Commit Graph

444 Commits

Author SHA1 Message Date
Juergen Hoeller
0b76b13d88 Polishing
(cherry picked from commit 5fee5f3)
2016-12-01 18:53:23 +01:00
Brian Clozel
306452720f Fix NumberFormatException with X-Forwarded-Host
This commit fixes `NumberFormatException`s that were thrown when parsing
IPv6 host values in `X-Forwarded-Host` request headers.

Issue: SPR-14761
(cherry picked from ea5ff87)
2016-10-07 23:30:36 +02:00
Rossen Stoyanchev
9fa2a46d35 Improve async request timeout handling
Rather than setting the status to 503 directly from the timeout
interceptor which no longer seems to work reliably with Servlet
containers like Jetty even performing an additional ERROR dispatch back
to the original URL, we know rather set the DeferredResult to an
AsyncTimeoutException, which results in a dispatch and standard
handling within Spring MVC. This should be a more reliable way of
dealing with timeouts.

Issue: SPR-14669
2016-09-14 21:37:30 -04:00
Juergen Hoeller
5b0722ed28 Polishing
(cherry picked from commit e828be9)
2016-08-26 18:10:43 +02:00
Juergen Hoeller
081c3ac44f Polishing 2016-08-24 12:46:30 +02:00
Juergen Hoeller
de91b1a8a0 Polishing
(cherry picked from commit b9a2d0a)
2016-08-17 21:10:17 +02:00
Juergen Hoeller
b5127dc152 Polishing 2016-07-20 22:16:35 +02:00
Juergen Hoeller
0f2bc3f6bf AbstractRequestLoggingFilter ignores non-available query string
Issue: SPR-14244
(cherry picked from commit 08ddd1b)
2016-05-04 18:44:04 +02:00
Juergen Hoeller
1d39c97def Downgrade to Protobuf Java Format 1.2
Issue: SPR-14171
2016-04-14 15:54:52 +02:00
Juergen Hoeller
334b4a99b0 Jackson-based message converters consistently check media type first
Issue: SPR-14163
2016-04-14 14:22:23 +02:00
Juergen Hoeller
e0642c77c3 HttpHeaders consistently ignores invalid date header values
Issue: SPR-14144
(cherry picked from commit 448621a)
2016-04-11 20:52:43 +02:00
Juergen Hoeller
aa5c12c534 Polishing 2016-04-08 22:52:36 +02:00
Rossen Stoyanchev
d7062f6291 Ensure RedirectModel is initialized
This commit fixes an old bug in ModelAndViewContainer where getModel
returns a new ModelMap instance that isn't saved and re-used.

Issue: SPR-14045
2016-03-14 23:04:58 -04:00
Rossen Stoyanchev
b1a46ccbd9 Fix NPE in InvocableHandlerMethod
Issue: SPR-13917
2016-02-04 23:33:04 -05:00
Rossen Stoyanchev
39c05c56c4 BufferedImage converter writes Content-Type again
Issue: SPR-13906
2016-02-04 15:01:13 -05:00
Juergen Hoeller
30ef893c28 Polishing 2016-01-26 22:23:56 +01:00
Rossen Stoyanchev
ab16adab2e Avoid double encoding URI in ServletServerHttpRequest
Issue: SPR-13876
2016-01-20 17:58:07 -05:00
Juergen Hoeller
4261f34b63 Consistent and lenient HttpMethod resolution across all web modules
Issue: SPR-13776
2015-12-09 12:26:44 +01:00
Juergen Hoeller
a9e5e9ecc8 Polishing 2015-12-02 15:35:42 +01:00
Juergen Hoeller
a4f5c46fed MockHttpServletResponse.setIntHeader supports 'Content-Length' header as well
Issue: SPR-13752
2015-12-02 13:36:35 +01:00
Rossen Stoyanchev
b3f0ab5284 Polish 2015-12-01 16:52:02 -05:00
mhartsock Melissa Hartsock
b077b4dddb Fix media type lookup case sensitivity
Fixed a bug where the URL content negotiation "format" parameter values
were case sensitive and only lowercase values were accepted. For
example, URL query parameter format=json returned the appropriate JSON
response but format=JSON resulted in a
HttpMediaTypeNotAcceptableException and returned:

406 - The resource identified by this request is only capable of
generating responses with characteristics not acceptable according to
the request "accept" headers.

When the MappingMediaTypeFileExtensionResolver is constructed, it is
passed a map containing the media type key to MediaType mappings
defined in the ContentNegotiationConfigurer. In the constructor of
MappingMediaTypeFileExtensionResolver, the keys are converted to
lowercase and the mappings of keys to MediaTypes are added to the
ConcurrentMap<String, MediaType> mediaTypes using the lowercase
version of the keys. However, when retrieving the MediaType from a key
in the lookupMediaType method, no conversion to lowercase is performed
so any value for the URL "format" parameter other than the lowercase
version will not return the proper MediaType result.

On May 1st, 2014, a change was made to
ParameterContentNegotiationStrategy to handle cases where the content
negotiation format URL parameter does not result in a match for a
MediaType. If no match is found, a HttpMediaTypeNotAcceptableException
is thrown resulting in the 406 response above. Prior to this commit, a
null was returned instead of throwing an exception so this issue was
hidden and appeared to function correctly.

To make the media type lookup case insensitive, added a line to the
lookupMediaType method in MediaTypeFileExtensionResolver to first
convert the extension (media type key) to lowercase prior to attempting
to retrieve it from the mediaTypes map.

Issue: SPR-13747
2015-12-01 16:16:57 -05:00
Rossen Stoyanchev
fed4391f87 Fix issue in UriTemplate parsing
The recent commit 971f04 replaced the use of a NAMES_PATTERN regex in
favor of direct parsing in order to deal with nested curly braces.

The change also incorrectly replicated this logic which removes a
trailing slash after Pattern quoting (and not before):

cca037a74d/spring-web/src/main/java/org/springframework/web/util/UriTemplate.java (L207-L210)

After some more investigation there doesn't appear to be any scenario
where the quoted pattern would end with a trailing slash. It should
always end with \E (end of quote) or a ")" (end of group). Nor are
there any failing tests so this commit removes the logic altogether.

Issue: SPR-13705
2015-11-30 17:46:28 -05:00
Brian Clozel
9d9433a6eb Flush of underlying response in ContentCachingResponseWrapper
Prior to this commit, when adding a ShallowEtagHeaderFilter to an
application, the ServletResponse would be wrapped by a
ContentCachingResponseWrapper. When any part of the Spring
infrastructure calls `flushBuffer` on the wrapped response, the call is
delegated to the actual response, which is committed. It's not possible
to alter the response (headers, content) anymore - the ETag filter can't
act.

This change prevents the `flushBuffer` call to be delegated and only
commits the underlying response once the cached content is copied to the
actual response stream.

Issue: SPR-13717
2015-11-24 17:26:03 +01:00
Sebastien Deleuze
71e2d8e9de Handle correctly * in CorsConfiguration#combine() other parameter
Issue: SPR-13674
2015-11-12 10:40:32 +01:00
Rossen Stoyanchev
62af99a21c Add containsKey to ServletResponseHttpHeaders
Issue: SPR-13668
2015-11-11 14:22:26 -05:00
Juergen Hoeller
5d9d88c44d CommonsMultipartFile removes mixed separator paths from original filename
Issue: SPR-13662
2015-11-10 23:43:40 +01:00
Juergen Hoeller
760bc719f2 Polishing 2015-11-09 15:03:14 +01:00
Juergen Hoeller
bc7bcab578 Consistent method selection for listeners and endpoint mappings
Issue: SPR-13654
2015-11-09 14:57:45 +01:00
Rossen Stoyanchev
971f046913 Replace NAMES_PATTERN in UriTemplate
The URI template is now manually parsed vs using a regex to extract
URI variable names and to create a pattern for matching to actual URLs.
This provides more control to deal with nested curly braces.

Issue: SPR-13627
2015-11-05 09:39:10 -05:00
Juergen Hoeller
64a8dfbd12 CharacterEncodingFilter provides convenience constructors for Servlet 3.0 style usage
Issue: SPR-13572
2015-10-26 22:48:54 +01:00
Rossen Stoyanchev
2bd1daa75e Protect against RFD exploits
Issue: SPR-13548
2015-10-15 10:33:27 +02:00
Juergen Hoeller
66177dfd8c StreamUtils.emptyInput() for consistent empty InputStream exposure
Issue: SPR-13563
2015-10-12 22:25:40 +02:00
Rossen Stoyanchev
1e4f674db7 Polish 2015-10-09 12:34:30 -04:00
Sam Brannen
f489e43d31 Polishing 2015-10-08 15:18:31 +02:00
Brian Clozel
758ae98af2 Sanitize duplicate slashes in request path
This commit removes duplicate slashes in the resolved lookup path when
calling `UrlPathHelper.getLookupPathForRequest`. This is especially
necessary when the path is cleaned from semicolon content and leaves
duplicate slashes in the request path.

Issue: SPR-13455
2015-10-08 11:05:51 +02:00
Sam Brannen
3db62d5494 Remove MimeTypeResolver since JAF is part of Java SE 6+
The inner MimeTypeResolver class is no longer necessary in the
MockServletContext since the Java Activation Framework (JAF) is a
standard part of Java SE since Java 6.
2015-10-06 15:56:00 +02:00
Sam Brannen
c52f9d3524 Assert status quo & add TODO
Issue: SPR-13537
2015-10-04 18:16:50 +02:00
Sebastien Deleuze
1c6febc45c Make UriComponentsBuilder.fromOriginHeader() IPv6 compliant
Issue: SPR-13525
2015-10-02 16:55:12 +02:00
Brian Clozel
39726740e5 Guard against invalid response status
ServletWebRequest now guard against invalid HTTP response status when
processing conditional requests.

Issue: SPR-13516
2015-09-30 18:40:59 +02:00
Sebastien Deleuze
9c66dfa7b5 Avoid stacktrace for invalid Origin header values
This commit adds support for origins with a trailing slash or a path,
in order to avoid printing a stacktrace in the logs when
WebUtils#isSameOrigin(HttpRequest) parses such invalid Origin header
value.

Issue: SPR-13478
2015-09-28 11:03:51 +02:00
Sam Brannen
d5ee787e1e Migrate JUnit 3 tests to JUnit 4
This commit migrates all remaining tests from JUnit 3 to JUnit 4, with
the exception of Spring's legacy JUnit 3.8 based testing framework that
is still in use in the spring-orm module.

Issue: SPR-13514
2015-09-27 21:17:51 +02:00
Sebastien Deleuze
48b512c5f4 Update Jackson builder to set properly AUTO_DETECT_IS_GETTERS
Issue: SPR-13073
2015-09-22 11:41:31 +02:00
Juergen Hoeller
1feb757c54 ResourceHttpMessageConverter allows for using InputStreamResource
Issue: SPR-13443
2015-09-08 11:04:34 +02:00
Sam Brannen
8af0151f1b Suppress recent deprecation warnings in tests 2015-08-27 17:57:50 +02:00
Rossen Stoyanchev
2e79a30fed Properly expand URI vars with regex
Before this commit UriComponents was capable of expanding URI vars that
may have contained a regular expressions (as supported with
@RequestMapping for example). However if the regular expressions
contained any nested "{}" the expand did not work correctly.

This commit sanitizes a URI template source removing any content
between nested "{}" prior to expanding. This works since we only care
about the URI variable name.

Issue: SPR-13311
2015-08-25 21:48:02 -04:00
Brian Clozel
88405be8a5 Quote ETags set with ResponseEntity builder API
Prior to this change, trying to set an unquoted ETag with
`ResponseEntity`'s API would throw an `IllegalArgumentException`.

This commit automatically quotes ETag values set using ResponseEntity.

Issue: SPR-13378
2015-08-24 09:54:08 +02:00
Sam Brannen
2df3646e90 Let Jetty pick its own available port
In an attempt to make our Jetty-based integration tests more robust,
this commit discontinues use of SocketUtils for picking a random,
available port and instead lets the Jetty Server pick its own port.
2015-08-22 18:58:55 +02:00
Rossen Stoyanchev
473dd5e9e8 Unwrap if necessary for MultipartHttpServletRequest
Before this commit RequestPartServletServerHttpRequest simply did an
instanceof check for MultipartHttpServletRequest. That hasn't failed
because request wrapping typically happens in filters before the
DispatcherServlet calls the MultipartResolver.

With Spring MVC Test and the Spring Security integraiton however,
this order is reversed since there we prepare the multipart request
upfront, i.e. there is no actual parsing.

The commit unwraps the request if necessary.

Issue: SPR-13317
2015-08-21 10:28:08 -04:00
Sebastien Deleuze
be7514f490 Polish Jackson2ObjectMapperBuilderTests 2015-08-18 14:28:16 +02:00