 will log a warning and ask you to migrate to the correct format.
Spring Boot 2.1 has upgraded to Lombok 1.18.x from 1.16.x. In 1.18, Lombok will no longer generate a private, no-args constructor by default. It can be enabled by setting lombok.noArgsConstructor.extraPrivate=true
in a lombok.config
configuration file. For further information about changes in Lombok, please refer to its changelog.
As part of upgrading to Hibernate 5.3, the managed Java Persistence API dependency has changed from org.hibernate.javax.persistence:hibernate-jpa-2.1-api
to javax.persistence:javax.persistence-api
. If you are using spring-boot-starter-data-jpa
or depending on the API transitively via Hibernate, you will be unaffected by this change.
Hibernate-specific properties have been moved from JpaProperties
into a separate class named HibernateProperties
. If you were using JpaProperties.getHibernateProperties(HibernateSettings)
you
should now inject both HibernateProperties
and JpaProperties
to determine the properties:
Map<String, Object> properties = hibernateProperties.determineHibernateProperties(
jpaProperties.getProperties(), new HibernateSettings());
Tip
|
Check the configuration changelog for a complete overview of the changes in configuration. |
Spring Boot 2.1 builds on and requires Spring Framework 5.1.
We’ve upgraded to the latest stable releases of other third-party jars wherever possible. Some notable dependency upgrades in this release include:
-
Tomcat 9
-
Undertow 2
-
Hibernate 5.3
-
JUnit 5.2
-
Micrometer 1.1
Spring Boot 2.1 remains compatible with Java 8 but now also supports Java 11. We have continuous integration configured to build and test Spring Boot against the latest Java 11 release.
If a property needs to express a size in bytes or similar convenient unit, it can expose a org.springframework.util.unit.DataSize
property.
Similar to our Duration
support introduced in Spring Boot 2.0, the data size supports an easy format (i.e. 10MB
for 10 megabytes) and metadata support.
All relevant configuration properties have been updated to use the new type.
The ApplicationConversionService
is now registered by default with the Environment
and BeanFactory
created by SpringApplication
.
This allows you to use application converters directly with core Spring Framework items such as the @Value
annotation:
@Value("${my.duration:10s}")
private Duration duration;
Profile matching has been improved to support an expression format.
For instance production & (us-east | eu-central)
indicates a match if the production
profile is active and either the us-east
or eu-central
profiles are active.
Profile expression can be used as follows:
-
Enable componets using
@Profile
-
Enable Logback configuration using
<springProfile>
Spring Boot now provides auto-configuration for ThreadPoolTaskExecutor
.
If you are using @EnableAsync
, your custom TaskExecutor
can be removed in favor of customizations available from the spring.task.execution
namespace.
Custom ThreadPoolTaskExecutor
can be easily created using TaskExecutorBuilder
.
Similarly to the new task execution support, Spring Boot auto-configures a ThreadPoolTaskScheduler
when @EnableScheduling
is specified.
The task scheduler can be customized using the spring.task.scheduling
namespace.
A TaskSchedulerBuilder
is also available by default.
Logger groups can be defined to allow related loggers to be configured in one go.
For example, you could declare a tomcat
group that allows you to configure org.apache.catalina
, org.apache.coyote
and org.apache.tomcat
loggers with a single key:
# define the group
logging.group.tomcat=org.apache.catalina, org.apache.coyote, org.apache.tomcat
# use the group (possibly in a different configuration file)
logging.level.tomcat=TRACE
Convenient web
and sql
groups are provided out-of-the-box. See the reference guide for details.
Specifying arguments has been improved with dedicated options for system properties and environment variables.
It is also possible to repackage and replace a classified
artifact, see the updated documentation of the classifier
attribute.
Spring Data Lovelace introduces a 'bootstrap mode' for the repositories. Spring Boot exposes a property that can be set to control the boostrap mode of JPA repositories. For instance, to defer initialization of JPA repositories, simply add the following to your configuration:
spring.data.jpa.repositories.bootstrap-mode=deferred
When setting the mode to deferred
or lazy
, JPA setup happens in a separate thread.
Auto-configuration is now provided for Kafa Streams when a org.apache.kafka:kafka-streams
dependency is declared.
See the updated Spring Boot documentation and the Spring Kafka documentation for details.
Spring Data includes repository support for JDBC and will automatically generate SQL for the methods on CrudRepository
.
Spring Boot will auto-configure Spring Data’s JDBC repositories when the necessary dependencies are on the classpath.
They can be added to your project with a single dependency on spring-boot-starter-data-jdbc
.
For complete details of Spring Data JDBC, please refer to the reference documentation.
The auto-configured ConnectionFactory
is cached by default using CachingConnectionFactory
until the pooling option is enabled or spring.jms.cache.enabled
is set to false
.
Pooling option has also been extended to Artemis (see spring.jms.artemis.pool.*
).
As an alternative option to Jest, auto-configurations for RestClient
and RestHighLevelClient
are provided with configurable options from the spring.elasticsearch.rest.*
namespace.
All @…Test
annotations are meta-annotated with @ExtendWith(SpringExtension.class)
so this redundant part of the setup can be removed if you’re using JUnit 5.
Spring Boot also uses a maven-surefire-plugin
version that does not require any custom setup to use JUnit 5.
Support for WebFlux OAuth2 login has been added.
OpenID Connect providers are easier to configure using an issuer-uri
which is the URI that the it asserts as its Issuer Identifier.
If you have spring-security-oauth2-resource-server
on your classpath, Spring Boot can set up an OAuth2 Resource Server as long as a JWK Set URI is specified.
For instance:
spring.security.oauth2.resource.jwt.jwk.set-uri=https://example.com/oauth2/default/v1/keys
This is supported for both MVC and WebFlux applications.
It’s now easier to write non-web OAuth applications as we provide an auto-configured InMemoryReactiveClientRegistrationRepository
bean regardless of the application type.
If you’re writing an application that doesn’t use an embedded web server (such as a CLI application) you can now inject and use the configured registration repository directly.
A new /actuator/caches
endpoint lists the available CacheManager
instances and their respective caches with basic metadata.
See the API for more details.
If you are using Spring Integration, a graph representation of all Spring Integration components can be exposed at /actuator/integrationgraph
.
Please see the API for more details.
An HealthIndicatorRegistry
bean is now available to add and remove HealthIndicator
at runtime.
The health
endpoint has also been improved to query a specific indicator if necessary.
For instance /actuator/health/db
executes only the "db" HealthIndicator
.
Please see the API for more details.
A reactive HealthIndicator
for Apache Cassandra is available.
Common tags can be applied to all meters declaratively as show in the following example:
management.metrics.tags.region=us-east-1
management.metrics.tags.stack=prod
The example above adds a region
and stack
tags to all meters with a value of us-east-1
and prod
respectively.
Metrics coverage has been improved to include:
-
Hibernate metrics
-
Spring Framework’s
WebClient
-
Kafka consumer metrics
-
Log4j2 metrics
-
Jetty server thread pool metrics
-
Server-side Jersey HTTP request metrics
The following metrics registries are now auto-configured when on the classpath:
-
AppOptics
-
Humio
-
KariosDB
Additionally, support for Prometheus push gateway has been added.
As well as the changes listed above, there have also been lots of minor tweaks and improvements including:
-
Jackson visibility can be configured using
spring.jackson.visiblity.*
. -
It is easier to create a
WebServiceTemplate
using an auto-configuredWebServiceTemplateBuilder
. -
Error page shows stacktraces when Devtools is in use.
-
It is no longer necessary to export a dummy
ResourceConfig
to enable Jersey support. -
JNDI lookups have been improved to enable
resourceRef
by default. -
Customization of the
RetryTemplate
used by the Rabbit infrastructure is available viaRabbitRetryTemplateCustomizer
. -
The receive queue of the default
RabbitTemplate
is now configurable -
Tomcat’s max swallow size is now configurable using a property
-
HTTP/2 with Reactor Netty Server is now supported.
-
Kafka auto-configuation now supports
errorHandler
transactionManager
andafterRollbackProcessor
beans. -
Support has been added for generating unique JMX ObjectNames globally (rather than limiting this feature to Actuator Endpoints)
-
Configuration property meta-data is now ordered, with deprecated items appearing last.
-
The
withDetails
method onHealth.Builder
now also accepts aMap
. -
A reactive
ReactiveJwtDecoder
is now auto-configured when you have an issuer url defined. -
The
BackgroundPreinitializer
can be disabled for if aspring.backgroundpreinitializer.ignore
system property is set -
HiddenHttpMethodFilter
can be disabled using a property -
The JAP starter POM now works out-of-the-box on Java 9+
-
MongoDB auto-configuration will now back-off when a
com.mongodb.client.MongoClient
bean is defined (as well as the more usualcom.mongodb.MongoClient
). -
You can now optionally use Jetty RS as HTTP driver for WebClient
-
Several configuration options have been added in the
spring.quartz
namespace. -
@ConditionalOnEnabledEndpoint
can be used on any component (e.g. something that is only required by the endpoint and shouldn’t be created if the endpoint is disabled). -
@ConditionalOnMissingServletFilter
is available to respectFilterRegistration
beans when testing if aFilter
bean is missing -
@WebMvcTest
auto-configures Spring Data REST as well (e.g. support forSort
andPageable
request arguments). -
Slice tests now all have a
properties
attribute to consistently customize the environment if necessary -
Support has been added for multiple
RestDocsMockMvcConfigurationCustomizer
-
Security configuration is now applied to
WebTestClient
. For more information on testing secured endpoints, please refer to the relevant section of Spring Security’s reference documentation. -
WebExceptionHandlers
are now supported by@WebFluxTest
-
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
can now generate a separate random port for the management server. -
Auto-configuration exclusions are now applied consistently.
-
management.endpoints.jmx.unique-names
is deprecated in favor ofspring.jmx.unique-names
✅ -
setConnectTimeout(int)
andsetReadTimeout(int)
have been deprecated in favor of similar methods that take aDuration
. 🔴 -
Methods used to set a data size using
int
have been deprecated and replaced with variants that take aDataSize
. 🔴 -
The
secure
attribute on@AutoConfigureMockMvc
has been deprecated in favor of using Spring Security’s@WithMockUser
annotation. 🔴 -
RestTemplateBuilder.basicAuthorization
has been deprecated in favor ofbasicAuthentication
. 🔴 -
REQUEST_WRAPPER_FILTER_MAX_ORDER
inAbstractFilterRegistrationBean
andFilterRegistrationBean
have been replaced byOrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER
. 🔴
-
All
management.metrics.binders.*.enabled
properties have been removed in favor of directly excluding the auto-configuration. ✅ -
The
spring.security.oauth2.client.registration.login.*.redirect-uri-template
property is deprecated in favor ofspring.security.oauth2.client.registration.login.*.redirect-uri
🔴 -
The
spring.security.oauth2.resource.jwt.jwk.set-uri
property has been renamed tospring.security.oauth2.resourceserver.jwt.jwk-set-uri
🔴 -
The
spring.cloud.enabled
property has been removed (excludeCloudServiceConnectorsAutoConfiguration
if you need to disable cloud connectors) 🔴