Use LinkedHashMaps/Sets wherever exposed to users, and code tests defensively in terms of expected Map/Set ordering. Otherwise, there'll be runtime order differences between JDK 7 and JDK 8 due to internal HashMap/Set implementation differences.
Issue: SPR-9639
Provide an additional constructor on SpelParserConfiguration that can
be used to limit the maximum size that a collection will auto grow when
being accessed via a SpEL expression.
This constraint is particularly useful when SpEL is used with data
binding as it prevents a malicious user from crafting a request that
causes OutOfMemory exceptions.
Issue: SPR-10229
Update ReflectivePropertyAccessor to search for fields on super classes
and implemented interfaces.
Although the javadoc Class.getFields() implies that all public fields
of class should be returned SpelReproTests demonstrates that this is
not always the case.
Issue: SPR-10125
Fix SpEL expression parser and tokenizer to provide better exceptions
when dealing with operations that expect two operands. For example,
prior to this commit the expression '/foo' would throw a NPE due
to missing operands to the left of '/'.
Issue: SPR-10146
Revert ReflectivePropertyAccessor changes from 107fafb and instead
consider all methods when resolving properties. Methods are now
sorted such that non-bridge methods are considered before bridge
methods.
Issue: SPR-10162
Move code from spring-build-junit into spring-core/src/test along with
several other test utility classes. This commit removes the temporary
spring-build-junit project introduced in commit
b083bbdec7.
Fix deprecation compiler warnings by refactoring code or applying
@SuppressWarnings("deprecation") annotations. JUnit tests of
internally deprecated classes are now themselves marked as
@Deprecated.
Numerous EasyMock deprecation warnings will remain until the
migration to mockito can be completed.
Prior to this change, SpEL was capable of handling getter methods for
property names having a lowercase first letter and uppercase second
letter such as:
public String getiD() { ... }
However, setters with the same naming arrangement were not supported,
e.g.:
public void setiD() { ... }
This commit ensures that setters and getters are treated by SpEL equally
in this regard, such that "iD"-style property names may be used anywhere
within SpEL expressions.
Issue: SPR-10122, SPR-9123
Make use of the new JUnit functionality introduced in the previous
commit to 'Assume' that perfomance- and timing-sensitive tests should
run only when TestGroup.PERFORMANCE is selected, i.e. when
-PtestGroups="performance" has been provided at the Gradle command line.
The net effect is that these tests are now ignored by default, which
will result in far fewer false-negative CI build failures due to
resource contention and other external factors that cause slowdowns.
We will set up a dedicated performance CI build to run these tests on
an isolated machine, etc.
Issue: SPR-9984
Fix serialization warnings by applying @SuppressWarnings("serial")
when appropriate.
In certain cases and for unknown reasons, a correctly-placed
@SuppressWarnings("serial") annotation will fix the warning at the
javac level (i.e. the Gradle command-line), but will produce an
"unnecessary @SuppressWarnings" warning within Eclipse. In these
cases, a private static final serialVersionUID field has been added
with the default value of 1L.
In particular, avoiding synchronized Sets and Maps wherever possible (preferring a ConcurrentHashMap even instead of a synchronized Set) and specifying appropriate ConcurrentHashMap initial capacities (even if we end up choosing 16).
- Support external Javadoc links using Gradle's javadoc.options.links
- Fix all other Javadoc warnings, such as typos, references to
non-existent (or no longer existent) types and members, etc,
including changes related to the Quartz 2.0 upgrade (SPR-8275) and
adding the HTTP PATCH method (SPR-7985).
- Suppress all output for project-level `javadoc` tasks in order to
hide false-negative warnings about cross-module @see and @link
references (e.g. spring-core having a @see reference to spring-web).
Use the `--info` (-i) flag to gradle at any time to see project-level
javadoc warnings without running the entire `api` task. e.g.
`gradle :spring-core:javadoc -i`
- Favor root project level `api` task for detection of legitimate
Javadoc warnings. There are now zero Javadoc warnings across the
entirety of spring-framework. Goal: keep it that way.
- Remove all @link and @see references to types and members that exist
only in Servlet <= 2.5 and Hibernate <= 4.0, favoring 3.0+ and 4.0+
respectively. This is necessary because only one version of each of
these dependencies can be present on the global `api` javadoc task's
classpath. To that end, the `api` task classpath has now been
customized to ensure that the Servlet 3 API and Hibernate Core 4 jars
have precedence.
- SPR-8896 replaced our dependency on aspectjrt with a dependency on
aspectjweaver, which is fine from a POM point of view, but causes
a spurious warning to be emitted from the ant iajc task that it
"cannot find aspectjrt on the classpath" - even though aspectjweaver
is perfectly sufficient. In the name of keeping the console quiet, a
new `rt` configuration has been added, and aspectjrt added as a
dependency to it. In turn, configurations.rt.asPath is appended to
the iajc classpath during both compileJava and compileTestJava for
spring-aspects.
Issue: SPR-10078, SPR-8275, SPR-7985, SPR-8896
Update SpEL boolean operators to always call the ConversionService
for null values. Primarily to allow null values to be treated as
false by overriding GenericConversionService.convertNullSource().
Issue: SPR-9445
Modify ReflectivePropertyAccessor so that it no longer considers
bridge methods when finding getters or setters. This should help
to prevent subtle errors that can occur when particular JDK
implementations happen to return bridge methods before non-bridge
methods when calling Class.getMethods()
Issue: SPR-9994
Expand the kinds of tokens considered when parsing qualified type names.
This allows previously reserved words (for example 'mod') to be used as
part of a package name.
Issue: SPR-9862
This change ensures that SpEL expressions involving floats are
supported natively as opposed to the previous behavior which required
conversion to double, leading to potential downstream conversion
ambiguities.
Issue: SPR-9486
With this commit the Spring Expression Language now supports
increment (++) and decrement (--) operators. These can be
used as either prefix or postfix operators. For example:
'somearray[index++]' and 'somearray[--index]' are valid.
In order to support this there are serious changes to the
evaluation process for expressions. The concept of a
value reference for an expression component has been introduced.
Value references can be passed around and at any time the actual
value can be retrieved (via a get) or set (where applicable). This
was needed to avoid double evaluation of expression components.
For example, in evaluating the expression 'somearray[index++]--'
without a value reference SpEL would need to evaluate the
'somearray[index++]' component twice, once to get the value and
then again to determine where to put the new value. If that
component is evaluated twice, index would be double incremented.
A value reference for 'somearray[index++]' avoids this problem.
Many new tests have been introduced into the EvaluationTests
to ensure not only that ++ and -- work but also that the
introduction of value references across the all of SpEL has
not caused regressions.
Issue: SPR-9751
Update the ReflectiveMethodResolver and ReflectivePropertyAccessor
to allow methods and properties of java.lang.Class to be resolved
when the target object is a class.
Issue: SPR-9017
Rob Winch
Juergen Hoeller
Phillip Webb
Chris Beams
Oliver Becker
Satyapal Reddy
Andy Clement