This commit picks up where the two previous commits left off.
Specifically, this commit:
- Removes the "severity=warning" configuration to ensure that violations
actually fail the build.
- Fixes regular expressions for suppressions by matching forward
slashes using `[\\/]` instead of `\/`.
- Moves the configuration for newly introduced checks to locations in
checkstyle.xml that align with the existing organization of that file.
- Renames the IDs for RegexpSinglelineJava checks from
javaDocPackageNonNullApiAnnotation/javaDocPackageNonNullFieldsAnnotation
to packageLevelNonNullApiAnnotation/packageLevelNonNullFieldsAnnotation,
respectively, since these checks are not related to Javadoc.
- Simplifies the null-safety annotation checks to match against
imported annotation types, which enforces consistency across
package-info.java files for the annotation declarations.
- Simplifies the RegEx for JavadocPackage suppressions to only exclude
packages not under src/main/java (vs src/main) and those in the
framework-docs module.
- Consistently suppresses all checks for the `asm`, `cglib`, `objenesis`,
and `javapoet` packages in spring-core.
- Adds explicit suppressions for null-safety annotations for the `lang`
package in spring-core.
- Adds explicit suppressions for null-safety annotations for the
`org.aopalliance` package in spring-aop.
- Revises the RegEx for null-safety annotation suppressions to only
exclude package-info.java files not under src/main/java and
additionally to exclude package-info.java files in the framework-docs
module as well as those in the spring-context-indexer,
spring-instrument, and spring-jcl modules.
- Adds all missing package-info.java files.
- Adds null-safety annotations to package-info.java files where
appropriate.
Closes gh-30069
If content-length is available, pass it to readNBytes in
ByteArrayHttpMessageConverter. When the content length is less than
the internal buffer size in InputStream (8192), this avoids a copy,
as readNBytes will return the buffer directly. When the content length
is greater than the buffer size used in InputStream, passing the
content-length at least avoids over-allocating the final buffer (e.g.,
if the content length were 8193 bytes, 1 byte more than the default
buffer size).
If the content length isn't present or is too large to represent as
an integer, fall back to the default behavior of readAllBytes by
passing in Integer.MAX_VALUE.
See gh-30010
HttpServiceProxyFactoryExtensions.kt has been mistakenly created
in spring-webflux module instead of spring-web, breaking JPMS for
WebFlux users.
This commit moves this file and related tests to the spring-web
module.
Closes gh-30042
This commit ensures that WebFlux's RequestMethodsRequestCondition
supports HTTP methods that are not in the RequestMethod enum.
- RequestMethod::resolve is introduced, to convert from a HttpMethod
(name) to enum values.
- RequestMethod::asHttpMethod is introduced, to convert from enum value
to HttpMethod.
- HttpMethod::valueOf replaced Map-based lookup to a switch statement
- Enabled tests that check for WebDAV methods
See gh-27697
Closes gh-29981
This commit refines ModelAttributeMethodProcessor Kotlin exception
handling in order to throw a proper MethodArgumentNotValidException
instead of a NullPointerException when Kotlin null-safety constraints
are not fulfilled, translating to an HTTP error with 400 status code
(Bad Request) instead of 500 (Internal Server Error).
Closes gh-23846
MethodArgumentTypeMismatchException and
MethodArgumentConversionNotSupportedException are TypeMismatchException
subclasses with MethodParameter information and should initialize
propertyName in TypeMismatchInformation.
Closes gh-29959
This commit introduces DataBuffer::readableByteBuffers and
DataBuffer::writableByteBuffers, allowing restricted access to the
ByteBuffer used internally by DataBuffer implementations.
Closes gh-29943
Includes small refactoring in DefaultServerWebExchange and adjustment
of initMultipartData to get involved for any "multipart/" prefixed
media type.
In addition, "multipart/related" is now in the list of media types
supported by FormHttpMessageConverter, which aligns it with
MultipartHttpMessageReader.
Closes gh-29671
This commit ensures the ContentDisposition class prints the filename in
both in the regular filename parameter and the extended filename*
parameter (RFC 5987).
Quoted printable (RFC 2047) is used to encode any non-ASCII characters
in the regular filename parameter.
Closes gh-29861
This commit ensures that we register a result callback when executing
the request (next to the existing response callback), which gets
notified of invalid hosts and other connection issues.
Closes gh-29156
In the checkHeaders method, if allowedHeaders contains * the result
size can be requestHeaders.size(), but if this is not the case
then the result size can only be as big as the minimum value
of requestHeaders.size() and allowedHeaders.size().
requestHeaders.size() can be potentially big (user input) and
allowedHeaders.size() could be small, so this saves memory in
that case.
Closes gh-29853
Add constructors to HttpMediaTypeNotSupportedException and
UnsupportedMediaTypeStatusException for a parse error that also accept
the list of supported media types to include in the response headers.
Closes gh-28062
Prior to this commit, the "uri" KeyValue for low cardinality metadata
would contain the entire uri template given to the HTTP client when
creating the request. This was a breaking change for existing metrics
dashboards, as previous support was removing the protocol, host and port
parts of the URI.
Indeed, this information is available in the "client.name" and
"http.uri" KayValue.
This commit parses and removes the protocol+host+port information from
the uri template for the "uri" KeyValue.
Fixes gh-29885
Prior to this commit, the `"client.name"` key value for the
`"http.client.requests"` client HTTP observations would be considered as
high cardinality, as the URI host is technically unbounded.
In practice, the number of hosts used by a client in a given application
can be considered as low cardinality. This commit moves this keyvalue to
low cardinality so that it's present for both metrics and traces.
Closes gh-29839
This commit introduces support for Optional in the
AbstractJackson2HttpMessageConverter, similar the existing support for
collection types were supported.
Closes gh-24498
This commit introduces support for double-quoted HTTP header values in
HttpHeaders::getValuesAsList, as described in RFC 9110 section 5.5.
Closes gh-29785
This commit changes the FatalBeanException previously thrown for
an IllegalArgumentException which seems more suitable for that
use case.
Closes gh-29859
Originally, `Base64Utils` was providing base64 encoding and decoding
utilities, bridging to commons-codecs or Java 8, if available. Since
then, only the Java 8 variant remains and Spring Framework 6 requires
now Java 17. This utility class doesn't provide additional checks or
syntactic sugar over what's in Java already.
As a result, this commit deprecates this class in favor of `Base64` and
schedules the removal of this class completely.
Closes gh-28434
Prior to this commit, a Spring web application would not be able to
serialize a `ProblemDetail` object instance in a Native Image, as
serialization hints would be missing.
This commit adds a RuntimeHints registrar that processes the
`ProblemDetail` type accordingly during the AOT phase.
Fixes gh-29801
This commit takes rfc8297 into account and introduces a newer code 103
HttpStatus value which uses `Early Hints` as the more correct reason
phrase, deprecating the outdated `CHECKPOINT` enum value for 103.
Additionally:
- `HttpStatus.valueOf(103)` will return the new enum value
- `HttpStatusCode#isSameCodeAs(HttpStatusCode)` is introduced to ease
comparison of deprecated enums vs their newer counterparts (or any
instance of a more generic `HttpStatusCode`) by comparing the integer
`value()`
- `HttpStatusTests` covers the new deprecation as well as the three
previously deprecated codes, including a check with the above new
method to ensure they have comparable integer values
Supersedes and Closes gh-27960
Prior to this commit, extracting the path within handler mapping would
result in "" if the matching path element would be a Regex and contain
".*". This could cause issues with resource handling if the handler
mapping pattern was similar to `"/folder/file.*.extension"`.
This commit introduces a new `isLiteral()` method in the `PathElement`
abstract class that expresses whether the path element can be compared
as a String for path matching or if it requires a more elaborate
matching process.
Using this method for extracting the path within handler mapping avoids
relying on wildcard count or other properties.
Fixes gh-29712
This commit ensures that the same multipart codecs are registered on
both client and server. Previously, only the client enabled only sending
multipart, and the server only receiving.
Closes gh-29630
This commit introduces additional constructors in MockClientHttpRequest
and MockClientHttpResponse that were previously only present in the
internal "test fixtures" in spring-web.
This commit also aligns the mocks in spring-test with the test fixtures
in spring-web to simplify continued maintenance of the mocks and test
fixtures.
Closes gh-29670
This commit deprecates the `"application/graphql+json"` media type in
favor of the new `"application/graphql-response+json"`, since the former
has been removed in graphql/graphql-over-http#215.
Closes gh-29617
This ensures that by default the reason is used to set the "detail"
field. It's a follow-up fix to a27f2e994b
which resolved the issue partially.
Closes gh-29608
Reflective getHeaders calls to be revisited; see GitHub issue #8938 in Jetty project.
HttpOutput optimization commented out still in order to avoid alpha build dependency.
See gh-29575
LocalVariableTableParameterNameDiscoverer is not registered by default anymore now.
Java sources should be compiled with `-parameters` instead (available since Java 8).
Also retaining standard Java parameter names for all of Spring's Kotlin sources now.
Closes gh-29531
- The return values of ServletWebRequest.validateIfUnmodifiedSince and
DefaultServerWebExchange.validateIfUnmodifiedSince are not used. So I
think that it is better to remove the return statements.
- Add missing @Nullable declarations to eTag method parameters.
- Simplify if statements
Closes gh-29460
As a follow-up to gh-29277, and since the JAXB support is now
triggered by the classpath presence of a JAXB implementation,
it makes sense to make SourceHttpMessageConverter, previously
configured unconditionally, optional.
That makes a big difference on native (1M of RSS reduction
with current typical Spring Boot 3 arrangement, 3.4M when
other usages of XML are not reachable).
It also brings more consistency between Spring MVC
and Spring WebFlux, and means that XML support for
Spring web applications now needs to be enabled explicitly.
As a consequence, Spring web applications using
javax.xml.transform.Source now needs to configure
SourceHttpMessageConverter explicitly in RestTemplate or
Spring MVC.
Closes gh-29535
Prior to this commit, the Observation Servlet filter would record
unhandled exceptions on the observation context but would leave the
default HTTP response status as is.
Servlet containers do set the response status in that case to 500 by
default. Not doing that at the Servlet filter level results in invalid
observations, stating that the HTTP response status is 200 (because the
error status hasn't been set yet by the container) and as a result, the
outcome is SUCCESS.
This commit ensures that the error status is set in those cases,
aligning the behavior with Servlet containers.
Fixes gh-29512
This commit removes specific version info from Jackson codecs and
converters, in favor of generic info or removing the version information
all together.
See gh-29508
Prior to this commit, the server observability support would create a
cycle in Java packages.
This commit refactors the current arrangement to solve this by:
* "flattening" the reactive HTTP instrumentation; this removes the
dependency to the `ServerWebExchange` and `PathPattern` types
* moving the `observation` package under
`org.springframework.http.server` and
`org.springframework.http.server.reactive`
See gh-29477
James Yuzawa
Arjen Poutsma
rstoyanchev
Sam Brannen
Juergen Hoeller
Patrick Strawderman
Violeta Georgieva
Baljit Singh
Sergiu Prodan
Sébastien Deleuze
Johnny Lim
Brian Clozel
Toshiaki Maki
Ronny Perinke
Yanming Zhou
Donghyeon Kim
Thom Hurks
Eden Tyler-Moss
Kevin Yue
xavier-b
Simon Baslé
Krzysztof Krason
Sam Brannen
CoderYellow
Spark61
divcon
Andy Wilkinson
Andriy