NOTE: Retrieving part of the log file is not supported when using Jersey.
NOTE: Retrieving part of the log file is not supported when using Jersey.
To retrieve part of the log file, make a `GET` request to `/actuator/logfile` by using the `Range` header, as shown in the following curl-based example:
To retrieve part of the log file, make a `GET` request to `/actuator/logfile` by using the `+Range+` header, as shown in the following curl-based example:
The following table lists the various `@...Test` annotations that can be used to test slices of your application and the auto-configuration that they import by default:
The following table lists the various `+@...Test+` annotations that can be used to test slices of your application and the auto-configuration that they import by default:
Assuming that `SomeDataSource` has regular JavaBean properties for the URL, the username, and the pool size, these settings are bound automatically before the `DataSource` is made available to other components.
Assuming that `+SomeDataSource+` has regular JavaBean properties for the URL, the username, and the pool size, these settings are bound automatically before the `DataSource` is made available to other components.
Spring Boot also provides a utility builder class, called `DataSourceBuilder`, that can be used to create one of the standard data sources (if it is on the classpath).
Spring Boot also provides a utility builder class, called `DataSourceBuilder`, that can be used to create one of the standard data sources (if it is on the classpath).
The builder can detect which one to use based on what is available on the classpath.
The builder can detect which one to use based on what is available on the classpath.
@ -243,7 +243,7 @@ Alternatively, if `ImplicitNamingStrategy` or `PhysicalNamingStrategy` beans are
By default, Spring Boot configures the physical naming strategy with `CamelCaseToUnderscoresNamingStrategy`.
By default, Spring Boot configures the physical naming strategy with `CamelCaseToUnderscoresNamingStrategy`.
Using this strategy, all dots are replaced by underscores and camel casing is replaced by underscores as well.
Using this strategy, all dots are replaced by underscores and camel casing is replaced by underscores as well.
Additionally, by default, all table names are generated in lower case.
Additionally, by default, all table names are generated in lower case.
For example, a `TelephoneNumber` entity is mapped to the `telephone_number` table.
For example, a `+TelephoneNumber+` entity is mapped to the `telephone_number` table.
If your schema requires mixed-case identifiers, define a custom `CamelCaseToUnderscoresNamingStrategy` bean, as shown in the following example:
If your schema requires mixed-case identifiers, define a custom `CamelCaseToUnderscoresNamingStrategy` bean, as shown in the following example:
include-code::spring/MyHibernateConfiguration[]
include-code::spring/MyHibernateConfiguration[]
@ -287,7 +287,7 @@ For details, see {url-hibernate-userguide}#caching-provider-jcache[the Hibernate
== Use Dependency Injection in Hibernate Components
== Use Dependency Injection in Hibernate Components
By default, Spring Boot registers a `BeanContainer` implementation that uses the `BeanFactory` so that converters and entity listeners can use regular dependency injection.
By default, Spring Boot registers a `org.hibernate.resource.beans.container.spi.BeanContainer` implementation that uses the `BeanFactory` so that converters and entity listeners can use regular dependency injection.
You can disable or tune this behavior by registering a `HibernatePropertiesCustomizer` that removes or changes the `hibernate.resource.beans.container` property.
You can disable or tune this behavior by registering a `HibernatePropertiesCustomizer` that removes or changes the `hibernate.resource.beans.container` property.
@ -311,7 +311,7 @@ You can also reuse `JpaProperties` to bind settings for each `EntityManagerFacto
The example above creates an `EntityManagerFactory` using a `DataSource` bean named `firstDataSource`.
The example above creates an `EntityManagerFactory` using a `DataSource` bean named `firstDataSource`.
It scans entities located in the same package as `Order`.
It scans entities located in the same package as `+Order+`.
It is possible to map additional JPA properties using the `app.first.jpa` namespace.
It is possible to map additional JPA properties using the `app.first.jpa` namespace.
NOTE: When you create a bean for `LocalContainerEntityManagerFactoryBean` yourself, any customization that was applied during the creation of the auto-configured `LocalContainerEntityManagerFactoryBean` is lost.
NOTE: When you create a bean for `LocalContainerEntityManagerFactoryBean` yourself, any customization that was applied during the creation of the auto-configured `LocalContainerEntityManagerFactoryBean` is lost.
IMPORTANT: Remember to change the `Description`, `User`, `Group`, `ExecStart` and `WorkingDirectory` fields for your application.
IMPORTANT: Remember to change the `+Description+`, `+User+`, `+Group+`, `+ExecStart+` and `+WorkingDirectory+` fields for your application.
NOTE: The `ExecStart` field does not declare the script action command, which means that the `run` command is used by default.
NOTE: The `+ExecStart+` field does not declare the script action command, which means that the `run` command is used by default.
The user that runs the application, the PID file, and the console log file are managed by `systemd` itself and therefore must be configured by using appropriate fields in the '`service`' script.
The user that runs the application, the PID file, and the console log file are managed by `systemd` itself and therefore must be configured by using appropriate fields in the '`service`' script.
Consult the https://www.freedesktop.org/software/systemd/man/systemd.service.html[service unit configuration man page] for more details.
Consult the https://www.freedesktop.org/software/systemd/man/systemd.service.html[service unit configuration man page] for more details.
@ -206,7 +206,7 @@ The following property substitutions are supported with the default script:
| `auto`
| `auto`
| `initInfoProvides`
| `initInfoProvides`
| The `Provides` section of "`INIT INFO`"
| The `+Provides+` section of "`INIT INFO`"
| `${task.baseName}`
| `${task.baseName}`
| `${project.artifactId}`
| `${project.artifactId}`
@ -236,7 +236,7 @@ The following property substitutions are supported with the default script:
| `${project.name}`
| `${project.name}`
| `initInfoDescription`
| `initInfoDescription`
| `Description` section of "`INIT INFO`".
| `+Description+` section of "`INIT INFO`".
| `${project.description}` (falling back to `${task.baseName}`)
| `${project.description}` (falling back to `${task.baseName}`)
| `${project.description}` (falling back to `${project.name}`)
| `${project.description}` (falling back to `${project.name}`)
@ -75,7 +75,7 @@ This means that, in addition to being deployable to a servlet container, you can
To convert an existing non-web Spring application to a Spring Boot application, replace the code that creates your `ApplicationContext` and replace it with calls to `SpringApplication` or `SpringApplicationBuilder`.
To convert an existing non-web Spring application to a Spring Boot application, replace the code that creates your `ApplicationContext` and replace it with calls to `SpringApplication` or `SpringApplicationBuilder`.
Spring MVC web applications are generally amenable to first creating a deployable war application and then migrating it later to an executable war or jar.
Spring MVC web applications are generally amenable to first creating a deployable war application and then migrating it later to an executable war or jar.
To create a deployable war by extending `SpringBootServletInitializer` (for example, in a class called `Application`) and adding the Spring Boot `@SpringBootApplication` annotation, use code similar to that shown in the following example:
To create a deployable war by extending `SpringBootServletInitializer` (for example, in a class called `+Application+`) and adding the Spring Boot `@SpringBootApplication` annotation, use code similar to that shown in the following example:
include-code::MyApplication[tag=!main]
include-code::MyApplication[tag=!main]
@ -87,14 +87,14 @@ Static resources can be moved to `/public` (or `/static` or `/resources` or `/ME
The same applies to `messages.properties` (which Spring Boot automatically detects in the root of the classpath).
The same applies to `messages.properties` (which Spring Boot automatically detects in the root of the classpath).
Vanilla usage of Spring `DispatcherServlet` and Spring Security should require no further changes.
Vanilla usage of Spring `DispatcherServlet` and Spring Security should require no further changes.
If you have other features in your application (for instance, using other servlets or filters), you may need to add some configuration to your `Application` context, by replacing those elements from the `web.xml`, as follows:
If you have other features in your application (for instance, using other servlets or filters), you may need to add some configuration to your `+Application+` context, by replacing those elements from the `web.xml`, as follows:
* A `@Bean` of type `Servlet` or `ServletRegistrationBean` installs that bean in the container as if it were a `<servlet/>` and `<servlet-mapping/>` in `web.xml`.
* A `@Bean` of type `Servlet` or `ServletRegistrationBean` installs that bean in the container as if it were a `<servlet/>` and `<servlet-mapping/>` in `web.xml`.
* A `@Bean` of type `Filter` or `FilterRegistrationBean` behaves similarly (as a `<filter/>` and `<filter-mapping/>`).
* A `@Bean` of type `Filter` or `FilterRegistrationBean` behaves similarly (as a `<filter/>` and `<filter-mapping/>`).
* An `ApplicationContext` in an XML file can be added through an `@ImportResource` in your `Application`.
* An `ApplicationContext` in an XML file can be added through an `@ImportResource` in your `Application`.
Alternatively, cases where annotation configuration is heavily used already can be recreated in a few lines as `@Bean` definitions.
Alternatively, cases where annotation configuration is heavily used already can be recreated in a few lines as `@Bean` definitions.
Once the war file is working, you can make it executable by adding a `main` method to your `Application`, as shown in the following example:
Once the war file is working, you can make it executable by adding a `main` method to your `+Application+`, as shown in the following example:
NOTE: The Log4j starters gather together the dependencies for common logging requirements (such as having Tomcat use `java.util.logging` but configuring the output using Log4j 2).
NOTE: The Log4j starters gather together the dependencies for common logging requirements (such as having Tomcat use `java.util.logging` but configuring the output using Log4j 2).
NOTE: To ensure that debug logging performed using `java.util.logging` is routed into Log4j 2, configure its https://logging.apache.org/log4j/2.x/log4j-jul.html[JDK logging adapter] by setting the `java.util.logging.manager` system property to `org.apache.logging.log4j.jul.LogManager`.
NOTE: To ensure that debug logging performed using `java.util.logging` is routed into Log4j 2, configure its https://logging.apache.org/log4j/2.x/log4j-jul.html[JDK logging adapter] by setting the `java.util.logging.manager` system property to `+org.apache.logging.log4j.jul.LogManager+`.
@ -7,7 +7,7 @@ There are two main ways to build a Spring Boot native image application:
* Using GraalVM Native Build Tools to generate a native executable.
* Using GraalVM Native Build Tools to generate a native executable.
TIP: The easiest way to start a new native Spring Boot project is to go to https://start.spring.io[start.spring.io], add the `GraalVM Native Support` dependency and generate the project.
TIP: The easiest way to start a new native Spring Boot project is to go to https://start.spring.io[start.spring.io], add the `GraalVM Native Support` dependency and generate the project.
The included `HELP.md` file will provide getting started hints.
The included `+HELP.md+` file will provide getting started hints.
The `${..}` style conflicts with Spring's own property placeholder mechanism.
The `${..}` style conflicts with Spring's own property placeholder mechanism.
To use Spring property placeholders together with automatic expansion, escape the Spring property placeholders as follows: `\${..}`.
To use Spring property placeholders together with automatic expansion, escape the Spring property placeholders as follows: `\${..}`.
@ -154,7 +154,7 @@ You can also provide the following System properties (or environment variables)
No matter what you set in the environment, Spring Boot always loads `application.properties` as described above.
No matter what you set in the environment, Spring Boot always loads `application.properties` as described above.
By default, if YAML is used, then files with the '`.yaml`' and '`.yml`' extensions are also added to the list.
By default, if YAML is used, then files with the '`.yaml`' and '`.yml`' extensions are also added to the list.
TIP: If you want detailed information about the files that are being loaded you can xref:reference:features/logging.adoc#features.logging.log-levels[set the logging level] of `org.springframework.boot.context.config` to `trace`.
TIP: If you want detailed information about the files that are being loaded you can xref:reference:features/logging.adoc#features.logging.log-levels[set the logging level] of `+org.springframework.boot.context.config+` to `trace`.
@ -205,7 +205,7 @@ If you add your own, you have to be aware of the order and in which position you
`WebMvcAutoConfiguration` adds the following `ViewResolvers` to your context:
`WebMvcAutoConfiguration` adds the following `ViewResolvers` to your context:
* An `InternalResourceViewResolver` named '`defaultViewResolver`'.
* An `InternalResourceViewResolver` named '`defaultViewResolver`'.
This one locates physical resources that can be rendered by using the `DefaultServlet` (including static resources and JSP pages, if you use those).
This one locates physical resources that can be rendered by using the `+DefaultServlet+` (including static resources and JSP pages, if you use those).
It applies a prefix and a suffix to the view name and then looks for a physical resource with that path in the servlet context (the defaults are both empty but are accessible for external configuration through `spring.mvc.view.prefix` and `spring.mvc.view.suffix`).
It applies a prefix and a suffix to the view name and then looks for a physical resource with that path in the servlet context (the defaults are both empty but are accessible for external configuration through `spring.mvc.view.prefix` and `spring.mvc.view.suffix`).
You can override it by providing a bean of the same type.
You can override it by providing a bean of the same type.
* A `BeanNameViewResolver` named '`beanNameViewResolver`'.
* A `BeanNameViewResolver` named '`beanNameViewResolver`'.
@ -452,7 +452,7 @@ For more details, see the Jetty documentation.
If your application is running behind a proxy, a load-balancer or in the cloud, the request information (like the host, port, scheme...) might change along the way.
If your application is running behind a proxy, a load-balancer or in the cloud, the request information (like the host, port, scheme...) might change along the way.
Your application may be running on `10.10.10.10:8080`, but HTTP clients should only see `example.org`.
Your application may be running on `10.10.10.10:8080`, but HTTP clients should only see `example.org`.
https://tools.ietf.org/html/rfc7239[RFC7239 "Forwarded Headers"] defines the `Forwarded` HTTP header; proxies can use this header to provide information about the original request.
https://tools.ietf.org/html/rfc7239[RFC7239 "Forwarded Headers"] defines the `+Forwarded+` HTTP header; proxies can use this header to provide information about the original request.
You can configure your application to read those headers and automatically use that information when creating links and sending them to clients in HTTP 302 responses, JSON documents or HTML pages.
You can configure your application to read those headers and automatically use that information when creating links and sending them to clients in HTTP 302 responses, JSON documents or HTML pages.
There are also non-standard headers, like `X-Forwarded-Host`, `X-Forwarded-Port`, `X-Forwarded-Proto`, `X-Forwarded-Ssl`, and `X-Forwarded-Prefix`.
There are also non-standard headers, like `X-Forwarded-Host`, `X-Forwarded-Port`, `X-Forwarded-Proto`, `X-Forwarded-Ssl`, and `X-Forwarded-Prefix`.
@ -108,7 +108,7 @@ If your application is a web application (Spring MVC, Spring WebFlux, or Jersey)
| `logfile`
| `logfile`
| Returns the contents of the logfile (if the `logging.file.name` or the `logging.file.path` property has been set).
| Returns the contents of the logfile (if the `logging.file.name` or the `logging.file.path` property has been set).
Supports the use of the HTTP `Range` header to retrieve part of the log file's content.
Supports the use of the HTTP `+Range+` header to retrieve part of the log file's content.
| `prometheus`
| `prometheus`
| Exposes metrics in a format that can be scraped by a Prometheus server.
| Exposes metrics in a format that can be scraped by a Prometheus server.
@ -398,7 +398,7 @@ Operations on an endpoint receive input through their parameters.
When exposed over the web, the values for these parameters are taken from the URL's query parameters and from the JSON request body.
When exposed over the web, the values for these parameters are taken from the URL's query parameters and from the JSON request body.
When exposed over JMX, the parameters are mapped to the parameters of the MBean's operations.
When exposed over JMX, the parameters are mapped to the parameters of the MBean's operations.
Parameters are required by default.
Parameters are required by default.
They can be made optional by annotating them with either `@javax.annotation.Nullable` or `@org.springframework.lang.Nullable`.
They can be made optional by annotating them with either `+@javax.annotation.Nullable+` or `@org.springframework.lang.Nullable`.
You can map each root property in the JSON request body to a parameter of the endpoint.
You can map each root property in the JSON request body to a parameter of the endpoint.
Consider the following JSON request body:
Consider the following JSON request body:
@ -531,7 +531,7 @@ NOTE: Range requests are not supported when using Jersey.
==== Web Endpoint Security
==== Web Endpoint Security
An operation on a web endpoint or a web-specific endpoint extension can receive the current `java.security.Principal` or `org.springframework.boot.actuate.endpoint.SecurityContext` as a method parameter.
An operation on a web endpoint or a web-specific endpoint extension can receive the current `java.security.Principal` or `org.springframework.boot.actuate.endpoint.SecurityContext` as a method parameter.
The former is typically used in conjunction with `@Nullable` to provide different behavior for authenticated and unauthenticated users.
The former is typically used in conjunction with either `+@javax.annotation.Nullable+` or `@org.springframework.lang.Nullable` to provide different behavior for authenticated and unauthenticated users.
The latter is typically used to perform authorization checks by using its `isUserInRole(String)` method.
The latter is typically used to perform authorization checks by using its `isUserInRole(String)` method.
@ -989,7 +989,7 @@ Some external systems might not be shared by application instances, in which cas
Other external systems might not be essential to the application (the application could have circuit breakers and fallbacks), in which case they definitely should not be included.
Other external systems might not be essential to the application (the application could have circuit breakers and fallbacks), in which case they definitely should not be included.
Unfortunately, an external system that is shared by all application instances is common, and you have to make a judgement call: Include it in the readiness probe and expect that the application is taken out of service when the external service is down or leave it out and deal with failures higher up the stack, perhaps by using a circuit breaker in the caller.
Unfortunately, an external system that is shared by all application instances is common, and you have to make a judgement call: Include it in the readiness probe and expect that the application is taken out of service when the external service is down or leave it out and deal with failures higher up the stack, perhaps by using a circuit breaker in the caller.
NOTE: If all instances of an application are unready, a Kubernetes Service with `type=ClusterIP` or `NodePort` does not accept any incoming connections.
NOTE: If all instances of an application are unready, a Kubernetes Service with `type=ClusterIP` or `+NodePort+` does not accept any incoming connections.
There is no HTTP error response (503 and so on), since there is no connection.
There is no HTTP error response (503 and so on), since there is no connection.
A service with `type=LoadBalancer` might or might not accept connections, depending on the provider.
A service with `type=LoadBalancer` might or might not accept connections, depending on the provider.
A service that has an explicit https://kubernetes.io/docs/concepts/services-networking/ingress/[ingress] also responds in a way that depends on the implementation -- the ingress service itself has to decide how to handle the "`connection refused`" from downstream.
A service that has an explicit https://kubernetes.io/docs/concepts/services-networking/ingress/[ingress] also responds in a way that depends on the implementation -- the ingress service itself has to decide how to handle the "`connection refused`" from downstream.
@ -1261,7 +1261,7 @@ You can also add any number of `tag=KEY:VALUE` query parameters to the end of th
[TIP]
[TIP]
====
====
The reported measurements are the _sum_ of the statistics of all meters that match the meter name and any tags that have been applied.
The reported measurements are the _sum_ of the statistics of all meters that match the meter name and any tags that have been applied.
In the preceding example, the returned `Value` statistic is the sum of the maximum memory footprints of the "`Code Cache`", "`Compressed Class Space`", and "`Metaspace`" areas of the heap.
In the preceding example, the returned `+Value+` statistic is the sum of the maximum memory footprints of the "`Code Cache`", "`Compressed Class Space`", and "`Metaspace`" areas of the heap.
If you wanted to see only the maximum size for the "`Metaspace`", you could add an additional `tag=id:Metaspace` -- that is, `/actuator/metrics/jvm.memory.max?tag=area:nonheap&tag=id:Metaspace`.
If you wanted to see only the maximum size for the "`Metaspace`", you could add an additional `tag=id:Metaspace` -- that is, `/actuator/metrics/jvm.memory.max?tag=area:nonheap&tag=id:Metaspace`.
This will create an observation named "some-operation" with the tag "some-tag=some-value".
This will create an observation named "some-operation" with the tag "some-tag=some-value".
TIP: If you want to create a span without creating a metric, you need to use the {url-micrometer-tracing-docs}/api[lower-level `Tracer` API] from Micrometer.
TIP: If you want to create a span without creating a metric, you need to use the {url-micrometer-tracing-docs}/api[lower-level `+Tracer+` API] from Micrometer.
@ -218,7 +218,7 @@ Spring Data includes repository support for MongoDB.
As with the JPA repositories discussed earlier, the basic principle is that queries are constructed automatically, based on method names.
As with the JPA repositories discussed earlier, the basic principle is that queries are constructed automatically, based on method names.
In fact, both Spring Data JPA and Spring Data MongoDB share the same common infrastructure.
In fact, both Spring Data JPA and Spring Data MongoDB share the same common infrastructure.
You could take the JPA example from earlier and, assuming that `City` is now a MongoDB data class rather than a JPA `@Entity`, it works in the same way, as shown in the following example:
You could take the JPA example from earlier and, assuming that `+City+` is now a MongoDB data class rather than a JPA `@Entity`, it works in the same way, as shown in the following example:
include-code::CityRepository[]
include-code::CityRepository[]
@ -273,7 +273,7 @@ Spring Data includes repository support for Neo4j.
For complete details of Spring Data Neo4j, see the {url-spring-data-neo4j-docs}[reference documentation].
For complete details of Spring Data Neo4j, see the {url-spring-data-neo4j-docs}[reference documentation].
Spring Data Neo4j shares the common infrastructure with Spring Data JPA as many other Spring Data modules do.
Spring Data Neo4j shares the common infrastructure with Spring Data JPA as many other Spring Data modules do.
You could take the JPA example from earlier and define `City` as Spring Data Neo4j `@Node` rather than JPA `@Entity` and the repository abstraction works in the same way, as shown in the following example:
You could take the JPA example from earlier and define `+City+` as Spring Data Neo4j `@Node` rather than JPA `@Entity` and the repository abstraction works in the same way, as shown in the following example:
include-code::CityRepository[]
include-code::CityRepository[]
@ -401,7 +401,7 @@ Spring Data includes repository support for Elasticsearch.
As with the JPA repositories discussed earlier, the basic principle is that queries are constructed for you automatically based on method names.
As with the JPA repositories discussed earlier, the basic principle is that queries are constructed for you automatically based on method names.
In fact, both Spring Data JPA and Spring Data Elasticsearch share the same common infrastructure.
In fact, both Spring Data JPA and Spring Data Elasticsearch share the same common infrastructure.
You could take the JPA example from earlier and, assuming that `City` is now an Elasticsearch `@Document` class rather than a JPA `@Entity`, it works in the same way.
You could take the JPA example from earlier and, assuming that `+City+` is now an Elasticsearch `@Document` class rather than a JPA `@Entity`, it works in the same way.
Repositories and documents are found through scanning.
Repositories and documents are found through scanning.
By default, the xref:using/auto-configuration.adoc#using.auto-configuration.packages[auto-configuration packages] are scanned.
By default, the xref:using/auto-configuration.adoc#using.auto-configuration.packages[auto-configuration packages] are scanned.
@ -440,7 +440,7 @@ There is a `spring-boot-starter-data-cassandra` starter for collecting the depen
[[data.nosql.cassandra.connecting]]
[[data.nosql.cassandra.connecting]]
=== Connecting to Cassandra
=== Connecting to Cassandra
You can inject an auto-configured `CassandraTemplate` or a Cassandra `CqlSession` instance as you would with any other Spring Bean.
You can inject an auto-configured `CassandraTemplate` or a Cassandra `+CqlSession+` instance as you would with any other Spring Bean.
The `spring.cassandra.*` properties can be used to customize the connection.
The `spring.cassandra.*` properties can be used to customize the connection.
Generally, you provide `keyspace-name` and `contact-points` as well the local datacenter name, as shown in the following example:
Generally, you provide `keyspace-name` and `contact-points` as well the local datacenter name, as shown in the following example:
@ -467,7 +467,7 @@ spring:
TIP: Those two examples are identical as the port default to `9042`.
TIP: Those two examples are identical as the port default to `9042`.
If you need to configure the port, use `spring.cassandra.port`.
If you need to configure the port, use `spring.cassandra.port`.
The auto-configured `CqlSession` can be configured to use SSL for communication with the server by setting the properties as shown in this example:
The auto-configured `+CqlSession+` can be configured to use SSL for communication with the server by setting the properties as shown in this example:
[configprops,yaml]
[configprops,yaml]
----
----
@ -480,7 +480,7 @@ spring:
enabled: true
enabled: true
----
----
Custom SSL trust material can be configured in an xref:features/ssl.adoc[SSL bundle] and applied to the `CqlSession` as shown in this example:
Custom SSL trust material can be configured in an xref:features/ssl.adoc[SSL bundle] and applied to the `+CqlSession+` as shown in this example:
[configprops,yaml]
[configprops,yaml]
----
----
@ -502,10 +502,10 @@ Spring Boot does not look for such a file by default but can load one using `spr
If a property is both present in `+spring.cassandra.*+` and the configuration file, the value in `+spring.cassandra.*+` takes precedence.
If a property is both present in `+spring.cassandra.*+` and the configuration file, the value in `+spring.cassandra.*+` takes precedence.
For more advanced driver customizations, you can register an arbitrary number of beans that implement `DriverConfigLoaderBuilderCustomizer`.
For more advanced driver customizations, you can register an arbitrary number of beans that implement `DriverConfigLoaderBuilderCustomizer`.
The `CqlSession` can be customized with a bean of type `CqlSessionBuilderCustomizer`.
The `+CqlSession+` can be customized with a bean of type `CqlSessionBuilderCustomizer`.
====
====
NOTE: If you use `CqlSessionBuilder` to create multiple `CqlSession` beans, keep in mind the builder is mutable so make sure to inject a fresh copy for each session.
NOTE: If you use `+CqlSessionBuilder+` to create multiple `+CqlSession+` beans, keep in mind the builder is mutable so make sure to inject a fresh copy for each session.
The following code listing shows how to inject a Cassandra bean:
The following code listing shows how to inject a Cassandra bean:
@ -137,7 +137,7 @@ The following connection pools are supported by `DataSourceBuilder`:
* HikariCP
* HikariCP
* Tomcat pooling `DataSource`
* Tomcat pooling `DataSource`
* Commons DBCP2
* Commons DBCP2
* Oracle UCP & `OracleDataSource`
* Oracle UCP & `+OracleDataSource+`
* Spring Framework's `SimpleDriverDataSource`
* Spring Framework's `SimpleDriverDataSource`
* H2 `JdbcDataSource`
* H2 `JdbcDataSource`
* PostgreSQL `PGSimpleDataSource`
* PostgreSQL `PGSimpleDataSource`
@ -234,7 +234,7 @@ See the xref:how-to:data-access.adoc#howto.data-access.separate-entity-definitio
{url-spring-data-jpa-site}[Spring Data JPA] repositories are interfaces that you can define to access data.
{url-spring-data-jpa-site}[Spring Data JPA] repositories are interfaces that you can define to access data.
JPA queries are created automatically from your method names.
JPA queries are created automatically from your method names.
For example, a `CityRepository` interface might declare a `findAllByState(String state)` method to find all the cities in a given state.
For example, a `+CityRepository+` interface might declare a `findAllByState(String state)` method to find all the cities in a given state.
For more complex queries, you can annotate your method with Spring Data's javadoc:{url-spring-data-jpa-javadoc}/org.springframework.data.jpa.repository.Query[] annotation.
For more complex queries, you can annotate your method with Spring Data's javadoc:{url-spring-data-jpa-javadoc}/org.springframework.data.jpa.repository.Query[] annotation.
@ -539,7 +539,7 @@ include-code::MyBean[]
https://spring.io/projects/spring-data-r2dbc[Spring Data R2DBC] repositories are interfaces that you can define to access data.
https://spring.io/projects/spring-data-r2dbc[Spring Data R2DBC] repositories are interfaces that you can define to access data.
Queries are created automatically from your method names.
Queries are created automatically from your method names.
For example, a `CityRepository` interface might declare a `findAllByState(String state)` method to find all the cities in a given state.
For example, a `+CityRepository+` interface might declare a `findAllByState(String state)` method to find all the cities in a given state.
For more complex queries, you can annotate your method with Spring Data's javadoc:{url-spring-data-r2dbc-javadoc}/org.springframework.data.r2dbc.repository.Query[format=annotation] annotation.
For more complex queries, you can annotate your method with Spring Data's javadoc:{url-spring-data-r2dbc-javadoc}/org.springframework.data.r2dbc.repository.Query[format=annotation] annotation.
If you have a container image defined in your `compose.yml` that you don’t want connected to your application you can use a label to ignore it.
If you have a container image defined in your `compose.yml` that you don’t want connected to your application you can use a label to ignore it.
Any container with labeled with `org.springframework.boot.ignore` will be ignored by Spring Boot.
Any container with labeled with `+org.springframework.boot.ignore+` will be ignored by Spring Boot.
For example:
For example:
@ -324,7 +324,7 @@ This will allow you to access all declared test dependencies and give you a natu
To create a test launchable version of your application you should create an "`Application`" class in the `src/test` directory.
To create a test launchable version of your application you should create an "`Application`" class in the `src/test` directory.
For example, if your main application is in `src/main/java/com/example/MyApplication.java`, you should create `src/test/java/com/example/TestMyApplication.java`
For example, if your main application is in `src/main/java/com/example/MyApplication.java`, you should create `src/test/java/com/example/TestMyApplication.java`
The `TestMyApplication` class can use the `SpringApplication.from(...)` method to launch the real application:
The `+TestMyApplication+` class can use the `SpringApplication.from(...)` method to launch the real application:
include-code::launch/TestMyApplication[]
include-code::launch/TestMyApplication[]
@ -349,7 +349,7 @@ Once you have defined your test configuration, you can use the `with(...)` metho
include-code::test/TestMyApplication[]
include-code::test/TestMyApplication[]
You can now launch `TestMyApplication` as you would any regular Java `main` method application to start your application and the containers that it needs to run.
You can now launch `+TestMyApplication+` as you would any regular Java `main` method application to start your application and the containers that it needs to run.
TIP: You can use the Maven goal `spring-boot:test-run` or the Gradle task `bootTestRun` to do this from the command line.
TIP: You can use the Maven goal `spring-boot:test-run` or the Gradle task `bootTestRun` to do this from the command line.
@ -98,7 +98,7 @@ When placed on a `@Bean` method, the target type defaults to the return type of
include-code::MyAutoConfiguration[]
include-code::MyAutoConfiguration[]
In the preceding example, the `someService` bean is going to be created if no bean of type `SomeService` is already contained in the `ApplicationContext`.
In the preceding example, the `someService` bean is going to be created if no bean of type `+SomeService+` is already contained in the `ApplicationContext`.
TIP: You need to be very careful about the order in which bean definitions are added, as these conditions are evaluated based on what has been processed so far.
TIP: You need to be very careful about the order in which bean definitions are added, as these conditions are evaluated based on what has been processed so far.
For this reason, we recommend using only `@ConditionalOnBean` and `@ConditionalOnMissingBean` annotations on auto-configuration classes (since these are guaranteed to load after any user-defined bean definitions have been added).
For this reason, we recommend using only `@ConditionalOnBean` and `@ConditionalOnMissingBean` annotations on auto-configuration classes (since these are guaranteed to load after any user-defined bean definitions have been added).
@ -330,7 +330,7 @@ By default you can import Java Properties, YAML and xref:features/external-confi
Third-party jars can offer support for additional technologies (there is no requirement for files to be local).
Third-party jars can offer support for additional technologies (there is no requirement for files to be local).
For example, you can imagine config data being from external stores such as Consul, Apache ZooKeeper or Netflix Archaius.
For example, you can imagine config data being from external stores such as Consul, Apache ZooKeeper or Netflix Archaius.
If you want to support your own locations, see the `ConfigDataLocationResolver` and `ConfigDataLoader` classes in the `org.springframework.boot.context.config` package.
If you want to support your own locations, see the `ConfigDataLocationResolver` and `ConfigDataLoader` classes in the `+org.springframework.boot.context.config+` package.
====
====
@ -725,7 +725,7 @@ A setter may be omitted in the following cases:
In the latter case, a setter is mandatory.
In the latter case, a setter is mandatory.
We recommend to always add a setter for such types.
We recommend to always add a setter for such types.
If you initialize a collection, make sure it is not immutable (as in the preceding example).
If you initialize a collection, make sure it is not immutable (as in the preceding example).
* If nested POJO properties are initialized (like the `Security` field in the preceding example), a setter is not required.
* If nested POJO properties are initialized (like the `+Security+` field in the preceding example), a setter is not required.
If you want the binder to create the instance on the fly by using its default constructor, you need a setter.
If you want the binder to create the instance on the fly by using its default constructor, you need a setter.
Some people use Project Lombok to add getters and setters automatically.
Some people use Project Lombok to add getters and setters automatically.
@ -750,13 +750,13 @@ To opt out of constructor binding for a class with a single parameterized constr
Constructor binding can be used with records.
Constructor binding can be used with records.
Unless your record has multiple constructors, there is no need to use `@ConstructorBinding`.
Unless your record has multiple constructors, there is no need to use `@ConstructorBinding`.
Nested members of a constructor bound class (such as `Security` in the example above) will also be bound through their constructor.
Nested members of a constructor bound class (such as `+Security+` in the example above) will also be bound through their constructor.
Default values can be specified using `@DefaultValue` on constructor parameters and record components.
Default values can be specified using `@DefaultValue` on constructor parameters and record components.
The conversion service will be applied to coerce the annotation's `String` value to the target type of a missing property.
The conversion service will be applied to coerce the annotation's `String` value to the target type of a missing property.
Referring to the previous example, if no properties are bound to `Security`, the `MyProperties` instance will contain a `null` value for `security`.
Referring to the previous example, if no properties are bound to `+Security+`, the `MyProperties` instance will contain a `null` value for `security`.
To make it contain a non-null instance of `Security` even when no properties are bound to it (when using Kotlin, this will require the `username` and `password` parameters of `Security` to be declared as nullable as they do not have default values), use an empty `@DefaultValue` annotation:
To make it contain a non-null instance of `+Security+` even when no properties are bound to it (when using Kotlin, this will require the `username` and `password` parameters of `+Security+` to be declared as nullable as they do not have default values), use an empty `@DefaultValue` annotation:
include-code::nonnull/MyProperties[tag=*]
include-code::nonnull/MyProperties[tag=*]
@ -799,7 +799,7 @@ include-code::MyApplication[]
When the `@ConfigurationProperties` bean is registered using configuration property scanning or through `@EnableConfigurationProperties`, the bean has a conventional name: `<prefix>-<fqn>`, where `<prefix>` is the environment key prefix specified in the `@ConfigurationProperties` annotation and `<fqn>` is the fully qualified name of the bean.
When the `@ConfigurationProperties` bean is registered using configuration property scanning or through `@EnableConfigurationProperties`, the bean has a conventional name: `<prefix>-<fqn>`, where `<prefix>` is the environment key prefix specified in the `@ConfigurationProperties` annotation and `<fqn>` is the fully qualified name of the bean.
If the annotation does not provide any prefix, only the fully qualified name of the bean is used.
If the annotation does not provide any prefix, only the fully qualified name of the bean is used.
Assuming that it is in the `com.example.app` package, the bean name of the `SomeProperties` example above is `some.properties-com.example.app.SomeProperties`.
Assuming that it is in the `com.example.app` package, the bean name of the `+SomeProperties+` example above is `some.properties-com.example.app.SomeProperties`.
====
====
We recommend that `@ConfigurationProperties` only deal with the environment and, in particular, does not inject other beans from the context.
We recommend that `@ConfigurationProperties` only deal with the environment and, in particular, does not inject other beans from the context.
@ -844,7 +844,7 @@ To configure a bean from the `Environment` properties, add `@ConfigurationProper
include-code::ThirdPartyConfiguration[]
include-code::ThirdPartyConfiguration[]
Any JavaBean property defined with the `another` prefix is mapped onto that `AnotherComponent` bean in manner similar to the preceding `SomeProperties` example.
Any JavaBean property defined with the `another` prefix is mapped onto that `+AnotherComponent+` bean in manner similar to the preceding `+SomeProperties+` example.
@ -148,7 +148,7 @@ JUnit 5 enables a test class to be instantiated once and reused for all of the c
This makes it possible to use `@BeforeAll` and `@AfterAll` annotations on non-static methods, which is a good fit for Kotlin.
This makes it possible to use `@BeforeAll` and `@AfterAll` annotations on non-static methods, which is a good fit for Kotlin.
To mock Kotlin classes, https://mockk.io/[MockK] is recommended.
To mock Kotlin classes, https://mockk.io/[MockK] is recommended.
If you need the `MockK` equivalent of the Mockito specific xref:testing/spring-boot-applications.adoc#testing.spring-boot-applications.mocking-beans[`@MockBean` and `@SpyBean` annotations], you can use https://github.com/Ninja-Squad/springmockk[SpringMockK] which provides similar `@MockkBean` and `@SpykBean` annotations.
If you need the `MockK` equivalent of the Mockito specific xref:testing/spring-boot-applications.adoc#testing.spring-boot-applications.mocking-beans[`@MockBean` and `@SpyBean` annotations], you can use https://github.com/Ninja-Squad/springmockk[SpringMockK] which provides similar `+@MockkBean+` and `+@SpykBean+` annotations.
It is also possible to set logging levels using environment variables.
It is also possible to set logging levels using environment variables.
For example, `LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_WEB=DEBUG` will set `org.springframework.web` to `DEBUG`.
For example, `LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_WEB=DEBUG` will set `+org.springframework.web+` to `DEBUG`.
NOTE: The above approach will only work for package level logging.
NOTE: The above approach will only work for package level logging.
Since relaxed binding xref:features/external-config.adoc#features.external-config.typesafe-configuration-properties.relaxed-binding.maps-from-environment-variables[always converts environment variables to lowercase], it is not possible to configure logging for an individual class in this way.
Since relaxed binding xref:features/external-config.adoc#features.external-config.typesafe-configuration-properties.relaxed-binding.maps-from-environment-variables[always converts environment variables to lowercase], it is not possible to configure logging for an individual class in this way.
@ -254,7 +254,7 @@ Spring Boot includes the following pre-defined logging groups that can be used o
@ -10,7 +10,7 @@ The annotation works by xref:testing/spring-boot-applications.adoc#testing.sprin
In addition to `@SpringBootTest` a number of other annotations are also provided for xref:testing/spring-boot-applications.adoc#testing.spring-boot-applications.autoconfigured-tests[testing more specific slices] of an application.
In addition to `@SpringBootTest` a number of other annotations are also provided for xref:testing/spring-boot-applications.adoc#testing.spring-boot-applications.autoconfigured-tests[testing more specific slices] of an application.
TIP: If you are using JUnit 4, do not forget to also add `@RunWith(SpringRunner.class)` to your test, otherwise the annotations will be ignored.
TIP: If you are using JUnit 4, do not forget to also add `@RunWith(SpringRunner.class)` to your test, otherwise the annotations will be ignored.
If you are using JUnit 5, there is no need to add the equivalent `@ExtendWith(SpringExtension.class)` as `@SpringBootTest` and the other `@...Test` annotations are already annotated with it.
If you are using JUnit 5, there is no need to add the equivalent `@ExtendWith(SpringExtension.class)` as `@SpringBootTest` and the other `+@...Test+` annotations are already annotated with it.
By default, `@SpringBootTest` will not start a server.
By default, `@SpringBootTest` will not start a server.
You can use the `webEnvironment` attribute of `@SpringBootTest` to further refine how your tests run:
You can use the `webEnvironment` attribute of `@SpringBootTest` to further refine how your tests run:
@ -226,7 +226,7 @@ Regardless of your classpath, tracing components which are reporting data are no
If you need those components as part of an integration test, annotate the test with `@AutoConfigureObservability`.
If you need those components as part of an integration test, annotate the test with `@AutoConfigureObservability`.
If you have created your own reporting components (e.g. a custom `SpanExporter` or `SpanHandler`) and you don't want them to be active in tests, you can use the `@ConditionalOnEnabledTracing` annotation to disable them.
If you have created your own reporting components (e.g. a custom `SpanExporter` or `+brave.handler.SpanHandler+`) and you don't want them to be active in tests, you can use the `@ConditionalOnEnabledTracing` annotation to disable them.
If you annotate xref:testing/spring-boot-applications.adoc#testing.spring-boot-applications.autoconfigured-tests[a sliced test] with `@AutoConfigureObservability`, it auto-configures a no-op `Tracer`.
If you annotate xref:testing/spring-boot-applications.adoc#testing.spring-boot-applications.autoconfigured-tests[a sliced test] with `@AutoConfigureObservability`, it auto-configures a no-op `Tracer`.
Data exporting in sliced tests is not supported with the `@AutoConfigureObservability` annotation.
Data exporting in sliced tests is not supported with the `@AutoConfigureObservability` annotation.
@ -254,7 +254,7 @@ To use this feature with a different arrangement, listeners must be explicitly a
include-code::listener/MyTests[]
include-code::listener/MyTests[]
====
====
The following example replaces an existing `RemoteService` bean with a mock implementation:
The following example replaces an existing `+RemoteService+` bean with a mock implementation:
include-code::bean/MyTests[]
include-code::bean/MyTests[]
@ -283,16 +283,16 @@ It often helps to load only the parts of the configuration that are required to
For example, you might want to test that Spring MVC controllers are mapping URLs correctly, and you do not want to involve database calls in those tests, or you might want to test JPA entities, and you are not interested in the web layer when those tests run.
For example, you might want to test that Spring MVC controllers are mapping URLs correctly, and you do not want to involve database calls in those tests, or you might want to test JPA entities, and you are not interested in the web layer when those tests run.
The `spring-boot-test-autoconfigure` module includes a number of annotations that can be used to automatically configure such "`slices`".
The `spring-boot-test-autoconfigure` module includes a number of annotations that can be used to automatically configure such "`slices`".
Each of them works in a similar way, providing a `@...Test` annotation that loads the `ApplicationContext` and one or more `@AutoConfigure...` annotations that can be used to customize auto-configuration settings.
Each of them works in a similar way, providing a `+@...Test+` annotation that loads the `ApplicationContext` and one or more `+@AutoConfigure...+` annotations that can be used to customize auto-configuration settings.
NOTE: Each slice restricts component scan to appropriate components and loads a very restricted set of auto-configuration classes.
NOTE: Each slice restricts component scan to appropriate components and loads a very restricted set of auto-configuration classes.
If you need to exclude one of them, most `@...Test` annotations provide an `excludeAutoConfiguration` attribute.
If you need to exclude one of them, most `+@...Test+` annotations provide an `excludeAutoConfiguration` attribute.
Alternatively, you can use `@ImportAutoConfiguration#exclude`.
Alternatively, you can use `@ImportAutoConfiguration#exclude`.
NOTE: Including multiple "`slices`" by using several `@...Test` annotations in one test is not supported.
NOTE: Including multiple "`slices`" by using several `+@...Test+` annotations in one test is not supported.
If you need multiple "`slices`", pick one of the `@...Test` annotations and include the `@AutoConfigure...` annotations of the other "`slices`" by hand.
If you need multiple "`slices`", pick one of the `+@...Test+` annotations and include the `+@AutoConfigure...+` annotations of the other "`slices`" by hand.
TIP: It is also possible to use the `@AutoConfigure...` annotations with the standard `@SpringBootTest` annotation.
TIP: It is also possible to use the `+@AutoConfigure...+` annotations with the standard `@SpringBootTest` annotation.
You can use this combination if you are not interested in "`slicing`" your application but you want some of the auto-configured test beans.
You can use this combination if you are not interested in "`slicing`" your application but you want some of the auto-configured test beans.
@ -303,9 +303,9 @@ You can use this combination if you are not interested in "`slicing`" your appli
To test that object JSON serialization and deserialization is working as expected, you can use the `@JsonTest` annotation.
To test that object JSON serialization and deserialization is working as expected, you can use the `@JsonTest` annotation.
`@JsonTest` auto-configures the available supported JSON mapper, which can be one of the following libraries:
`@JsonTest` auto-configures the available supported JSON mapper, which can be one of the following libraries:
* Jackson `ObjectMapper`, any `@JsonComponent` beans and any Jackson ``Module``s
* Jackson `ObjectMapper`, any `@JsonComponent` beans and any Jackson `com.fasterxml.jackson.databind.Module`
* `Gson`
* `+Gson+`
* `Jsonb`
* `+Jsonb+`
TIP: A list of the auto-configurations that are enabled by `@JsonTest` can be xref:appendix:test-auto-configuration/index.adoc[found in the appendix].
TIP: A list of the auto-configurations that are enabled by `@JsonTest` can be xref:appendix:test-auto-configuration/index.adoc[found in the appendix].
Each slice provides one or more `@AutoConfigure...` annotations that namely defines the auto-configurations that should be included as part of a slice.
Each slice provides one or more `+@AutoConfigure...+` annotations that namely defines the auto-configurations that should be included as part of a slice.
Additional auto-configurations can be added on a test-by-test basis by creating a custom `@AutoConfigure...` annotation or by adding `@ImportAutoConfiguration` to the test as shown in the following example:
Additional auto-configurations can be added on a test-by-test basis by creating a custom `+@AutoConfigure...+` annotation or by adding `@ImportAutoConfiguration` to the test as shown in the following example:
include-code::MyJdbcTests[]
include-code::MyJdbcTests[]
@ -855,11 +855,11 @@ Alternatively, additional auto-configurations can be added for any use of a slic
com.example.IntegrationAutoConfiguration
com.example.IntegrationAutoConfiguration
----
----
In this example, the `com.example.IntegrationAutoConfiguration` is enabled on every test annotated with `@JdbcTest`.
In this example, the `+com.example.IntegrationAutoConfiguration+` is enabled on every test annotated with `@JdbcTest`.
TIP: You can use comments with `#` in this file.
TIP: You can use comments with `#` in this file.
TIP: A slice or `@AutoConfigure...` annotation can be customized this way as long as it is meta-annotated with `@ImportAutoConfiguration`.
TIP: A slice or `+@AutoConfigure...+` annotation can be customized this way as long as it is meta-annotated with `@ImportAutoConfiguration`.
@ -400,7 +400,7 @@ The application's single required argument is the remote URL to which it connect
For example, if you are using Eclipse or Spring Tools and you have a project named `my-app` that you have deployed to Cloud Foundry, you would do the following:
For example, if you are using Eclipse or Spring Tools and you have a project named `my-app` that you have deployed to Cloud Foundry, you would do the following:
* Select `Run Configurations...` from the `Run` menu.
* Select `Run Configurations...` from the `+Run+` menu.
* Create a new `Java Application` "`launch configuration`".
* Create a new `Java Application` "`launch configuration`".
* Browse for the `my-app` project.
* Browse for the `my-app` project.
* Use `org.springframework.boot.devtools.RemoteSpringApplication` as the main class.
* Use `org.springframework.boot.devtools.RemoteSpringApplication` as the main class.
@ -20,14 +20,14 @@ You can run a Spring Boot application from your IDE as a Java application.
However, you first need to import your project.
However, you first need to import your project.
Import steps vary depending on your IDE and build system.
Import steps vary depending on your IDE and build system.
Most IDEs can import Maven projects directly.
Most IDEs can import Maven projects directly.
For example, Eclipse users can select `Import...` -> `Existing Maven Projects` from the `File` menu.
For example, Eclipse users can select `+Import...+` -> `Existing Maven Projects` from the `+File+` menu.
If you cannot directly import your project into your IDE, you may be able to generate IDE metadata by using a build plugin.
If you cannot directly import your project into your IDE, you may be able to generate IDE metadata by using a build plugin.
Maven includes plugins for https://maven.apache.org/plugins/maven-eclipse-plugin/[Eclipse] and https://maven.apache.org/plugins/maven-idea-plugin/[IDEA].
Maven includes plugins for https://maven.apache.org/plugins/maven-eclipse-plugin/[Eclipse] and https://maven.apache.org/plugins/maven-idea-plugin/[IDEA].
Gradle offers plugins for {url-gradle-docs}/userguide.html[various IDEs].
Gradle offers plugins for {url-gradle-docs}/userguide.html[various IDEs].
TIP: If you accidentally run a web application twice, you see a "`Port already in use`" error.
TIP: If you accidentally run a web application twice, you see a "`Port already in use`" error.
Spring Tools users can use the `Relaunch` button rather than the `Run` button to ensure that any existing instance is closed.
Spring Tools users can use the `+Relaunch+` button rather than the `+Run+` button to ensure that any existing instance is closed.
@ -7,7 +7,7 @@ We generally recommend using constructor injection to wire up dependencies and `
If you structure your code as suggested above (locating your application class in a top package), you can add `@ComponentScan` without any arguments or use the `@SpringBootApplication` annotation which implicitly includes it.
If you structure your code as suggested above (locating your application class in a top package), you can add `@ComponentScan` without any arguments or use the `@SpringBootApplication` annotation which implicitly includes it.
All of your application components (`@Component`, `@Service`, `@Repository`, `@Controller`, and others) are automatically registered as Spring Beans.
All of your application components (`@Component`, `@Service`, `@Repository`, `@Controller`, and others) are automatically registered as Spring Beans.
The following example shows a `@Service` Bean that uses constructor injection to obtain a required `RiskAssessor` bean:
The following example shows a `@Service` Bean that uses constructor injection to obtain a required `+RiskAssessor+` bean:
@ -373,7 +373,7 @@ You can also define a class annotated with `@ControllerAdvice` to customize the
include-code::MyControllerAdvice[]
include-code::MyControllerAdvice[]
In the preceding example, if `MyException` is thrown by a controller defined in the same package as `SomeController`, a JSON representation of the `MyErrorBody` POJO is used instead of the `ErrorAttributes` representation.
In the preceding example, if `MyException` is thrown by a controller defined in the same package as `+SomeController+`, a JSON representation of the `MyErrorBody` POJO is used instead of the `ErrorAttributes` representation.
In some cases, errors handled at the controller level are not recorded by web observations or the xref:actuator/metrics.adoc#actuator.metrics.supported.spring-mvc[metrics infrastructure].
In some cases, errors handled at the controller level are not recorded by web observations or the xref:actuator/metrics.adoc#actuator.metrics.supported.spring-mvc[metrics infrastructure].
Applications can ensure that such exceptions are recorded with the observations by {url-spring-framework-docs}/integration/observability.html#observability.http-server.servlet[setting the handled exception on the observation context].
Applications can ensure that such exceptions are recorded with the observations by {url-spring-framework-docs}/integration/observability.html#observability.http-server.servlet[setting the handled exception on the observation context].
@ -613,14 +613,14 @@ TIP: See the javadoc:org.springframework.boot.autoconfigure.web.ServerProperties
The `SameSite` cookie attribute can be used by web browsers to control if and how cookies are submitted in cross-site requests.
The `+SameSite+` cookie attribute can be used by web browsers to control if and how cookies are submitted in cross-site requests.
The attribute is particularly relevant for modern web browsers which have started to change the default value that is used when the attribute is missing.
The attribute is particularly relevant for modern web browsers which have started to change the default value that is used when the attribute is missing.
If you want to change the `SameSite` attribute of your session cookie, you can use the configprop:server.servlet.session.cookie.same-site[] property.
If you want to change the `+SameSite+` attribute of your session cookie, you can use the configprop:server.servlet.session.cookie.same-site[] property.
This property is supported by auto-configured Tomcat, Jetty and Undertow servers.
This property is supported by auto-configured Tomcat, Jetty and Undertow servers.
It is also used to configure Spring Session servlet based `SessionRepository` beans.
It is also used to configure Spring Session servlet based `SessionRepository` beans.
For example, if you want your session cookie to have a `SameSite` attribute of `None`, you can add the following to your `application.properties` or `application.yaml` file:
For example, if you want your session cookie to have a `+SameSite+` attribute of `+None+`, you can add the following to your `application.properties` or `application.yaml` file:
[configprops,yaml]
[configprops,yaml]
----
----
@ -631,11 +631,11 @@ server:
same-site: "none"
same-site: "none"
----
----
If you want to change the `SameSite` attribute on other cookies added to your `HttpServletResponse`, you can use a `CookieSameSiteSupplier`.
If you want to change the `+SameSite+` attribute on other cookies added to your `HttpServletResponse`, you can use a `CookieSameSiteSupplier`.
The `CookieSameSiteSupplier` is passed a `Cookie` and may return a `SameSite` value, or `null`.
The `CookieSameSiteSupplier` is passed a `Cookie` and may return a `+SameSite+` value, or `null`.
There are a number of convenience factory and filter methods that you can use to quickly match specific cookies.
There are a number of convenience factory and filter methods that you can use to quickly match specific cookies.
For example, adding the following bean will automatically apply a `SameSite` of `Lax` for all cookies with a name that matches the regular expression `myapp.*`.
For example, adding the following bean will automatically apply a `+SameSite+` of `+Lax+` for all cookies with a name that matches the regular expression `myapp.*`.
@ -16,7 +16,7 @@ Using generated security password: 78fa095d-3f4c-48b1-ad50-e24c31d5cf35
This generated password is for development use only. Your security configuration must be updated before running your application in production.
This generated password is for development use only. Your security configuration must be updated before running your application in production.
----
----
NOTE: If you fine-tune your logging configuration, ensure that the `org.springframework.boot.autoconfigure.security` category is set to log `WARN`-level messages.
NOTE: If you fine-tune your logging configuration, ensure that the `+org.springframework.boot.autoconfigure.security+` category is set to log `WARN`-level messages.
Otherwise, the default password is not printed.
Otherwise, the default password is not printed.
You can change the username and password by providing a `spring.security.user.name` and `spring.security.user.password`.
You can change the username and password by providing a `spring.security.user.name` and `spring.security.user.password`.
@ -24,7 +24,7 @@ You can change the username and password by providing a `spring.security.user.na
The basic features you get by default in a web application are:
The basic features you get by default in a web application are:
* A `UserDetailsService` (or `ReactiveUserDetailsService` in case of a WebFlux application) bean with in-memory store and a single user with a generated password (see javadoc:org.springframework.boot.autoconfigure.security.SecurityProperties$User[] for the properties of the user).
* A `UserDetailsService` (or `ReactiveUserDetailsService` in case of a WebFlux application) bean with in-memory store and a single user with a generated password (see javadoc:org.springframework.boot.autoconfigure.security.SecurityProperties$User[] for the properties of the user).
* Form-based login or HTTP Basic security (depending on the `Accept` header in the request) for the entire application (including actuator endpoints if actuator is on the classpath).
* Form-based login or HTTP Basic security (depending on the `+Accept+` header in the request) for the entire application (including actuator endpoints if actuator is on the classpath).
* A `DefaultAuthenticationEventPublisher` for publishing authentication events.
* A `DefaultAuthenticationEventPublisher` for publishing authentication events.
You can provide a different `AuthenticationEventPublisher` by adding a bean for it.
You can provide a different `AuthenticationEventPublisher` by adding a bean for it.
@ -35,7 +35,7 @@ You can provide a different `AuthenticationEventPublisher` by adding a bean for
== MVC Security
== MVC Security
The default security configuration is implemented in `SecurityAutoConfiguration` and `UserDetailsServiceAutoConfiguration`.
The default security configuration is implemented in `SecurityAutoConfiguration` and `UserDetailsServiceAutoConfiguration`.
`SecurityAutoConfiguration` imports `SpringBootWebSecurityConfiguration` for web security and `UserDetailsServiceAutoConfiguration` configures authentication, which is also relevant in non-web applications.
`SecurityAutoConfiguration` imports `+SpringBootWebSecurityConfiguration+` for web security and `UserDetailsServiceAutoConfiguration` configures authentication, which is also relevant in non-web applications.
To completely switch off the default web application security configuration, including Actuator security, or to combine multiple Spring Security components such as OAuth2 Client and Resource Server, add a bean of type `SecurityFilterChain` (doing so does not disable the `UserDetailsService` configuration).
To completely switch off the default web application security configuration, including Actuator security, or to combine multiple Spring Security components such as OAuth2 Client and Resource Server, add a bean of type `SecurityFilterChain` (doing so does not disable the `UserDetailsService` configuration).
To also switch off the `UserDetailsService` configuration, add a bean of type `UserDetailsService`, `AuthenticationProvider`, or `AuthenticationManager`.
To also switch off the `UserDetailsService` configuration, add a bean of type `UserDetailsService`, `AuthenticationProvider`, or `AuthenticationManager`.
@ -60,7 +60,7 @@ Spring Boot provides convenience methods that can be used to override access rul
Similar to Spring MVC applications, you can secure your WebFlux applications by adding the `spring-boot-starter-security` dependency.
Similar to Spring MVC applications, you can secure your WebFlux applications by adding the `spring-boot-starter-security` dependency.
The default security configuration is implemented in `ReactiveSecurityAutoConfiguration` and `UserDetailsServiceAutoConfiguration`.
The default security configuration is implemented in `ReactiveSecurityAutoConfiguration` and `UserDetailsServiceAutoConfiguration`.
`ReactiveSecurityAutoConfiguration` imports `WebFluxSecurityConfiguration` for web security and `UserDetailsServiceAutoConfiguration` configures authentication, which is also relevant in non-web applications.
`ReactiveSecurityAutoConfiguration` imports `+WebFluxSecurityConfiguration+` for web security and `UserDetailsServiceAutoConfiguration` configures authentication, which is also relevant in non-web applications.
To completely switch off the default web application security configuration, including Actuator security, add a bean of type `WebFilterChainProxy` (doing so does not disable the `UserDetailsService` configuration).
To completely switch off the default web application security configuration, including Actuator security, add a bean of type `WebFilterChainProxy` (doing so does not disable the `UserDetailsService` configuration).
To also switch off the `UserDetailsService` configuration, add a bean of type `ReactiveUserDetailsService` or `ReactiveAuthenticationManager`.
To also switch off the `UserDetailsService` configuration, add a bean of type `ReactiveUserDetailsService` or `ReactiveAuthenticationManager`.
Phillip Webb
1 year ago