2490 Commits

Author SHA1 Message Date
Brian Clozel
696692f1ed Do not attempt to decode wildcard content-types as form-data
Prior to this commit, the `DefaultServerWebExchange` would attempt to
decode request bodies as form-data or multipart of the request
content-type was compatible with the expected media types.

If requests are sent with an invalid wildcard content-type such as "*/*"
or "multipart/*", we should not attempt to decode here.

Fixes gh-34660
2025-06-16 15:51:47 +02:00
Brian Clozel
8dee7d8fb6 Use concrete form-data type when reading request body
Prior to this commit, the WebFlux server support would try reading
form-data from the request by:

* first, checking that request content-type is compatible with a
  form-data content-type
* then by selecting a message reader that is compatible with the given
  request content-type

This approach is flawed because if the content-type provided by the
request is too broad, another message reader could be selected that's
not meant to be used for reading form-data. Typically, a JSON message
reader could be selected and would fail when reading the request.
This problem was previously hidden because message readers would not
support `MultiValueMap` as a target type. Now that some readers support
this type, this can lead to deserialization errors.

This commit now ensures that in all cases, we attempt to read form-data
with a message reader that supports the
"application/x-www-form-urlencoded" media type.

Fixes gh-34660
2025-06-13 16:45:46 +02:00
Brian Clozel
f0e7b42704 Encode non-printable character in Content-Disposition parameter
Prior to this commit, the "filename" parameter value for the
"Content-Disposition" header would contain non-printable characters,
causing parsing issues for HTTP clients.
This commit ensures that all non-printable characters are encoded.

Fixes gh-35034
2025-06-12 08:39:29 +02:00
Sam Brannen
4d2cc4ae97 Polish contribution
See gh-35013
2025-06-10 11:45:20 +02:00
Mohammad Saeed Nouri
c04902fefb Allow update of existing WebSession after max sessions limit is reached
Previously, when saving a WebSession, the system did not check whether
the session ID already existed. As a result, even if the session being
saved was an update to an existing one, it was incorrectly treated as a
new session, and a "maximum sessions exceeded" error was triggered.

This fix ensures that if a WebSession with the same ID already exists,
it will be updated rather than counted as a new session, thereby
preventing unnecessary session limit violations.

Closes gh-35013

Signed-off-by: Mohammad Saeed Nouri <msnsaeed71@gmail.com>
2025-06-10 11:44:59 +02:00
Sam Brannen
3c265e1044 Fix InMemoryWebSessionStoreTests.startsSessionImplicitly() test 2025-06-10 11:44:00 +02:00
Sam Brannen
222702f750 Polish WebSession support and tests 2025-06-10 11:43:56 +02:00
Sam Brannen
18d6a55e3e Polishing and removal of "this." for method invocations 2025-06-09 14:10:30 +02:00
Brian Clozel
4a46d957f3 Fix out of bounds exception for PathPattern#combine
Prior to this commit, combining the "/*" and  "/x/y" path patterns
would result in a `StringIndexOutOfBoundsException`.

This commit fixes this problem and revisits the implementation for
better consistency:

* "/*" + "/x/y" is now "/x/y"
* "/x/*.html" + "/y/file.*" is now rejected because they don't share the
  same prefix.

This change also adds the relevant Javadoc to the `PathPattern#combine`
method.

Fixes gh-34986
2025-06-04 20:18:33 +02:00
Tran Ngoc Nhan
3f0892b42c Fix typos
Closes gh-34876

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-06-03 18:55:15 +01:00
Brian Clozel
659472f9e3 Use HTTP methods in JdkClientHttpRequest when possible
Prior to this commit, we would use the
`java.net.http.HttpRequest.Builder#method(String, BodyPublisher)` to
create HTTP requests for the JDK HttpClient. This method requires a
non-null body publisher; providing an empty publisher writes a
"Content-Length: 0" header to all requests.

As of Java 19, this behavior changes for `HttpRequest.Builder#GET` and
similar methods, where the body publisher is considered as null and no
"Content-Length" header is written.

This commit aligns with this behavior and favors dedicated HTTP methods
whenever available.`

Closes gh-34971
2025-06-02 15:36:20 +02:00
Brian Clozel
2af0323c21 Use Content-Type charset in JAXB message converters
Prior to this commit, the JAXB message converters would only rely on the
encoding declaration inside the XML document for reading the document.
This would then use the default UTF-8 encoding, even if the HTTP message
has the `"application/xml;charset=iso-8859-1"` Content-Type.

This commit ensures that both `Jaxb2CollectionHttpMessageConverter` and
`Jaxb2RootElementHttpMessageConverter` use the encoding declared in the
HTTP Content-Type, if present.

Fixes gh-34745
2025-05-19 16:57:57 +02:00
rstoyanchev
c88ba6c90e Polishing contribution
Closes gh-34812
2025-04-28 14:23:30 +01:00
Yanming Zhou
d7c13d6518 HttpEntity.EMPTY should be immutable
See gh-34812

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
2025-04-28 14:22:59 +01:00
rstoyanchev
c48ff357dc HTTP Service proxy sets body type
Closes gh-34793
2025-04-25 21:03:00 +01:00
rstoyanchev
858c2bd270 Polishing contribution
Closes gh-34783
2025-04-23 10:54:52 +01:00
whl
124582d910 Fix expansion of query param with same name
See gh-34783

Signed-off-by: whl <whlit.cola@gmail.com>
2025-04-23 10:54:52 +01:00
Sam Brannen
7095f4cb66 Use proper casing for parameter and variable names 2025-04-14 11:25:40 +02:00
Sébastien Deleuze
671d972454 Add RestClient.RequestHeadersSpec#exchangeForRequiredValue
This commit adds a variant to RestClient.RequestHeadersSpec#exchange
suitable for functions returning non-null values.

Closes gh-34692
2025-04-02 17:10:01 +02:00
Sébastien Deleuze
4db12806d1 Revert "Add a requiredExchange extension to RestClient"
This reverts commit dcb9383ba1.

See gh-34692
2025-04-02 17:10:01 +02:00
rstoyanchev
290c9c4a19 Use form charset in ServletServerHttpRequest
Closes gh-34675
2025-04-02 09:05:52 +01:00
rstoyanchev
e01ad5a08d Polishing in ServletServerHttpRequest
See gh-34675
2025-04-02 09:05:52 +01:00
Sam Brannen
36d9357f94 Fix Kotlin compilation errors 2025-03-31 12:02:51 +02:00
Sébastien Deleuze
dcb9383ba1 Add a requiredExchange extension to RestClient
Closes gh-34692
2025-03-31 11:55:41 +02:00
rstoyanchev
15c20c3e65 Fix regression with opaque URI determination
Before RfcUriParser we expected opaque URI's to not have ":/"
after the scheme while the new parser expect opaque URI's to
not have a slash anywhere after the scheme. This commit
restores the previous behavior.

Closes gh-34588
2025-03-21 09:05:41 +00:00
Sam Brannen
208d52d852 Introduce Checkstyle rule for separator symbol location 2025-03-19 15:35:44 +01:00
Dmitry Sulman
0c2ba4e38e Recursively box/unbox nested inline value classes
See gh-34592
Signed-off-by: Dmitry Sulman <dmitry.sulman@gmail.com>
2025-03-18 17:50:28 +01:00
Sam Brannen
c6a9aa59a3 Remove BDDMockito Checkstyle rule
This commit removes the BDDMockito Checkstyle rule, since it did not
actually enforce the use of BDDMockito.

This commit also updates static imports to use Mockito instead of
BDDMockito where appropriate (automated via the Eclipse IDE Organize
Imports clean-up task).

Closes gh-34616
2025-03-18 16:35:57 +01:00
Russell Bolles
573e74b8bd Refine FormHttpMessageConverter exception handling
FormHttpMessageConverter could throw a more specific
HttpMessageNotReadableException instead of an IllegalArgumentException
when the http form data is invalid.

See gh-34594
Signed-off-by: Russell Bolles <rbolles@netflix.com>
2025-03-17 11:37:42 +01:00
rstoyanchev
9ab43b138a Enhancement in HandlerMethodValidationException
Add dedicated method to Visitor for constraints directly on a
RequestBody method parameter (rather than nested).

Closes gh-34549
2025-03-10 18:01:55 +00:00
rstoyanchev
09ae080b99 isDisconnectedClientException protected for null
Closes gh-34533
2025-03-10 17:19:13 +00:00
Rhett CfZhuang
5faf2ed7f4 Fix missing Partitioned cookie support in reactive HTTP clients
This commit adds support for the Partitioned cookie attribute in the
reactive HTTP clients that support this: Reactor and HttpComponents.

Closes gh-34521

Signed-off-by: Rhett CfZhuang <dark.momo985@gmail.com>
[brian.clozel@broadcom.com: rework tests and support HttpComponents]
Signed-off-by: Brian Clozel <brian.clozel@broadcom.com>
2025-03-03 11:23:13 +01:00
rstoyanchev
f62251aebd Avoid pathVar-requestParam name collision
Closes gh-34499
2025-02-27 14:34:26 +00:00
Brian Clozel
5a0bd9e5d4 Fix null value support in ContentCachingResponseWrapper
Prior to this commit, calling `setHeader` on the response wrapper would
have a separate code path for the "Content-Length" header. This did not
support calls with `null` values and would result in an exception.

This commit ensures that the cached content length value is reset in
this case and that the call is forwarded properly to the superclass.

Fixes gh-34460
2025-02-21 14:33:03 +01:00
Sam Brannen
124b38450b Remove unused code and improve assertion
See gh-34363
2025-02-11 16:30:52 +01:00
rstoyanchev
d04883f839 HTTP Interface client handles query param with ":"
Closes gh-34364
2025-02-11 11:11:05 +00:00
rstoyanchev
7a0fe7d14f WebAsyncManager wraps disconnected client errors
If the Servlet container delegates a disconnected client error via
AsyncListener#onError, wrap it as AsyncRequestNotUsableException
for more targeted and consistent handling of such errors.

Closes gh-34363
2025-02-10 11:14:21 +00:00
Andras Dobrosi
2b4c7d09b0 Match ContentDisposition attributes case-insensitively
This commit ensures that `ContentDisposition` parses attributes like
"filename" and "filename*" in a case insensitive fashion, per RFC 6266.

Closes gh-34383

Signed-off-by: Andras Dobrosi <dobrosi@gmail.com>
[brian.clozel@broadcom.com: apply code conventions]
Signed-off-by: Brian Clozel <brian.clozel@broadcom.com>
2025-02-10 09:21:02 +01:00
rstoyanchev
56c4d2d4ca Improve HandlerMethod#resolvedFromHandlerMethod initialization
Ensure the original instance is always the one returned no matter how
many times the HandlerMethod is re-created.

Make the constructor protected to allow subclasses to re-create the
HandlerMethod as the concrete subclass.

See gh-34375
2025-02-07 13:10:55 +00:00
rstoyanchev
3898482d3f Revert commit 0f38c28e91
The fix is not how the issue needs to be addressed.

See gh-34121
2025-02-05 14:26:12 +00:00
rstoyanchev
9b58df8857 Update HandlerMethod#createWithResolvedBean
Avoid re-creating the instance unless it is a bean name that
needs to be resolved through the BeanFactory.

Closes gh-34277
2025-01-28 15:36:26 +00:00
Sam Brannen
34d6dd9b62 Polishing 2025-01-27 15:19:00 +01:00
Sébastien Deleuze
5499878de0 Support properties in kotlinx.serialization converters
This commit adds support for Kotlin properties in Spring WebMVC
controllers, supported for reasons explained in gh-31856, with
kotlinx.serialization converters.

Closes gh-34284
2025-01-27 15:06:57 +01:00
Sébastien Deleuze
a970fc16aa Support properties in kotlinx.serialization codecs
This commit adds support for Kotlin properties in Spring WebFlux
controllers, supported for reasons explained in gh-31856, with
kotlinx.serialization codecs.

See gh-34284
2025-01-27 15:06:50 +01:00
rstoyanchev
b026680e1c Enhance DisconnectedClientHelper exception type checks
We now look for the target exception types in cause chain as well,
but return false if we encounter a RestClient or WebClient
exception in the chain.

Closes gh-34264
2025-01-21 12:21:22 +00:00
rstoyanchev
e47cc19964 Restore exception phrase in DisconnectedClientHelper
Effectively revert 203fa7, and add implementation comment and tests.

See gh-34264
2025-01-21 12:21:22 +00:00
rstoyanchev
384d2749c6 Polishing in HttpServiceMethod 2025-01-15 19:03:00 +00:00
rstoyanchev
5150a9a6ad Polishing contribution
Closes gh-34230
2025-01-15 18:31:50 +00:00
Yanming Zhou
a8c5885aff Fix wrong document about RequestHeaderArgumentResolver
Also test is added to verify that.

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>

See gh-34230
2025-01-15 18:31:49 +00:00
rstoyanchev
a72855b2b3 DefaultResponseErrorHandler updates
Deprecate handleError(response), and ensure it continues to be invoked
if overridden.

See gh-34231
2025-01-10 10:51:11 +01:00