Commit Graph

289 Commits

Author SHA1 Message Date
Rossen Stoyanchev
cf39078fbb Backport MVC Java config path-related config options
Issue: SPR-14186
2016-04-21 13:50:03 -04:00
Rossen Stoyanchev
ac5b9c7bd6 Fix javadoc issue in ResponseEntityExceptionHandler
Issue: SPR-13869
(cherry picked from commit 73df50d)
2016-04-08 22:30:56 +02:00
Rossen Stoyanchev
9e3bb1e26f Ensure RedirectModel is initialized
This commit fixes an old bug in ModelAndViewContainer where getModel
returns a new ModelMap instance that isn't saved and re-used.

Issue: SPR-14045
(cherry picked from commit d7062f6)
2016-04-08 22:30:56 +02:00
Juergen Hoeller
12eb893e5f Polishing (backported from 4.1.x) 2015-12-09 17:10:34 +01:00
Rossen Stoyanchev
86ba7476cb Fix failing tests 2015-11-11 18:06:03 -05:00
Rossen Stoyanchev
1489e29d0c Switch "attachment" to "inline" on Content-Disposition
Issue: SPR-13587, SPR-13643
2015-11-11 17:49:58 -05:00
Rossen Stoyanchev
f2e4da3dac Whitelist extension if present in the request mapping
We know skip the Content-Disposition header for any extension if the
chosen request mapping explicitly contains the URl extension.

Issue: SPR-13629
2015-11-06 13:01:34 -05:00
Rossen Stoyanchev
6a9329cb76 No Content-Disposition if HTML in the request mapping
Issue: SPR-13629
2015-11-02 13:21:59 -05:00
Rossen Stoyanchev
03f547eb98 Protect against RFD exploits
Issue: SPR-13548
2015-10-15 09:32:32 +02:00
Juergen Hoeller
b15da37891 Removed misleading note on readonly and disabled flags in spring-form.tld
Issue: SPR-13397
(cherry picked from commit c4a9abb)
2015-10-14 13:58:15 +02:00
Juergen Hoeller
adb54b2c69 Backported DispatcherServlet and ServletContextResourcePatternResolver refinements
Issue: SPR-13011
2015-05-11 19:58:36 +02:00
Juergen Hoeller
3e2491c058 Polishing 2015-03-23 22:43:49 +01:00
Juergen Hoeller
d879bad248 Polishing
(cherry picked from commit 7ed7f98)
2015-03-06 23:47:54 +01:00
Juergen Hoeller
e5207e6231 Polishing 2015-03-02 21:17:16 +01:00
Brian Clozel
2d3fe96cd6 Allow file locations for resource handling
Prior to this change, location checks for serving resources would append
`/` to the location path it didn't already have one.

This commit makes sure not to append a `/` if the provided location is
actually a file.

Issue: SPR-12747
2015-02-27 19:12:01 +01:00
Juergen Hoeller
9a7871fb70 Consistent validation logic
Issue: SPR-12655
2015-02-20 00:20:07 +01:00
Juergen Hoeller
186fef6808 Revised validation javadoc
Issue: SPR-12655
2015-02-19 22:46:29 +01:00
Juergen Hoeller
3ed24bca20 ServletUriComponentsBuilder.java avoids NPE on scheme check
Issue: SPR-12723
(cherry picked from commit 61cc3b5)
2015-02-18 20:44:50 +01:00
Stephane Nicoll
64e79ba692 Use hasLength rather than hasText 2014-12-30 15:39:48 +01:00
Stephane Nicoll
4bcf92f176 Restore JDK 5 compatiblity 2014-12-30 15:34:35 +01:00
Juergen Hoeller
62a6c3733d Polishing
(cherry picked from commit e9d24d5)
2014-12-29 20:06:57 +01:00
Juergen Hoeller
e353af65d2 HandlerExecutionChain prevents re-adding the interceptors array to the list (and declares varargs now)
Issue: SPR-12566
(cherry picked from commit 37713ae)
2014-12-29 20:05:04 +01:00
Brian Clozel
379d2e6da0 Fix location checks for servlet 3 resources
SPR-12354 applied new checks to make sure that served static resources
are under authorized locations.

Prior to this change, serving static resources from Servlet 3 locations
such as "/webjars/" would not work since those locations can be within
one of the JARs on path. In that case, the checkLocation method would
return false and disallow serving that static resource.

This change fixes this issue by making sure to call the
`ServletContextResource.getPath()` method for servlet context resources.

Note that there's a known workaround for this issue, which is using a
classpath scheme as location, such as:
"classpath:/META-INF/resources/webjars/" instead of "/webjars".

Issue: SPR-12432
(cherry picked from commit 1214624)
2014-11-24 19:11:15 +01:00
Juergen Hoeller
7f1e5a49a4 Polishing
(cherry picked from commit 2675ce7)
2014-11-22 23:19:48 +01:00
Rossen Stoyanchev
3f68cd633f Apply extra checks to static resource handling
- remove leading '/' and control chars
- improve url and relative path checks
- account for URL encoding
- add isResourceUnderLocation final verification

Issue: SPR-12354
2014-11-11 06:49:42 +01:00
Juergen Hoeller
d5e4592728 Polishing 2014-11-02 11:19:54 +01:00
Juergen Hoeller
d53b67f5cb TilesConfigurer defensively expects null from getResources in case of no resources found
Also includes order preservation for resource results with Tiles 2 as well as retrieval failure logging with Tiles 3.

Issue: SPR-12362
(cherry picked from commit c8b8dc5)
2014-11-02 00:21:19 +01:00
Juergen Hoeller
f812998826 Set ResponseStatusExceptionResolver.messageSource in the MVC Java config
Issue: SPR-12380
(cherry picked from commit aa82da8)
2014-11-02 00:21:02 +01:00
Juergen Hoeller
e819999c08 Polishing 2014-09-17 19:10:33 +02:00
Juergen Hoeller
21f0057990 Polishing 2014-08-23 00:11:19 +02:00
Juergen Hoeller
a4c8e6176c Consistent attribute documentation/formatting in spring-context and spring-mvc schemas
(cherry picked from commit b5763fe)
2014-08-22 23:50:34 +02:00
Juergen Hoeller
7cf4a4ed2d DispatcherServlet's checkMultipart detects wrapped MultipartRequest as well
Issue: SPR-12114
(cherry picked from commit 786fd92)
2014-08-22 23:49:16 +02:00
Juergen Hoeller
0c89279d61 Polishing 2014-08-13 15:54:21 +02:00
Juergen Hoeller
36918d6bb7 Polishing (includes varargs for selected setters) 2014-08-11 22:12:26 +02:00
Juergen Hoeller
214f026ea3 Polishing 2014-07-29 12:45:32 +02:00
Juergen Hoeller
c0a4631fd1 Polishing 2014-07-29 10:10:48 +02:00
Juergen Hoeller
a3ebf13579 SelectedValueComparator defensively handles null values in exhaustiveCompare
Issue: SPR-12001
(cherry picked from commit 980f971)
2014-07-29 00:13:29 +02:00
Juergen Hoeller
fe72fcede5 Polishing
(cherry picked from commit ede2150)
2014-07-02 18:18:21 +02:00
Juergen Hoeller
983cce22d8 Package javadoc cleanup for web.servlet.mvc, removing outdated references
Issue: SPR-11935
(cherry picked from commit 7396210)
2014-07-01 18:26:31 +02:00
Juergen Hoeller
c033f889bf Polishing (backported from master)
(cherry picked from commit 48f753f)
2014-07-01 14:28:05 +02:00
Juergen Hoeller
779a6b79eb Polishing 2014-04-27 22:52:51 +02:00
Juergen Hoeller
99a3e9cacb Revised ByteArrayOutputStream handling in MarshallingView and co
Issue: SPR-11646
(cherry picked from commit 8006696)
2014-04-02 22:56:34 +02:00
Juergen Hoeller
f93bfa8f84 ResourceHttpRequestHandler explicitly closes a Resource's InputStream
Issue: SPR-11644
(cherry picked from commit 3a96f16)
2014-04-02 22:55:52 +02:00
Juergen Hoeller
b80dc9d642 Polishing
Issue: SPR-11262
(cherry picked from commit d628025)
2014-04-02 22:55:33 +02:00
Juergen Hoeller
623b1fc0d5 Polishing 2014-03-25 00:37:01 +01:00
Juergen Hoeller
a2bdc284f9 DispatcherServlet logs request URI in encoded form only
Issue: SPR-11591
(cherry picked from commit 465ca24)
2014-03-25 00:36:36 +01:00
Juergen Hoeller
dbd5f67498 Consistently applied appropriate ByteArrayOutputStream initial capacities across the codebase
Issue: SPR-11594
(cherry picked from commit dd7f54c)
2014-03-25 00:35:33 +01:00
Juergen Hoeller
9585752693 Polishing 2014-03-11 21:36:10 +01:00
Juergen Hoeller
5c0fdb05bd AbstractFlashMapManager needs to decode parameter names
Also includes general alignment with the 4.0.3 versions of AbstractFlashMapManager and FlashMapManagerTests.

Issue: SPR-11504
2014-03-11 21:35:36 +01:00
Juergen Hoeller
75e08695a0 Mixed polishing along with recent changes
(cherry picked from commit 14e5a02)
2014-02-14 23:27:09 +01:00