Commit Graph

647 Commits

Author SHA1 Message Date
Brian Clozel
f53d01b00a Do not rewrite relative links with FixedVersionStrategy
Prior to this change, the resource handling FixedVersionStrategy would
be applied on all links that match the configured pattern. This is
problematic for relative links and can lead to rewritten links such as
"/fixedversion/../css/main.css" which breaks.

This commit prevents that Strategy from being applied to such links.
Of course, one should avoid to use that VersionStrategy with relative
links, but this change aims at not breaking existing links even if it
means not prefixing the version as expected.

Issue: SPR-13727
(cherry picked from commit c226753)
2015-12-02 14:29:07 +01:00
Juergen Hoeller
97148ce889 Polishing 2015-11-26 01:10:31 +01:00
Juergen Hoeller
71fc2ba174 Polishing 2015-11-14 23:32:36 +01:00
Rossen Stoyanchev
a8c7220fc7 Fix failing tests 2015-11-11 18:04:28 -05:00
Rossen Stoyanchev
92ca537d61 Switch "attachment" to "inline" on Content-Disposition
Issue: SPR-13587, SPR-13643
2015-11-11 17:47:34 -05:00
Rossen Stoyanchev
f5f57e9544 Expand range of whitelisted extensions by media type
This commit expands the range of whitelisted extensions by checking
if an extension can be resolved to image/*, audio/*, video/*, as well
as any content type that ends with +xml.

Issue: SPR-13643
2015-11-11 17:46:36 -05:00
Rossen Stoyanchev
d500d523e7 Whitelist extension if present in the request mapping
We know skip the Content-Disposition header for any extension if the
chosen request mapping explicitly contains the URl extension.

Issue: SPR-13629
2015-11-06 12:45:40 -05:00
Rossen Stoyanchev
71a9eb7102 Add section on RFD + whitelist yml/properties/csv
Issue: SPR-13643
2015-11-05 19:42:30 -05:00
Rossen Stoyanchev
e190f26669 No Content-Disposition if HTML in the request mapping
Issue: SPR-13629
2015-11-02 13:13:37 -05:00
Rossen Stoyanchev
0f1897d376 Further improve Detect custom CNVR
Refine the approach of having <mvc:view-resolvers> detect and use the
ContentNegotiationManager instance registered with
<mvc:annotation-driven> introduced in the last commit.

Issue: SPR-13559
2015-10-29 20:53:36 -04:00
Rossen Stoyanchev
563a120280 Detect custom ContentNegotiationViewResolver
The <mvc:annotation-driven> element now adds an alias when a
ContentNegotiationManager bean is registered with a custom name.
This helps <mvc:view-resolvers> to more reliably find such a custom
ContentNegotiationManager.

Issue: SPR-13559
2015-10-29 18:06:45 -04:00
Brian Clozel
78fc5bbecc Don't throw NPE when serving webjar directories
Prior to this change, serving resources with ResourceHttpRequestHandler
could result in NPE when requesting an existing folder located in a JAR.

This commit swallows those exceptions, as it is not possible to foresee
those cases without reading the actual resource. This result in a HTTP
200 response with a zero Content-Length instead of a HTTP 500 internal
exception.

Issue: SPR-13620
2015-10-29 16:48:55 +01:00
Rossen Stoyanchev
a879897063 Skip Content-Disposition header if status != 2xx
Issue: SPR-13588
2015-10-26 16:11:20 -04:00
Rossen Stoyanchev
a95c3d820d Protect against RFD exploits
Issue: SPR-13548
2015-10-15 10:32:51 +02:00
Juergen Hoeller
13283ec918 Polishing 2015-10-12 23:24:36 +02:00
Juergen Hoeller
2c73c5a893 Polishing 2015-09-09 13:06:03 +02:00
Juergen Hoeller
c4a9abb6be Removed misleading note on readonly and disabled flags in spring-form.tld
Issue: SPR-13397
(cherry picked from commit eaba794)
2015-09-02 17:20:40 +02:00
Juergen Hoeller
a35f71964a Polishing 2015-08-26 00:44:32 +02:00
Juergen Hoeller
7575271075 Polishing 2015-07-30 17:52:33 +02:00
Brian Clozel
3a4085a286 Fix tests
Issue: SPR-13241
2015-07-17 13:41:25 +02:00
Brian Clozel
daf94ea576 PathResourceResolver should not resolve root path
When resolving resources, the PathResourceResolver creates a Resource
instance and checks whether this resource `exists()` and `isReadable()`.
While that last call returns false for folders on the file system, both
calls return true for folders located inside JARs.

If a JAR location is configured as a resource location, then
PathResourceResolver can resolve folders in JARs as valid locations and
candidates for paths resolution.

Prior to this change, the PathResourceResolver would resolve "" as a
valid resource path (here, the "/META-INF/resources/webjars" if
configured, for example) and return a "" path for this resource,
effectively turning all "/" URLs into empty ones "".

This commit fixes the resolveUrlPathInternal implementation by not
allowing empty paths as valid resource paths.

Issue: SPR-13241
2015-07-17 11:05:11 +02:00
Sam Brannen
a8ac6db43b Polish resource chain documentation 2015-06-29 16:16:34 +02:00
Brian Clozel
bf94344139 document XML attributes in mvc:resource-chain
Issue: SPR-12804
2015-06-29 15:35:14 +02:00
Brian Clozel
b3f01998d2 Fix NPE in GzipResourceResolver
This change fixes a NullPointerException in GzipResourceResolver, which
assumed that calls to the `resolveResource` method were made with only
non-null values for request.

This is not the case for the VersionResourceResolver, which tries to
resolve resources that aren't requested per se by the HTTP request.

Issue: SPR-13149
2015-06-22 11:45:57 +02:00
Juergen Hoeller
d08c0669da Polishing 2015-06-16 01:42:51 +02:00
Brian Clozel
9e8e7aa6b9 Fix SPR-12999 backport (missing test dependency) 2015-05-21 15:18:49 +02:00
Brian Clozel
c99cc53da1 Fix directories I/O in ResourceHttpRequestHandler
Prior to this commit, the `ResourceHttpRequestHandler` would not
properly handle HTTP requests to **directories contained in JARs**.
This would result in HTTP 500 errors, caused by `FileNotFoundException`
or `NullPointerException`.

This can be tracked to webapp ClassLoader implementations in servlet
containers:
* in Jetty9x, fetching a directory within a JAR as a `Resource` and
getting its InputStream work fine, but attempting to `close()` it
results in a NullPointerException as the underlying stream is null.
* In Tomcat6x, one cannot fetch an InputStream for the same `Resource`
as it throws a FileNotFoundException.

This change adds more try/catch clauses and catches more Exception so as
to result in HTTP 200 OK responses instead of server errors. While this
is inconsistent because the same code path would result in HTTP 404 with
existing directories on the file system, there's no other simple way to
make those checks for resources contained in JARs.

Issue: SPR-12999
2015-05-21 14:54:55 +02:00
Juergen Hoeller
ae35e84c1e Polishing
(cherry picked from commit 0711d6d)
2015-05-13 17:27:41 +02:00
Brian Clozel
51c941ca11 Fix empty URLs handling in ResourceUrlEncodingFilter
Prior to this commit, the ResourceUrlEncodingFilter would fail with a
StringIndexOutOfBoundsException when:

* the current request has a servlet context
* the URL to encode is relative and is shorter than the context value

This change defensively checks for those lengths and delegates to the
parent implementation if necessary.

Issue: SPR-13018
2015-05-13 14:38:54 +02:00
Juergen Hoeller
a899e066f2 RequestResponseBodyMethodProcessor decorates ServletInputStream as well
Issue: SPR-13014
2015-05-11 21:52:30 +02:00
Brian Clozel
89694b009a Fix CachingResourceResolver key generation
When used in combination with GzipResourceResolver, the
CachingResourceResolver does not properly cache results, since it only
takes the request path as a input for cache key generation.

Here's an example of that behavior:

1. an HTTP client requests a resource with `Accept-Encoding: gzip`, so
the GzipResourceResolver can resolve a gzipped resource.
2. the configured CachingResourceResolver caches that resource.
3. another HTTP client requests the same resource, but it does not
support gzip encoding; the previously cached gzipped resource is still
returned.

This commit uses the presence/absence of gzip encoding support as an
input in cache keys generation.

Issue: SPR-12982
2015-05-11 21:18:03 +02:00
Juergen Hoeller
ce4e795f09 Polishing 2015-05-11 18:05:09 +02:00
Sam Brannen
bf423b2ca0 Remove duplicate separators when combining paths
Prior to this commit, AntPathMatcher would not correctly combine a path
that ends with a separator with a path that starts with a separator.
For example, `/foo/` + `/bar` combined into `/foo//bar`.

Specifically, this commit:

 - Removes the duplicated separator in combined paths

 - Improves RequestMappingInfo's toString() representation

 - Fixes Javadoc formatting in AntPathMatcher

 - Polishes AntPathMatcherTests

 - Polishes Javadoc in AbstractRequestCondition

Issue: SPR-12975
(cherry picked from commit a80d0e87a4)
2015-05-08 14:12:28 +02:00
Juergen Hoeller
35bf96763d Polishing 2015-03-31 18:42:28 +02:00
Juergen Hoeller
97f779674f Polishing 2015-03-25 15:28:30 +01:00
Juergen Hoeller
52ed9b7106 Consistent javadoc param declarations for type variables
(cherry picked from commit d23893f)
2015-03-25 01:02:40 +01:00
Juergen Hoeller
673dac5620 Removed outdated references to Servlet 2.3/2.4 2015-03-24 21:21:18 +01:00
Juergen Hoeller
1d5128ed1b Polishing 2015-03-23 22:24:23 +01:00
Juergen Hoeller
5f95ff6bfd Optimized access to resolved bean type (avoiding BeanFactory locks)
Revised HandlerMethod.getBeanType() impl for both web and messaging.
In addition, HandlerMethods get created with the internal BeanFactory now.

Issue: SPR-12832
(cherry picked from commit 898c24f)
2015-03-20 23:58:22 +01:00
Juergen Hoeller
b352dbfdeb Polishing (in particular updating javadoc references to Apache Commons)
(cherry picked from commit bc6a98c)
2015-03-13 20:13:21 +01:00
Rossen Stoyanchev
5c463a1680 Move X-Forwarded-* tests to UriComponentsBuilderTests 2015-03-13 10:02:00 -04:00
Sam Brannen
bac012f3e8 Support @NumberFormat as a meta-annotation
This commit ensures that @NumberFormat can be used as a
meta-annotation, as was already the case for @DateTimeFormat.

In addition, this commit polishes FormattingConversionServiceTests and
MvcNamespaceTests.

Issue: SPR-12743
(backported from commits df1d90f & c3408d8)
2015-03-07 21:44:42 +01:00
Juergen Hoeller
7ed7f981c9 Polishing
(cherry picked from commit b541fc9)
2015-03-06 18:50:49 +01:00
Rossen Stoyanchev
410fc6d763 UriComponentsBuilder.fromHttpRequest sets port correctly
Cherry-picked from commit d64c48 on master

Issue: SPR-12771
2015-03-05 21:54:46 -05:00
Juergen Hoeller
3783591083 Polishing
(cherry picked from commit e5207e6)
2015-03-02 21:56:21 +01:00
Juergen Hoeller
ca9f6a1e1e Fixed javadoc warnings 2015-02-27 22:43:21 +01:00
Brian Clozel
2c47098b35 Allow file locations for resource handling
Prior to this change, location checks for serving resources would append
`/` to the location path it didn't already have one.

This commit makes sure not to append a `/` if the provided location is
actually a file.

Issue: SPR-12747
2015-02-27 18:46:10 +01:00
Juergen Hoeller
6be554cba5 Polishing
(cherry picked from commit cc33d3f)
2015-02-25 20:38:18 +01:00
Juergen Hoeller
d77af71e9c Revised common validation methods in AbstractMessageConverterMethodArgumentResolver
The protected validation methods are analogous to ModelAttributeMethodProcessor now.

Issue: SPR-12655
(cherry picked from commit 7191050)
2015-02-19 23:53:16 +01:00
Juergen Hoeller
8dbe753963 Polishing 2015-02-18 17:54:16 +01:00