Moved just introduced test case into PersistentEntityToJsonSchemaConverterUnitTests. Added ticket reference. Removed obsolete test case.
Original pull request: #190.
The JSON Schema we expose now considers the owning type for configuration to expose the identifier. Previously, we erroneously checked the property type.
Original pull request: #190.
Simplified implementation change. Integrated new test case into the existing one. Cleaned up existing test case to always use TestMvcClient.
Original pull request: #189.
The ALPS metadata exposed now considers the id exposure configuration to decide whether to skip the identifier property or not.
Original pull request: #189.
We now post-process Map values recursively to make sure they get merged correctly if they're complex objects in turn.
Improved the exception message for invalid payloads for JSON Patch requests to indicate the expected payload as the root Jackson exception does not contain any hints to what's actually expected.
We now expose a RepositoryRestConfigurer interface that carries all configure… methods that exist on RepositoryRestMvcConfiguration. The latter are deprecated as of now in favor of implementing and declaring a RepositoryRestConfigurer bean (or extending RepositoryRestConfigurerAdapter for convenience).
Moved extensions of RepositoryRestMvcConfiguration to RepositoryRestConfigurerAdapter where possible.
We now use a plain collection of EmbeddedWrapper instead of a Resources to avoid the links contained in the Resources to potentially cause issues on rendering.
We now tweak the ProducesRequestConditions for repository controllers to implicitly declare a produces clause of application/*+json to make sure the more concrete produces declarations on methods creating the compact representation are only used as fallbacks.
UriStringDeserializer now explicitly checks the source JSON value to be null or empty and returns null right away. Previously it handed the value to UriTemplate without any further validation which caused assertion errors in case of an empty or null source.
We now also explicitly catch the IllegalArgumentException thrown from the UriTemplate to make sure that any failure creating a URI (usually from piping a JSON object into the serializer where a URI is expected) is rejected with an appropriate error message.
AlpsJsonHttpMessageConverter now implements ResponseBodyAdvice to apply the potentially necessary conversion from RootResourceInformation to Alps to make sure we also get it applied on latest Spring 4.2 snapshots that invoke a newly introduced method to handle generic types in Jackson marshaling.
Previously we leniently expanded incoming URIs prior to mapping them to controllers. As the original ticket describes, this can cause security issues in rather lenient security setups as the call might bypass a simple security rule but then eventually map to a URI mapped to a stricter security rule.
Made sure that self links now return canonical URIs instead of templates. To still advertise projections, PersistentEntityResourceAssembler now adds an additional link to the canonical resource to resources that contains the unexpanded template.
Switched from requiring a Repositories instance to PersistentEntities on the way.
Related tickets: DATAREST-267, DATAREST-268, DATAREST-300, DATAREST-318, SEC-3027.
Improved example headers to not expose we're referring to test code. Used inline code instead of bold for technical terms (HTTP methods, HTML attributes etc.).
Original pull request: #184.
Moved Spring Security specific dependencies to a dedicated profile in pom.xml. JavaDoc polishing. Removed assertions on the response message.
Original pull request: #171.
Added integration tests to verify Spring Data REST works with Spring Security as expected. Added method level security to sample repositories and verified HTTP responses to consider those.
Added some words on security configuration in the reference documentation. This is also demonstrated by some canonical samples found in [0].
Original pull request: #171.
[0] https://github.com/spring-projects/spring-data-examples/issues/21
We now forward the ApplicationContext as ResourceLoader into the SpelAwareProxyProjectionFactory to make sure we use the correct class loader in a Spring Boot Dev Tools environment.
Instead of using the PersistentEntityResource to obtain the ETag we now calculate headers based on the domain object and PersistentEntity upfront. This prevents the failure of trying to read the ETag from a potentially projected proxy.
Excerpt projections defined in @RepositoryRestResource had to be discoverable (i.e. located in a sub-package of the domain type). RepositoryRestMvcConfiguration now uses an newly introduced constructor of ProjectionDefinitionConfiguration that automatically registers all projects in the given ResourceMappings.
Updated existing unit tests to use setBasePath. Added extra assertion to setBasePath to guard against sending in a URI with a protocol.
Original pull request: #178.
The preparation of the JsonNode that we map onto the domain object now correctly looks up fields by their mapped names. Previously we accidentally checked the incoming JSON for fields with raw unmapped property names with caused fields invalid detected or not detected if a custom Jackson naming strategy was in place.
We now support augmenting elements of a collection resource by using POST which previously only worked with PATCH requests. Took the chance to clean up RepositoryPropertyReferenceController by quite a bit and refactor functionality to discover the supported HTTP methods for a PersistentProperty into RootResourceInformation.
Instead of rendering an empty _embedded document for empty collections and pages we now explicitly trigger the creations of an EmbeddedWrapper for that empty, collection to preserve the collection's element type.
Tweaked ResourceProcessorHandlerMethodReturnValueHandler to invoke ResourceProcessor instances for those empty collections, too. PRHMRVH now checks the assignability of the raw resource type before analyzing the value type for a match.
RepositorySearchController now adds additional self links for the list of searches and a search execution.
Previously, RepositoryRestMvcConfiguration exposed its two ResourceSupportHttpMessageConverter beans as MappingJackson2HttpMessageConverters. This made it impossible for Spring Boot support for conditional beans to identify that they were type-constrained and, therefore, were not a suitable replacement for a general-purpose Mapping Jackson2HttpMessageConverter bean.
This commit updates RepositoryRestMvcConfiguration to expose both of its Jackson message converters as TypeConstrinaedMappingJackson2HttpMessageConverter instances. This will also Spring Boot to identify that their converters are type-constrained so that it can continue to auto-configure its general purpose converter. This is important as it allows Boot to provide a converter that honors the user’s configuration rather than Spring MVC’s default converter which does not. See spring-projects/spring-boot#2914 for details.
Original pull request: #174.
Before replacing the remove operation with a custom one that nulls out the object, we check whether the JSON Pointer points to an array element. If that's the case we skip the replacement and proceed.
We now also handle HttpRequestMethodNotSupportedException and UnsatisfiedServletRequestParameterException and traverse the chain before eventually rejecting the mapping attempt with the last exception found.
Related tickets: DATAREST-409.
Extended the serialization capabilities to explicitly treat projection proxies by wrapping them into a ProjectionResource and collecting links for the target backing the projection if the target is an exported resource.
Added a module that repackages the webjar version of the HAL browser. The repackaging is necessary to be able to control the exposure of the browser dynamically and prevent Spring Boot's auto-exposure of webjars from kicking in.
Tweaked BasePathAwareHandlerMapping to default the Accept header to the one defined in the configuration if none is present in the request or */* is given. This will make sure we default to a JSON dialect in case no header is set.
Previously the link pointing to representation descriptors of associations neither pointed to the ALPS controller nor to the representation descriptor.
Added an UnwrappingRepositoryInvokerFactory that transparently unwraps JDK 8 and Guava Optionals to make sure the consuming code works with values or plain nulls correctly.
RepositorySearchesResource now exposes the domain type for whom the searches are listed to allow implementations of ResourceProcessor add links by type more easily.
We no correctly handle the customized association path if @RestResource is used on an association. Took the chance to refactor the resource mapping subsystem quite significantly to improve the handling of property mappings. Those had been externalized before.
A lot of cleanups in RepositoryRestExceptionHandler: prefer static methods where possible. Removed delegates where only one client was calling the method. Consistent argument ordering with optional (nullable) parameters last.
Silenced logging in unit tests for RepositoryRestExceptionHandler.