Merge branch '5.3.x' into main

spring-web/src/main/java/org/springframework/web/util/UrlPathHelper.java

@@ -577,8 +577,8 @@ public class UrlPathHelper {
 			return UriUtils.decode(source, enc);
 		}
 		catch (UnsupportedCharsetException ex) {
-			if (logger.isWarnEnabled()) {
+			if (logger.isDebugEnabled()) {
-				logger.warn("Could not decode request string [" + source + "] with encoding '" + enc +
+				logger.debug("Could not decode request string [" + source + "] with encoding '" + enc +
 						"': falling back to platform default encoding; exception message: " + ex.getMessage());
 			}
 			return URLDecoder.decode(source);

spring-webflux/src/main/java/org/springframework/web/reactive/resource/PathResourceResolver.java

@@ -28,6 +28,7 @@ import reactor.core.publisher.Mono;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.UrlResource;
+import org.springframework.core.log.LogFormatUtils;
 import org.springframework.lang.Nullable;
 import org.springframework.util.StringUtils;
 import org.springframework.web.server.ServerWebExchange;
@@ -119,12 +120,12 @@ public class PathResourceResolver extends AbstractResourceResolver {
 					return Mono.just(resource);
 				}
 				else if (logger.isWarnEnabled()) {
-					Object allowedLocationsText = (getAllowedLocations() != null ? Arrays.asList(getAllowedLocations()) : "[]");
+					Resource[] allowed = getAllowedLocations();
-					logger.warn("""
+					logger.warn(LogFormatUtils.formatValue(
-							Resource path "%s" was successfully resolved, but resource \
+							"Resource path \"" + resourcePath + "\" was successfully resolved " +
-							"%s" is neither under the current location "%s" nor under any \
+									"but resource \"" + resource.getURL() + "\" is neither under the " +
-							of the allowed locations %s"\
+									"current location \"" + location.getURL() + "\" nor under any of the " +
-							""".formatted(resourcePath, resource.getURL(),location.getURL(), allowedLocationsText));
+									"allowed locations " + (allowed != null ? Arrays.asList(allowed) : "[]"), -1, true));
 				}
 			}
 			return Mono.empty();
@@ -200,7 +201,8 @@ public class PathResourceResolver extends AbstractResourceResolver {
 			try {
 				String decodedPath = URLDecoder.decode(resourcePath, StandardCharsets.UTF_8);
 				if (decodedPath.contains("../") || decodedPath.contains("..\\")) {
-					logger.warn("Resolved resource path contains encoded \"../\" or \"..\\\": " + resourcePath);
+					logger.warn(LogFormatUtils.formatValue(
+							"Resolved resource path contains encoded \"../\" or \"..\\\": " + resourcePath, -1, true));
 					return true;
 				}
 			}

spring-webflux/src/main/java/org/springframework/web/reactive/resource/ResourceWebHandler.java

@@ -38,6 +38,7 @@ import org.springframework.core.ResolvableType;
 import org.springframework.core.codec.Hints;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.ResourceLoader;
+import org.springframework.core.log.LogFormatUtils;
 import org.springframework.http.CacheControl;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -567,7 +568,8 @@ public class ResourceWebHandler implements WebHandler, InitializingBean {
 	protected boolean isInvalidPath(String path) {
 		if (path.contains("WEB-INF") || path.contains("META-INF")) {
 			if (logger.isWarnEnabled()) {
-				logger.warn("Path with \"WEB-INF\" or \"META-INF\": [" + path + "]");
+				logger.warn(LogFormatUtils.formatValue(
+						"Path with \"WEB-INF\" or \"META-INF\": [" + path + "]", -1, true));
 			}
 			return true;
 		}
@@ -575,14 +577,16 @@ public class ResourceWebHandler implements WebHandler, InitializingBean {
 			String relativePath = (path.charAt(0) == '/' ? path.substring(1) : path);
 			if (ResourceUtils.isUrl(relativePath) || relativePath.startsWith("url:")) {
 				if (logger.isWarnEnabled()) {
-					logger.warn("Path represents URL or has \"url:\" prefix: [" + path + "]");
+					logger.warn(LogFormatUtils.formatValue(
+							"Path represents URL or has \"url:\" prefix: [" + path + "]", -1, true));
 				}
 				return true;
 			}
 		}
 		if (path.contains("..") && StringUtils.cleanPath(path).contains("../")) {
 			if (logger.isWarnEnabled()) {
-				logger.warn("Path contains \"../\" after call to StringUtils#cleanPath: [" + path + "]");
+				logger.warn(LogFormatUtils.formatValue(
+						"Path contains \"../\" after call to StringUtils#cleanPath: [" + path + "]", -1, true));
 			}
 			return true;
 		}

spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/ExtendedServletRequestDataBinder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -69,9 +69,8 @@ public class ExtendedServletRequestDataBinder extends ServletRequestDataBinder {
 		if (uriVars != null) {
 			uriVars.forEach((name, value) -> {
 				if (mpvs.contains(name)) {
-					if (logger.isWarnEnabled()) {
+					if (logger.isDebugEnabled()) {
-						logger.warn("Skipping URI variable '" + name +
+						logger.debug("URI variable '" + name + "' overridden by request bind value.");
-								"' because request contains bind value with same name.");
 					}
 				}
 				else {

spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/ReactiveTypeHandler.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -202,7 +202,7 @@ class ReactiveTypeHandler {
 							"-------------------------------\n" +
 							"Controller:\t" + returnType.getContainingClass().getName() + "\n" +
 							"Method:\t\t" + returnType.getMethod().getName() + "\n" +
-							"Returning:\t" + ResolvableType.forMethodParameter(returnType).toString() + "\n" +
+							"Returning:\t" + ResolvableType.forMethodParameter(returnType) + "\n" +
 							"!!!");
 					this.taskExecutorWarning = false;
 				}

spring-webmvc/src/main/java/org/springframework/web/servlet/resource/PathResourceResolver.java

@@ -32,6 +32,7 @@ import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.UrlResource;
+import org.springframework.core.log.LogFormatUtils;
 import org.springframework.http.server.PathContainer;
 import org.springframework.lang.Nullable;
 import org.springframework.util.StringUtils;
@@ -189,11 +190,12 @@ public class PathResourceResolver extends AbstractResourceResolver {
 				return resource;
 			}
 			else if (logger.isWarnEnabled()) {
-				Resource[] allowedLocations = getAllowedLocations();
+				Resource[] allowed = getAllowedLocations();
-				logger.warn("Resource path \"" + resourcePath + "\" was successfully resolved " +
+				logger.warn(LogFormatUtils.formatValue(
-						"but resource \"" +	resource.getURL() + "\" is neither under the " +
+						"Resource path \"" + resourcePath + "\" was successfully resolved " +
-						"current location \"" + location.getURL() + "\" nor under any of the " +
+								"but resource \"" + resource.getURL() + "\" is neither under " +
-						"allowed locations " + (allowedLocations != null ? Arrays.asList(allowedLocations) : "[]"));
+								"the current location \"" + location.getURL() + "\" nor under any of " +
+								"the allowed locations " + (allowed != null ? Arrays.asList(allowed) : "[]"), -1, true));
 			}
 		}
 		return null;
@@ -296,7 +298,8 @@ public class PathResourceResolver extends AbstractResourceResolver {
 			try {
 				String decodedPath = URLDecoder.decode(resourcePath, StandardCharsets.UTF_8);
 				if (decodedPath.contains("../") || decodedPath.contains("..\\")) {
-					logger.warn("Resolved resource path contains encoded \"../\" or \"..\\\": " + resourcePath);
+					logger.warn(LogFormatUtils.formatValue(
+							"Resolved resource path contains encoded \"../\" or \"..\\\": " + resourcePath, -1, true));
 					return true;
 				}
 			}

spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java

@@ -38,6 +38,7 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.EmbeddedValueResolverAware;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.UrlResource;
+import org.springframework.core.log.LogFormatUtils;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpRange;
@@ -729,7 +730,8 @@ public class ResourceHttpRequestHandler extends WebContentGenerator
 	protected boolean isInvalidPath(String path) {
 		if (path.contains("WEB-INF") || path.contains("META-INF")) {
 			if (logger.isWarnEnabled()) {
-				logger.warn("Path with \"WEB-INF\" or \"META-INF\": [" + path + "]");
+				logger.warn(LogFormatUtils.formatValue(
+						"Path with \"WEB-INF\" or \"META-INF\": [" + path + "]", -1, true));
 			}
 			return true;
 		}
@@ -737,14 +739,16 @@ public class ResourceHttpRequestHandler extends WebContentGenerator
 			String relativePath = (path.charAt(0) == '/' ? path.substring(1) : path);
 			if (ResourceUtils.isUrl(relativePath) || relativePath.startsWith("url:")) {
 				if (logger.isWarnEnabled()) {
-					logger.warn("Path represents URL or has \"url:\" prefix: [" + path + "]");
+					logger.warn(LogFormatUtils.formatValue(
+							"Path represents URL or has \"url:\" prefix: [" + path + "]", -1, true));
 				}
 				return true;
 			}
 		}
 		if (path.contains("..") && StringUtils.cleanPath(path).contains("../")) {
 			if (logger.isWarnEnabled()) {
-				logger.warn("Path contains \"../\" after call to StringUtils#cleanPath: [" + path + "]");
+				logger.warn(LogFormatUtils.formatValue(
+						"Path contains \"../\" after call to StringUtils#cleanPath: [" + path + "]", -1, true));
 			}
 			return true;
 		}

spring-websocket/src/main/java/org/springframework/web/socket/server/support/AbstractHandshakeHandler.java

@@ -29,6 +29,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.context.Lifecycle;
+import org.springframework.core.log.LogFormatUtils;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.server.ServerHttpRequest;
@@ -291,7 +292,8 @@ public abstract class AbstractHandshakeHandler implements HandshakeHandler, Life
 
 	protected void handleInvalidUpgradeHeader(ServerHttpRequest request, ServerHttpResponse response) throws IOException {
 		if (logger.isErrorEnabled()) {
-			logger.error("Handshake failed due to invalid Upgrade header: " + request.getHeaders().getUpgrade());
+			logger.error(LogFormatUtils.formatValue(
+					"Handshake failed due to invalid Upgrade header: " + request.getHeaders().getUpgrade(), -1, true));
 		}
 		response.setStatusCode(HttpStatus.BAD_REQUEST);
 		response.getBody().write("Can \"Upgrade\" only to \"WebSocket\".".getBytes(StandardCharsets.UTF_8));
@@ -299,7 +301,8 @@ public abstract class AbstractHandshakeHandler implements HandshakeHandler, Life
 
 	protected void handleInvalidConnectHeader(ServerHttpRequest request, ServerHttpResponse response) throws IOException {
 		if (logger.isErrorEnabled()) {
-			logger.error("Handshake failed due to invalid Connection header " + request.getHeaders().getConnection());
+			logger.error(LogFormatUtils.formatValue(
+					"Handshake failed due to invalid Connection header" + request.getHeaders().getConnection(), -1, true));
 		}
 		response.setStatusCode(HttpStatus.BAD_REQUEST);
 		response.getBody().write("\"Connection\" must be \"upgrade\".".getBytes(StandardCharsets.UTF_8));
@@ -323,8 +326,9 @@ public abstract class AbstractHandshakeHandler implements HandshakeHandler, Life
 	protected void handleWebSocketVersionNotSupported(ServerHttpRequest request, ServerHttpResponse response) {
 		if (logger.isErrorEnabled()) {
 			String version = request.getHeaders().getFirst("Sec-WebSocket-Version");
-			logger.error("Handshake failed due to unsupported WebSocket version: " + version +
+			logger.error(LogFormatUtils.formatValue(
-					". Supported versions: " + Arrays.toString(getSupportedVersions()));
+					"Handshake failed due to unsupported WebSocket version: " + version +
+							". Supported versions: " + Arrays.toString(getSupportedVersions()), -1, true));
 		}
 		response.setStatusCode(HttpStatus.UPGRADE_REQUIRED);
 		response.getHeaders().set(WebSocketHttpHeaders.SEC_WEBSOCKET_VERSION,

spring-websocket/src/main/java/org/springframework/web/socket/sockjs/support/AbstractSockJsService.java

@@ -31,6 +31,7 @@ import jakarta.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.core.log.LogFormatUtils;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
@@ -376,7 +377,8 @@ public abstract class AbstractSockJsService implements SockJsService, CorsConfig
 
 		if (sockJsPath == null) {
 			if (logger.isWarnEnabled()) {
-				logger.warn("Expected SockJS path. Failing request: " + request.getURI());
+				logger.warn(LogFormatUtils.formatValue(
+						"Expected SockJS path. Failing request: " + request.getURI(), -1, true));
 			}
 			response.setStatusCode(HttpStatus.NOT_FOUND);
 			return;
@@ -446,7 +448,8 @@ public abstract class AbstractSockJsService implements SockJsService, CorsConfig
 				String[] pathSegments = StringUtils.tokenizeToStringArray(sockJsPath.substring(1), "/");
 				if (pathSegments.length != 3) {
 					if (logger.isWarnEnabled()) {
-						logger.warn("Invalid SockJS path '" + sockJsPath + "' - required to have 3 path segments");
+						logger.warn(LogFormatUtils.formatValue("Invalid SockJS path '" + sockJsPath + "' - " +
+								"required to have 3 path segments", -1, true));
 					}
 					if (requestInfo != null) {
 						logger.debug("Ignoring transport request: " + requestInfo);

spring-websocket/src/main/java/org/springframework/web/socket/sockjs/transport/TransportHandlingSockJsService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,6 +30,7 @@ import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ScheduledFuture;
 
 import org.springframework.context.Lifecycle;
+import org.springframework.core.log.LogFormatUtils;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.server.ServerHttpRequest;
@@ -234,7 +235,7 @@ public class TransportHandlingSockJsService extends AbstractSockJsService implem
 		TransportType transportType = TransportType.fromValue(transport);
 		if (transportType == null) {
 			if (logger.isWarnEnabled()) {
-				logger.warn("Unknown transport type for " + request.getURI());
+				logger.warn(LogFormatUtils.formatValue("Unknown transport type for " + request.getURI(), -1, true));
 			}
 			response.setStatusCode(HttpStatus.NOT_FOUND);
 			return;
@@ -243,7 +244,7 @@ public class TransportHandlingSockJsService extends AbstractSockJsService implem
 		TransportHandler transportHandler = this.handlers.get(transportType);
 		if (transportHandler == null) {
 			if (logger.isWarnEnabled()) {
-				logger.warn("No TransportHandler for " + request.getURI());
+				logger.warn(LogFormatUtils.formatValue("No TransportHandler for " + request.getURI(), -1, true));
 			}
 			response.setStatusCode(HttpStatus.NOT_FOUND);
 			return;