Commit Graph

866 Commits

Author SHA1 Message Date
Brian Clozel c226753985 Do not rewrite relative links with FixedVersionStrategy
Prior to this change, the resource handling FixedVersionStrategy would
be applied on all links that match the configured pattern. This is
problematic for relative links and can lead to rewritten links such as
"/fixedversion/../css/main.css" which breaks.

This commit prevents that Strategy from being applied to such links.
Of course, one should avoid to use that VersionStrategy with relative
links, but this change aims at not breaking existing links even if it
means not prefixing the version as expected.

Issue: SPR-13727
2015-12-01 14:47:23 +01:00
Juergen Hoeller a0747c2148 Consistent bean type checking for endpoint handlers
Issue: SPR-13725
2015-11-25 21:26:03 +01:00
Brian Clozel b35d44bd4c Fix inputstream reading for HTTP range requests
Prior to this commit, range requests would be served by
ResourceHttpRequestHandler by partially reading the inputstream of
static resources. In case of resources contained in ZIP/JAR containers,
InputStreams may not fill the entire read buffer when calling
`inputStream.read(byte[])`. This was the case when using Spring Boot's
ZipInflaterInputStream - this would then not read the entire file
content and would close the response without writing the expected body
length indicated in the "Content-Length" header.

This commit makes sure that the whole resource is read.

Issue: SPR-13661
2015-11-24 21:36:22 +01:00
Johnny Lim 2defb6555e Fix broken Javadoc related to `<` and `>` 2015-11-12 11:22:08 +01:00
Rossen Stoyanchev e707347474 Fix failing tests 2015-11-11 18:02:50 -05:00
Rossen Stoyanchev 3a919a48d6 Switch "attachment" to "inline" on Content-Disposition
Issue: SPR-13587, SPR-13643
2015-11-11 17:14:29 -05:00
Juergen Hoeller 760bc719f2 Polishing 2015-11-09 15:03:14 +01:00
Juergen Hoeller bc7bcab578 Consistent method selection for listeners and endpoint mappings
Issue: SPR-13654
2015-11-09 14:57:45 +01:00
Rossen Stoyanchev a3168fde18 Expand range of whitelisted extensions by media type
This commit expands the range of whitelisted extensions by checking
if an extension can be resolved to image/*, audo/*, video/*, as well
as any content type that ends with +xml.

Issue: SPR-13643
2015-11-06 16:45:41 -05:00
Rossen Stoyanchev 237439ef97 Whitelist extension if present in the request mapping
We know skip the Content-Disposition header for any extension if the
chosen request mapping explicitly contains the URl extension.

Issue: SPR-13629
2015-11-06 12:37:13 -05:00
Brian Clozel 889366320d Do not process undefined conditional HTTP requests
Prior to this change, the HttpEntityMethodProcessor would try to process
conditional requests that are undefined by the spec, such as:

* an HTTP GET request with "If-None-Match:*"
* a request with both "If-None-Match" and "If-Match"
* a request with both "If-None-Match" and "If-Unmodified-Since"

This commit skips the processing of those requests as conditional
requests and continues with normal request handling.

Issue: SPR-13626
2015-11-06 17:59:41 +01:00
Rossen Stoyanchev ac975df448 Fix javadoc ambiguity
Issue: SPR-13642
2015-11-05 20:02:37 -05:00
Rossen Stoyanchev f0464e8176 Add section on RFD + whitelist yml/properties/csv
Issue: SPR-13643
2015-11-05 19:31:29 -05:00
Rossen Stoyanchev bdb71e91ad No Content-Disposition if HTML in the request mapping
Issue: SPR-13629
2015-11-02 13:07:48 -05:00
Juergen Hoeller cca037a74d Polishing 2015-11-02 14:42:46 +01:00
Juergen Hoeller ce20268597 Consistent warn logging without stacktrace in Portlet HandlerExceptionResolver
Issue: SPR-13611
2015-11-02 14:19:58 +01:00
Sebastien Deleuze 76d7f4527a Revert most SPR-13100 changes since SPR-13267 was a better fix
Issue: SPR-13596
2015-11-02 10:40:53 +01:00
Rossen Stoyanchev 598fafd957 Fix failing test 2015-10-29 21:02:45 -04:00
Rossen Stoyanchev c5995149b3 Further improve detecttion of custom CNVR
Refine the approach of having <mvc:view-resolvers> detect and use the
ContentNegotiationManager instance registered with
<mvc:annotation-driven> introduced in the last commit.

Issue: SPR-13559
2015-10-29 20:58:31 -04:00
Rossen Stoyanchev f84a0c914a Detect custom ContentNegotiationViewResolver
The <mvc:annotation-driven> element now adds an alias when a
ContentNegotiationManager bean is registered with a custom name.
This helps <mvc:view-resolvers> to more reliably find such a custom
ContentNegotiationManager.

Issue: SPR-13559
2015-10-29 18:01:00 -04:00
Brian Clozel 9334fabe26 Don't throw NPE when serving webjar directories
Prior to this change, serving resources with ResourceHttpRequestHandler
could result in NPE when requesting an existing folder located in a JAR.

This commit swallows those exceptions, as it is not possible to foresee
those cases without reading the actual resource. This result in a HTTP
200 response with a zero Content-Length instead of a HTTP 500 internal
exception.

Issue: SPR-13620
2015-10-29 16:10:27 +01:00
Juergen Hoeller a778468771 Consistent JSP tag documentation
Issue: SPR-13520
2015-10-28 18:31:17 +01:00
Juergen Hoeller a268cdb913 Fixed javadoc links to setCacheSeconds 2015-10-28 16:06:59 +01:00
Juergen Hoeller 6d369308cc Improved SessionLocaleResolver documentation
Issue: SPR-13505
2015-10-28 14:30:08 +01:00
Juergen Hoeller c1c07bbeb2 AbstractDispatcherServletInitializer allows for registering any FrameworkServlet subclass
Issue: SPR-13616
2015-10-28 14:00:20 +01:00
Juergen Hoeller 400749667a Polishing 2015-10-26 23:10:33 +01:00
Rossen Stoyanchev 1c382be00e Expose build method in SseEventBuilder
Issue: SPR-13591
2015-10-26 16:19:10 -04:00
Rossen Stoyanchev 050e79e45e Skip Content-Disposition header if status != 2xx
Issue: SPR-13588
2015-10-26 16:01:32 -04:00
Rossen Stoyanchev 2bd1daa75e Protect against RFD exploits
Issue: SPR-13548
2015-10-15 10:33:27 +02:00
Juergen Hoeller 6256586047 Polishing 2015-10-12 18:12:31 +02:00
Juergen Hoeller 1d59c5fd41 StandardScriptEvaluator uses same eval exception exposure as ScriptTemplateView
Issue: SPR-13557
2015-10-09 22:55:01 +02:00
Juergen Hoeller 44b76d39a4 ExceptionHandlerExceptionResolver allows for Model parameter
Issue: SPR-13546
2015-10-07 20:06:06 +02:00
Sam Brannen 28c07a6d38 Polish Javadoc for MVC exception handling classes 2015-10-06 17:30:45 +02:00
Sam Brannen 7ac6af0fb0 Polish Javadoc for AsyncHandlerInterceptor & RequestBodyAdvice 2015-10-06 09:35:24 +02:00
Rossen Stoyanchev 42e5ad4111 Polish 2015-09-30 14:05:08 -04:00
Rossen Stoyanchev 24a91b43cc Polish content negotiation 2015-09-29 17:08:37 -04:00
Sam Brannen 452b124ff6 Polish FreeMarker tests and suppress warnings 2015-09-28 19:33:49 +02:00
Sam Brannen 58c2990794 Reinstate and modernize Jasper Reports tests 2015-09-28 19:22:23 +02:00
Sam Brannen d5ee787e1e Migrate JUnit 3 tests to JUnit 4
This commit migrates all remaining tests from JUnit 3 to JUnit 4, with
the exception of Spring's legacy JUnit 3.8 based testing framework that
is still in use in the spring-orm module.

Issue: SPR-13514
2015-09-27 21:17:51 +02:00
Sebastien Deleuze 1580288815 Improve error reporting in ScriptTemplateView
This commit introduces a new ScriptRenderException in order to:
 - Print in the resulting error page the reason of the script failure
 - Not print the whole stacktrace in the logs

The ScriptRenderException thrown in ScriptTemplateView#renderMergedOutputModel()
is wrapped into a ServletException in order to avoid printing 2 times the messages in
the logs (throwing directly a ScriptRenderException would make it wrapped in a
NestedServletException that contains a getMessage() override not needed in this
context)

Issue: SPR-13488
2015-09-26 10:30:48 +02:00
Rossen Stoyanchev fdbe8dc4c1 ResponseBodyEmitter detects timeout/completion
ResponseBodyEmitter now registers by default to receive callbacks
on timeout/completion and sets its internal "complete" flag to true
in order to prevent proactively further use of the emitter.

Issue: SPR-13498
2015-09-25 14:06:33 -04:00
Juergen Hoeller 11b4e3be2c Consistent HttpMethod resolution against underlying HttpServletRequest 2015-09-24 20:53:22 +02:00
Brian Clozel 7f700cc63e Polish 2015-09-24 19:58:58 +02:00
Brian Clozel 583a48ab75 Do not process conditional requests for non-GET
Prior to this commit, HttpEntityMethodProcessor would process
conditional requests even if those aren't GET requests.
This is an issue for POST requests with "If-None-Match: *" headers and
many other use cases, which should not receive an HTTP 304 Not Modified
status in response.

This commit only triggers ETag/Last-Modified conditional requests bits
for GET requests.

Issue: SPR-13496
2015-09-24 17:49:20 +02:00
Juergen Hoeller c34a62e141 LocaleChangeInterceptor allows for ignoring invalid locale values
Issue: SPR-9456
2015-09-24 00:32:45 +02:00
Rossen Stoyanchev ffd9c62fc8 Translate IOException to HttpMessageNotReadableEx
Some converters (Jackson, Gson, Protobuf) already do this. It is now
also done in AbstractMessageConverterMethodArgumentResolver which
enforces a consistent behavior across controller method arguments.

Issue: SPR-12745
2015-09-23 17:22:37 -04:00
Juergen Hoeller 54d3d782a9 Polishing 2015-09-23 22:44:52 +02:00
Juergen Hoeller c7fd4ccf48 StandardScriptUtils.retrieveEngineByName for lookup with descriptive exception message
Also revised StandardScriptFactory for finer-grained template methods, added further configuration variants to StandardScriptEvaluator, and identified thread-local ScriptEngine instances in ScriptTemplateView by appropriate key.

Issue: SPR-13491
Issue: SPR-13487
2015-09-23 22:37:35 +02:00
Juergen Hoeller fe3aad4ab2 Latest dependency updates (H2 1.4.189, Underscore.js 1.8.3) 2015-09-23 22:03:08 +02:00
Sebastien Deleuze cffad9d4b1 Limit the number of ScriptEngine instances to the number of threads
This commit makes ThreadLocal<ScriptEngine> engineHolder ScriptTemplateView
field static in order to limit the maximum number of ScriptEngine instances
to the number of threads, regardless of the number of view instances.

Issue: SPR-13487
2015-09-23 13:17:37 +02:00