spring-framework/src/docs/asciidoc/web/webmvc.adoc

[[mvc]]
= Spring Web MVC
:doc-spring-security: {doc-root}/spring-security/site/docs/current/reference

[[mvc-introduction]]
== Introduction
Spring Web MVC is the original web framework built on the Servlet API and included
in the Spring Framework from the very beginning. The formal name "Spring Web MVC"
comes from the name of its source module
https://github.com/spring-projects/spring-framework/tree/master/spring-webmvc[spring-webmvc]
but it is more commonly known as "Spring MVC".

Parallel to Spring Web MVC, Spring Framework 5.0 introduced a reactive stack, web framework
whose name Spring WebFlux is also based on its source module
https://github.com/spring-projects/spring-framework/tree/master/spring-webflux[spring-webflux].
This section covers Spring Web MVC. The <<web-reactive.adoc#spring-web-reactive,next section>>
covers Spring WebFlux.



[[mvc-servlet]]
== DispatcherServlet
[.small]#<<web-reactive.adoc#webflux-dispatcher-handler,Same in Spring WebFlux>>#

Spring MVC, like many other web frameworks, is designed around the front controller
pattern where a central `Servlet`, the `DispatcherServlet`, provides a shared algorithm
for request processing while actual work is performed by configurable, delegate components.
This model is flexible and supports diverse workflows.

The `DispatcherServlet`, as any `Servlet`, needs to be declared and mapped according
to the Servlet specification using Java configuration or in `web.xml`.
In turn the `DispatcherServlet` uses Spring configuration to discover
the delegate components it needs for request mapping, view resolution, exception
handling, <<mvc-servlet-special-bean-types,and more>>.

Below is an example of the Java configuration that registers and initializes
the `DispatcherServlet`. This class is auto-detected by the Servlet container
(see <<mvc-container-config>>):

[source,java,indent=0]
[subs="verbatim,quotes"]
----
public class MyWebApplicationInitializer implements WebApplicationInitializer {

  @Override
  public void onStartup(ServletContext servletCxt) {

    // Load Spring web application configuration
    AnnotationConfigWebApplicationContext cxt = new AnnotationConfigWebApplicationContext();
    cxt.register(AppConfig.class);
    cxt.refresh();

    // Create DispatcherServlet
    DispatcherServlet servlet = new DispatcherServlet(cxt);

    // Register and map the Servlet
    ServletRegistration.Dynamic registration = servletCxt.addServlet("app", servlet);
    registration.setLoadOnStartup(1);
    registration.addMapping("/app/*");
  }

}
----

[NOTE]
====
In addition to using the ServletContext API directly, you can also extend
`AbstractAnnotationConfigDispatcherServletInitializer` and override specific methods
(see example under <<mvc-servlet-context-hierarchy>>).
====

Below is an example of `web.xml` configuration to register and initialize the `DispatcherServlet`:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
<web-app>

  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/app-context.xml</param-value>
  </context-param>

  <servlet>
    <servlet-name>app</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value></param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>

  <servlet-mapping>
    <servlet-name>app</servlet-name>
    <url-pattern>/app/*</url-pattern>
  </servlet-mapping>

</web-app>
----

[NOTE]
====
Spring Boot follows a different initialization sequence. Rather than hooking into
the lifecycle of the Servlet container, Spring Boot uses Spring configuration to
bootstrap itself and the embedded Servlet container. `Filter` and `Servlet` declarations
are detected in Spring configuration and registered with the Servlet container.
For more details check the
https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-embedded-container[Spring Boot docs].
====


[[mvc-servlet-context-hierarchy]]
=== Context Hierarchy

`DispatcherServlet` expects a `WebApplicationContext`, an extension of a plain
`ApplicationContext`, for its own configuration. `WebApplicationContext` has a link to the
`ServletContext` and `Servlet` it is associated with. It is also bound to the `ServletContext`
such that applications can use static methods on `RequestContextUtils` to look up the
`WebApplicationContext` if they need access to it.

For many applications having a single `WebApplicationContext` is simple and sufficient.
It is also possible to have a context hierarchy where one root `WebApplicationContext`
is shared across multiple `DispatcherServlet` (or other `Servlet`) instances, each with
its own child `WebApplicationContext` configuration.
See <<core.adoc#context-introduction,Additional Capabilities of the ApplicationContext>>
for more on the context hierarchy feature.

The root `WebApplicationContext` typically contains infrastructure beans such as data repositories and
business services that need to be shared across multiple `Servlet` instances. Those beans
are effectively inherited and could be overridden (i.e. re-declared) in the Servlet-specific,
child `WebApplicationContext` which typically contains beans local to the given `Servlet`:

image::images/mvc-context-hierarchy.png[]

Below is example configuration with a `WebApplicationContext` hierarchy:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
  public class MyWebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
      return new Class[] { RootConfig.class };
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
      return new Class[] { App1Config.class };
    }

    @Override
    protected String[] getServletMappings() {
      return new String[] { "/app1/*" };
    }
  }
----

And the `web.xml` equivalent:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
<web-app>

  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/root-context.xml</param-value>
  </context-param>

  <servlet>
    <servlet-name>app1</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>/WEB-INF/app1-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>

  <servlet-mapping>
    <servlet-name>app1</servlet-name>
    <url-pattern>/app1/*</url-pattern>
  </servlet-mapping>

</web-app>
----



[[mvc-servlet-special-bean-types]]
=== Special Bean Types
[.small]#<<web-reactive.adoc#webflux-special-bean-types,Same in Spring WebFlux>>#

The `DispatcherServlet` delegates to special beans to process requests and render the
appropriate responses. By "special beans" we mean Spring-managed Object instances that
implement one of the framework contracts listed in the table below.
Spring MVC provides built-in implementations of these contracts but you can also
customize, extend, or replace them.

[[mvc-webappctx-special-beans-tbl]]
.Special bean types in the WebApplicationContext
|===
| Bean type| Explanation

| <<mvc-handlermapping,HandlerMapping>>
| Map a request to a handler along with a list of ``HandlerInterceptor``'s for
  pre- and post-processing. The mapping is based on some criteria the details of
  which vary by `HandlerMapping` implementation. The most popular implementation
  supports annotated controllers but other implementations exists as well.

| HandlerAdapter
| Helps the `DispatcherServlet` to invoke a handler mapped to a request regardless of
  how the handler is actually invoked. For example, invoking an annotated controller
  requires resolving various annotations. The main purpose of a `HandlerAdapter` is
  to shield the `DispatcherServlet` from such details.

| <<mvc-exceptionhandlers,HandlerExceptionResolver>>
| Strategy to resolve exceptions possibly mapping them to handlers, or to HTML error
  views, or other.

| <<mvc-viewresolver,ViewResolver>>
| Resolves logical String-based view names returned from a handler to an actual `View`
  to render to the response with.

| <<mvc-localeresolver,LocaleResolver>> & <<mvc-timezone,LocaleContextResolver>>
| Resolves the `Locale` a client is using and possibly their time zone, in order to be able
  to offer internationalized views

| <<mvc-themeresolver,ThemeResolver>>
| Resolves themes your web application can use, for example, to offer personalized layouts

| <<mvc-multipart,MultipartResolver>>
| Abstraction for parsing a multi-part request (e.g. browser form file upload) with
  the help of some multipart parsing library.

| <<mvc-flash-attributes,FlashMapManager>>
| Stores and retrieves the "input" and the "output" `FlashMap` that can be used to pass
  attributes from one request to another, usually across a redirect.
|===


[[mvc-servlet-config]]
=== Initialization
For each type of special bean, the `DispatcherServlet` checks for the `WebApplicationContext` first.
If there are no matching bean types, it falls back on the default types listed in
https://github.com/spring-projects/spring-framework/blob/master/spring-webmvc/src/main/resources/org/springframework/web/servlet/DispatcherServlet.properties[DispatcherServlet.properties].

Applications can declare the special beans they wish to have. Most applications however
will find a better starting point in the MVC Java config or the MVC XML namespace which
provide a higher level configuration API that in turn make the necessary bean declarations.
See <<mvc-config>> for more details.

[NOTE]
====
Spring Boot relies on the MVC Java config to configure Spring MVC and also
provides many extra convenient options on top.
====


[[mvc-container-config]]
=== Servlet Config API

In a Servlet 3.0+ environment, you have the option of configuring the Servlet container
programmatically as an alternative or in combination with a `web.xml` file. Below is an
example of registering a `DispatcherServlet`:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	import org.springframework.web.WebApplicationInitializer;

	public class MyWebApplicationInitializer implements WebApplicationInitializer {

		@Override
		public void onStartup(ServletContext container) {
			XmlWebApplicationContext appContext = new XmlWebApplicationContext();
			appContext.setConfigLocation("/WEB-INF/spring/dispatcher-config.xml");

			ServletRegistration.Dynamic registration = container.addServlet("dispatcher", new DispatcherServlet(appContext));
			registration.setLoadOnStartup(1);
			registration.addMapping("/");
		}

	}
----

`WebApplicationInitializer` is an interface provided by Spring MVC that ensures your
implementation is detected and automatically used to initialize any Servlet 3 container.
An abstract base class implementation of `WebApplicationInitializer` named
`AbstractDispatcherServletInitializer` makes it even easier to register the
`DispatcherServlet` by simply overriding methods to specify the servlet mapping and the
location of the `DispatcherServlet` configuration.

This is recommended for applications that use Java-based Spring configuration:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	public class MyWebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

		@Override
		protected Class<?>[] getRootConfigClasses() {
			return null;
		}

		@Override
		protected Class<?>[] getServletConfigClasses() {
			return new Class[] { MyWebConfig.class };
		}

		@Override
		protected String[] getServletMappings() {
			return new String[] { "/" };
		}

	}
----

If using XML-based Spring configuration, you should extend directly from
`AbstractDispatcherServletInitializer`:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	public class MyWebAppInitializer extends AbstractDispatcherServletInitializer {

		@Override
		protected WebApplicationContext createRootApplicationContext() {
			return null;
		}

		@Override
		protected WebApplicationContext createServletApplicationContext() {
			XmlWebApplicationContext cxt = new XmlWebApplicationContext();
			cxt.setConfigLocation("/WEB-INF/spring/dispatcher-config.xml");
			return cxt;
		}

		@Override
		protected String[] getServletMappings() {
			return new String[] { "/" };
		}

	}
----

`AbstractDispatcherServletInitializer` also provides a convenient way to add `Filter`
instances and have them automatically mapped to the `DispatcherServlet`:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	public class MyWebAppInitializer extends AbstractDispatcherServletInitializer {

		// ...

		@Override
		protected Filter[] getServletFilters() {
			return new Filter[] {
				new HiddenHttpMethodFilter(), new CharacterEncodingFilter() };
		}
	}
----

Each filter is added with a default name based on its concrete type and automatically
mapped to the `DispatcherServlet`.

The `isAsyncSupported` protected method of `AbstractDispatcherServletInitializer`
provides a single place to enable async support on the `DispatcherServlet` and all
filters mapped to it. By default this flag is set to `true`.

Finally, if you need to further customize the `DispatcherServlet` itself, you can
override the `createDispatcherServlet` method.


[[mvc-servlet-sequence]]
=== Processing
[.small]#<<web-reactive.adoc#webflux-dispatcher-handler-sequence,Same in Spring WebFlux>>#

The `DispatcherServlet` processes requests as follows:

* The `WebApplicationContext` is searched for and bound in the request as an attribute
  that the controller and other elements in the process can use. It is bound by default
  under the key `DispatcherServlet.WEB_APPLICATION_CONTEXT_ATTRIBUTE`.
* The locale resolver is bound to the request to enable elements in the process to
  resolve the locale to use when processing the request (rendering the view, preparing
  data, and so on). If you do not need locale resolving, you do not need it.
* The theme resolver is bound to the request to let elements such as views determine
  which theme to use. If you do not use themes, you can ignore it.
* If you specify a multipart file resolver, the request is inspected for multiparts; if
  multiparts are found, the request is wrapped in a `MultipartHttpServletRequest` for
  further processing by other elements in the process. See <<mvc-multipart>> for further
  information about multipart handling.
* An appropriate handler is searched for. If a handler is found, the execution chain
  associated with the handler (preprocessors, postprocessors, and controllers) is
  executed in order to prepare a model or rendering. Or alternatively for annotated
  controllers, the response may be rendered (within the `HandlerAdapter`) instead of
  returning a view.
* If a model is returned, the view is rendered. If no model is returned, (may be due to
  a preprocessor or postprocessor intercepting the request, perhaps for security
  reasons), no view is rendered, because the request could already have been fulfilled.

The `HandlerExceptionResolver` beans declared in the `WebApplicationContext` are used to
resolve exceptions thrown during request processing. Those exception resolvers allow
customizing the logic to address exceptions. See <<mvc-exceptionhandlers>> for more details.

The Spring `DispatcherServlet` also supports the return of the
__last-modification-date__, as specified by the Servlet API. The process of determining
the last modification date for a specific request is straightforward: the
`DispatcherServlet` looks up an appropriate handler mapping and tests whether the
handler that is found implements the __LastModified__ interface. If so, the value of the
`long getLastModified(request)` method of the `LastModified` interface is returned to
the client.

You can customize individual `DispatcherServlet` instances by adding Servlet
initialization parameters ( `init-param` elements) to the Servlet declaration in the
`web.xml` file. See the following table for the list of supported parameters.

[[mvc-disp-servlet-init-params-tbl]]
.DispatcherServlet initialization parameters
|===
| Parameter| Explanation

| `contextClass`
| Class that implements `WebApplicationContext`, which instantiates the context used by
  this Servlet. By default, the `XmlWebApplicationContext` is used.

| `contextConfigLocation`
| String that is passed to the context instance (specified by `contextClass`) to
  indicate where context(s) can be found. The string consists potentially of multiple
  strings (using a comma as a delimiter) to support multiple contexts. In case of
  multiple context locations with beans that are defined twice, the latest location
  takes precedence.

| `namespace`
| Namespace of the `WebApplicationContext`. Defaults to `[servlet-name]-servlet`.
|===


[[mvc-handlermapping-interceptor]]
=== HandlerInterceptor

The two main `HandlerMapping` implementations are `RequestMappingHandlerMapping` which
supports `@RequestMapping` annotated methods and `SimpleUrlHandlerMapping` which maintains
explicit registrations of URI path patterns to handlers.

All `HandlerMapping` implementations supports handler interceptors that are useful when
you want to apply specific functionality to certain requests, for example, checking for
a principal.

Interceptors must implement `HandlerInterceptor` from the `org.springframework.web .servlet`
package with three methods that should provide enough flexibility to do all kinds of
pre-processing and post-processing.:

* `preHandle(..)` -- __before__ the actual handler is executed
* `postHandle(..)` -- __after__ the handler is executed
* `afterCompletion(..)` -- __after the complete request has finished__

The `preHandle(..)` method returns a boolean value. You can use this method to break or
continue the processing of the execution chain. When this method returns `true`, the
handler execution chain will continue; when it returns false, the `DispatcherServlet`
assumes the interceptor itself has taken care of requests (and, for example, rendered an
appropriate view) and does not continue executing the other interceptors and the actual
handler in the execution chain.

See <<mvc-config-interceptors>> in the section on MVC configuration for examples of how to
configure interceptors. You can also register them directly via setters on individual
`HandlerMapping` implementations.

[CAUTION]
====
`postHandle` is less useful with `@ResponseBody` and `ResponseEntity` methods for which a
the response is written and committed within the `HandlerAdapter` and before `postHandle`.
That means its too late to make any changes to the response such as adding an extra header.
For such scenarios you can implement `ResponseBodyAdvice` and either declare it as an
<<mvc-ann-controller-advice>> bean or configure it directly on `RequestMappingHandlerAdapter`.
====


[[mvc-localeresolver]]
=== Locales
Most parts of Spring's architecture support internationalization, just as the Spring web
MVC framework does. `DispatcherServlet` enables you to automatically resolve messages
using the client's locale. This is done with `LocaleResolver` objects.

When a request comes in, the `DispatcherServlet` looks for a locale resolver, and if it
finds one it tries to use it to set the locale. Using the `RequestContext.getLocale()`
method, you can always retrieve the locale that was resolved by the locale resolver.

In addition to automatic locale resolution, you can also attach an interceptor to the
handler mapping (see <<mvc-handlermapping-interceptor>> for more information on handler
mapping interceptors) to change the locale under specific circumstances, for example,
based on a parameter in the request.

Locale resolvers and interceptors are defined in the
`org.springframework.web.servlet.i18n` package and are configured in your application
context in the normal way. Here is a selection of the locale resolvers included in
Spring.



[[mvc-timezone]]
==== TimeZone
In addition to obtaining the client's locale, it is often useful to know their time zone.
The `LocaleContextResolver` interface offers an extension to `LocaleResolver` that allows
resolvers to provide a richer `LocaleContext`, which may include time zone information.

When available, the user's `TimeZone` can be obtained using the
`RequestContext.getTimeZone()` method. Time zone information will automatically be used
by Date/Time `Converter` and `Formatter` objects registered with Spring's
`ConversionService`.



[[mvc-localeresolver-acceptheader]]
==== Header resolver
This locale resolver inspects the `accept-language` header in the request that was sent
by the client (e.g., a web browser). Usually this header field contains the locale of
the client's operating system. __Note that this resolver does not support time zone
information.__



[[mvc-localeresolver-cookie]]
==== Cookie resolver

This locale resolver inspects a `Cookie` that might exist on the client to see if a
`Locale` or `TimeZone` is specified. If so, it uses the specified details. Using the
properties of this locale resolver, you can specify the name of the cookie as well as the
maximum age. Find below an example of defining a `CookieLocaleResolver`.

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver">

		<property name="cookieName" value="clientlanguage"/>

		<!-- in seconds. If set to -1, the cookie is not persisted (deleted when browser shuts down) -->
		<property name="cookieMaxAge" value="100000"/>

	</bean>
----

[[mvc-cookie-locale-resolver-props-tbl]]
.CookieLocaleResolver properties
[cols="1,1,4"]
|===
| Property| Default| Description

| cookieName
| classname + LOCALE
| The name of the cookie

| cookieMaxAge
| Servlet container default
| The maximum time a cookie will stay persistent on the client. If -1 is specified, the
  cookie will not be persisted; it will only be available until the client shuts down
  their browser.

| cookiePath
| /
| Limits the visibility of the cookie to a certain part of your site. When cookiePath is
  specified, the cookie will only be visible to that path and the paths below it.
|===



[[mvc-localeresolver-session]]
==== Session resolver

The `SessionLocaleResolver` allows you to retrieve `Locale` and `TimeZone` from the
session that might be associated with the user's request. In contrast to
`CookieLocaleResolver`, this strategy stores locally chosen locale settings in the
Servlet container's `HttpSession`. As a consequence, those settings are just temporary
for each session and therefore lost when each session terminates.

Note that there is no direct relationship with external session management mechanisms
such as the Spring Session project. This `SessionLocaleResolver` will simply evaluate and
modify corresponding `HttpSession` attributes against the current `HttpServletRequest`.



[[mvc-localeresolver-interceptor]]
==== Locale interceptor

You can enable changing of locales by adding the `LocaleChangeInterceptor` to one of the
handler mappings (see <<mvc-handlermapping>>). It will detect a parameter in the request
and change the locale. It calls `setLocale()` on the `LocaleResolver` that also exists
in the context. The following example shows that calls to all `{asterisk}.view` resources
containing a parameter named `siteLanguage` will now change the locale. So, for example,
a request for the following URL, `http://www.sf.net/home.view?siteLanguage=nl` will
change the site language to Dutch.

[source,xml,indent=0]
[subs="verbatim"]
----
	<bean id="localeChangeInterceptor"
			class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
		<property name="paramName" value="siteLanguage"/>
	</bean>

	<bean id="localeResolver"
			class="org.springframework.web.servlet.i18n.CookieLocaleResolver"/>

	<bean id="urlMapping"
			class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
		<property name="interceptors">
			<list>
				<ref bean="localeChangeInterceptor"/>
			</list>
		</property>
		<property name="mappings">
			<value>/**/*.view=someController</value>
		</property>
	</bean>
----




[[mvc-themeresolver]]
=== Themes

You can apply Spring Web MVC framework themes to set the overall look-and-feel of your
application, thereby enhancing user experience. A theme is a collection of static
resources, typically style sheets and images, that affect the visual style of the
application.


[[mvc-themeresolver-defining]]
==== Define a theme
To use themes in your web application, you must set up an implementation of the
`org.springframework.ui.context.ThemeSource` interface. The `WebApplicationContext`
interface extends `ThemeSource` but delegates its responsibilities to a dedicated
implementation. By default the delegate will be an
`org.springframework.ui.context.support.ResourceBundleThemeSource` implementation that
loads properties files from the root of the classpath. To use a custom `ThemeSource`
implementation or to configure the base name prefix of the `ResourceBundleThemeSource`,
you can register a bean in the application context with the reserved name `themeSource`.
The web application context automatically detects a bean with that name and uses it.

When using the `ResourceBundleThemeSource`, a theme is defined in a simple properties
file. The properties file lists the resources that make up the theme. Here is an example:

[literal]
[subs="verbatim,quotes"]
----
styleSheet=/themes/cool/style.css
background=/themes/cool/img/coolBg.jpg
----

The keys of the properties are the names that refer to the themed elements from view
code. For a JSP, you typically do this using the `spring:theme` custom tag, which is
very similar to the `spring:message` tag. The following JSP fragment uses the theme
defined in the previous example to customize the look and feel:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
	<html>
		<head>
			<link rel="stylesheet" href="<spring:theme code='styleSheet'/>" type="text/css"/>
		</head>
		<body style="background=<spring:theme code='background'/>">
			...
		</body>
	</html>
----

By default, the `ResourceBundleThemeSource` uses an empty base name prefix. As a result,
the properties files are loaded from the root of the classpath. Thus you would put the
`cool.properties` theme definition in a directory at the root of the classpath, for
example, in `/WEB-INF/classes`. The `ResourceBundleThemeSource` uses the standard Java
resource bundle loading mechanism, allowing for full internationalization of themes. For
example, we could have a `/WEB-INF/classes/cool_nl.properties` that references a special
background image with Dutch text on it.



[[mvc-themeresolver-resolving]]
==== Resolve themes
After you define themes, as in the preceding section, you decide which theme to use. The
`DispatcherServlet` will look for a bean named `themeResolver` to find out which
`ThemeResolver` implementation to use. A theme resolver works in much the same way as a
`LocaleResolver`. It detects the theme to use for a particular request and can also
alter the request's theme. The following theme resolvers are provided by Spring:

[[mvc-theme-resolver-impls-tbl]]
.ThemeResolver implementations
[cols="1,4"]
|===
| Class| Description

| `FixedThemeResolver`
| Selects a fixed theme, set using the `defaultThemeName` property.

| `SessionThemeResolver`
| The theme is maintained in the user's HTTP session. It only needs to be set once for
  each session, but is not persisted between sessions.

| `CookieThemeResolver`
| The selected theme is stored in a cookie on the client.
|===

Spring also provides a `ThemeChangeInterceptor` that allows theme changes on every
request with a simple request parameter.


[[mvc-multipart]]
=== MultipartResolver

Spring has built-in support for multipart requests including file uploads.
You enable this multipart support with pluggable `MultipartResolver` objects, defined in the
`org.springframework.web.multipart` package. Spring provides one `MultipartResolver`
implementation for use with http://jakarta.apache.org/commons/fileupload[__Commons
FileUpload__] and another for use with Servlet 3.0 multipart request parsing.

By default, Spring does no multipart handling, because some developers want to handle
multiparts themselves. You enable Spring multipart handling by adding a multipart
resolver to the web application's context. Each request is inspected to see if it
contains a multipart. If no multipart is found, the request continues as expected. If a
multipart is found in the request, the `MultipartResolver` that has been declared in
your context is used. After that, the multipart attribute in your request is treated
like any other attribute.



[[mvc-multipart-resolver-commons]]
==== __Commons FileUpload__

To use Apache Commons FileUpload, configure a bean of type `CommonsMultipartResolver` with
the name `multipartResolver`. Of course you also need to have `commons-fileupload` as a
dependency on your classpath.

When the Spring `DispatcherServlet` detects a multipart request, it activates the
resolver that has been declared in your context and hands over the request. The resolver
then wraps the current `HttpServletRequest` into a `MultipartHttpServletRequest` that
supports multipart file uploads. Using the `MultipartHttpServletRequest`, you can get
information about the multiparts contained by this request and actually get access to
the multipart files themselves in your controllers.


[[mvc-multipart-resolver-standard]]
==== __Servlet 3.0__

In order to use Servlet 3.0 based multipart parsing, you need to mark the
`DispatcherServlet` with a `"multipart-config"` section in `web.xml`, or with a
`javax.servlet.MultipartConfigElement` in programmatic Servlet registration, or in case
of a custom Servlet class possibly with a `javax.servlet.annotation.MultipartConfig`
annotation on your Servlet class. Configuration settings such as maximum sizes or
storage locations need to be applied at that Servlet registration level as Servlet 3.0
does not allow for those settings to be done from the MultipartResolver.

Once Servlet 3.0 multipart parsing has been enabled in one of the above mentioned ways
you can add a bean of type `StandardServletMultipartResolver` and with the name
`multipartResolver` to your Spring configuration.

[[filters]]
== Filters

The `spring-web` module provides some useful filters.

[[filters-http-put]]
=== HTTP PUT Form

Browsers can only submit form data via HTTP GET or HTTP POST but non-browser clients can also
use HTTP PUT and PATCH. The Servlet API requires `ServletRequest.getParameter{asterisk}()`
methods to support form field access only for HTTP POST.

The `spring-web` module provides `HttpPutFormContentFilter` that intercepts HTTP PUT and
PATCH requests with content type `application/x-www-form-urlencoded`, reads the form data from
the body of the request, and wraps the `ServletRequest` in order to make the form data
available through the `ServletRequest.getParameter{asterisk}()` family of methods.


[[filters-forwarded-headers]]
=== Forwarded Headers

As a request goes through proxies such as load balancers the host, port, and
scheme may change presenting a challenge for applications that need to create links
to resources since the links should reflect the host, port, and scheme of the
original request as seen from a client perspective.

https://tools.ietf.org/html/rfc7239[RFC 7239] defines the "Forwarded" HTTP header
for proxies to use to provide information about the original request. There are also
other non-standard headers in use such as "X-Forwarded-Host", "X-Forwarded-Port",
and "X-Forwarded-Proto".

`ForwardedHeaderFilter` detects, extracts, and uses information from the "Forwarded"
header, or from "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto".
It wraps the request in order to overlay its host, port, and scheme and also "hides"
the forwarded headers for subsequent processing.

Note that there are security considerations when using forwarded headers as explained
in Section 8 of RFC 7239. At the application level it is difficult to determine whether
forwarded headers can be trusted or not. This is why the network upstream should be
configured correctly to filter out untrusted forwarded headers from the outside.

Applications that don't have a proxy and don't need to use forwarded headers can
configure the `ForwardedHeaderFilter` to remove and ignore such headers.

[[filters-shallow-etag]]
=== Shallow ETag

Support for ETags is provided by the Servlet filter `ShallowEtagHeaderFilter`. It is a
plain Servlet Filter, and thus can be used in combination with any web framework. The
`ShallowEtagHeaderFilter` filter creates so-called shallow ETags (as opposed to deep
ETags, more about that later).The filter caches the content of the rendered JSP (or
other content), generates an MD5 hash over that, and returns that as an ETag header in
the response. The next time a client sends a request for the same resource, it uses that
hash as the `If-None-Match` value. The filter detects this, renders the view again, and
compares the two hashes. If they are equal, a `304` is returned.

Note that this strategy saves network bandwidth but not CPU, as the full response must be
computed for each request. Other strategies at the controller level (described above) can
save network bandwidth and avoid computation.

This filter has a `writeWeakETag` parameter that configures the filter to write Weak ETags,
like this: `W/"02a2d595e6ed9a0b24f027f2b63b134d6"`, as defined in
https://tools.ietf.org/html/rfc7232#section-2.3[RFC 7232 Section 2.3].



[[mvc-controller]]
== Annotated Controllers
[.small]#<<web-reactive.adoc#webflux-controller,Same in Spring WebFlux>>#

Spring MVC provides an annotation-based programming model where `@Controller` and
`@RestController` components use annotations to express request mappings, request input,
exception handling, and more. Annotated controllers have flexible method signatures and
do not have to extend base classes nor implement specific interfaces.

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	public class HelloController {

		@GetMapping("/hello")
		public String handle(Model model) {
			model.addAttribute("message", "Hello World!");
			return "index";
		}
	}
----

In this particular example the method accepts a `Model` and returns a view name as a `String`
but many other options exist and are explained further below in this chapter.

[TIP]
====
Guides and tutorials on https://spring.io/guides[spring.io] use the annotation-based
programming model described in this section.
====



[[mvc-ann-controller]]
=== @Controller
[.small]#<<web-reactive.adoc#webflux-ann-controller,Same in Spring WebFlux>>#

You can define controller beans using a standard Spring bean definition in the
Servlet's `WebApplicationContext`. The `@Controller` stereotype allows for auto-detection,
aligned with Spring general support for detecting `@Component` classes in the classpath
and auto-registering bean definitions for them. It also acts as a stereotype for the
annotated class, indicating its role as a web component.

To enable auto-detection of such `@Controller` beans, you can add component scanning to
your Java configuration:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@ComponentScan("org.example.web")
	public class WebConfig {

		// ...
	}
----

The XML configuration equivalent:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans"
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xmlns:p="http://www.springframework.org/schema/p"
		xmlns:context="http://www.springframework.org/schema/context"
		xsi:schemaLocation="
			http://www.springframework.org/schema/beans
			http://www.springframework.org/schema/beans/spring-beans.xsd
			http://www.springframework.org/schema/context
			http://www.springframework.org/schema/context/spring-context.xsd">

		<context:component-scan base-package="org.example.web"/>

		<!-- ... -->

	</beans>
----

`@RestController` is a composed annotation that is itself annotated with
`@Controller` and `@ResponseBody` indicating a controller whose every method inherits the type-level
`@ResponseBody` annotation and therefore writes to the response body (vs model-and-vew
rendering).

[[mvc-ann-controller-advice]]
=== @ControllerAdvice

The `@ControllerAdvice` annotation is a component annotation allowing implementation
classes to be auto-detected through classpath scanning. It is automatically enabled when
using the MVC namespace or the MVC Java config.

Classes annotated with `@ControllerAdvice` can contain `@ExceptionHandler`,
`@InitBinder`, and `@ModelAttribute` annotated methods, and these methods will apply to
`@RequestMapping` methods across all controller hierarchies as opposed to the controller
hierarchy within which they are declared.

`@RestControllerAdvice` is an alternative where `@ExceptionHandler` methods
assume `@ResponseBody` semantics by default.

Both `@ControllerAdvice` and `@RestControllerAdvice` can target a subset of controllers:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	// Target all Controllers annotated with @RestController
	@ControllerAdvice(annotations = RestController.class)
	public class AnnotationAdvice {}

	// Target all Controllers within specific packages
	@ControllerAdvice("org.example.controllers")
	public class BasePackageAdvice {}

	// Target all Controllers assignable to specific classes
	@ControllerAdvice(assignableTypes = {ControllerInterface.class, AbstractController.class})
	public class AssignableTypesAdvice {}
----

Check out the
{api-spring-framework}/web/bind/annotation/ControllerAdvice.html[`@ControllerAdvice`
documentation] for more details.


[[mvc-ann-requestmapping]]
=== Mapping Requests
[.small]#<<web-reactive.adoc#webflux-ann-requestmapping,Same in Spring WebFlux>>#

The `@RequestMapping` annotation is used to map requests to controllers methods. It has
various attributes to match by URL, HTTP method, request parameters, headers, and media
types. It can be used at the class-level to express shared mappings or at the method level
to narrow down to a specific endpoint mapping.

There are also HTTP method specific shortcut variants of `@RequestMapping`:

- `@GetMapping`
- `@PostMapping`
- `@PutMapping`
- `@DeleteMapping`
- `@PatchMapping`

The shortcut variants are
https://github.com/spring-projects/spring-framework/wiki/Spring-Annotation-Programming-Model#composed-annotations[composed annotations]
-- themselves annotated with `@RequestMapping`. They are commonly used at the method level.
At the class level an `@RequestMapping` is more useful for expressing shared mappings.

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@RestController
	@RequestMapping("/persons")
	class PersonController {

		@GetMapping("/{id}")
		public Person getPerson(@PathVariable Long id) {
			// ...
		}

		@PostMapping
		@ResponseStatus(HttpStatus.CREATED)
		public void add(@RequestBody Person person) {
			// ...
		}
	}
----


[[mvc-ann-requestmapping-proxying]]
==== AOP proxies

In some cases a controller may need to be decorated with an AOP proxy at runtime.
One example is if you choose to have `@Transactional` annotations directly on the
controller. When this is the case, for controllers specifically, we recommend
using class-based proxying. This is typically the default choice with controllers.
However if a controller must implement an interface that is not a Spring Context
callback (e.g. `InitializingBean`, `*Aware`, etc), you may need to explicitly
configure class-based proxying. For example with `<tx:annotation-driven/>`,
change to `<tx:annotation-driven proxy-target-class="true"/>`.


[[mvc-ann-requestmapping-uri-templates]]
==== URI patterns
[.small]#<<web-reactive.adoc#webflux-ann-requestmapping-uri-templates,Same in Spring
WebFlux>>#

You can map requests using glob patterns and wildcards:

* `?` matches one character
* `*` matches zero or more characters within a path segment
* `**` match zero or more path segments

You can also declare URI variables and access their values with `@PathVariable`:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@GetMapping("/owners/{ownerId}/pets/{petId}")
	public Pet findPet(@PathVariable Long ownerId, @PathVariable Long petId) {
		// ...
	}
----

URI variables can be declared at the class and method level:
[source,java,intent=0]
[subs="verbatim,quotes"]
----
@Controller
@RequestMapping("/owners/{ownerId}")
public class OwnerController {

	@GetMapping("/pets/{petId}")
	public Pet findPet(@PathVariable Long ownerId, @PathVariable Long petId) {
		// ...
	}
}
----

URI variables are automatically converted to the appropriate type or`TypeMismatchException`
is raised. Simple types -- `int`, `long`, `Date`, are supported by default and you can
register support for any other data type.
See <<mvc-ann-typeconversion>> and <<mvc-ann-webdatabinder>>.

URI variables can be named explicitly -- e.g. `@PathVariable("customId")`, but you can
leave that detail out if the names are the same and your code is compiled with debugging
information or with the `-parameters` compiler flag on Java 8.

The syntax `{varName:regex}` declares a URI variable with a regular expressions with the
syntax `{varName:regex}` -- e.g. given URL `"/spring-web-3.0.5 .jar"`, the below method
extracts the name, version, and file extension:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@GetMapping("/{name:[a-z-]+}-{version:\\d\\.\\d\\.\\d}{ext:\\.[a-z]+}")
	public void handle(@PathVariable String version, @PathVariable String ext) {
		// ...
	}
----

URI path patterns can also have embedded `${...}` placeholders that are resolved on startup
 via `PropertyPlaceHolderConfigurer` against local, system, environment, and other property
sources. This can be used for example to parameterize a base URL based on some external
configuration.

[NOTE]
====
Spring MVC uses the `PathMatcher` contract and the `AntPathMatcher` implementation from
`spring-core` for URI path matching.
====


[[mvc-ann-requestmapping-pattern-comparison]]
==== Pattern comparison
[.small]#<<web-reactive.adoc#webflux-ann-requestmapping-pattern-comparison,Same in Spring
WebFlux>>#

When multiple patterns match a URL, they must be compared to find the best match. This done
via `AntPathMatcher.getPatternComparator(String path)` which looks for patterns that more
specific.

A pattern is less specific if it has a lower count of URI variables and single wildcards
counted as 1 and double wildcards counted as 2. Given an equal score, the longer pattern is
chosen. Given the same score and length, the pattern with more URI variables than wildcards
is chosen.

The default mapping pattern `/{asterisk}{asterisk}` is excluded from scoring and always
sorted last. Also prefix patterns such as `/public/{asterisk}{asterisk}` are considered less
specific than other pattern that don't have double wildcards.

For the full details see `AntPatternComparator` in `AntPathMatcher` and also keep mind that
the `PathMatcher` implementation used can be customized. See <<mvc-config-path-matching>>
in the configuration section.



[[mvc-ann-requestmapping-suffix-pattern-match]]
==== Suffix match

By default Spring MVC performs `".{asterisk}"` suffix pattern matching so that a
controller mapped to `/person` is also implicitly mapped to `/person.{asterisk}`.
This is used for URL based content negotiation, e.g. `/person.pdf`, `/person.xml`, etc.

Suffix pattern matching was quite helpful when browsers used to send Accept headers that
are hard to interpet consistently. In the present, and for REST services, the `Accept`
header should be the preferred choice.

Suffix patterns can cause ambiguity and complexity in combination with path parameters,
encoded characters, and URI variables. It also makes it harder to reason about URL-based
authorization rules and security (see <<mvc-ann-requestmapping-rfd>>).

Suffix pattern matching can be turned off completely or restricted to a set of explicitly
registered path extensions. We strongly recommend using of one those options. See
<<mvc-config-path-matching>> and <<mvc-config-content-negotiation>>. If you need URL based
content negotiation consider using query parameters instead.


[[mvc-ann-requestmapping-rfd]]
==== Suffix match and RFD

Reflected file download (RFD) attack is similar to XSS in that it relies on request input,
e.g. query parameter, URI variable, being reflected in the response. However instead of
inserting JavaScript into HTML, an RFD attack relies on the browser switching to perform a
download and treating the response as an executable script when double-clicked later.

In Spring MVC `@ResponseBody` and `ResponseEntity` methods are at risk because
they can render different content types which clients can request via URL path extensions.
Disabling suffix pattern matching and the use of path extensions for content negotiation
lower the risk but are not sufficient to prevent RFD attacks.

To prevent RFD attacks, prior to rendering the response body Spring MVC adds a
`Content-Disposition:inline;filename=f.txt` header to suggest a fixed and safe download
file. This is done only if the URL path contains a file extension that is neither whitelisted
nor explicitly registered for content negotiation purposes. However it may potentially have
side effects when URLs are typed directly into a browser.

Many common path extensions are whitelisted by default. Applications with custom
`HttpMessageConverter` implementations can explicitly register file extensions for content
negotiation to avoid having a `Content-Disposition` header added for those extensions.
See <<mvc-config-content-negotiation>>.

Check http://pivotal.io/security/cve-2015-5211[CVE-2015-5211] for additional
recommendations related to RFD.



[[mvc-ann-matrix-variables]]
==== Matrix variables
The URI specification http://tools.ietf.org/html/rfc3986#section-3.3[RFC 3986] defines
the possibility of including name-value pairs within path segments. There is no specific
term used in the spec. The general "URI path parameters" could be applied although the
more unique http://www.w3.org/DesignIssues/MatrixURIs.html["Matrix URIs"], originating
from an old post by Tim Berners-Lee, is also frequently used and fairly well known.
Within Spring MVC these are referred to as matrix variables.

Matrix variables can appear in any path segment, each matrix variable separated with a
";" (semicolon). For example: `"/cars;color=red;year=2012"`. Multiple values may be
either "," (comma) separated `"color=red,green,blue"` or the variable name may be
repeated `"color=red;color=green;color=blue"`.

If a URL is expected to contain matrix variables, the request mapping pattern must
represent them with a URI template. This ensures the request can be matched correctly
regardless of whether matrix variables are present or not and in what order they are
provided.

Below is an example of extracting the matrix variable "q":

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	// GET /pets/42;q=11;r=22

	@GetMapping("/pets/{petId}")
	public void findPet(@PathVariable String petId, @MatrixVariable int q) {

		// petId == 42
		// q == 11

	}
----

Since all path segments may contain matrix variables, in some cases you need to be more
specific to identify where the variable is expected to be:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	// GET /owners/42;q=11/pets/21;q=22

	@GetMapping("/owners/{ownerId}/pets/{petId}")
	public void findPet(
			@MatrixVariable(name="q", pathVar="ownerId") int q1,
			@MatrixVariable(name="q", pathVar="petId") int q2) {

		// q1 == 11
		// q2 == 22

	}
----

A matrix variable may be defined as optional and a default value specified:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	// GET /pets/42

	@GetMapping("/pets/{petId}")
	public void findPet(@MatrixVariable(required=false, defaultValue="1") int q) {

		// q == 1

	}
----

All matrix variables may be obtained in a Map:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	// GET /owners/42;q=11;r=12/pets/21;q=22;s=23

	@GetMapping("/owners/{ownerId}/pets/{petId}")
	public void findPet(
			@MatrixVariable MultiValueMap<String, String> matrixVars,
			@MatrixVariable(pathVar="petId"") MultiValueMap<String, String> petMatrixVars) {

		// matrixVars: ["q" : [11,22], "r" : 12, "s" : 23]
		// petMatrixVars: ["q" : 22, "s" : 23]

	}
----

Note that to enable the use of matrix variables, you must set the
`removeSemicolonContent` property of `RequestMappingHandlerMapping` to `false`. By
default it is set to `true`.

[TIP]
====

The MVC Java config and the MVC namespace both provide options for enabling the use of
matrix variables.

If you are using Java config, The <<mvc-config-advanced-java, Advanced Customizations
with MVC Java Config>> section describes how the `RequestMappingHandlerMapping` can
be customized.

In the MVC namespace, the `<mvc:annotation-driven>` element has an
`enable-matrix-variables` attribute that should be set to `true`. By default it is set
to `false`.

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans"
		xmlns:mvc="http://www.springframework.org/schema/mvc"
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xsi:schemaLocation="
			http://www.springframework.org/schema/beans
			http://www.springframework.org/schema/beans/spring-beans.xsd
			http://www.springframework.org/schema/mvc
			http://www.springframework.org/schema/mvc/spring-mvc.xsd">

		<mvc:annotation-driven enable-matrix-variables="true"/>

	</beans>
----
====

[[mvc-ann-requestmapping-consumes]]
==== Consumable media types
[.small]#<<web-reactive.adoc#webflux-ann-requestmapping-consumes,Same in Spring WebFlux>>#

You can narrow the request mapping based on the `Content-Type` of the request:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@PostMapping(path = "/pets", **consumes = "application/json"**)
	public void addPet(@RequestBody Pet pet) {
		// ...
	}
----

The consumes attribute also supports negation expressions -- e.g. `!text/plain` means any
content type other than "text/plain".

You can declare a shared consumes attribute at the class level. Unlike most other request
mapping attributes however when used at the class level, a method-level consumes attribute
will overrides rather than extend the class level declaration.

[TIP]
====
`MediaType` provides constants for commonly used media types -- e.g.
`APPLICATION_JSON_VALUE`, `APPLICATION_JSON_UTF8_VALUE`.
====


[[mvc-ann-requestmapping-produces]]
==== Producible media types
[.small]#<<web-reactive.adoc#webflux-ann-requestmapping-produces,Same in Spring WebFlux>>#

You can narrow the request mapping based on the `Accept` request header and the list of
content types that a controller method produces:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@GetMapping(path = "/pets/{petId}", **produces = "application/json;charset=UTF-8"**)
	@ResponseBody
	public Pet getPet(@PathVariable String petId) {
		// ...
	}
----

The media type can specify a character set. Negated expressions are supported -- e.g.
`!text/plain` means any content type other than "text/plain".

You can declare a shared produces attribute at the class level. Unlike most other request
mapping attributes however when used at the class level, a method-level produces attribute
will overrides rather than extend the class level declaration.

[TIP]
====
`MediaType` provides constants for commonly used media types -- e.g.
`APPLICATION_JSON_VALUE`, `APPLICATION_JSON_UTF8_VALUE`.
====


[[mvc-ann-requestmapping-params-and-headers]]
==== Parameters, headers
[.small]#<<web-reactive.adoc#webflux-ann-requestmapping-params-and-headers,Same in Spring
WebFlux>>#

You can narrow request mappings based on request parameter conditions. You can test for the
presence of a request parameter (`"myParam"`), for the absence (`"!myParam"`), or for a
specific value (`"myParam=myValue"`):

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@GetMapping(path = "/pets/{petId}", **params = "myParam=myValue"**)
	public void findPet(@PathVariable String petId) {
		// ...
	}
----

You can also use the same with request header conditions:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@GetMapping(path = "/pets", **headers = "myHeader=myValue"**)
	public void findPet(@PathVariable String petId) {
		// ...
	}
----

[TIP]
====
You can match `Content-Type` and `Accept` with the headers condition but it is better to use
<<mvc-ann-requestmapping-consumes,consumes>> and <<mvc-ann-requestmapping-produces,produces>>
instead.
====


[[mvc-ann-requestmapping-head-options]]
==== HTTP HEAD, OPTIONS
[.small]#<<web-reactive.adoc#webflux-ann-requestmapping-head-options,Same in Spring WebFlux>>#

`@GetMapping` -- and also `@RequestMapping(method=HttpMethod.GET)`, support HTTP HEAD
transparently for request mapping purposes. Controller methods don't need to change.
A response wrapper, applied in `javax.servlet.http.HttpServlet`, ensures a `"Content-Length"`
header is set to the number of bytes written and without actually writing to the response.

`@GetMapping` -- and also `@RequestMapping(method=HttpMethod.GET)`, are implicitly mapped to
and also support HTTP HEAD. An HTTP HEAD request is processed as if it were HTTP GET except
but instead of writing the body, the number of bytes are counted and the "Content-Length"
header set.

By default HTTP OPTIONS is handled by setting the "Allow" response header to the list of HTTP
methods listed in all `@RequestMapping` methods with matching URL patterns.

For a `@RequestMapping` without HTTP method declarations, the "Allow" header is set to
`"GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS"`. Controller methods should always declare the
supported HTTP methods for example by using the HTTP method specific variants --
`@GetMapping`, `@PostMapping`, etc.

`@RequestMapping` method can be explicitly mapped to HTTP HEAD and HTTP OPTIONS, but that
is not necessary in the common case.



[[mvc-ann-methods]]
=== Handler Methods
[.small]#<<web-reactive.adoc#webflux-ann-methods,Same in Spring WebFlux>>#

`@RequestMapping` handler methods have a flexible signature and can choose from a range of
supported controller method arguments and return values.

[[mvc-ann-arguments]]
==== Method Arguments
[.small]#<<web-reactive.adoc#webflux-ann-arguments,Same in Spring WebFlux>>#

The table below shows supported controller method arguments. Reactive types are not supported
for any arguments.

JDK 1.8's `java.util.Optional` is supported as a method argument in combination with
annotations that have a `required` attribute -- e.g. `@RequestParam`, `@RequestHeader`,
etc, and is equivalent to `required=false`.

[cols="1,2", options="header"]
|===
|Controller method argument|Description

|`WebRequest`, `NativeWebRequest`
|Generic access to request parameters, request & session attributes, without direct
use of the Servlet API.

|`javax.servlet.ServletRequest`, `javax.servlet.ServletResponse`
|Choose any specific request or response type -- e.g. `ServletRequest`, `HttpServletRequest`,
or Spring's `MultipartRequest`, `MultipartHttpServletRequest`.

|`javax.servlet.http.HttpSession`
|Enforces the presence of a session. As a consequence, such an argument is never `null`. +
**Note:** Session access is not thread-safe. Consider setting the
``RequestMappingHandlerAdapter``'s "synchronizeOnSession" flag to "true" if multiple
requests are allowed to access a session concurrently.

|`javax.servlet.http.PushBuilder`
|Servlet 4.0 push builder API for programmatic HTTP/2 resource pushes.

|`java.security.Principal`
|Currently authenticated user; possibly a specific `Principal` implementation class if known.

|`HttpMethod`
|The HTTP method of the request.

|`java.util.Locale`
|The current request locale, determined by the most specific `LocaleResolver` available, in
effect, the configured `LocaleResolver`/`LocaleContextResolver`.

|Java 6+: `java.util.TimeZone` +
Java 8+: `java.time.ZoneId`
|The time zone associated with the current request, as determined by a `LocaleContextResolver`.

|`java.io.InputStream`, `java.io.Reader`
|For access to the raw request body as exposed by the Servlet API.

|`java.io.OutputStream`, `java.io.Writer`
|For access to the raw response body as exposed by the Servlet API.

|`@PathVariable`
|For access to URI template variables. See <<mvc-ann-requestmapping-uri-templates>>.

|`@MatrixVariable`
|For access to name-value pairs in URI path segments. See <<mvc-ann-matrix-variables>>.

|`@RequestParam`
|For access to Servlet request parameters. Parameter values are converted to the declared
method argument type. See <<mvc-ann-requestparam>>.

|`@RequestHeader`
|For access to request headers. Header values are converted to the declared method argument
type. See <<mvc-ann-requestheader>>.

|`@RequestBody`
|For access to the HTTP request body. Body content is converted to the declared method
argument type using ``HttpMessageConverter``s. See <<mvc-ann-requestbody>>.

|`HttpEntity<B>`
|For access to request headers and body. The body is converted with ``HttpMessageConverter``s.
See <<mvc-ann-httpentity>>.

|`@RequestPart`
|For access to a part in  a "multipart/form-data" request.
See <<mvc-multipart-forms-non-browsers>> and <<mvc-multipart>>.

|`java.util.Map`, `org.springframework.ui.Model`, `org.springframework.ui.ModelMap`
|For access and updates of the implicit model that is exposed to the web view.

|`RedirectAttributes`
|Specify attributes to use in case of a redirect -- i.e. to be appended to the query
string, and/or flash attributes to be stored temporarily until the request after redirect.
See <<mvc-redirecting-passing-data>> and <<mvc-flash-attributes>>.

|Command or form object (with optional `@ModelAttribute`)
|Command object whose properties to bind to request parameters -- via setters or directly to
fields, with customizable type conversion, depending on `@InitBinder` methods and/or the
HandlerAdapter configuration (see the `webBindingInitializer` property on
`RequestMappingHandlerAdapter`).

Command objects along with their validation results are exposed as model attributes, by
default using the command class name - e.g. model attribute "orderAddress" for a command
object of type "some.package.OrderAddress". `@ModelAttribute` can be used to customize the
model attribute name.

|`Errors`, `BindingResult`
|Validation results for the command/form object data binding; this argument must be
declared immediately after the command/form object in the controller method signature.

|`SessionStatus`
|For marking form processing complete which triggers cleanup of session attributes
declared through a class-level `@SessionAttributes` annotation.

|`UriComponentsBuilder`
|For preparing a URL relative to the current request's host, port, scheme, context path, and
the literal  part of the servlet mapping also taking into account `Forwarded` and
`X-Forwarded-*` headers.

|`@SessionAttribute`
|For access to any session attribute; in contrast to model attributes stored in the session
as a result of a class-level `@SessionAttributes` declaration.

|`@RequestAttribute`
|For access to request attributes.
|===

[[mvc-ann-return-types]]
==== Return Values
[.small]#<<web-reactive.adoc#webflux-ann-return-types,Same in Spring WebFlux>>#

The table below shows supported controller method return values. Reactive types are
supported for all return values, see below for more details.

[cols="1,2", options="header"]
|===
|Controller method return value|Description

|`@ResponseBody`
|The return value is converted through ``HttpMessageConverter``s and written to the
response. See <<mvc-ann-responsebody>>.

|`HttpEntity<B>`, `ResponseEntity<B>`
|The return value specifies the full response including HTTP headers and body be converted
through ``HttpMessageConverter``s and written to the response. See <<mvc-ann-httpentity>>.

|`HttpHeaders`
|For returning a response with headers and no body.

|`String`
|A view name to be resolved with ``ViewResolver``'s and used together with the implicit
model -- determined through command objects and `@ModelAttribute` methods. The handler
method may also programmatically enrich the model by declaring a `Model` argument (see
above).

|`View`
|A `View` instance to use for rendering together with the implicit model -- determined
through command objects and `@ModelAttribute` methods. The handler method may also
programmatically enrich the model by declaring a `Model` argument (see above).

|`java.util.Map`, `org.springframework.ui.Model`
|Attributes to be added to the implicit model with the view name implicitly determined
through a `RequestToViewNameTranslator`.

|`ModelAndView` object
|The view and model attributes to use, and optionally a response status.

|`void`
|For use in methods that declare a `ServletResponse` or `OutputStream` argument and write
to the response body; or if the view name is supposed to be implicitly determined through a
`RequestToViewNameTranslator`.

|`Callable<V>`
|Produce any of the above return values asynchronously in a Spring MVC managed thread.

|`DeferredResult<V>`
|Produce any of the above return values asynchronously from any thread -- e.g. possibly as a
result of some event or callback.

|`ListenableFuture<V>`,
`java.util.concurrent.CompletionStage<V>`,
`java.util.concurrent.CompletableFuture<V>`
|Alternative to `DeferredResult` as a convenience for example when an underlying service
returns one of those.

|`ResponseBodyEmitter`, `SseEmitter`
|Emit a stream of objects asynchronously to be written to the response with
``HttpMessageConverter``'s; also supported as the body of a `ResponseEntity`.

|`StreamingResponseBody`
|Write to the response `OutputStream` asynchronously; also supported as the body of a
`ResponseEntity`.

|Reactive types -- Reactor, RxJava, or others via `ReactiveAdapterRegistry`
|Alternative to ``DeferredResult` with multi-value streams (e.g. `Flux`, `Observable`)
collected to a `List`.

For streaming scenarios -- .e.g. `text/event-stream`, `application/json+stream`,
`SseEmitter` and `ResponseBodyEmitter` are used instead, where `ServletOutputStream` blocking
I/O is performed on a Spring MVC managed thread and back pressure applied against the
completion of each write.

See <<mvc-ann-async-reactive-types>>.

|Any other return type
|A single model attribute to be added to the implicit model with the view name implicitly
determined through a `RequestToViewNameTranslator`; the attribute name may be specified
through a method-level `@ModelAttribute` or otherwise a name is selected based on the
class name of the return type.
|===


[[mvc-ann-requestparam]]
==== @RequestParam

Use the `@RequestParam` annotation to bind request parameters to a method parameter in
your controller.

The following code snippet shows the usage:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	@RequestMapping("/pets")
	@SessionAttributes("pet")
	public class EditPetForm {

		// ...

		@GetMapping
		public String setupForm(**@RequestParam("petId") int petId**, ModelMap model) {
			Pet pet = this.clinic.loadPet(petId);
			model.addAttribute("pet", pet);
			return "petForm";
		}

		// ...

	}
----

Parameters using this annotation are required by default, but you can specify that a
parameter is optional by setting ``@RequestParam``'s `required` attribute to `false`
(e.g., `@RequestParam(name="id", required=false)`).

Type conversion is applied automatically if the target method parameter type is not
`String`. See <<mvc-ann-typeconversion>>.

When an `@RequestParam` annotation is used on a `Map<String, String>` or
`MultiValueMap<String, String>` argument, the map is populated with all request
parameters.


[[mvc-ann-typeconversion]]
==== Type Conversion
String-based values extracted from the request including request parameters, path
variables, request headers, and cookie values may need to be converted to the target
type of the method parameter or field (e.g., binding a request parameter to a field in
an `@ModelAttribute` parameter) they're bound to. If the target type is not `String`,
Spring automatically converts to the appropriate type. All simple types such as int,
long, Date, etc. are supported. You can further customize the conversion process through
a `WebDataBinder`, see <<mvc-ann-initbinder>>, or by registering `Formatters` with
the `FormattingConversionService`, see <<core.adoc#format, Spring Field Formatting>>.


[[mvc-ann-requestheader]]
==== @RequestHeader
The `@RequestHeader` annotation allows a method parameter to be bound to a request header.

Here is a sample request header:

[literal]
[subs="verbatim,quotes"]
----
Host                    localhost:8080
Accept                  text/html,application/xhtml+xml,application/xml;q=0.9
Accept-Language         fr,en-gb;q=0.7,en;q=0.3
Accept-Encoding         gzip,deflate
Accept-Charset          ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive              300
----

The following code sample demonstrates how to get the value of the `Accept-Encoding` and
`Keep-Alive` headers:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@RequestMapping("/displayHeaderInfo.do")
	public void displayHeaderInfo(**@RequestHeader("Accept-Encoding")** String encoding,
			**@RequestHeader("Keep-Alive")** long keepAlive) {
		//...
	}
----

Type conversion is applied automatically if the method parameter is not `String`. See
<<mvc-ann-typeconversion>>.

When an `@RequestHeader` annotation is used on a `Map<String, String>`,
`MultiValueMap<String, String>`, or `HttpHeaders` argument, the map is populated
with all header values.


[TIP]
====
Built-in support is available for converting a comma-separated string into an
array/collection of strings or other types known to the type conversion system. For
example a method parameter annotated with `@RequestHeader("Accept")` may be of type
`String` but also `String[]` or `List<String>`.
====



[[mvc-ann-cookievalue]]
==== @CookieValue

The `@CookieValue` annotation allows a method parameter to be bound to the value of an
HTTP cookie.

Let us consider that the following cookie has been received with an http request:

[literal]
[subs="verbatim,quotes"]
----
JSESSIONID=415A4AC178C59DACE0B2C9CA727CDD84
----

The following code sample demonstrates how to get the value of the `JSESSIONID` cookie:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@RequestMapping("/displayHeaderInfo.do")
	public void displayHeaderInfo(**@CookieValue("JSESSIONID")** String cookie) {
		//...
	}
----

Type conversion is applied automatically if the target method parameter type is not
`String`. See <<mvc-ann-typeconversion>>.


[[mvc-ann-modelattrib-method-args]]
==== @ModelAttribute

As explained in the previous section `@ModelAttribute` can be used on methods or on
method arguments. This section explains its usage on method arguments.

An `@ModelAttribute` on a method argument indicates the argument should be retrieved
from the model. If not present in the model, the argument should be instantiated first
and then added to the model. Once present in the model, the argument's fields should be
populated from all request parameters that have matching names. This is known as data
binding in Spring MVC, a very useful mechanism that saves you from having to parse each
form field individually.

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
	public String processSubmit(**@ModelAttribute Pet pet**) { }
----

Given the above example where can the Pet instance come from? There are several options:

* It may already be in the model due to use of `@SessionAttributes` -- see
  <<mvc-ann-sessionattrib>>.
* It may already be in the model due to an `@ModelAttribute` method in the same
  controller -- as explained in the previous section.
* It may be retrieved based on a URI template variable and type converter (explained in
  more detail below).
* It may be instantiated using its default constructor.

An `@ModelAttribute` method is a common way to retrieve an attribute from the
database, which may optionally be stored between requests through the use of
`@SessionAttributes`. In some cases it may be convenient to retrieve the attribute by
using an URI template variable and a type converter. Here is an example:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@PutMapping("/accounts/{account}")
	public String save(@ModelAttribute("account") Account account) {
		// ...
	}
----

In this example the name of the model attribute (i.e. "account") matches the name of a
URI template variable. If you register `Converter<String, Account>` that can turn the
`String` account value into an `Account` instance, then the above example will work
without the need for an `@ModelAttribute` method.

The next step is data binding. The `WebDataBinder` class matches request parameter names
-- including query string parameters and form fields -- to model attribute fields by
name. Matching fields are populated after type conversion (from String to the target
field type) has been applied where necessary. Data binding and validation are covered in
<<core.adoc#validation, Validation>>.
Customizing the data binding process for a controller level is covered in
<<mvc-ann-webdatabinder>>.

As a result of data binding there may be errors such as missing required fields or type
conversion errors. To check for such errors add a `BindingResult` argument immediately
following the `@ModelAttribute` argument:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
	public String processSubmit(**@ModelAttribute("pet") Pet pet**, BindingResult result) {

		if (result.hasErrors()) {
			return "petForm";
		}

		// ...

	}
----

With a `BindingResult` you can check if errors were found in which case it's common to
render the same form where the errors can be shown with the help of Spring's `<errors>`
form tag.

Note that in some cases it may be useful to gain access to an attribute in the
model without data binding. For such cases you may inject the `Model` into the
controller or alternatively use the `binding` flag on the annotation:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
@ModelAttribute
public AccountForm setUpForm() {
    return new AccountForm();
}

@ModelAttribute
public Account findAccount(@PathVariable String accountId) {
    return accountRepository.findOne(accountId);
}

@PostMapping("update")
public String update(@Valid AccountUpdateForm form, BindingResult result,
        **@ModelAttribute(binding=false)** Account account) {

    // ...
}
----

In addition to data binding you can also invoke validation using your own custom
validator passing the same `BindingResult` that was used to record data binding errors.
That allows for data binding and validation errors to be accumulated in one place and
subsequently reported back to the user:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
	public String processSubmit(**@ModelAttribute("pet") Pet pet**, BindingResult result) {

		new PetValidator().validate(pet, result);
		if (result.hasErrors()) {
			return "petForm";
		}

		// ...

	}
----

Or you can have validation invoked automatically by adding the JSR-303 `@Valid`
annotation:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
	public String processSubmit(**@Valid @ModelAttribute("pet") Pet pet**, BindingResult result) {

		if (result.hasErrors()) {
			return "petForm";
		}

		// ...

	}
----

See <<core.adoc#validation-beanvalidation, Bean validation>> and
<<core.adoc#validation, Spring validation>> for details on how to configure and use validation.


[[mvc-multipart-forms]]
==== File upload
After the `MultipartResolver` completes its job, the request is processed like any
other. First, create a form with a file input that will allow the user to upload a form.
The encoding attribute ( `enctype="multipart/form-data"`) lets the browser know how to
encode the form as multipart request:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<html>
		<head>
			<title>Upload a file please</title>
		</head>
		<body>
			<h1>Please upload a file</h1>
			<form method="post" action="/form" enctype="multipart/form-data">
				<input type="text" name="name"/>
				<input type="file" name="file"/>
				<input type="submit"/>
			</form>
		</body>
	</html>
----

The next step is to create a controller that handles the file upload. This controller is
very similar to a <<mvc-ann-controller,normal annotated `@Controller`>>, except that we
use `MultipartHttpServletRequest` or `MultipartFile` in the method parameters:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	public class FileUploadController {

		@PostMapping("/form")
		public String handleFormUpload(@RequestParam("name") String name,
				@RequestParam("file") MultipartFile file) {

			if (!file.isEmpty()) {
				byte[] bytes = file.getBytes();
				// store the bytes somewhere
				return "redirect:uploadSuccess";
			}

			return "redirect:uploadFailure";
		}

	}
----

Note how the `@RequestParam` method parameters map to the input elements declared in the
form. In this example, nothing is done with the `byte[]`, but in practice you can save
it in a database, store it on the file system, and so on.

When using Servlet 3.0 multipart parsing you can also use `javax.servlet.http.Part` for
the method parameter:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	public class FileUploadController {

		@PostMapping("/form")
		public String handleFormUpload(@RequestParam("name") String name,
				@RequestParam("file") Part file) {

			InputStream inputStream = file.getInputStream();
			// store bytes from uploaded file somewhere

			return "redirect:uploadSuccess";
		}

	}
----


[[mvc-ann-sessionattributes]]
==== @SessionAttributes

`@SessionAttributes` is used to store model attributes in the HTTP session between
requests. It is a type-level annotation that declares session attributes used by a
specific handler. This will typically list the names of model attributes or types of
model attributes which should be transparently stored in the session or some
conversational storage, serving as form-backing beans between subsequent requests.

The following code snippet shows the usage of this annotation, specifying the model
attribute name:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	@RequestMapping("/editPet.do")
	**@SessionAttributes("pet")**
	public class EditPetForm {
		// ...
	}
----

[[mvc-ann-sessionattribute]]
==== @SessionAttribute

If you need access to pre-existing session attributes that are managed globally,
i.e. outside the controller (e.g. by a filter), and may or may not be present
use the `@SessionAttribute` annotation on a method parameter:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@RequestMapping("/")
	public String handle(**@SessionAttribute** User user) {
		// ...
	}
----

For use cases that require adding or removing session attributes consider injecting
`org.springframework.web.context.request.WebRequest` or
`javax.servlet.http.HttpSession` into the controller method.

For temporary storage of model attributes in the session as part of a controller
workflow consider using `SessionAttributes` as described in
<<mvc-ann-sessionattrib>>.


[[mvc-ann-requestattrib]]
==== @RequestAttribute

Similar to `@SessionAttribute` the `@RequestAttribute` annotation can be used to
access pre-existing request attributes created by a filter or interceptor:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@RequestMapping("/")
	public String handle(**@RequestAttribute** Client client) {
		// ...
	}
----


[[mvc-multipart-forms-non-browsers]]
==== @RequestPart
Multipart requests can also be submitted from non-browser clients in a RESTful service
scenario. All of the above examples and configuration apply here as well. However,
unlike browsers that typically submit files and simple form fields, a programmatic
client can also send more complex data of a specific content type -- for example a
multipart request with a file and second part with JSON formatted data:

[literal]
[subs="verbatim,quotes"]
----
POST /someUrl
Content-Type: multipart/mixed

--edt7Tfrdusa7r3lNQc79vXuhIIMlatb7PQg7Vp
Content-Disposition: form-data; name="meta-data"
Content-Type: application/json; charset=UTF-8
Content-Transfer-Encoding: 8bit

{
	"name": "value"
}
--edt7Tfrdusa7r3lNQc79vXuhIIMlatb7PQg7Vp
Content-Disposition: form-data; name="file-data"; filename="file.properties"
Content-Type: text/xml
Content-Transfer-Encoding: 8bit
... File Data ...
----

You could access the part named "meta-data" with a `@RequestParam("meta-data") String
metadata` controller method argument. However, you would probably prefer to accept a
strongly typed object initialized from the JSON formatted data in the body of the
request part, very similar to the way `@RequestBody` converts the body of a
non-multipart request to a target object with the help of an `HttpMessageConverter`.

You can use the `@RequestPart` annotation instead of the `@RequestParam` annotation for
this purpose. It allows you to have the content of a specific multipart passed through
an `HttpMessageConverter` taking into consideration the `'Content-Type'` header of the
multipart:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@PostMapping("/someUrl")
	public String onSubmit(**@RequestPart("meta-data") MetaData metadata,
			@RequestPart("file-data") MultipartFile file**) {

		// ...

	}
----

Notice how `MultipartFile` method arguments can be accessed with `@RequestParam` or with
`@RequestPart` interchangeably. However, the `@RequestPart("meta-data") MetaData` method
argument in this case is read as JSON content based on its `'Content-Type'` header and
converted with the help of the `MappingJackson2HttpMessageConverter`.


[[mvc-ann-requestbody]]
==== @RequestBody
The `@RequestBody` method parameter annotation indicates that a method parameter should
be bound to the value of the HTTP request body. For example:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@PutMapping("/something")
	public void handle(@RequestBody String body, Writer writer) throws IOException {
		writer.write(body);
	}
----

You convert the request body to the method argument by using an `HttpMessageConverter`.
`HttpMessageConverter` is responsible for converting from the HTTP request message to an
object and converting from an object to the HTTP response body. The
`RequestMappingHandlerAdapter` supports the `@RequestBody` annotation with the following
default `HttpMessageConverters`:

* `ByteArrayHttpMessageConverter` converts byte arrays.
* `StringHttpMessageConverter` converts strings.
* `FormHttpMessageConverter` converts form data to/from a MultiValueMap<String, String>.
* `SourceHttpMessageConverter` converts to/from a javax.xml.transform.Source.

For more information on these converters, see <<integration.adoc#rest-message-conversion,
Message Converters>>. Also note that if using the MVC namespace or the MVC Java config, a
wider range of message converters are registered by default. See <<mvc-config-enable>> for
more information.

If you intend to read and write XML, you will need to configure the
`MarshallingHttpMessageConverter` with a specific `Marshaller` and an `Unmarshaller`
implementation from the `org.springframework.oxm` package. The example below shows how
to do that directly in your configuration but if your application is configured through
the MVC namespace or the MVC Java config see <<mvc-config-enable>> instead.

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter">
		<property name="messageConverters">
			<util:list id="beanList">
				<ref bean="stringHttpMessageConverter"/>
				<ref bean="marshallingHttpMessageConverter"/>
			</util:list>
		</property>
	</bean>

	<bean id="stringHttpMessageConverter"
			class="org.springframework.http.converter.StringHttpMessageConverter"/>

	<bean id="marshallingHttpMessageConverter"
			class="org.springframework.http.converter.xml.MarshallingHttpMessageConverter">
		<property name="marshaller" ref="castorMarshaller"/>
		<property name="unmarshaller" ref="castorMarshaller"/>
	</bean>

	<bean id="castorMarshaller" class="org.springframework.oxm.castor.CastorMarshaller"/>
----

An `@RequestBody` method parameter can be annotated with `@Valid`, in which case it will
be validated using the configured `Validator` instance. When using the MVC namespace or
the MVC Java config, a JSR-303 validator is configured automatically assuming a JSR-303
implementation is available on the classpath.

Just like with `@ModelAttribute` parameters, an `Errors` argument can be used to examine
the errors. If such an argument is not declared, a `MethodArgumentNotValidException`
will be raised. The exception is handled in the `DefaultHandlerExceptionResolver`, which
sends a `400` error back to the client.

[NOTE]
====
Also see <<mvc-config-enable>> for
information on configuring message converters and a validator through the MVC namespace
or the MVC Java config.
====


[[mvc-ann-httpentity]]
==== HttpEntity

`HttpEntity` is similar to `@RequestBody` but also with access to request headers:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@RequestMapping("/something")
	public ResponseEntity<String> handle(HttpEntity<byte[]> requestEntity) throws UnsupportedEncodingException {
		String requestHeader = requestEntity.getHeaders().getFirst("MyRequestHeader");
		byte[] requestBody = requestEntity.getBody();
		// ...
	}
----

The above example gets the value of the `MyRequestHeader` request header, and reads the
body as a byte array. As with `@RequestBody`, Spring uses `HttpMessageConverter` to
convert from and to the request and response streams. For more information on these
converters, see the previous section and <<integration.adoc#rest-message-conversion,
Message Converters>>.


[[mvc-ann-responsebody]]
==== @ResponseBody

The `@ResponseBody` annotation is similar to `@RequestBody`. This annotation can be placed
on a method and indicates that the return type should be written straight to the HTTP
response body (and not placed in a Model, or interpreted as a view name). For example:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@GetMapping("/something")
	@ResponseBody
	public String helloWorld() {
		return "Hello World";
	}
----

The above example will result in the text `Hello World` being written to the HTTP
response stream.

As with `@RequestBody`, Spring converts the returned object to a response body by using
an `HttpMessageConverter`. For more information on these converters, see the previous
section and <<integration.adoc#rest-message-conversion,Message Converters>>.


[[mvc-ann-responseentity]]
==== ResponseEntity

The is similar to `@ResponseBody` but besides providing the response body, `ResponseEntity`
also allows setting response headers:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@PostMapping("/something")
	public ResponseEntity<String> handle() {
		// ...
		URI location = ... ;
		return new ResponseEntity.created(location).build();
	}
----

As with `@ResponseBody`, Spring uses `HttpMessageConverter` to
convert from and to the request and response streams. For more information on these
converters, see the previous section and <<integration.adoc#rest-message-conversion,
Message Converters>>.



[[mvc-ann-jackson]]
==== Jackson JSON

[[mvc-ann-jsonview]]
===== Jackson serialization views

It can sometimes be useful to filter contextually the object that will be serialized to the
HTTP response body. In order to provide such capability, Spring MVC has built-in support for
rendering with http://wiki.fasterxml.com/JacksonJsonViews[Jackson's Serialization Views].

To use it with an `@ResponseBody` controller method or controller methods that return
`ResponseEntity`, simply add the `@JsonView` annotation with a class argument specifying
the view class or interface to be used:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@RestController
	public class UserController {

		@GetMapping("/user")
		@JsonView(User.WithoutPasswordView.class)
		public User getUser() {
			return new User("eric", "7!jd#h23");
		}
	}

	public class User {

		public interface WithoutPasswordView {};
		public interface WithPasswordView extends WithoutPasswordView {};

		private String username;
		private String password;

		public User() {
		}

		public User(String username, String password) {
			this.username = username;
			this.password = password;
		}

		@JsonView(WithoutPasswordView.class)
		public String getUsername() {
			return this.username;
		}

		@JsonView(WithPasswordView.class)
		public String getPassword() {
			return this.password;
		}
	}
----

[NOTE]
====
Note that despite `@JsonView` allowing for more than one class to
be specified, the use on a controller method is only supported with
exactly one class argument. Consider the use of a composite interface
if you need to enable multiple views.
====

For controllers relying on view resolution, simply add the serialization view class
to the model:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	public class UserController extends AbstractController {

		@GetMapping("/user")
		public String getUser(Model model) {
			model.addAttribute("user", new User("eric", "7!jd#h23"));
			model.addAttribute(JsonView.class.getName(), User.WithoutPasswordView.class);
			return "userView";
		}
	}
----

[[mvc-ann-jsonp]]
===== Jackson JSONP

In order to enable http://en.wikipedia.org/wiki/JSONP[JSONP] support for `@ResponseBody`
and `ResponseEntity` methods, declare an `@ControllerAdvice` bean that extends
`AbstractJsonpResponseBodyAdvice` as shown below where the constructor argument indicates
the JSONP query parameter name(s):

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@ControllerAdvice
	public class JsonpAdvice extends AbstractJsonpResponseBodyAdvice {

		public JsonpAdvice() {
			super("callback");
		}
	}
----

For controllers relying on view resolution, JSONP is automatically enabled when the
request has a query parameter named `jsonp` or `callback`. Those names can be
customized through `jsonpParameterNames` property.


[[mvc-ann-modelattrib-methods]]
=== Model methods

The `@ModelAttribute` annotation can be used on methods or on method arguments. This
section explains its usage on methods while the next section explains its usage on
method arguments.

An `@ModelAttribute` on a method indicates the purpose of that method is to add one or
more model attributes. Such methods support the same argument types as `@RequestMapping`
methods but cannot be mapped directly to requests. Instead `@ModelAttribute` methods in
a controller are invoked before `@RequestMapping` methods, within the same controller. A
couple of examples:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	// Add one attribute
	// The return value of the method is added to the model under the name "account"
	// You can customize the name via @ModelAttribute("myAccount")

	@ModelAttribute
	public Account addAccount(@RequestParam String number) {
		return accountManager.findAccount(number);
	}

	// Add multiple attributes

	@ModelAttribute
	public void populateModel(@RequestParam String number, Model model) {
		model.addAttribute(accountManager.findAccount(number));
		// add more ...
	}
----

`@ModelAttribute` methods are used to populate the model with commonly needed attributes
for example to fill a drop-down with states or with pet types, or to retrieve a command
object like Account in order to use it to represent the data on an HTML form. The latter
case is further discussed in the next section.

Note the two styles of `@ModelAttribute` methods. In the first, the method adds an
attribute implicitly by returning it. In the second, the method accepts a `Model` and
adds any number of model attributes to it. You can choose between the two styles
depending on your needs.

A controller can have any number of `@ModelAttribute` methods. All such methods are
invoked before `@RequestMapping` methods of the same controller.

`@ModelAttribute` methods can also be defined in an ``@ControllerAdvice``-annotated class
and such methods apply to many controllers. See the <<mvc-ann-controller-advice>> section
for more details.

[TIP]
====

What happens when a model attribute name is not explicitly specified? In such cases a
default name is assigned to the model attribute based on its type. For example if the
method returns an object of type `Account`, the default name used is "account". You can
change that through the value of the `@ModelAttribute` annotation. If adding attributes
directly to the `Model`, use the appropriate overloaded `addAttribute(..)` method -
i.e., with or without an attribute name.
====

The `@ModelAttribute` annotation can be used on `@RequestMapping` methods as well. In
that case the return value of the `@RequestMapping` method is interpreted as a model
attribute rather than as a view name. The view name is then derived based on view name
conventions instead, much like for methods returning `void` -- see <<mvc-coc-r2vnt>>.


[[mvc-ann-initbinder]]
=== Binder methods

To customize request parameter binding with PropertyEditors through Spring's
`WebDataBinder`, you can use `@InitBinder`-annotated methods within your controller,
`@InitBinder` methods within an `@ControllerAdvice` class, or provide a custom
`WebBindingInitializer`. See the <<mvc-ann-controller-advice>> section for more details.

Annotating controller methods with `@InitBinder` allows you to configure web data
binding directly within your controller class. `@InitBinder` identifies methods that
initialize the `WebDataBinder` that will be used to populate command and form object
arguments of annotated handler methods.

Such init-binder methods support all arguments that `@RequestMapping` methods support,
except for command/form objects and corresponding validation result objects. Init-binder
methods must not have a return value. Thus, they are usually declared as `void`.
Typical arguments include `WebDataBinder` in combination with `WebRequest` or
`java.util.Locale`, allowing code to register context-specific editors.

The following example demonstrates the use of `@InitBinder` to configure a
`CustomDateEditor` for all `java.util.Date` form properties.

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	public class MyFormController {

		**@InitBinder**
		protected void initBinder(WebDataBinder binder) {
			SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd");
			dateFormat.setLenient(false);
			binder.registerCustomEditor(Date.class, new CustomDateEditor(dateFormat, false));
		}

		// ...
	}
----

Alternatively, as of Spring 4.2, consider using `addCustomFormatter` to specify
`Formatter` implementations instead of `PropertyEditor` instances. This is
particularly useful if you happen to have a `Formatter`-based setup in a shared
`FormattingConversionService` as well, with the same approach to be reused for
controller-specific tweaking of the binding rules.

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	public class MyFormController {

		**@InitBinder**
		protected void initBinder(WebDataBinder binder) {
			binder.addCustomFormatter(new DateFormatter("yyyy-MM-dd"));
		}

		// ...
	}
----


[[mvc-ann-async]]
=== Async requests

[[mvc-ann-async-processing]]
==== Processing

Spring MVC 3.2 introduced Servlet 3 based asynchronous request processing. Instead of
returning a value, as usual, a controller method can now return a
`java.util.concurrent.Callable` and produce the return value from a Spring MVC managed thread.
Meanwhile the main Servlet container thread is exited and released and allowed to process other
requests. Spring MVC invokes the `Callable` in a separate thread with the help of a
`TaskExecutor` and when the `Callable` returns, the request is dispatched back to the
Servlet container to resume processing using the value returned by the `Callable`. Here
is an example of such a controller method:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@PostMapping
	public Callable<String> processUpload(final MultipartFile file) {

		return new Callable<String>() {
			public String call() throws Exception {
				// ...
				return "someView";
			}
		};

	}
----

Another option is for the controller method to return an instance of `DeferredResult`. In this
case the return value will also be produced from any thread, i.e. one that
is not managed by Spring MVC. For example the result may be produced in response to some
external event such as a JMS message, a scheduled task, and so on. Here is an example
of such a controller method:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@RequestMapping("/quotes")
	@ResponseBody
	public DeferredResult<String> quotes() {
		DeferredResult<String> deferredResult = new DeferredResult<String>();
		// Save the deferredResult somewhere..
		return deferredResult;
	}

	// In some other thread...
	deferredResult.setResult(data);
----

This may be difficult to understand without any knowledge of the Servlet 3.0
asynchronous request processing features. It would certainly help to read up
on that. Here are a few basic facts about the underlying mechanism:

* A `ServletRequest` can be put in asynchronous mode by calling `request.startAsync()`.
  The main effect of doing so is that the Servlet, as well as any Filters, can exit but
  the response will remain open to allow processing to complete later.
* The call to `request.startAsync()` returns `AsyncContext` which can be used for
  further control over async processing. For example it provides the method `dispatch`,
  that is similar to a forward from the Servlet API except it allows an
  application to resume request processing on a Servlet container thread.
* The `ServletRequest` provides access to the current `DispatcherType` that can
  be used to distinguish between processing the initial request, an async
  dispatch, a forward, and other dispatcher types.

With the above in mind, the following is the sequence of events for async request
processing with a `Callable`:

* Controller returns a `Callable`.
* Spring MVC starts asynchronous processing and submits the `Callable` to
  a `TaskExecutor` for processing in a separate thread.
* The `DispatcherServlet` and all Filter's exit the Servlet container thread
  but the response remains open.
* The `Callable` produces a result and Spring MVC dispatches the request back
  to the Servlet container to resume processing.
* The `DispatcherServlet` is invoked again and processing resumes with the
  asynchronously produced result from the `Callable`.

The sequence for `DeferredResult` is very similar except it's up to the
application to produce the asynchronous result from any thread:

* Controller returns a `DeferredResult` and saves it in some in-memory
  queue or list where it can be accessed.
* Spring MVC starts async processing.
* The `DispatcherServlet` and all configured Filter's exit the request
  processing thread but the response remains open.
* The application sets the `DeferredResult` from some thread and Spring MVC
  dispatches the request back to the Servlet container.
* The `DispatcherServlet` is invoked again and processing resumes with the
  asynchronously produced result.

For further background on the motivation for async request processing and
when or why to use it please read
https://spring.io/blog/2012/05/07/spring-mvc-3-2-preview-introducing-servlet-3-async-support[this
blog post series].


[[mvc-ann-async-exceptions]]
==== Exception handling
What happens if a `Callable` returned from a controller method raises an
Exception while being executed? The short answer is the same as what happens
when a controller method raises an exception. It goes through the regular
exception handling mechanism. The longer explanation is that when a `Callable`
raises an Exception Spring MVC dispatches to the Servlet container with
the `Exception` as the result and that leads to resume request processing
with the `Exception` instead of a controller method return value.
When using a `DeferredResult` you have a choice whether to call
`setResult` or `setErrorResult` with an `Exception` instance.


[[mvc-ann-async-interception]]
==== Async interceptors
A `HandlerInterceptor` can also implement `AsyncHandlerInterceptor` in order
to implement the `afterConcurrentHandlingStarted` callback, which is called
instead of `postHandle` and `afterCompletion` when asynchronous processing
starts.

A `HandlerInterceptor` can also register a `CallableProcessingInterceptor`
or a `DeferredResultProcessingInterceptor` in order to integrate more
deeply with the lifecycle of an asynchronous request and for example
handle a timeout event. See the Javadoc of `AsyncHandlerInterceptor`
for more details.

The `DeferredResult` type also provides methods such as `onTimeout(Runnable)`
and `onCompletion(Runnable)`. See the Javadoc of `DeferredResult` for more
details.

When using a `Callable` you can wrap it with an instance of `WebAsyncTask`
which also provides registration methods for timeout and completion.

[[mvc-ann-async-http-streaming]]
==== Streaming response

A controller method can use `DeferredResult` and `Callable` to produce its
return value asynchronously and that can be used to implement techniques such as
http://spring.io/blog/2012/05/08/spring-mvc-3-2-preview-techniques-for-real-time-updates/[long polling]
where the server can push an event to the client as soon as possible.

What if you wanted to push multiple events on a single HTTP response?
This is a technique related to "Long Polling" that is known as "HTTP Streaming".
Spring MVC makes this possible through the `ResponseBodyEmitter` return value
type which can be used to send multiple Objects, instead of one as is normally
the case with `@ResponseBody`, where each Object sent is written to the
response with an `HttpMessageConverter`.

Here is an example of that:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@RequestMapping("/events")
	public ResponseBodyEmitter handle() {
		ResponseBodyEmitter emitter = new ResponseBodyEmitter();
		// Save the emitter somewhere..
		return emitter;
	}

	// In some other thread
	emitter.send("Hello once");

	// and again later on
	emitter.send("Hello again");

	// and done at some point
	emitter.complete();
----

Note that `ResponseBodyEmitter` can also be used as the body in a
`ResponseEntity` in order to customize the status and headers of
the response.

[[mvc-ann-async-sse]]
==== Server-Sent Events

`SseEmitter` is a sub-class of `ResponseBodyEmitter` providing support for
http://www.w3.org/TR/eventsource/[Server-Sent Events].
Server-sent events is a just another variation on the same "HTTP Streaming"
technique except events pushed from the server are formatted according to
the W3C Server-Sent Events specification.

Server-Sent Events can be used for their intended purpose, that is to push
events from the server to clients. It is quite easy to do in Spring MVC and
requires simply returning a value of type `SseEmitter`.

Note however that Internet Explorer does not support Server-Sent Events and
that for more advanced web application messaging scenarios such as online games,
collaboration, financial applicatinos, and others it's better to consider
Spring's WebSocket support that includes SockJS-style WebSocket emulation
falling back to a very wide range of browsers (including Internet Explorer)
and also higher-level messaging patterns for interacting with clients through
a publish-subscribe model within a more messaging-centric architecture.
For further background on this see
http://blog.pivotal.io/pivotal/products/websocket-architecture-in-spring-4-0[the following blog post].

[[mvc-ann-async-output-stream]]
==== Streaming raw data

`ResponseBodyEmitter` allows sending events by writing Objects to the
response through an `HttpMessageConverter`. This is probably the most common
case, for example when writing JSON data. However sometimes it is useful to
bypass message conversion and write directly to the response `OutputStream`
for example for a file download. This can be done with the help of the
`StreamingResponseBody` return value type.

Here is an example of that:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@RequestMapping("/download")
	public StreamingResponseBody handle() {
		return new StreamingResponseBody() {
			@Override
			public void writeTo(OutputStream outputStream) throws IOException {
				// write...
			}
		};
	}
----

Note that `StreamingResponseBody` can also be used as the body in a
`ResponseEntity` in order to customize the status and headers of
the response.


[[mvc-ann-async-reactive-types]]
==== Reactive return values

If using the reactive `WebClient` from `spring-webflux`, or another client, or
a data store with reactive support, you can return reactive types directly from
Spring MVC controller methods.

Spring MVC adapts transparently to the reactive library in use with proper translation
of cardinality -- i.e. how many values are expected. This is done with the help of the
{api-spring-framework}/core/ReactiveAdapterRegistry.html[ReactiveAdapterRegistry] from
`spring-core` which provides pluggable support for reactive and async types. The registry
has built-in support for RxJava but others can be registered.

Return values are handled as follows:

* If the return type has single-value stream semantics such as Reactor `Mono` or
RxJava `Single` it is adapted and equivalent to using `DeferredResult`.
* If the return type has multi-value stream semantics such as Reactor `Flux` or
RxJava `Observable` / `Flowable` and if the media type indicates streaming, e.g.
"application/stream+json" or "text/event-stream", it is adapted and equivalent to
using `ResponseBodyEmitter` or `SseEmitter`. You can also return
`Flux<ServerSentEvent>` or `Observable<ServerSentEvent>`.
* If the return type has multi-value stream semantics but the media type does not
imply streaming, e.g. "application/json", it is adapted and equivalent to using
`DeferredResult<List<?>>`, e.g. JSON array.

Reactive libraries are detected and adapted to a Reactive Streams `Publisher`
through Spring's pluggable `ReactiveAdapterRegistry` which by default supports
Reactor 3, RxJava 2, and RxJava 1. Note that for RxJava 1 you will need to add
https://github.com/ReactiveX/RxJavaReactiveStreams["io.reactivex:rxjava-reactive-streams"]
to the classpath.

A common assumption with reactive libraries is to not block the processing thread.
The `WebClient` with Reactor Netty for example is based on event-loop style
handling using a small, fixed number of threads and those must not be blocked
when writing to the `ServletResponseOutputStream`. Reactive libraries have
operators for that but Spring MVC automatically writes asynchronously so you
don't need to use them. The underlying `TaskExecutor` for this must be configured
through the MVC Java config and the MVC namespace as described in the following
section which by default is a `SyncTaskExecutor` and hence not suitable for
production use.

[NOTE]
====
Unlike Spring MVC, Spring WebFlux is built on a non-blocking, reactive foundation
and uses the Servlet 3.1 non-blocking I/O that's also based on event loop style
processing and hence does not require a thread to absorb the effect of blocking.
====



[[mvc-ann-async-configuration]]
==== Configuration

For asynchronous requests there are minor requirements at the Servlet container
level and more controls in Spring MVC configuration.

[[mvc-ann-async-configuration-servlet3]]
===== Servlet container config
For applications configured with a `web.xml` be sure to update to version 3.0:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<web-app xmlns="http://java.sun.com/xml/ns/javaee"
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xsi:schemaLocation="
				http://java.sun.com/xml/ns/javaee
				http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
		version="3.0">

		...

	</web-app>
----

Asynchronous support must be enabled on the `DispatcherServlet` through the
`<async-supported>true</async-supported>` sub-element in `web.xml`. Additionally
any `Filter` that participates in asyncrequest processing must be configured
to support the ASYNC dispatcher type. It should be safe to enable the ASYNC
dispatcher type for all filters provided with the Spring Framework since they
usually extend `OncePerRequestFilter` and that has runtime checks for whether
the filter needs to be involved in async dispatches or not.

Below is some example web.xml configuration:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<web-app xmlns="http://java.sun.com/xml/ns/javaee"
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xsi:schemaLocation="
				http://java.sun.com/xml/ns/javaee
				http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
		version="3.0">

		<filter>
			<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
			<filter-class>org.springframework.~.OpenEntityManagerInViewFilter</filter-class>
			<async-supported>true</async-supported>
		</filter>

		<filter-mapping>
			<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
			<url-pattern>/*</url-pattern>
			<dispatcher>REQUEST</dispatcher>
			<dispatcher>ASYNC</dispatcher>
		</filter-mapping>

	</web-app>

----

If using Servlet 3, Java based configuration for example via `WebApplicationInitializer`,
you'll also need to set the "asyncSupported" flag as well as the ASYNC dispatcher type
just like with `web.xml`. To simplify all this configuration, consider extending
`AbstractDispatcherServletInitializer`, or better
`AbstractAnnotationConfigDispatcherServletInitializer` which automatically
set those options and make it very easy to register `Filter` instances.

[[mvc-ann-async-configuration-spring-mvc]]
===== Spring MVC config

The MVC Java config and the MVC namespace provide options for configuring
asynchronous request processing. `WebMvcConfigurer` has the method
`configureAsyncSupport` while `<mvc:annotation-driven>` has an
`<async-support>` sub-element.

Those allow you to configure the default timeout value to use for async requests, which
if not set depends on the underlying Servlet container (e.g. 10 seconds on Tomcat). You
can also configure an `AsyncTaskExecutor` to use for executing `Callable` instances
returned from controller methods. It is highly recommended to configure this property
since by default Spring MVC uses `SimpleAsyncTaskExecutor`. The MVC Java config and the
MVC namespace also allow you to register `CallableProcessingInterceptor` and
`DeferredResultProcessingInterceptor` instances.

If you need to override the default timeout value for a specific `DeferredResult`, you
can do so by using the appropriate class constructor. Similarly, for a `Callable`, you
can wrap it in a `WebAsyncTask` and use the appropriate class constructor to customize
the timeout value. The class constructor of `WebAsyncTask` also allows providing an
`AsyncTaskExecutor`.



[[mvc-ann-tests]]
=== Testing
The `spring-test` contains a framework for testing annotated controllers with a
`DispatcherServlet` and complete Spring MVC infrastructure but without an HTTP server.

See <<testing.adoc#spring-mvc-test-framework, Spring MVC Test Framework>>.



[[mvc-viewresolver]]
== View resolution
All MVC frameworks for web applications provide a way to address views. Spring provides
view resolvers, which enable you to render models in a browser without tying you to a
specific view technology. Out of the box, Spring enables you to use JSPs, FreeMarker
templates and XSLT views, for example. See <<mvc-view>> for a discussion of how to integrate
and use a number of disparate view technologies.

The two interfaces that are important to the way Spring handles views are `ViewResolver`
and `View`. The `ViewResolver` provides a mapping between view names and actual views.
The `View` interface addresses the preparation of the request and hands the request over
to one of the view technologies.



[[mvc-viewresolver-resolver]]
=== ViewResolver

As discussed in <<mvc-controller>>, all handler methods in the Spring Web MVC
controllers must resolve to a logical view name, either explicitly (e.g., by returning a
`String`, `View`, or `ModelAndView`) or implicitly (i.e., based on conventions). Views
in Spring are addressed by a logical view name and are resolved by a view resolver.
Spring comes with quite a few view resolvers. This table lists most of them; a couple of
examples follow.

[[mvc-view-resolvers-tbl]]
.ViewResolver implementations
|===
| ViewResolver| Description

| `AbstractCachingViewResolver`
| Abstract view resolver that caches views. Often views need preparation before they can
  be used; extending this view resolver provides caching.

| `XmlViewResolver`
| Implementation of `ViewResolver` that accepts a configuration file written in XML with
  the same DTD as Spring's XML bean factories. The default configuration file is
  `/WEB-INF/views.xml`.

| `ResourceBundleViewResolver`
| Implementation of `ViewResolver` that uses bean definitions in a `ResourceBundle`,
  specified by the bundle base name. Typically you define the bundle in a properties
  file, located in the classpath. The default file name is `views.properties`.

| `UrlBasedViewResolver`
| Simple implementation of the `ViewResolver` interface that effects the direct
  resolution of logical view names to URLs, without an explicit mapping definition. This
  is appropriate if your logical names match the names of your view resources in a
  straightforward manner, without the need for arbitrary mappings.

| `InternalResourceViewResolver`
| Convenient subclass of `UrlBasedViewResolver` that supports `InternalResourceView` (in
  effect, Servlets and JSPs) and subclasses such as `JstlView` and `TilesView`. You can
  specify the view class for all views generated by this resolver by using
  `setViewClass(..)`. See the `UrlBasedViewResolver` javadocs for details.

| `FreeMarkerViewResolver`
| Convenient subclass of `UrlBasedViewResolver` that supports `FreeMarkerView` and
  custom subclasses of them.

| `ContentNegotiatingViewResolver`
| Implementation of the `ViewResolver` interface that resolves a view based on the
  request file name or `Accept` header. See <<mvc-multiple-representations>>.
|===

As an example, with JSP as a view technology, you can use the `UrlBasedViewResolver`.
This view resolver translates a view name to a URL and hands the request over to the
RequestDispatcher to render the view.

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<bean id="viewResolver"
			class="org.springframework.web.servlet.view.UrlBasedViewResolver">
		<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
		<property name="prefix" value="/WEB-INF/jsp/"/>
		<property name="suffix" value=".jsp"/>
	</bean>
----

When returning `test` as a logical view name, this view resolver forwards the request to
the `RequestDispatcher` that will send the request to `/WEB-INF/jsp/test.jsp`.

When you combine different view technologies in a web application, you can use the
`ResourceBundleViewResolver`:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<bean id="viewResolver"
			class="org.springframework.web.servlet.view.ResourceBundleViewResolver">
		<property name="basename" value="views"/>
		<property name="defaultParentView" value="parentView"/>
	</bean>
----

The `ResourceBundleViewResolver` inspects the `ResourceBundle` identified by the
basename, and for each view it is supposed to resolve, it uses the value of the property
`[viewname].(class)` as the view class and the value of the property `[viewname].url` as
the view url. Examples can be found in the next chapter which covers view technologies.
As you can see, you can identify a parent view, from which all views in the properties
file "extend". This way you can specify a default view class, for example.

[NOTE]
====
Subclasses of `AbstractCachingViewResolver` cache view instances that they resolve.
Caching improves performance of certain view technologies. It's possible to turn off the
cache by setting the `cache` property to `false`. Furthermore, if you must refresh a
certain view at runtime (for example when a FreeMarker template is modified), you can use
the `removeFromCache(String viewName, Locale loc)` method.
====



[[mvc-viewresolver-chaining]]
=== Resolver chain
Spring supports multiple view resolvers. Thus you can chain resolvers and, for example,
override specific views in certain circumstances. You chain view resolvers by adding
more than one resolver to your application context and, if necessary, by setting the
`order` property to specify ordering. Remember, the higher the order property, the later
the view resolver is positioned in the chain.

In the following example, the chain of view resolvers consists of two resolvers, an
`InternalResourceViewResolver`, which is always automatically positioned as the last
resolver in the chain, and an `XmlViewResolver` for specifying Excel views. Excel views
are not supported by the `InternalResourceViewResolver`.

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
		<property name="prefix" value="/WEB-INF/jsp/"/>
		<property name="suffix" value=".jsp"/>
	</bean>

	<bean id="excelViewResolver" class="org.springframework.web.servlet.view.XmlViewResolver">
		<property name="order" value="1"/>
		<property name="location" value="/WEB-INF/views.xml"/>
	</bean>

	<!-- in views.xml -->

	<beans>
		<bean name="report" class="org.springframework.example.ReportExcelView"/>
	</beans>
----

If a specific view resolver does not result in a view, Spring examines the context for
other view resolvers. If additional view resolvers exist, Spring continues to inspect
them until a view is resolved. If no view resolver returns a view, Spring throws a
`ServletException`.

The contract of a view resolver specifies that a view resolver __can__ return null to
indicate the view could not be found. Not all view resolvers do this, however, because
in some cases, the resolver simply cannot detect whether or not the view exists. For
example, the `InternalResourceViewResolver` uses the `RequestDispatcher` internally, and
dispatching is the only way to figure out if a JSP exists, but this action can only
execute once. The same holds for the `FreeMarkerViewResolver` and some others. Check the
javadocs of the specific view resolver to see whether it reports non-existing views.
Thus, putting an `InternalResourceViewResolver` in the chain in a place other than
the last results in the chain not being fully inspected, because the
`InternalResourceViewResolver` will __always__ return a view!



[[mvc-redirecting]]
=== Redirecting
As mentioned previously, a controller typically returns a logical view name, which a
view resolver resolves to a particular view technology. For view technologies such as
JSPs that are processed through the Servlet or JSP engine, this resolution is usually
handled through the combination of `InternalResourceViewResolver` and
`InternalResourceView`, which issues an internal forward or include via the Servlet
API's `RequestDispatcher.forward(..)` method or `RequestDispatcher.include()` method.
For other view technologies, such as FreeMarker, XSLT, and so on, the view itself writes
the content directly to the response stream.

It is sometimes desirable to issue an HTTP redirect back to the client, before the view
is rendered. This is desirable, for example, when one controller has been called with
`POST` data, and the response is actually a delegation to another controller (for
example on a successful form submission). In this case, a normal internal forward will
mean that the other controller will also see the same `POST` data, which is potentially
problematic if it can confuse it with other expected data. Another reason to perform a
redirect before displaying the result is to eliminate the possibility of the user
submitting the form data multiple times. In this scenario, the browser will first send
an initial `POST`; it will then receive a response to redirect to a different URL; and
finally the browser will perform a subsequent `GET` for the URL named in the redirect
response. Thus, from the perspective of the browser, the current page does not reflect
the result of a `POST` but rather of a `GET`. The end effect is that there is no way the
user can accidentally re- `POST` the same data by performing a refresh. The refresh
forces a `GET` of the result page, not a resend of the initial `POST` data.


[[mvc-redirecting-redirect-view]]
==== RedirectView

One way to force a redirect as the result of a controller response is for the controller
to create and return an instance of Spring's `RedirectView`. In this case,
`DispatcherServlet` does not use the normal view resolution mechanism. Rather because it
has been given the (redirect) view already, the `DispatcherServlet` simply instructs the
view to do its work. The `RedirectView` in turn calls `HttpServletResponse.sendRedirect()`
to send an HTTP redirect to the client browser.

If you use `RedirectView` and the view is created by the controller itself, it is
recommended that you configure the redirect URL to be injected into the controller so
that it is not baked into the controller but configured in the context along with the
view names. The <<mvc-redirecting-redirect-prefix>> facilitates this decoupling.

[[mvc-redirecting-passing-data]]
===== Redirect with data

By default all model attributes are considered to be exposed as URI template variables in
the redirect URL. Of the remaining attributes those that are primitive types or
collections/arrays of primitive types are automatically appended as query parameters.

Appending primitive type attributes as query parameters may be the desired result if a
model instance was prepared specifically for the redirect. However, in annotated
controllers the model may contain additional attributes added for rendering purposes (e.g.
drop-down field values). To avoid the possibility of having such attributes appear in the
URL, an `@RequestMapping` method can declare an argument of type `RedirectAttributes` and
use it to specify the exact attributes to make available to `RedirectView`. If the method
does redirect, the content of `RedirectAttributes` is used.  Otherwise the content of the
model is used.

The `RequestMappingHandlerAdapter` provides a flag called
`"ignoreDefaultModelOnRedirect"` that can be used to indicate the content of the default
`Model` should never be used if a controller method redirects. Instead the controller
method should declare an attribute of type `RedirectAttributes` or if it doesn't do so
no attributes should be passed on to `RedirectView`. Both the MVC namespace and the MVC
Java config keep this flag set to `false` in order to maintain backwards compatibility.
However, for new applications we recommend setting it to `true`

Note that URI template variables from the present request are automatically made
available when expanding a redirect URL and do not need to be added explicitly neither
through `Model` nor `RedirectAttributes`. For example:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@PostMapping("/files/{path}")
	public String upload(...) {
		// ...
		return "redirect:files/{path}";
	}
----

Another way of passing data to the redirect target is via __Flash Attributes__. Unlike
other redirect attributes, flash attributes are saved in the HTTP session (and hence do
not appear in the URL). See <<mvc-flash-attributes>> for more information.

[[mvc-redirecting-redirect-prefix]]
==== "redirect:" prefix

While the use of `RedirectView` works fine, if the controller itself creates the
`RedirectView`, there is no avoiding the fact that the controller is aware that a
redirection is happening. This is really suboptimal and couples things too tightly. The
controller should not really care about how the response gets handled. In general it
should operate only in terms of view names that have been injected into it.

The special `redirect:` prefix allows you to accomplish this. If a view name is returned
that has the prefix `redirect:`, the `UrlBasedViewResolver` (and all subclasses) will
recognize this as a special indication that a redirect is needed. The rest of the view
name will be treated as the redirect URL.

The net effect is the same as if the controller had returned a `RedirectView`, but now
the controller itself can simply operate in terms of logical view names. A logical view
name such as `redirect:/myapp/some/resource` will redirect relative to the current
Servlet context, while a name such as `redirect:http://myhost.com/some/arbitrary/path`
will redirect to an absolute URL.

Note that the controller handler is annotated with the `@ResponseStatus`, the annotation
value takes precedence over the response status set by `RedirectView`.


[[mvc-redirecting-forward-prefix]]
==== "forward:" prefix

It is also possible to use a special `forward:` prefix for view names that are
ultimately resolved by `UrlBasedViewResolver` and subclasses. This creates an
`InternalResourceView` (which ultimately does a `RequestDispatcher.forward()`) around
the rest of the view name, which is considered a URL. Therefore, this prefix is not
useful with `InternalResourceViewResolver` and `InternalResourceView` (for JSPs for
example). But the prefix can be helpful when you are primarily using another view
technology, but still want to force a forward of a resource to be handled by the
Servlet/JSP engine. (Note that you may also chain multiple view resolvers, instead.)

As with the `redirect:` prefix, if the view name with the `forward:` prefix is injected
into the controller, the controller does not detect that anything special is happening
in terms of handling the response.



[[mvc-multiple-representations]]
=== Content negotiation

The `ContentNegotiatingViewResolver` does not resolve views itself but rather delegates
to other view resolvers, selecting the view that resembles the representation requested
by the client. Two strategies exist for a client to request a representation from the
server:

* Use a distinct URI for each resource, typically by using a different file extension in
  the URI. For example, the URI `http://www.example.com/users/fred.pdf` requests a PDF
  representation of the user fred, and `http://www.example.com/users/fred.xml` requests
  an XML representation.
* Use the same URI for the client to locate the resource, but set the `Accept` HTTP
  request header to list the http://en.wikipedia.org/wiki/Internet_media_type[media
  types] that it understands. For example, an HTTP request for
  `http://www.example.com/users/fred` with an `Accept` header set to `application/pdf`
  requests a PDF representation of the user fred, while
  `http://www.example.com/users/fred` with an `Accept` header set to `text/xml` requests
  an XML representation. This strategy is known as
  http://en.wikipedia.org/wiki/Content_negotiation[content negotiation].

[NOTE]
====
One issue with the `Accept` header is that it is impossible to set it in a web browser
within HTML. For example, in Firefox, it is fixed to:

[literal]
[subs="verbatim"]
----
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
----

For this reason it is common to see the use of a distinct URI for each representation
when developing browser based web applications.
====

To support multiple representations of a resource, Spring provides the
`ContentNegotiatingViewResolver` to resolve a view based on the file extension or
`Accept` header of the HTTP request. `ContentNegotiatingViewResolver` does not perform
the view resolution itself but instead delegates to a list of view resolvers that you
specify through the bean property `ViewResolvers`.

The `ContentNegotiatingViewResolver` selects an appropriate `View` to handle the request
by comparing the request media type(s) with the media type (also known as
`Content-Type`) supported by the `View` associated with each of its `ViewResolvers`. The
first `View` in the list that has a compatible `Content-Type` returns the representation
to the client. If a compatible view cannot be supplied by the `ViewResolver` chain, then
the list of views specified through the `DefaultViews` property will be consulted. This
latter option is appropriate for singleton `Views` that can render an appropriate
representation of the current resource regardless of the logical view name. The `Accept`
header may include wild cards, for example `text/{asterisk}`, in which case a `View` whose
Content-Type was `text/xml` is a compatible match.

To support custom resolution of a view based on a file extension, use a
`ContentNegotiationManager`: see <<mvc-config-content-negotiation>>.

Here is an example configuration of a `ContentNegotiatingViewResolver`:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<bean class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
		<property name="viewResolvers">
			<list>
				<bean class="org.springframework.web.servlet.view.BeanNameViewResolver"/>
				<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
					<property name="prefix" value="/WEB-INF/jsp/"/>
					<property name="suffix" value=".jsp"/>
				</bean>
			</list>
		</property>
		<property name="defaultViews">
			<list>
				<bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView"/>
			</list>
		</property>
	</bean>

	<bean id="content" class="com.foo.samples.rest.SampleContentAtomView"/>
----

The `InternalResourceViewResolver` handles the translation of view names and JSP pages,
while the `BeanNameViewResolver` returns a view based on the name of a bean. (See
"<<mvc-viewresolver-resolver,Resolving views with the ViewResolver interface>>" for more
details on how Spring looks up and instantiates a view.) In this example, the `content`
bean is a class that inherits from `AbstractAtomFeedView`, which returns an Atom RSS
feed. For more information on creating an Atom Feed representation, see the section Atom
Views.

In the above configuration, if a request is made with an `.html` extension, the view
resolver looks for a view that matches the `text/html` media type. The
`InternalResourceViewResolver` provides the matching view for `text/html`. If the
request is made with the file extension `.atom`, the view resolver looks for a view that
matches the `application/atom+xml` media type. This view is provided by the
`BeanNameViewResolver` that maps to the `SampleContentAtomView` if the view name
returned is `content`. If the request is made with the file extension `.json`, the
`MappingJackson2JsonView` instance from the `DefaultViews` list will be selected
regardless of the view name. Alternatively, client requests can be made without a file
extension but with the `Accept` header set to the preferred media-type, and the same
resolution of request to views would occur.

[NOTE]
====
If `ContentNegotiatingViewResolver`'s list of ViewResolvers is not configured
explicitly, it automatically uses any ViewResolvers defined in the application context.
====

The corresponding controller code that returns an Atom RSS feed for a URI of the form
`http://localhost/content.atom` or `http://localhost/content` with an `Accept` header of
application/atom+xml is shown below.

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	public class ContentController {

		private List<SampleContent> contentList = new ArrayList<SampleContent>();

		@GetMapping("/content")
		public ModelAndView getContent() {
			ModelAndView mav = new ModelAndView();
			mav.setViewName("content");
			mav.addObject("sampleContentList", contentList);
			return mav;
		}

	}
----




[[mvc-flash-attributes]]
=== Flash attributes
Flash attributes provide a way for one request to store attributes intended for use in
another. This is most commonly needed when redirecting -- for example, the
__Post/Redirect/Get__ pattern. Flash attributes are saved temporarily before the
redirect (typically in the session) to be made available to the request after the
redirect and removed immediately.

Spring MVC has two main abstractions in support of flash attributes. `FlashMap` is used
to hold flash attributes while `FlashMapManager` is used to store, retrieve, and manage
`FlashMap` instances.

Flash attribute support is always "on" and does not need to enabled explicitly although
if not used, it never causes HTTP session creation. On each request there is an "input"
`FlashMap` with attributes passed from a previous request (if any) and an "output"
`FlashMap` with attributes to save for a subsequent request. Both `FlashMap` instances
are accessible from anywhere in Spring MVC through static methods in
`RequestContextUtils`.

Annotated controllers typically do not need to work with `FlashMap` directly. Instead an
`@RequestMapping` method can accept an argument of type `RedirectAttributes` and use it
to add flash attributes for a redirect scenario. Flash attributes added via
`RedirectAttributes` are automatically propagated to the "output" FlashMap. Similarly,
after the redirect, attributes from the "input" `FlashMap` are automatically added to the
`Model` of the controller serving the target URL.

.Matching requests to flash attributes
****
The concept of flash attributes exists in many other Web frameworks and has proven to be
exposed sometimes to concurrency issues. This is because by definition flash attributes
are to be stored until the next request. However the very "next" request may not be the
intended recipient but another asynchronous request (e.g. polling or resource requests)
in which case the flash attributes are removed too early.

To reduce the possibility of such issues, `RedirectView` automatically "stamps"
`FlashMap` instances with the path and query parameters of the target redirect URL. In
turn the default `FlashMapManager` matches that information to incoming requests when
looking up the "input" `FlashMap`.

This does not eliminate the possibility of a concurrency issue entirely but nevertheless
reduces it greatly with information that is already available in the redirect URL.
Therefore the use of flash attributes is recommended mainly for redirect scenarios .
****




[[mvc-uri-building]]
== URI links

Spring MVC provides a mechanism for building and encoding a URI using
`UriComponentsBuilder` and `UriComponents`.

For example you can expand and encode a URI template string:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	UriComponents uriComponents = UriComponentsBuilder.fromUriString(
			"http://example.com/hotels/{hotel}/bookings/{booking}").build();

	URI uri = uriComponents.expand("42", "21").encode().toUri();
----

Note that `UriComponents` is immutable and the `expand()` and `encode()` operations
return new instances if necessary.

You can also expand and encode using individual URI components:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	UriComponents uriComponents = UriComponentsBuilder.newInstance()
			.scheme("http").host("example.com").path("/hotels/{hotel}/bookings/{booking}").build()
			.expand("42", "21")
			.encode();
----

In a Servlet environment the `ServletUriComponentsBuilder` sub-class provides static
factory methods to copy available URL information from a Servlet requests:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	HttpServletRequest request = ...

	// Re-use host, scheme, port, path and query string
	// Replace the "accountId" query param

	ServletUriComponentsBuilder ucb = ServletUriComponentsBuilder.fromRequest(request)
			.replaceQueryParam("accountId", "{id}").build()
			.expand("123")
			.encode();
----

Alternatively, you may choose to copy a subset of the available information up to and
including the context path:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	// Re-use host, port and context path
	// Append "/accounts" to the path

	ServletUriComponentsBuilder ucb = ServletUriComponentsBuilder.fromContextPath(request)
			.path("/accounts").build()
----

Or in cases where the `DispatcherServlet` is mapped by name (e.g. `/main/{asterisk}`), you can
also have the literal part of the servlet mapping included:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	// Re-use host, port, context path
	// Append the literal part of the servlet mapping to the path
	// Append "/accounts" to the path

	ServletUriComponentsBuilder ucb = ServletUriComponentsBuilder.fromServletMapping(request)
			.path("/accounts").build()
----

[TIP]
====
Both `ServletUriComponentsBuilder` and `MvcUriComponentsBuilder` detect, extract, and use
information from the "Forwarded" header, or from "X-Forwarded-Host", "X-Forwarded-Port",
and "X-Forwarded-Proto" if "Forwarded" is not present, so that the resulting links reflect
the original request. Note that you can also use the
<<filters-forwarded-headers,ForwardedHeaderFilter>> to the same once, globally.
====


[[mvc-links-to-controllers]]
=== Links to Controllers

Spring MVC also provides a mechanism for building links to controller methods. For example, given:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	@RequestMapping("/hotels/{hotel}")
	public class BookingController {

		@GetMapping("/bookings/{booking}")
		public String getBooking(@PathVariable Long booking) {

		// ...
        }
	}
----

You can prepare a link by referring to the method by name:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	UriComponents uriComponents = MvcUriComponentsBuilder
		.fromMethodName(BookingController.class, "getBooking", 21).buildAndExpand(42);

	URI uri = uriComponents.encode().toUri();
----

In the above example we provided actual method argument values, in this case the long value 21,
to be used as a path variable and inserted into the URL. Furthermore, we provided the
value 42 in order to fill in any remaining URI variables such as the "hotel" variable inherited
from the type-level request mapping. If the method had more arguments you can supply null for
arguments not needed for the URL. In general only `@PathVariable` and `@RequestParam` arguments
are relevant for constructing the URL.

There are additional ways to use `MvcUriComponentsBuilder`. For example you can use a technique
akin to mock testing through proxies to avoid referring to the controller method by name
(the example assumes static import of `MvcUriComponentsBuilder.on`):

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	UriComponents uriComponents = MvcUriComponentsBuilder
		.fromMethodCall(on(BookingController.class).getBooking(21)).buildAndExpand(42);

	URI uri = uriComponents.encode().toUri();
----

The above examples use static methods in `MvcUriComponentsBuilder`. Internally they rely
on `ServletUriComponentsBuilder` to prepare a base URL from the scheme, host, port,
context path and servlet path of the current request. This works well in most cases,
however sometimes it may be insufficient. For example you may be outside the context of
a request (e.g. a batch process that prepares links) or perhaps you need to insert a path
prefix (e.g. a locale prefix that was removed from the request path and needs to be
re-inserted into links).

For such cases you can use the static "fromXxx" overloaded methods that accept a
`UriComponentsBuilder` to use base URL. Or you can create an instance of `MvcUriComponentsBuilder`
with a base URL and then use the instance-based "withXxx" methods. For example:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	UriComponentsBuilder base = ServletUriComponentsBuilder.fromCurrentContextPath().path("/en");
	MvcUriComponentsBuilder builder = MvcUriComponentsBuilder.relativeTo(base);
	builder.withMethodCall(on(BookingController.class).getBooking(21)).buildAndExpand(42);

	URI uri = uriComponents.encode().toUri();
----


[[mvc-links-to-controllers-from-views]]
=== Links in views

You can also build links to annotated controllers from views such as JSP, Thymeleaf,
FreeMarker. This can be done using the `fromMappingName` method in `MvcUriComponentsBuilder`
which refers to mappings by name.

Every `@RequestMapping` is assigned a default name based on the capital letters of the
class and the full method name. For example, the method `getFoo` in class `FooController`
is assigned the name "FC#getFoo". This strategy can be replaced or customized by creating
an instance of `HandlerMethodMappingNamingStrategy` and plugging it into your
`RequestMappingHandlerMapping`. The default strategy implementation also looks at the
name attribute on `@RequestMapping` and uses that if present. That means if the default
mapping name assigned conflicts with another (e.g. overloaded methods) you can assign
a name explicitly on the `@RequestMapping`.

[NOTE]
====
The assigned request mapping names are logged at TRACE level on startup.
====

The Spring JSP tag library provides a function called `mvcUrl` that can be used to
prepare links to controller methods based on this mechanism.

For example given:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
    @RequestMapping("/people/{id}/addresses")
    public class PersonAddressController {

        @RequestMapping("/{country}")
        public HttpEntity getAddress(@PathVariable String country) { ... }
    }
----

You can prepare a link from a JSP as follows:

[source,jsp,indent=0]
[subs="verbatim,quotes"]
----
<%@ taglib uri="http://www.springframework.org/tags" prefix="s" %>
...
<a href="${s:mvcUrl('PAC#getAddress').arg(0,'US').buildAndExpand('123')}">Get Address</a>
----

The above example relies on the `mvcUrl` JSP function declared in the Spring tag library
(i.e. META-INF/spring.tld). For more advanced cases (e.g. a custom base URL as explained
in the previous section), it is easy to define your own function, or use a custom tag file,
in order to use a specific instance of `MvcUriComponentsBuilder` with a custom base URL.



[[mvc-exceptionhandlers]]
== Exception handling

[[mvc-exceptionhandlers-overview]]
=== Overview

Spring `HandlerExceptionResolver` implementations deal with unexpected exceptions that
occur during controller execution. A `HandlerExceptionResolver` somewhat resembles the
exception mappings you can define in the web application descriptor `web.xml`. However,
they provide a more flexible way to do so. For example they provide information about
which handler was executing when the exception was thrown. Furthermore, a programmatic
way of handling exceptions gives you more options for responding appropriately before
the request is forwarded to another URL (the same end result as when you use the Servlet
specific exception mappings).

Besides implementing the `HandlerExceptionResolver` interface, which is only a matter of
implementing the `resolveException(Exception, Handler)` method and returning a
`ModelAndView`, you may also use the provided `SimpleMappingExceptionResolver` or create
`@ExceptionHandler` methods. The `SimpleMappingExceptionResolver` enables you to take
the class name of any exception that might be thrown and map it to a view name. This is
functionally equivalent to the exception mapping feature from the Servlet API, but it is
also possible to implement more finely grained mappings of exceptions from different
handlers. The `@ExceptionHandler` annotation on the other hand can be used on methods
that should be invoked to handle an exception. Such methods may be defined locally
within an `@Controller` or may apply to many `@Controller` classes when defined within an
`@ControllerAdvice` class. The following sections explain this in more detail.



[[mvc-ann-exceptionhandler]]
=== @ExceptionHandler

The `HandlerExceptionResolver` interface and the `SimpleMappingExceptionResolver`
implementations allow you to map Exceptions to specific views declaratively along with
some optional Java logic before forwarding to those views. However, in some cases,
especially when relying on `@ResponseBody` methods rather than on view resolution, it
may be more convenient to directly set the status of the response and optionally write
error content to the body of the response.

You can do that with `@ExceptionHandler` methods. When declared within a controller such
methods apply to exceptions raised by `@RequestMapping` methods of that controller (or
any of its sub-classes). You can also declare an `@ExceptionHandler` method within an
`@ControllerAdvice` class in which case it handles exceptions from `@RequestMapping`
methods from many controllers. Below is an example of a controller-local
`@ExceptionHandler` method:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	public class SimpleController {

		// @RequestMapping methods omitted ...

		@ExceptionHandler(IOException.class)
		public ResponseEntity<String> handleIOException(IOException ex) {
			// prepare responseEntity
			return responseEntity;
		}

	}
----

The `@ExceptionHandler` value can be set to an array of Exception types. If an exception
is thrown that matches one of the types in the list, then the method annotated with the
matching `@ExceptionHandler` will be invoked. If the annotation value is not set then
the exception types listed as method arguments are used.

Much like standard controller methods annotated with a `@RequestMapping` annotation, the
method arguments and return values of `@ExceptionHandler` methods can be flexible. For
example, the `HttpServletRequest` can be accessed in Servlet environments. The return
type can be a `String`, which is interpreted as a view name, a `ModelAndView` object,
a `ResponseEntity`, or you can also add the `@ResponseBody` to have the method return
value converted with message converters and written to the response stream.



[[mvc-ann-rest-spring-mvc-exceptions]]
=== Framework exceptions
Spring MVC may raise a number of exceptions while processing a request. The
`SimpleMappingExceptionResolver` can easily map any exception to a default error view as
needed. However, when working with clients that interpret responses in an automated way
you will want to set specific status code on the response. Depending on the exception
raised the status code may indicate a client error (4xx) or a server error (5xx).

The `DefaultHandlerExceptionResolver` translates Spring MVC exceptions to specific error
status codes. It is registered by default with the MVC namespace, the MVC Java config,
and also by the `DispatcherServlet` (i.e. when not using the MVC namespace or Java
config). Listed below are some of the exceptions handled by this resolver and the
corresponding status codes:

|===
| Exception| HTTP Status Code

| `BindException`
| 400 (Bad Request)

| `ConversionNotSupportedException`
| 500 (Internal Server Error)

| `HttpMediaTypeNotAcceptableException`
| 406 (Not Acceptable)

| `HttpMediaTypeNotSupportedException`
| 415 (Unsupported Media Type)

| `HttpMessageNotReadableException`
| 400 (Bad Request)

| `HttpMessageNotWritableException`
| 500 (Internal Server Error)

| `HttpRequestMethodNotSupportedException`
| 405 (Method Not Allowed)

| `MethodArgumentNotValidException`
| 400 (Bad Request)

| `MissingPathVariableException`
| 500 (Internal Server Error)

| `MissingServletRequestParameterException`
| 400 (Bad Request)

| `MissingServletRequestPartException`
| 400 (Bad Request)

| `NoHandlerFoundException`
| 404 (Not Found)

| `NoSuchRequestHandlingMethodException`
| 404 (Not Found)

| `TypeMismatchException`
| 400 (Bad Request)
|===

The `DefaultHandlerExceptionResolver` works transparently by setting the status of the
response. However, it stops short of writing any error content to the body of the
response while your application may need to add developer-friendly content to every
error response for example when providing a REST API. You can prepare a `ModelAndView`
and render error content through view resolution -- i.e. by configuring a
`ContentNegotiatingViewResolver`, `MappingJackson2JsonView`, and so on. However, you may
prefer to use `@ExceptionHandler` methods instead.

If you prefer to write error content via `@ExceptionHandler` methods you can extend
`ResponseEntityExceptionHandler` instead. This is a convenient base for
`@ControllerAdvice` classes providing an `@ExceptionHandler` method to handle standard
Spring MVC exceptions and return `ResponseEntity`. That allows you to customize the
response and write error content with message converters. See the
`ResponseEntityExceptionHandler` javadocs for more details.



[[mvc-ann-rest-exceptions]]
=== REST API exceptions

An `@RestController` may use `@ExceptionHandler` methods that return a
`ResponseEntity` to provide both a response status and error details in the body
of the response. Such methods may also be added to `@ControllerAdvice`
classes for exception handling across a subset or all controllers.

A common requirement is to include error details in the body of the response.
Spring does not automatically do this (although Spring Boot does) because the
representation of error details in the response body is application specific.

Applications that wish to implement a global exception handling strategy with
error details in the response body should consider extending the abstract base
class `ResponseEntityExceptionHandler` which provides handling for the exceptions
that Spring MVC raises and provides hooks to customize the response body as
well as to handle other exceptions. Simply declare the extension class as a
Spring bean and annotate it with `@ControllerAdvice`. For more details see
See `ResponseEntityExceptionHandler`.




[[mvc-ann-annotated-exceptions]]
=== Annotated Exception

A business exception can be annotated with `@ResponseStatus`. When the exception is
raised, the `ResponseStatusExceptionResolver` handles it by setting the status of the
response accordingly. By default the `DispatcherServlet` registers the
`ResponseStatusExceptionResolver` and it is available for use.



[[mvc-ann-customer-servlet-container-error-page]]
=== Container error page
When the status of the response is set to an error status code and the body of the
response is empty, Servlet containers commonly render an HTML formatted error page. To
customize the default error page of the container, you can declare an `<error-page>`
element in `web.xml`. Up until Servlet 3, that element had to be mapped to a specific
status code or exception type. Starting with Servlet 3 an error page does not need to be
mapped, which effectively means the specified location customizes the default Servlet
container error page.

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<error-page>
		<location>/error</location>
	</error-page>
----

Note that the actual location for the error page can be a JSP page or some other URL
within the container including one handled through an `@Controller` method:

When writing error information, the status code and the error message set on the
`HttpServletResponse` can be accessed through request attributes in a controller:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	public class ErrorController {

		@RequestMapping(path = "/error", produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
		@ResponseBody
		public Map<String, Object> handle(HttpServletRequest request) {

			Map<String, Object> map = new HashMap<String, Object>();
			map.put("status", request.getAttribute("javax.servlet.error.status_code"));
			map.put("reason", request.getAttribute("javax.servlet.error.message"));

			return map;
		}

	}
----

or in a JSP:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<%@ page contentType="application/json" pageEncoding="UTF-8"%>
	{
		status:<%=request.getAttribute("javax.servlet.error.status_code") %>,
		reason:<%=request.getAttribute("javax.servlet.error.message") %>
	}
----


[[mvc-web-security]]
== Web Security

The http://projects.spring.io/spring-security/[Spring Security] project provides features
to protect web applications from malicious exploits. Check out the reference documentation in the sections on
{doc-spring-security}/htmlsingle/#csrf["CSRF protection"],
{doc-spring-security}/htmlsingle/#headers["Security Response Headers"], and also
{doc-spring-security}/htmlsingle/#mvc["Spring MVC Integration"].
Note that using Spring Security to secure the application is not necessarily required for all features.
For example CSRF protection can be added simply by adding the `CsrfFilter` and
`CsrfRequestDataValueProcessor` to your configuration. See the
https://github.com/spring-projects/spring-mvc-showcase/commit/361adc124c05a8187b84f25e8a57550bb7d9f8e4[Spring MVC Showcase]
for an example.

Another option is to use a framework dedicated to Web Security.
http://hdiv.org/[HDIV] is one such framework and integrates with Spring MVC.


[[mvc-coc-modelmap]]
=== The Model ModelMap (ModelAndView)

The `ModelMap` class is essentially a glorified `Map` that can make adding objects that
are to be displayed in (or on) a `View` adhere to a common naming convention. Consider
the following `Controller` implementation; notice that objects are added to the
`ModelAndView` without any associated name specified.

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	public class DisplayShoppingCartController implements Controller {

		public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) {

			List cartItems = // get a List of CartItem objects
			User user = // get the User doing the shopping

			ModelAndView mav = new ModelAndView("displayShoppingCart"); <-- the logical view name

			mav.addObject(cartItems); <-- look ma, no name, just the object
			mav.addObject(user); <-- and again ma!

			return mav;
		}
	}
----

The `ModelAndView` class uses a `ModelMap` class that is a custom `Map` implementation
that automatically generates a key for an object when an object is added to it. The
strategy for determining the name for an added object is, in the case of a scalar object
such as `User`, to use the short class name of the object's class. The following
examples are names that are generated for scalar objects put into a `ModelMap` instance.

* An `x.y.User` instance added will have the name `user` generated.
* An `x.y.Registration` instance added will have the name `registration` generated.
* An `x.y.Foo` instance added will have the name `foo` generated.
* A `java.util.HashMap` instance added will have the name `hashMap` generated. You
  probably want to be explicit about the name in this case because `hashMap` is less
  than intuitive.
* Adding `null` will result in an `IllegalArgumentException` being thrown. If the object
  (or objects) that you are adding could be `null`, then you will also want to be
  explicit about the name.

.What, no automatic pluralization?
****
Spring Web MVC's convention-over-configuration support does not support automatic
pluralization. That is, you cannot add a `List` of `Person` objects to a `ModelAndView`
and have the generated name be `people`.

This decision was made after some debate, with the "Principle of Least Surprise" winning
out in the end.
****

The strategy for generating a name after adding a `Set` or a `List` is to peek into the
collection, take the short class name of the first object in the collection, and use
that with `List` appended to the name. The same applies to arrays although with arrays
it is not necessary to peek into the array contents. A few examples will make the
semantics of name generation for collections clearer:

* An `x.y.User[]` array with zero or more `x.y.User` elements added will have the name
  `userList` generated.
* An `x.y.Foo[]` array with zero or more `x.y.User` elements added will have the name
  `fooList` generated.
* A `java.util.ArrayList` with one or more `x.y.User` elements added will have the name
  `userList` generated.
* A `java.util.HashSet` with one or more `x.y.Foo` elements added will have the name
  `fooList` generated.
* An __empty__ `java.util.ArrayList` will not be added at all (in effect, the
  `addObject(..)` call will essentially be a no-op).



[[mvc-coc-r2vnt]]
=== Default view name

The `RequestToViewNameTranslator` interface determines a logical `View` name when no
such logical view name is explicitly supplied. It has just one implementation, the
`DefaultRequestToViewNameTranslator` class.

The `DefaultRequestToViewNameTranslator` maps request URLs to logical view names, as
with this example:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	public class RegistrationController implements Controller {

		public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) {
			// process the request...
			ModelAndView mav = new ModelAndView();
			// add data as necessary to the model...
			return mav;
			// notice that no View or logical view name has been set
		}

	}
----

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans"
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xsi:schemaLocation="
			http://www.springframework.org/schema/beans
			http://www.springframework.org/schema/beans/spring-beans.xsd">

		<!-- this bean with the well known name generates view names for us -->
		<bean id="viewNameTranslator"
				class="org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator"/>

		<bean class="x.y.RegistrationController">
			<!-- inject dependencies as necessary -->
		</bean>

		<!-- maps request URLs to Controller names -->
		<bean class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping"/>

		<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
			<property name="prefix" value="/WEB-INF/jsp/"/>
			<property name="suffix" value=".jsp"/>
		</bean>

	</beans>
----

Notice how in the implementation of the `handleRequest(..)` method no `View` or logical
view name is ever set on the `ModelAndView` that is returned. The
`DefaultRequestToViewNameTranslator` is tasked with generating a __logical view name__
from the URL of the request. In the case of the above `RegistrationController`, which is
used in conjunction with the `ControllerClassNameHandlerMapping`, a request URL of
`http://localhost/registration.html` results in a logical view name of `registration`
being generated by the `DefaultRequestToViewNameTranslator`. This logical view name is
then resolved into the `/WEB-INF/jsp/registration.jsp` view by the
`InternalResourceViewResolver` bean.

[TIP]
====

You do not need to define a `DefaultRequestToViewNameTranslator` bean explicitly. If you
like the default settings of the `DefaultRequestToViewNameTranslator`, you can rely on
the Spring Web MVC `DispatcherServlet` to instantiate an instance of this class if one
is not explicitly configured.

====

Of course, if you need to change the default settings, then you do need to configure
your own `DefaultRequestToViewNameTranslator` bean explicitly. Consult the comprehensive
`DefaultRequestToViewNameTranslator` javadocs for details on the various properties
that can be configured.



[[mvc-caching]]
== HTTP caching

A good HTTP caching strategy can significantly improve the performance of a web application
and the experience of its clients. The `'Cache-Control'` HTTP response header is mostly
responsible for this, along with conditional headers such as `'Last-Modified'` and `'ETag'`.

The `'Cache-Control'` HTTP response header advises private caches (e.g. browsers) and
public caches (e.g. proxies) on how they can cache HTTP responses for further reuse.

An http://en.wikipedia.org/wiki/HTTP_ETag[ETag] (entity tag) is an HTTP response header
returned by an HTTP/1.1 compliant web server used to determine change in content at a
given URL. It can be considered to be the more sophisticated successor to the
`Last-Modified` header. When a server returns a representation with an ETag header, the
client can use this header in subsequent GETs, in an `If-None-Match` header. If the
content has not changed, the server returns `304: Not Modified`.

This section describes the different choices available to configure HTTP caching in a
Spring Web MVC application.


[[mvc-caching-cachecontrol]]
=== Cache-Control

Spring Web MVC supports many use cases and ways to configure "Cache-Control" headers for
an application. While https://tools.ietf.org/html/rfc7234#section-5.2.2[RFC 7234 Section 5.2.2]
completely describes that header and its possible directives, there are several ways to
address the most common cases.

Spring Web MVC uses a configuration convention in several of its APIs:
`setCachePeriod(int seconds)`:

* A `-1` value won't generate a `'Cache-Control'` response header.
* A `0` value will prevent caching using the `'Cache-Control: no-store'` directive.
* An `n > 0` value will cache the given response for `n` seconds using the
`'Cache-Control: max-age=n'` directive.

The {api-spring-framework}/http/CacheControl.html[`CacheControl`] builder
class simply describes the available "Cache-Control" directives and makes it easier to
build your own HTTP caching strategy. Once built, a `CacheControl` instance can then be
accepted as an argument in several Spring Web MVC APIs.


[source,java,indent=0]
[subs="verbatim,quotes"]
----
	// Cache for an hour - "Cache-Control: max-age=3600"
    CacheControl ccCacheOneHour = CacheControl.maxAge(1, TimeUnit.HOURS);

    // Prevent caching - "Cache-Control: no-store"
    CacheControl ccNoStore = CacheControl.noStore();

    // Cache for ten days in public and private caches,
    // public caches should not transform the response
    // "Cache-Control: max-age=864000, public, no-transform"
    CacheControl ccCustom = CacheControl.maxAge(10, TimeUnit.DAYS)
    									.noTransform().cachePublic();
----

[[mvc-caching-static-resources]]
=== Static resources

Static resources should be served with appropriate `'Cache-Control'` and conditional
headers for optimal performance.
<<mvc-config-static-resources,Configuring a `ResourceHttpRequestHandler`>> for serving
static resources not only natively writes `'Last-Modified'` headers by reading a file's
metadata, but also `'Cache-Control'` headers if properly configured.

You can set the `cachePeriod` attribute on a `ResourceHttpRequestHandler` or use
a `CacheControl` instance, which supports more specific directives:


[source,java,indent=0]
[subs="verbatim"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public void addResourceHandlers(ResourceHandlerRegistry registry) {
			registry.addResourceHandler("/resources/**")
					.addResourceLocations("/public-resources/")
					.setCacheControl(CacheControl.maxAge(1, TimeUnit.HOURS).cachePublic());
		}

	}
----

And in XML:

[source,xml,indent=0]
[subs="verbatim"]
----
	<mvc:resources mapping="/resources/**" location="/public-resources/">
		<mvc:cache-control max-age="3600" cache-public="true"/>
	</mvc:resources>
----


[[mvc-caching-etag-lastmodified]]
=== @Controller caching

Controllers can support `'Cache-Control'`, `'ETag'`, and/or `'If-Modified-Since'` HTTP requests;
this is indeed recommended if a `'Cache-Control'` header is to be set on the response.
This involves calculating a lastModified `long` and/or an Etag value for a given request,
comparing it against the `'If-Modified-Since'` request header value, and potentially returning
a response with status code 304 (Not Modified).

As described in <<mvc-ann-httpentity>>, controllers can interact with the request/response using
`HttpEntity` types. Controllers returning `ResponseEntity` can include HTTP caching information
in responses like this:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@GetMapping("/book/{id}")
	public ResponseEntity<Book> showBook(@PathVariable Long id) {

		Book book = findBook(id);
		String version = book.getVersion();

		return ResponseEntity
					.ok()
					.cacheControl(CacheControl.maxAge(30, TimeUnit.DAYS))
					.eTag(version) // lastModified is also available
					.body(book);
	}
----

Doing this will not only include `'ETag'` and `'Cache-Control'` headers in the response, it will **also convert the
response to an `HTTP 304 Not Modified` response with an empty body** if the conditional headers sent by the client
match the caching information set by the Controller.

An `@RequestMapping` method may also wish to support the same behavior.
This can be achieved as follows:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@RequestMapping
	public String myHandleMethod(WebRequest webRequest, Model model) {

		long lastModified = // 1. application-specific calculation

		if (request.checkNotModified(lastModified)) {
			// 2. shortcut exit - no further processing necessary
			return null;
		}

		// 3. or otherwise further request processing, actually preparing content
		model.addAttribute(...);
		return "myViewName";
	}
----

There are two key elements here: calling `request.checkNotModified(lastModified)` and
returning `null`. The former sets the appropriate response status and headers
before it returns `true`.
The latter, in combination with the former, causes Spring MVC to do no further
processing of the request.

Note that there are 3 variants for this:

* `request.checkNotModified(lastModified)` compares lastModified with the
`'If-Modified-Since'` or `'If-Unmodified-Since'` request header
* `request.checkNotModified(eTag)` compares eTag with the `'If-None-Match'` request header
* `request.checkNotModified(eTag, lastModified)` does both, meaning that both
conditions should be valid

When receiving conditional `'GET'`/`'HEAD'` requests, `checkNotModified` will check
that the resource has not been modified and if so, it will result in a `HTTP 304 Not Modified`
response. In case of conditional `'POST'`/`'PUT'`/`'DELETE'` requests, `checkNotModified`
will check that the resource has not been modified and if it has been, it will result in a
`HTTP 409 Precondition Failed` response to prevent concurrent modifications.


[[mvc-httpcaching-shallowetag]]
=== ETag filter

There is a built-in filter that provides shallow ETag support. It is called shallow
because it relies on computing teh ETag from the actual content written at the end.

See <<filters-shallow-etag,ShallowEtagHeaderFilter>> for more details.



[[mvc-config]]
== MVC config
[.small]#<<web-reactive.adoc#webflux-config,Same in Spring WebFlux>>#

The MVC Java config and the MVC XML namespace provide default configuration suitable for most
applications along with a configuration API to customize it.

For more advanced customizations, not available in the configuration API, see
<<mvc-config-advanced-java>> and <<mvc-config-advanced-xml>>.

You do not need to understand the underlying beans created by the MVC Java config and the
MVC namespace but if you want to learn more, see <<mvc-servlet-special-bean-types>> and
<<mvc-servlet-config>>.


[[mvc-config-enable]]
=== Enable MVC Config
[.small]#<<web-reactive.adoc#webflux-config-enable,Same in Spring WebFlux>>#

In Java config use the `@EnableWebMvc` annotation:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig {
	}
----

In XML use the `<mvc:annotation-driven>` element:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans"
		xmlns:mvc="http://www.springframework.org/schema/mvc"
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xsi:schemaLocation="
			http://www.springframework.org/schema/beans
			http://www.springframework.org/schema/beans/spring-beans.xsd
			http://www.springframework.org/schema/mvc
			http://www.springframework.org/schema/mvc/spring-mvc.xsd">

		<mvc:annotation-driven/>

	</beans>
----

The above registers a number of Spring MVC
<<mvc-servlet-special-bean-types,infrastructure beans>> also adapting to dependencies
available on the classpath -- for JSON, XML, etc.



[[mvc-config-customize]]
=== MVC Config API
[.small]#<<web-reactive.adoc#webflux-config-customize,Same in Spring WebFlux>>#

In Java config implement `WebMvcConfigurer` interface:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		// Implement configuration methods...

	}
----

In XML check attributes and sub-elements of `<mvc:annotation-driven/>`. You can view the
http://schema.spring.io/mvc/spring-mvc.xsd[Spring MVC XML schema] or use the code
completion feature of your IDE to discover what attributes and sub-elements are
available.


[[mvc-config-conversion]]
=== Type conversion
[.small]#<<web-reactive.adoc#webflux-config-conversion,Same in Spring WebFlux>>#

By default formatters for `Number` and `Date` types are installed, including support for
the `@NumberFormat` and `@DateTimeFormat` annotations. Full support for the Joda Time
formatting library is also installed if Joda Time is present on the classpath.

In Java config, register custom formatters and converters:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public void addFormatters(FormatterRegistry registry) {
			// ...
		}

	}
----

In XML, the same:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans"
		xmlns:mvc="http://www.springframework.org/schema/mvc"
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xsi:schemaLocation="
			http://www.springframework.org/schema/beans
			http://www.springframework.org/schema/beans/spring-beans.xsd
			http://www.springframework.org/schema/mvc
			http://www.springframework.org/schema/mvc/spring-mvc.xsd">

		<mvc:annotation-driven conversion-service="conversionService"/>

		<bean id="conversionService"
				class="org.springframework.format.support.FormattingConversionServiceFactoryBean">
			<property name="converters">
				<set>
					<bean class="org.example.MyConverter"/>
				</set>
			</property>
			<property name="formatters">
				<set>
					<bean class="org.example.MyFormatter"/>
					<bean class="org.example.MyAnnotationFormatterFactory"/>
				</set>
			</property>
			<property name="formatterRegistrars">
				<set>
					<bean class="org.example.MyFormatterRegistrar"/>
				</set>
			</property>
		</bean>

	</beans>
----

[NOTE]
====
See <<core.adoc#format-FormatterRegistrar-SPI,FormatterRegistrar SPI>>
and the `FormattingConversionServiceFactoryBean` for more information on when to use FormatterRegistrars.
====


[[mvc-config-validation]]
=== Validation
[.small]#<<web-reactive.adoc#webflux-config-validation,Same in Spring WebFlux>>#

By default if <<core.adoc#validation-beanvalidation-overview,Bean Validation>> is present
on the classpath -- e.g. Hibernate Validator, the `LocalValidatorFactoryBean` is registered
as a global <<core.adoc#validator,Validator>> for use with `@Valid` and `Validated` on
controller method arguments.

In Java config, you can customize the global `Validator` instance:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public Validator getValidator(); {
			// ...
		}

	}
----

In XML, the same:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans"
		xmlns:mvc="http://www.springframework.org/schema/mvc"
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xsi:schemaLocation="
			http://www.springframework.org/schema/beans
			http://www.springframework.org/schema/beans/spring-beans.xsd
			http://www.springframework.org/schema/mvc
			http://www.springframework.org/schema/mvc/spring-mvc.xsd">

		<mvc:annotation-driven validator="globalValidator"/>

	</beans>
----

Note that you can also register ``Validator``'s locally:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Controller
	public class MyController {

		@InitBinder
		protected void initBinder(WebDataBinder binder) {
			binder.addValidators(new FooValidator());
		}

	}
----

[TIP]
====
If you need to have a `LocalValidatorFactoryBean` injected somewhere, create a bean and
mark it with `@Primary` in order to avoid conflict with the one declared in the MVC config.
====



[[mvc-config-interceptors]]
=== Interceptors

In Java config, register interceptors to apply to incoming requests:

[source,java,indent=0]
[subs="verbatim"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public void addInterceptors(InterceptorRegistry registry) {
			registry.addInterceptor(new LocaleInterceptor());
			registry.addInterceptor(new ThemeInterceptor()).addPathPatterns("/**").excludePathPatterns("/admin/**");
			registry.addInterceptor(new SecurityInterceptor()).addPathPatterns("/secure/*");
		}

	}
----

In XML, the same:

[source,xml,indent=0]
[subs="verbatim"]
----
	<mvc:interceptors>
		<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"/>
		<mvc:interceptor>
			<mvc:mapping path="/**"/>
			<mvc:exclude-mapping path="/admin/**"/>
			<bean class="org.springframework.web.servlet.theme.ThemeChangeInterceptor"/>
		</mvc:interceptor>
		<mvc:interceptor>
			<mvc:mapping path="/secure/*"/>
			<bean class="org.example.SecurityInterceptor"/>
		</mvc:interceptor>
	</mvc:interceptors>
----



[[mvc-config-content-negotiation]]
=== Content Types
[.small]#<<web-reactive.adoc#webflux-config-content-negotiation,Same in Spring WebFlux>>#

You can configure how Spring MVC determines the requested media types from the request --
e.g. `Accept` header, URL path extension, query parameter, etc.

By default the URL path extension is checked first -- with `json`, `xml`, `rss`, and `atom`
registered as known extensions depending on classpath dependencies, and the "Accept" header
is checked second.

Consider changing those defaults to `Accept` header only and if you must use URL-based
content type resolution consider the query parameter strategy over the path extensions. See
<<mvc-ann-requestmapping-suffix-pattern-match>> and <<mvc-ann-requestmapping-rfd>> for
more details.

In Java config, customize requested content type resolution:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public void configureContentNegotiation(ContentNegotiationConfigurer configurer) {
			configurer.mediaType("json", MediaType.APPLICATION_JSON);
		}
	}
----

In XML, the same:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<mvc:annotation-driven content-negotiation-manager="contentNegotiationManager"/>

	<bean id="contentNegotiationManager" class="org.springframework.web.accept.ContentNegotiationManagerFactoryBean">
		<property name="mediaTypes">
			<value>
				json=application/json
				xml=application/xml
			</value>
		</property>
	</bean>
----


[[mvc-config-message-converters]]
=== Message Converters
[.small]#<<web-reactive.adoc#webflux-config-message-codecs,Same in Spring WebFlux>>#

Customization of `HttpMessageConverter` can be achieved in Java config by overriding
{api-spring-framework}/web/servlet/config/annotation/WebMvcConfigurer.html#configureMessageConverters-java.util.List-[`configureMessageConverters()`]
if you want to replace the default converters created by Spring MVC, or by overriding
{api-spring-framework}/web/servlet/config/annotation/WebMvcConfigurer.html#extendMessageConverters-java.util.List-[`extendMessageConverters()`]
if you just want to customize them or add additional converters to the default ones.

Below is an example that adds Jackson JSON and XML converters with a customized
`ObjectMapper` instead of default ones:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfiguration implements WebMvcConfigurer {

		@Override
		public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
			Jackson2ObjectMapperBuilder builder = new Jackson2ObjectMapperBuilder()
					.indentOutput(true)
					.dateFormat(new SimpleDateFormat("yyyy-MM-dd"))
					.modulesToInstall(new ParameterNamesModule());
			converters.add(new MappingJackson2HttpMessageConverter(builder.build()));
			converters.add(new MappingJackson2XmlHttpMessageConverter(builder.xml().build()));
		}

	}
----

In this example,
{api-spring-framework}/http/converter/json/Jackson2ObjectMapperBuilder.html[Jackson2ObjectMapperBuilder]
is used to create a common configuration for both `MappingJackson2HttpMessageConverter` and
`MappingJackson2XmlHttpMessageConverter` with indentation enabled, a customized date format
and the registration of
https://github.com/FasterXML/jackson-module-parameter-names[jackson-module-parameter-names]
that adds support for accessing parameter names (feature added in Java 8).

This builder customizes Jackson's default properties with the following ones:

. http://fasterxml.github.io/jackson-databind/javadoc/2.6/com/fasterxml/jackson/databind/DeserializationFeature.html#FAIL_ON_UNKNOWN_PROPERTIES[`DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES`] is disabled.
. http://fasterxml.github.io/jackson-databind/javadoc/2.6/com/fasterxml/jackson/databind/MapperFeature.html#DEFAULT_VIEW_INCLUSION[`MapperFeature.DEFAULT_VIEW_INCLUSION`] is disabled.

It also automatically registers the following well-known modules if they are detected on the classpath:

. https://github.com/FasterXML/jackson-datatype-jdk7[jackson-datatype-jdk7]: support for Java 7 types like `java.nio.file.Path`.
. https://github.com/FasterXML/jackson-datatype-joda[jackson-datatype-joda]: support for Joda-Time types.
. https://github.com/FasterXML/jackson-datatype-jsr310[jackson-datatype-jsr310]: support for Java 8 Date & Time API types.
. https://github.com/FasterXML/jackson-datatype-jdk8[jackson-datatype-jdk8]: support for other Java 8 types like `Optional`.

[NOTE]
====
Enabling indentation with Jackson XML support requires
http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22org.codehaus.woodstox%22%20AND%20a%3A%22woodstox-core-asl%22[`woodstox-core-asl`]
dependency in addition to http://search.maven.org/#search%7Cga%7C1%7Ca%3A%22jackson-dataformat-xml%22[`jackson-dataformat-xml`] one.
====

Other interesting Jackson modules are available:

. https://github.com/zalando/jackson-datatype-money[jackson-datatype-money]: support for `javax.money` types (unofficial module)
. https://github.com/FasterXML/jackson-datatype-hibernate[jackson-datatype-hibernate]: support for Hibernate specific types and properties (including lazy-loading aspects)

It is also possible to do the same in XML:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
    <mvc:annotation-driven>
        <mvc:message-converters>
            <bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
                <property name="objectMapper" ref="objectMapper"/>
            </bean>
            <bean class="org.springframework.http.converter.xml.MappingJackson2XmlHttpMessageConverter">
                <property name="objectMapper" ref="xmlMapper"/>
            </bean>
        </mvc:message-converters>
    </mvc:annotation-driven>

    <bean id="objectMapper" class="org.springframework.http.converter.json.Jackson2ObjectMapperFactoryBean"
          p:indentOutput="true"
          p:simpleDateFormat="yyyy-MM-dd"
          p:modulesToInstall="com.fasterxml.jackson.module.paramnames.ParameterNamesModule"/>

    <bean id="xmlMapper" parent="objectMapper" p:createXmlMapper="true"/>
----


[[mvc-config-view-controller]]
=== View Controllers

This is a shortcut for defining a `ParameterizableViewController` that immediately
forwards to a view when invoked. Use it in static cases when there is no Java controller
logic to execute before the view generates the response.

An example of forwarding a request for `"/"` to a view called `"home"` in Java:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public void addViewControllers(ViewControllerRegistry registry) {
			registry.addViewController("/").setViewName("home");
		}

	}
----

And the same in XML use the `<mvc:view-controller>` element:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<mvc:view-controller path="/" view-name="home"/>
----


[[mvc-config-view-resolvers]]
=== View Resolvers
[.small]#<<web-reactive.adoc#webflux-config-view-resolvers,Same in Spring WebFlux>>#

The MVC config simplifies the registration of view resolvers.

The following is a Java config example that configures content negotiation view
resolution using FreeMarker HTML templates and Jackson as a default `View` for
JSON rendering:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public void configureViewResolvers(ViewResolverRegistry registry) {
			registry.enableContentNegotiation(new MappingJackson2JsonView());
			registry.jsp();
		}

	}
----

And the same in XML:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<mvc:view-resolvers>
		<mvc:content-negotiation>
			<mvc:default-views>
				<bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView"/>
			</mvc:default-views>
		</mvc:content-negotiation>
		<mvc:jsp/>
	</mvc:view-resolvers>
----

Note however that FreeMarker, Tiles, Groovy Markup and script templates also require
configuration of the underlying view technology.

The MVC namespace provides dedicated elements. For example with FreeMarker:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----

	<mvc:view-resolvers>
		<mvc:content-negotiation>
			<mvc:default-views>
				<bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView"/>
			</mvc:default-views>
		</mvc:content-negotiation>
		<mvc:freemarker cache="false"/>
	</mvc:view-resolvers>

	<mvc:freemarker-configurer>
		<mvc:template-loader-path location="/freemarker"/>
	</mvc:freemarker-configurer>

----

In Java config simply add the respective "Configurer" bean:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public void configureViewResolvers(ViewResolverRegistry registry) {
			registry.enableContentNegotiation(new MappingJackson2JsonView());
			registry.freeMarker().cache(false);
		}

		@Bean
		public FreeMarkerConfigurer freeMarkerConfigurer() {
			FreeMarkerConfigurer configurer = new FreeMarkerConfigurer();
			configurer.setTemplateLoaderPath("/WEB-INF/");
			return configurer;
		}

	}
----



[[mvc-config-static-resources]]
=== Static Resources
[.small]#<<web-reactive.adoc#webflux-config-static-resources,Same in Spring WebFlux>>#

This option provides a convenient way to serve static resources from a list of
{api-spring-framework}/core/io/Resource.html[Resource]-based locations.

In the example below, given a request that starts with `"/resources"`, the relative path is
used to find and serve static resources relative to "/public" under the web application
root or on the classpath under `"/static"`. The resources are served with a 1-year future
expiration to ensure maximum use of the browser cache and a reduction in HTTP requests
made by the browser. The `Last-Modified` header is also evaluated and if present a `304`
status code is returned.

In Java config:

[source,java,indent=0]
[subs="verbatim"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public void addResourceHandlers(ResourceHandlerRegistry registry) {
			registry.addResourceHandler("/resources/**")
				.addResourceLocations("/public", "classpath:/static/")
				.setCachePeriod(31556926);
		}

	}
----

In XML:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<mvc:resources mapping="/resources/**"
		location="/public, classpath:/static/"
		cache-period="31556926" />
----

See also
<<mvc-caching-static-resources, HTTP caching support for static resources>>.

The resource handler also supports a chain of
{api-spring-framework}/web/servlet/resource/ResourceResolver.html[ResourceResolver]'s and
{api-spring-framework}/web/servlet/resource/ResourceTransformer.html[ResourceResolver]'s.
which can be used to create a toolchain for working with optimized resources.

The `VersionResourceResolver` can be used for versioned resource URLs based on an MD5 hash
computed from the content, a fixed application version, or other. A
`ContentVersionStrategy` (MD5 hash) is a good choice with some notable exceptions such as
JavaScript resources used with a module loader.

For example in Java config;

[source,java,indent=0]
[subs="verbatim"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public void addResourceHandlers(ResourceHandlerRegistry registry) {
			registry.addResourceHandler("/resources/**")
					.addResourceLocations("/public/")
					.resourceChain(true)
					.addResolver(new VersionResourceResolver().addContentVersionStrategy("/**"));
		}

	}
----

In XML, the same:

[source,xml,indent=0]
[subs="verbatim"]
----
<mvc:resources mapping="/resources/**" location="/public/">
	<mvc:resource-chain>
		<mvc:resource-cache/>
		<mvc:resolvers>
			<mvc:version-resolver>
				<mvc:content-version-strategy patterns="/**"/>
			</mvc:version-resolver>
		</mvc:resolvers>
	</mvc:resource-chain>
</mvc:resources>
----

You can use `ResourceUrlProvider` to rewrite URLs and apply the full chain of resolvers and
transformers -- e.g. to insert versions. The MVC config provides a `ResourceUrlProvider`
bean so it can be injected into others. You can also make the rewrite transparent with the
`ResourceUrlEncodingFilter` for Thymeleaf, JSPs, FreeMarker, and others with URL tags that
rely on `HttpServletResponse#encodeURL`.

http://www.webjars.org/documentation[WebJars] is also supported via `WebJarsResourceResolver`
and automatically registered when `"org.webjars:webjars-locator"` is present on the
classpath. The resolver can re-write URLs to include the version of the jar and can also
match to incoming URLs without versions -- e.g. `"/jquery/jquery.min.js"` to
`"/jquery/1.2.0/jquery.min.js"`.


[[mvc-default-servlet-handler]]
=== Default Servlet

This allows for mapping the `DispatcherServlet` to "/" (thus overriding the mapping
of the container's default Servlet), while still allowing static resource requests to be
handled by the container's default Servlet. It configures a
`DefaultServletHttpRequestHandler` with a URL mapping of "/**" and the lowest priority
relative to other URL mappings.

This handler will forward all requests to the default Servlet. Therefore it is important
that it remains last in the order of all other URL `HandlerMappings`. That will be the
case if you use `<mvc:annotation-driven>` or alternatively if you are setting up your
own customized `HandlerMapping` instance be sure to set its `order` property to a value
lower than that of the `DefaultServletHttpRequestHandler`, which is `Integer.MAX_VALUE`.

To enable the feature using the default setup use:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
			configurer.enable();
		}

	}
----

Or in XML:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<mvc:default-servlet-handler/>
----

The caveat to overriding the "/" Servlet mapping is that the `RequestDispatcher` for the
default Servlet must be retrieved by name rather than by path. The
`DefaultServletHttpRequestHandler` will attempt to auto-detect the default Servlet for
the container at startup time, using a list of known names for most of the major Servlet
containers (including Tomcat, Jetty, GlassFish, JBoss, Resin, WebLogic, and WebSphere).
If the default Servlet has been custom configured with a different name, or if a
different Servlet container is being used where the default Servlet name is unknown,
then the default Servlet's name must be explicitly provided as in the following example:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
			configurer.enable("myCustomDefaultServlet");
		}

	}
----

Or in XML:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
	<mvc:default-servlet-handler default-servlet-name="myCustomDefaultServlet"/>
----



[[mvc-config-path-matching]]
=== Path Matching
[.small]#<<web-reactive.adoc#webflux-config-path-matching,Same in Spring WebFlux>>#

This allows customizing options related to URL matching and treatment of the URL.
For details on the individual options check out the
{api-spring-framework}/web/servlet/config/annotation/PathMatchConfigurer.html[PathMatchConfigurer] API.

Example in Java config:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	@EnableWebMvc
	public class WebConfig implements WebMvcConfigurer {

		@Override
		public void configurePathMatch(PathMatchConfigurer configurer) {
			configurer
			    .setUseSuffixPatternMatch(true)
			    .setUseTrailingSlashMatch(false)
			    .setUseRegisteredSuffixPatternMatch(true)
			    .setPathMatcher(antPathMatcher())
			    .setUrlPathHelper(urlPathHelper());
		}

		@Bean
		public UrlPathHelper urlPathHelper() {
		    //...
		}

		@Bean
		public PathMatcher antPathMatcher() {
		    //...
		}

	}
----

In XML, the same:

[source,xml,indent=0]
[subs="verbatim,quotes"]
----
    <mvc:annotation-driven>
        <mvc:path-matching
            suffix-pattern="true"
            trailing-slash="false"
            registered-suffixes-only="true"
            path-helper="pathHelper"
            path-matcher="pathMatcher"/>
    </mvc:annotation-driven>

    <bean id="pathHelper" class="org.example.app.MyPathHelper"/>
    <bean id="pathMatcher" class="org.example.app.MyPathMatcher"/>
----



[[mvc-config-advanced-java]]
=== Advanced Java Config
[.small]#<<web-reactive.adoc#webflux-config-advanced-java,Same in Spring WebFlux>>#

`@EnableWebMvc` imports `DelegatingWebMvcConfiguration` that (1) provides default Spring
configuration for Spring MVC applications and (2) detects and delegates to
``WebMvcConfigurer``'s to customize that configuration.

For advanced mode, remove `@EnableWebMvc` and extend directly from
`DelegatingWebMvcConfiguration` instead of implementing `WebMvcConfigurer`:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Configuration
	public class WebConfig extends DelegatingWebMvcConfiguration {

		// ...

	}
----

You can keep existing methods in `WebConfig` but you can now also override bean declarations
from the base class and you can still have any number of other ``WebMvcConfigurer``'s on
the classpath.



[[mvc-config-advanced-xml]]
=== Advanced XML Config

The MVC namespace does not have an advanced mode. If you need to customize a property on
a bean that you can't change otherwise, you can use the `BeanPostProcessor` lifecycle
hook of the Spring `ApplicationContext`:

[source,java,indent=0]
[subs="verbatim,quotes"]
----
	@Component
	public class MyPostProcessor implements BeanPostProcessor {

		public Object postProcessBeforeInitialization(Object bean, String name) throws BeansException {
			// ...
		}

	}
----

Note that `MyPostProcessor` needs to be declared as a bean either explicitly in XML or
detected through a `<component scan/>` declaration.