Commit Graph

304 Commits

Author SHA1 Message Date
Juergen Hoeller
0e6f8df0a8 ServletServerHttpRequest.getURI() ignores malformed query string
The resolved URI instance is also being cached now. This should not make a difference in a real Servlet environment but does affect tests which assumed they could modify an HttpServletRequest path behind a pre-created ServletServerHttpRequest instance. Our WebSocket test base class has been revised accordingly, re-creating the ServletServerHttpRequest in such a case.

Issue: SPR-16414
2018-01-24 22:13:40 +01:00
sdeleuze
43d3abdfd5 Fix SockJs CorsConfiguration for forbidden origins
After this commit, AbstractSockJsService uses the configured allowed
origins when generating the CorsConfiguration instead of "*".

As a consequence, forbidden origin requests still result in a 403
response but now with no CORS headers in order to improve consistency
between the status code and the headers.

Issue: SPR-16304
2018-01-15 18:07:24 +01:00
Rossen Stoyanchev
dd09c08cdf Replace use of AbstractWebSocketMessageBrokerConfigurer 2018-01-15 10:01:14 -05:00
Rossen Stoyanchev
1cc5afe24b Fix lines over 120 characters
https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Code-Style#line-wrapping
2017-10-20 16:42:26 -04:00
Juergen Hoeller
4cbef27f90 Consistent tolerance of unknown HTTP status codes behind RestTemplate
Issue: SPR-15978
2017-09-20 10:54:58 +02:00
Juergen Hoeller
cc74a2891a @Nullable all the way: null-safety at field level
This commits extends nullability declarations to the field level, formalizing the interaction between methods and their underlying fields and therefore avoiding any nullability mismatch.

Issue: SPR-15720
2017-06-30 01:54:16 +02:00
Juergen Hoeller
7dd8dc62a5 Fixes for ignored tests after last week's nullability commit
Issue: SPR-15540
2017-06-13 11:37:58 +02:00
Juergen Hoeller
f813712f5b Consistent use of @Nullable across the codebase (even for internals)
Beyond just formally declaring the current behavior, this revision actually enforces non-null behavior in selected signatures now, not tolerating null values anymore when not explicitly documented. It also changes some utility methods with historic null-in/null-out tolerance towards enforced non-null return values, making them a proper citizen in non-null assignments.

Some issues are left as to-do: in particular a thorough revision of spring-test, and a few tests with unclear failures (ignored as "TODO: NULLABLE") to be sorted out in a follow-up commit.

Issue: SPR-15540
2017-06-07 14:19:15 +02:00
Sebastien Deleuze
b47d713e14 Add missing @Nullable annotations on parameters
Issue: SPR-15540
2017-05-31 16:56:08 +02:00
Rossen Stoyanchev
779779de7b Refactor use of TaskScheduler in WebSocket Java config
Issue: SPR-15233
2017-04-11 17:41:41 -04:00
Rossen Stoyanchev
949bb55ef5 Refactor random port in spring-websocket
Remove the use of SocketUtils#findAvailableTcpPort in favor of letting
servers pick a dynamic port by specifying port 0.
2017-01-31 16:49:57 -05:00
Rossen Stoyanchev
ea67a637ae Align setup of SockJS and WebSocket integration tests
Failures in JettySockJsIntegrationTests after the upgrade to 9.4 were
hidden due to the PERFORMANCE test group but were failing on the CI
performance build with IllegalStateException inside Jetty on
"Failure find the required ServletContext attribute
org.eclipse.jetty.util.DecoratedObjectFactory".
2017-01-26 06:17:03 -05:00
Rossen Stoyanchev
2e414ab25a Well-known names for beans in message broker XML config
Issue: SPR-15068
2017-01-17 17:10:32 -05:00
Sam Brannen
9ed66bf2eb Clean up warnings across code base 2017-01-07 01:54:38 +01:00
Juergen Hoeller
483abfe266 Avoid explicit DecoratedObjectFactory setup in JettyRequestUpgradeStrategy
Issue: SPR-14940
(cherry picked from commit 709d4ba)
2016-12-21 09:56:13 +01:00
Rossen Stoyanchev
2191d80a31 Allow athentication at the STOMP level
This commit makes it possible for a ChannelInterceptor to override the
user header in a Spring Message that contains a STOMP CONNECT frame.

After the message is sent, the updated user header is observed and
saved to be associated with session thereafter.

Issue: SPR-14690
2016-12-13 17:59:51 -05:00
Rossen Stoyanchev
d201a222b8 Avoid locking in WebSocket session "close" callback
When processing a "close" notification from the server make an effort
to cancel any outstanding heartbeat but avoid going as far as acquiring
the responseLock since the server itself may already hold a lock of its
own leading to a potential deadlock.

The heartbeat task is now also further protected with an isClosed()
check in case the heartbeat does not get cancelled in a concurrent
scenario.

Issue: SPR-14917
2016-11-23 20:49:24 -05:00
Christoph Dreis
a929e9ccaa Implement allocation-friendly method to get user count in SimpUserRegistry
SPR-14930
2016-11-21 21:02:10 +01:00
Juergen Hoeller
ac774cdcef Avoid deprecated Mockito methods
Issue: SPR-14880
2016-11-04 12:24:46 +01:00
Juergen Hoeller
84d3808b3b Upgrade to Mockito 2.2
Issue: SPR-14880
2016-11-03 22:53:35 +01:00
Rossen Stoyanchev
87e01513fd Check SockJS session type
This commits adds a validation check whether the SockJS session type
matches the transport type and rejects requests for which they
don't match.

Issue: SPR-14867
2016-11-03 09:35:30 +02:00
Sam Brannen
b521aa879f Clean up warnings related to forthcoming removals in Tomcat 9 2016-09-17 16:16:06 +02:00
Rossen Stoyanchev
16879a2cf0 Harden synchronization around SockJS heartbeats
Create an explicit heartbeat task with an experiration flag so that
it can be cancelled reliably vs relying on the ScheduledFutureTask
cancel method which may return true even if the task is already
running.

Issue: SPR-14356
2016-08-30 09:26:15 -04:00
Rossen Stoyanchev
8b4f60b8e5 Support receipt on DISCONNECT with simple broker
Issue: SPR-14568
2016-08-29 18:31:19 -04:00
Juergen Hoeller
e03dea1d64 Polishing 2016-07-26 17:15:19 +02:00
Juergen Hoeller
99be15f58b Revise encoding steps towards use of JDK Charset and StandardCharsets
Issue: SPR-14492
2016-07-19 23:43:06 +02:00
Juergen Hoeller
12d373659a Upgrade to Undertow 1.4 CR3 (and Jackson 2.8 GA)
This commit also renames WebSocketIntegrationTests to WebSocketHandshakeTests.

Issue: SPR-14328
2016-07-05 20:47:53 +02:00
Sam Brannen
1391248ea6 Introduce log4j 2 for Spring's test suite
This commit adds a test runtime dependency on log4j 2 for every project
and migrates all log4j.properties files to log4j2-test.xml files.

Issue: SPR-14431
2016-07-05 19:19:09 +02:00
Stephane Nicoll
00d2606b00 Explicit type can be replaced by <>
Issue: SPR-13188
2016-07-05 17:00:34 +02:00
Juergen Hoeller
b5db5d3aac Broadly remove deprecated core classes and methods
Issue: SPR-14430
2016-07-05 15:52:49 +02:00
Rossen Stoyanchev
ba885f3d0b Add heartbeat lock to SockJS server sessions
Even before this change SockJS sessions always cancelled the heartbeat
task first prior to sending messages. However when the heartbeat task
is already in progress, cancellation of it is not enough and we must
wait until the heartbeat is sent.

This commit adds a heartbeat write lock which is obtained and held
during the sending of a heartbeat. Now when sessions send a message
they still cancel the heartbeat task but if that fails they also wait
for the heartbeat write lock.

Issue: SPR-14356
2016-06-17 16:54:54 -04:00
Juergen Hoeller
f83cbff543 Consistent SmartLifecycle implementations
Issue: SPR-14233
2016-05-02 13:01:44 +02:00
Juergen Hoeller
517ebd1d3e Consistent formatting 2016-03-24 19:22:50 +01:00
Brian Clozel
8ca6a18dae Allow Validator config in XML websocket namespace
This commit adds a new "validator" XML attribute to the
`<websocket:message-broker/>` element. This allows configuring a
specific Validator to be used for payload validation.

Issue: SPR-13996
2016-03-10 16:35:20 +01:00
Rossen Stoyanchev
09a40b8a08 Improve close in ConcurrentWebSocketSessionDecorator
Before this commit the concurrent session wrapper mainly protected the
sending of messages. The close itself however may also cause a message
to be sent as is the case of the SockJS protocol.

This change protects the close and checks if the session has exceeded
send time or buffer limits in which case the close status is changed
to SESSION_NOT_RELIABLE (introduced in commit cbd5af3a) which in turn
signals that extra care should be exercised when closing the session.

Issue: SPR-13904
2016-02-04 17:23:16 -05:00
Rossen Stoyanchev
7ed2b8fd81 Polish WebSocket session decorator and tests 2016-02-04 17:23:16 -05:00
Rossen Stoyanchev
9e16cbda4c Polish ServletServerHttpRequest change 2016-01-20 17:50:36 -05:00
Sammy Chu
5185953f29 Avoid double encoding URI in ServletServerHttpRequest
Issue: SPR-13876
2016-01-20 17:42:40 -05:00
Sam Brannen
5b3edcd9f9 Spring Cleaning in December
- Delete unused imports
- Delete unused code
- Clean up warnings
2015-12-17 20:27:33 +01:00
Juergen Hoeller
9973694ed2 Polishing 2015-12-04 20:43:20 +01:00
Juergen Hoeller
3d1ae9c604 Efficient and consistent setAllowedOrigins collection type
Issue: SPR-13761
2015-12-04 16:21:53 +01:00
Rossen Stoyanchev
f5e681e6e6 lastSessionCheckTime updated after session check
Issue: SPR-13745
2015-12-02 15:07:52 -05:00
Rossen Stoyanchev
2bd1daa75e Protect against RFD exploits
Issue: SPR-13548
2015-10-15 10:33:27 +02:00
Juergen Hoeller
966f95b9b5 Revised TransportHandlingSockJsService for defensive transport checking and consistent logging
Issue: SPR-13545
2015-10-07 13:25:52 +02:00
Sebastien Deleuze
299b7766fe Allow same-origin WebSocket/SockJS requests once origin is set
Issue: SPR-13464
2015-09-21 17:08:58 +02:00
Brian Clozel
42588cb03e Prepare Undertow 1.3.0 compatibility
Xnio 3.4.0 will introduce a new source of ByteBuffers: ByteBufferPool.
Previously this feature was offered by Pooled/Pool/ByteBufferSlicePool;
those classes are now marked as deprecated.

As of 1.3.0.Beta9, Undertow still implements the following method in its
ClientConnection interface, using those deprecated types:

    Pool<ByteBuffer> getBufferPool();

This commit prepares compatibility by suppressing warnings in order to
avoid build failures in our build. Once appropriate changes are made in
Undertow, a specific implementation with new types could be introduced.

Issue: SPR-13366
2015-08-26 14:33:25 +02:00
Sam Brannen
2df3646e90 Let Jetty pick its own available port
In an attempt to make our Jetty-based integration tests more robust,
this commit discontinues use of SocketUtils for picking a random,
available port and instead lets the Jetty Server pick its own port.
2015-08-22 18:58:55 +02:00
Sam Brannen
914ba483b2 Clean up warnings in spring-websocket 2015-08-22 15:15:42 +02:00
Sam Brannen
732a655f82 Reinstate performance test group assumption in SockJS tests 2015-08-22 15:02:18 +02:00
Rossen Stoyanchev
27899abcb6 Publish events only after successful channel send
The StompSubProtcolHandler now checks the outcome of the send to the
inbound client channel. If the message was prevented from being sent,
e.g. as part of authorization, events are not published

Issue: SPR-13339
2015-08-21 10:46:54 -04:00