If Querydsl is on the classpath and the repository exposed implements QuerydslPredicateExecutor, we now register a component that customizes the RepositoryInvoker to route repository interactions for collection resource calls to the QuerydslPredicateExecutor.
The invocation gets enriched with a Predicate obtained from the request data. Bindings can be customized through the QuerydslBinderCustomizer interface implemented in a default method on the repository.
Tweaked the build to generate Querydsl meta-model classes for the MongoDB domain types.
Moved just introduced test case into PersistentEntityToJsonSchemaConverterUnitTests. Added ticket reference. Removed obsolete test case.
Original pull request: #190.
The JSON Schema we expose now considers the owning type for configuration to expose the identifier. Previously, we erroneously checked the property type.
Original pull request: #190.
Simplified implementation change. Integrated new test case into the existing one. Cleaned up existing test case to always use TestMvcClient.
Original pull request: #189.
The ALPS metadata exposed now considers the id exposure configuration to decide whether to skip the identifier property or not.
Original pull request: #189.
We now post-process Map values recursively to make sure they get merged correctly if they're complex objects in turn.
Improved the exception message for invalid payloads for JSON Patch requests to indicate the expected payload as the root Jackson exception does not contain any hints to what's actually expected.
We now expose a RepositoryRestConfigurer interface that carries all configure… methods that exist on RepositoryRestMvcConfiguration. The latter are deprecated as of now in favor of implementing and declaring a RepositoryRestConfigurer bean (or extending RepositoryRestConfigurerAdapter for convenience).
Moved extensions of RepositoryRestMvcConfiguration to RepositoryRestConfigurerAdapter where possible.
We now use a plain collection of EmbeddedWrapper instead of a Resources to avoid the links contained in the Resources to potentially cause issues on rendering.
Moved the accessibility tweak to the EventHandlerMethod's constructor so that the modification only occurs at detection time. Polished unit test.
Original pull request: #187.
We now tweak the ProducesRequestConditions for repository controllers to implicitly declare a produces clause of application/*+json to make sure the more concrete produces declarations on methods creating the compact representation are only used as fallbacks.
UriStringDeserializer now explicitly checks the source JSON value to be null or empty and returns null right away. Previously it handed the value to UriTemplate without any further validation which caused assertion errors in case of an empty or null source.
We now also explicitly catch the IllegalArgumentException thrown from the UriTemplate to make sure that any failure creating a URI (usually from piping a JSON object into the serializer where a URI is expected) is rejected with an appropriate error message.
AlpsJsonHttpMessageConverter now implements ResponseBodyAdvice to apply the potentially necessary conversion from RootResourceInformation to Alps to make sure we also get it applied on latest Spring 4.2 snapshots that invoke a newly introduced method to handle generic types in Jackson marshaling.
Previously we leniently expanded incoming URIs prior to mapping them to controllers. As the original ticket describes, this can cause security issues in rather lenient security setups as the call might bypass a simple security rule but then eventually map to a URI mapped to a stricter security rule.
Made sure that self links now return canonical URIs instead of templates. To still advertise projections, PersistentEntityResourceAssembler now adds an additional link to the canonical resource to resources that contains the unexpanded template.
Switched from requiring a Repositories instance to PersistentEntities on the way.
Related tickets: DATAREST-267, DATAREST-268, DATAREST-300, DATAREST-318, SEC-3027.
AnnotatedEventHandlerInvoker now uses the user class to detect handler methods on to make sure we don't accidentally find CGLib generated methods and thus invoke the handler multiple times later on.
Extended MethodFilter Methods.USER_METHODS to filter methods on CGLib proxy classes, too.
Added missing license header and Javadocs where necessary.
Improved example headers to not expose we're referring to test code. Used inline code instead of bold for technical terms (HTTP methods, HTML attributes etc.).
Original pull request: #184.
Moved Spring Security specific dependencies to a dedicated profile in pom.xml. JavaDoc polishing. Removed assertions on the response message.
Original pull request: #171.
Added integration tests to verify Spring Data REST works with Spring Security as expected. Added method level security to sample repositories and verified HTTP responses to consider those.
Added some words on security configuration in the reference documentation. This is also demonstrated by some canonical samples found in [0].
Original pull request: #171.
[0] https://github.com/spring-projects/spring-data-examples/issues/21
We now forward the ApplicationContext as ResourceLoader into the SpelAwareProxyProjectionFactory to make sure we use the correct class loader in a Spring Boot Dev Tools environment.
Instead of using the PersistentEntityResource to obtain the ETag we now calculate headers based on the domain object and PersistentEntity upfront. This prevents the failure of trying to read the ETag from a potentially projected proxy.
Excerpt projections defined in @RepositoryRestResource had to be discoverable (i.e. located in a sub-package of the domain type). RepositoryRestMvcConfiguration now uses an newly introduced constructor of ProjectionDefinitionConfiguration that automatically registers all projects in the given ResourceMappings.