Commit Graph

372 Commits

Author SHA1 Message Date
Sebastien Deleuze
b0e1e66b7f Add CORS support
This commit introduces support for CORS in Spring Framework.

Cross-origin resource sharing (CORS) is a mechanism that allows
many resources (e.g. fonts, JavaScript, etc.) on a web page to
be requested from another domain outside the domain from which
the resource originated. It is defined by the CORS W3C
recommandation (http://www.w3.org/TR/cors/).

A new annotation @CrossOrigin allows to enable CORS support
on Controller type or method level. By default all origins
("*") are allowed.

@RestController
public class SampleController {

	@CrossOrigin
	@RequestMapping("/foo")
	public String foo() {
		// ...
	}
}

Various @CrossOrigin attributes allow to customize the CORS configuration.

@RestController
public class SampleController {

	@CrossOrigin(origin = { "http://site1.com", "http://site2.com" },
				 allowedHeaders = { "header1", "header2" },
				 exposedHeaders = { "header1", "header2" },
				 method = RequestMethod.DELETE,
				 maxAge = 123, allowCredentials = "true")
	@RequestMapping(value = "/foo", method = { RequestMethod.GET, RequestMethod.POST} )
	public String foo() {
		// ...
	}
}

A CorsConfigurationSource interface can be implemented by HTTP request
handlers that want to support CORS by providing a CorsConfiguration
that will be detected at AbstractHandlerMapping level. See for
example ResourceHttpRequestHandler that implements this interface.

Global CORS configuration should be supported through ControllerAdvice
(with type level @CrossOrigin annotated class or class implementing
CorsConfigurationSource), or with XML namespace and JavaConfig
configuration, but this is not implemented yet.

Issue: SPR-9278
2015-04-02 16:12:11 +02:00
Sebastien Deleuze
35f40ae654 Add @JsonView deserialization support for request bodies
Jackson 2.5.0 or later is required.

Issue: SPR-12501
2015-04-02 12:05:45 +02:00
Sebastien Deleuze
ca06582f2a Support Jackson @JsonFilter
This commit adds a filters property to MappingJacksonValue
and also manages a special FilterProvider class name model key in
order to be able to specify a customized FilterProvider for each
handler method execution, and thus provides a more dynamic
alternative to our existing JsonView support.

A filters property is also now available in Jackson2ObjectMapperBuilder
and Jackson2ObjectMapperFactoryBean in order to set easily a
global FilterProvider.

More details about @JsonFilter at
http://wiki.fasterxml.com/JacksonFeatureJsonFilter.

Issue: SPR-12586
2015-04-02 11:23:18 +02:00
Rossen Stoyanchev
7e799295e5 Fix compile error 2015-04-01 16:53:27 -04:00
Juergen Hoeller
39bc8b7992 AbstractContextLoaderInitializer and AbstractDispatcherServletInitializer support ApplicationContextInitializers now
Issue: SPR-12430
2015-03-31 17:21:57 +02:00
Rossen Stoyanchev
36ed4df59d Improve empty request body handling
The check for an empty request body InputStream is now in the base
class AbstractMessageConverterMethodArgumentResolver shared for
all arguments that involve reading with an HttpMessageConverter --
@RequestBody, @RequestPart, and HttpEntity.

When an empty body is detected any configured RequestBodyAdvice is
given a chance to select a default value or leave it as null.

Issue: SPR-12778, SPR-12860, SPR-12861
2015-03-29 21:42:22 -04:00
Rossen Stoyanchev
0556ed4f16 Add RequestBodyAdvice
RequestBodyAdvice is analogous to ResponseBodyAdvice (added in 4.1)
but for intercepting for reading the request with an
HttpMessageConverter for resolving an @RequestBody or an HttpEntity
method argument.

Issue: SPR-12501
2015-03-29 21:42:14 -04:00
Rossen Stoyanchev
95f6e4cc9b Support StreamingResponseBody return value type
Issue: SPR-12831
2015-03-23 15:38:52 -04:00
Juergen Hoeller
76cf5beb59 Support for XSSFWorkbook and SXSSFWorkbook (xmlx format; POI 3.9+)
Introduces an AbstractXlsView and dedicated subclasses for POI's xmlx support.
Deprecates the traditional AbstractExcelView which is based on pre POI 3.5 API.

Issue: SPR-6898
2015-03-23 20:01:05 +01:00
Juergen Hoeller
e2110e353e Support for JasperReports xlsx exporter
Issue: SPR-12843
2015-03-23 19:59:25 +01:00
Brian Clozel
f9ce11eef8 Provide controller level Cache-Control support
Prior to this commit, Cache-Control HTTP headers could be set using
a WebContentInterceptor and configured cache mappings.

This commit adds support for cache-related HTTP headers at the controller
method level, by returning a ResponseEntity instance:

ResponseEntity.status(HttpStatus.OK)
    .cacheControl(CacheControl.maxAge(1, TimeUnit.HOURS).cachePublic())
    .eTag("deadb33f8badf00d")
    .body(entity);

Also, this change now automatically checks the "ETag" and
"Last-Modified" headers in ResponseEntity, in order to respond HTTP
"304 - Not Modified" if necessary.

Issue: SPR-8550
2015-03-23 18:05:14 +01:00
Brian Clozel
38f32e3816 Improve HTTP caching flexiblity
This commit improves HTTP caching defaults and flexibility in
Spring MVC.

1) Better default caching headers

The `WebContentGenerator` abstract class has been updated with
better HTTP defaults for HTTP caching, in line with current
browsers and proxies implementation (wide support of HTTP1.1, etc);
depending on the `setCacheSeconds` value:

* sends "Cache-Control: max-age=xxx" for caching responses and
do not send a "must-revalidate" value by default.
* sends "Cache-Control: no-store" or "Cache-Control: no-cache"
in order to prevent caching

Other methods used to set specific header such as
`setUseExpiresHeader` or `setAlwaysMustRevalidate` are now deprecated
in favor of `setCacheControl` for better flexibility.
Using one of the deprecated methods re-enables previous HTTP caching
behavior.

This change is applied in many Handlers, since
`WebContentGenerator` is extended by `AbstractController`,
`WebContentInterceptor`, `ResourceHttpRequestHandler` and others.

2) New CacheControl builder class

This new class brings more flexibility and allows developers
to set custom HTTP caching headers.

Several strategies are provided:

* `CacheControl.maxAge(int)` for caching responses with a
"Cache-Control: max-age=xxx" header
* `CacheControl.noStore()` prevents responses from being cached
with a "Cache-Control: no-store" header
* `CacheControl.noCache()` forces caches to revalidate the cached
response before reusing it, with a "Cache-Control: no-store" header.

From that point, it is possible to chain method calls to craft a
custom CacheControl instance:

```
CacheControl cc = CacheControl.maxAge(1, TimeUnit.HOURS)
    .cachePublic().noTransform();
```

3) Configuring HTTP caching in Resource Handlers

On top of the existing ways of configuring caching mechanisms,
it is now possible to use a custom `CacheControl` to serve
resources:

```
@Configuration
public class MyWebConfig extends WebMvcConfigurerAdapter {

  @Override
  public void addResourceHandlers(ResourceHandlerRegistry registry) {
    CacheControl cc = CacheControl.maxAge(1, TimeUnit.HOURS);
    registry.addResourceHandler("/resources/**)
            .addResourceLocations("classpath:/resources/")
            .setCacheControl(cc);
  }
}
```

or

```
<mvc:resources mapping="/resources/**" location="classpath:/resources/">
  <mvc:cachecontrol max-age="3600" cache-public="true"/>
</mvc:resources>
```

Issue: SPR-2779, SPR-6834, SPR-7129, SPR-9543, SPR-10464
2015-03-23 18:01:04 +01:00
Rossen Stoyanchev
6a96c26dd4 Add HttpRange tests, set Accept-Range header, polish
Issue: SPR-10805
2015-03-20 15:35:43 -04:00
Arjen Poutsma
da48739628 Support byte ranges in ResourceHttpRequestHandler
This commit introduces support for HTTP byte ranges in the
ResourceHttpRequestHandler. This support consists of a number of
changes:

- Parsing of HTTP Range headers in HttpHeaders, using a new HttpRange
  class and inner ByteRange/SuffixByteRange subclasses.
- MIME boundary generation moved from FormHttpMessageConverter to
  MimeTypeUtils.
- writePartialContent() method introduced in ResourceHttpRequestHandler,
  handling the byte range logic
- Additional partial content tests added to
  ResourceHttpRequestHandlerTests.

Issue: SPR-10805
2015-03-20 15:35:43 -04:00
Rossen Stoyanchev
de9c9febc3 Compare encoded params in AbstractFlashMapManager
AbstractFlashMapManager no longer decodes the target query parameters
it needs to use to match to the request after the redirect.

Instead it stores query parameters as-is adn then relies on parsing the
encoded query string after the redirect.

Issue: SPR-12569
2015-03-19 16:57:26 -04:00
Rossen Stoyanchev
46537a76ed Polish FlashMapManagerTests 2015-03-19 15:04:13 -04:00
Rossen Stoyanchev
febcd0c46d Add baseUrl overloaded MvcUriComponentsBuilder methods
Issue: SPR-12800
2015-03-16 20:45:01 -04:00
Juergen Hoeller
6c169bd644 Initial support for JSR-354 Money & Currency
Issue: SPR-12209
2015-03-13 19:40:00 +01:00
Rossen Stoyanchev
624790a520 Move X-Forwarded-* tests to UriComponentsBuilderTests 2015-03-13 09:33:21 -04:00
Sam Brannen
d90cee78ef Remove trailing whitespace in source code 2015-03-07 21:16:18 +01:00
Kazuki Shimizu
c746b10da9 Support @NumberFormat as a meta-annotation
This commit ensures that @NumberFormat can be used as a
meta-annotation, as was already the case for @DateTimeFormat.

In addition, this commit polishes FormattingConversionServiceTests and
MvcNamespaceTests.

Issue: SPR-12743
2015-03-07 21:00:25 +01:00
Juergen Hoeller
a71001b45c Polishing
Issue: SPR-12778
2015-03-06 17:46:35 +01:00
Rossen Stoyanchev
d64c48ff5f UriComponentsBuilder.fromHttpRequest sets port correctly
Issue: SPR-12771
2015-03-05 21:52:27 -05:00
Stephane Nicoll
babbf6e871 Harmonize resources location
Issue: SPR-12766
2015-02-28 10:32:40 +01:00
Brian Clozel
6b07c53c61 Allow file locations for resource handling
Prior to this change, location checks for serving resources would append
`/` to the location path it didn't already have one.

This commit makes sure not to append a `/` if the provided location is
actually a file.

Issue: SPR-12747
2015-02-26 14:19:59 +01:00
Juergen Hoeller
6ebac00f32 @RequestPart supports java.util.Optional
Issue: SPR-12644
2015-02-18 16:17:07 +01:00
Rossen Stoyanchev
f84c458aba Add fromHttpRequest to UriComponentsBuilder
Before this change, detection of X-Forwarded-* headers was only built
into ServletUriComponentsBuilder.

This change adds a new method for creating a UriComponentsBuilder from
an existing HttpRequest. This is equivalent to the fromUri method +
X-Forwarded-* header values.
2015-02-10 06:53:14 +01:00
Rossen Stoyanchev
8f0ddf1b1d Fix type check for ResponseEntity<ResponseBodyEmitter>
Issue: SPR-12693
2015-02-05 11:18:07 -05:00
Brian Clozel
13cdd22f5e Sort handler matches in ResourceUrlProvider
Prior to this change, the `ResourceUrlProvider.getForLookupPath` method
would try to match handlers using the keySet order in the
handlerMappings Map. In case of several matches, the handler used for
the return value could vary, since the registration order in the
handlerMappings can't be guaranteed in the configuration.

This commit now collects all matching handlers and sort them using a
`PatternComparator`, in order to try each handler from the most specific
mapping to the least.

Issue: SPR-12647
2015-02-03 17:07:55 +01:00
Rossen Stoyanchev
a32b5e61d0 Add support for Server-Sent Events
This commit adds ResponseBodyEmitter and SseEmitter (and also
ResponseEntity<ResponseBodyEmitter> and ResponseEntity<SseEmitter>) as
new return value types supported on @RequestMapping controller methods.

See Javadoc on respective types for more details.

Issue: SPR-12212
2015-01-29 17:55:09 -05:00
Rossen Stoyanchev
d68fde57cd Support HandlerMethod arg in @ExceptionHandler methods
Issue: SPR-12605
2015-01-21 17:54:40 -05:00
Brian Clozel
2bf6b41bcc Initialize ResourceUrlProvider only once
Prior to this change, the ResourceUrlProvider would listen to
ContextRefreshedEvents and autodetect resource handlers each time. This
can cause issues when multiple contexts are involved and the last one
has no resource handler, thus clearing the previously detected ones.

This commit disables resource handlers auto-detection once some have
been detected with a refreshed context.

Issue: SPR-12592
2015-01-21 11:35:43 +01:00
Brian Clozel
bb78c76b8c Allow relative paths within resource location path
Prior to this change, location paths used for resource handling would
not allow "non-cleaned, relative paths" such as
`file://home/user/static/../static/`. When checking if the resolved
resource's path starts with the location path, a mismatch would happen
when comparing for example:

* the location `file://home/user/static/../static/`
* and the resource `file://home/user/static/resource.txt`

This commit cleans the location path before comparing it to the resource
path.

Issue: SPR-12624
2015-01-20 17:46:05 +01:00
Brian Clozel
028c0e8b80 Allow protocol relative URLs in CssLink Transformer
This commit allows the use of "protcol relative URLs" (i.e. URLs without
scheme, starting with `//`), often used to serve resources automatically
from https or http with third party domains.

This syntax is allowed by RFC 3986.

Issue: SPR-12632
2015-01-20 15:53:10 +01:00
Brian Clozel
3da9d92bf5 Fix context-relative default value in XML parsing
This commit fixes the default value for the contextRelative attribute of
a RedirectView, when this view is registered via a
RedirectViewController in XML. The value is set to true.

Note that the default value for this is correctly documented in
spring-mvc-4.1.xsd. Also, the documentation and implementation for its
javadoc counterpart also enforces true as a default value.

Issue: SPR-12607
2015-01-16 16:13:02 +01:00
Juergen Hoeller
9ac02b319d Remove pre-3.2 deprecated classes and methods
Issue: SPR-12578
2014-12-30 20:05:15 +01:00
Juergen Hoeller
86b8112c90 Polishing 2014-12-29 15:13:40 +01:00
Juergen Hoeller
6b3023c2aa HandlerExecutionChain prevents re-adding the interceptors array to the list (and declares varargs now)
Issue: SPR-12566
2014-12-23 18:27:49 +01:00
Rossen Stoyanchev
ad65119a2c Polish ServletUriComponentsBuilder 2014-12-04 10:30:14 -05:00
Rossen Stoyanchev
7f11c1ee2f Also apply X-Forwarded-Prefix in fromContextPath
Issue: SPR-12500
2014-12-04 10:15:55 -05:00
Rossen Stoyanchev
d322bcfbf4 Use X-Forwarded-Prefix in ServletUriComponentsBuilder
Issue: SPR-12500
2014-12-03 13:46:25 -05:00
Stephane Nicoll
1aad4da6b6 Remove compiler warning 2014-12-02 14:18:22 +01:00
Brian Clozel
b3bfa95e2b Fix ResourceUrlEncodingFilter with context mapping
Prior to this change, the ResourceUrlEncodingFilter would work well when
the application is mapped to "/". But when mapped to a non-empty servlet
context, this filter would not properly encode URLs and apply
ResourceResolver URL resolution for resources.

This commit makes sure that the lookup path is properly resolved in the
request URI, taking into account the servlet context.

Issue: SPR-12459
2014-11-26 14:56:24 +01:00
Rossen Stoyanchev
24834f6d2f Add extendMessageConverters to WebMvcConfigurer
Issue: SPR-12450
2014-11-25 10:11:10 -05:00
Juergen Hoeller
929cda6790 Allow custom @Validated annotations for handler method parameters
Issue: SPR-12406
2014-11-24 23:34:24 +01:00
Juergen Hoeller
51bed18e61 Resource resolution and message escaping tests pass on Windows again 2014-11-24 15:06:44 +01:00
Brian Clozel
161d3e3049 Fix location checks for servlet 3 resources
SPR-12354 applied new checks to make sure that served static resources
are under authorized locations.

Prior to this change, serving static resources from Servlet 3 locations
such as "/webjars/" would not work since those locations can be within
one of the JARs on path. In that case, the checkLocation method would
return false and disallow serving that static resource.

This change fixes this issue by making sure to call the
`ServletContextResource.getPath()` method for servlet context resources.

Note that there's a known workaround for this issue, which is using a
classpath scheme as location, such as:
"classpath:/META-INF/resources/webjars/" instead of "/webjars".

Issue: SPR-12432
2014-11-24 14:08:54 +01:00
Juergen Hoeller
223d849a14 Polishing 2014-11-23 00:12:02 +01:00
Juergen Hoeller
282adeda88 Unit test for JavaBeans introspection against FreeMarker Configuration class
Issue: SPR-12448
2014-11-22 16:47:19 +01:00
Rossen Stoyanchev
9cef8e3001 Apply extra checks to static resource handling
- remove leading '/' and control chars
- improve url and relative path checks
- account for URL encoding
- add isResourceUnderLocation final verification

Issue: SPR-12354
2014-11-11 07:12:44 +01:00