Spring Boot 1.5 版本升级说明

这是官方的Spring Boot 1.5 版本升级说明，本文将对其作出个人理解。

Upgrading from Spring Boot 1.4

Deprecations from Spring Boot 1.4

Classes, methods and properties that were deprecated in Spring Boot 1.4 have been removed in this release. Please ensure that you aren’t calling deprecated methods before upgrading. In particular, the HornetQ and Velocity support have been removed.

照例说明，过期、删除的方法禁止调用。
HornetQ 是一个支持集群和多种协议，可嵌入、高性能的异步消息系统，完全支持 JMS。2014年后停止更新，目前的主流是kafka、rocketmq。
Velocity 是模板引擎，目前主流是前后端分离。

Renamed starters

The following starters that were renamed in Spring Boot 1.4 have now been removed, if you get "unresolved dependency" errors please check that you are pulling in the correctly named starter:

• spring-boot-starter-ws → spring-boot-starter-web-services
• spring-boot-starter-redis → spring-boot-starter-data-redis

依赖重命名。
spring-boot-starter-web-services： Web Services 平台是 XML + HTTP，即使用 XML 来编解码数据，HTTP来传输数据，其中SOAP 是基于 XML 的简易协议。相对应地，现在更多是JSON + HTTP。

@ConfigurationProperties validation

If you have @ConfigurationProperties classes that use JSR-303 constraint annotations, you should now additionally annotate them with @Validated. Existing validation will currently continue to work, however, a warning will be logged. In the future, classes without @Validated will not be validated at all.

JSR-303：JAVA EE 6 中的一项子规范，叫做 Bean Validation，官方参考实现是Hibernate Validator。Hibernate Validator 提供了 JSR 303 规范中所有内置 constraint 的实现，除此之外还有一些附加的 constraint。
@ConfigurationProperties注解的类，如果有参数需要校验，要加@Validated注解，否则会打印 warn 日志，升到springboot2.0后，校验会失效。

Spring Session store

Previously, if you had Spring Session and Redis with no particular configuration, Redis was automatically used to store sessions. You now need to specify the store type; existing users of Spring Session with Redis should add the following to their configuration:

spring.session.store-type=redis

以前，如果没用指定配置，Redis也会自动用于存储会话。现在Spring Session使用Redis需要添加以上配置属性。

Actuator security

Actuator "sensitive" endpoints are now secure by default (even if don’t have a dependency on "Spring Security"). If your existing Spring Boot 1.4 application makes use of Spring Security (and doesn’t have any custom security configuration) things should work as before. If your existing Spring Boot 1.4 application has custom security configuration and you wish to have open access to your sensitive endpoints, you will need to explicitly configure that in your security configuration. If you’re upgrading a Spring Boot 1.4 application that doesn’t have dependency on Spring Security and you wish to retain open access to your sensitive endpoints you’ll need to set management.security.enabled to false. See the updated reference documentation for more details.

如果使用了Spring Security，那么访问端点默认都是安全的，因为需要身份验证；如果不想要身份验证，可以配置属性 management.security.enabled=false。

The default role required to access the endpoints has also changed from ADMIN to ACTUATOR. This is to prevent accidental exposure of endpoints if you happen to use the ADMIN role for other purposes. If you want to restore Spring Boot 1.4 behavior set the management.security.roles property to ADMIN.

可以查看端点的默认角色从ADMIN变为ACTUATOR，通过配置属性 management.security.roles 设置角色。

InMemoryMetricRepository

The InMemoryMetricRepository no longer directly implements MultiMetricRepository. A new InMemoryMultiMetricRepository bean is now registered that satisfies the MultiMetricRepository interface and is backed by a regular InMemoryMetricRepository. Since most users will be interacting with MetricRepository or MultiMetricRepository interfaces (rather than the in-memory implementation) this change should be transparent.

这是监控平台指标数据CRUD的接口类，springboot2.0的actuator会发生大改。

spring.jpa.database

The spring.jpa.database can now be auto-detected for common databases from the spring.datasource.url property. If you’ve manually defined spring.jpa.database, and you use a common database, you might want to try removing the property altogether.

spring.jpa.database的数据库信息会自动从spring.datasource.url属性获取。小心属性覆盖。

Several database have more than one Dialect (for instance, Microsoft SQL Server has 3) so we might configure one that doesn’t match the version of the database you are using. If you had a working setup before and would like to rely on Hibernate to auto-detect the Dialect, set spring.jpa.database=default. Alternatively, you can always set the dialect yourself using the spring.jpa.database-platform property.

数据库方言（dialect）是什么？
配置属性 spring.jpa.database=default 会自动检测方言，配置属性 spring.jpa.database-platform 自行设置方言。

@IntegrationComponentScan

Spring Integration’s @IntegrationComponentScan annotation is now auto-configured. If you follow the recommended project structure, you should try removing it.

我的理解是以前通过 @EnableIntegration 注解开启Integration’s 功能，现在加上 @IntegrationComponentScan 即可。

ApplicationStartedEvent

If you currently listen for an ApplicationStartedEvent in your code you should refactor to use ApplicationStartingEvent. We renamed this class to more accurately reflect what it does.

ApplicationStartedEvent改名ApplicationStartedEvent，升级到springboot2.0后，又补充了一个新的ApplicationStartedEvent。

Spring Integration Starter

The spring-boot-starter-integration POM no longer includes spring-integration-jmx. If you require Spring Integration JMX support you should include a spring-integration-jmx dependency yourself.

spring-boot-starter-integration不再包含spring-integration-jmx依赖，需要自己手动引入。

Devtools excluded by default

Both the Maven and Gradle plugins now by default exclude packaging of the spring-boot-devtools jar in "fat" jars. If you are using devtools remote support you will now need to explicitly set the excludeDevtools property in your build.gradle or pom.xml file.

现在jar包部署默认排除devtools功能，如果需要远程devtools支持，需要手动开启。

Gradle 1.x

The Spring Boot Gradle plugin is no longer compatible with Gradle 1.x and early versions of Gradle 2.x. Please ensure you are Gradle 2.9 or higher.

插件升级，Gradle 版本要求2.9及以上。

Remote CRaSH shell

Unfortunately the CRaSH project used by Spring Boot to provide remote SSH support is no longer being actively maintained. With regret, we’ve decided to deprecate remote actuator SSH support and it’s scheduled to be removed entirely in Spring Boot 2.0.

在springboot2.0的确被移除了。原因未知。

OAuth 2 Resource Filter

The default order of the OAuth2 resource filter has changed from 3 to SecurityProperties.ACCESS_OVERRIDE_ORDER - 1. This places it after the actuator endpoints but before the basic authentication filter chain. The default can be restored by setting security.oauth2.resource.filter-order = 3

关于Spring OAuth2主要分两个服务，一个是授权服务，负责获取内部服务授权给予的token，一个是资源服务，主要负责输出鉴权后请求的数据。这里的order值是指ResourceServerConfiguration类的配置优先级，现在可以通过配置属性进行修改。

JSP servlet

The JSP servlet is no longer in development mode by default. Development mode is automatically enabled when using DevTools. It can also be enabled explicitly by setting server.jsp-servlet.init-parameters.development=true.

development mode：在开发模式下，容器会经常检查jsp文件的时间戳来决定是否进行编译，如果jsp文件的时间戳比对应的.class文件的时间戳晚就证明jsp又进行了修改，需要再次编译，但是不断地进行时间戳的比对开销很大，会影响系统性能，而在生产模式下系统不会经常想的检查时间戳。所以一般在开发过程中使用开发模式，这样可以在jsp修改后再次访问就可以见到修改后的效果非常方便，而系统上线之后就要改为生产模式，虽然生产模式下会导致jsp的修改需要重启服务器才可以生效，但是上线后的改动较少而且性能很重要。参考JSP内存马研究
现在没啥人会用jsp了吧，无所谓了。

Ignored paths and @EnableWebSecurity

In Spring Boot 1.4 and earlier, the Actuator would always configure some ignored paths irrespective of the use of @EnableWebSecurity. This has been corrected in 1.5 so that using @EnableWebSecurity will switch off all auto-configuration of web security thereby allowing you to take complete control.

没理解什么意思。

New and Noteworthy

Tip：Check the configuration changelog for a complete overview of the changes in configuration.

配置属性的变化及原因。

Third-party library upgrades

A number of third party libraries have been upgraded to their latest version. Updates include Spring Data Ingalls, Jetty 9.4, JooQ 3.9, AssertJ 2.6.0, Hikari 2.5 and Neo4J 2.1. Several Maven plugins have also been upgraded.

第三方依赖版本升级到最新。

Loggers endpoint

A new actuator loggers endpoint allows you to view and change application logging levels on the fly. There is both a JMX and MVC endpoint available. For example, to change the logging level with the MVC endpoint, you can issue a POST to /loggers/com.yourcorp.application with the following JSON

{
  "configuredLevel": "DEBUG"
}

To update the logger using the JMX endpoint you would use the setLogLevel operation. For more details see the updated documentation.

通过调用 /loggers/包路径 POST接口，可以修改改路径下日志输出等级，方便生产环境日志查看。可以参考Spring boot——Actuator 详解。

Apache Kafka support

Spring Boot 1.5 include auto-configuration support for Apache Kafka via the spring-kafka project. To use Kafka simply include the spring-kafkadepenency and configure the appropriate spring.kafka.* application properties.
Recieving messages from Kafka is as simple as annotating a method:

@Component
public class MyBean {

    @KafkaListener(topics = "someTopic")
    public void processMessage(String content) {
        // ...
    }

}

主要新增了三个参数：errorHandler、groupId、idIsGroup。

Cloud Foundry actuator extensions

Spring Boot’s actuator module now includes additional support that is activated when you deploy to a compatible Cloud Foundry instance. The /cloudfoundryapplication path provides an alternative secured route to all NamedMvcEndpoint beans.
Cloud Foundry management UIs can make use of the endpoint to display additional actuator information. For example, Pivotal Cloud Foundry shows health information next to the application status:
[图片]
You can read more about the Cloud Foundry endpoint in the reference documentation and for and example of the kinds of things it can be used for you can read this blog post about PCF 1.9.

Cloud Foundry 是一个云原生平台，没用过。

LDAP support

Spring Boot now offers auto-configuration for any compliant LDAP server as well as support for the embedded in-memory LDAP server from Unbounded.
See the documentation for more details.

LDAP：轻型目录访问协议，本质上 LDAP 是一种基于 TCP 的协议，就像 HTTP 一样。而我们一般谈到的 LDAP ，大多都是基于该协议的具体实现，如微软的 AD(Active Directory)、OpenLDAP 等。参考介绍LDAP 概念和原理。
新增spring-boot-starter-data-ldap依赖简化ldap的配置。

AuditEvents Endpoint Support

A new AuditEventsJmxEndpoint bean now allows you to query previously recorded AuditEvents over JMX. The MBean exposes AuditEventRepository find methods via getData operations. Audits are automatically recoded for authentication and authorization event and you can record your own events using the AuditEventRepository. That information is also exposed by a new /auditevents MVC endpoint.

这是actuator的端点，记录了用户认证登录系统相关的事件信息，包括时间戳、认证用户、事件类型、访问地址、sessionId等信息，实现方式参考Spring Boot Actuator，每一个端点都有案例。

Transaction manager properties

It’s now possible to configure various aspects of an auto-configured PlatformTransactionManager using spring.transaction.* properties. Currently the "default-timeout" and rollback-on-commit-failure properties are supported.

TransactionProperties类，增加了配置属性：
spring.transaction.default-timeout，默认的事务超时时间；spring.transaction.rollback-on-commit-failure，是否在提交失败时执行回滚。

JmxEndpoint interface

A new JmxEndpoint interface has been introduced to allow you to develop actuator endpoints that are only exposed via JMX. The interface is very similar to the MvcEndpoint interface already provided for MVC only endpoints.

JMX(Java Management Extensions)是一个为应用程序植入管理功能的框架 ，从Java5.0开始引入到标准Java技术平台中。参考介绍jmx 是什么？应用场景是什么？。
JMX Endpoints，以JMX形式对外提供访问接口。实现方式参考Spring Boot Actuator-JMX Endpoints。

Vendor specific flyway migrations

You can now define flyway migration that are specific to a database vendor. To use vendor specific migrations, set the flyway.locations property as follows:

flyway.locations=db/migration/{vendor}

See this how-to for more details.

Flyway 数据库版本控制的组件。参考介绍Flyway 数据库版本控制。

Deprecation level

It is now possible to define a deprecation level for a property in the metadata. The level can either be warning (default) or error.
Here is an example of manual metadata for a property that got moved in Spring Boot 2:

{
  "name": "server.context-parameters",
  "type": "java.util.Map<java.lang.String,java.lang.String>",
  "description": "ServletContext parameters.",
  "deprecation": {
    "level": "error",
    "replacement": "server.servlet.context-parameters"
  }
}

So far, when a deprecated property is not bound anymore, we remove the metadata altogether. This new feature allows to flag a property (server.context-parameters here) as an error. Newer versions of your favorite IDE should use that to offer assistance.

切换新老配置属性时，可以标记老属性，逐渐弃用删除。

Testing updates

It’s now possible to exclude auto-configuration that would usually be imported by a @Test… annotation. All existing @Test… annotations now include a excludeAutoConfiguration attribute. Alternatively, you can add @ImportAutoConfiguration(exclude=…) directly to your tests.
Spring Boot 1.5 also introduces a new @JdbcTest annotation that can be used to test direct JDBC interactions.

@DataJpaTest、@RestClientTest、@WebMvcTest等注解增加了excludeAutoConfiguration属性，用来排除不需要的自动配置类。

Custom fat jar layouts

The Spring Boot Maven and Gradle plugins now support custom fat jar layouts. This feature allows experimental layouts such as this one to be developed outside of Spring Boot. For more details, see the updated documentation.

普通的jar只包含当前 jar的信息，不含有第三方 jar。当内部依赖第三方jar时，直接运行则会报错，这时候需要将第三方jar内嵌到可执行jar里。将一个jar及其依赖的三方jar全部打到一个包中，这个包即为 FatJar。参考介绍Springboot - Fat Jar详解。
这里的layout应该是指打包后的jar文件结构，具体实现还不了解。

JmsTemplate customizations

It is now possible to customize the auto-configured JmsTemplate using additional keys available in the spring.jms.template.* namespace.

在JmsProperties类中新增了Template内部属性类。

Miscellaneous

• Mockito 2.x can now be used with @MockBean (compatibility with Mockito 1.9 remains)
• The embedded launch script now supports a force-stop
• A new health check for Cassandra has been added
• Cassandra user defined types are now resolved (via Spring Data’s SimpleUserTypeResolver)
• The skip property now works for the Spring Boot Maven Plugin run, 'stop' and 'repackage` goals
• If multiple main method classes are found, the Maven and Gradle plugins will now automatically use the one annotated with @SpringBootApplication

Apache Cassandra 是一套开源分布式 Key-Value 存储系统。它最初由 Facebook 开发，用于储存特别大的数据。

Deprecations in Spring Boot 1.5

• TomcatEmbeddedServletContainerFactory.setTldSkip has been deprecated in favor of setTldSkipPatterns
• ApplicationStartedEvent has been replaced by ApplicationStartingEvent
• Several constants in LoggingApplicationListener have been replaced by versions in LogFile
• Caching with Guava has been deprecated since Guava support will be dropped in Spring Framework 5. Upgrade to Caffeine
• CRaSH support has been deprecated since it’s no longer actively maintained
• Several protected methods in EndpointMBeanExporter have been deprecated following the introduction of JmxEndpoint
• SearchStrategy.PARENTS has been replaced with SearchStrategy.ANCESTORS.
• Apache DBCP support has been deprecated in favor of DBCP 2
• The server.undertow.buffers-per-region property has been deprecated because it is not used (see UNDERTOW-587)
• @AutoConfigureTestDatabase has been moved from org.springframework.boot.test.autoconfigure.orm.jpa to org.springframework.boot.test.autoconfigure.jdbc

一些方法、类的过期替换，就不说了。

Property Renames

• The server.max-http-post-size property has been replaced by technology specific variants (for example server.tomcat.max-http-post-size)
• The spring.data.neo4j.session.scope property has been removed.

server.max-http-post-size 在 ServerProperties 类中，本来是几个servlet容器共用一个属性，现在拆分独立使用。