With SPR-9293, it is now possible to HTML escape text while taking into
account the current response encoding. When using UTF-* encodings, only
XML markup significant characters are escaped, since UTF-* natively
support those characters.
This commit adds a new servlet context parameter to enable this fix by
default in a Spring MVC application:
<context-param>
<param-name>responseEncodedHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
Issue: SPR-12350, SPR-12132
During the HTTP Content Negotiation phase, the ContentNegotiationManager
uses configured ContentNegotiationStrategy(ies) to define the list of
content types accepted by the client.
When HTTP clients don't send Accept headers, nor use a configured
file extension in the request, nor a request param, developers can
define a default content type using the
ContentNegotiationConfigurer.defaultContentType() method.
This change adds a new overloaded defaultContentType method that takes a
ContentNegotiationStrategy as an argument. This strategy will take the
current request as an argument and return a default content type.
Issue: SPR-12286
This commit adds new htmlEscape methods that take the character encoding
as a parameter. According to specs and recommendations, the list of
chars to be html escaped depends on the encoding used in the response.
If the current char encoding supports chars natively, we shouldn't
escape those; of course, reserved chars (<,>,',",&) should always be
escaped.
See: http://www.w3.org/TR/html4/sgml/entities.html#h-24.3
See: spring-projects/spring-framework#385 by @candrews
Issue: SPR-9293
Before this change, the type of asynchronously produced return values
(e.g. Callable, DeferredResult, ListenableFuture) could not be
properly determined with an actual resulting value of null. Or even
with an actual value returned, the generic type could not be properly
determined. This change fixes both of those issues.
Issue: SPR-12287
This commit adds support for direct Jackson mix-in annotations registration in
Jackson2ObjectMapperFactoryBean and Jackson2ObjectMapperBuilder.
Issue: SPR-12144
Jackson2ObjectMapperBuilder now allows to create ObjectMapper and XmlMapper
instances easily thanks to its fluent API.
This builder is used in Jackson message converters and views to instantiate default
ObjectMapper and XmlMapper.
This commit also add a createXmlMapper property to
Jackson2ObjectMapperFactoryBean in order to allow to create easily a XmlMapper
instance.
Issue: SPR-12243
Prior to this commit, the `ProtobufHttpMessageConverter` would call
`outputMessage.getBody()` at the beginning of the `writeInternal`
method, thus writing HTTP headers. Since this method is trying to write
"x-protobuf" headers after that, protobuf support wasn't working
properly for the default "x-protobuf" media type.
Thanks Toshiaki Maki for the repro project!
Also fixed:
* improve `MockHttpOutputMessage` behavior to reproduce the read-only
state of HTTP headers once they've been written.
Issue: SPR-12229
This commit makes it possible to specify port with an URI template variable.
For example :
RestTemplate restTemplate = new RestTemplate();
restTemplate.getForObject("http://localhost:{port}/resource", String.class, 8080);
Issue: SPR-12123
This commit adds support for XML serialization/deserialization based on
the jackson-dataformat-xml extension. When using @EnableWebMvc or
<mvc:annotation-driven/>, Jackson will be used by default instead of JAXB2
if jackson-dataformat-xml classes are found in the classpath.
This commit introduces MappingJackson2XmlHttpMessageConverter and
MappingJackson2XmlView classes, and common parts between JSON
and XML processing have been moved to AbstractJackson2HttpMessageConverter
and AbstractJackson2View classes.
MappingJackson2XmlView supports serialization of a single object. If the model
contains multiple entries, MappingJackson2XmlView.setModelKey() should be
used to specify the entry to serialize.
Pretty print works in XML, but tests are not included since a Woodstox dependency
is needed, and it is better to continue testing spring-web and spring-webmvc
against JAXB2.
Issue: SPR-11785
This release contains the following new features:
- The new @JsonAdapter annotation to specify a Json TypeAdapter for a
class field
- JsonPath support: JsonParser.getPath() method returns the JsonPath
expression
- New public methods in JsonArray (similar to the java.util.List):
contains(JsonElement), remove(JsonElement), remove(int index),
set(int index, JsonElement element)
- Many other smaller bug fixes
See: https://groups.google.com/forum/#!topic/google-gson/MOqf5RGtIzk
Replace references to the old RFC 2616 (HTTP 1.1) with references
to the new RFCs 7230 to 7235.
This commit also deprecates:
- HttpStatus.USE_PROXY
- HttpStatus.REQUEST_ENTITY_TOO_LARGE in favor of HttpStatus.PAYLOAD_TOO_LARGE
- HttpStatus.REQUEST_URI_TOO_LONG in favor of HttpStatus.URI_TOO_LONG
Issue: SPR-12067
This change adds a new HttpMessageConverter supporting
Google protocol buffers (aka Protobuf).
This message converter supports the following media types:
* application/json
* application/xml
* text/plain
* text/html (output only)
* and by default application/x-protobuf
Note, in order to generate Proto Message classes, the protoc binary
must be available on your system.
Issue: SPR-5807/SPR-6259
Make it possible to use a ListenableFuture with Java 8
lambda expressions, using a syntax like
listenableFuture.addCallback(() -> ..., () -> ...);
Issue: SPR-11820
This commit fixes cases where part of the URI was mistaken for the
userinfo when:
* the URI did not contain any path
* the query string contained the "@"
Issue: SPR-11964
This commit introduces the RequestEntity, a class similar to
ResponseEntity, but meant for HTTP requests rather than responses. The
RequestEntity can be used both in RestTemplate as well as @MVC
scenarios.
The class also comes with a builder, similar to the one found in
ResponseEntity, which allows for building of a RequestEntity through a
fluent API.
Issue: SPR-11752
GroovyBeanDefinitionReader and Groovy ApplicationContexts redirect ".xml" files to XmlBeanDefinitionReader now, similar to what they've been doing for importBeans directives already. Analogously, @ImportResource for configuration classes redirects ".groovy" to GroovyBeanDefinitionReader now.
Issue: SPR-11924
Prior to this commit, calls to getAllow would fail is setAllow was set
to an EmptyCollection right before.
java.lang.IllegalArgumentException: No enum constant
org.springframework.http.HttpMethod
This commit fixes this by testing the header value for an empty value
before trying to use it to get a value from the Enum.
Issue: SPR-11917
After this change, java.util.Optional is supported with @RequestParam,
@RequestHeader, and @MatrixVariable arguments in Java 8. When Optional
is used the required flag is effectively ignored.
Issue: SPR-11829
Before this change @ModelAttribute methods were not invoked in any
particular order other than ensuring global @ControllerAdvice methods
are called first and local @Controller methods second.
This change introduces a simple algorithm that selects the next
@ModelAttribute method to invoke by making a pass over all methods and
looking for one that has no dependencies (i.e. @ModelAttribute
input arguments) or has all dependencies resolved (i.e. available in
the model). The process is repeated until no more @ModelAttribute
methods remain.
If the next @ModelAttribute method cannot be determined because all
remaining methods have unresolved dependencies, the first available
method is picked anyway just as before, i.e. with required
dependencies created through the default constructor.
Examples in ModelFactoryOrderingTests.
Issue: SPR-6299
This commit adds support to read and write JSON using the Google Gson
library. GsonHttpMessageConverter offers default Gson configuration, but
can be customized by using GsonFactoryBean. GsonFactoryBean includes
several convenience properties for configuring the internal GsonBuilder
and the resulting Gson object.
By default Gson converts byte arrays to JSON arrays instead of a Base64
encoded string. GsonBase64ByteArrayJsonTypeAdapter provides support to
read and write Base64 encoded byte arrays, and can be enabled in
GsonFactoryBean.
RestTemplate will enable GsonHttpMessageConverter only if Jackson 2 is
not found on the class path, because by default GsonHttpMessageConverter
supports the same media types as Jackson.
Issue: SPR-9488
The newly added support for ResponseBodyInterceptor is a good fit for
the (also recently added) support for the Jackson @JsonView annotation.
This change refactors the original implementation of @JsonView support
for @ResponseBody and ResponseEntity controller methods this time
implemented as an ResponseBodyInterceptor.
Issue: SPR-7156
This commit also includes lazy resolution support for StandardServletMultipartResolver, along the lines of existing lazy mode in CommonsMultipartResolver.
Issue: SPR-11074
Issue: SPR-11730
This feature required support for response exposure on Servlet/PortletRequestAttributes, instead of just in the Servlet/PortletWebRequest subclasses.
Issue: SPR-11795
Spring MVC now supports Jackon's serialization views for rendering
different subsets of the same POJO from different controller
methods (e.g. detailed page vs summary view).
Issue: SPR-7156
This change adds a strategy for assigning a default name to an
@RequestMapping controller method. The @RequestMapping annotation
itself now has a name attribute allowing the explicit assignment
of a mapping name.
This is mainly intended for use in EL expressions in views. The
RequestContext class now provides a getMvcUrl method that internally
delegates to MvcUriComponents to look up the handler method.
See the Javadoc of MvcUriComponents.fromMappingName.
Issue: SPR-5779
This change refines the logic of "mapping" content negotiation
strategies with regards to how to handle cases where no mapping is
found.
The request parameter strategy now treats request parameter values that
do not match any mapped media type as 406 errors.
The path extension strategy provides a new flag called
"ignoreUnknownExtensions" (true by default) that when set to false also
results in a 406. The same flag is also exposed through the
ContentNegotiationManagerFactoryBean and the MVC Java config.
Issue: SPR-10170
Animal sniffer provides tools to assist verifying that classes
compiled with a newer JDK are compatible with an older JDK.
This integratesthe latest version of the tool (1.11) that
permits the use of custom annotations. Added @UsesJava7,
@UsesJava8 and @UsesSunHttpServer and annotated the few places
where we rely on a specific environment.
The verification process can be invoked by running the 'sniff'
task.
Issue: SPR-11604
polishing
Arjen Poutsma
Sam Brannen
Brian Clozel
Rossen Stoyanchev
Craig Andrews
Juergen Hoeller
Sebastien Deleuze
Tadaya Tsuyukubo
Phillip Webb
Arjen Poutsma
Roy Clarkson
Stephane Nicoll
Rossen Stoyanchev
Brian Clozel
Sebastien Deleuze
Roy Clarkson
Mattias Severson
Stephane Nicoll
Chexpir