This commit ensures the ContentDisposition class prints the filename in
both in the regular filename parameter and the extended filename*
parameter (RFC 5987).
Quoted printable (RFC 2047) is used to encode any non-ASCII characters
in the regular filename parameter.
Closes gh-29861
This commit ensures that we register a result callback when executing
the request (next to the existing response callback), which gets
notified of invalid hosts and other connection issues.
Closes gh-29156
In the checkHeaders method, if allowedHeaders contains * the result
size can be requestHeaders.size(), but if this is not the case
then the result size can only be as big as the minimum value
of requestHeaders.size() and allowedHeaders.size().
requestHeaders.size() can be potentially big (user input) and
allowedHeaders.size() could be small, so this saves memory in
that case.
Closes gh-29853
Add constructors to HttpMediaTypeNotSupportedException and
UnsupportedMediaTypeStatusException for a parse error that also accept
the list of supported media types to include in the response headers.
Closes gh-28062
Prior to this commit, the "uri" KeyValue for low cardinality metadata
would contain the entire uri template given to the HTTP client when
creating the request. This was a breaking change for existing metrics
dashboards, as previous support was removing the protocol, host and port
parts of the URI.
Indeed, this information is available in the "client.name" and
"http.uri" KayValue.
This commit parses and removes the protocol+host+port information from
the uri template for the "uri" KeyValue.
Fixes gh-29885
Prior to this commit, the `"client.name"` key value for the
`"http.client.requests"` client HTTP observations would be considered as
high cardinality, as the URI host is technically unbounded.
In practice, the number of hosts used by a client in a given application
can be considered as low cardinality. This commit moves this keyvalue to
low cardinality so that it's present for both metrics and traces.
Closes gh-29839
This commit introduces support for Optional in the
AbstractJackson2HttpMessageConverter, similar the existing support for
collection types were supported.
Closes gh-24498
This commit introduces support for double-quoted HTTP header values in
HttpHeaders::getValuesAsList, as described in RFC 9110 section 5.5.
Closes gh-29785
This commit changes the FatalBeanException previously thrown for
an IllegalArgumentException which seems more suitable for that
use case.
Closes gh-29859
Originally, `Base64Utils` was providing base64 encoding and decoding
utilities, bridging to commons-codecs or Java 8, if available. Since
then, only the Java 8 variant remains and Spring Framework 6 requires
now Java 17. This utility class doesn't provide additional checks or
syntactic sugar over what's in Java already.
As a result, this commit deprecates this class in favor of `Base64` and
schedules the removal of this class completely.
Closes gh-28434
Prior to this commit, a Spring web application would not be able to
serialize a `ProblemDetail` object instance in a Native Image, as
serialization hints would be missing.
This commit adds a RuntimeHints registrar that processes the
`ProblemDetail` type accordingly during the AOT phase.
Fixes gh-29801
This commit takes rfc8297 into account and introduces a newer code 103
HttpStatus value which uses `Early Hints` as the more correct reason
phrase, deprecating the outdated `CHECKPOINT` enum value for 103.
Additionally:
- `HttpStatus.valueOf(103)` will return the new enum value
- `HttpStatusCode#isSameCodeAs(HttpStatusCode)` is introduced to ease
comparison of deprecated enums vs their newer counterparts (or any
instance of a more generic `HttpStatusCode`) by comparing the integer
`value()`
- `HttpStatusTests` covers the new deprecation as well as the three
previously deprecated codes, including a check with the above new
method to ensure they have comparable integer values
Supersedes and Closes gh-27960
Prior to this commit, extracting the path within handler mapping would
result in "" if the matching path element would be a Regex and contain
".*". This could cause issues with resource handling if the handler
mapping pattern was similar to `"/folder/file.*.extension"`.
This commit introduces a new `isLiteral()` method in the `PathElement`
abstract class that expresses whether the path element can be compared
as a String for path matching or if it requires a more elaborate
matching process.
Using this method for extracting the path within handler mapping avoids
relying on wildcard count or other properties.
Fixes gh-29712
This commit ensures that the same multipart codecs are registered on
both client and server. Previously, only the client enabled only sending
multipart, and the server only receiving.
Closes gh-29630
This commit introduces additional constructors in MockClientHttpRequest
and MockClientHttpResponse that were previously only present in the
internal "test fixtures" in spring-web.
This commit also aligns the mocks in spring-test with the test fixtures
in spring-web to simplify continued maintenance of the mocks and test
fixtures.
Closes gh-29670
This commit deprecates the `"application/graphql+json"` media type in
favor of the new `"application/graphql-response+json"`, since the former
has been removed in graphql/graphql-over-http#215.
Closes gh-29617
This ensures that by default the reason is used to set the "detail"
field. It's a follow-up fix to a27f2e994b
which resolved the issue partially.
Closes gh-29608
Reflective getHeaders calls to be revisited; see GitHub issue #8938 in Jetty project.
HttpOutput optimization commented out still in order to avoid alpha build dependency.
See gh-29575
LocalVariableTableParameterNameDiscoverer is not registered by default anymore now.
Java sources should be compiled with `-parameters` instead (available since Java 8).
Also retaining standard Java parameter names for all of Spring's Kotlin sources now.
Closes gh-29531
- The return values of ServletWebRequest.validateIfUnmodifiedSince and
DefaultServerWebExchange.validateIfUnmodifiedSince are not used. So I
think that it is better to remove the return statements.
- Add missing @Nullable declarations to eTag method parameters.
- Simplify if statements
Closes gh-29460
As a follow-up to gh-29277, and since the JAXB support is now
triggered by the classpath presence of a JAXB implementation,
it makes sense to make SourceHttpMessageConverter, previously
configured unconditionally, optional.
That makes a big difference on native (1M of RSS reduction
with current typical Spring Boot 3 arrangement, 3.4M when
other usages of XML are not reachable).
It also brings more consistency between Spring MVC
and Spring WebFlux, and means that XML support for
Spring web applications now needs to be enabled explicitly.
As a consequence, Spring web applications using
javax.xml.transform.Source now needs to configure
SourceHttpMessageConverter explicitly in RestTemplate or
Spring MVC.
Closes gh-29535
Prior to this commit, the Observation Servlet filter would record
unhandled exceptions on the observation context but would leave the
default HTTP response status as is.
Servlet containers do set the response status in that case to 500 by
default. Not doing that at the Servlet filter level results in invalid
observations, stating that the HTTP response status is 200 (because the
error status hasn't been set yet by the container) and as a result, the
outcome is SUCCESS.
This commit ensures that the error status is set in those cases,
aligning the behavior with Servlet containers.
Fixes gh-29512
This commit removes specific version info from Jackson codecs and
converters, in favor of generic info or removing the version information
all together.
See gh-29508
Prior to this commit, the server observability support would create a
cycle in Java packages.
This commit refactors the current arrangement to solve this by:
* "flattening" the reactive HTTP instrumentation; this removes the
dependency to the `ServerWebExchange` and `PathPattern` types
* moving the `observation` package under
`org.springframework.http.server` and
`org.springframework.http.server.reactive`
See gh-29477
This commit reverts changes to AbstractCacheManager since iterating
over the caches in a for-loop and a stream is duplicated effort.
This commit reverts changes to DefaultRenderingResponseBuilder,
RouterFunctions, and OriginHandshakeInterceptor since order matters for
those use cases: they were originally based on the semantics of
LinkedHashSet or LinkedHashMap; whereas, Set.copyOf() and Map.copyOf()
do not provide any guarantees regarding ordering.
This commit also applies analogous changes to "sibling" implementations
across Servlet mocks as well as Web MVC and WebFlux.
See gh-29321
Includes corresponding build upgrade to Tomcat 10.1.1 and Undertow 2.3.0
(while retaining runtime compatibility with Tomcat 10.0 and Undertow 2.2)
Closes gh-29435
Closes gh-29436
Prior to this commit, several variants of observation documentation
would share the same name; for example HTTP client observations for both
blocking and reactive clients would have the same name.
While it is required that they have the same metric name for dashboards,
the observation documentation names should be different so that they can
be documented without confusing developers.
This commit renames the observation documentation names to avoid that.
Closes gh-29431
This commit ensures that the matching path pattern for the request being
observed is used in the conytextual name, as advised in the OTel HTTP
server semantic conventions.
If the path pattern is not available, no additional value is provided
and the "http {method}" baseline is being used.
Fixes gh-29424
Prior to this commit, the ServerHttpObservationFilter would not add
the current observation as a key in the Reactor context, preventing
from being used or propagated during the HTTP exchange handling.
Also, the client instrumentation in `DefaultWebClient` would start
the observation once the request is fully formed and immutable,
preventing the context from being propagated through HTTP request
headers.
This commit fixes both uses cases now by:
* adding the current observation as a key in the reactor context
on the server side
* using the `ClientRequest.Builder` as a Carrier on the client side
Closes gh-29388
This commit makes sure that PartEvents with empty data buffer are
filtered out before written. Empty buffers caused issues with the
JdkClientHttpConnector.
Closes gh-29400
Add protected, convenience method in ResponseEntityExceptionHandler
to create a ProblemDetail for any exception, along with a
MessageSource lookup for the "detail" field.
Closes gh-29384
This commit makes sure that the current state of the PartGenerator
is able to handle an incoming buffer, possibly requested because of
a request coming from the subscription. All states accept new buffers
except the WritingFileState.
Closes gh-29227
Conditional requests using "If-Unmodified-Since" headers are generally
used as precondition checks for state-changing methods (POST, PUT,
DELETE). See https://datatracker.ietf.org/doc/html/rfc7232#section-3.4
The spec also allows for idempotent methods like GET and HEAD.
Prior to this commit, the "If-Unmodified-Since" processing done in
`checkNotModified` (see `ServletWebRequest` and
`DefaultServerWebExchange`) would only focus on the state changing
methods and not take into account the safe methods. For those cases, the
"ETag" and "Last-Modified" would be missing from the response.
This commit ensures that such headers are added as expected in these
cases.
Fixes gh-29362
In some cases, the default response status of a `ServerWebExchange` can
be `null`, especially when the response is not available or the server
implementation does not set a default response status.
This commit ensures that the status code is available when deriving
`KeyValue` information from it, or uses a fallback value for the key
value.
Fixes gh-29359
The observation context relies on request and response for propagation,
but the exchange itself holds attributes and locale context so this is
needed for keyvalues extraction in general.
This commit adds a getter to expose the exchange from the context.
Update `ServerHttpObservationFilter` to check if the `Observation`
is a no-op before adding the `ServerRequestObservationContext`.
Prior to this commit, if the `Observation` is a no-op then the
context type added with the `CURRENT_OBSERVATION_CONTEXT_ATTRIBUTE`
would not be a `ServerRequestObservationContext`. This would mean
that `findObservationContext` would throw a `ClassCastException`.
Fixes gh-29356
Prior to this commit, the `ServerHttpObservationFilter` would set the
response status (and possibly overwrite it) in case an exception is
found as an attribute.
While the exception itself should be used in the observation, the filter
should have no side effect on the response.
Fixes gh-29353
This commit upgrades Jackson to 2.14.0-rc2, and uses the new
ByteBufferFeeder in Jackson2Tokenizer.
Unfortunately, because of https://github.com/FasterXML/jackson-core/issues/478,
we had to change the CompilerConventions to suppress class file warnings.
Closes gh-29343
This commit makes sure that `@ExceptionHandler`-annotated methods can be
invoked via reflection in a native image. As most of the handling of
the parameter and the return type is shared with our generic
RequestMapping handling, the ReflectiveProcessor extends from it.
An `@ExceptionHandler`-annotated method can return a `ProblemDetail`. If
that's the case, reflection entries are contributed.
Closes gh-29297
This commit improves the exception message thrown by MultipartParser
when it cannot find the end of the multipart body, by showing in the
message what the parser is looking for (CRLF--<boundary>).
Closes gh-28067
This commit also removes ResourcePropertiesPersister which
was introduced in 5.3 specifically for spring.xml.ignore
flag and which is expected to be used only internally by
Spring Framework. DefaultPropertiesPersister should be used
instead.
Closes gh-29277
This commit introduces support for CBOR and Protobuf using Kotlin
serialization. Support comes in the form of Encoder/Decoder as well
as HttpMessageConverters. Seperate abstract base classes supply support
for binary and string (de)serialization.
The exising JSON codecs and message converters have been migrated to
use the new base classes.
Closes gh-27628
Prior to this commit, the Observation filter for Servlet applications
would only use the request pathInfo as an "http.url" high cardinality
keyvalue. This commit ensures that we're using the full request URL as a
value there.
This also polishes gh-29254.
Fixes gh-29257
See gh-29254
This commit changes the new high cardinality key value from
"uri.expanded" to "http.url" in order to align with the OTel
specification, since there is no need for backwards compatibility on
this new metadata.
Closes gh-29254
Prior to this commit, the `RestTemplate` `ClientHttpObservation` would
be started before the request object is available. While this would also
measure the connection estalishment for some HTTP client libraries, this
arrangement is incompatible with a tracing approach where the request
must be available to propagate information through the request headers.
This commit ensures that the observation only starts when the request is
available.
Fixes gh-29234
Prior to this commit, the HTTP Observations would use
`HttpStatus.Series` as a value source for the "outcome" key value in
recorded observations. This would work for most cases, but would not
align in the 2xx HTTP status cases: the series would provide a
"SUCESSFUL" value whereas the heritage metrics support in Spring Boot
would give "SUCESS".
This commit introduces a dedicated `HttpOutcome` concept for this and
applies it to all HTTP observations.
Fixes gh-29232
This commit ensures that all HTTP `ObservationConvention`
implementations provide a consistent contextual name for observations.
This name should be like "http get" where only the HTTP verb changes
depending on the request.
Fixes gh-29231
This commit also temporarily changes a test assertion for the Jackson
Kotlin module.
As of https://youtrack.jetbrains.com/issue/KT-52932, Kotlin enhanced the
`IntRange` and this change is not supported yet by the Jackson Kotlin
module. An issue has been reported here:
FasterXML/jackson-module-kotlin#582
Closes gh-29225
Sam Brannen
Sébastien Deleuze
Arjen Poutsma
Juergen Hoeller
Thom Hurks
rstoyanchev
Eden Tyler-Moss
Kevin Yue
xavier-b
Johnny Lim
Brian Clozel
Simon Baslé
Krzysztof Krason
Sam Brannen
CoderYellow
Spark61
Baljit Singh
divcon
Andy Wilkinson
Andriy
Kulwant Singh
Christoph Dreis
Marcin Grzejszczak
Phillip Webb
Yanming Zhou
Stephane Nicoll
Iain Henderson
Violeta Georgieva