Commit Graph

1104 Commits

Author SHA1 Message Date
Vedran Pavic
82194f4ee0 Set SameSite default to Lax
Issue: SPR-16418
2018-07-23 18:23:05 +02:00
Brian Clozel
390bb871d8 Switch order of multipart Content-Type directives
Since SPR-15205, the `FormHttpMessageConverter` is adding a `charset`
directive to the `Content-Type` request header in order to help servers
understand which charset is being used to encode headers of each part.

As reported in SPR-17030 and others, some servers are not parsing
properly such header values and assume that `boundary` is the last
directive in the `Content-Type` header.

This commit reorders the charset information right before the boundary
declaration to get around those issues.

Issue: SPR-17030
2018-07-20 18:11:05 +02:00
Juergen Hoeller
9a43d2ec20 Revised log levels: less WARN and INFO, fine-tuned DEBUG vs TRACE
Issue: SPR-16946
2018-07-20 15:05:16 +02:00
Rossen Stoyanchev
93b7a4838e UriComponentsBuilder method to configure URI variables
See Javadoc on UriComponentsBuilder#uriVariables for details.

This helps to prepare for SPR-17027 where the MvcUriComponentsBuilder
already does a partial expand but was forced to build UriComonents
and then create a new UriComponentsBuilder from it to continue. This
change makes it possible to stay with the same builder instance.

Issue: SPR-17027
2018-07-19 19:07:42 -04:00
Rossen Stoyanchev
28cd6978b5 Minor fixes: UriComponentsBuilder, UriComponents, docs
After the latest changes, two small fixes in the clone method to copy
the encode flag, and in the encodeUriTemplate method to account for
possible null query params.

Improvements in the URI encoding section.

Issue: SPR-17039, SPR-17027
2018-07-19 19:07:42 -04:00
Rossen Stoyanchev
9498da5910 Clarify behavior of WebSession#save()
+ minor update to the InMemoryWebSession to match the defined behavior.

Issue: SPR-17051
2018-07-18 22:14:02 -04:00
Juergen Hoeller
ef9027e1c1 Polishing 2018-07-17 17:59:16 +02:00
Rossen Stoyanchev
a41a1edd93 Switch to TEMPLATE_AND_VALUES as the default mode
DefaultUriBuilderFactory now uses EncodingMode.TEMPLATE_AND_VALUES by
default. However the RestTemplate explicitly sets it to the previous
setting EncodingMode.URI_COMPONENTS, so this affects mainly the
WebClient and any direct use of DefaultUriBuilderFactory to configure
either the RestTemplate or the WebClient.

Issue: SPR-17039
2018-07-16 21:21:37 -04:00
Rossen Stoyanchev
2a0eac47f9 Add TEMPLATE_AND_VALUES mode to DefaultUriBuilderFactory
Issue: SPR-17039
2018-07-16 21:21:37 -04:00
Rossen Stoyanchev
75e45103b5 Polish DefaultUriBuilderFactory 2018-07-16 21:21:34 -04:00
Rossen Stoyanchev
5fb4982026 Support for encode() in UriComponentsBuilder
The ability to request to encode before `build()`, and more importantly
before expanding, allows stricter encoding to be applied to URI vars
and consequently to neutralize the effect of characters with reserved
meaning in a URI.

Issue: SPR-17039
2018-07-16 09:16:11 -04:00
Rossen Stoyanchev
43fbd63254 Add maxSessions, getSessions, removeExpiredSessions
This commit removes the session threshold check added recently which
is not effective since maxIdleTime is usually much longer than the
frequency of checks. The lazy triggering of expiration checks during
create or retreive are simple and the most effective

This commit also adds a maxSessions limit on the total number of
sessions that can be created at any one time, a getSessions method
for management purposes, and a removeExpiredSessions public API
for manual triggering of expiration checks.

Issue: SPR-17020, SPR-16713
2018-07-12 16:12:19 -04:00
Rossen Stoyanchev
32b75221b3 Improve expired session check algorithm
1. Add session count threshold as am extra pre-condition.
2. Check pre-conditions for expiration checks on every request.

Effectively an upper bound on how many sessions can be created before
expiration checks are performed.

Issue: SPR-17020
2018-07-11 15:59:18 -04:00
Rossen Stoyanchev
7b3a72f483 Warn when SimpleAsyncTaskExecutor is used
Issue: SPR-16203
2018-07-11 11:10:03 -04:00
Arjen Poutsma
2ac6a15f6f Add setBearerAuth method
Issue: SPR-16997
2018-07-09 17:06:55 +02:00
Arjen Poutsma
a663454fad Changed Basic Authentication consumer to setBasicAuth method
This commit changes the Basic Authentication Consumer<HttpHeaders> to
a basic setBasicAuth(String, String) method.

Issue: SPR-16913
2018-07-09 16:41:51 +02:00
Rossen Stoyanchev
5dc49b16ea Correlated messages at HTTP adapter + WebSocket level
Issue: SPR-16966
2018-07-06 15:44:18 -04:00
Rossen Stoyanchev
bb3061d112 Polish 2018-07-05 14:08:05 -04:00
Violeta Georgieva
22f6e5b9ff Adapt ReactorHttpsServer to lates Reactor Netty changes 2018-07-05 14:00:01 -04:00
Juergen Hoeller
83faee67d5 HttpMessageNotReadableException provides access to HttpInputMessage
Issue: SPR-15588
2018-07-04 22:46:09 +02:00
Juergen Hoeller
d08b72a75a Consistent throwing of HttpMessageNotReadableException vs IOException
Includes specific fine-tuning of ProtobufHttpMessageConverter and JAXB2 based message converters, as well as revised javadoc for abstract base classes.

Issue: SPR-16995
2018-07-02 22:37:29 +02:00
Arjen Poutsma
6bcf6ffb06 Add Basic Authentication Consumer
Issue: SPR-16913
2018-07-02 15:16:03 +02:00
Rossen Stoyanchev
d74e09a925 Polish MockClientHttpRequest 2018-06-29 17:37:45 -04:00
Rossen Stoyanchev
7f555785dd Add getBodyAsString() to MockClientHttpRequest
Issue: SPR-16988
2018-06-29 17:34:23 -04:00
Rossen Stoyanchev
51ec7c6b4a Add hook for customizing response cookie
Issue: SPR-16980
2018-06-29 18:15:52 -03:00
Rossen Stoyanchev
907a306ee2 Fix locally failing test in FlushingIntegrationTests 2018-06-29 18:15:52 -03:00
Juergen Hoeller
40efcc933c Polishing 2018-06-28 14:51:33 +02:00
Phillip Webb
a89e716cc7 Use tabs rather than spaces in tests
Update tests to ensure that tabs are used instead of spaces. Also
consistently apply a new line at the end of each file.

Issue: SPR-16968
2018-06-28 10:28:44 +02:00
Phillip Webb
1c25cec44f Polish test code
Polish a few issue identified when adding checkstyle to the
build. Although checkstyle is not enforcing rules on tests,
these are a few minor changes that are still worth making.

Issue: SPR-16968
2018-06-28 10:28:44 +02:00
Juergen Hoeller
2a15962d7f WebHttpHandlerBuilder retains ApplicationContext in copy constructor
Issue: SPR-16972
2018-06-25 18:12:12 +02:00
Rossen Stoyanchev
900bc8a2e3 Logging improvements for WebFlux
Issue: SPR-16898
2018-06-22 22:44:24 -04:00
Rossen Stoyanchev
28a5c3009e Improve DEBUG/TRACE logging for Spring MVC
Issue: SPR-16898
2018-06-18 18:33:11 -04:00
Rossen Stoyanchev
ebdcc015a4 Correctly set maxAge and expires in ResponseCookie
Issue: SPR-16940
2018-06-14 13:07:17 -04:00
Brian Clozel
09d9450154 Add SameSite support in WebFlux SESSION cookies
This commit adds support for the "SameSite" attribute in response
cookies. As explained in rfc6265bis, this attribute can be used to limit
the scope of a cookie so that it can't be attached to a request unless
it is sent from the "same-site".

This feature is currently supported by Google Chrome and Firefox, other
browsers will ignore this attribute.

This feature can help prevent CSRF attacks; this is why this commit adds
this attribute by default for SESSION Cookies in WebFlux.

See: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis

Issue: SPR-16418
2018-06-14 11:39:03 +02:00
Juergen Hoeller
3fc8ec498c MockHttpServletRequest returns a single InputStream or Reader
Issue: SPR-16505
Issue: SPR-16499
2018-06-13 22:03:16 +02:00
Brian Clozel
05ff8b722d Fix ResourceRegion HttpMessageConverter write checks
This commit fixes the write checks for
`ResourceRegionHttpMessageConverter`, which was previously not checking
properly the parameterized type (e.g. in case of a `List<Something>`).

Issue: SPR-16932
2018-06-11 22:53:55 +02:00
Brian Clozel
a5cd01a4c8 Restrict HTTP methods on Reactive HiddenHttpMethodFilter
This commit restricts the allowed HTTP methods on HiddenHttpMethodFilter
(Reactive variant) to the following: PUT, DELETE, PATCH.

This filter is meant to be used to simulate those methods from HTML
forms sent by browsers, so no other methods are allowed.

Issue: SPR-16836
2018-06-11 18:53:23 +02:00
Brian Clozel
f64fa3dea1 Restrict HTTP methods on Servlet HiddenHttpMethodFilter
This commit restricts the allowed HTTP methods on HiddenHttpMethodFilter
(Servlet variant) to the following: PUT, DELETE, PATCH.

This filter is meant to be used to simulate those methods from HTML
forms sent by browsers, so no other methods are allowed.

Issue: SPR-16836
2018-06-11 18:53:23 +02:00
Rossen Stoyanchev
86c861516d Accept Predicate instead of HandlerTypePredicate
Issue: SPR-16336
2018-06-08 15:32:07 -04:00
Sebastien Deleuze
ac37b678a3 Remove JSONP support
CORS is now widely supported and should be used instead for cross-domain
requests.

Issue: SPR-16914
2018-06-08 12:15:48 +02:00
Rossen Stoyanchev
124d4c833c Support for Servlet request params with HTTP DELETE
This commit adds FormContentFilter, which is the same as the
HttpPutFormContentFilter but also supports DELETE.

The HttpPutFormContentFilter is now deprecated.

Issue: SPR-16874
2018-06-04 15:48:47 -04:00
Rossen Stoyanchev
a3216432b5 Polish
Issue: SPR-16387
2018-05-31 15:38:30 -04:00
Violeta Georgieva
ffbc75ae47 Upgrade to Reactor Netty 0.8
Issue: SPR-16387
2018-05-31 15:37:39 -04:00
Juergen Hoeller
8593fec22c Avoid ConstantConditions warnings suppression (plus related polishing)
Issue: SPR-15756
2018-05-29 21:47:10 +02:00
Rossen Stoyanchev
c7c3e5585b X-Forwarded-Ssl is listed in ForwardedHeaderFilter
Issue: SPR-16863
2018-05-25 13:39:37 -04:00
Rossen Stoyanchev
3eac2dd31e Support X-Forwarded-Ssl
Issue: SPR-16863
2018-05-24 16:14:12 -04:00
Rossen Stoyanchev
72022899de Polish Forwarded header support 2018-05-23 21:23:23 -04:00
Rossen Stoyanchev
9b496b1264 CodecConfigurer internal refactoring
Improve how HTTP message writers are obtained for general use vs for
multipart requests.
2018-05-21 21:10:44 -04:00
Rossen Stoyanchev
6e5273f08e Polish CodecConfigurer support classes
Functionally equivalent updates to package private classes to improve
the code and make it easier to understand.
2018-05-21 21:09:42 -04:00
Rossen Stoyanchev
fbd12e9d16 Support for SslInfo in ServerHttpRequest#mutate
Issue: SPR-16830
2018-05-17 17:27:52 -04:00