Commit Graph

399 Commits

Author SHA1 Message Date
Brian Clozel
71c3e4e4ee Fix empty URLs handling in ResourceUrlEncodingFilter
Prior to this commit, the ResourceUrlEncodingFilter would fail with a
StringIndexOutOfBoundsException when:

* the current request has a servlet context
* the URL to encode is relative and is shorter than the context value

This change defensively checks for those lengths and delegates to the
parent implementation if necessary.

Issue: SPR-13018
2015-05-13 14:30:09 +02:00
Brian Clozel
8b545f47bd Fix remote context handling in UrlTag
Prior to this change, the `UrlTag` would simply append the remote
context and the path value in case of a context relative URL.

The following code snippet would output "//foo":

```
<spring:url value="/foo" context="/" />
```

This change now removes trailing slashes in remote context to avoid
this.

Issue: SPR-12782
2015-05-06 14:54:18 +02:00
Sam Brannen
ba84458c65 Overhaul AnnotatedElementUtils
- Methods which search for a specific annotation now properly ensure
   that the sought annotation was actually found.

 - Both the "get" and the "find" search algorithms no longer needlessly
   traverse meta-annotation hierarchies twice.

 - Both the "get" and the "find" search algorithms now properly
   increment the metaDepth when recursively searching within the
   meta-annotation hierarchy.

 - Redesigned getMetaAnnotationTypes() so that it doesn't needlessly
   search irrelevant annotations.

 - Documented and tested hasMetaAnnotationTypes().

 - Documented isAnnotated().

Issue: SPR-11514
2015-05-05 23:35:00 +02:00
Rossen Stoyanchev
8853107f76 Find CORS config by HandlerMethod
Before this change AbstractHandlerMethodMapping used a map from Method
to CorsConfiguration. That works for regular @RequestMapping methods.
However frameworks like Spring Boot and Spring Integration may
programmatically register the same Method under multiple mappings,
i.e. adapter/gateway type classes.

This change ensures that CorsConfiguraiton is indexed by HandlerMethod
so that we can store CorsConfiguration for different handler instances
even when the method is the same.

In order for to make this work, HandlerMethod now provides an
additional field called resolvedFromHandlerMethod that returns the
original HandlerMethod (with the String bean name). This makes it
possible to  perform reliable lookups.

Issue: SPR-11541
2015-05-05 12:56:07 -04:00
Rossen Stoyanchev
4a8baebf59 Improve MappingRegistry tests and polish
Issue: SPR-11541
2015-05-05 12:56:06 -04:00
Sam Brannen
16b189cc1a Add failing test for concrete @RequestMapping method in abstract superclass
This commit introduces failing (but currently disabled) test cases in
HandlerMethodAnnotationDetectionTests that attempt to reproduce the
scenario described in SPR-9517.

See: ParameterizedSubclassDoesNotOverrideConcreteImplementationsFromGenericAbstractSuperclass

Furthermore, this commit also introduces passing tests cases for a
similar scenario. See: ParameterizedSubclassOverridesDefaultMappings

Issue: SPR-9517
2015-05-05 17:31:30 +02:00
Sam Brannen
5dd70a8e46 Simplify HandlerMethodAnnotationDetectionTests config 2015-05-05 17:31:30 +02:00
Brian Clozel
77937c5b02 Polish JRubyScriptTemplateTests (case sensitive issue) 2015-05-05 13:56:54 +02:00
Sam Brannen
3fb2645744 Polish HandlerMethodAnnotationDetectionTests 2015-05-05 13:19:09 +02:00
Sebastien Deleuze
7919364db6 Polish script based view tests
Issue: SPR-12266
2015-05-05 11:38:47 +02:00
Rossen Stoyanchev
e306098155 Encapsulate CORS checking within CorsConfiguration
CorsConfiguration now provides methods to check and determine the
allowed origin, method, and headers according to its own configuration.

This simplifies significantly the work that needs to be done from
DefaultCorsProcessor. However an alternative CorsProcessor can still
access the raw CorsConfiguration and perform its own checks.

Issue: SPR-12885
2015-05-05 09:31:41 +02:00
Sebastien Deleuze
83f269b512 Make DefaultCorsProcessor Servlet 2.5 compliant
This commit adds CORS related headers to HttpHeaders
and update DefaultCorsProcessor implementation to
use ServerHttpRequest and ServerHttpResponse instead
of HttpServletRequest and HttpServletResponse. Usage
of ServerHttpResponse allows to avoid using Servlet 3.0
specific methods in order keep CORS support Servlet 2.5
compliant.

Issue: SPR-12885
2015-05-05 09:31:41 +02:00
Rossen Stoyanchev
71683c5f8d Fix regressions from 8f558e7
The change to provide public register/unregister methods in
AbstractHandlerMethodMapping assumed that a single method cannot be
mapped more than once. This is not the case with the MvcEndpoints and
EndpointHandlerMapping from Spring Boot which wrap one or more
non-web Endpoint types with an MvcEndpointAdapter in order to expose
them for use over the web. In effect Spring MVC sees a single handler
method mapped many times.

This change removes that assumption so rather than unregistering with
a HandlerMethod, which is not necessarily unique, the unregister method
now takes the actual mapping, which is the only thing that should actually
be unique.

Issue: SPR-11541
2015-05-04 17:24:49 -04:00
Rossen Stoyanchev
205e5dfd6f Support bridged methods in MvcUriComponentsBuilder
Issue: SPR-12977
2015-05-04 10:26:46 -04:00
Sam Brannen
859751b9d9 Add test for bridge method support in MvcUriComponentsBuilder
This commit introduces a new fromMethodNameWithBridgedMethod() test in
MvcUriComponentsBuilderTests which is currently disabled via @Ignore
until this bug is resolved.

Issue: SPR-12977
2015-05-04 13:43:25 +02:00
Brian Clozel
bb3f26483b Fix CachingResourceResolver key generation
When used in combination with GzipResourceResolver, the
CachingResourceResolver does not properly cache results, since it only
takes the request path as a input for cache key generation.

Here's an example of that behavior:

1. an HTTP client requests a resource with `Accept-Encoding: gzip`, so
the GzipResourceResolver can resolve a gzipped resource.
2. the configured CachingResourceResolver caches that resource.
3. another HTTP client requests the same resource, but it does not
support gzip encoding; the previously cached gzipped resource is still
returned.

This commit uses the presence/absence of gzip encoding support as an
input in cache keys generation.

Issue: SPR-12982
2015-05-04 13:33:22 +02:00
Rossen Stoyanchev
8f558e7c73 Add methods to (un)register HandlerMethod mappings
Issue: SPR-11541
2015-05-04 06:08:26 -04:00
Rossen Stoyanchev
8376e1eca1 Support @RequestMapping as meta-annotation
Issue: SPR-12296
2015-04-24 10:33:44 -04:00
Rossen Stoyanchev
1cd0f433e0 Allow MvcUriComponentsBuilder instance with baseUrl
Before this change MvcUriComponentsBuilder exposed only static factory
methods for creating links where the links are relative to the current
request or a baseUrl explicitly provided as an argument.

This change allows creating an MvcUriComponents builder instance with
a built-in baseUrl. The instance can then be used with non-static
withXxx(...) method alternatives to the static fromXxx(...) methods.

Issue: SPR-12617
2015-04-23 11:03:37 -04:00
Sebastien Deleuze
a3159dfbf2 Add script based templating support
This commit adds support for script based templating. Any templating
library running on top of a JSR-223 ScriptEngine that implements
Invocable like Nashorn or JRuby could be used.

For example, in order to render Mustache templates thanks to the Nashorn
Javascript engine provided with Java 8+, you should declare the following
configuration:

@Configuration
@EnableWebMvc
public class MustacheConfig extends WebMvcConfigurerAdapter {

	@Override
	public void configureViewResolvers(ViewResolverRegistry registry) {
		registry.scriptTemplate();
	}

	@Bean
	public ScriptTemplateConfigurer configurer() {
		ScriptTemplateConfigurer configurer = new ScriptTemplateConfigurer();
		configurer.setEngineName("nashorn");
		configurer.setScripts("mustache.js");
		configurer.setRenderObject("Mustache");
		configurer.setRenderFunction("render");
		return configurer;
	}
}

The XML counterpart is:

<beans>
	<mvc:annotation-driven />

	<mvc:view-resolvers>
		<mvc:script-template />
	</mvc:view-resolvers>

	<mvc:script-template-configurer engine-name="nashorn" render-object="Mustache" render-function="render">
		<mvc:script location="mustache.js" />
	</mvc:script-template-configurer>
</beans>

Tested with:
 - Handlebars running on Nashorn
 - Mustache running on Nashorn
 - React running on Nashorn
 - EJS running on Nashorn
 - ERB running on JRuby
 - String templates running on Jython

Issue: SPR-12266
2015-04-22 08:47:04 +02:00
Sebastien Deleuze
713fc5c4ab Add onTimeout() and onCompletion() callbacks to ResponseBodyEmitter
Issue: SPR-12939
2015-04-21 19:34:01 +02:00
Sebastien Deleuze
9a65eec36f Avoid registering CorsConfiguration for methods without @CrossOrigin
Issue: SPR-12931
2015-04-20 09:04:38 +02:00
Sam Brannen
d31f3ee0b2 Suppress warning in ServletAnnotationControllerHandlerMethodTests 2015-04-17 02:11:12 +02:00
Rossen Stoyanchev
26cfe5795f Find @ResponseStatus recursively on getCause()
Issue: SPR-12903
2015-04-13 18:10:55 -04:00
Rossen Stoyanchev
c172d9d745 Add trailing slash support to AbstractUrlHandlerMapping
Issue: SPR-12818
2015-04-13 15:33:25 -04:00
Rossen Stoyanchev
8ff7cc73bc Try defaulContentType for application/octet-stream
AbstractHttpMessageConverter now tries to call getDefaultContentType
with the actual value to be converted to see if that will result in
a more concrete mediat type than application/octet-stream.

Issue: SPR-12894
2015-04-13 14:31:25 -04:00
Rossen Stoyanchev
b6449baaa6 List all unsatisfied request param groups
Issue: SPR-12854
2015-04-06 23:33:56 -04:00
Sebastien Deleuze
b0e1e66b7f Add CORS support
This commit introduces support for CORS in Spring Framework.

Cross-origin resource sharing (CORS) is a mechanism that allows
many resources (e.g. fonts, JavaScript, etc.) on a web page to
be requested from another domain outside the domain from which
the resource originated. It is defined by the CORS W3C
recommandation (http://www.w3.org/TR/cors/).

A new annotation @CrossOrigin allows to enable CORS support
on Controller type or method level. By default all origins
("*") are allowed.

@RestController
public class SampleController {

	@CrossOrigin
	@RequestMapping("/foo")
	public String foo() {
		// ...
	}
}

Various @CrossOrigin attributes allow to customize the CORS configuration.

@RestController
public class SampleController {

	@CrossOrigin(origin = { "http://site1.com", "http://site2.com" },
				 allowedHeaders = { "header1", "header2" },
				 exposedHeaders = { "header1", "header2" },
				 method = RequestMethod.DELETE,
				 maxAge = 123, allowCredentials = "true")
	@RequestMapping(value = "/foo", method = { RequestMethod.GET, RequestMethod.POST} )
	public String foo() {
		// ...
	}
}

A CorsConfigurationSource interface can be implemented by HTTP request
handlers that want to support CORS by providing a CorsConfiguration
that will be detected at AbstractHandlerMapping level. See for
example ResourceHttpRequestHandler that implements this interface.

Global CORS configuration should be supported through ControllerAdvice
(with type level @CrossOrigin annotated class or class implementing
CorsConfigurationSource), or with XML namespace and JavaConfig
configuration, but this is not implemented yet.

Issue: SPR-9278
2015-04-02 16:12:11 +02:00
Sebastien Deleuze
35f40ae654 Add @JsonView deserialization support for request bodies
Jackson 2.5.0 or later is required.

Issue: SPR-12501
2015-04-02 12:05:45 +02:00
Sebastien Deleuze
ca06582f2a Support Jackson @JsonFilter
This commit adds a filters property to MappingJacksonValue
and also manages a special FilterProvider class name model key in
order to be able to specify a customized FilterProvider for each
handler method execution, and thus provides a more dynamic
alternative to our existing JsonView support.

A filters property is also now available in Jackson2ObjectMapperBuilder
and Jackson2ObjectMapperFactoryBean in order to set easily a
global FilterProvider.

More details about @JsonFilter at
http://wiki.fasterxml.com/JacksonFeatureJsonFilter.

Issue: SPR-12586
2015-04-02 11:23:18 +02:00
Rossen Stoyanchev
7e799295e5 Fix compile error 2015-04-01 16:53:27 -04:00
Juergen Hoeller
39bc8b7992 AbstractContextLoaderInitializer and AbstractDispatcherServletInitializer support ApplicationContextInitializers now
Issue: SPR-12430
2015-03-31 17:21:57 +02:00
Rossen Stoyanchev
36ed4df59d Improve empty request body handling
The check for an empty request body InputStream is now in the base
class AbstractMessageConverterMethodArgumentResolver shared for
all arguments that involve reading with an HttpMessageConverter --
@RequestBody, @RequestPart, and HttpEntity.

When an empty body is detected any configured RequestBodyAdvice is
given a chance to select a default value or leave it as null.

Issue: SPR-12778, SPR-12860, SPR-12861
2015-03-29 21:42:22 -04:00
Rossen Stoyanchev
0556ed4f16 Add RequestBodyAdvice
RequestBodyAdvice is analogous to ResponseBodyAdvice (added in 4.1)
but for intercepting for reading the request with an
HttpMessageConverter for resolving an @RequestBody or an HttpEntity
method argument.

Issue: SPR-12501
2015-03-29 21:42:14 -04:00
Rossen Stoyanchev
95f6e4cc9b Support StreamingResponseBody return value type
Issue: SPR-12831
2015-03-23 15:38:52 -04:00
Juergen Hoeller
76cf5beb59 Support for XSSFWorkbook and SXSSFWorkbook (xmlx format; POI 3.9+)
Introduces an AbstractXlsView and dedicated subclasses for POI's xmlx support.
Deprecates the traditional AbstractExcelView which is based on pre POI 3.5 API.

Issue: SPR-6898
2015-03-23 20:01:05 +01:00
Juergen Hoeller
e2110e353e Support for JasperReports xlsx exporter
Issue: SPR-12843
2015-03-23 19:59:25 +01:00
Brian Clozel
f9ce11eef8 Provide controller level Cache-Control support
Prior to this commit, Cache-Control HTTP headers could be set using
a WebContentInterceptor and configured cache mappings.

This commit adds support for cache-related HTTP headers at the controller
method level, by returning a ResponseEntity instance:

ResponseEntity.status(HttpStatus.OK)
    .cacheControl(CacheControl.maxAge(1, TimeUnit.HOURS).cachePublic())
    .eTag("deadb33f8badf00d")
    .body(entity);

Also, this change now automatically checks the "ETag" and
"Last-Modified" headers in ResponseEntity, in order to respond HTTP
"304 - Not Modified" if necessary.

Issue: SPR-8550
2015-03-23 18:05:14 +01:00
Brian Clozel
38f32e3816 Improve HTTP caching flexiblity
This commit improves HTTP caching defaults and flexibility in
Spring MVC.

1) Better default caching headers

The `WebContentGenerator` abstract class has been updated with
better HTTP defaults for HTTP caching, in line with current
browsers and proxies implementation (wide support of HTTP1.1, etc);
depending on the `setCacheSeconds` value:

* sends "Cache-Control: max-age=xxx" for caching responses and
do not send a "must-revalidate" value by default.
* sends "Cache-Control: no-store" or "Cache-Control: no-cache"
in order to prevent caching

Other methods used to set specific header such as
`setUseExpiresHeader` or `setAlwaysMustRevalidate` are now deprecated
in favor of `setCacheControl` for better flexibility.
Using one of the deprecated methods re-enables previous HTTP caching
behavior.

This change is applied in many Handlers, since
`WebContentGenerator` is extended by `AbstractController`,
`WebContentInterceptor`, `ResourceHttpRequestHandler` and others.

2) New CacheControl builder class

This new class brings more flexibility and allows developers
to set custom HTTP caching headers.

Several strategies are provided:

* `CacheControl.maxAge(int)` for caching responses with a
"Cache-Control: max-age=xxx" header
* `CacheControl.noStore()` prevents responses from being cached
with a "Cache-Control: no-store" header
* `CacheControl.noCache()` forces caches to revalidate the cached
response before reusing it, with a "Cache-Control: no-store" header.

From that point, it is possible to chain method calls to craft a
custom CacheControl instance:

```
CacheControl cc = CacheControl.maxAge(1, TimeUnit.HOURS)
    .cachePublic().noTransform();
```

3) Configuring HTTP caching in Resource Handlers

On top of the existing ways of configuring caching mechanisms,
it is now possible to use a custom `CacheControl` to serve
resources:

```
@Configuration
public class MyWebConfig extends WebMvcConfigurerAdapter {

  @Override
  public void addResourceHandlers(ResourceHandlerRegistry registry) {
    CacheControl cc = CacheControl.maxAge(1, TimeUnit.HOURS);
    registry.addResourceHandler("/resources/**)
            .addResourceLocations("classpath:/resources/")
            .setCacheControl(cc);
  }
}
```

or

```
<mvc:resources mapping="/resources/**" location="classpath:/resources/">
  <mvc:cachecontrol max-age="3600" cache-public="true"/>
</mvc:resources>
```

Issue: SPR-2779, SPR-6834, SPR-7129, SPR-9543, SPR-10464
2015-03-23 18:01:04 +01:00
Rossen Stoyanchev
6a96c26dd4 Add HttpRange tests, set Accept-Range header, polish
Issue: SPR-10805
2015-03-20 15:35:43 -04:00
Arjen Poutsma
da48739628 Support byte ranges in ResourceHttpRequestHandler
This commit introduces support for HTTP byte ranges in the
ResourceHttpRequestHandler. This support consists of a number of
changes:

- Parsing of HTTP Range headers in HttpHeaders, using a new HttpRange
  class and inner ByteRange/SuffixByteRange subclasses.
- MIME boundary generation moved from FormHttpMessageConverter to
  MimeTypeUtils.
- writePartialContent() method introduced in ResourceHttpRequestHandler,
  handling the byte range logic
- Additional partial content tests added to
  ResourceHttpRequestHandlerTests.

Issue: SPR-10805
2015-03-20 15:35:43 -04:00
Rossen Stoyanchev
de9c9febc3 Compare encoded params in AbstractFlashMapManager
AbstractFlashMapManager no longer decodes the target query parameters
it needs to use to match to the request after the redirect.

Instead it stores query parameters as-is adn then relies on parsing the
encoded query string after the redirect.

Issue: SPR-12569
2015-03-19 16:57:26 -04:00
Rossen Stoyanchev
46537a76ed Polish FlashMapManagerTests 2015-03-19 15:04:13 -04:00
Rossen Stoyanchev
febcd0c46d Add baseUrl overloaded MvcUriComponentsBuilder methods
Issue: SPR-12800
2015-03-16 20:45:01 -04:00
Juergen Hoeller
6c169bd644 Initial support for JSR-354 Money & Currency
Issue: SPR-12209
2015-03-13 19:40:00 +01:00
Rossen Stoyanchev
624790a520 Move X-Forwarded-* tests to UriComponentsBuilderTests 2015-03-13 09:33:21 -04:00
Sam Brannen
d90cee78ef Remove trailing whitespace in source code 2015-03-07 21:16:18 +01:00
Kazuki Shimizu
c746b10da9 Support @NumberFormat as a meta-annotation
This commit ensures that @NumberFormat can be used as a
meta-annotation, as was already the case for @DateTimeFormat.

In addition, this commit polishes FormattingConversionServiceTests and
MvcNamespaceTests.

Issue: SPR-12743
2015-03-07 21:00:25 +01:00
Juergen Hoeller
a71001b45c Polishing
Issue: SPR-12778
2015-03-06 17:46:35 +01:00
Rossen Stoyanchev
d64c48ff5f UriComponentsBuilder.fromHttpRequest sets port correctly
Issue: SPR-12771
2015-03-05 21:52:27 -05:00