Prior to this change, the ResourceUrlEncodingFilter would work well when
the application is mapped to "/". But when mapped to a non-empty servlet
context, this filter would not properly encode URLs and apply
ResourceResolver URL resolution for resources.
This commit makes sure that the lookup path is properly resolved in the
request URI, taking into account the servlet context.
Issue: SPR-12459
The removed test testConfigFileParsingErrorWhenNamedBeans() could cause
a groovyc compilation error, for example when using latest IntelliJ IDEA.
Issue: SPR-12435
Using the "quotes" substitution group by default leads to side effect
when the "*" character is used. This is especially true for AOP pointcut
or for MVC mappings.
Plain verbatim might work most of the time unless you intend to highlight
a piece of code or a comment.
Issue: SPR-12456
Upgrade undertow dependency to 1.1.0.Final.
Add support for undertow 1.1.0.Final in the
UndertowRequestUpgradeStrategy, after a breaking change in the
`io.undertow.websockets.jsr.ConfiguredServerEndpoint` constructor.
Issue: SPR-12302
SPR-12354 applied new checks to make sure that served static resources
are under authorized locations.
Prior to this change, serving static resources from Servlet 3 locations
such as "/webjars/" would not work since those locations can be within
one of the JARs on path. In that case, the checkLocation method would
return false and disallow serving that static resource.
This change fixes this issue by making sure to call the
`ServletContextResource.getPath()` method for servlet context resources.
Note that there's a known workaround for this issue, which is using a
classpath scheme as location, such as:
"classpath:/META-INF/resources/webjars/" instead of "/webjars".
Issue: SPR-12432
This commit fixes the parsing of message destinations such as
"/user/anna/queue/foo", reverting a regression introduced by SPR-11506,
which worked well with @SendToUser use cases but caused issues for
messages sent to other users.
Issue: SPR-12444
Prior to this commit, JOptCommandLinePropertySource prevented the
possibility of non-String option arguments. This effectively prevents
the use of JOpt's #ofType support (which allows specifying custom
argument types).
Now, non-String arguments are detected and converted to strings as
necessary. JOpt's #ofType now works as expected. A test has been added
to cover this case.
Without this change the plus operator would fail to
include a CHECKCAST in generated bytecode when it
was compiled in cases where one of the operands
has a runtime type of String but a statically
declared type that was not String (i.e. Object).
Issue: SPR-12426
- remove leading '/' and control chars
- improve url and relative path checks
- account for URL encoding
- add isResourceUnderLocation final verification
Issue: SPR-12354
The following commit allowed HTTP DELETE with body:
584b831bb9
However it broke buffered requests even without a body since JDK 1.6
and 1.7 do not support calls to getOutputStream with HTTP DELETE.
This commit set the doOutput flag back to false if the actual buffered
body is 0 length.
Issue: SPR-12361
Brian Clozel
Juergen Hoeller
Rossen Stoyanchev
Sebastien Deleuze
Stephane Nicoll
Chris Beams
Andy Clement
Gary Russell
Spring Buildmaster
Sam Brannen