Commit Graph

704 Commits

Author SHA1 Message Date
Sebastien Deleuze
57d55ddd56 Polish CorsFilter Javadoc 2015-07-20 11:14:37 +02:00
Sebastien Deleuze
70a03ee2a4 Rename CorsConfigurationMapping to UrlBasedCorsConfigurationSource
Issue: SPR-13192
2015-07-20 10:47:24 +02:00
Juergen Hoeller
203f1225c3 Polishing 2015-07-17 15:25:43 +02:00
Juergen Hoeller
9de824b73d AllEncompassingFormHttpMessageConverter registers MappingJackson2XmlHttpMessageConverter and GsonHttpMessageConverter (for consistency with RestTemplate and WebMvcConfigurationSupport)
Issue: SPR-13240
2015-07-17 15:24:12 +02:00
Juergen Hoeller
2934256257 Polishing 2015-07-15 00:08:11 +02:00
Stephane Nicoll
de6bbe7797 Handle null header value property
When using an Apache Http components based infrastructure, a null header
value is handled as the empty string. The exact same infrastructure using
HttpURLConnection generates a header with no colon. This is actually not
proper HTTP and some components fail to read such request.

We now make sure to call HttpURLConnection#addRequestProperty with the
empty String for a null header value.

Issue: SPR-13225
2015-07-14 10:34:28 +02:00
Juergen Hoeller
1fcd465f2d DelegatingFilterProxy autodetects a unique DispatcherServlet context
Issue: SPR-13191
2015-07-13 21:34:07 +02:00
Juergen Hoeller
8fdbf4285b Jackson2ObjectMapperBuilder prefers Jackson 2.6 JavaTimeModule over JSR310Module
Issue: SPR-13212
2015-07-13 17:41:57 +02:00
Sebastien Deleuze
84138abfd1 Avoid rejecting same-origin requests detected as CORS requests
Browsers like Chrome or Safari include an Origin header for same-origin
POST/PUT/DELETE requests, not only for cross-origin requests.

Before this commit, these same-origin requests would have been detected
as potential cross-origin requests, and rejected if the same-origin domain
is not part of the configured allowedOrigins.

This commit avoid to reject same-origin requests by reusing the logic
introduced in Spring 4.1 for detecting reliably Websocket/SockJS
same-origin requests with the WebUtils.isValidOrigin() method. This
logic has been extracted in a new WebUtils.isSameOrigin() method.

Issue: SPR-13206
2015-07-13 10:59:19 +02:00
Sebastien Deleuze
882fe129f3 Polish CORS support 2015-07-10 16:42:50 +02:00
Sebastien Deleuze
cd9b3903a7 Introduce CorsFilter and CorsConfigurationMapping
This commit introduces the following changes:
 - The new CorsConfigurationMapping class allows to share the mapped
   CorsConfiguration logic between AbstractHandlerMapping and CorsFilter
 - In AbstractHandlerMapping, the Map<String, CorsConfiguration>
   corsConfiguration property has been renamed to corsConfigurations
 - CorsFilter allows to process CORS requests at filter level, using any
   CorsConfigurationSource implementation (for example
   CorsConfigurationMapping)

Issue: SPR-13192
2015-07-09 22:19:46 +02:00
Sebastien Deleuze
dd16f64998 Polish @CrossOrigin javadoc 2015-07-07 10:01:22 +02:00
Sebastien Deleuze
8ee0e78980 Add Access-Control-Request-Method check for CORS preflight requests
Issue: SPR-13193
2015-07-07 09:34:39 +02:00
Rossen Stoyanchev
0d1b7fd14f Fix RequestPartServletServerHttpRequest encoding issue
When using Appache Commons FileUpload, multi parts with binary data
(i.e. that are not actual files) are saved and then accessed as
String request parameters.

Before this change however the RequestPartServletServerHttpRequest
used a fixed encoding (UTF-8) while the parsing code in
CommonsFileUploadSupport/Resolver used the encoding from the
content-type header, or the request, or the FileUpload component.

This change does a best effort to determine the encoding of the
request parameter using a similar algorithm as the parsing side
that should work the same unless the encoding comes from the
FileUpload component which is not accessible.

Issue: SPR-13096
2015-07-07 00:47:06 -04:00
Sam Brannen
0f7fc12569 Clean up warnings in spring-web 2015-07-06 18:30:20 +02:00
Juergen Hoeller
23124d106b CommonsMultipartResolver allows for specifying max upload size per file
Issue: SPR-13200
2015-07-06 14:01:51 +02:00
Juergen Hoeller
f0c6bff82a MultipartFile interface extends InputStreamSource
Issue: SPR-11861
2015-07-06 13:53:35 +02:00
Brian Clozel
85a80e2a94 Fix error message typo in ShallowEtagHeaderFilter
Issue: SPR-13194
2015-07-03 21:40:48 +02:00
Juergen Hoeller
265cd2ad1e Javadoc fine-tuning for 4.2 2015-06-30 18:02:42 +02:00
Juergen Hoeller
0411435bac XML parsing tests pass on non-English locales now, plus a revised exception message and some minor polishing
Issue: SPR-13136
(cherry picked from commit 38b8262e1e)
2015-06-30 17:16:45 +02:00
Rossen Stoyanchev
d79ec68db4 Disable DTD when parsing untrusted XML input
Issue: SPR-13136
2015-06-30 07:50:21 -04:00
Juergen Hoeller
4facb2fc22 ContentCachingResponseWrapper defensively applies content length in case of sendError/sendRedirect
Issue: SPR-13004
2015-06-30 12:45:43 +02:00
Juergen Hoeller
dc1f921f5c Split between basic MethodParameter and SynthesizingMethodParameter
This split avoids a package tangle (between core and core.annotation) and also allows for selective use of raw annotation exposure versus synthesized annotations, with the latter primarily applicable to web and message handler processing at this point.

Issue: SPR-13153
2015-06-30 00:02:02 +02:00
Brian Clozel
39d689da0c Fix conditional requests support for HttpEntity
Prior to this commit, `HttpEntityMethodProcessor` would rely on
`ServletWebRequest` to process conditional requests and with incoming
`"If-Modified-Since"` / `"If-None-Match"` request headers.

This approach is problematic since in that class:

* response is wrapped in a `ServletServerHttpResponse`
* this wrapped response does not write response headers right away
* `ServletWebRequest.checkNotModified` methods can't apply their
logic with incomplete response headers

This solution adds some minimal code duplication and applies
the conditional request logic within the Processor.

A possible alternative would be to improve the
`ServletServerHttpResponse$ServletResponseHttpHeaders` implementation
with write methods - but this solution would only work for Servlet 3.x
applications.

Issue: SPR-13090
2015-06-29 16:47:27 +02:00
Juergen Hoeller
a5349eb2f8 Base64Utils falls back to JAXB DatatypeConverter for String-based encoding
Issue: SPR-12938
2015-06-26 22:06:13 +02:00
Sam Brannen
8416752645 Polish Javadoc for MVC parameter binding annotations 2015-06-26 16:14:06 +02:00
Sebastien Deleuze
89cc8e0401 Restore compatibility with Jackson 2.1
Issue: SPR-12501
2015-06-26 02:18:29 +02:00
Sebastien Deleuze
3bff7bd895 Serialize with type only with jackson 2.6+
Previous Jackson versions do not serialize polymorphic collections correctly
when the type is specified.

Issue: SPR-12811
2015-06-26 02:15:37 +02:00
Sebastien Deleuze
289f35da3a Call type aware canWrite() when using a GenericHttpMessageConverter
This commit introduces the following changes:
 - In AbstractMessageConverterMethodProcessor, the type aware variant of
   canWrite() is now called when the converter implements
   GenericHttpMessageConverter.
 - The Javadoc has been updated in GenericHttpMessageConverter to make it clear
   that the type aware canRead() and canWrite() methods should perform the same
   checks than non type aware ones.
  - AbstractGenericHttpMessageConverter now implements default type aware
    canRead() and canWrite() methods than just call the non type aware variants.
    Due to this, if subclasses just override the non type aware variants,
    they still have the right behavior.

Issue: SPR-13161
2015-06-25 15:02:33 +02:00
Sebastien Deleuze
31a5434ea4 Make @ResponseBody method return type available for message converters
This commit adds canWrite() and write() methods to the
GenericHttpMessageConverter interface. These are type aware variants
of the methods available in HttpMessageConverter, in order to keep
parametrized type information when serializing objects.

AbstractMessageConverterMethodProcessor now calls those type aware
methods when the message converter implements GenericHttpMessageConverter.

AbstractJackson2HttpMessageConverter and GsonHttpMessageConverter uses
these new methods to make @ResponseBody method return type available
for type resolution instead of just letting the JSON serializer trying
to guess the type to use from the object to serialize.

Issue: SPR-12811
2015-06-22 17:05:45 +02:00
Sam Brannen
de9f27872e Polish CORS support classes
- Simplified "check" algorithms in CorsConfiguration

- Improved robustness of setter methods in CorsConfiguration in order to
  avoid attempts to modify immutable lists

- Improved CORS documentation and fixed typo

- Introduced constants in CorsConfiguration

- Removed auto-boxing in CorsRegistration
2015-06-20 16:12:18 +02:00
Sebastien Deleuze
1e39a18819 Polish 2015-06-18 18:04:29 +02:00
Rossen Stoyanchev
042519043f Update Javadoc on @ResponseStatus
Issue: SPR-11193
2015-06-17 17:23:31 -04:00
Rossen Stoyanchev
210e10c657 Add AsyncHandlerMethodReturnValueHandler
Before this change HandlerMethodReturnValueHandler's were invoked in a
specific order (type-based, annotation-based, custom). However handlers
that deal with asynchronous return value handling need to always be
considered first. This affects custom handlers in particular since they
are normally ordered last.

This change introduces an AsyncHandlerMethodReturnValueHandler
sub-interface with a single method to determine if the return value is
asynchronous and if it is to look for a matching handler only among
those that are of type AsyncHandlerMethodReturnValueHandler.

Issue: SPR-13083
2015-06-16 08:48:56 -04:00
Sebastien Deleuze
8187833502 Change default JSON prefix from "{} && " to ")]}', "
Issue: SPR-13078
2015-06-16 11:30:07 +02:00
Juergen Hoeller
ce7cc79e9f Polishing 2015-06-16 00:18:45 +02:00
Rossen Stoyanchev
4b05bda0bf Missing path variable is now a 500 error
Before this change a missing path variable value resulted in a 400
error where in fact the error is due to a mismatch between the
declared @PathVariable and the URI template, i.e. a 500 error.

This change introduced a MissingPathVariableException as a sub-class
of ServletRequestBindingException (the exception previously thrown)
and results in a response status code of 500 by default.

Issue: SPR-13121
2015-06-15 16:09:19 -04:00
Stephane Nicoll
5236eb6b63 Allow default settings of a custom HttpAsyncClient to apply
This is a rework of 71783c5 for SPR-12540 for the async extension that
was not merging the internal RequestConfig as it should.

Issue: SPR-13125
2015-06-15 18:13:07 +02:00
Stephane Nicoll
95acf8c989 Remove references to codehaus.org
Issue: SPR-13129
2015-06-15 15:44:29 +02:00
Sam Brannen
2b339db53b Polish @CrossOrigin
- origin --> origins
- method --> methods
- constants are now actually constant (i.e., static final)
2015-06-13 17:09:58 +02:00
Brian Clozel
0175068cab Improve Last-Modified & ETag support
Prior to this change, the `"Last-Modified"` and "`Etag`" support had
been improved with SPR-11324: HTTP response headers are now
automatically added for conditional requests and more.

This commit fixes the format of the "`Last-Modified`" and "`ETag`"
values, which were using an epoch timestamp rather than an HTTP-date
format defined in RFC 7231 section 7.1.1.1.

Also, Conditional responses are only applied when the given response
applies, i.e. when it has an compatible HTTP status (2xx).

Issue: SPR-13090
2015-06-11 14:46:14 +02:00
Juergen Hoeller
ad55687627 Polishing 2015-06-11 12:33:30 +02:00
Juergen Hoeller
32b9ea9e9f WebAsyncUtils avoids reflection for creating StandardServletAsyncWebRequest
Issue: SPR-13112
2015-06-11 10:13:51 +02:00
Rossen Stoyanchev
9712a32c46 Allow setting timeout in ResponseBodyEmitter
Issue: SPR-13104
2015-06-10 14:47:24 -04:00
Arjen Poutsma
4611d058c8 Support Forwarded-Header in UriComponentsBuilder
This commit introduces support for RFC 7239: Forwarded HTTP Extension in
the UriComponentsBuilder. Unfortunately, RFC 7239 is not a complete
replacement for the X-Forwarded-* headers: specifically, there is not
direct replacement for X-Forwarded-Port. The JIRA contains more
information.

Issue: SPR-11856
2015-06-10 11:48:12 -04:00
Sebastien Deleuze
15da5efc86 Fix combining class and method level @CrossOrigin attributes
Issue: SPR-13097
2015-06-05 15:32:58 +02:00
Juergen Hoeller
d195ad216a Polishing 2015-06-04 23:27:40 +02:00
Sam Brannen
1a56b47502 Introduce alias for 'value' attribute in @MatrixVariable
Issue: SPR-11393
2015-05-31 18:50:35 +02:00
Sam Brannen
60eb9e9ca2 Introduce 'value' alias for 'origin' in @CrossOrigin
Issue: SPR-11393
2015-05-31 18:34:01 +02:00
Sam Brannen
f0c0813011 Change semantics of @CrossOrigin's maxAge regarding negative values 2015-05-31 18:20:52 +02:00