NOTE: Retrieving part of the log file is not supported when using Jersey.
To retrieve part of the log file, make a `GET` request to `/actuator/logfile` by using the `+Range+` header, as shown in the following curl-based example:
To retrieve part of the log file, make a `GET` request to `/actuator/logfile` by using the `Range` header, as shown in the following curl-based example:
The following table lists the various `+@...Test+` annotations that can be used to test slices of your application and the auto-configuration that they import by default:
The following table lists the various `@...Test` annotations that can be used to test slices of your application and the auto-configuration that they import by default:
@ -43,7 +43,7 @@ For Maven, this works by setting the `profiles` configuration of the `spring-boo
@@ -43,7 +43,7 @@ For Maven, this works by setting the `profiles` configuration of the `spring-boo
</profile>
----
For Gradle, you need to configure the `+ProcessAot+` task:
For Gradle, you need to configure the `ProcessAot` task:
@ -17,7 +17,7 @@ You can extend from that so that your implementation gets a chance to handle the
@@ -17,7 +17,7 @@ You can extend from that so that your implementation gets a chance to handle the
If, for whatever reason, you cannot handle the exception, return `null` to give another implementation a chance to handle the exception.
javadoc:org.springframework.boot.diagnostics.FailureAnalyzer[] implementations must be registered in `META-INF/spring.factories`.
The following example registers `+ProjectConstraintViolationFailureAnalyzer+`:
The following example registers `ProjectConstraintViolationFailureAnalyzer`:
Assuming that `+SomeDataSource+` has regular JavaBean properties for the URL, the username, and the pool size, these settings are bound automatically before the javadoc:javax.sql.DataSource[] is made available to other components.
Assuming that `SomeDataSource` has regular JavaBean properties for the URL, the username, and the pool size, these settings are bound automatically before the javadoc:javax.sql.DataSource[] is made available to other components.
Spring Boot also provides a utility builder class, called javadoc:org.springframework.boot.jdbc.DataSourceBuilder[], that can be used to create one of the standard data sources (if it is on the classpath).
The builder can detect which one to use based on what is available on the classpath.
@ -243,7 +243,7 @@ Alternatively, if javadoc:org.hibernate.boot.model.naming.ImplicitNamingStrategy
@@ -243,7 +243,7 @@ Alternatively, if javadoc:org.hibernate.boot.model.naming.ImplicitNamingStrategy
By default, Spring Boot configures the physical naming strategy with javadoc:org.hibernate.boot.model.naming.CamelCaseToUnderscoresNamingStrategy[].
Using this strategy, all dots are replaced by underscores and camel casing is replaced by underscores as well.
Additionally, by default, all table names are generated in lower case.
For example, a `+TelephoneNumber+` entity is mapped to the `telephone_number` table.
For example, a `TelephoneNumber` entity is mapped to the `telephone_number` table.
If your schema requires mixed-case identifiers, define a custom javadoc:org.hibernate.boot.model.naming.CamelCaseToUnderscoresNamingStrategy[] bean, as shown in the following example:
include-code::spring/MyHibernateConfiguration[]
@ -311,7 +311,7 @@ You can also reuse javadoc:org.springframework.boot.autoconfigure.orm.jpa.JpaPro
@@ -311,7 +311,7 @@ You can also reuse javadoc:org.springframework.boot.autoconfigure.orm.jpa.JpaPro
The example above creates an javadoc:jakarta.persistence.EntityManagerFactory[] using a javadoc:javax.sql.DataSource[] bean named `firstDataSource`.
It scans entities located in the same package as `+Order+`.
It scans entities located in the same package as `Order`.
It is possible to map additional JPA properties using the `app.first.jpa` namespace.
NOTE: When you create a bean for javadoc:org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean[] yourself, any customization that was applied during the creation of the auto-configured javadoc:org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean[] is lost.
IMPORTANT: Remember to change the `+Description+`, `+User+`, `+Group+`, `+ExecStart+` and `+WorkingDirectory+` fields for your application.
IMPORTANT: Remember to change the `Description`, `User`, `Group`, `ExecStart` and `WorkingDirectory` fields for your application.
NOTE: The `+ExecStart+` field does not declare the script action command, which means that the `run` command is used by default.
NOTE: The `ExecStart` field does not declare the script action command, which means that the `run` command is used by default.
The user that runs the application, the PID file, and the console log file are managed by `systemd` itself and therefore must be configured by using appropriate fields in the '`service`' script.
Consult the https://www.freedesktop.org/software/systemd/man/systemd.service.html[service unit configuration man page] for more details.
@ -206,7 +206,7 @@ The following property substitutions are supported with the default script:
@@ -206,7 +206,7 @@ The following property substitutions are supported with the default script:
| `auto`
| `initInfoProvides`
| The `+Provides+` section of "`INIT INFO`"
| The `Provides` section of "`INIT INFO`"
| `${task.baseName}`
| `${project.artifactId}`
@ -236,7 +236,7 @@ The following property substitutions are supported with the default script:
@@ -236,7 +236,7 @@ The following property substitutions are supported with the default script:
| `${project.name}`
| `initInfoDescription`
| `+Description+` section of "`INIT INFO`".
| `Description` section of "`INIT INFO`".
| `${project.description}` (falling back to `${task.baseName}`)
| `${project.description}` (falling back to `${project.name}`)
@ -75,7 +75,7 @@ This means that, in addition to being deployable to a servlet container, you can
@@ -75,7 +75,7 @@ This means that, in addition to being deployable to a servlet container, you can
To convert an existing non-web Spring application to a Spring Boot application, replace the code that creates your javadoc:org.springframework.context.ApplicationContext[] and replace it with calls to javadoc:org.springframework.boot.SpringApplication[] or javadoc:org.springframework.boot.builder.SpringApplicationBuilder[].
Spring MVC web applications are generally amenable to first creating a deployable war application and then migrating it later to an executable war or jar.
To create a deployable war by extending javadoc:org.springframework.boot.web.servlet.support.SpringBootServletInitializer[] (for example, in a class called `+Application+`) and adding the Spring Boot javadoc:org.springframework.boot.autoconfigure.SpringBootApplication[format=annotation] annotation, use code similar to that shown in the following example:
To create a deployable war by extending javadoc:org.springframework.boot.web.servlet.support.SpringBootServletInitializer[] (for example, in a class called `Application`) and adding the Spring Boot javadoc:org.springframework.boot.autoconfigure.SpringBootApplication[format=annotation] annotation, use code similar to that shown in the following example:
include-code::MyApplication[tag=!main]
@ -87,14 +87,14 @@ Static resources can be moved to `/public` (or `/static` or `/resources` or `/ME
@@ -87,14 +87,14 @@ Static resources can be moved to `/public` (or `/static` or `/resources` or `/ME
The same applies to `messages.properties` (which Spring Boot automatically detects in the root of the classpath).
Vanilla usage of Spring javadoc:org.springframework.web.servlet.DispatcherServlet[] and Spring Security should require no further changes.
If you have other features in your application (for instance, using other servlets or filters), you may need to add some configuration to your `+Application+` context, by replacing those elements from the `web.xml`, as follows:
If you have other features in your application (for instance, using other servlets or filters), you may need to add some configuration to your `Application` context, by replacing those elements from the `web.xml`, as follows:
* A javadoc:org.springframework.context.annotation.Bean[format=annotation] of type javadoc:jakarta.servlet.Servlet[] or javadoc:org.springframework.boot.web.servlet.ServletRegistrationBean[] installs that bean in the container as if it were a `<servlet/>` and `<servlet-mapping/>` in `web.xml`.
* A javadoc:org.springframework.context.annotation.Bean[format=annotation] of type javadoc:jakarta.servlet.Filter[] or javadoc:org.springframework.boot.web.servlet.FilterRegistrationBean[] behaves similarly (as a `<filter/>` and `<filter-mapping/>`).
* An javadoc:org.springframework.context.ApplicationContext[] in an XML file can be added through an javadoc:org.springframework.context.annotation.ImportResource[format=annotation] in your `+Application+`.
Alternatively, cases where annotation configuration is heavily used already can be recreated in a few lines as javadoc:org.springframework.context.annotation.Bean[format=annotation] definitions.
Once the war file is working, you can make it executable by adding a `main` method to your `+Application+`, as shown in the following example:
Once the war file is working, you can make it executable by adding a `main` method to your `Application`, as shown in the following example:
@ -9,7 +9,7 @@ This section includes topics relating to the Docker Compose support in Spring Bo
@@ -9,7 +9,7 @@ This section includes topics relating to the Docker Compose support in Spring Bo
== Customizing the JDBC URL
When using javadoc:org.springframework.boot.autoconfigure.jdbc.JdbcConnectionDetails[] with Docker Compose, the parameters of the JDBC URL
can be customized by applying the `+org.springframework.boot.jdbc.parameters+` label to the
can be customized by applying the `org.springframework.boot.jdbc.parameters` label to the
NOTE: The Log4j starters gather together the dependencies for common logging requirements (such as having Tomcat use `java.util.logging` but configuring the output using Log4j 2).
NOTE: To ensure that debug logging performed using `java.util.logging` is routed into Log4j 2, configure its https://logging.apache.org/log4j/2.x/log4j-jul.html[JDK logging adapter] by setting the `java.util.logging.manager` system property to `+org.apache.logging.log4j.jul.LogManager+`.
NOTE: To ensure that debug logging performed using `java.util.logging` is routed into Log4j 2, configure its https://logging.apache.org/log4j/2.x/log4j-jul.html[JDK logging adapter] by setting the `java.util.logging.manager` system property to `org.apache.logging.log4j.jul.LogManager`.
@ -7,7 +7,7 @@ There are two main ways to build a Spring Boot native image application:
@@ -7,7 +7,7 @@ There are two main ways to build a Spring Boot native image application:
* Using GraalVM Native Build Tools to generate a native executable.
TIP: The easiest way to start a new native Spring Boot project is to go to https://start.spring.io[start.spring.io], add the `GraalVM Native Support` dependency and generate the project.
The included `+HELP.md+` file will provide getting started hints.
The included `HELP.md` file will provide getting started hints.
The `${..}` style conflicts with Spring's own property placeholder mechanism.
To use Spring property placeholders together with automatic expansion, escape the Spring property placeholders as follows: `\${..}`.
@ -154,7 +154,7 @@ You can also provide the following System properties (or environment variables)
@@ -154,7 +154,7 @@ You can also provide the following System properties (or environment variables)
No matter what you set in the environment, Spring Boot always loads `application.properties` as described above.
By default, if YAML is used, then files with the '`.yaml`' and '`.yml`' extensions are also added to the list.
TIP: If you want detailed information about the files that are being loaded you can xref:reference:features/logging.adoc#features.logging.log-levels[set the logging level] of `+org.springframework.boot.context.config+` to `trace`.
TIP: If you want detailed information about the files that are being loaded you can xref:reference:features/logging.adoc#features.logging.log-levels[set the logging level] of `org.springframework.boot.context.config` to `trace`.
@ -205,7 +205,7 @@ If you add your own, you have to be aware of the order and in which position you
@@ -205,7 +205,7 @@ If you add your own, you have to be aware of the order and in which position you
javadoc:org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration[] adds the following javadoc:org.springframework.web.servlet.ViewResolver[] beans to your context:
* An javadoc:org.springframework.web.servlet.view.InternalResourceViewResolver[] named '`defaultViewResolver`'.
This one locates physical resources that can be rendered by using the `+DefaultServlet+` (including static resources and JSP pages, if you use those).
This one locates physical resources that can be rendered by using the `DefaultServlet` (including static resources and JSP pages, if you use those).
It applies a prefix and a suffix to the view name and then looks for a physical resource with that path in the servlet context (the defaults are both empty but are accessible for external configuration through `spring.mvc.view.prefix` and `spring.mvc.view.suffix`).
You can override it by providing a bean of the same type.
* A javadoc:org.springframework.web.servlet.view.BeanNameViewResolver[] named '`beanNameViewResolver`'.
@ -452,7 +452,7 @@ For more details, see the Jetty documentation.
@@ -452,7 +452,7 @@ For more details, see the Jetty documentation.
If your application is running behind a proxy, a load-balancer or in the cloud, the request information (like the host, port, scheme...) might change along the way.
Your application may be running on `10.10.10.10:8080`, but HTTP clients should only see `example.org`.
https://tools.ietf.org/html/rfc7239[RFC7239 "Forwarded Headers"] defines the `+Forwarded+` HTTP header; proxies can use this header to provide information about the original request.
https://tools.ietf.org/html/rfc7239[RFC7239 "Forwarded Headers"] defines the `Forwarded` HTTP header; proxies can use this header to provide information about the original request.
You can configure your application to read those headers and automatically use that information when creating links and sending them to clients in HTTP 302 responses, JSON documents or HTML pages.
There are also non-standard headers, like `X-Forwarded-Host`, `X-Forwarded-Port`, `X-Forwarded-Proto`, `X-Forwarded-Ssl`, and `X-Forwarded-Prefix`.
@ -108,7 +108,7 @@ If your application is a web application (Spring MVC, Spring WebFlux, or Jersey)
@@ -108,7 +108,7 @@ If your application is a web application (Spring MVC, Spring WebFlux, or Jersey)
| `logfile`
| Returns the contents of the logfile (if the `logging.file.name` or the `logging.file.path` property has been set).
Supports the use of the HTTP `+Range+` header to retrieve part of the log file's content.
Supports the use of the HTTP `Range` header to retrieve part of the log file's content.
| `prometheus`
| Exposes metrics in a format that can be scraped by a Prometheus server.
@ -398,7 +398,7 @@ Operations on an endpoint receive input through their parameters.
@@ -398,7 +398,7 @@ Operations on an endpoint receive input through their parameters.
When exposed over the web, the values for these parameters are taken from the URL's query parameters and from the JSON request body.
When exposed over JMX, the parameters are mapped to the parameters of the MBean's operations.
Parameters are required by default.
They can be made optional by annotating them with either `+@javax.annotation.Nullable+` or javadoc:org.springframework.lang.Nullable[format=annotation].
They can be made optional by annotating them with either `@javax.annotation.Nullable` or javadoc:org.springframework.lang.Nullable[format=annotation].
You can map each root property in the JSON request body to a parameter of the endpoint.
Consider the following JSON request body:
@ -531,7 +531,7 @@ NOTE: Range requests are not supported when using Jersey.
@@ -531,7 +531,7 @@ NOTE: Range requests are not supported when using Jersey.
==== Web Endpoint Security
An operation on a web endpoint or a web-specific endpoint extension can receive the current javadoc:java.security.Principal[] or javadoc:org.springframework.boot.actuate.endpoint.SecurityContext[] as a method parameter.
The former is typically used in conjunction with either `+@javax.annotation.Nullable+` or javadoc:org.springframework.lang.Nullable[format=annotation] to provide different behavior for authenticated and unauthenticated users.
The former is typically used in conjunction with either `@javax.annotation.Nullable` or javadoc:org.springframework.lang.Nullable[format=annotation] to provide different behavior for authenticated and unauthenticated users.
The latter is typically used to perform authorization checks by using its `isUserInRole(String)` method.
@ -989,7 +989,7 @@ Some external systems might not be shared by application instances, in which cas
@@ -989,7 +989,7 @@ Some external systems might not be shared by application instances, in which cas
Other external systems might not be essential to the application (the application could have circuit breakers and fallbacks), in which case they definitely should not be included.
Unfortunately, an external system that is shared by all application instances is common, and you have to make a judgement call: Include it in the readiness probe and expect that the application is taken out of service when the external service is down or leave it out and deal with failures higher up the stack, perhaps by using a circuit breaker in the caller.
NOTE: If all instances of an application are unready, a Kubernetes Service with `type=ClusterIP` or `+NodePort+` does not accept any incoming connections.
NOTE: If all instances of an application are unready, a Kubernetes Service with `type=ClusterIP` or `NodePort` does not accept any incoming connections.
There is no HTTP error response (503 and so on), since there is no connection.
A service with `type=LoadBalancer` might or might not accept connections, depending on the provider.
A service that has an explicit https://kubernetes.io/docs/concepts/services-networking/ingress/[ingress] also responds in a way that depends on the implementation -- the ingress service itself has to decide how to handle the "`connection refused`" from downstream.
@ -1261,7 +1261,7 @@ You can also add any number of `tag=KEY:VALUE` query parameters to the end of th
@@ -1261,7 +1261,7 @@ You can also add any number of `tag=KEY:VALUE` query parameters to the end of th
[TIP]
====
The reported measurements are the _sum_ of the statistics of all meters that match the meter name and any tags that have been applied.
In the preceding example, the returned `+Value+` statistic is the sum of the maximum memory footprints of the "`Code Cache`", "`Compressed Class Space`", and "`Metaspace`" areas of the heap.
In the preceding example, the returned `Value` statistic is the sum of the maximum memory footprints of the "`Code Cache`", "`Compressed Class Space`", and "`Metaspace`" areas of the heap.
If you wanted to see only the maximum size for the "`Metaspace`", you could add an additional `tag=id:Metaspace` -- that is, `/actuator/metrics/jvm.memory.max?tag=area:nonheap&tag=id:Metaspace`.
This will create an observation named "some-operation" with the tag "some-tag=some-value".
TIP: If you want to create a span without creating a metric, you need to use the {url-micrometer-tracing-docs}/api[lower-level `+Tracer+` API] from Micrometer.
TIP: If you want to create a span without creating a metric, you need to use the {url-micrometer-tracing-docs}/api[lower-level `Tracer` API] from Micrometer.
@ -218,7 +218,7 @@ Spring Data includes repository support for MongoDB.
@@ -218,7 +218,7 @@ Spring Data includes repository support for MongoDB.
As with the JPA repositories discussed earlier, the basic principle is that queries are constructed automatically, based on method names.
In fact, both Spring Data JPA and Spring Data MongoDB share the same common infrastructure.
You could take the JPA example from earlier and, assuming that `+City+` is now a MongoDB data class rather than a JPA javadoc:jakarta.persistence.Entity[format=annotation], it works in the same way, as shown in the following example:
You could take the JPA example from earlier and, assuming that `City` is now a MongoDB data class rather than a JPA javadoc:jakarta.persistence.Entity[format=annotation], it works in the same way, as shown in the following example:
include-code::CityRepository[]
@ -273,7 +273,7 @@ Spring Data includes repository support for Neo4j.
@@ -273,7 +273,7 @@ Spring Data includes repository support for Neo4j.
For complete details of Spring Data Neo4j, see the {url-spring-data-neo4j-docs}[reference documentation].
Spring Data Neo4j shares the common infrastructure with Spring Data JPA as many other Spring Data modules do.
You could take the JPA example from earlier and define `+City+` as Spring Data Neo4j javadoc:org.springframework.data.neo4j.core.schema.Node[format=annotation] rather than JPA javadoc:jakarta.persistence.Entity[format=annotation] and the repository abstraction works in the same way, as shown in the following example:
You could take the JPA example from earlier and define `City` as Spring Data Neo4j javadoc:org.springframework.data.neo4j.core.schema.Node[format=annotation] rather than JPA javadoc:jakarta.persistence.Entity[format=annotation] and the repository abstraction works in the same way, as shown in the following example:
include-code::CityRepository[]
@ -401,7 +401,7 @@ Spring Data includes repository support for Elasticsearch.
@@ -401,7 +401,7 @@ Spring Data includes repository support for Elasticsearch.
As with the JPA repositories discussed earlier, the basic principle is that queries are constructed for you automatically based on method names.
In fact, both Spring Data JPA and Spring Data Elasticsearch share the same common infrastructure.
You could take the JPA example from earlier and, assuming that `+City+` is now an Elasticsearch javadoc:org.springframework.data.elasticsearch.annotations.Document[format=annotation] class rather than a JPA javadoc:jakarta.persistence.Entity[format=annotation], it works in the same way.
You could take the JPA example from earlier and, assuming that `City` is now an Elasticsearch javadoc:org.springframework.data.elasticsearch.annotations.Document[format=annotation] class rather than a JPA javadoc:jakarta.persistence.Entity[format=annotation], it works in the same way.
Repositories and documents are found through scanning.
By default, the xref:using/auto-configuration.adoc#using.auto-configuration.packages[auto-configuration packages] are scanned.
@ -440,7 +440,7 @@ There is a `spring-boot-starter-data-cassandra` starter for collecting the depen
@@ -440,7 +440,7 @@ There is a `spring-boot-starter-data-cassandra` starter for collecting the depen
[[data.nosql.cassandra.connecting]]
=== Connecting to Cassandra
You can inject an auto-configured javadoc:org.springframework.data.cassandra.core.CassandraTemplate[] or a Cassandra `+CqlSession+` instance as you would with any other Spring Bean.
You can inject an auto-configured javadoc:org.springframework.data.cassandra.core.CassandraTemplate[] or a Cassandra `CqlSession` instance as you would with any other Spring Bean.
The `spring.cassandra.*` properties can be used to customize the connection.
Generally, you provide `keyspace-name` and `contact-points` as well the local datacenter name, as shown in the following example:
Custom SSL trust material can be configured in an xref:features/ssl.adoc[SSL bundle] and applied to the `+CqlSession+` as shown in this example:
Custom SSL trust material can be configured in an xref:features/ssl.adoc[SSL bundle] and applied to the `CqlSession` as shown in this example:
[configprops,yaml]
----
@ -502,10 +502,10 @@ Spring Boot does not look for such a file by default but can load one using `spr
@@ -502,10 +502,10 @@ Spring Boot does not look for such a file by default but can load one using `spr
If a property is both present in `+spring.cassandra.*+` and the configuration file, the value in `+spring.cassandra.*+` takes precedence.
For more advanced driver customizations, you can register an arbitrary number of beans that implement javadoc:org.springframework.boot.autoconfigure.cassandra.DriverConfigLoaderBuilderCustomizer[].
The `+CqlSession+` can be customized with a bean of type javadoc:org.springframework.boot.autoconfigure.cassandra.CqlSessionBuilderCustomizer[].
The `CqlSession` can be customized with a bean of type javadoc:org.springframework.boot.autoconfigure.cassandra.CqlSessionBuilderCustomizer[].
====
NOTE: If you use `+CqlSessionBuilder+` to create multiple `+CqlSession+` beans, keep in mind the builder is mutable so make sure to inject a fresh copy for each session.
NOTE: If you use `CqlSessionBuilder` to create multiple `CqlSession` beans, keep in mind the builder is mutable so make sure to inject a fresh copy for each session.
The following code listing shows how to inject a Cassandra bean:
@ -137,7 +137,7 @@ The following connection pools are supported by javadoc:org.springframework.boot
@@ -137,7 +137,7 @@ The following connection pools are supported by javadoc:org.springframework.boot
* HikariCP
* Tomcat pooling javadoc:javax.sql.DataSource[]
* Commons DBCP2
* Oracle UCP & `+OracleDataSource+`
* Oracle UCP & `OracleDataSource`
* Spring Framework's javadoc:org.springframework.jdbc.datasource.SimpleDriverDataSource[]
@ -234,7 +234,7 @@ See the xref:how-to:data-access.adoc#howto.data-access.separate-entity-definitio
@@ -234,7 +234,7 @@ See the xref:how-to:data-access.adoc#howto.data-access.separate-entity-definitio
{url-spring-data-jpa-site}[Spring Data JPA] repositories are interfaces that you can define to access data.
JPA queries are created automatically from your method names.
For example, a `+CityRepository+` interface might declare a `findAllByState(String state)` method to find all the cities in a given state.
For example, a `CityRepository` interface might declare a `findAllByState(String state)` method to find all the cities in a given state.
For more complex queries, you can annotate your method with Spring Data's javadoc:{url-spring-data-jpa-javadoc}/org.springframework.data.jpa.repository.Query[] annotation.
https://spring.io/projects/spring-data-r2dbc[Spring Data R2DBC] repositories are interfaces that you can define to access data.
Queries are created automatically from your method names.
For example, a `+CityRepository+` interface might declare a `findAllByState(String state)` method to find all the cities in a given state.
For example, a `CityRepository` interface might declare a `findAllByState(String state)` method to find all the cities in a given state.
For more complex queries, you can annotate your method with Spring Data's javadoc:{url-spring-data-r2dbc-javadoc}/org.springframework.data.r2dbc.repository.Query[format=annotation] annotation.
If you have a container image defined in your `compose.yml` that you don’t want connected to your application you can use a label to ignore it.
Any container with labeled with `+org.springframework.boot.ignore+` will be ignored by Spring Boot.
Any container with labeled with `org.springframework.boot.ignore` will be ignored by Spring Boot.
For example:
@ -324,7 +324,7 @@ This will allow you to access all declared test dependencies and give you a natu
@@ -324,7 +324,7 @@ This will allow you to access all declared test dependencies and give you a natu
To create a test launchable version of your application you should create an "`Application`" class in the `src/test` directory.
For example, if your main application is in `src/main/java/com/example/MyApplication.java`, you should create `src/test/java/com/example/TestMyApplication.java`
The `+TestMyApplication+` class can use the `SpringApplication.from(...)` method to launch the real application:
The `TestMyApplication` class can use the `SpringApplication.from(...)` method to launch the real application:
include-code::launch/TestMyApplication[]
@ -349,7 +349,7 @@ Once you have defined your test configuration, you can use the `with(...)` metho
@@ -349,7 +349,7 @@ Once you have defined your test configuration, you can use the `with(...)` metho
include-code::test/TestMyApplication[]
You can now launch `+TestMyApplication+` as you would any regular Java `main` method application to start your application and the containers that it needs to run.
You can now launch `TestMyApplication` as you would any regular Java `main` method application to start your application and the containers that it needs to run.
TIP: You can use the Maven goal `spring-boot:test-run` or the Gradle task `bootTestRun` to do this from the command line.
@ -98,7 +98,7 @@ When placed on a javadoc:org.springframework.context.annotation.Bean[format=anno
@@ -98,7 +98,7 @@ When placed on a javadoc:org.springframework.context.annotation.Bean[format=anno
include-code::MyAutoConfiguration[]
In the preceding example, the `someService` bean is going to be created if no bean of type `+SomeService+` is already contained in the javadoc:org.springframework.context.ApplicationContext[].
In the preceding example, the `someService` bean is going to be created if no bean of type `SomeService` is already contained in the javadoc:org.springframework.context.ApplicationContext[].
TIP: You need to be very careful about the order in which bean definitions are added, as these conditions are evaluated based on what has been processed so far.
For this reason, we recommend using only javadoc:org.springframework.boot.autoconfigure.condition.ConditionalOnBean[format=annotation] and javadoc:org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean[format=annotation] annotations on auto-configuration classes (since these are guaranteed to load after any user-defined bean definitions have been added).
@ -330,7 +330,7 @@ By default you can import Java Properties, YAML and xref:features/external-confi
@@ -330,7 +330,7 @@ By default you can import Java Properties, YAML and xref:features/external-confi
Third-party jars can offer support for additional technologies (there is no requirement for files to be local).
For example, you can imagine config data being from external stores such as Consul, Apache ZooKeeper or Netflix Archaius.
If you want to support your own locations, see the javadoc:org.springframework.boot.context.config.ConfigDataLocationResolver[] and javadoc:org.springframework.boot.context.config.ConfigDataLoader[] classes in the `+org.springframework.boot.context.config+` package.
If you want to support your own locations, see the javadoc:org.springframework.boot.context.config.ConfigDataLocationResolver[] and javadoc:org.springframework.boot.context.config.ConfigDataLoader[] classes in the `org.springframework.boot.context.config` package.
====
@ -725,7 +725,7 @@ A setter may be omitted in the following cases:
@@ -725,7 +725,7 @@ A setter may be omitted in the following cases:
In the latter case, a setter is mandatory.
We recommend to always add a setter for such types.
If you initialize a collection, make sure it is not immutable (as in the preceding example).
* If nested POJO properties are initialized (like the `+Security+` field in the preceding example), a setter is not required.
* If nested POJO properties are initialized (like the `Security` field in the preceding example), a setter is not required.
If you want the binder to create the instance on the fly by using its default constructor, you need a setter.
Some people use Project Lombok to add getters and setters automatically.
@ -750,13 +750,13 @@ To opt out of constructor binding for a class with a single parameterized constr
@@ -750,13 +750,13 @@ To opt out of constructor binding for a class with a single parameterized constr
Constructor binding can be used with records.
Unless your record has multiple constructors, there is no need to use javadoc:org.springframework.boot.context.properties.bind.ConstructorBinding[format=annotation].
Nested members of a constructor bound class (such as `+Security+` in the example above) will also be bound through their constructor.
Nested members of a constructor bound class (such as `Security` in the example above) will also be bound through their constructor.
Default values can be specified using javadoc:org.springframework.boot.context.properties.bind.DefaultValue[format=annotation] on constructor parameters and record components.
The conversion service will be applied to coerce the annotation's javadoc:java.lang.String[] value to the target type of a missing property.
Referring to the previous example, if no properties are bound to `+Security+`, the `MyProperties` instance will contain a `null` value for `security`.
To make it contain a non-null instance of `+Security+` even when no properties are bound to it (when using Kotlin, this will require the `username` and `password` parameters of `+Security+` to be declared as nullable as they do not have default values), use an empty javadoc:org.springframework.boot.context.properties.bind.DefaultValue[format=annotation] annotation:
Referring to the previous example, if no properties are bound to `Security`, the `MyProperties` instance will contain a `null` value for `security`.
To make it contain a non-null instance of `Security` even when no properties are bound to it (when using Kotlin, this will require the `username` and `password` parameters of `Security` to be declared as nullable as they do not have default values), use an empty javadoc:org.springframework.boot.context.properties.bind.DefaultValue[format=annotation] annotation:
When the javadoc:org.springframework.boot.context.properties.ConfigurationProperties[format=annotation] bean is registered using configuration property scanning or through javadoc:org.springframework.boot.context.properties.EnableConfigurationProperties[format=annotation], the bean has a conventional name: `<prefix>-<fqn>`, where `<prefix>` is the environment key prefix specified in the javadoc:org.springframework.boot.context.properties.ConfigurationProperties[format=annotation] annotation and `<fqn>` is the fully qualified name of the bean.
If the annotation does not provide any prefix, only the fully qualified name of the bean is used.
Assuming that it is in the `com.example.app` package, the bean name of the `+SomeProperties+` example above is `some.properties-com.example.app.SomeProperties`.
Assuming that it is in the `com.example.app` package, the bean name of the `SomeProperties` example above is `some.properties-com.example.app.SomeProperties`.
====
We recommend that javadoc:org.springframework.boot.context.properties.ConfigurationProperties[format=annotation] only deal with the environment and, in particular, does not inject other beans from the context.
@ -844,7 +844,7 @@ To configure a bean from the javadoc:org.springframework.core.env.Environment[]
@@ -844,7 +844,7 @@ To configure a bean from the javadoc:org.springframework.core.env.Environment[]
include-code::ThirdPartyConfiguration[]
Any JavaBean property defined with the `another` prefix is mapped onto that `+AnotherComponent+` bean in manner similar to the preceding `+SomeProperties+` example.
Any JavaBean property defined with the `another` prefix is mapped onto that `AnotherComponent` bean in manner similar to the preceding `SomeProperties` example.
@ -148,7 +148,7 @@ JUnit 5 enables a test class to be instantiated once and reused for all of the c
@@ -148,7 +148,7 @@ JUnit 5 enables a test class to be instantiated once and reused for all of the c
This makes it possible to use javadoc:org.junit.jupiter.api.BeforeAll[format=annotation] and javadoc:org.junit.jupiter.api.AfterAll[format=annotation] annotations on non-static methods, which is a good fit for Kotlin.
To mock Kotlin classes, https://mockk.io/[MockK] is recommended.
If you need the `MockK` equivalent of the Mockito specific xref:testing/spring-boot-applications.adoc#testing.spring-boot-applications.mocking-beans[`@MockBean` and javadoc:org.springframework.boot.test.mock.mockito.SpyBean[format=annotation] annotations], you can use https://github.com/Ninja-Squad/springmockk[SpringMockK] which provides similar `+@MockkBean+` and `+@SpykBean+` annotations.
If you need the `MockK` equivalent of the Mockito specific xref:testing/spring-boot-applications.adoc#testing.spring-boot-applications.mocking-beans[`@MockBean` and javadoc:org.springframework.boot.test.mock.mockito.SpyBean[format=annotation] annotations], you can use https://github.com/Ninja-Squad/springmockk[SpringMockK] which provides similar `@MockkBean` and `@SpykBean` annotations.
It is also possible to set logging levels using environment variables.
For example, `LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_WEB=DEBUG` will set `+org.springframework.web+` to `DEBUG`.
For example, `LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_WEB=DEBUG` will set `org.springframework.web` to `DEBUG`.
NOTE: The above approach will only work for package level logging.
Since relaxed binding xref:features/external-config.adoc#features.external-config.typesafe-configuration-properties.relaxed-binding.maps-from-environment-variables[always converts environment variables to lowercase], it is not possible to configure logging for an individual class in this way.
@ -254,7 +254,7 @@ Spring Boot includes the following pre-defined logging groups that can be used o
@@ -254,7 +254,7 @@ Spring Boot includes the following pre-defined logging groups that can be used o
@ -13,7 +13,7 @@ For Maven, this means that you should build with `-Pnative` to activate the `nat
@@ -13,7 +13,7 @@ For Maven, this means that you should build with `-Pnative` to activate the `nat
$ mvn -Pnative package
----
For Gradle, you need to ensure that your build includes the `+org.springframework.boot.aot+` plugin.
For Gradle, you need to ensure that your build includes the `org.springframework.boot.aot` plugin.
When the JAR has been built, run it with `spring.aot.enabled` system property set to `true`. For example:
@ -11,7 +11,7 @@ Nested configuration properties which are not inner classes, however, *must* be
@@ -11,7 +11,7 @@ Nested configuration properties which are not inner classes, however, *must* be
@ -10,7 +10,7 @@ The annotation works by xref:testing/spring-boot-applications.adoc#testing.sprin
@@ -10,7 +10,7 @@ The annotation works by xref:testing/spring-boot-applications.adoc#testing.sprin
In addition to javadoc:org.springframework.boot.test.context.SpringBootTest[format=annotation] a number of other annotations are also provided for xref:testing/spring-boot-applications.adoc#testing.spring-boot-applications.autoconfigured-tests[testing more specific slices] of an application.
TIP: If you are using JUnit 4, do not forget to also add `@RunWith(SpringRunner.class)` to your test, otherwise the annotations will be ignored.
If you are using JUnit 5, there is no need to add the equivalent `@ExtendWith(SpringExtension.class)` as javadoc:org.springframework.boot.test.context.SpringBootTest[format=annotation] and the other `+@...Test+` annotations are already annotated with it.
If you are using JUnit 5, there is no need to add the equivalent `@ExtendWith(SpringExtension.class)` as javadoc:org.springframework.boot.test.context.SpringBootTest[format=annotation] and the other `@...Test` annotations are already annotated with it.
By default, javadoc:org.springframework.boot.test.context.SpringBootTest[format=annotation] will not start a server.
You can use the `webEnvironment` attribute of javadoc:org.springframework.boot.test.context.SpringBootTest[format=annotation] to further refine how your tests run:
@ -226,7 +226,7 @@ Regardless of your classpath, tracing components which are reporting data are no
@@ -226,7 +226,7 @@ Regardless of your classpath, tracing components which are reporting data are no
If you need those components as part of an integration test, annotate the test with javadoc:org.springframework.boot.test.autoconfigure.actuate.observability.AutoConfigureObservability[format=annotation].
If you have created your own reporting components (e.g. a custom javadoc:io.opentelemetry.sdk.trace.export.SpanExporter[] or `+brave.handler.SpanHandler+`) and you don't want them to be active in tests, you can use the javadoc:org.springframework.boot.actuate.autoconfigure.tracing.ConditionalOnEnabledTracing[format=annotation] annotation to disable them.
If you have created your own reporting components (e.g. a custom javadoc:io.opentelemetry.sdk.trace.export.SpanExporter[] or `brave.handler.SpanHandler`) and you don't want them to be active in tests, you can use the javadoc:org.springframework.boot.actuate.autoconfigure.tracing.ConditionalOnEnabledTracing[format=annotation] annotation to disable them.
If you annotate xref:testing/spring-boot-applications.adoc#testing.spring-boot-applications.autoconfigured-tests[a sliced test] with javadoc:org.springframework.boot.test.autoconfigure.actuate.observability.AutoConfigureObservability[format=annotation], it auto-configures a no-op javadoc:io.micrometer.tracing.Tracer[].
Data exporting in sliced tests is not supported with the javadoc:org.springframework.boot.test.autoconfigure.actuate.observability.AutoConfigureObservability[format=annotation] annotation.
@ -254,7 +254,7 @@ To use this feature with a different arrangement, listeners must be explicitly a
@@ -254,7 +254,7 @@ To use this feature with a different arrangement, listeners must be explicitly a
include-code::listener/MyTests[]
====
The following example replaces an existing `+RemoteService+` bean with a mock implementation:
The following example replaces an existing `RemoteService` bean with a mock implementation:
include-code::bean/MyTests[]
@ -283,16 +283,16 @@ It often helps to load only the parts of the configuration that are required to
@@ -283,16 +283,16 @@ It often helps to load only the parts of the configuration that are required to
For example, you might want to test that Spring MVC controllers are mapping URLs correctly, and you do not want to involve database calls in those tests, or you might want to test JPA entities, and you are not interested in the web layer when those tests run.
The `spring-boot-test-autoconfigure` module includes a number of annotations that can be used to automatically configure such "`slices`".
Each of them works in a similar way, providing a `+@...Test+` annotation that loads the javadoc:org.springframework.context.ApplicationContext[] and one or more `+@AutoConfigure...+` annotations that can be used to customize auto-configuration settings.
Each of them works in a similar way, providing a `@...Test` annotation that loads the javadoc:org.springframework.context.ApplicationContext[] and one or more `@AutoConfigure...` annotations that can be used to customize auto-configuration settings.
NOTE: Each slice restricts component scan to appropriate components and loads a very restricted set of auto-configuration classes.
If you need to exclude one of them, most `+@...Test+` annotations provide an `excludeAutoConfiguration` attribute.
If you need to exclude one of them, most `@...Test` annotations provide an `excludeAutoConfiguration` attribute.
Alternatively, you can use `@ImportAutoConfiguration#exclude`.
NOTE: Including multiple "`slices`" by using several `+@...Test+` annotations in one test is not supported.
If you need multiple "`slices`", pick one of the `+@...Test+` annotations and include the `+@AutoConfigure...+` annotations of the other "`slices`" by hand.
NOTE: Including multiple "`slices`" by using several `@...Test` annotations in one test is not supported.
If you need multiple "`slices`", pick one of the `@...Test` annotations and include the `@AutoConfigure...` annotations of the other "`slices`" by hand.
TIP: It is also possible to use the `+@AutoConfigure...+` annotations with the standard javadoc:org.springframework.boot.test.context.SpringBootTest[format=annotation] annotation.
TIP: It is also possible to use the `@AutoConfigure...` annotations with the standard javadoc:org.springframework.boot.test.context.SpringBootTest[format=annotation] annotation.
You can use this combination if you are not interested in "`slicing`" your application but you want some of the auto-configured test beans.
@ -304,8 +304,8 @@ To test that object JSON serialization and deserialization is working as expecte
@@ -304,8 +304,8 @@ To test that object JSON serialization and deserialization is working as expecte
javadoc:org.springframework.boot.test.autoconfigure.json.JsonTest[format=annotation] auto-configures the available supported JSON mapper, which can be one of the following libraries:
* Jackson javadoc:com.fasterxml.jackson.databind.ObjectMapper[], any javadoc:org.springframework.boot.jackson.JsonComponent[format=annotation] beans and any Jackson javadoc:com.fasterxml.jackson.databind.Module[]
* `+Gson+`
* `+Jsonb+`
* `Gson`
* `Jsonb`
TIP: A list of the auto-configurations that are enabled by javadoc:org.springframework.boot.test.autoconfigure.json.JsonTest[format=annotation] can be xref:appendix:test-auto-configuration/index.adoc[found in the appendix].
Each slice provides one or more `+@AutoConfigure...+` annotations that namely defines the auto-configurations that should be included as part of a slice.
Additional auto-configurations can be added on a test-by-test basis by creating a custom `+@AutoConfigure...+` annotation or by adding javadoc:org.springframework.boot.autoconfigure.ImportAutoConfiguration[format=annotation] to the test as shown in the following example:
Each slice provides one or more `@AutoConfigure...` annotations that namely defines the auto-configurations that should be included as part of a slice.
Additional auto-configurations can be added on a test-by-test basis by creating a custom `@AutoConfigure...` annotation or by adding javadoc:org.springframework.boot.autoconfigure.ImportAutoConfiguration[format=annotation] to the test as shown in the following example:
include-code::MyJdbcTests[]
@ -859,7 +859,7 @@ In this example, the `+com.example.IntegrationAutoConfiguration+` is enabled on
@@ -859,7 +859,7 @@ In this example, the `+com.example.IntegrationAutoConfiguration+` is enabled on
TIP: You can use comments with `#` in this file.
TIP: A slice or `+@AutoConfigure...+` annotation can be customized this way as long as it is meta-annotated with javadoc:org.springframework.boot.autoconfigure.ImportAutoConfiguration[format=annotation].
TIP: A slice or `@AutoConfigure...` annotation can be customized this way as long as it is meta-annotated with javadoc:org.springframework.boot.autoconfigure.ImportAutoConfiguration[format=annotation].
@ -400,7 +400,7 @@ The application's single required argument is the remote URL to which it connect
@@ -400,7 +400,7 @@ The application's single required argument is the remote URL to which it connect
For example, if you are using Eclipse or Spring Tools and you have a project named `my-app` that you have deployed to Cloud Foundry, you would do the following:
* Select `Run Configurations...` from the `+Run+` menu.
* Select `Run Configurations...` from the `Run` menu.
* Create a new `Java Application` "`launch configuration`".
* Browse for the `my-app` project.
* Use javadoc:org.springframework.boot.devtools.RemoteSpringApplication[] as the main class.
@ -20,14 +20,14 @@ You can run a Spring Boot application from your IDE as a Java application.
@@ -20,14 +20,14 @@ You can run a Spring Boot application from your IDE as a Java application.
However, you first need to import your project.
Import steps vary depending on your IDE and build system.
Most IDEs can import Maven projects directly.
For example, Eclipse users can select `+Import...+` -> `Existing Maven Projects` from the `+File+` menu.
For example, Eclipse users can select `Import...` -> `Existing Maven Projects` from the `File` menu.
If you cannot directly import your project into your IDE, you may be able to generate IDE metadata by using a build plugin.
Maven includes plugins for https://maven.apache.org/plugins/maven-eclipse-plugin/[Eclipse] and https://maven.apache.org/plugins/maven-idea-plugin/[IDEA].
Gradle offers plugins for {url-gradle-docs}/userguide.html[various IDEs].
TIP: If you accidentally run a web application twice, you see a "`Port already in use`" error.
Spring Tools users can use the `+Relaunch+` button rather than the `+Run+` button to ensure that any existing instance is closed.
Spring Tools users can use the `Relaunch` button rather than the `Run` button to ensure that any existing instance is closed.
@ -7,7 +7,7 @@ We generally recommend using constructor injection to wire up dependencies and j
@@ -7,7 +7,7 @@ We generally recommend using constructor injection to wire up dependencies and j
If you structure your code as suggested above (locating your application class in a top package), you can add javadoc:org.springframework.context.annotation.ComponentScan[format=annotation] without any arguments or use the javadoc:org.springframework.boot.autoconfigure.SpringBootApplication[format=annotation] annotation which implicitly includes it.
All of your application components (`@Component`, javadoc:org.springframework.stereotype.Service[format=annotation], javadoc:org.springframework.stereotype.Repository[format=annotation], javadoc:org.springframework.stereotype.Controller[format=annotation], and others) are automatically registered as Spring Beans.
The following example shows a javadoc:org.springframework.stereotype.Service[format=annotation] Bean that uses constructor injection to obtain a required `+RiskAssessor+` bean:
The following example shows a javadoc:org.springframework.stereotype.Service[format=annotation] Bean that uses constructor injection to obtain a required `RiskAssessor` bean:
@ -373,7 +373,7 @@ You can also define a class annotated with javadoc:org.springframework.web.bind.
@@ -373,7 +373,7 @@ You can also define a class annotated with javadoc:org.springframework.web.bind.
include-code::MyControllerAdvice[]
In the preceding example, if `MyException` is thrown by a controller defined in the same package as `+SomeController+`, a JSON representation of the `MyErrorBody` POJO is used instead of the javadoc:org.springframework.boot.web.servlet.error.ErrorAttributes[] representation.
In the preceding example, if `MyException` is thrown by a controller defined in the same package as `SomeController`, a JSON representation of the `MyErrorBody` POJO is used instead of the javadoc:org.springframework.boot.web.servlet.error.ErrorAttributes[] representation.
In some cases, errors handled at the controller level are not recorded by web observations or the xref:actuator/metrics.adoc#actuator.metrics.supported.spring-mvc[metrics infrastructure].
Applications can ensure that such exceptions are recorded with the observations by {url-spring-framework-docs}/integration/observability.html#observability.http-server.servlet[setting the handled exception on the observation context].
@ -613,14 +613,14 @@ TIP: See the javadoc:org.springframework.boot.autoconfigure.web.ServerProperties
@@ -613,14 +613,14 @@ TIP: See the javadoc:org.springframework.boot.autoconfigure.web.ServerProperties
The `+SameSite+` cookie attribute can be used by web browsers to control if and how cookies are submitted in cross-site requests.
The `SameSite` cookie attribute can be used by web browsers to control if and how cookies are submitted in cross-site requests.
The attribute is particularly relevant for modern web browsers which have started to change the default value that is used when the attribute is missing.
If you want to change the `+SameSite+` attribute of your session cookie, you can use the configprop:server.servlet.session.cookie.same-site[] property.
If you want to change the `SameSite` attribute of your session cookie, you can use the configprop:server.servlet.session.cookie.same-site[] property.
This property is supported by auto-configured Tomcat, Jetty and Undertow servers.
It is also used to configure Spring Session servlet based javadoc:org.springframework.session.SessionRepository[] beans.
For example, if you want your session cookie to have a `+SameSite+` attribute of `+None+`, you can add the following to your `application.properties` or `application.yaml` file:
For example, if you want your session cookie to have a `SameSite` attribute of `None`, you can add the following to your `application.properties` or `application.yaml` file:
If you want to change the `+SameSite+` attribute on other cookies added to your javadoc:jakarta.servlet.http.HttpServletResponse[], you can use a javadoc:org.springframework.boot.web.servlet.server.CookieSameSiteSupplier[].
The javadoc:org.springframework.boot.web.servlet.server.CookieSameSiteSupplier[] is passed a javadoc:jakarta.servlet.http.Cookie[] and may return a `+SameSite+` value, or `null`.
If you want to change the `SameSite` attribute on other cookies added to your javadoc:jakarta.servlet.http.HttpServletResponse[], you can use a javadoc:org.springframework.boot.web.servlet.server.CookieSameSiteSupplier[].
The javadoc:org.springframework.boot.web.servlet.server.CookieSameSiteSupplier[] is passed a javadoc:jakarta.servlet.http.Cookie[] and may return a `SameSite` value, or `null`.
There are a number of convenience factory and filter methods that you can use to quickly match specific cookies.
For example, adding the following bean will automatically apply a `+SameSite+` of `+Lax+` for all cookies with a name that matches the regular expression `myapp.*`.
For example, adding the following bean will automatically apply a `SameSite` of `Lax` for all cookies with a name that matches the regular expression `myapp.*`.
@ -96,8 +96,8 @@ The GraphQL HTTP endpoint is at HTTP POST `/graphql` by default.
@@ -96,8 +96,8 @@ The GraphQL HTTP endpoint is at HTTP POST `/graphql` by default.
It also supports the `"text/event-stream"` media type over Server Sent Events for subscriptions only.
The path can be customized with configprop:spring.graphql.path[].
TIP: The HTTP endpoint for both Spring MVC and Spring WebFlux is provided by a `+RouterFunction+` bean with an javadoc:org.springframework.core.annotation.Order[format=annotation] of `0`.
If you define your own `+RouterFunction+` beans, you may want to add appropriate javadoc:org.springframework.core.annotation.Order[format=annotation] annotations to ensure that they are sorted correctly.
TIP: The HTTP endpoint for both Spring MVC and Spring WebFlux is provided by a `RouterFunction` bean with an javadoc:org.springframework.core.annotation.Order[format=annotation] of `0`.
If you define your own `RouterFunction` beans, you may want to add appropriate javadoc:org.springframework.core.annotation.Order[format=annotation] annotations to ensure that they are sorted correctly.
The GraphQL WebSocket endpoint is off by default. To enable it:
@ -16,7 +16,7 @@ Using generated security password: 78fa095d-3f4c-48b1-ad50-e24c31d5cf35
@@ -16,7 +16,7 @@ Using generated security password: 78fa095d-3f4c-48b1-ad50-e24c31d5cf35
This generated password is for development use only. Your security configuration must be updated before running your application in production.
----
NOTE: If you fine-tune your logging configuration, ensure that the `+org.springframework.boot.autoconfigure.security+` category is set to log `WARN`-level messages.
NOTE: If you fine-tune your logging configuration, ensure that the `org.springframework.boot.autoconfigure.security` category is set to log `WARN`-level messages.
Otherwise, the default password is not printed.
You can change the username and password by providing a `spring.security.user.name` and `spring.security.user.password`.
@ -24,7 +24,7 @@ You can change the username and password by providing a `spring.security.user.na
@@ -24,7 +24,7 @@ You can change the username and password by providing a `spring.security.user.na
The basic features you get by default in a web application are:
* A javadoc:org.springframework.security.core.userdetails.UserDetailsService[] (or javadoc:org.springframework.security.core.userdetails.ReactiveUserDetailsService[] in case of a WebFlux application) bean with in-memory store and a single user with a generated password (see javadoc:org.springframework.boot.autoconfigure.security.SecurityProperties$User[] for the properties of the user).
* Form-based login or HTTP Basic security (depending on the `+Accept+` header in the request) for the entire application (including actuator endpoints if actuator is on the classpath).
* Form-based login or HTTP Basic security (depending on the `Accept` header in the request) for the entire application (including actuator endpoints if actuator is on the classpath).
* A javadoc:org.springframework.security.authentication.DefaultAuthenticationEventPublisher[] for publishing authentication events.
You can provide a different javadoc:org.springframework.security.authentication.AuthenticationEventPublisher[] by adding a bean for it.
@ -35,7 +35,7 @@ You can provide a different javadoc:org.springframework.security.authentication.
@@ -35,7 +35,7 @@ You can provide a different javadoc:org.springframework.security.authentication.
== MVC Security
The default security configuration is implemented in javadoc:org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration[] and javadoc:org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration[].
javadoc:org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration[] imports `+SpringBootWebSecurityConfiguration+` for web security and javadoc:org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration[] configures authentication, which is also relevant in non-web applications.
javadoc:org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration[] imports `SpringBootWebSecurityConfiguration` for web security and javadoc:org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration[] configures authentication, which is also relevant in non-web applications.
To completely switch off the default web application security configuration, including Actuator security, or to combine multiple Spring Security components such as OAuth2 Client and Resource Server, add a bean of type javadoc:org.springframework.security.web.SecurityFilterChain[] (doing so does not disable the javadoc:org.springframework.security.core.userdetails.UserDetailsService[] configuration).
To also switch off the javadoc:org.springframework.security.core.userdetails.UserDetailsService[] configuration, add a bean of type javadoc:org.springframework.security.core.userdetails.UserDetailsService[], javadoc:org.springframework.security.authentication.AuthenticationProvider[], or javadoc:org.springframework.security.authentication.AuthenticationManager[].
@ -60,7 +60,7 @@ javadoc:org.springframework.boot.autoconfigure.security.servlet.PathRequest[] ca
@@ -60,7 +60,7 @@ javadoc:org.springframework.boot.autoconfigure.security.servlet.PathRequest[] ca
Similar to Spring MVC applications, you can secure your WebFlux applications by adding the `spring-boot-starter-security` dependency.
The default security configuration is implemented in javadoc:org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration[] and javadoc:org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration[].
javadoc:org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration[] imports `+WebFluxSecurityConfiguration+` for web security and javadoc:org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration[] configures authentication, which is also relevant in non-web applications.
javadoc:org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration[] imports `WebFluxSecurityConfiguration` for web security and javadoc:org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration[] configures authentication, which is also relevant in non-web applications.
To completely switch off the default web application security configuration, including Actuator security, add a bean of type javadoc:org.springframework.security.web.server.WebFilterChainProxy[] (doing so does not disable the javadoc:org.springframework.security.core.userdetails.UserDetailsService[] configuration).
To also switch off the javadoc:org.springframework.security.core.userdetails.UserDetailsService[] configuration, add a bean of type javadoc:org.springframework.security.core.userdetails.ReactiveUserDetailsService[] or javadoc:org.springframework.security.authentication.ReactiveAuthenticationManager[].
@ -246,12 +246,12 @@ The JSON object contained in the `hints` array can contain the attributes shown
@@ -246,12 +246,12 @@ The JSON object contained in the `hints` array can contain the attributes shown
| `values`
| ValueHint[]
| A list of valid values as defined by the `+ValueHint+` object (described in the next table).
| A list of valid values as defined by the `ValueHint` object (described in the next table).
Each entry defines the value and may have a description.
| `providers`
| ValueProvider[]
| A list of providers as defined by the `+ValueProvider+` object (described later in this document).
| A list of providers as defined by the `ValueProvider` object (described later in this document).
Each entry defines the name of the provider and its parameters, if any.
@ -17,5 +17,5 @@ The content of the nested jar file itself can still be compressed, as can any ot
@@ -17,5 +17,5 @@ The content of the nested jar file itself can still be compressed, as can any ot
* System classLoader:
Launched applications should use `Thread.getContextClassLoader()` when loading classes (most libraries and frameworks do so by default).
Trying to load nested jar classes with `ClassLoader.getSystemClassLoader()` fails.
`+java.util.Logging+` always uses the system classloader.
`java.util.Logging` always uses the system classloader.
For this reason, you should consider a different logging implementation.
Phillip Webb
1 year ago