Commit Graph

677 Commits

Author SHA1 Message Date
Brian Clozel
accb8519fd Polish WebJarsResourceResolver
Fix a potential NPE when trying to resolve non-existing webjars
resources in the resolver chain.
2015-07-27 14:16:09 +02:00
Juergen Hoeller
e1cce309ae DispatcherServlet passes resolved multipart request into applyDefaultViewName
Issue: SPR-13272
2015-07-24 18:19:27 +02:00
Sebastien Deleuze
8e5244ac3d Polish script templating documentation 2015-07-24 00:00:24 +02:00
Juergen Hoeller
1a636b1023 Polishing 2015-07-21 20:33:13 +02:00
Juergen Hoeller
7c22d60fd8 Streamlined WebContentGenerator API variants: checkRequest, prepareResponse, applyCacheControl, applyCacheSeconds
Issue: SPR-11792
2015-07-21 20:33:03 +02:00
Brian Clozel
eef937e4f2 Rename <mvc:cachecontrol/> to <mvc:cache-control/> 2015-07-21 12:09:25 +02:00
Brian Clozel
9149bf7ad4 Polish 2015-07-21 11:57:02 +02:00
Felix
09e3fc40e5 Reset Pragma header in WebContentGenerator
As filter-based libraries and projects (such as Spring Security) may
use the "Pragma" header in HTTP responses, WebContentGenerator should
make sure that such headers are overwritten to avoid clashes with
the HTTP caching headers set by the HTTP caching configuration.

Issue: SPR-13252
2015-07-21 10:08:04 +02:00
Brian Clozel
dba46c1358 Partial revert of SPR-13090
Use ServletHttpResponse.setDateHeader whenever possible and avoid using
SimpleDateFormat.
2015-07-20 22:48:20 +02:00
Sebastien Deleuze
70a03ee2a4 Rename CorsConfigurationMapping to UrlBasedCorsConfigurationSource
Issue: SPR-13192
2015-07-20 10:47:24 +02:00
Brian Clozel
064abad9d8 PathResourceResolver should not resolve root path
When resolving resources, the PathResourceResolver creates a Resource
instance and checks whether this resource `exists()` and `isReadable()`.
While that last call returns false for folders on the file system, both
calls return true for folders located inside JARs.

If a JAR location is configured as a resource location, then
PathResourceResolver can resolve folders in JARs as valid locations and
candidates for paths resolution.

Prior to this change, the PathResourceResolver would resolve "" as a
valid resource path (here, the "/META-INF/resources/webjars" if
configured, for example) and return a "" path for this resource,
effectively turning all "/" URLs into empty ones "".

This commit fixes the resolveUrlPathInternal implementation by not
allowing empty paths as valid resource paths.

Issue: SPR-13241
2015-07-17 10:31:37 +02:00
Juergen Hoeller
d183bbb667 Javadoc refinements, exception fine-tuning, general polishing
Issue: SPR-13034
2015-07-15 15:42:17 +02:00
Sebastien Deleuze
34de167e59 Support non thread-safe ScriptEngine in ScriptTemplateView
This commit adds a new sharedEngine property to ScriptTemplateConfigurer
and ScriptTemplateView in order to support non thread-safe ScriptEngine
implementations like Nashorn.

When this flag is set to false, the engine is retrieved from a
ThreadLocal<ScriptEngine> field instead of a ScriptEngine one.

Also as part of this commit, all the initialization logic has been moved from
ScriptTemplateConfigurer to ScriptTemplateView since the script engine can
now be lazily initialized multiple time in the view when sharedEngine is
set to false.

Issue: SPR-13034
2015-07-15 13:39:33 +02:00
Juergen Hoeller
bdb63483df Common DataWithMediaType class and common synchronization for ResponseBodyEmitter/SseEmitter
Issue: SPR-13223
Issue: SPR-13224
2015-07-14 00:08:40 +02:00
Stephane Nicoll
d738dddd8f Add createDispatcherServlet hook point
Add an extra hook point in `AbstractDispatcherServletInitializer` to
customize the `DispatcherServlet`.

Issue: SPR-13222
2015-07-13 14:43:06 +02:00
Sebastien Deleuze
882fe129f3 Polish CORS support 2015-07-10 16:42:50 +02:00
Sebastien Deleuze
cd9b3903a7 Introduce CorsFilter and CorsConfigurationMapping
This commit introduces the following changes:
 - The new CorsConfigurationMapping class allows to share the mapped
   CorsConfiguration logic between AbstractHandlerMapping and CorsFilter
 - In AbstractHandlerMapping, the Map<String, CorsConfiguration>
   corsConfiguration property has been renamed to corsConfigurations
 - CorsFilter allows to process CORS requests at filter level, using any
   CorsConfigurationSource implementation (for example
   CorsConfigurationMapping)

Issue: SPR-13192
2015-07-09 22:19:46 +02:00
Brian Clozel
8e566026e0 RedirectViews should always use RESPONSE_STATUS_ATTRIBUTE
By default, RedirectViews have http10Compatible set to true, which means
that they use HTTP 302 as a default HTTP response status. Setting this
property to false make RedirectViews use HTTP 303 by default.

Now when set to false, RedirectViews also don't use the
RESPONSE_STATUS_ATTRIBUTE request attribute as a response HTTP if it is
available.

This commit makes both configuration choices behave the same regarding
this request attribute: use it as a response status if it's available.

Issue: SPR-13208
2015-07-09 12:11:22 +02:00
Brian Clozel
ef0eb01f93 Fix backwards compatibility in WebContentInterceptor
As of SPR-11792, WebContentGenerator and WebContentInterceptor offer
new APIs and new behavior regarding HTTP caching, including the use of a
new CacheControl class.

Those changes broke part of the behavior in WebContentInterceptor. This
class allows to override the global Cache configuration at the Generator
level, using specific mappings. Prior to this change, those mappings
would not properly apply the HTTP caching configuration when using
deprecated configuration settings in WebContentGenerator.

This change fixes those backwards compatibility issues for
WebContentInterceptor users.

Issue: SPR-13207
2015-07-08 01:08:16 +02:00
Sebastien Deleuze
8ee0e78980 Add Access-Control-Request-Method check for CORS preflight requests
Issue: SPR-13193
2015-07-07 09:34:39 +02:00
Rossen Stoyanchev
3272a3b8ba Check HTTP method before raising 415
This commit moves the check whether an HTTP method supports request
body up to the base class so that all sub-classes can benefit (not just
@RequestBody).

Issue: SPR-13176
2015-06-30 15:24:01 -04:00
Brian Clozel
244c95b076 Fix @RequestBody argument processing for null Content-Type
Since the changes introduced in SPR-12778, some `@RequestBody` args
would not be properly processed in some cases:

* requests with an empty body
* no Content-Type header defined

This typically happens when GET requests are mapped on a handler dealing
with POST requests and HTTP bodies.

This change makes sure that the `RequestResponseBodyMethodProcessor` is
only involved for requests that:

* have a Content-Type defined
* OR are HTTP requests eligible for an HTTP body (PUT, POST, PATCH)

Issue: SPR-13176
Fixes spring-projects/spring-boot#3313
2015-06-30 19:13:34 +02:00
Juergen Hoeller
dc1f921f5c Split between basic MethodParameter and SynthesizingMethodParameter
This split avoids a package tangle (between core and core.annotation) and also allows for selective use of raw annotation exposure versus synthesized annotations, with the latter primarily applicable to web and message handler processing at this point.

Issue: SPR-13153
2015-06-30 00:02:02 +02:00
Brian Clozel
39d689da0c Fix conditional requests support for HttpEntity
Prior to this commit, `HttpEntityMethodProcessor` would rely on
`ServletWebRequest` to process conditional requests and with incoming
`"If-Modified-Since"` / `"If-None-Match"` request headers.

This approach is problematic since in that class:

* response is wrapped in a `ServletServerHttpResponse`
* this wrapped response does not write response headers right away
* `ServletWebRequest.checkNotModified` methods can't apply their
logic with incomplete response headers

This solution adds some minimal code duplication and applies
the conditional request logic within the Processor.

A possible alternative would be to improve the
`ServletServerHttpResponse$ServletResponseHttpHeaders` implementation
with write methods - but this solution would only work for Servlet 3.x
applications.

Issue: SPR-13090
2015-06-29 16:47:27 +02:00
Sam Brannen
c9b26d80e1 Polish resource chain documentation 2015-06-29 15:57:58 +02:00
Brian Clozel
c61552b258 Document XML attributes in mvc:resource-chain
Issue: SPR-12804
2015-06-29 15:32:29 +02:00
Juergen Hoeller
a2d3c27ed1 Allow MVC handler methods to return any CharSequence type as view name
Issue: SPR-13165
2015-06-26 22:17:53 +02:00
Brian Clozel
ba48d6489f Mention Groovy Markup Templates in ref doc
Add a section on Groovy Markup Template support and
reorder sections in the View Technologies chapter, to have in order:

* Thymeleaf
* Groovy Markup Template
* Velocity and Freemarker
* JSPs
* Script Templates
* other views...

Issue: SPR-12829
2015-06-26 10:14:30 +02:00
Sebastien Deleuze
289f35da3a Call type aware canWrite() when using a GenericHttpMessageConverter
This commit introduces the following changes:
 - In AbstractMessageConverterMethodProcessor, the type aware variant of
   canWrite() is now called when the converter implements
   GenericHttpMessageConverter.
 - The Javadoc has been updated in GenericHttpMessageConverter to make it clear
   that the type aware canRead() and canWrite() methods should perform the same
   checks than non type aware ones.
  - AbstractGenericHttpMessageConverter now implements default type aware
    canRead() and canWrite() methods than just call the non type aware variants.
    Due to this, if subclasses just override the non type aware variants,
    they still have the right behavior.

Issue: SPR-13161
2015-06-25 15:02:33 +02:00
Sebastien Deleuze
31a5434ea4 Make @ResponseBody method return type available for message converters
This commit adds canWrite() and write() methods to the
GenericHttpMessageConverter interface. These are type aware variants
of the methods available in HttpMessageConverter, in order to keep
parametrized type information when serializing objects.

AbstractMessageConverterMethodProcessor now calls those type aware
methods when the message converter implements GenericHttpMessageConverter.

AbstractJackson2HttpMessageConverter and GsonHttpMessageConverter uses
these new methods to make @ResponseBody method return type available
for type resolution instead of just letting the JSON serializer trying
to guess the type to use from the object to serialize.

Issue: SPR-12811
2015-06-22 17:05:45 +02:00
Brian Clozel
9ada55dc6b Fix NPE in GzipResourceResolver
This change fixes a NullPointerException in GzipResourceResolver, which
assumed that calls to the `resolveResource` method were made with only
non-null values for request.

This is not the case for the VersionResourceResolver, which tries to
resolve resources that aren't requested per se by the HTTP request.

Issue: SPR-13149
2015-06-22 11:22:23 +02:00
Sam Brannen
de9f27872e Polish CORS support classes
- Simplified "check" algorithms in CorsConfiguration

- Improved robustness of setter methods in CorsConfiguration in order to
  avoid attempts to modify immutable lists

- Improved CORS documentation and fixed typo

- Introduced constants in CorsConfiguration

- Removed auto-boxing in CorsRegistration
2015-06-20 16:12:18 +02:00
Sam Brannen
078d252d1e Delete trailing whitespace in Java source code 2015-06-19 17:09:52 +02:00
Rossen Stoyanchev
0ef8af4798 Use .setStatus in ResponseStatusExceptionResolver
Before this change ResponseStatusExceptionResolver always used
.sendError despite the javadoc on @ResponseStatus#code. This was
perhaps justifiable from a HandlerExceptionResolver. Nevertheless
.setStatus should be more REST API friendly while still marking
the response as an error.

Issue: SPR-11193
2015-06-17 17:16:52 -04:00
Rossen Stoyanchev
8d7812b1b6 Raise IAE when no converter matches return type
Before this change the AbstractMessageConverterMethodProcessor always
raised a 406 if it couldn't find a converter. However if the reason
for not finding it is because there is simply no converter for the
return value type (i.e. programming error) and doesn't have anything to
do with content negotiation, then we should raise a 500 instead and
make it easier to figure out what's wrong.

Issue: SPR-13135
2015-06-17 17:03:36 -04:00
Brian Clozel
a421bd2c27 Avoid duplicate Etag/Last-Modified header values
This commit improves SPR-13090 and avoids adding duplicate ETag and
Last-Modified headers in HTTP responses.
Previously, those were added twice to the response since:

* we're adding all ResponseEntity headers to the response
* the `checkNotModified` methods automatically add those headers

Issue: SPR-13090
2015-06-17 10:08:58 +02:00
Juergen Hoeller
92f1754b1e Fixed fallback mode in ObjenesisCglibAopProxy, plus consistent support for bypassing Objenesis (e.g. on Google App Engine)
This 4.2 commit revises SpringObjenesis towards a smart delegate, including support for a "spring.objenesis.ignore" system property.

Issue: SPR-13131
2015-06-16 22:01:37 +02:00
Rossen Stoyanchev
210e10c657 Add AsyncHandlerMethodReturnValueHandler
Before this change HandlerMethodReturnValueHandler's were invoked in a
specific order (type-based, annotation-based, custom). However handlers
that deal with asynchronous return value handling need to always be
considered first. This affects custom handlers in particular since they
are normally ordered last.

This change introduces an AsyncHandlerMethodReturnValueHandler
sub-interface with a single method to determine if the return value is
asynchronous and if it is to look for a matching handler only among
those that are of type AsyncHandlerMethodReturnValueHandler.

Issue: SPR-13083
2015-06-16 08:48:56 -04:00
Sebastien Deleuze
8187833502 Change default JSON prefix from "{} && " to ")]}', "
Issue: SPR-13078
2015-06-16 11:30:07 +02:00
Sebastien Deleuze
a08c9f3137 Polish serialization/deserialization exception logging
This commit introduces the following changes in AbstractHandlerExceptionResolver:
 - warnLogger used to log exception is enabled by default
 - the exception message is now logged instead of the whole exception stacktrace
 - warn logging is only performed if doResolveException() returns a non-null
   ModelAndView, in order to avoid logging multiple times the error

Issue: SPR-13100
2015-06-16 10:27:52 +02:00
Rossen Stoyanchev
4b05bda0bf Missing path variable is now a 500 error
Before this change a missing path variable value resulted in a 400
error where in fact the error is due to a mismatch between the
declared @PathVariable and the URI template, i.e. a 500 error.

This change introduced a MissingPathVariableException as a sub-class
of ServletRequestBindingException (the exception previously thrown)
and results in a response status code of 500 by default.

Issue: SPR-13121
2015-06-15 16:09:19 -04:00
Stephane Nicoll
95acf8c989 Remove references to codehaus.org
Issue: SPR-13129
2015-06-15 15:44:29 +02:00
Sam Brannen
32c17bf540 Revise method and parameter names in annotation support
In AnnotatedElementUtils, all methods pertaining to merging annotation
attributes have been renamed to "getMerged*()" and "findMerged*()"
accordingly. Existing methods such as getAnnotationAttributes(..) have
been deprecated in favor of the more descriptive "merged" variants.
This aligns the naming conventions in AnnotatedElementUtils with those
already present in AnnotationReadingVisitorUtils.

The use of "annotationType" as a variable name for the fully qualified
class name of an annotation type has been replaced with
"annotationName" in order to improve the readability and intent of the
code base.

In MetaAnnotationUtils.AnnotationDescriptor, getMergedAnnotation() has
been renamed to synthesizeAnnotation(), and the method is now
overridden in UntypedAnnotationDescriptor to always throw an
UnsupportedOperationException in order to avoid potential run-time
ClassCastExceptions.

Issue: SPR-11511
2015-06-14 00:34:40 +02:00
Sam Brannen
2b339db53b Polish @CrossOrigin
- origin --> origins
- method --> methods
- constants are now actually constant (i.e., static final)
2015-06-13 17:09:58 +02:00
Brian Clozel
0175068cab Improve Last-Modified & ETag support
Prior to this change, the `"Last-Modified"` and "`Etag`" support had
been improved with SPR-11324: HTTP response headers are now
automatically added for conditional requests and more.

This commit fixes the format of the "`Last-Modified`" and "`ETag`"
values, which were using an epoch timestamp rather than an HTTP-date
format defined in RFC 7231 section 7.1.1.1.

Also, Conditional responses are only applied when the given response
applies, i.e. when it has an compatible HTTP status (2xx).

Issue: SPR-13090
2015-06-11 14:46:14 +02:00
Rossen Stoyanchev
9712a32c46 Allow setting timeout in ResponseBodyEmitter
Issue: SPR-13104
2015-06-10 14:47:24 -04:00
Sebastien Deleuze
0c3b34f7d5 Polish CORS global configuration
This commit introduces the following changes:
 - configureCors(CorsConfigurer configurer) is renamed to
   addCorsMappings(CorsRegistry registry)
 - enableCors(String... pathPatterns) is renamed to
   addMapping(String pathPattern)
 - <cors /> element must have at least one <mapping /> child
   element in order to be consistent with XML based configuration
   and have more explicit configuration

Issues: SPR-12933, SPR-13046
2015-06-05 16:55:15 +02:00
Sebastien Deleuze
15da5efc86 Fix combining class and method level @CrossOrigin attributes
Issue: SPR-13097
2015-06-05 15:32:58 +02:00
Sebastien Deleuze
e5f76af193 Support CORS global configuration in XML namespace
This commit introduces support for this kind of CORS XML namespace configuration:

	<mvc:cors>

		<mvc:mapping path="/api/**"
					allowed-origins="http://domain1.com, http://domain2.com"
					allowed-methods="GET, PUT"
					allowed-headers="header1, header2, header3"
					exposed-headers="header1, header2" allow-credentials="false"
					max-age="123" />

		<mvc:mapping path="/resources/**" allowed-origins="http://domain1.com" />

	</mvc:cors>

Issue: SPR-13046
2015-06-02 19:14:12 +02:00
Jasper de Vries
ec4783400c SPR-13080 SseEventBuilder needs event rather than name 2015-06-01 10:02:28 -04:00