tchekai704
/
src-spring-framework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

[docs] Move Filters section under Reactive Spring Web 

Issue: SPR-16394
pull/1772/head
Rossen Stoyanchev 7 years ago
parent
cc379f1cc7
commit
9dd3cd98ac
2 changed files with 55 additions and 43 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 95
      src/docs/asciidoc/web/webflux.adoc
  2. 3
      src/docs/asciidoc/web/webmvc.adoc

95
src/docs/asciidoc/web/webflux.adoc
Unescape View File

@ -316,7 +316,7 @@ Server support is organized in two layers: @@ -316,7 +316,7 @@ Server support is organized in two layers:
* <<webflux-httphandler,HttpHandler>> and server adapters -- the most basic, common API
for HTTP request handling with Reactive Streams back pressure.
* <<webflux-web-handler-api,WebHandler API>> -- slightly higher level but still general
* <<webflux-web-handler-api>> -- slightly higher level but still general
purpose server web API with filter chain style processing.
@ -448,7 +448,7 @@ This can be automated through the use of @@ -448,7 +448,7 @@ This can be automated through the use of
[[webflux-web-handler-api]]
=== WebHandler API
=== WebHandler
`HttpHandler` is the lowest level contract for running on different HTTP servers.
On top of that foundation, the WebHandler API provides a slightly higher level, but
@ -564,7 +564,7 @@ content to `Flux<Part>` without collecting to a `MultiValueMap`. @@ -564,7 +564,7 @@ content to `Flux<Part>` without collecting to a `MultiValueMap`.
[[webflux-codecs]]
=== HTTP Message Codecs
=== Message Codecs
[.small]#<<integration.adoc#rest-message-conversion,Same in Spring MVC>>#
The `spring-web` module defines the
@ -641,6 +641,55 @@ a heartbeat and ignore. @@ -641,6 +641,55 @@ a heartbeat and ignore.
[[webflux-filters]]
=== Filters
[.small]#<<web.adoc#filters,Same in Spring MVC>>#
As part of the <<webflux-web-handler-api>>, the `spring-web` module provides a number of
`WebFilter` implementations.
[[webflux-filters-forwarded-headers]]
==== Forwarded Headers
[.small]#<<web.adoc#filters-forwarded-headers,Same in Spring MVC>>#
As a request goes through proxies such as load balancers the host, port, and
scheme may change presenting a challenge for applications that need to create links
to resources since the links should reflect the host, port, and scheme of the
original request as seen from a client perspective.
https://tools.ietf.org/html/rfc7239[RFC 7239] defines the "Forwarded" HTTP header
for proxies to use to provide information about the original request. There are also
other non-standard headers in use such as "X-Forwarded-Host", "X-Forwarded-Port",
and "X-Forwarded-Proto".
`ForwardedHeaderFilter` detects, extracts, and uses information from the "Forwarded"
header, or from "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto".
It wraps the request in order to overlay its host, port, and scheme and also "hides"
the forwarded headers for subsequent processing.
Note that there are security considerations when using forwarded headers as explained
in Section 8 of RFC 7239. At the application level it is difficult to determine whether
forwarded headers can be trusted or not. This is why the network upstream should be
configured correctly to filter out untrusted forwarded headers from the outside.
Applications that don't have a proxy and don't need to use forwarded headers can
configure the `ForwardedHeaderFilter` to remove and ignore such headers.
[[webflux-filters-cors]]
==== CORS
[.small]#<<web.adoc#filters-cors,Same in Spring MVC>>#
Spring WebFlux provides fine-grained support for CORS configuration through annotations on
controllers. However when used with Spring Security it is advisable to rely on the built-in
`CorsFilter` that must be ordered ahead of Spring Security's chain of filters.
See the section on <<webflux-cors>> and the <<webflux-cors-webfilter>> for more details.
[[webflux-dispatcher-handler]]
== DispatcherHandler
@ -657,7 +706,7 @@ for access to the context it runs in. If `DispatcherHandler` is declared with th @@ -657,7 +706,7 @@ for access to the context it runs in. If `DispatcherHandler` is declared with th
name "webHandler" it is in turn discovered by
{api-spring-framework}/web/server/adapter/WebHttpHandlerBuilder.html[WebHttpHandlerBuilder]
which puts together a request processing chain as described in
<<webflux-web-handler-api,WebHandler API>>.
<<webflux-web-handler-api>>.
Spring configuration in a WebFlux application typically contains:
@ -854,44 +903,6 @@ views through the <<webflux-config-view-resolvers,WebFlux Config>>. Default view @@ -854,44 +903,6 @@ views through the <<webflux-config-view-resolvers,WebFlux Config>>. Default view
always selected and used if they match the requested media type.
[[webflux-filters]]
== Filters
[.small]#<<web.adoc#filters,Same in Spring MVC>>#
As part of the <<webflux-web-handler-api>>, the `spring-web` module provides a number of
`WebFilter` implementations.
[[webflux-filters-forwarded-headers]]
=== Forwarded Headers
[.small]#<<web.adoc#filters-forwarded-headers,Same in Spring MVC>>#
As a request goes through proxies such as load balancers the host, port, and
scheme may change presenting a challenge for applications that need to create links
to resources since the links should reflect the host, port, and scheme of the
original request as seen from a client perspective.
https://tools.ietf.org/html/rfc7239[RFC 7239] defines the "Forwarded" HTTP header
for proxies to use to provide information about the original request. There are also
other non-standard headers in use such as "X-Forwarded-Host", "X-Forwarded-Port",
and "X-Forwarded-Proto".
`ForwardedHeaderFilter` detects, extracts, and uses information from the "Forwarded"
header, or from "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto".
It wraps the request in order to overlay its host, port, and scheme and also "hides"
the forwarded headers for subsequent processing.
Note that there are security considerations when using forwarded headers as explained
in Section 8 of RFC 7239. At the application level it is difficult to determine whether
forwarded headers can be trusted or not. This is why the network upstream should be
configured correctly to filter out untrusted forwarded headers from the outside.
Applications that don't have a proxy and don't need to use forwarded headers can
configure the `ForwardedHeaderFilter` to remove and ignore such headers.
[[webflux-controller]]

3
src/docs/asciidoc/web/webmvc.adoc
Unescape View File

@ -1091,12 +1091,13 @@ See <<mvc-httpcaching-shallowetag>> for more details. @@ -1091,12 +1091,13 @@ See <<mvc-httpcaching-shallowetag>> for more details.
[[filters-cors]]
=== CORS
[.small]#<<web-reactive.adoc#webflux-filters-cors,Same in Spring WebFlux>>#
Spring MVC provides fine-grained support for CORS configuration through annotations on
controllers. However when used with Spring Security it is advisable to rely on the built-in
`CorsFilter` that must be ordered ahead of Spring Security's chain of filters.
See the section on <<mvc-cors>> and the <<mvc-cors-filter,CorsFilter>> for more details.
See the section on <<mvc-cors>> and the <<mvc-cors-filter>> for more details.

Write Preview
Loading…
Cancel
Save