Spring Boot 1.5 版本升級說明

這是官方的Spring Boot 1.5 版本升級說明，本文將對其作出個人理解。

Upgrading from Spring Boot 1.4

Deprecations from Spring Boot 1.4

Classes, methods and properties that were deprecated in Spring Boot 1.4 have been removed in this release. Please ensure that you aren’t calling deprecated methods before upgrading. In particular, the HornetQ and Velocity support have been removed.

照例說明，過期、刪除的方法禁止調用。
HornetQ 是一個支持集群和多種協(xié)議，可嵌入、高性能的異步消息系統(tǒng)，完全支持 JMS。2014年后停止更新，目前的主流是kafka、rocketmq。
Velocity 是模板引擎，目前主流是前后端分離。

Renamed starters

The following starters that were renamed in Spring Boot 1.4 have now been removed, if you get "unresolved dependency" errors please check that you are pulling in the correctly named starter:

• spring-boot-starter-ws → spring-boot-starter-web-services
• spring-boot-starter-redis → spring-boot-starter-data-redis

依賴重命名。
spring-boot-starter-web-services： Web Services 平臺是 XML + HTTP，即使用 XML 來編解碼數(shù)據(jù)，HTTP來傳輸數(shù)據(jù)，其中SOAP 是基于 XML 的簡易協(xié)議。相對應地，現(xiàn)在更多是JSON + HTTP。

@ConfigurationProperties validation

If you have @ConfigurationProperties classes that use JSR-303 constraint annotations, you should now additionally annotate them with @Validated. Existing validation will currently continue to work, however, a warning will be logged. In the future, classes without @Validated will not be validated at all.

JSR-303：JAVA EE 6 中的一項子規(guī)范，叫做 Bean Validation，官方參考實現(xiàn)是Hibernate Validator。Hibernate Validator 提供了 JSR 303 規(guī)范中所有內(nèi)置 constraint 的實現(xiàn)，除此之外還有一些附加的 constraint。
@ConfigurationProperties注解的類，如果有參數(shù)需要校驗，要加@Validated注解，否則會打印 warn 日志，升到springboot2.0后，校驗會失效。

Spring Session store

Previously, if you had Spring Session and Redis with no particular configuration, Redis was automatically used to store sessions. You now need to specify the store type; existing users of Spring Session with Redis should add the following to their configuration:

spring.session.store-type=redis

以前，如果沒用指定配置，Redis也會自動用于存儲會話?，F(xiàn)在Spring Session使用Redis需要添加以上配置屬性。

Actuator security

Actuator "sensitive" endpoints are now secure by default (even if don’t have a dependency on "Spring Security"). If your existing Spring Boot 1.4 application makes use of Spring Security (and doesn’t have any custom security configuration) things should work as before. If your existing Spring Boot 1.4 application has custom security configuration and you wish to have open access to your sensitive endpoints, you will need to explicitly configure that in your security configuration. If you’re upgrading a Spring Boot 1.4 application that doesn’t have dependency on Spring Security and you wish to retain open access to your sensitive endpoints you’ll need to set management.security.enabled to false. See the updated reference documentation for more details.

如果使用了Spring Security，那么訪問端點默認都是安全的，因為需要身份驗證；如果不想要身份驗證，可以配置屬性 management.security.enabled=false。

The default role required to access the endpoints has also changed from ADMIN to ACTUATOR. This is to prevent accidental exposure of endpoints if you happen to use the ADMIN role for other purposes. If you want to restore Spring Boot 1.4 behavior set the management.security.roles property to ADMIN.

可以查看端點的默認角色從ADMIN變?yōu)锳CTUATOR，通過配置屬性 management.security.roles 設置角色。

InMemoryMetricRepository

The InMemoryMetricRepository no longer directly implements MultiMetricRepository. A new InMemoryMultiMetricRepository bean is now registered that satisfies the MultiMetricRepository interface and is backed by a regular InMemoryMetricRepository. Since most users will be interacting with MetricRepository or MultiMetricRepository interfaces (rather than the in-memory implementation) this change should be transparent.

這是監(jiān)控平臺指標數(shù)據(jù)CRUD的接口類，springboot2.0的actuator會發(fā)生大改。

spring.jpa.database

The spring.jpa.database can now be auto-detected for common databases from the spring.datasource.url property. If you’ve manually defined spring.jpa.database, and you use a common database, you might want to try removing the property altogether.

spring.jpa.database的數(shù)據(jù)庫信息會自動從spring.datasource.url屬性獲取。小心屬性覆蓋。

Several database have more than one Dialect (for instance, Microsoft SQL Server has 3) so we might configure one that doesn’t match the version of the database you are using. If you had a working setup before and would like to rely on Hibernate to auto-detect the Dialect, set spring.jpa.database=default. Alternatively, you can always set the dialect yourself using the spring.jpa.database-platform property.

數(shù)據(jù)庫方言（dialect）是什么？
配置屬性 spring.jpa.database=default 會自動檢測方言，配置屬性 spring.jpa.database-platform 自行設置方言。

@IntegrationComponentScan

Spring Integration’s @IntegrationComponentScan annotation is now auto-configured. If you follow the recommended project structure, you should try removing it.

我的理解是以前通過 @EnableIntegration 注解開啟Integration’s 功能，現(xiàn)在加上 @IntegrationComponentScan 即可。

ApplicationStartedEvent

If you currently listen for an ApplicationStartedEvent in your code you should refactor to use ApplicationStartingEvent. We renamed this class to more accurately reflect what it does.

ApplicationStartedEvent改名ApplicationStartedEvent，升級到springboot2.0后，又補充了一個新的ApplicationStartedEvent。

Spring Integration Starter

The spring-boot-starter-integration POM no longer includes spring-integration-jmx. If you require Spring Integration JMX support you should include a spring-integration-jmx dependency yourself.

spring-boot-starter-integration不再包含spring-integration-jmx依賴，需要自己手動引入。

Devtools excluded by default

Both the Maven and Gradle plugins now by default exclude packaging of the spring-boot-devtools jar in "fat" jars. If you are using devtools remote support you will now need to explicitly set the excludeDevtools property in your build.gradle or pom.xml file.

現(xiàn)在jar包部署默認排除devtools功能，如果需要遠程devtools支持，需要手動開啟。

Gradle 1.x

The Spring Boot Gradle plugin is no longer compatible with Gradle 1.x and early versions of Gradle 2.x. Please ensure you are Gradle 2.9 or higher.

插件升級，Gradle 版本要求2.9及以上。

Remote CRaSH shell

Unfortunately the CRaSH project used by Spring Boot to provide remote SSH support is no longer being actively maintained. With regret, we’ve decided to deprecate remote actuator SSH support and it’s scheduled to be removed entirely in Spring Boot 2.0.

在springboot2.0的確被移除了。原因未知。

OAuth 2 Resource Filter

The default order of the OAuth2 resource filter has changed from 3 to SecurityProperties.ACCESS_OVERRIDE_ORDER - 1. This places it after the actuator endpoints but before the basic authentication filter chain. The default can be restored by setting security.oauth2.resource.filter-order = 3

關于Spring OAuth2主要分兩個服務，一個是授權服務，負責獲取內(nèi)部服務授權給予的token，一個是資源服務，主要負責輸出鑒權后請求的數(shù)據(jù)。這里的order值是指ResourceServerConfiguration類的配置優(yōu)先級，現(xiàn)在可以通過配置屬性進行修改。

JSP servlet

The JSP servlet is no longer in development mode by default. Development mode is automatically enabled when using DevTools. It can also be enabled explicitly by setting server.jsp-servlet.init-parameters.development=true.

development mode：在開發(fā)模式下，容器會經(jīng)常檢查jsp文件的時間戳來決定是否進行編譯，如果jsp文件的時間戳比對應的.class文件的時間戳晚就證明jsp又進行了修改，需要再次編譯，但是不斷地進行時間戳的比對開銷很大，會影響系統(tǒng)性能，而在生產(chǎn)模式下系統(tǒng)不會經(jīng)常想的檢查時間戳。所以一般在開發(fā)過程中使用開發(fā)模式，這樣可以在jsp修改后再次訪問就可以見到修改后的效果非常方便，而系統(tǒng)上線之后就要改為生產(chǎn)模式，雖然生產(chǎn)模式下會導致jsp的修改需要重啟服務器才可以生效，但是上線后的改動較少而且性能很重要。參考JSP內(nèi)存馬研究
現(xiàn)在沒啥人會用jsp了吧，無所謂了。

Ignored paths and @EnableWebSecurity

In Spring Boot 1.4 and earlier, the Actuator would always configure some ignored paths irrespective of the use of @EnableWebSecurity. This has been corrected in 1.5 so that using @EnableWebSecurity will switch off all auto-configuration of web security thereby allowing you to take complete control.

沒理解什么意思。

New and Noteworthy

Tip：Check the configuration changelog for a complete overview of the changes in configuration.

配置屬性的變化及原因。

Third-party library upgrades

A number of third party libraries have been upgraded to their latest version. Updates include Spring Data Ingalls, Jetty 9.4, JooQ 3.9, AssertJ 2.6.0, Hikari 2.5 and Neo4J 2.1. Several Maven plugins have also been upgraded.

第三方依賴版本升級到最新。

Loggers endpoint

A new actuator loggers endpoint allows you to view and change application logging levels on the fly. There is both a JMX and MVC endpoint available. For example, to change the logging level with the MVC endpoint, you can issue a POST to /loggers/com.yourcorp.application with the following JSON

{
  "configuredLevel": "DEBUG"
}

To update the logger using the JMX endpoint you would use the setLogLevel operation. For more details see the updated documentation.

通過調用 /loggers/包路徑 POST接口，可以修改改路徑下日志輸出等級，方便生產(chǎn)環(huán)境日志查看。可以參考Spring boot——Actuator 詳解。

Apache Kafka support

Spring Boot 1.5 include auto-configuration support for Apache Kafka via the spring-kafka project. To use Kafka simply include the spring-kafkadepenency and configure the appropriate spring.kafka.* application properties.
Recieving messages from Kafka is as simple as annotating a method:

@Component
public class MyBean {

    @KafkaListener(topics = "someTopic")
    public void processMessage(String content) {
        // ...
    }

}

主要新增了三個參數(shù)：errorHandler、groupId、idIsGroup。

Cloud Foundry actuator extensions

Spring Boot’s actuator module now includes additional support that is activated when you deploy to a compatible Cloud Foundry instance. The /cloudfoundryapplication path provides an alternative secured route to all NamedMvcEndpoint beans.
Cloud Foundry management UIs can make use of the endpoint to display additional actuator information. For example, Pivotal Cloud Foundry shows health information next to the application status:
[圖片]
You can read more about the Cloud Foundry endpoint in the reference documentation and for and example of the kinds of things it can be used for you can read this blog post about PCF 1.9.

Cloud Foundry 是一個云原生平臺，沒用過。

LDAP support

Spring Boot now offers auto-configuration for any compliant LDAP server as well as support for the embedded in-memory LDAP server from Unbounded.
See the documentation for more details.

LDAP：輕型目錄訪問協(xié)議，本質上 LDAP 是一種基于 TCP 的協(xié)議，就像 HTTP 一樣。而我們一般談到的 LDAP ，大多都是基于該協(xié)議的具體實現(xiàn)，如微軟的 AD(Active Directory)、OpenLDAP 等。參考介紹LDAP 概念和原理。
新增spring-boot-starter-data-ldap依賴簡化ldap的配置。

AuditEvents Endpoint Support

A new AuditEventsJmxEndpoint bean now allows you to query previously recorded AuditEvents over JMX. The MBean exposes AuditEventRepository find methods via getData operations. Audits are automatically recoded for authentication and authorization event and you can record your own events using the AuditEventRepository. That information is also exposed by a new /auditevents MVC endpoint.

這是actuator的端點，記錄了用戶認證登錄系統(tǒng)相關的事件信息，包括時間戳、認證用戶、事件類型、訪問地址、sessionId等信息，實現(xiàn)方式參考Spring Boot Actuator，每一個端點都有案例。

Transaction manager properties

It’s now possible to configure various aspects of an auto-configured PlatformTransactionManager using spring.transaction.* properties. Currently the "default-timeout" and rollback-on-commit-failure properties are supported.

TransactionProperties類，增加了配置屬性：
spring.transaction.default-timeout，默認的事務超時時間；spring.transaction.rollback-on-commit-failure，是否在提交失敗時執(zhí)行回滾。

JmxEndpoint interface

A new JmxEndpoint interface has been introduced to allow you to develop actuator endpoints that are only exposed via JMX. The interface is very similar to the MvcEndpoint interface already provided for MVC only endpoints.

JMX(Java Management Extensions)是一個為應用程序植入管理功能的框架 ，從Java5.0開始引入到標準Java技術平臺中。參考介紹jmx 是什么？應用場景是什么？。
JMX Endpoints，以JMX形式對外提供訪問接口。實現(xiàn)方式參考Spring Boot Actuator-JMX Endpoints。

Vendor specific flyway migrations

You can now define flyway migration that are specific to a database vendor. To use vendor specific migrations, set the flyway.locations property as follows:

flyway.locations=db/migration/{vendor}

See this how-to for more details.

Flyway 數(shù)據(jù)庫版本控制的組件。參考介紹Flyway 數(shù)據(jù)庫版本控制。

Deprecation level

It is now possible to define a deprecation level for a property in the metadata. The level can either be warning (default) or error.
Here is an example of manual metadata for a property that got moved in Spring Boot 2:

{
  "name": "server.context-parameters",
  "type": "java.util.Map<java.lang.String,java.lang.String>",
  "description": "ServletContext parameters.",
  "deprecation": {
    "level": "error",
    "replacement": "server.servlet.context-parameters"
  }
}

So far, when a deprecated property is not bound anymore, we remove the metadata altogether. This new feature allows to flag a property (server.context-parameters here) as an error. Newer versions of your favorite IDE should use that to offer assistance.

切換新老配置屬性時，可以標記老屬性，逐漸棄用刪除。

Testing updates

It’s now possible to exclude auto-configuration that would usually be imported by a @Test… annotation. All existing @Test… annotations now include a excludeAutoConfiguration attribute. Alternatively, you can add @ImportAutoConfiguration(exclude=…) directly to your tests.
Spring Boot 1.5 also introduces a new @JdbcTest annotation that can be used to test direct JDBC interactions.

@DataJpaTest、@RestClientTest、@WebMvcTest等注解增加了excludeAutoConfiguration屬性，用來排除不需要的自動配置類。

Custom fat jar layouts

The Spring Boot Maven and Gradle plugins now support custom fat jar layouts. This feature allows experimental layouts such as this one to be developed outside of Spring Boot. For more details, see the updated documentation.

普通的jar只包含當前 jar的信息，不含有第三方 jar。當內(nèi)部依賴第三方jar時，直接運行則會報錯，這時候需要將第三方jar內(nèi)嵌到可執(zhí)行jar里。將一個jar及其依賴的三方jar全部打到一個包中，這個包即為 FatJar。參考介紹Springboot - Fat Jar詳解。
這里的layout應該是指打包后的jar文件結構，具體實現(xiàn)還不了解。

JmsTemplate customizations

It is now possible to customize the auto-configured JmsTemplate using additional keys available in the spring.jms.template.* namespace.

在JmsProperties類中新增了Template內(nèi)部屬性類。

Miscellaneous

• Mockito 2.x can now be used with @MockBean (compatibility with Mockito 1.9 remains)
• The embedded launch script now supports a force-stop
• A new health check for Cassandra has been added
• Cassandra user defined types are now resolved (via Spring Data’s SimpleUserTypeResolver)
• The skip property now works for the Spring Boot Maven Plugin run, 'stop' and 'repackage` goals
• If multiple main method classes are found, the Maven and Gradle plugins will now automatically use the one annotated with @SpringBootApplication

Apache Cassandra 是一套開源分布式 Key-Value 存儲系統(tǒng)。它最初由 Facebook 開發(fā)，用于儲存特別大的數(shù)據(jù)。

Deprecations in Spring Boot 1.5

• TomcatEmbeddedServletContainerFactory.setTldSkip has been deprecated in favor of setTldSkipPatterns
• ApplicationStartedEvent has been replaced by ApplicationStartingEvent
• Several constants in LoggingApplicationListener have been replaced by versions in LogFile
• Caching with Guava has been deprecated since Guava support will be dropped in Spring Framework 5. Upgrade to Caffeine
• CRaSH support has been deprecated since it’s no longer actively maintained
• Several protected methods in EndpointMBeanExporter have been deprecated following the introduction of JmxEndpoint
• SearchStrategy.PARENTS has been replaced with SearchStrategy.ANCESTORS.
• Apache DBCP support has been deprecated in favor of DBCP 2
• The server.undertow.buffers-per-region property has been deprecated because it is not used (see UNDERTOW-587)
• @AutoConfigureTestDatabase has been moved from org.springframework.boot.test.autoconfigure.orm.jpa to org.springframework.boot.test.autoconfigure.jdbc

一些方法、類的過期替換，就不說了。

Property Renames

• The server.max-http-post-size property has been replaced by technology specific variants (for example server.tomcat.max-http-post-size)
• The spring.data.neo4j.session.scope property has been removed.

server.max-http-post-size 在 ServerProperties 類中，本來是幾個servlet容器共用一個屬性，現(xiàn)在拆分獨立使用。