We now explicitly manually merge array nodes that contain complex objects. Previously arrays would've been skipped and the subsequent Jackson update would wipe out all properties not contained in the original document even on PATCH requests.
Removed RepositoryRestConfiguration.addCorsMapping(…) as we currently don't have any other shortcut methods for configuration like this.
Tweaked the setup of (now Repository)CorsConfigurationAccessor to be created earlier so that we avoid recreation for every lookup. Introduced a NoOpStringValueResolver to be used by default so that we don't need to deal with the case of the resolver being null at the end of the call chain. Replaced constructor of RepositoryCorsConfigurationAccessor with corresponding Lombok annotation.
Updated reference documentation accordingly.
Original pull request: #233.
We now support CORS configuration mechanisms introduced in Spring 4.2. CORS can be configured on multiple levels: Repository interface, Repository REST controller and global level. Spring Data REST CORS configuration is isolated so Spring Web MVC'S CORS configuration does not apply to Spring Data REST resources.
Multiple configuration sources are merged so different aspects of CORS can be configured in separate locations.
@CrossOrigin
interface PersonRepository extends CrudRepository<Person, Long> {}
@RepositoryRestController
@RequestMapping("/person")
public class PersonController {
@CrossOrigin(maxAge = 3600)
@RequestMapping(method = RequestMethod.GET, "/xml/{id}", produces = MediaType.APPLICATION_XML_VALUE)
public Person retrieve(@PathVariable Long id) {
// ...
}
}
@Component
public class SpringDataRestCustomization extends RepositoryRestConfigurerAdapter {
@Override
public void configureRepositoryRestConfiguration(RepositoryRestConfiguration config) {
config.addCorsMapping("/person/**")
.allowedOrigins("http://domain2.com")
.allowedMethods("PUT", "DELETE")
.allowedHeaders("header1", "header2", "header3")
.exposedHeaders("header1", "header2")
.allowCredentials(false).maxAge(3600);
}
}
Previously, MappedProperties didn't handle Jackson properties correctly, that do not expose a PersistentProperty, e.g. transient ones. That led to potential nullPointerExceptions in clients as the guarding hasPersistentPropertyForField(…) still answered true, as the backing cache contained an entry with a null value. We now skip those properties completely.
We now resolve default configured Pageable without dropping them if their Sort is empty. Previously, any default Pageable was dropped if its Sort was empty which caused null being handed to controller methods of @RepositoryRestController instances.
Original pull request: #231.
Switched to use @RequiredArgsConstructor where possible. Slightly rearranged test cases. Inlined JacksonMappingAwareSortTranslator to not expose it as bean unless necessary. Use static Jackson BeanClassIntrospector to avoid unnecessary recreation.
Original pull request: #222.
We now consider Jackson field names when resolving Sort arguments. Domain model properties annotated with @JsonProperty("sales") can be specified by their Jackson-mapped field name in sort arguments. Field names are mapped to their according persistent property names to be used in repository query method sorting. Unknown field names are silently dropped.
Original pull request: #222.
We now use CollectionFactory.createApproximateMap(…) to avoid picking up persistence technology specific Map implementations that might cause issues (e.g. requiring a Session in the case of Hibernate).
Related tickets: DATAREST-864.
Previously, NestedEntitySerializer failed to handle Maps correctly as the logic to convert the found values to nested resources tried to handle the values as is, not explicitly looking at the values instead.
We now use an explicit code path to turn the values into resources so that links pointing to other resources are rendered correctly.
Original pull request: #219.
The previously static ObjectMapper used by JsonPatchPatchHandler now has to be provided by clients instantiating the handler.
Original pull request: #224.
Spring 4.3 returns Content-Type headers including the character encoding. We needed to relax our assertions on the content type headers to only check for compatibility.
PUT requests are supposed to replace the state of the resource with the request payload. However, Spring Data REST already handles a couple of domain object propoerties in a special way as theri values map to dedicated HTTP features: identifiers (URIs), last-modified dates (header) etc.
For users, it might be worthwhile to exclude other properties from being set by applying the payload, like properties that are completely under the control of the server, e.g. creation user and date, last modifying user etc. So far, users didn't have any means to exclude those properties as the handling of PUT requests treated every missing property of the payload as null value.
DomainObjectMerger now checks whether a property is actually writable before applying the implicit null value. The application can be disabled by annotation a property with @ReadOnlyProperty.
Previously, RepositoryRestMvcConfiguration declared a BeanPostProcessor instance in a non-static bean factory method. That required Spring to instantiate the configuration class and keeping it in uninitialized state, which could in turn cause issues downstream.
We now use a static method so that the container can obtain the bean instance without having to create an instance of the configuration class and thus deferring its initialization.
Spring 4.3's HeaderContentNegotiationStrategy switched from looking up the Accept header via the method returning a single (potentially comma separated) one to the method returning multiple headers in the first place. We now added an override of HttpServletRequestWrapper.getHeaders(…) to out custom adapter defaulting the media type to make sure the defaulting is visible and thus the right handler methods are looked up.
That previously missing caused the DelegatingHandlerMapping selecting the redirect to the HAL browser in case a request to the API root was sent without an accept header as the defaulting of the header to application/hal+json wasn't properly exposed anymore and the redirect to the browser — declaring a produces clause of text/html — was not causing any media type mismatch anymore.