Merge branch '5.2.x' into master

Author: rstoyanchev

spring-web/src/main/java/org/springframework/http/converter/json/AbstractJackson2HttpMessageConverter.java

@@ -285,7 +285,15 @@ private Object readJavaType(JavaType javaType, HttpInputMessage inputMessage) th
 		}
 	}
 
-	private static Charset getCharset(@Nullable MediaType contentType) {
+	/**
+	 * Return the charset to use for JSON input.
+	 * <p>By default this is either the charset from the input {@code MediaType}
+	 * or otherwise falling back on {@code UTF-8}.
+	 * @param contentType the content type of the HTTP input message
+	 * @return the charset to use
+	 * @since 5.1.18
+	 */
+	protected static Charset getCharset(@Nullable MediaType contentType) {
 		if (contentType != null && contentType.getCharset() != null) {
 			return contentType.getCharset();
 		}

spring-web/src/main/java/org/springframework/web/filter/ForwardedHeaderFilter.java

@@ -81,20 +81,11 @@ public class ForwardedHeaderFilter extends OncePerRequestFilter {
 	}
 
 
-	private final UrlPathHelper pathHelper;
-
 	private boolean removeOnly;
 
 	private boolean relativeRedirects;
 
 
-	public ForwardedHeaderFilter() {
-		this.pathHelper = new UrlPathHelper();
-		this.pathHelper.setUrlDecode(false);
-		this.pathHelper.setRemoveSemicolonContent(false);
-	}
-
-
 	/**
 	 * Enables mode in which any "Forwarded" or "X-Forwarded-*" headers are
 	 * removed only and the information in them ignored.
@@ -151,7 +142,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 		}
 		else {
 			HttpServletRequest wrappedRequest =
-					new ForwardedHeaderExtractingRequest(request, this.pathHelper);
+					new ForwardedHeaderExtractingRequest(request);
 
 			HttpServletResponse wrappedResponse = this.relativeRedirects ?
 					RelativeRedirectResponseWrapper.wrapIfNecessary(response, HttpStatus.SEE_OTHER) :
@@ -235,7 +226,7 @@ private static class ForwardedHeaderExtractingRequest extends ForwardedHeaderRem
 		private final ForwardedPrefixExtractor forwardedPrefixExtractor;
 
 
-		ForwardedHeaderExtractingRequest(HttpServletRequest servletRequest, UrlPathHelper pathHelper) {
+		ForwardedHeaderExtractingRequest(HttpServletRequest servletRequest) {
 			super(servletRequest);
 
 			ServerHttpRequest request = new ServletServerHttpRequest(servletRequest);
@@ -251,7 +242,7 @@ private static class ForwardedHeaderExtractingRequest extends ForwardedHeaderRem
 
 			String baseUrl = this.scheme + "://" + this.host + (port == -1 ? "" : ":" + port);
 			Supplier<HttpServletRequest> delegateRequest = () -> (HttpServletRequest) getRequest();
-			this.forwardedPrefixExtractor = new ForwardedPrefixExtractor(delegateRequest, pathHelper, baseUrl);
+			this.forwardedPrefixExtractor = new ForwardedPrefixExtractor(delegateRequest, baseUrl);
 		}
 
 
@@ -320,8 +311,6 @@ private static class ForwardedPrefixExtractor {
 
 		private final Supplier<HttpServletRequest> delegate;
 
-		private final UrlPathHelper pathHelper;
-
 		private final String baseUrl;
 
 		private String actualRequestUri;
@@ -340,14 +329,10 @@ private static class ForwardedPrefixExtractor {
 		 * @param delegateRequest supplier for the current
 		 * {@link HttpServletRequestWrapper#getRequest() delegate request} which
 		 * may change during a forward (e.g. Tomcat.
-		 * @param pathHelper the path helper instance
 		 * @param baseUrl the host, scheme, and port based on forwarded headers
 		 */
-		public ForwardedPrefixExtractor(
-				Supplier<HttpServletRequest> delegateRequest, UrlPathHelper pathHelper, String baseUrl) {
-
+		public ForwardedPrefixExtractor(Supplier<HttpServletRequest> delegateRequest, String baseUrl) {
 			this.delegate = delegateRequest;
-			this.pathHelper = pathHelper;
 			this.baseUrl = baseUrl;
 			this.actualRequestUri = delegateRequest.get().getRequestURI();
 
@@ -384,7 +369,8 @@ private static String initForwardedPrefix(HttpServletRequest request) {
 		@Nullable
 		private String initRequestUri() {
 			if (this.forwardedPrefix != null) {
-				return this.forwardedPrefix + this.pathHelper.getPathWithinApplication(this.delegate.get());
+				return this.forwardedPrefix +
+						UrlPathHelper.rawPathInstance.getPathWithinApplication(this.delegate.get());
 			}
 			return null;
 		}

spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java

@@ -192,7 +192,13 @@ public static UriComponentsBuilder fromPath(String path) {
 	}
 
 	/**
-	 * Create a builder that is initialized with the given {@code URI}.
+	 * Create a builder that is initialized from the given {@code URI}.
+	 * <p><strong>Note:</strong> the components in the resulting builder will be
+	 * in fully encoded (raw) form and further changes must also supply values
+	 * that are fully encoded, for example via methods in {@link UriUtils}.
+	 * In addition please use {@link #build(boolean)} with a value of "true" to
+	 * build the {@link UriComponents} instance in order to indicate that the
+	 * components are encoded.
 	 * @param uri the URI to initialize with
 	 * @return the new {@code UriComponentsBuilder}
 	 */
@@ -439,11 +445,13 @@ public UriComponents build() {
 	}
 
 	/**
-	 * Build a {@code UriComponents} instance from the various components
-	 * contained in this builder.
-	 * @param encoded whether all the components set in this builder are
-	 * encoded ({@code true}) or not ({@code false})
+	 * Variant of {@link #build()} to create a {@link UriComponents} instance
+	 * when components are already fully encoded. This is useful for example if
+	 * the builder was created via {@link UriComponentsBuilder#fromUri(URI)}.
+	 * @param encoded whether the components in this builder are already encoded
 	 * @return the URI components
+	 * @throws IllegalArgumentException if any of the components contain illegal
+	 * characters that should have been encoded.
 	 */
 	public UriComponents build(boolean encoded) {
 		return buildInternal(encoded ?

spring-web/src/main/java/org/springframework/web/util/UrlPathHelper.java

@@ -85,6 +85,8 @@ public class UrlPathHelper {
 
 	private String defaultEncoding = WebUtils.DEFAULT_CHARACTER_ENCODING;
 
+	private boolean readOnly = false;
+
 
 	/**
 	 * Whether URL lookups should always use the full path within the current
@@ -96,6 +98,7 @@ public class UrlPathHelper {
 	 * <p>By default this is set to "false".
 	 */
 	public void setAlwaysUseFullPath(boolean alwaysUseFullPath) {
+		checkReadOnly();
 		this.alwaysUseFullPath = alwaysUseFullPath;
 	}
 
@@ -118,6 +121,7 @@ public void setAlwaysUseFullPath(boolean alwaysUseFullPath) {
 	 * @see java.net.URLDecoder#decode(String, String)
 	 */
 	public void setUrlDecode(boolean urlDecode) {
+		checkReadOnly();
 		this.urlDecode = urlDecode;
 	}
 
@@ -134,13 +138,15 @@ public boolean isUrlDecode() {
 	 * <p>Default is "true".
 	 */
 	public void setRemoveSemicolonContent(boolean removeSemicolonContent) {
+		checkReadOnly();
 		this.removeSemicolonContent = removeSemicolonContent;
 	}
 
 	/**
 	 * Whether configured to remove ";" (semicolon) content from the request URI.
 	 */
 	public boolean shouldRemoveSemicolonContent() {
+		checkReadOnly();
 		return this.removeSemicolonContent;
 	}
 
@@ -158,6 +164,7 @@ public boolean shouldRemoveSemicolonContent() {
 	 * @see WebUtils#DEFAULT_CHARACTER_ENCODING
 	 */
 	public void setDefaultEncoding(String defaultEncoding) {
+		checkReadOnly();
 		this.defaultEncoding = defaultEncoding;
 	}
 
@@ -168,6 +175,17 @@ protected String getDefaultEncoding() {
 		return this.defaultEncoding;
 	}
 
+	/**
+	 * Switch to read-only mode where further configuration changes are not allowed.
+	 */
+	private void setReadOnly() {
+		this.readOnly = true;
+	}
+
+	private void checkReadOnly() {
+		Assert.isTrue(!this.readOnly, "This instance cannot be modified");
+	}
+
 
 	/**
 	 * {@link #getLookupPathForRequest Resolve} the lookupPath and cache it in a
@@ -590,8 +608,7 @@ protected String determineEncoding(HttpServletRequest request) {
 	 * @return the updated URI string
 	 */
 	public String removeSemicolonContent(String requestUri) {
-		return (this.removeSemicolonContent ?
-				removeSemicolonContentInternal(requestUri) : removeJsessionid(requestUri));
+		return (this.removeSemicolonContent ? removeSemicolonContentInternal(requestUri) : requestUri);
 	}
 
 	private String removeSemicolonContentInternal(String requestUri) {
@@ -605,16 +622,6 @@ private String removeSemicolonContentInternal(String requestUri) {
 		return requestUri;
 	}
 
-	private String removeJsessionid(String requestUri) {
-		int startIndex = requestUri.toLowerCase().indexOf(";jsessionid=");
-		if (startIndex != -1) {
-			int endIndex = requestUri.indexOf(';', startIndex + 12);
-			String start = requestUri.substring(0, startIndex);
-			requestUri = (endIndex != -1) ? start + requestUri.substring(endIndex) : start;
-		}
-		return requestUri;
-	}
-
 	/**
 	 * Decode the given URI path variables via {@link #decodeRequestString} unless
 	 * {@link #setUrlDecode} is set to {@code true} in which case it is assumed
@@ -695,35 +702,37 @@ private boolean shouldRemoveTrailingServletPathSlash(HttpServletRequest request)
 
 
 	/**
-	 * Shared, read-only instance of {@code UrlPathHelper}. Uses default settings:
+	 * Shared, read-only instance with defaults. The following apply:
 	 * <ul>
 	 * <li>{@code alwaysUseFullPath=false}
 	 * <li>{@code urlDecode=true}
 	 * <li>{@code removeSemicolon=true}
 	 * <li>{@code defaultEncoding=}{@link WebUtils#DEFAULT_CHARACTER_ENCODING}
 	 * </ul>
 	 */
-	public static final UrlPathHelper defaultInstance = new UrlPathHelper() {
+	public static final UrlPathHelper defaultInstance = new UrlPathHelper();
 
-		@Override
-		public void setAlwaysUseFullPath(boolean alwaysUseFullPath) {
-			throw new UnsupportedOperationException();
-		}
+	static {
+		defaultInstance.setReadOnly();
+	}
 
-		@Override
-		public void setUrlDecode(boolean urlDecode) {
-			throw new UnsupportedOperationException();
-		}
 
-		@Override
-		public void setRemoveSemicolonContent(boolean removeSemicolonContent) {
-			throw new UnsupportedOperationException();
-		}
+	/**
+	 * Shared, read-only instance for the full, encoded path. The following apply:
+	 * <ul>
+	 * <li>{@code alwaysUseFullPath=true}
+	 * <li>{@code urlDecode=false}
+	 * <li>{@code removeSemicolon=false}
+	 * <li>{@code defaultEncoding=}{@link WebUtils#DEFAULT_CHARACTER_ENCODING}
+	 * </ul>
+	 */
+	public static final UrlPathHelper rawPathInstance = new UrlPathHelper();
 
-		@Override
-		public void setDefaultEncoding(String defaultEncoding) {
-			throw new UnsupportedOperationException();
-		}
-	};
+	static {
+		rawPathInstance.setAlwaysUseFullPath(true);
+		rawPathInstance.setUrlDecode(false);
+		rawPathInstance.setRemoveSemicolonContent(false);
+		rawPathInstance.setReadOnly();
+	}
 
 }

spring-web/src/main/java/org/springframework/web/util/WebUtils.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -733,6 +733,9 @@ public static MultiValueMap<String, String> parseMatrixVariables(String matrixVa
 			int index = pair.indexOf('=');
 			if (index != -1) {
 				String name = pair.substring(0, index);
+				if (name.equalsIgnoreCase("jsessionid")) {
+					continue;
+				}
 				String rawValue = pair.substring(index + 1);
 				for (String value : StringUtils.commaDelimitedListToStringArray(rawValue)) {
 					result.add(name, value);

spring-web/src/test/java/org/springframework/web/util/UrlPathHelperTests.java

@@ -126,14 +126,7 @@ public void getRequestKeepSemicolonContent() {
 		assertThat(helper.getRequestUri(request)).isEqualTo("/foo;a=b;c=d");
 
 		request.setRequestURI("/foo;jsessionid=c0o7fszeb1");
-		assertThat(helper.getRequestUri(request)).as("jsessionid should always be removed").isEqualTo("/foo");
-
-		request.setRequestURI("/foo;a=b;jsessionid=c0o7fszeb1;c=d");
-		assertThat(helper.getRequestUri(request)).as("jsessionid should always be removed").isEqualTo("/foo;a=b;c=d");
-
-		// SPR-10398
-		request.setRequestURI("/foo;a=b;JSESSIONID=c0o7fszeb1;c=d");
-		assertThat(helper.getRequestUri(request)).as("JSESSIONID should always be removed").isEqualTo("/foo;a=b;c=d");
+		assertThat(helper.getRequestUri(request)).isEqualTo("/foo;jsessionid=c0o7fszeb1");
 	}
 
 	@Test

spring-web/src/test/java/org/springframework/web/util/WebUtilsTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 
 package org.springframework.web.util;
 
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -65,29 +64,42 @@ public void parseMatrixVariablesString() {
 		MultiValueMap<String, String> variables;
 
 		variables = WebUtils.parseMatrixVariables(null);
-		assertThat(variables.size()).isEqualTo(0);
+		assertThat(variables).hasSize(0);
 
 		variables = WebUtils.parseMatrixVariables("year");
-		assertThat(variables.size()).isEqualTo(1);
+		assertThat(variables).hasSize(1);
 		assertThat(variables.getFirst("year")).isEqualTo("");
 
 		variables = WebUtils.parseMatrixVariables("year=2012");
-		assertThat(variables.size()).isEqualTo(1);
+		assertThat(variables).hasSize(1);
 		assertThat(variables.getFirst("year")).isEqualTo("2012");
 
 		variables = WebUtils.parseMatrixVariables("year=2012;colors=red,blue,green");
-		assertThat(variables.size()).isEqualTo(2);
-		assertThat(variables.get("colors")).isEqualTo(Arrays.asList("red", "blue", "green"));
+		assertThat(variables).hasSize(2);
+		assertThat(variables.get("colors")).containsExactly("red", "blue", "green");
 		assertThat(variables.getFirst("year")).isEqualTo("2012");
 
 		variables = WebUtils.parseMatrixVariables(";year=2012;colors=red,blue,green;");
-		assertThat(variables.size()).isEqualTo(2);
-		assertThat(variables.get("colors")).isEqualTo(Arrays.asList("red", "blue", "green"));
+		assertThat(variables).hasSize(2);
+		assertThat(variables.get("colors")).containsExactly("red", "blue", "green");
 		assertThat(variables.getFirst("year")).isEqualTo("2012");
 
 		variables = WebUtils.parseMatrixVariables("colors=red;colors=blue;colors=green");
-		assertThat(variables.size()).isEqualTo(1);
-		assertThat(variables.get("colors")).isEqualTo(Arrays.asList("red", "blue", "green"));
+		assertThat(variables).hasSize(1);
+		assertThat(variables.get("colors")).containsExactly("red", "blue", "green");
+
+		variables = WebUtils.parseMatrixVariables("jsessionid=c0o7fszeb1");
+		assertThat(variables).isEmpty();
+
+		variables = WebUtils.parseMatrixVariables("a=b;jsessionid=c0o7fszeb1;c=d");
+		assertThat(variables).hasSize(2);
+		assertThat(variables.get("a")).containsExactly("b");
+		assertThat(variables.get("c")).containsExactly("d");
+
+		variables = WebUtils.parseMatrixVariables("a=b;jsessionid=c0o7fszeb1;c=d");
+		assertThat(variables).hasSize(2);
+		assertThat(variables.get("a")).containsExactly("b");
+		assertThat(variables.get("c")).containsExactly("d");
 	}
 
 	@Test