Commit Graph

423 Commits

Author SHA1 Message Date
Sebastien Deleuze
0c3b34f7d5 Polish CORS global configuration
This commit introduces the following changes:
 - configureCors(CorsConfigurer configurer) is renamed to
   addCorsMappings(CorsRegistry registry)
 - enableCors(String... pathPatterns) is renamed to
   addMapping(String pathPattern)
 - <cors /> element must have at least one <mapping /> child
   element in order to be consistent with XML based configuration
   and have more explicit configuration

Issues: SPR-12933, SPR-13046
2015-06-05 16:55:15 +02:00
Sebastien Deleuze
15da5efc86 Fix combining class and method level @CrossOrigin attributes
Issue: SPR-13097
2015-06-05 15:32:58 +02:00
Sebastien Deleuze
e5f76af193 Support CORS global configuration in XML namespace
This commit introduces support for this kind of CORS XML namespace configuration:

	<mvc:cors>

		<mvc:mapping path="/api/**"
					allowed-origins="http://domain1.com, http://domain2.com"
					allowed-methods="GET, PUT"
					allowed-headers="header1, header2, header3"
					exposed-headers="header1, header2" allow-credentials="false"
					max-age="123" />

		<mvc:mapping path="/resources/**" allowed-origins="http://domain1.com" />

	</mvc:cors>

Issue: SPR-13046
2015-06-02 19:14:12 +02:00
Jasper de Vries
ec4783400c SPR-13080 SseEventBuilder needs event rather than name 2015-06-01 10:02:28 -04:00
Sam Brannen
1a56b47502 Introduce alias for 'value' attribute in @MatrixVariable
Issue: SPR-11393
2015-05-31 18:50:35 +02:00
Sam Brannen
60eb9e9ca2 Introduce 'value' alias for 'origin' in @CrossOrigin
Issue: SPR-11393
2015-05-31 18:34:01 +02:00
Sam Brannen
72b44af862 Introduce test for invalid @CrossOrigin.allowCredentials() 2015-05-31 18:17:52 +02:00
Sam Brannen
9ce7485237 Introduce alias for 'value' attribute in @SessionAttributes
Issue: SPR-11393
2015-05-31 17:21:03 +02:00
Sam Brannen
6a5b2672e7 Introduce alias for 'value' attribute in @ResponseStatus
Issue: SPR-11393
2015-05-31 17:00:23 +02:00
Sam Brannen
c55486d5d5 Introduce alias for 'value' attribute in @RequestPart
Issue: SPR-11393
2015-05-31 16:32:45 +02:00
Sam Brannen
c4c3ce796a Introduce alias for 'value' attribute in @CookieValue
Issue: SPR-11393
2015-05-31 16:07:27 +02:00
Sam Brannen
7018747cec Remove trailing whitespace in Java source code 2015-05-29 02:03:44 +02:00
Brian Clozel
4d5fca596d Fix directories I/O in ResourceHttpRequestHandler
Prior to this commit, the `ResourceHttpRequestHandler` would not
properly handle HTTP requests to **directories contained in JARs**.
This would result in HTTP 500 errors, caused by `FileNotFoundException`
or `NullPointerException`.

This can be tracked to webapp ClassLoader implementations in servlet
containers:
* in Jetty9x, fetching a directory within a JAR as a `Resource` and
getting its InputStream work fine, but attempting to `close()` it
results in a NullPointerException as the underlying stream is null.
* In Tomcat6x, one cannot fetch an InputStream for the same `Resource`
as it throws a FileNotFoundException.

This change adds more try/catch clauses and catches more Exception so as
to result in HTTP 200 OK responses instead of server errors. While this
is inconsistent because the same code path would result in HTTP 404 with
existing directories on the file system, there's no other simple way to
make those checks for resources contained in JARs.

Issue: SPR-12999
2015-05-21 14:30:12 +02:00
Rossen Stoyanchev
ad4c8795ae Include only path in <spring:mvcUrl>
Issue: SPR-13045
2015-05-20 17:06:47 -04:00
Brian Clozel
57e0c789a8 Polish
Issue: SPR-12323
2015-05-19 23:57:30 +02:00
Brian Clozel
c5d6cc4134 Polish
Issue: SPR-12673
2015-05-19 21:40:52 +02:00
Brian Clozel
9e5a33c1b3 Add a ResourceResolver implementation for WebJars
Prior to this commit, WebJars users needed to use versioned links within
templates for WebJars resources, such as `/jquery/1.2.0/jquery.js`.
This can be rather cumbersome when updating libraries - all references
in templates need to be updated.

One could use version-less links in templates, but needed to add a
specific MVC Handler that uses webjars.org's webjar-locator library.
While this approach makes maintaing templates easier, this makes HTTP
caching strategies less optimal.

This commit adds a new WebJarsResourceResolver that search for resources
located in WebJar locations. This ResourceResolver is automatically
registered if the "org.webjars:webjars-locator" dependency is present.

Registering WebJars resource handling can be done like this:

```java
@Override
protected void addResourceHandlers(ResourceHandlerRegistry registry) {
  registry.addResourceHandler("/webjars/**")
          .addResourceLocations("classpath:META-INF/resources/webjars")
          .resourceChain(true)
              .addResolver(new WebJarsResourceResolver());
}
```

Issue: SPR-12323

polish
2015-05-19 18:01:08 +02:00
Brian Clozel
c36435c042 Execute HandlerInterceptors in registration order
Prior to this commit, registering `HandlerInterceptor`s using the
`InterceptorRegistry` would not guarantee their order of execution. In
fact, `HandlerInterceptor`s would always be executed before
`MappedInterceptor`s.

This change makes `MappedInterceptor` implement the `HandlerInterceptor`
interface, in order to register all interceptors in a single ordered
list. The order of execution of interceptors is now guaranteed in the
`HandlerExecutionChain` built by `AbstractHandlerMapping`.

Issue: SPR-12673
2015-05-19 12:48:40 +02:00
Stephane Nicoll
cf391f5ce1 polish
Remove unused imports
2015-05-19 08:49:01 +02:00
james
e41877d64e SPR-13033: Use @RequestMapping of correct class
MvcUriComponentsBuilder::fromMethodCall creates wrong URLs with derived
controller classes. The @RequestMapping of the declaring class of the
method that is called is used instead of the @RequstMapping of the
given controller class.

https://jira.spring.io/browse/SPR-13033
2015-05-18 14:12:31 -04:00
Rossen Stoyanchev
5e8d838334 CORS-related refinements
After this change CorsProcessor has a single processRequest method and
it also explicitly deals with a null CorsConfiguration, which for
pre-flight requests results in a rejection while for simple requests
results in no CORS headers added.

The AbstractHandlerMapping now uses a LinkedHashMap to preserve the
order in which global patterns are provided.
2015-05-18 12:20:54 -04:00
Sebastien Deleuze
decb55ce14 Rename CrossOriginConfigurer/Registration to CorsConfigurer/Registration
Issue: SPR-12933
2015-05-18 10:57:14 +02:00
Sebastien Deleuze
49fff7513d Add global CORS configuration capabilities
This commit adds JavaConfig based global CORS configuration
capabilities to Spring MVC. It is now possible to specify
multiple CORS configurations, each mapped on a path pattern,
by overriding
WebMvcConfigurerAdapter#configureCrossOrigin(CrossOriginConfigurer).

It is also possible to combine global and @CrossOrigin based
CORS configuration.

Issue: SPR-12933
2015-05-16 00:52:51 +02:00
Rossen Stoyanchev
e843bcc725 Do not log headers in exception message
Issue: SPR-12984
2015-05-14 06:19:47 -04:00
Brian Clozel
71c3e4e4ee Fix empty URLs handling in ResourceUrlEncodingFilter
Prior to this commit, the ResourceUrlEncodingFilter would fail with a
StringIndexOutOfBoundsException when:

* the current request has a servlet context
* the URL to encode is relative and is shorter than the context value

This change defensively checks for those lengths and delegates to the
parent implementation if necessary.

Issue: SPR-13018
2015-05-13 14:30:09 +02:00
Brian Clozel
8b545f47bd Fix remote context handling in UrlTag
Prior to this change, the `UrlTag` would simply append the remote
context and the path value in case of a context relative URL.

The following code snippet would output "//foo":

```
<spring:url value="/foo" context="/" />
```

This change now removes trailing slashes in remote context to avoid
this.

Issue: SPR-12782
2015-05-06 14:54:18 +02:00
Sam Brannen
ba84458c65 Overhaul AnnotatedElementUtils
- Methods which search for a specific annotation now properly ensure
   that the sought annotation was actually found.

 - Both the "get" and the "find" search algorithms no longer needlessly
   traverse meta-annotation hierarchies twice.

 - Both the "get" and the "find" search algorithms now properly
   increment the metaDepth when recursively searching within the
   meta-annotation hierarchy.

 - Redesigned getMetaAnnotationTypes() so that it doesn't needlessly
   search irrelevant annotations.

 - Documented and tested hasMetaAnnotationTypes().

 - Documented isAnnotated().

Issue: SPR-11514
2015-05-05 23:35:00 +02:00
Rossen Stoyanchev
8853107f76 Find CORS config by HandlerMethod
Before this change AbstractHandlerMethodMapping used a map from Method
to CorsConfiguration. That works for regular @RequestMapping methods.
However frameworks like Spring Boot and Spring Integration may
programmatically register the same Method under multiple mappings,
i.e. adapter/gateway type classes.

This change ensures that CorsConfiguraiton is indexed by HandlerMethod
so that we can store CorsConfiguration for different handler instances
even when the method is the same.

In order for to make this work, HandlerMethod now provides an
additional field called resolvedFromHandlerMethod that returns the
original HandlerMethod (with the String bean name). This makes it
possible to  perform reliable lookups.

Issue: SPR-11541
2015-05-05 12:56:07 -04:00
Rossen Stoyanchev
4a8baebf59 Improve MappingRegistry tests and polish
Issue: SPR-11541
2015-05-05 12:56:06 -04:00
Sam Brannen
16b189cc1a Add failing test for concrete @RequestMapping method in abstract superclass
This commit introduces failing (but currently disabled) test cases in
HandlerMethodAnnotationDetectionTests that attempt to reproduce the
scenario described in SPR-9517.

See: ParameterizedSubclassDoesNotOverrideConcreteImplementationsFromGenericAbstractSuperclass

Furthermore, this commit also introduces passing tests cases for a
similar scenario. See: ParameterizedSubclassOverridesDefaultMappings

Issue: SPR-9517
2015-05-05 17:31:30 +02:00
Sam Brannen
5dd70a8e46 Simplify HandlerMethodAnnotationDetectionTests config 2015-05-05 17:31:30 +02:00
Brian Clozel
77937c5b02 Polish JRubyScriptTemplateTests (case sensitive issue) 2015-05-05 13:56:54 +02:00
Sam Brannen
3fb2645744 Polish HandlerMethodAnnotationDetectionTests 2015-05-05 13:19:09 +02:00
Sebastien Deleuze
7919364db6 Polish script based view tests
Issue: SPR-12266
2015-05-05 11:38:47 +02:00
Rossen Stoyanchev
e306098155 Encapsulate CORS checking within CorsConfiguration
CorsConfiguration now provides methods to check and determine the
allowed origin, method, and headers according to its own configuration.

This simplifies significantly the work that needs to be done from
DefaultCorsProcessor. However an alternative CorsProcessor can still
access the raw CorsConfiguration and perform its own checks.

Issue: SPR-12885
2015-05-05 09:31:41 +02:00
Sebastien Deleuze
83f269b512 Make DefaultCorsProcessor Servlet 2.5 compliant
This commit adds CORS related headers to HttpHeaders
and update DefaultCorsProcessor implementation to
use ServerHttpRequest and ServerHttpResponse instead
of HttpServletRequest and HttpServletResponse. Usage
of ServerHttpResponse allows to avoid using Servlet 3.0
specific methods in order keep CORS support Servlet 2.5
compliant.

Issue: SPR-12885
2015-05-05 09:31:41 +02:00
Rossen Stoyanchev
71683c5f8d Fix regressions from 8f558e7
The change to provide public register/unregister methods in
AbstractHandlerMethodMapping assumed that a single method cannot be
mapped more than once. This is not the case with the MvcEndpoints and
EndpointHandlerMapping from Spring Boot which wrap one or more
non-web Endpoint types with an MvcEndpointAdapter in order to expose
them for use over the web. In effect Spring MVC sees a single handler
method mapped many times.

This change removes that assumption so rather than unregistering with
a HandlerMethod, which is not necessarily unique, the unregister method
now takes the actual mapping, which is the only thing that should actually
be unique.

Issue: SPR-11541
2015-05-04 17:24:49 -04:00
Rossen Stoyanchev
205e5dfd6f Support bridged methods in MvcUriComponentsBuilder
Issue: SPR-12977
2015-05-04 10:26:46 -04:00
Sam Brannen
859751b9d9 Add test for bridge method support in MvcUriComponentsBuilder
This commit introduces a new fromMethodNameWithBridgedMethod() test in
MvcUriComponentsBuilderTests which is currently disabled via @Ignore
until this bug is resolved.

Issue: SPR-12977
2015-05-04 13:43:25 +02:00
Brian Clozel
bb3f26483b Fix CachingResourceResolver key generation
When used in combination with GzipResourceResolver, the
CachingResourceResolver does not properly cache results, since it only
takes the request path as a input for cache key generation.

Here's an example of that behavior:

1. an HTTP client requests a resource with `Accept-Encoding: gzip`, so
the GzipResourceResolver can resolve a gzipped resource.
2. the configured CachingResourceResolver caches that resource.
3. another HTTP client requests the same resource, but it does not
support gzip encoding; the previously cached gzipped resource is still
returned.

This commit uses the presence/absence of gzip encoding support as an
input in cache keys generation.

Issue: SPR-12982
2015-05-04 13:33:22 +02:00
Rossen Stoyanchev
8f558e7c73 Add methods to (un)register HandlerMethod mappings
Issue: SPR-11541
2015-05-04 06:08:26 -04:00
Rossen Stoyanchev
8376e1eca1 Support @RequestMapping as meta-annotation
Issue: SPR-12296
2015-04-24 10:33:44 -04:00
Rossen Stoyanchev
1cd0f433e0 Allow MvcUriComponentsBuilder instance with baseUrl
Before this change MvcUriComponentsBuilder exposed only static factory
methods for creating links where the links are relative to the current
request or a baseUrl explicitly provided as an argument.

This change allows creating an MvcUriComponents builder instance with
a built-in baseUrl. The instance can then be used with non-static
withXxx(...) method alternatives to the static fromXxx(...) methods.

Issue: SPR-12617
2015-04-23 11:03:37 -04:00
Sebastien Deleuze
a3159dfbf2 Add script based templating support
This commit adds support for script based templating. Any templating
library running on top of a JSR-223 ScriptEngine that implements
Invocable like Nashorn or JRuby could be used.

For example, in order to render Mustache templates thanks to the Nashorn
Javascript engine provided with Java 8+, you should declare the following
configuration:

@Configuration
@EnableWebMvc
public class MustacheConfig extends WebMvcConfigurerAdapter {

	@Override
	public void configureViewResolvers(ViewResolverRegistry registry) {
		registry.scriptTemplate();
	}

	@Bean
	public ScriptTemplateConfigurer configurer() {
		ScriptTemplateConfigurer configurer = new ScriptTemplateConfigurer();
		configurer.setEngineName("nashorn");
		configurer.setScripts("mustache.js");
		configurer.setRenderObject("Mustache");
		configurer.setRenderFunction("render");
		return configurer;
	}
}

The XML counterpart is:

<beans>
	<mvc:annotation-driven />

	<mvc:view-resolvers>
		<mvc:script-template />
	</mvc:view-resolvers>

	<mvc:script-template-configurer engine-name="nashorn" render-object="Mustache" render-function="render">
		<mvc:script location="mustache.js" />
	</mvc:script-template-configurer>
</beans>

Tested with:
 - Handlebars running on Nashorn
 - Mustache running on Nashorn
 - React running on Nashorn
 - EJS running on Nashorn
 - ERB running on JRuby
 - String templates running on Jython

Issue: SPR-12266
2015-04-22 08:47:04 +02:00
Sebastien Deleuze
713fc5c4ab Add onTimeout() and onCompletion() callbacks to ResponseBodyEmitter
Issue: SPR-12939
2015-04-21 19:34:01 +02:00
Sebastien Deleuze
9a65eec36f Avoid registering CorsConfiguration for methods without @CrossOrigin
Issue: SPR-12931
2015-04-20 09:04:38 +02:00
Sam Brannen
d31f3ee0b2 Suppress warning in ServletAnnotationControllerHandlerMethodTests 2015-04-17 02:11:12 +02:00
Rossen Stoyanchev
26cfe5795f Find @ResponseStatus recursively on getCause()
Issue: SPR-12903
2015-04-13 18:10:55 -04:00
Rossen Stoyanchev
c172d9d745 Add trailing slash support to AbstractUrlHandlerMapping
Issue: SPR-12818
2015-04-13 15:33:25 -04:00
Rossen Stoyanchev
8ff7cc73bc Try defaulContentType for application/octet-stream
AbstractHttpMessageConverter now tries to call getDefaultContentType
with the actual value to be converted to see if that will result in
a more concrete mediat type than application/octet-stream.

Issue: SPR-12894
2015-04-13 14:31:25 -04:00