Commit Graph

692 Commits

Author SHA1 Message Date
Brian Clozel
0b9c3de320 Sanitize request URL in ResourceUrlEncodingFilter
Prior to this change, ResourceUrlEncodingFilter and ResourceUrlProvider
would try to resolve the resource path using the full request URL (i.e.
request path and request parameters), whereas the request path is the
only information to consider.
This would lead to StringIndexOutOfBoundsExceptions when the path +
request params information was given to the AntPathMatcher.

This commit makes the appropriate change to both
ResourceUrlEncodingFilter and ResourceUrlProvider, in order to only
select the request path.

Issue: SPR-13374
2015-08-25 14:12:03 +02:00
Sebastien Deleuze
04cff89eb7 Update ScriptTemplateView to manage content type
This commit introduces the following changes:
 - Content type can now be properly configured
 - Default content type is "text/html"
 - Content type and charset are now properly set in the response

Issue: SPR-13379
2015-08-25 01:02:12 +02:00
Juergen Hoeller
c685fd7c23 Polishing 2015-08-21 17:03:53 +02:00
Sebastien Deleuze
d4c74ad346 Add an ObjectMapper constructor to MappingJackson2(Json|Xml)View
Instead of having to use the default constructor then calling
setObjectMapper(ObjectMapper), these constructors allow
MappingJackson2JsonView and MappingJackson2XmlView to be created and
configured with the desired object mapper in one step.
2015-08-19 14:04:15 +02:00
Rossen Stoyanchev
f5210ce0c8 Ensure headers committed immediately for SseEmitter
Issue: SPR-13341
2015-08-12 15:05:29 -04:00
Juergen Hoeller
e841cad577 Deprecation polishing 2015-08-11 13:59:31 +02:00
Juergen Hoeller
9ef38807e6 Polishing 2015-07-30 19:34:33 +02:00
Brian Clozel
80767ff6e9 Use sendError in ResponseStatusExceptionResolver
Prior to this commit, the `ResponseStatusExceptionResolver` would use:
* `HttpServletResponse.sendError` if both a status and a reason are set
on the `@ResponseStatus` annotation
* `HttpServletResponse.setStatus` if only a status is set on the
`@ResponseStatus` annotation

This is actually a change of behavior, since this Resolver was using
`sendError` in all cases previously.

Because this change can create issues such as
https://github.com/spring-projects/spring-boot/issues/3623
this commit rollbacks those changes and clarifies the behavior on the
javadoc of the annotation itself.

Issue: SPR-11193, SPR-13226
2015-07-30 16:10:01 +02:00
Juergen Hoeller
e8ef3654c6 Polishing 2015-07-30 12:16:59 +02:00
Juergen Hoeller
10a2f50130 Overridable invokeHandlerMethod and createInvocableHandlerMethod hooks
Issue: SPR-13293
2015-07-30 12:13:06 +02:00
Juergen Hoeller
ff46cec58f Polishing 2015-07-29 12:40:35 +02:00
Juergen Hoeller
965fca808a Polishing 2015-07-29 01:08:16 +02:00
Juergen Hoeller
d83735694e Polishing 2015-07-28 12:15:48 +02:00
Juergen Hoeller
9e62c8efa1 DefaultHandlerExceptionResolver logs warn entries for conversion exceptions
Issue: SPR-13267
2015-07-28 12:14:42 +02:00
Brian Clozel
0e2e6cf045 Polish WebJarsResourceResolver
Follow up to accb8519fd - same fix when resolving missing resources or
resolving a public URL for these resources.
2015-07-27 15:06:51 +02:00
Brian Clozel
accb8519fd Polish WebJarsResourceResolver
Fix a potential NPE when trying to resolve non-existing webjars
resources in the resolver chain.
2015-07-27 14:16:09 +02:00
Juergen Hoeller
e1cce309ae DispatcherServlet passes resolved multipart request into applyDefaultViewName
Issue: SPR-13272
2015-07-24 18:19:27 +02:00
Sebastien Deleuze
8e5244ac3d Polish script templating documentation 2015-07-24 00:00:24 +02:00
Juergen Hoeller
1a636b1023 Polishing 2015-07-21 20:33:13 +02:00
Juergen Hoeller
7c22d60fd8 Streamlined WebContentGenerator API variants: checkRequest, prepareResponse, applyCacheControl, applyCacheSeconds
Issue: SPR-11792
2015-07-21 20:33:03 +02:00
Brian Clozel
eef937e4f2 Rename <mvc:cachecontrol/> to <mvc:cache-control/> 2015-07-21 12:09:25 +02:00
Brian Clozel
9149bf7ad4 Polish 2015-07-21 11:57:02 +02:00
Felix
09e3fc40e5 Reset Pragma header in WebContentGenerator
As filter-based libraries and projects (such as Spring Security) may
use the "Pragma" header in HTTP responses, WebContentGenerator should
make sure that such headers are overwritten to avoid clashes with
the HTTP caching headers set by the HTTP caching configuration.

Issue: SPR-13252
2015-07-21 10:08:04 +02:00
Brian Clozel
dba46c1358 Partial revert of SPR-13090
Use ServletHttpResponse.setDateHeader whenever possible and avoid using
SimpleDateFormat.
2015-07-20 22:48:20 +02:00
Sebastien Deleuze
70a03ee2a4 Rename CorsConfigurationMapping to UrlBasedCorsConfigurationSource
Issue: SPR-13192
2015-07-20 10:47:24 +02:00
Brian Clozel
064abad9d8 PathResourceResolver should not resolve root path
When resolving resources, the PathResourceResolver creates a Resource
instance and checks whether this resource `exists()` and `isReadable()`.
While that last call returns false for folders on the file system, both
calls return true for folders located inside JARs.

If a JAR location is configured as a resource location, then
PathResourceResolver can resolve folders in JARs as valid locations and
candidates for paths resolution.

Prior to this change, the PathResourceResolver would resolve "" as a
valid resource path (here, the "/META-INF/resources/webjars" if
configured, for example) and return a "" path for this resource,
effectively turning all "/" URLs into empty ones "".

This commit fixes the resolveUrlPathInternal implementation by not
allowing empty paths as valid resource paths.

Issue: SPR-13241
2015-07-17 10:31:37 +02:00
Juergen Hoeller
d183bbb667 Javadoc refinements, exception fine-tuning, general polishing
Issue: SPR-13034
2015-07-15 15:42:17 +02:00
Sebastien Deleuze
34de167e59 Support non thread-safe ScriptEngine in ScriptTemplateView
This commit adds a new sharedEngine property to ScriptTemplateConfigurer
and ScriptTemplateView in order to support non thread-safe ScriptEngine
implementations like Nashorn.

When this flag is set to false, the engine is retrieved from a
ThreadLocal<ScriptEngine> field instead of a ScriptEngine one.

Also as part of this commit, all the initialization logic has been moved from
ScriptTemplateConfigurer to ScriptTemplateView since the script engine can
now be lazily initialized multiple time in the view when sharedEngine is
set to false.

Issue: SPR-13034
2015-07-15 13:39:33 +02:00
Juergen Hoeller
bdb63483df Common DataWithMediaType class and common synchronization for ResponseBodyEmitter/SseEmitter
Issue: SPR-13223
Issue: SPR-13224
2015-07-14 00:08:40 +02:00
Stephane Nicoll
d738dddd8f Add createDispatcherServlet hook point
Add an extra hook point in `AbstractDispatcherServletInitializer` to
customize the `DispatcherServlet`.

Issue: SPR-13222
2015-07-13 14:43:06 +02:00
Sebastien Deleuze
882fe129f3 Polish CORS support 2015-07-10 16:42:50 +02:00
Sebastien Deleuze
cd9b3903a7 Introduce CorsFilter and CorsConfigurationMapping
This commit introduces the following changes:
 - The new CorsConfigurationMapping class allows to share the mapped
   CorsConfiguration logic between AbstractHandlerMapping and CorsFilter
 - In AbstractHandlerMapping, the Map<String, CorsConfiguration>
   corsConfiguration property has been renamed to corsConfigurations
 - CorsFilter allows to process CORS requests at filter level, using any
   CorsConfigurationSource implementation (for example
   CorsConfigurationMapping)

Issue: SPR-13192
2015-07-09 22:19:46 +02:00
Brian Clozel
8e566026e0 RedirectViews should always use RESPONSE_STATUS_ATTRIBUTE
By default, RedirectViews have http10Compatible set to true, which means
that they use HTTP 302 as a default HTTP response status. Setting this
property to false make RedirectViews use HTTP 303 by default.

Now when set to false, RedirectViews also don't use the
RESPONSE_STATUS_ATTRIBUTE request attribute as a response HTTP if it is
available.

This commit makes both configuration choices behave the same regarding
this request attribute: use it as a response status if it's available.

Issue: SPR-13208
2015-07-09 12:11:22 +02:00
Brian Clozel
ef0eb01f93 Fix backwards compatibility in WebContentInterceptor
As of SPR-11792, WebContentGenerator and WebContentInterceptor offer
new APIs and new behavior regarding HTTP caching, including the use of a
new CacheControl class.

Those changes broke part of the behavior in WebContentInterceptor. This
class allows to override the global Cache configuration at the Generator
level, using specific mappings. Prior to this change, those mappings
would not properly apply the HTTP caching configuration when using
deprecated configuration settings in WebContentGenerator.

This change fixes those backwards compatibility issues for
WebContentInterceptor users.

Issue: SPR-13207
2015-07-08 01:08:16 +02:00
Sebastien Deleuze
8ee0e78980 Add Access-Control-Request-Method check for CORS preflight requests
Issue: SPR-13193
2015-07-07 09:34:39 +02:00
Rossen Stoyanchev
3272a3b8ba Check HTTP method before raising 415
This commit moves the check whether an HTTP method supports request
body up to the base class so that all sub-classes can benefit (not just
@RequestBody).

Issue: SPR-13176
2015-06-30 15:24:01 -04:00
Brian Clozel
244c95b076 Fix @RequestBody argument processing for null Content-Type
Since the changes introduced in SPR-12778, some `@RequestBody` args
would not be properly processed in some cases:

* requests with an empty body
* no Content-Type header defined

This typically happens when GET requests are mapped on a handler dealing
with POST requests and HTTP bodies.

This change makes sure that the `RequestResponseBodyMethodProcessor` is
only involved for requests that:

* have a Content-Type defined
* OR are HTTP requests eligible for an HTTP body (PUT, POST, PATCH)

Issue: SPR-13176
Fixes spring-projects/spring-boot#3313
2015-06-30 19:13:34 +02:00
Juergen Hoeller
dc1f921f5c Split between basic MethodParameter and SynthesizingMethodParameter
This split avoids a package tangle (between core and core.annotation) and also allows for selective use of raw annotation exposure versus synthesized annotations, with the latter primarily applicable to web and message handler processing at this point.

Issue: SPR-13153
2015-06-30 00:02:02 +02:00
Brian Clozel
39d689da0c Fix conditional requests support for HttpEntity
Prior to this commit, `HttpEntityMethodProcessor` would rely on
`ServletWebRequest` to process conditional requests and with incoming
`"If-Modified-Since"` / `"If-None-Match"` request headers.

This approach is problematic since in that class:

* response is wrapped in a `ServletServerHttpResponse`
* this wrapped response does not write response headers right away
* `ServletWebRequest.checkNotModified` methods can't apply their
logic with incomplete response headers

This solution adds some minimal code duplication and applies
the conditional request logic within the Processor.

A possible alternative would be to improve the
`ServletServerHttpResponse$ServletResponseHttpHeaders` implementation
with write methods - but this solution would only work for Servlet 3.x
applications.

Issue: SPR-13090
2015-06-29 16:47:27 +02:00
Sam Brannen
c9b26d80e1 Polish resource chain documentation 2015-06-29 15:57:58 +02:00
Brian Clozel
c61552b258 Document XML attributes in mvc:resource-chain
Issue: SPR-12804
2015-06-29 15:32:29 +02:00
Juergen Hoeller
a2d3c27ed1 Allow MVC handler methods to return any CharSequence type as view name
Issue: SPR-13165
2015-06-26 22:17:53 +02:00
Brian Clozel
ba48d6489f Mention Groovy Markup Templates in ref doc
Add a section on Groovy Markup Template support and
reorder sections in the View Technologies chapter, to have in order:

* Thymeleaf
* Groovy Markup Template
* Velocity and Freemarker
* JSPs
* Script Templates
* other views...

Issue: SPR-12829
2015-06-26 10:14:30 +02:00
Sebastien Deleuze
289f35da3a Call type aware canWrite() when using a GenericHttpMessageConverter
This commit introduces the following changes:
 - In AbstractMessageConverterMethodProcessor, the type aware variant of
   canWrite() is now called when the converter implements
   GenericHttpMessageConverter.
 - The Javadoc has been updated in GenericHttpMessageConverter to make it clear
   that the type aware canRead() and canWrite() methods should perform the same
   checks than non type aware ones.
  - AbstractGenericHttpMessageConverter now implements default type aware
    canRead() and canWrite() methods than just call the non type aware variants.
    Due to this, if subclasses just override the non type aware variants,
    they still have the right behavior.

Issue: SPR-13161
2015-06-25 15:02:33 +02:00
Sebastien Deleuze
31a5434ea4 Make @ResponseBody method return type available for message converters
This commit adds canWrite() and write() methods to the
GenericHttpMessageConverter interface. These are type aware variants
of the methods available in HttpMessageConverter, in order to keep
parametrized type information when serializing objects.

AbstractMessageConverterMethodProcessor now calls those type aware
methods when the message converter implements GenericHttpMessageConverter.

AbstractJackson2HttpMessageConverter and GsonHttpMessageConverter uses
these new methods to make @ResponseBody method return type available
for type resolution instead of just letting the JSON serializer trying
to guess the type to use from the object to serialize.

Issue: SPR-12811
2015-06-22 17:05:45 +02:00
Brian Clozel
9ada55dc6b Fix NPE in GzipResourceResolver
This change fixes a NullPointerException in GzipResourceResolver, which
assumed that calls to the `resolveResource` method were made with only
non-null values for request.

This is not the case for the VersionResourceResolver, which tries to
resolve resources that aren't requested per se by the HTTP request.

Issue: SPR-13149
2015-06-22 11:22:23 +02:00
Sam Brannen
de9f27872e Polish CORS support classes
- Simplified "check" algorithms in CorsConfiguration

- Improved robustness of setter methods in CorsConfiguration in order to
  avoid attempts to modify immutable lists

- Improved CORS documentation and fixed typo

- Introduced constants in CorsConfiguration

- Removed auto-boxing in CorsRegistration
2015-06-20 16:12:18 +02:00
Sam Brannen
078d252d1e Delete trailing whitespace in Java source code 2015-06-19 17:09:52 +02:00
Rossen Stoyanchev
0ef8af4798 Use .setStatus in ResponseStatusExceptionResolver
Before this change ResponseStatusExceptionResolver always used
.sendError despite the javadoc on @ResponseStatus#code. This was
perhaps justifiable from a HandlerExceptionResolver. Nevertheless
.setStatus should be more REST API friendly while still marking
the response as an error.

Issue: SPR-11193
2015-06-17 17:16:52 -04:00
Rossen Stoyanchev
8d7812b1b6 Raise IAE when no converter matches return type
Before this change the AbstractMessageConverterMethodProcessor always
raised a 406 if it couldn't find a converter. However if the reason
for not finding it is because there is simply no converter for the
return value type (i.e. programming error) and doesn't have anything to
do with content negotiation, then we should raise a 500 instead and
make it easier to figure out what's wrong.

Issue: SPR-13135
2015-06-17 17:03:36 -04:00