@@ -1139,6 +1139,66 @@ remote updates and restarts are much quicker than a full rebuild and deploy cycl
11391139NOTE: Files are only monitored when the remote client is running. If you change a file
11401140before starting the remote client, it is not pushed to the remote server.
11411141
1142+ [[configuring-file-system-watcher]]
1143+ ==== Configuring File System Watcher
1144+ {sc-spring-boot-devtools}/filewatch/FileSystemWatcher.{sc-ext}[FileSystemWatcher] works
1145+ by polling the class changes with a certain time interval, and then waiting for a
1146+ predefined quiet period to make sure there are no more changes. The changes are then
1147+ uploaded to the remote application. On a slower development environment, it may happen
1148+ that the quiet period is not enough, and the changes in the classes may be split into batches.
1149+ The server is restarted after the first batch of class changes is uploaded.
1150+ The next batch can’t be sent to the application, since the server is restarting.
1151+
1152+ This is typically manifested by a warning in the `RemoteSpringApplication` logs about
1153+ failing to upload some of the classes, and a consequent retry. But it may also lead to
1154+ application code inconsistency and failure to restart after the first batch of changes is
1155+ uploaded.
1156+
1157+ If you observe such problems constantly, try increasing the
1158+ `spring.devtools.restart.poll-interval` and `spring.devtools.restart.quiet-period`
1159+ parameters to the values that fit your development environment:
1160+
1161+ [source,properties,indent=0]
1162+ ----
1163+ spring.devtools.restart.poll-interval=2s
1164+ spring.devtools.restart.quiet-period=1s
1165+ ----
1166+
1167+ The monitored classpath folders are now polled every 2 seconds for changes, and a 1 second
1168+ quiet period is maintained to make sure there are no additional class changes.
1169+
1170+ [[security-configuration-for-devtools-remote]]
1171+ ==== Security Configuration for Devtools Remote
1172+ If you have Spring Security on the classpath, you may observe HTTP error 401 or 403 in
1173+ the logs of the `RemoteSpringApplication`:
1174+
1175+ [indent=0,subs="attributes"]
1176+ ----
1177+ Exception in thread "File Watcher" java.lang.IllegalStateException: Unexpected 401 UNAUTHORIZED response uploading class files
1178+ ----
1179+
1180+ The URL for class uploading should be exempted both from the web security and from the
1181+ csrf filter. The following example shows how anonymous access to the remote devtools endpoint
1182+ can be configured:
1183+
1184+ [source,java,indent=0]
1185+ ----
1186+ @Configuration
1187+ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
1188+
1189+ @Override
1190+ protected void configure(HttpSecurity http) throws Exception {
1191+ http.requestMatchers("/.~~spring-boot!~/restart").anyRequest().anonymous()
1192+ .and().csrf().disable();
1193+ }
1194+
1195+ }
1196+ ----
1197+
1198+ NOTE: The above configuration will only affect the remote devtools endpoint. Spring Boot's default
1199+ security auto-configuration will still apply to the rest of the application. If the rest
1200+ of the application requires custom security, it needs to be configured separately.
1201+
11421202
11431203
11441204[[using-boot-packaging-for-production]]
0 commit comments