Commit 8d7deb7b authored by Madhura Bhave's avatar Madhura Bhave

Polish "Expand documentation on remote devtools"

See gh-17780
parent ab33bc7d
...@@ -1143,15 +1143,14 @@ before starting the remote client, it is not pushed to the remote server. ...@@ -1143,15 +1143,14 @@ before starting the remote client, it is not pushed to the remote server.
==== Configuring File System Watcher ==== Configuring File System Watcher
{sc-spring-boot-devtools}/filewatch/FileSystemWatcher.{sc-ext}[FileSystemWatcher] works {sc-spring-boot-devtools}/filewatch/FileSystemWatcher.{sc-ext}[FileSystemWatcher] works
by polling the class changes with a certain time interval, and then waiting for a by polling the class changes with a certain time interval, and then waiting for a
predefined quiet period to make sure no more changes are coming from the compiler. The predefined quiet period to make sure there are no more changes. The changes are then
changes are then being uploaded to the remote application. On a slower development uploaded to the remote application. On a slower development environment, it may happen
environment, it may happen that the quiet period is not enough, and the changes in the that the quiet period is not enough, and the changes in the classes may be split into batches.
classes appear to be split into two batches. The server is then restarted after the first The server is restarted after the first batch of class changes is uploaded.
batch of class changes is uploaded, but the second batch can’t immediately be sent to the The next batch can’t be sent to the application, since the server is restarting.
application, since the server is restarting.
This is typically manifested by a warning in the `RemoteSpringApplication` logs about This is typically manifested by a warning in the `RemoteSpringApplication` logs about
failing to upload some of the classes, and a consequent retry. But it may also lead to the failing to upload some of the classes, and a consequent retry. But it may also lead to
application code inconsistency and failure to restart after the first batch of changes is application code inconsistency and failure to restart after the first batch of changes is
uploaded. uploaded.
...@@ -1165,12 +1164,12 @@ parameters to the values that fit your development environment: ...@@ -1165,12 +1164,12 @@ parameters to the values that fit your development environment:
spring.devtools.restart.quiet-period=1s spring.devtools.restart.quiet-period=1s
---- ----
The monitored classpath folders are now being swept every 2 seconds, and a 1 second quiet The monitored classpath folders are now polled every 2 seconds for changes, and a 1 second
period is maintained to make sure no additional class changes are coming. quiet period is maintained to make sure there are no additional class changes.
[[security-configuration-for-devtools-remote]] [[security-configuration-for-devtools-remote]]
==== Security Configuration for Devtools Remote ==== Security Configuration for Devtools Remote
If you use security configuration on the server, you may observe HTTP error 401 or 403 in If you have Spring Security on the classpath, you may observe HTTP error 401 or 403 in
the logs of the `RemoteSpringApplication`: the logs of the `RemoteSpringApplication`:
[indent=0,subs="attributes"] [indent=0,subs="attributes"]
...@@ -1179,9 +1178,8 @@ the logs of the `RemoteSpringApplication`: ...@@ -1179,9 +1178,8 @@ the logs of the `RemoteSpringApplication`:
---- ----
The URL for class uploading should be exempted both from the web security and from the The URL for class uploading should be exempted both from the web security and from the
csrf filter. Here’s an example `WebSecurityConfigurerAdapter` configuration that uses csrf filter. The following example shows how anonymous access to the remote devtools endpoint
HTTP Basic Auth to secure all URLs except the default one used by devtools for class can be configured:
uploading:
[source,java,indent=0] [source,java,indent=0]
---- ----
...@@ -1190,15 +1188,17 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter { ...@@ -1190,15 +1188,17 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/.~~spring-boot!~/restart").anonymous() http.requestMatchers("/.~~spring-boot!~/restart").anyRequest().anonymous()
.and().csrf().ignoringAntMatchers("/.~~spring-boot!~/restart") .and().csrf().disable();
.and().authorizeRequests().anyRequest().authenticated()
.and().httpBasic();
} }
} }
---- ----
NOTE: The above configuration will only affect the remote devtools endpoint. Spring Boot's default
security auto-configuration will still apply to the rest of the application. If the rest
of the application requires custom security, it needs to be configured separately.
[[using-boot-packaging-for-production]] [[using-boot-packaging-for-production]]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment