Spring Framework 5.2.2 introduced a regression in
DefaultResponseErrorHandler.handleError(ClientHttpResponse)
Specifically, for use cases where the InputStream had already been
consumed by the first invocation of getResponseBody(), the second
invocation of getResponseBody() resulted in the response body being
absent in the created UnknownHttpStatusCodeException.
This commit fixes this by invoking getResponseBody() only once in
DefaultResponseErrorHandler.handleError(ClientHttpReponse) in order to
reuse the retrieved response body for creating the exception message
and as a separate argument to the UnknownHttpStatusCodeException
constructor.
Closes gh-24595
This commit adds two new properties to the `ReactorResourceFactory`.
This allows to configure the quiet and timeout periods when shutting
down Reactor resources. While we'll retain Reactor Netty's default for
production use, this option is useful for tests and developement
environments when developers want to avoid long waiting times when
shutting down resources.
Fixes gh-24538
Jackson's asynchronous parser does not support any encoding except UTF-8
(or ASCII). This commit converts non-UTF-8/ASCII encoded JSON to UTF-8.
Closes gh-24489
This commit makes the Jackson2Tokenizer enable
TokenBuffer.forceUseOfBigDecimal if the element type given to the
Decoder is BigDecimal. Previous to this commit, values would be
converted to floats.
Closes gh-24479
After this commit, Jackson2Tokenizer honours ObjectMapper's
DeserializationFeature.USE_BIG_DECIMAL_FOR_FLOATS feature when creating
TokenBuffers.
Closes gh-24479
We used ConnectionProvider#elastic only to customize the name. Now that
Reactor Netty's TcpResources itself uses fixed 500 by default, we
update to have the same value which would apply when global resources
are not used.
Closes gh-24424
This commit deprecates PathExtensionContentNegotiationStrategy and
ServletPathExtensionContentNegotiationStrategy and also updates code
that depends on them internally to remove that dependence.
See gh-24179
ContentNegotiationManagerFactoryBean now ensures that
ContentNegotiationManager contains the MediaType mappings even if the
path extension and the parameter strategies are off.
There are also minor fixes to ensure the media type mappings in
ContentNegotiationManagerFactoryBean aren't polluted when mapping keys
are not lowercase, and likewise MappingMediaTypeFileExtensionResolver
filters out duplicates in the list of all file extensions.
See gh-24179
Before this commit, the AbstractJackson2Encoder instantiated a
ObjectWriter per value. This is not an issue for single values or
non-streaming scenarios (which effectively are the same, because in the
latter values are collected into a list until offered to Jackson).
However, this does create a problem for SMILE, because it allows for
shared references that do not match up when writing each value with a
new ObjectWriter, resulting in errors parsing the result.
This commit uses Jackson's SequenceWriter for streaming scenarios,
allowing Jackson to reuse the same context for writing multiple values,
fixing the issue described above.
Closes gh-24198
As of gh-21783, Spring WebFlux uses a `TomcatHeadersAdapter`
implementation to directly address the native headers used by the
server.
In the case of Tomcat, "Content-Length" and "Content-Type" headers are
processed separately and should not be added to the native headers map.
This commit improves the `HandlerAdapter` implementation for Tomcat and
removes those headers, if previously set in the map. The adapter
already has a section that handles the Tomcat-specific calls for such
headers.
Fixes gh-24361
This commit updates CORS support in order to check Origin header
in CorsUtils#isPreFlightRequest which does not change how Spring
MVC or WebFlux process CORS request but is more correct in term
of behavior since it is a public API potentially used in another
contexts.
It also removes an unnecessary check in
AbstractHandlerMethodMapping#hasCorsConfigurationSource and processes
every preflight request with PreFlightHandler.
Closes gh-24327
Prior to this commit, when WebFlux handlers added `"Content-*"` response
headers and an error happened while handling the request, all those
headers would not be cleared from the response before error handling.
This commit clears those headers from the response in two places:
* when invoking the handler and adapting the response
* when writing the response body
Not removing those headers might break HTTP clients since they're given
wrong information about how to interpret the HTTP response body: the
error response body might be very different from the original one.
Fixes gh-24238
Add a note on encoding for query parameters specifically mentioning the
"+" sign and a link to the reference docs.
Also remove duplicate Javadoc in UriComponentsBuilder which is already
inherited from UriBuilder.
The converter now tries to keep reading from the same InputStream which
should be possible with ordered and non-overlapping regions. When
necessary the InputStream is re-opened.
Closes gh-24214
The new register methods replace the now deprecated
encoder, decoder, reader, and writer methods, and also offer a choice
to opt into default properties such maxInMemorySize, if configured.
See gh-24124
This commit restores the interpretation of JSON as UTF-8 by default that
was removed in #bc205e0 and also ensures a charset is not appended
automatically to "application/json".
Closes gh-24123
Spring Framework 5.2 introduced support for caching @ControllerAdvice
beans; however, this caching was also applied incorrectly to
non-singleton beans.
This commit addresses this regression by only caching singleton
@ControllerAdvice beans.
Closes gh-24157
As a follow-up of gh-23961, this change provides a way for custom codecs
to align with the default codecs' behavior on common features like
buffer size limits and logging request details.
Closes gh-24118
Co-authored-by: Rossen Stoyanchev <rstoyanchev@pivotal.io>
Prior to this commit, developers could configure their WebClient to use
their custom `ExchangeStrategies`, by providing it in the
`WebClient.Builder` chain.
Once created, an `ExchangeStrategies` instance is not mutable, which
makes it hard for further customizations by other components. In the
case of the reported issue, other components would override the default
configuration for the codecs maxInMemorySize.
This commit makes the `ExchangeStrategies` mutable and uses that fact to
further customize them with a new `WebClient.Builder#exchangeStrategies`
`Consumer` variant. This commit is also deprecating those mutating
variants in favor of a new `WebClient.Builder#exchangeStrategies` that
takes a `ExchangeStrategies#Builder` directly and avoids mutation issues
altogether.
Closes gh-23961
Prior to this commit, developers could configure their WebClient to use
their custom `ExchangeStrategies`, by providing it in the
`WebClient.Builder` chain.
Once created, an `ExchangeStrategies` instance is not mutable, which
makes it hard for further customizations by other components. In the
case of the reported issue, other components would override the default
configuration for the codecs maxInMemorySize.
This commit makes the `ExchangeStrategies` mutable and uses that fact to
further customize them with a new `WebClient.Builder#exchangeStrategies`
`Consumer` variant. This commit is also deprecating those mutating
variants in favor of a new `WebClient.Builder#exchangeStrategies` that
takes a `ExchangeStrategies#Builder` directly and avoids mutation issues
altogether.
Closes gh-23961
This commit exposes the method that returns the media type used to write
forms. By default, it includes the charset in the content type, which
can cause issues with certain consumers. This commit changes the method
from a private to a protected method, so that users can override the
default behavior.
Closes: gh-22971
Fix uncommon case in Jackson2SmileDecoder, where a null token,
incicating a document separator in streaming mode, is followed by
NOT_AVAILABLE.
Closes gh-24009
Before this commit the connector waited for a completed response (via
ServerHttpResponse#setComplete or ServerHttpResponse#writeWith) or an
error signal in handling, but it didn't deal explicitly with the case
where both can occur.
This commit explicitly waits for the completion of handling (success
or error) before passing the response downstream. If an error occurs
after response completion, it is wrapped in a dedicated exception that
also provides access to the completed response.
Close gh-24051
Prior to this commit, methods in a @ControllerAdvice bean were
registered and invoked twice if the advice was a scoped bean (e.g.,
request or session scoped). In other words, both the proxy bean and the
target bean were wrapped in ControllerAdviceBean instances.
This commit fixes this bug by modifying the findAnnotatedBeans() method
in ControllerAdviceBean so that it filters out targets of scoped
proxies.
Closes gh-24017
Spring Framework 5.2 introduced support for implementing the Ordered
interface in a @ControllerAdvice bean. This support requires that
@ControllerAdvice beans be eagerly resolved from the BeanFactory in
order to invoke the getOrder() method defined in the Ordered interface.
Unfortunately doing so resulted in a regression in that an attempt to
eagerly resolve a scoped @ControllerAdvice bean throws a
BeanCreationException due to the lack of an active scope (e.g., request
or session scope).
This commit fixes this regression by avoiding eager resolution of scoped
@ControllerAdvice beans. As a direct consequence, the Ordered interface
is not supported for scoped @ControllerAdvice beans.
Closes gh-23985
Changes introduced in commit 9b2087618b
caused a regression for Cookie support in MockHttpServletResponse.
Specifically, an Expires attribute that cannot be parsed using
`ZonedDateTime.parse()` now results in an exception; whereas,
previously an entry such as `Expires=0` was allowed.
This commit fixes this issue in MockCookie by catching and ignoring any
DateTimeException thrown while attempting to parse an Expires attribute.
Closes gh-23911
Prior to this commit, if MockServletContext was configured with a
FileSystemResourceLoader, invocations of the following methods on a
Microsoft Windows operating system resulted in an InvalidPathException
if the supplied path contained a colon (such as "C:\\temp"). This is
inconsistent with the behavior on non-Windows operating systems. In
addition, for comparable errors resulting in an IOException, those
methods (except getRealPath()) return null instead of throwing the
exception.
- getResourcePaths()
- getResource()
- getResourceAsStream()
- getRealPath()
This commit makes handling of InvalidPathException and IOException
consistent for these methods: both exceptions now result in null be
returned by these methods.
Closes gh-23717
A ResponseStatus exception now exposes extra method to return headers
for the response. This is used in ResponseStatusExceptionHandler to
apply the headers to the response.
Closes gh-23741
- Add maxInMemorySize property to Decoder and HttpMessageReader
implementations that aggregate input to trigger
DataBufferLimitException when reached.
- For codecs that call DataBufferUtils#join, there is now an overloaded
variant with a maxInMemorySize extra argument. Internally, a custom
LimitedDataBufferList is used to count and enforce the limit.
- Jackson2Tokenizer and XmlEventDecoder support those limits per
streamed JSON object.
See gh-23884
At present, MockCookie doesn't preserve expires attribute. This has a
consequence that a cookie value set using
MockHttpServletResponse#addHeader containing an expires attribute will
not match the cookie value obtained from
MockHttpServletResponse#getHeader, since the expires attribute will get
calculated based on current time.
This commit enhances MockCookie to preserve the expires attribute.
Closes gh-23769
Bypass server cookie and write Set-Cookie header directly for Reactor
Netty, and Servlet API which do not provide options.
For Undertow use the sameSite attribute.
Closes gh-23693
If an error looks like a "disconnected client" but the response is not
yet committed then it can't be an I/O error from writing to the server
response. It is most likely as a result of a remote call as part of
request handling.
Not setting the response to 500 in this case results in a 200 response
status despite the error. Even if it was an I/O error from the server
response, setting the status won't impact a failed response.
Closes gh-23319
Add `ClientHttpRequestInitializer` interface that can be used with any
`HttpAccessor` to initialize each `ClientHttpRequest` before it's used.
This provides a useful alternative to `ClientHttpRequestInterceptor`
when users need to configure things like `HttpHeaders`.
Closes gh-22002
On a Servlet container a completion notification may come at any time
even in the UNSUBSCRIBED state, i.e. before the write Publisher has
called onSubscribe.
See: gh-23553
Prior to this commit, a lot of work had been done to prevent improper
use of testing Framework APIs throughout the codebase; however, there
were still some loopholes.
This commit addresses these loopholes by introducing additional
Checkstyle rules (and modifying existing rules) to prevent improper use
of testing framework APIs in production code as well as in test code.
- Checkstyle rules for banned imports have been refactored into
multiple rules specific to JUnit 3, JUnit 4, JUnit Jupiter, and
TestNG.
- Accidental usage of org.junit.Assume has been switched to
org.junit.jupiter.api.Assumptions.
- All test classes now reside under org.springframework packages.
- All test classes (including abstract test classes) now conform to the
`*Tests` naming convention.
- As an added bonus, tests in the renamed
ScenariosForSpringSecurityExpressionTests are now included in the
build.
- Dead JUnit 4 parameterized code has been removed from
DefaultServerWebExchangeCheckNotModifiedTests.
Closes gh-22962
Prior to this commit, the Spring Framework build would partially use the
dependency management plugin to import and enforce BOMs.
This commit applies the dependency management plugin to all Java
projects and regroups all version management declaration in the root
`build.gradle` file (versions and exclusions).
Some versions are overridden in specific modules for
backwards-compatibility reasons or extended support.
This commit also adds the Gradle versions plugin that checks for
dependency upgrades in artifact repositories and produces a report; you
can use the following:
./gradlew dependencyUpdates
Prior to this commit, the entry set of read-only HttpHeaders lost the
original headers' ordering.
The changes in commit ce7278aaf4 introduced a regression in the read-only
HttpHeaders support. Specifically, the implementation of entrySet() in
the internal ReadOnlyHttpHeaders class converted the original entry set
to an immutable, non-ordered set of immutable entries.
This commit fixes this issue by converting the original entry set to an
immutable, ordered set of immutable entries.
Closes gh-23551
This commit prepends "[{index}] " to all custom display names
configured via @ParameterizedTest.
This provides better diagnostics between the "technical names" reported
on the CI server vs. the "display names" reported within a developer's
IDE.
See gh-23451
Prior to this commit, there was no way to replace the Set-Cookie header
via MockHttpServletResponse. Specifically, an invocation of setHeader()
for the Set-Cookie header resulted in an additional Set-Cookie header
instead of replacing the existing one, which is in violation of the
contract for javax.servlet.http.HttpServletResponse.setHeader(...).
This commit refactors the internals of MockHttpServletResponse to ensure
that an existing Set-Cookie header is overwritten when set via an
invocation of setHeader(). This commit also verifies the expected
behavior for addHeader() and addCookie() with regard to multiple cookies.
Closes gh-23512
Due to a bug (or "unintentional feature") in JUnit 4, overridden test
and lifecycle methods not annotated with @Test, @Before, @After, etc.
are still executed as test methods and lifecycle methods; however,
JUnit Jupiter does not support that. Thus, prior to this commit, some
overridden test and lifecycle methods were no longer executed after the
migration from JUnit 4 to JUnit Jupiter.
This commit addresses this issue for such known use cases, but there
are likely other such use cases within Spring's test suite.
See gh-23451
The use of LinkedCaseInsensitiveMap, going back to 3.0, makes it
unnecessary to iterate over keys which can cause
ConcurrentModificationException.
Closes gh-23460
Sébastien Deleuze
Juergen Hoeller
Lars Grefer
Sam Brannen
Gurps Bassi
Rossen Stoyanchev
陈其苗
Сергей Цыпанов
Johnny Lim
Andrew Woodbury
Adrian Cole
ZhangT
Brian Clozel
Robert Gründler
Arjen Poutsma
Hyunjin Choi
Oleh Faizulin
yokotaso
Christoph Dreis
Mark Hobson
jerzykrlk
Tomo Suzuki
Lorenzo Torracchi
AlexeyAnufriev
Vedran Pavic
Phillip Webb
Napster
Jonathan Bluett-Duncan
康智冬
Stephane Nicoll