32164 Commits

Author SHA1 Message Date
Brian Clozel
696692f1ed Do not attempt to decode wildcard content-types as form-data
Prior to this commit, the `DefaultServerWebExchange` would attempt to
decode request bodies as form-data or multipart of the request
content-type was compatible with the expected media types.

If requests are sent with an invalid wildcard content-type such as "*/*"
or "multipart/*", we should not attempt to decode here.

Fixes gh-34660
2025-06-16 15:51:47 +02:00
Brian Clozel
faada70d59 Reset respone content-type for invalid range responses
Prior to this commit, the `ResourceHttpRequestHandler` would detect
invalid range requests and reply with a 416 response status and the
relevant range header. Because this was triggering an error dispatch,
the error handling would collect error metadata and produce an error
response with the original content-type.
This would most likely fail because the content-type is most likely a
file-related media type which cannot be used for error responses.

This commit resets the response content type in these cases and let the
error handling pick the most sensible media type for the error response.

Fixes gh- 34490
2025-06-15 18:42:45 +02:00
Sam Brannen
9f1aef16f9 Fix Javadoc for FixedBackOff 2025-06-14 15:33:04 +02:00
Brian Clozel
8dee7d8fb6 Use concrete form-data type when reading request body
Prior to this commit, the WebFlux server support would try reading
form-data from the request by:

* first, checking that request content-type is compatible with a
  form-data content-type
* then by selecting a message reader that is compatible with the given
  request content-type

This approach is flawed because if the content-type provided by the
request is too broad, another message reader could be selected that's
not meant to be used for reading form-data. Typically, a JSON message
reader could be selected and would fail when reading the request.
This problem was previously hidden because message readers would not
support `MultiValueMap` as a target type. Now that some readers support
this type, this can lead to deserialization errors.

This commit now ensures that in all cases, we attempt to read form-data
with a message reader that supports the
"application/x-www-form-urlencoded" media type.

Fixes gh-34660
2025-06-13 16:45:46 +02:00
Johnny Lim
722333f0f1 Polish DataBufferInputStream.skip()
See gh-34799
Closes gh-35030

Signed-off-by: Johnny Lim <izeye@naver.com>
2025-06-13 09:57:02 +02:00
Brian Clozel
26ae3ed8d4 Upgrade "setup-gradle" GitHub action 2025-06-13 09:29:14 +02:00
Sébastien Deleuze
e425504eac Revert "Disable Gradle auto-provisioning" on 6.2.x
This reverts commit 40058ef875.

Closes gh-35041
2025-06-12 16:37:59 +02:00
Brian Clozel
08d5af3d2a Next development version (v6.2.9-SNAPSHOT) 2025-06-12 11:44:16 +02:00
Brian Clozel
f0e7b42704 Encode non-printable character in Content-Disposition parameter
Prior to this commit, the "filename" parameter value for the
"Content-Disposition" header would contain non-printable characters,
causing parsing issues for HTTP clients.
This commit ensures that all non-printable characters are encoded.

Fixes gh-35034
2025-06-12 08:39:29 +02:00
Johnny Lim
e86dc9ad95 Apply gh-34856 to MockClientHttpRequest in testfixture package
Closes gh-35031

Signed-off-by: Johnny Lim <izeye@naver.com>
2025-06-11 17:40:54 +02:00
Sébastien Deleuze
05c3f56ec7 Rely on default retention in @Contract
Closes gh-35027
2025-06-11 10:14:59 +02:00
Brian Clozel
dee80ab1da Upgrade to Reactor 2024.0.7
Closes gh-35021
2025-06-11 09:23:17 +02:00
Brian Clozel
07fd835ea9 Upgrade to Micrometer 1.14.8
Closes gh-35020
2025-06-11 09:22:50 +02:00
Brian Clozel
0d6c6eb2d5 Use Micrometer BOM for Context Propagation dependency
Closes gh-35026
2025-06-11 09:15:30 +02:00
Sam Brannen
4d2cc4ae97 Polish contribution
See gh-35013
2025-06-10 11:45:20 +02:00
Mohammad Saeed Nouri
c04902fefb Allow update of existing WebSession after max sessions limit is reached
Previously, when saving a WebSession, the system did not check whether
the session ID already existed. As a result, even if the session being
saved was an update to an existing one, it was incorrectly treated as a
new session, and a "maximum sessions exceeded" error was triggered.

This fix ensures that if a WebSession with the same ID already exists,
it will be updated rather than counted as a new session, thereby
preventing unnecessary session limit violations.

Closes gh-35013

Signed-off-by: Mohammad Saeed Nouri <msnsaeed71@gmail.com>
2025-06-10 11:44:59 +02:00
Sam Brannen
3c265e1044 Fix InMemoryWebSessionStoreTests.startsSessionImplicitly() test 2025-06-10 11:44:00 +02:00
Sam Brannen
222702f750 Polish WebSession support and tests 2025-06-10 11:43:56 +02:00
Sébastien Deleuze
7bb19fcde8 Refine Kotlin Serialization hint registration
This commit adds support for serializer methods with a parameter.

Closes gh-34979
2025-06-09 16:48:15 +02:00
Sam Brannen
18d6a55e3e Polishing and removal of "this." for method invocations 2025-06-09 14:10:30 +02:00
秦利斌
99890b6147 Fix ResourceHttpRequestHandler#setHeaders JavaDoc
Closes gh-35004
Signed-off-by: 秦利斌 <68638598+Allan-QLB@users.noreply.github.com>
2025-06-09 10:55:21 +02:00
Sam Brannen
0afdb08099 Upgrade to JUnit 5.13.1
Closes gh-34969
2025-06-07 12:03:10 +02:00
Sébastien Deleuze
40058ef875 Disable Gradle auto-provisioning
Closes gh-35007
2025-06-06 18:18:52 +02:00
rstoyanchev
c769f43b3e Update docs on testing client code
Closes gh-34892
2025-06-06 15:28:28 +01:00
rstoyanchev
4782c697b8 Improve RestControllerAdvice documentation
Closes gh-34866
2025-06-06 15:28:28 +01:00
rstoyanchev
de52090959 Polishing contribution
Closes gh-34554
2025-06-06 15:28:28 +01:00
Vedran Pavic
4d862b871d Improve Javadoc for @ExceptionHandler
This commit adds `ProblemDetail` and `ErrorResponse` to the list of
supported return types for `@ExceptionHandler` methods.

Closes gh-34554

Signed-off-by: Vedran Pavic <vedran@vedranpavic.com>
2025-06-06 15:28:28 +01:00
Jimmy Axenhus
fa781c8390 Correct name of Selenium WebDriver artifact
The selenium-htmlunit3-driver artifact does not exist.

Closes gh-34840

Signed-off-by: Jimmy Axenhus <github@axenhus.com>
2025-06-06 15:28:28 +01:00
Sam Brannen
88cd7addda Upgrade to Gradle 8.14.2
Closes gh-34937
2025-06-06 15:06:06 +02:00
Brian Clozel
332c7f770c Remove Link to AspectJ Javadoc
Closes gh-35000
2025-06-06 12:05:44 +02:00
Juergen Hoeller
9f76ea13e3 Upgrade to Groovy 4.0.27, Mockito 5.18, Checkstyle 10.25 2025-06-06 09:21:37 +02:00
Juergen Hoeller
d9c103b7ff Remove unnecessary fallback to DefaultConversionService
See gh-34936
2025-06-06 09:21:21 +02:00
Juergen Hoeller
f1ddd051a3 Restore synchronization against AspectJ race condition behind PointcutExpression
Closes gh-34735
2025-06-05 20:36:10 +02:00
Juergen Hoeller
a266e1b403 Close JarFile only in case of useCaches=false
Closes gh-34955
2025-06-05 20:20:47 +02:00
Sébastien Deleuze
4d09eb569b Refine RequestResponseBodyMethodProcessorKotlinTests
Improve read tests and fix copyright.

See gh-34992
2025-06-05 14:07:27 +02:00
Sébastien Deleuze
a439e9030f Fix collection support in AbstractKotlinSerializationHttpMessageConverter
AbstractKotlinSerializationHttpMessageConverter#getSupportedMediaTypes(Class<?>)
currently invokes transitively supports(Class<?>) which always return false
with generic types.

This commit adds an override that just invokes getSupportedMediaTypes().

Closes gh-34992
2025-06-05 12:02:22 +02:00
James Yuzawa
aa5c0dcd72 Add caching headers to unmodified static resources
per https://www.rfc-editor.org/rfc/rfc7232#section-4.1

The server generating a 304 response MUST generate any of the
following header fields that would have been sent in a 200 (OK)
response to the same request: Cache-Control, Content-Location, Date,
ETag, Expires, and Vary.

Closes gh-34614

Signed-off-by: James Yuzawa <jtyuzawa@gmail.com>
2025-06-05 10:58:24 +02:00
Brian Clozel
4a46d957f3 Fix out of bounds exception for PathPattern#combine
Prior to this commit, combining the "/*" and  "/x/y" path patterns
would result in a `StringIndexOutOfBoundsException`.

This commit fixes this problem and revisits the implementation for
better consistency:

* "/*" + "/x/y" is now "/x/y"
* "/x/*.html" + "/y/file.*" is now rejected because they don't share the
  same prefix.

This change also adds the relevant Javadoc to the `PathPattern#combine`
method.

Fixes gh-34986
2025-06-04 20:18:33 +02:00
Sam Brannen
4df93a825b Update copyright headers and fix test method name 2025-06-04 11:28:55 +02:00
rstoyanchev
be17315f63 Add mention of CompletionStage in "Async Requests"
Closes gh-34991
2025-06-03 19:10:03 +01:00
DongNyoung Lee
31903a9d92 Fix typo in MockClientHttpRequest Javadoc
Closes gh-34856

Signed-off-by: DongNyoung Lee <121621378+Dongnyoung@users.noreply.github.com>
2025-06-03 19:05:32 +01:00
rstoyanchev
06f69915cb Polishing contribution
Closes gh-34885
2025-06-03 19:04:17 +01:00
addoDev
d9459bdc74 Improve mvc-ann-async.adoc
Added section for WebAsyncTask return type along with java and
kotlin example code

See gh-34885

Signed-off-by: addoDev <adityaraochokkadi@gmail.com>
2025-06-03 18:57:40 +01:00
Tran Ngoc Nhan
3f0892b42c Fix typos
Closes gh-34876

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-06-03 18:55:15 +01:00
Patrick Strawderman
182d654fa8 Add optimized DataBufferInputStream overrides
Add optimized DataBufferInputStream overrides for readNBytes, skip, and transferTo; all of them
allocate byte buffers which we can either avoid (in the case of skip) or size more precisely since
the number of remaining bytes is known.

Closes gh-34799

Signed-off-by: Patrick Strawderman <pstrawderman@netflix.com>
2025-06-03 18:06:43 +02:00
Johnny Lim
bbae625850 Add Javadoc since for gh-34745
Closes gh-34940

Signed-off-by: Johnny Lim <izeye@naver.com>
2025-06-03 18:06:24 +02:00
Sam Brannen
f376d1b525 Remove @⁠Contract declaration for CodeFlow.isIntegerForNumericOp()
Since the Number parameter is not @⁠Nullable, the @⁠Contract declaration
is unnecessary.

Closes gh-34985
2025-06-03 12:58:45 +02:00
Sam Brannen
707b7698ce Consistent @⁠Contract expression formatting 2025-06-02 17:00:28 +02:00
Johannes Jank
5b9cb8291e Fix exception name in ModelAttribute docs
Closes gh-34980

Signed-off-by: Johannes Jank <johannes.wengert@googlemail.com>
2025-06-02 16:30:16 +02:00
Brian Clozel
659472f9e3 Use HTTP methods in JdkClientHttpRequest when possible
Prior to this commit, we would use the
`java.net.http.HttpRequest.Builder#method(String, BodyPublisher)` to
create HTTP requests for the JDK HttpClient. This method requires a
non-null body publisher; providing an empty publisher writes a
"Content-Length: 0" header to all requests.

As of Java 19, this behavior changes for `HttpRequest.Builder#GET` and
similar methods, where the body publisher is considered as null and no
"Content-Length" header is written.

This commit aligns with this behavior and favors dedicated HTTP methods
whenever available.`

Closes gh-34971
2025-06-02 15:36:20 +02:00