Commit Graph

444 Commits

Author SHA1 Message Date
Brian Clozel
8e566026e0 RedirectViews should always use RESPONSE_STATUS_ATTRIBUTE
By default, RedirectViews have http10Compatible set to true, which means
that they use HTTP 302 as a default HTTP response status. Setting this
property to false make RedirectViews use HTTP 303 by default.

Now when set to false, RedirectViews also don't use the
RESPONSE_STATUS_ATTRIBUTE request attribute as a response HTTP if it is
available.

This commit makes both configuration choices behave the same regarding
this request attribute: use it as a response status if it's available.

Issue: SPR-13208
2015-07-09 12:11:22 +02:00
Brian Clozel
ef0eb01f93 Fix backwards compatibility in WebContentInterceptor
As of SPR-11792, WebContentGenerator and WebContentInterceptor offer
new APIs and new behavior regarding HTTP caching, including the use of a
new CacheControl class.

Those changes broke part of the behavior in WebContentInterceptor. This
class allows to override the global Cache configuration at the Generator
level, using specific mappings. Prior to this change, those mappings
would not properly apply the HTTP caching configuration when using
deprecated configuration settings in WebContentGenerator.

This change fixes those backwards compatibility issues for
WebContentInterceptor users.

Issue: SPR-13207
2015-07-08 01:08:16 +02:00
Sebastien Deleuze
aea23e42c7 Polish 2015-07-07 09:26:06 +02:00
Rossen Stoyanchev
0d1b7fd14f Fix RequestPartServletServerHttpRequest encoding issue
When using Appache Commons FileUpload, multi parts with binary data
(i.e. that are not actual files) are saved and then accessed as
String request parameters.

Before this change however the RequestPartServletServerHttpRequest
used a fixed encoding (UTF-8) while the parsing code in
CommonsFileUploadSupport/Resolver used the encoding from the
content-type header, or the request, or the FileUpload component.

This change does a best effort to determine the encoding of the
request parameter using a similar algorithm as the parsing side
that should work the same unless the encoding comes from the
FileUpload component which is not accessible.

Issue: SPR-13096
2015-07-07 00:47:06 -04:00
Rossen Stoyanchev
3272a3b8ba Check HTTP method before raising 415
This commit moves the check whether an HTTP method supports request
body up to the base class so that all sub-classes can benefit (not just
@RequestBody).

Issue: SPR-13176
2015-06-30 15:24:01 -04:00
Brian Clozel
244c95b076 Fix @RequestBody argument processing for null Content-Type
Since the changes introduced in SPR-12778, some `@RequestBody` args
would not be properly processed in some cases:

* requests with an empty body
* no Content-Type header defined

This typically happens when GET requests are mapped on a handler dealing
with POST requests and HTTP bodies.

This change makes sure that the `RequestResponseBodyMethodProcessor` is
only involved for requests that:

* have a Content-Type defined
* OR are HTTP requests eligible for an HTTP body (PUT, POST, PATCH)

Issue: SPR-13176
Fixes spring-projects/spring-boot#3313
2015-06-30 19:13:34 +02:00
Juergen Hoeller
dc1f921f5c Split between basic MethodParameter and SynthesizingMethodParameter
This split avoids a package tangle (between core and core.annotation) and also allows for selective use of raw annotation exposure versus synthesized annotations, with the latter primarily applicable to web and message handler processing at this point.

Issue: SPR-13153
2015-06-30 00:02:02 +02:00
Brian Clozel
39d689da0c Fix conditional requests support for HttpEntity
Prior to this commit, `HttpEntityMethodProcessor` would rely on
`ServletWebRequest` to process conditional requests and with incoming
`"If-Modified-Since"` / `"If-None-Match"` request headers.

This approach is problematic since in that class:

* response is wrapped in a `ServletServerHttpResponse`
* this wrapped response does not write response headers right away
* `ServletWebRequest.checkNotModified` methods can't apply their
logic with incomplete response headers

This solution adds some minimal code duplication and applies
the conditional request logic within the Processor.

A possible alternative would be to improve the
`ServletServerHttpResponse$ServletResponseHttpHeaders` implementation
with write methods - but this solution would only work for Servlet 3.x
applications.

Issue: SPR-13090
2015-06-29 16:47:27 +02:00
Sebastien Deleuze
31a5434ea4 Make @ResponseBody method return type available for message converters
This commit adds canWrite() and write() methods to the
GenericHttpMessageConverter interface. These are type aware variants
of the methods available in HttpMessageConverter, in order to keep
parametrized type information when serializing objects.

AbstractMessageConverterMethodProcessor now calls those type aware
methods when the message converter implements GenericHttpMessageConverter.

AbstractJackson2HttpMessageConverter and GsonHttpMessageConverter uses
these new methods to make @ResponseBody method return type available
for type resolution instead of just letting the JSON serializer trying
to guess the type to use from the object to serialize.

Issue: SPR-12811
2015-06-22 17:05:45 +02:00
Brian Clozel
9ada55dc6b Fix NPE in GzipResourceResolver
This change fixes a NullPointerException in GzipResourceResolver, which
assumed that calls to the `resolveResource` method were made with only
non-null values for request.

This is not the case for the VersionResourceResolver, which tries to
resolve resources that aren't requested per se by the HTTP request.

Issue: SPR-13149
2015-06-22 11:22:23 +02:00
Sam Brannen
078d252d1e Delete trailing whitespace in Java source code 2015-06-19 17:09:52 +02:00
Sebastien Deleuze
1e39a18819 Polish 2015-06-18 18:04:29 +02:00
Rossen Stoyanchev
8d7812b1b6 Raise IAE when no converter matches return type
Before this change the AbstractMessageConverterMethodProcessor always
raised a 406 if it couldn't find a converter. However if the reason
for not finding it is because there is simply no converter for the
return value type (i.e. programming error) and doesn't have anything to
do with content negotiation, then we should raise a 500 instead and
make it easier to figure out what's wrong.

Issue: SPR-13135
2015-06-17 17:03:36 -04:00
Brian Clozel
a421bd2c27 Avoid duplicate Etag/Last-Modified header values
This commit improves SPR-13090 and avoids adding duplicate ETag and
Last-Modified headers in HTTP responses.
Previously, those were added twice to the response since:

* we're adding all ResponseEntity headers to the response
* the `checkNotModified` methods automatically add those headers

Issue: SPR-13090
2015-06-17 10:08:58 +02:00
Sebastien Deleuze
8187833502 Change default JSON prefix from "{} && " to ")]}', "
Issue: SPR-13078
2015-06-16 11:30:07 +02:00
Sebastien Deleuze
a08c9f3137 Polish serialization/deserialization exception logging
This commit introduces the following changes in AbstractHandlerExceptionResolver:
 - warnLogger used to log exception is enabled by default
 - the exception message is now logged instead of the whole exception stacktrace
 - warn logging is only performed if doResolveException() returns a non-null
   ModelAndView, in order to avoid logging multiple times the error

Issue: SPR-13100
2015-06-16 10:27:52 +02:00
Juergen Hoeller
b7d3a2a25b ResourceHttpRequestHandlerTests avoids millisecond-level comparisons 2015-06-16 00:18:22 +02:00
Rossen Stoyanchev
4b05bda0bf Missing path variable is now a 500 error
Before this change a missing path variable value resulted in a 400
error where in fact the error is due to a mismatch between the
declared @PathVariable and the URI template, i.e. a 500 error.

This change introduced a MissingPathVariableException as a sub-class
of ServletRequestBindingException (the exception previously thrown)
and results in a response status code of 500 by default.

Issue: SPR-13121
2015-06-15 16:09:19 -04:00
Sam Brannen
2b339db53b Polish @CrossOrigin
- origin --> origins
- method --> methods
- constants are now actually constant (i.e., static final)
2015-06-13 17:09:58 +02:00
Brian Clozel
0175068cab Improve Last-Modified & ETag support
Prior to this change, the `"Last-Modified"` and "`Etag`" support had
been improved with SPR-11324: HTTP response headers are now
automatically added for conditional requests and more.

This commit fixes the format of the "`Last-Modified`" and "`ETag`"
values, which were using an epoch timestamp rather than an HTTP-date
format defined in RFC 7231 section 7.1.1.1.

Also, Conditional responses are only applied when the given response
applies, i.e. when it has an compatible HTTP status (2xx).

Issue: SPR-13090
2015-06-11 14:46:14 +02:00
Rossen Stoyanchev
9712a32c46 Allow setting timeout in ResponseBodyEmitter
Issue: SPR-13104
2015-06-10 14:47:24 -04:00
Sebastien Deleuze
0c3b34f7d5 Polish CORS global configuration
This commit introduces the following changes:
 - configureCors(CorsConfigurer configurer) is renamed to
   addCorsMappings(CorsRegistry registry)
 - enableCors(String... pathPatterns) is renamed to
   addMapping(String pathPattern)
 - <cors /> element must have at least one <mapping /> child
   element in order to be consistent with XML based configuration
   and have more explicit configuration

Issues: SPR-12933, SPR-13046
2015-06-05 16:55:15 +02:00
Sebastien Deleuze
15da5efc86 Fix combining class and method level @CrossOrigin attributes
Issue: SPR-13097
2015-06-05 15:32:58 +02:00
Sebastien Deleuze
e5f76af193 Support CORS global configuration in XML namespace
This commit introduces support for this kind of CORS XML namespace configuration:

	<mvc:cors>

		<mvc:mapping path="/api/**"
					allowed-origins="http://domain1.com, http://domain2.com"
					allowed-methods="GET, PUT"
					allowed-headers="header1, header2, header3"
					exposed-headers="header1, header2" allow-credentials="false"
					max-age="123" />

		<mvc:mapping path="/resources/**" allowed-origins="http://domain1.com" />

	</mvc:cors>

Issue: SPR-13046
2015-06-02 19:14:12 +02:00
Jasper de Vries
ec4783400c SPR-13080 SseEventBuilder needs event rather than name 2015-06-01 10:02:28 -04:00
Sam Brannen
1a56b47502 Introduce alias for 'value' attribute in @MatrixVariable
Issue: SPR-11393
2015-05-31 18:50:35 +02:00
Sam Brannen
60eb9e9ca2 Introduce 'value' alias for 'origin' in @CrossOrigin
Issue: SPR-11393
2015-05-31 18:34:01 +02:00
Sam Brannen
72b44af862 Introduce test for invalid @CrossOrigin.allowCredentials() 2015-05-31 18:17:52 +02:00
Sam Brannen
9ce7485237 Introduce alias for 'value' attribute in @SessionAttributes
Issue: SPR-11393
2015-05-31 17:21:03 +02:00
Sam Brannen
6a5b2672e7 Introduce alias for 'value' attribute in @ResponseStatus
Issue: SPR-11393
2015-05-31 17:00:23 +02:00
Sam Brannen
c55486d5d5 Introduce alias for 'value' attribute in @RequestPart
Issue: SPR-11393
2015-05-31 16:32:45 +02:00
Sam Brannen
c4c3ce796a Introduce alias for 'value' attribute in @CookieValue
Issue: SPR-11393
2015-05-31 16:07:27 +02:00
Sam Brannen
7018747cec Remove trailing whitespace in Java source code 2015-05-29 02:03:44 +02:00
Brian Clozel
4d5fca596d Fix directories I/O in ResourceHttpRequestHandler
Prior to this commit, the `ResourceHttpRequestHandler` would not
properly handle HTTP requests to **directories contained in JARs**.
This would result in HTTP 500 errors, caused by `FileNotFoundException`
or `NullPointerException`.

This can be tracked to webapp ClassLoader implementations in servlet
containers:
* in Jetty9x, fetching a directory within a JAR as a `Resource` and
getting its InputStream work fine, but attempting to `close()` it
results in a NullPointerException as the underlying stream is null.
* In Tomcat6x, one cannot fetch an InputStream for the same `Resource`
as it throws a FileNotFoundException.

This change adds more try/catch clauses and catches more Exception so as
to result in HTTP 200 OK responses instead of server errors. While this
is inconsistent because the same code path would result in HTTP 404 with
existing directories on the file system, there's no other simple way to
make those checks for resources contained in JARs.

Issue: SPR-12999
2015-05-21 14:30:12 +02:00
Rossen Stoyanchev
ad4c8795ae Include only path in <spring:mvcUrl>
Issue: SPR-13045
2015-05-20 17:06:47 -04:00
Brian Clozel
57e0c789a8 Polish
Issue: SPR-12323
2015-05-19 23:57:30 +02:00
Brian Clozel
c5d6cc4134 Polish
Issue: SPR-12673
2015-05-19 21:40:52 +02:00
Brian Clozel
9e5a33c1b3 Add a ResourceResolver implementation for WebJars
Prior to this commit, WebJars users needed to use versioned links within
templates for WebJars resources, such as `/jquery/1.2.0/jquery.js`.
This can be rather cumbersome when updating libraries - all references
in templates need to be updated.

One could use version-less links in templates, but needed to add a
specific MVC Handler that uses webjars.org's webjar-locator library.
While this approach makes maintaing templates easier, this makes HTTP
caching strategies less optimal.

This commit adds a new WebJarsResourceResolver that search for resources
located in WebJar locations. This ResourceResolver is automatically
registered if the "org.webjars:webjars-locator" dependency is present.

Registering WebJars resource handling can be done like this:

```java
@Override
protected void addResourceHandlers(ResourceHandlerRegistry registry) {
  registry.addResourceHandler("/webjars/**")
          .addResourceLocations("classpath:META-INF/resources/webjars")
          .resourceChain(true)
              .addResolver(new WebJarsResourceResolver());
}
```

Issue: SPR-12323

polish
2015-05-19 18:01:08 +02:00
Brian Clozel
c36435c042 Execute HandlerInterceptors in registration order
Prior to this commit, registering `HandlerInterceptor`s using the
`InterceptorRegistry` would not guarantee their order of execution. In
fact, `HandlerInterceptor`s would always be executed before
`MappedInterceptor`s.

This change makes `MappedInterceptor` implement the `HandlerInterceptor`
interface, in order to register all interceptors in a single ordered
list. The order of execution of interceptors is now guaranteed in the
`HandlerExecutionChain` built by `AbstractHandlerMapping`.

Issue: SPR-12673
2015-05-19 12:48:40 +02:00
Stephane Nicoll
cf391f5ce1 polish
Remove unused imports
2015-05-19 08:49:01 +02:00
james
e41877d64e SPR-13033: Use @RequestMapping of correct class
MvcUriComponentsBuilder::fromMethodCall creates wrong URLs with derived
controller classes. The @RequestMapping of the declaring class of the
method that is called is used instead of the @RequstMapping of the
given controller class.

https://jira.spring.io/browse/SPR-13033
2015-05-18 14:12:31 -04:00
Rossen Stoyanchev
5e8d838334 CORS-related refinements
After this change CorsProcessor has a single processRequest method and
it also explicitly deals with a null CorsConfiguration, which for
pre-flight requests results in a rejection while for simple requests
results in no CORS headers added.

The AbstractHandlerMapping now uses a LinkedHashMap to preserve the
order in which global patterns are provided.
2015-05-18 12:20:54 -04:00
Sebastien Deleuze
decb55ce14 Rename CrossOriginConfigurer/Registration to CorsConfigurer/Registration
Issue: SPR-12933
2015-05-18 10:57:14 +02:00
Sebastien Deleuze
49fff7513d Add global CORS configuration capabilities
This commit adds JavaConfig based global CORS configuration
capabilities to Spring MVC. It is now possible to specify
multiple CORS configurations, each mapped on a path pattern,
by overriding
WebMvcConfigurerAdapter#configureCrossOrigin(CrossOriginConfigurer).

It is also possible to combine global and @CrossOrigin based
CORS configuration.

Issue: SPR-12933
2015-05-16 00:52:51 +02:00
Rossen Stoyanchev
e843bcc725 Do not log headers in exception message
Issue: SPR-12984
2015-05-14 06:19:47 -04:00
Brian Clozel
71c3e4e4ee Fix empty URLs handling in ResourceUrlEncodingFilter
Prior to this commit, the ResourceUrlEncodingFilter would fail with a
StringIndexOutOfBoundsException when:

* the current request has a servlet context
* the URL to encode is relative and is shorter than the context value

This change defensively checks for those lengths and delegates to the
parent implementation if necessary.

Issue: SPR-13018
2015-05-13 14:30:09 +02:00
Brian Clozel
8b545f47bd Fix remote context handling in UrlTag
Prior to this change, the `UrlTag` would simply append the remote
context and the path value in case of a context relative URL.

The following code snippet would output "//foo":

```
<spring:url value="/foo" context="/" />
```

This change now removes trailing slashes in remote context to avoid
this.

Issue: SPR-12782
2015-05-06 14:54:18 +02:00
Sam Brannen
ba84458c65 Overhaul AnnotatedElementUtils
- Methods which search for a specific annotation now properly ensure
   that the sought annotation was actually found.

 - Both the "get" and the "find" search algorithms no longer needlessly
   traverse meta-annotation hierarchies twice.

 - Both the "get" and the "find" search algorithms now properly
   increment the metaDepth when recursively searching within the
   meta-annotation hierarchy.

 - Redesigned getMetaAnnotationTypes() so that it doesn't needlessly
   search irrelevant annotations.

 - Documented and tested hasMetaAnnotationTypes().

 - Documented isAnnotated().

Issue: SPR-11514
2015-05-05 23:35:00 +02:00
Rossen Stoyanchev
8853107f76 Find CORS config by HandlerMethod
Before this change AbstractHandlerMethodMapping used a map from Method
to CorsConfiguration. That works for regular @RequestMapping methods.
However frameworks like Spring Boot and Spring Integration may
programmatically register the same Method under multiple mappings,
i.e. adapter/gateway type classes.

This change ensures that CorsConfiguraiton is indexed by HandlerMethod
so that we can store CorsConfiguration for different handler instances
even when the method is the same.

In order for to make this work, HandlerMethod now provides an
additional field called resolvedFromHandlerMethod that returns the
original HandlerMethod (with the String bean name). This makes it
possible to  perform reliable lookups.

Issue: SPR-11541
2015-05-05 12:56:07 -04:00
Rossen Stoyanchev
4a8baebf59 Improve MappingRegistry tests and polish
Issue: SPR-11541
2015-05-05 12:56:06 -04:00