Commit Graph

997 Commits

Author SHA1 Message Date
sdeleuze
d02e4fb545 Add Vary:Access-Control-Request-Method/Headers CORS headers
This commit adds these 2 Vary headers in addition to the existing
Origin one to avoid caching of Access-Control-Request-Method and
Access-Control-Request-Headers headers which can be an issue
when allowed methods or headers are unbounded and only the
requested method or headers are returned in the response.

Issue: SPR-16413
2018-01-30 17:00:32 +01:00
Rossen Stoyanchev
f4de8615aa Fix encoding issue in ServerHttpRequest.mutate()
Issue: SPR-16434
2018-01-30 10:23:02 -05:00
sdeleuze
32f6ccece8 Add WebFlux support for Smile streaming
The commit brings following changes:
 - Move getDecodableMimeTypes() to AbstractJackson2Decoder
 - Move getEncodableMimeTypes() to AbstractJackson2Encoder
 - Add support for application/stream+x-jackson-smile
 - Avoid streaming line separator when Smile encoder is used
 - Use double null token in Jackson2Tokenizer to identify documents

Issue: SPR-16151
2018-01-29 18:56:25 +01:00
Juergen Hoeller
c6b0d85a7c Consistent available() support in DelegatingServletInputStream
Issue: SPR-16416
2018-01-25 19:06:20 +01:00
Juergen Hoeller
0e6f8df0a8 ServletServerHttpRequest.getURI() ignores malformed query string
The resolved URI instance is also being cached now. This should not make a difference in a real Servlet environment but does affect tests which assumed they could modify an HttpServletRequest path behind a pre-created ServletServerHttpRequest instance. Our WebSocket test base class has been revised accordingly, re-creating the ServletServerHttpRequest in such a case.

Issue: SPR-16414
2018-01-24 22:13:40 +01:00
Arjen Poutsma
b47491695e Support array of scalar values in Jackson2Tokenizer
Issue: SPR-16407
2018-01-22 17:08:08 +01:00
Arjen Poutsma
0befc60c8f Renamed DataBufferUtils/DataBufferFactory.compose to join
Issue: SPR-16365
2018-01-22 10:51:07 +01:00
Arjen Poutsma
646fcc5c2f Support Custom Headers for Multipart Async Data
This commit makes sure there is no custom Content-Disposition header
before setting one automatically.

This commit also adds a headers(Consumer<HttpHeaders>) method, so that
one can user the nicer methods of HttpHeaders, as opposed to basic
strings.

Issue: SPR-16376
2018-01-20 15:18:20 +01:00
Rossen Stoyanchev
283811b16b Ensure filename is written
Now that SPR-16307 makes it possible to write a part with a Publisher
we need to ensure we get the filename correctly when writing with
Publisher<Resource>.

Issue: SPR-16376
2018-01-19 22:12:53 -05:00
Rossen Stoyanchev
afd248da8a MultipartHttpMessageWriter consumes source once only
The previous fix #09f1f7 did not actually address the issue but only
moved it further down, so instead of the subscribe(), it was consuming
it inside the MultipartHttpMessageWriter#write method which returned
this.body.then(), and then again for the actual request body writing.

In this commit MultipartHttpMessageWriter#write returns Mono.empty()
since we don't actually want to write the part content from there, but
only want to access it as soon as it is availabele, for writing to
the request body.

Issue: SPR-16402
2018-01-19 20:55:22 -05:00
Juergen Hoeller
572c668726 Polishing 2018-01-19 21:30:37 +01:00
Juergen Hoeller
06e6386dc9 CollectionUtils.lastElement for common Set/List extraction
Issue: SPR-16374
2018-01-12 18:23:52 +01:00
Juergen Hoeller
93f645800b Test for non-equality after URI normalization
Issue: SPR-16364
2018-01-12 16:46:06 +01:00
Arjen Poutsma
67e7c784e8 Use DataBufferUtils.compose and remove writeAggregator
Use DataBufferUtils.compose instead of writeAggregator to combine
multiple data buffers into one, as the write aggregator would not work
when the initial data buffer did not have enough capacity to contain
all subsequent buffers.

Removed writeAggregator, as it is no longer needed.

Issue: SPR-16365
2018-01-12 10:36:09 +01:00
Rossen Stoyanchev
c60313de3f Refine UriTemplate match pattern
The match/matches methods of UriTemplate use a regex with (.*) in place
of URI variables, which work fine except in the end where such a
pattern can match greedily more than one segment.

This commit updates the regex to use ([^/]*) instead since URI
variables are only meant to be used within a single path segment.

Issue: SPR-16169
2018-01-11 16:36:35 -05:00
Arjen Poutsma
8a129ef3da Use write aggregator from DataBufferUtils
This commit uses the newly introduced write aggregator from
DataBufferUtils throughout WebFlux.

Issue: SPR-16351
2018-01-10 11:15:47 +01:00
sdeleuze
9c7de232b8 Polishing
Optimize same origin check when the request is an instance of
ServletServerHttpRequest and when there is no forwarded headers.

This commit also optimizes the getPort methods and ForwardedHeaderFilter
forwarded headers checks.

Issue: SPR-16262
2018-01-09 14:33:54 +01:00
sdeleuze
c326e44488 Refine forwarded protocol support
This commit refines forwarded protocol support in order to support
proxies that only set "X-Forwarded-Proto" header and not
"X-Forwarded-Port" by performing a reset of the port in such case.

"Forwarded" header support has been updated accordingly since it
also supports similar use case, as described in SPR-15504.

Issue: SPR-16262
2018-01-09 14:33:54 +01:00
Rossen Stoyanchev
37f0e8c6e5 Access to ApplicationContext via ServerWebExchange
Issue: SPR-16298
2018-01-05 15:46:45 -05:00
Arjen Poutsma
6c3a64578c Move ResolvableType from HttpEntity to PublisherEntity
This commit moves the ResolvableType field from HttpEntity to
PublisherEntity, a new entity type defined in MultipartBodyBuilder.
With this change, the scope of the ResolvableType is limited to
multipart-related code, instead of becoming part of the complete
HttpEntity hierarchy.

Issue: SPR-16307
2017-12-22 13:44:01 +01:00
Arjen Poutsma
f23612c3a3 Add ResolvableType to HttpEntity for multipart Publishers
This commit adds a ResolvableType field to HttpEntity, in order to
support Publishers as multipart data. Without the type, the
MultipartHttpMessageWriter does not know which delegate writer to use to
write the part.

Issue: SPR-16307
2017-12-21 17:40:27 +01:00
sdeleuze
0075f13126 Improve CORS list properties combination logic
This commit allows CorsConfiguration#combine()
to differentiate permit default values set by
CorsConfiguration#applyPermitDefaultValues()
from values configured explicitly by the user.

Those permit default values will be overridden
by any user-provided ones while user-provided values
will be combined in an additive way, including
when "*" is specified.

Documentation has been improved accordingly.

Issue: SPR-15772
2017-12-20 22:38:01 +01:00
Rossen Stoyanchev
a8cf275aed MockServerHttpRequest builder supports query params
Issue: SPR-16280
2017-12-19 15:38:12 -05:00
Rossen Stoyanchev
6df1a7874a MockHttpServletResponse uses correct language header
Issue: SPR-16311
2017-12-19 13:56:16 -05:00
Arjen Poutsma
8e253a316d Support top-level scalar values in Jackson2Tokenizer
Issue: SPR-16166
2017-12-14 16:44:40 +01:00
sdeleuze
73a81f98d4 Allow interceptors to add existing header values
Additional commit to provide support of requests
that have a body.

Issue: SPR-15066
2017-12-13 10:08:24 +01:00
sdeleuze
554662ebab Allow interceptors to add existing header values
Provide a fully mutable HttpHeaders to ClientHttpRequestInterceptors
of a RestTemplate when headers are set using HttpEntity. This avoids
UnsupportedOperationException if both HttpEntity and
ClientHttpRequestInterceptor add values for the same HTTP header.

Issue: SPR-15066
2017-12-11 15:01:20 +01:00
Rossen Stoyanchev
e99b0038a0 Polish 2017-12-01 21:18:13 -05:00
Rossen Stoyanchev
dd0d270ba2 Improve error handling when response is committed
ResponseStatusExceptionHandler lets the error through if it can't
change the status while HttpWebHandlerAdapter logs a more helpful
message (including status code) but without a full stack trace.

Issue: SPR-16231
2017-11-29 12:39:06 -05:00
Rossen Stoyanchev
dc3d834026 Refinements related to a committed response
1. setComplete checks the isCommitted flag to avoid an unnecessary
debug message. This method is meant to be safe to call many times.

2. setStatusCode lowers log message to TRACE, since the return value
communicates the outcome it's arguably much less critical.

3. Add comment and test case for ResponseStatusExceptionHandler.
A ResponseStatusException is clearly meant to be handled by this
handler so don't let it pass through even if the respones is
committed.

Issue: SPR-16231
2017-11-27 16:31:49 -05:00
Rossen Stoyanchev
afdca285e5 Avoid resume-suspend race condition
This commit turns suspendReading() into a readingPaused() notification
that is invoked after a succession of reads stops because there is no
more demand. Sub-classes can use this notification to suspend, if that
applies to them.

Most importantly the notification is guaranteed not to overlap with
checkOnDataAvailable() which means that suspend does not need to be
atomic and guarded against resume. The two can and do compete all the
time when reading ends with no demand, and a request for demand arrives
concurrently.

Issue: SPR-16207
2017-11-22 17:48:03 -05:00
sdeleuze
4a87d3da7b Set Vary: Origin on CORS unauthorized response
Issue: SPR-16224
2017-11-22 22:46:53 +01:00
Rossen Stoyanchev
b7c924cac1 Polish 2017-11-21 23:20:13 -05:00
Andy Clement
508aea8a47 Rework implementation of PathPattern.extractPathWithinPattern
This commit changes the implementation of the PathPattern
extractPathWithinPattern method that used an old AntPathMatcher
derivative to a new version that integrates more closely with
PathContainer.

It also introduces consistency in a couple of areas. The javadoc
is updated to specify this but basically:
- the response from the extra method will have all leading
  and trailing separators removed.
- the response will have multiple adjacent separators within the
  reponse reduced to just one.  (For example response would be
  aaa/bb/cc and not aaa///bbb//cc)
If your response would start or finish with multiple separators, they
are all removed.

Issue: SPR-16120
2017-11-17 12:03:17 -08:00
Rossen Stoyanchev
87375fe6f8 ServerHttpRequest exposes SSL certificates
Issue: SPR-15964
2017-11-10 16:43:12 -05:00
Rossen Stoyanchev
807297f173 Remove RxNetty (from test sources)
Practically no changes to RxNetty for a year and efforts underway to
rebuild 0.6.x based on a current Reactor Netty base.

Aside from the extra time to run integration tests having two
Netty-based servers can also cause false alarms such as ByteBuf leaks
related to RxNetty.
2017-11-09 15:56:56 -05:00
Rossen Stoyanchev
9786750b5a Improve @RequestAttribute WebFlux resolver
The resolver now takes into account the possibility the attribute
itself may be a reactive type.

Issue: SPR-16158
2017-11-06 21:44:45 -05:00
Arjen Poutsma
2d1f87501c Add MultipartBodyBuilder
This commit introduces the MultipartBodyBuilder, a builder for multipart
form bodies.

Issue: SPR-16134
2017-11-06 10:42:11 +01:00
Juergen Hoeller
e5c1deea63 Polishing 2017-11-05 16:23:30 +01:00
Juergen Hoeller
80a0cf71f4 MockHttpServletResponse.getDateHeader returns -1 for non-existent header
Includes consistent getDateHeader results in both MockHttpServletResponse variants (spring-test and spring-web)

Issue: SPR-16160
2017-11-05 16:12:21 +01:00
Juergen Hoeller
0edf4d6509 MockHttpServletRequest.getRequestURL aligns with getServerName/Port
Issue: SPR-16138
2017-11-05 16:11:21 +01:00
Juergen Hoeller
996d747aed Upgrade to Mockito 2.11
Includes fixes for invalid exception declarations in Mockito-based unit tests. Also includes FreeMarker 2.3.27, Commons Pool 2.4.3, JSON-P 1.1.2.

Issue: SPR-16157
2017-11-04 01:06:59 +01:00
Rossen Stoyanchev
8c33ed02b3 ServletHttpHandlerAdapter supports Serlvet path mapping
Issue: SPR-16155
2017-11-02 20:53:26 -04:00
Norman Soetbeer
4dee333a75 Allow empty usernames for BasicAuth
The RFCs around basic authentication don't explicitly disallow empty
usernames. On the other hand usernames containing colons are, as colons
are used to separate the username from the password.
2017-11-02 09:59:14 -05:00
Rossen Stoyanchev
579328bd7a MockClientHttpRequest|Response support cookie headers
Issue: SPR-16124
2017-10-31 12:08:18 -04:00
Juergen Hoeller
d06129debd InterceptingHttpAccessor uses internal ArrayList for sorting
Also caches InterceptingClientHttpRequestFactory (if applicable)

Issue: SPR-16137
2017-10-31 16:33:38 +01:00
Rossen Stoyanchev
8083eaae54 syncBody better differentiates plain vs multipart forms
FromHttpMessageWriter and MultipartHttpMessageWriter both support
MultiValueMap except the former supports String values only. This
presents an issue since either full generic type information must be
provided, which is cumbersome on the client side, or if left out there
is no good way to order the writers to make a proper decision.

This commit:

- refines the canWrite behavior of   to not a
accept MultiValueMap without proper generic information unless the
MediaType is explicitly set providing a strong hint.

- modifies MultipartHttpMessageWriter to be configured with a
FormHttpMessageWriter so it can write both plan and multipart data with
the ability to properly differentiate based on actual map values.

Issue: SPR-16131
2017-10-31 09:12:05 -04:00
Juergen Hoeller
d963597ec0 Test with hasError for unknown status code
Issue: SPR-16108
2017-10-24 15:51:29 +02:00
Sebastien Deleuze
1c256a112b Parse correctly ContentDisposition header with semicolons
Issue: SPR-16091
2017-10-23 23:09:14 +02:00
Rossen Stoyanchev
1cc5afe24b Fix lines over 120 characters
https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Code-Style#line-wrapping
2017-10-20 16:42:26 -04:00