RepositoryRestConfiguration now exposes a setRepositoryDetectionStrategy(…) to define which repositories should be detected for exposure by default. The default value for that will consider the repository interfaces visibility but also take the exported flag of @(Repository)RestResource into account. See all other options in RepositoryDetectionStrategies.
Tweaked the auto-registration of excerpt projections to avoid a circular dependency between configuration and resource mappings and moved it onto a BeanPostProcessor implementation.
The Querydsl integration in RootResourceInformationHandlerMethodArgumentResolver now only kicks in if the controller method parameter is annotated with @QuerydslPredicate. This allows us to apply the QuerydslBindings for collection resources but make sure they aren't accidentally applied during executions of query methods etc.
Improved the type lookup for query method execution to make sure the correct mapping is looked up for collection parameters.
Identifier and version properties are handled in a special way by Spring Data REST (ids are derived from and exposed via the URI, versions make it into the ETag header) and are not contained in the response representation. That requires handling PUT request having to explicitly exclude them from being wiped to null so that the server side values are still preserved.
We now skip nested Map handling in case the Map value is not a managed entity. Also added a more strict guard against the PersistentEntity lookup to make sure users see a more descriptive error in case of failures.
We now make sure not to render an items nor an uniqueItems clause for collection associations as they are exposed as URIs for which JSON schema doesn't allow these attributes.
path.
We now defensively replace all double slashes contained in the lookup
path as Spring 4.2 might return such paths due to a regression in
UrlPathHelper. This might occur if the original URL contains
intermediate matrix parameters (e.g. /books/;test/1) whose removal now
results in double slashes and thus the downstream repository metadata
lookup to fail.
Related tickets: SPR-13455.
We now explicitly skip non-Jackson-serializable properties from being rendered in the schema. This prevents exceptions in rare cases where the Jackson BeanPropertyDefinition is only backed by a setter.
The issue occurred with current Spring Data Gemfire as it considers a BigDecimal a PersistentEntity and then failed to produce a proper ResolvableProperty for setScale(…) as it's a setter-only property.
Related tickets: SGF-429.
Added a test case that explictly verifies the projection template variable being added to search links for domain types with projections registered.
Related tickets: DATAREST-467, DATAREST-519.
We now use the following keys in the resource bundle to determine values for the title attribute of JSON schema property (in descending order of preference):
$fullyQualifiedClassName.$property._title
$simpleClassName.$property._title
$property._title
Also tweaked JsonProperty.format to make sure it always serializes as its toString() value.
We're now creating a dedicated Resources inner class to be able to explicitly ignore the links of the embeds as they would cause the link attribute to be rendered when the unwrapping is applied in the custom JSON serializer.
Polished test case. Foxed Javadoc in PersistentEntityResource.Builder. Tweaked the TestDataPopulator to always reinitialize the data set to make sure the test cases see the expected data.
PATCH requests to non existing resource now correctly return 404 Not Found as PersistentEntityResourceHandlerMethodArgumentResolver.read(…) now correctly throws the ResourceNotFoundException.
HEAD requests to both item and collection resource now return the top-level links as a Link header. Fixed HEAD requests to the item resource now use the raw domain object instead of the projected resource to calculate ETag and Last-Modified headers.
RepositoryRestConfiguration now exposes an option to enable enum value serialization and a nested configuration object to tweak the details.
If enabled, a Jackson serializer and deserializer is registered trying to resolve the enum values from the Spring Data REST resource bundle using the fully-qualified enum value name as key. If no explicitly configured value is configured a default translation is triggered that capitalizes the lowercased value name replacing the underscores with spaces (e.g. PAYMENT_EXPECTED -> Payment expected). This can be opted out of, of course.
On the parsing side the deserializer will also consult the resourcebundle and default translation but also accepting the enum name as is (also opt-outable).
Deprecated non-bean-style accessors for projection and metadata configuration on RepositoryRestConfiguration to make these options tweakable via Spring Boot application properties by default.
Moved /alps into a separate link underneath /profile, so that /schema can ALSO be served there as well. Also added a profile link to the collection resources, linking to collection-specific metadata. We now use strict content negotiation for each form of metadata so clients don't have to navigate a labyrinth of links. To preserve backwards compatibility, make ALPS the default metadata type.
Original pull request: #196.
RepositoryEntityController.patchItemResource(…) triggered an additional, unnecessary lookup of the original entity to be updated. However the resolution algorithm for PersistentEntityResource already checks the presence and rejects an invalid identifier with a ResourceNotFoundException.
PersistentEntityResource now carries a boolean flag to expose whether the entity is about to be created. That allows us to avoid the additional lookup in the method handling PUT requests, too.
Related tickets: DATAREST-441.
Fixed JSON Schema output use "definitions" keyword instead of the previously used wrong "descriptors".
We now also include the title attribute for properties, using rest.description.$type.$property._title as i18n key. Titles are now also defaulted to the camel-case property name split up, lowercased and capitalized, e.g. "orderDate" will become "Order date".
JacksonMetadata now allows obtaining the Jackson serializer being used for a given type and exposes whether a property is considered read-only for Jackson.
Introduced JsonSchemaPropertyCustomizer to potentially tweak the JSON schema property definition. This is helpful in case custom JsonSerializers are implemented to also reflect the change in representation in the schema.
If Querydsl is on the classpath and the repository exposed implements QuerydslPredicateExecutor, we now register a component that customizes the RepositoryInvoker to route repository interactions for collection resource calls to the QuerydslPredicateExecutor.
The invocation gets enriched with a Predicate obtained from the request data. Bindings can be customized through the QuerydslBinderCustomizer interface implemented in a default method on the repository.
Tweaked the build to generate Querydsl meta-model classes for the MongoDB domain types.
Moved just introduced test case into PersistentEntityToJsonSchemaConverterUnitTests. Added ticket reference. Removed obsolete test case.
Original pull request: #190.
The JSON Schema we expose now considers the owning type for configuration to expose the identifier. Previously, we erroneously checked the property type.
Original pull request: #190.
Simplified implementation change. Integrated new test case into the existing one. Cleaned up existing test case to always use TestMvcClient.
Original pull request: #189.
The ALPS metadata exposed now considers the id exposure configuration to decide whether to skip the identifier property or not.
Original pull request: #189.
We now post-process Map values recursively to make sure they get merged correctly if they're complex objects in turn.
Improved the exception message for invalid payloads for JSON Patch requests to indicate the expected payload as the root Jackson exception does not contain any hints to what's actually expected.
We now expose a RepositoryRestConfigurer interface that carries all configure… methods that exist on RepositoryRestMvcConfiguration. The latter are deprecated as of now in favor of implementing and declaring a RepositoryRestConfigurer bean (or extending RepositoryRestConfigurerAdapter for convenience).
Moved extensions of RepositoryRestMvcConfiguration to RepositoryRestConfigurerAdapter where possible.
We now use a plain collection of EmbeddedWrapper instead of a Resources to avoid the links contained in the Resources to potentially cause issues on rendering.
We now tweak the ProducesRequestConditions for repository controllers to implicitly declare a produces clause of application/*+json to make sure the more concrete produces declarations on methods creating the compact representation are only used as fallbacks.
UriStringDeserializer now explicitly checks the source JSON value to be null or empty and returns null right away. Previously it handed the value to UriTemplate without any further validation which caused assertion errors in case of an empty or null source.
We now also explicitly catch the IllegalArgumentException thrown from the UriTemplate to make sure that any failure creating a URI (usually from piping a JSON object into the serializer where a URI is expected) is rejected with an appropriate error message.
AlpsJsonHttpMessageConverter now implements ResponseBodyAdvice to apply the potentially necessary conversion from RootResourceInformation to Alps to make sure we also get it applied on latest Spring 4.2 snapshots that invoke a newly introduced method to handle generic types in Jackson marshaling.
Previously we leniently expanded incoming URIs prior to mapping them to controllers. As the original ticket describes, this can cause security issues in rather lenient security setups as the call might bypass a simple security rule but then eventually map to a URI mapped to a stricter security rule.
Made sure that self links now return canonical URIs instead of templates. To still advertise projections, PersistentEntityResourceAssembler now adds an additional link to the canonical resource to resources that contains the unexpanded template.
Switched from requiring a Repositories instance to PersistentEntities on the way.
Related tickets: DATAREST-267, DATAREST-268, DATAREST-300, DATAREST-318, SEC-3027.
Improved example headers to not expose we're referring to test code. Used inline code instead of bold for technical terms (HTTP methods, HTML attributes etc.).
Original pull request: #184.
Moved Spring Security specific dependencies to a dedicated profile in pom.xml. JavaDoc polishing. Removed assertions on the response message.
Original pull request: #171.
Added integration tests to verify Spring Data REST works with Spring Security as expected. Added method level security to sample repositories and verified HTTP responses to consider those.
Added some words on security configuration in the reference documentation. This is also demonstrated by some canonical samples found in [0].
Original pull request: #171.
[0] https://github.com/spring-projects/spring-data-examples/issues/21
We now forward the ApplicationContext as ResourceLoader into the SpelAwareProxyProjectionFactory to make sure we use the correct class loader in a Spring Boot Dev Tools environment.
Instead of using the PersistentEntityResource to obtain the ETag we now calculate headers based on the domain object and PersistentEntity upfront. This prevents the failure of trying to read the ETag from a potentially projected proxy.