Removed the reference to the deprecated RepositoryRestConfigurerAdapter, and updated the entity-lookup/ID translation example to use the currently supported API.
Original pull request: #359.
Deserializer customizations for related resources (deserializing an instance from a URI) are not applied to the creator properties Jackson uses to create an entity instance in the first place (see [0] for details). We work around this now by tweaking the property instances used for that in their origin ValueInstantiator via reflection until the bug gets fixed.
[0] https://github.com/FasterXML/jackson-databind/issues/2367
Removed the redeclaration of hasCorsConfigurationSource(…) in RepositoryRestHandlerMapping as it already inherits the one from BasePathAwareRestHandlerMapping.
We now enable CORS handling for all requests by overriding the newly introduced hasCorsConfigurationSource method. We cannot detect CORS configuration handling solely on the handler but require path headers to resolve repository interface mappings.
We now ship a module containing the HAL Explorer [0] as an alternative to the HAL Browser which seems to be mostly out of maintenance and the WebJar refers to a jQuery version with a CVE. The new module still contains some customization code that we had in place for the browser to customize the POST/PUT forms to use the JSON Schema exposed for the aggregates.
The HAL Browser extension is now deprecated in the form that its inclusion causes a warn log to recommend switching to the explorer. A couple of general coding improvements: package scope for controllers and handler methods. Better use of constants and newer request mapping annotations.
Tweaked the configuration of static resource handlers to resolve the implicit cyclic dependency between the browser/explorer and the WebMVC module by introducing a Spring Factories backed extension SPI.
[0] https://github.com/toedter/hal-explorer
Contrary to what's stated in the Javadoc of BackendIdConverter, BackendIdConverterHandlerMethodArgumentResolver now skips the invocation of ….fromRequestId(…) if no identifier path variable is found for the mapping of the method invoked.
MappedProperties now immediately drops non-writable properties when created for deserialization. Previously those properties would have to be annotated with @JsonProperty(access = Access.READ_ONLY) explicitly to avoid them being considered.