Spring Web MVC is the original web framework built on the Servlet API and has been included
in the Spring Framework from the very beginning. The formal name, "Spring Web MVC,"
comes from the name of its source module
({spring-framework-main-code}/spring-webmvc[spring-webmvc
]),
but it is more commonly known as "Spring MVC".
Parallel to Spring Web MVC, Spring Framework 5.0 introduced a reactive-stack web framework
whose name, "Spring WebFlux," is also based on its source module
({spring-framework-main-code}/spring-webflux[spring-webflux
]).
This chapter covers Spring Web MVC. The next chapter
covers Spring WebFlux.
For baseline information and compatibility with Servlet container and Jakarta EE version ranges, see the Spring Framework Wiki.
Spring MVC, as many other web frameworks, is designed around the front controller
pattern where a central Servlet
, the DispatcherServlet
, provides a shared algorithm
for request processing, while actual work is performed by configurable delegate components.
This model is flexible and supports diverse workflows.
The DispatcherServlet
, as any Servlet
, needs to be declared and mapped according
to the Servlet specification by using Java configuration or in web.xml
.
In turn, the DispatcherServlet
uses Spring configuration to discover
the delegate components it needs for request mapping, view resolution, exception
handling, and more.
The following example of the Java configuration registers and initializes
the DispatcherServlet
, which is auto-detected by the Servlet container
(see Servlet Config):
public class MyWebApplicationInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletContext) {
// Load Spring web application configuration
AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
context.register(AppConfig.class);
// Create and register the DispatcherServlet
DispatcherServlet servlet = new DispatcherServlet(context);
ServletRegistration.Dynamic registration = servletContext.addServlet("app", servlet);
registration.setLoadOnStartup(1);
registration.addMapping("/app/*");
}
}
class MyWebApplicationInitializer : WebApplicationInitializer {
override fun onStartup(servletContext: ServletContext) {
// Load Spring web application configuration
val context = AnnotationConfigWebApplicationContext()
context.register(AppConfig::class.java)
// Create and register the DispatcherServlet
val servlet = DispatcherServlet(context)
val registration = servletContext.addServlet("app", servlet)
registration.setLoadOnStartup(1)
registration.addMapping("/app/*")
}
}
Note
|
In addition to using the ServletContext API directly, you can also extend
AbstractAnnotationConfigDispatcherServletInitializer and override specific methods
(see the example under Context Hierarchy).
|
Note
|
For programmatic use cases, a GenericWebApplicationContext can be used as an
alternative to AnnotationConfigWebApplicationContext . See the
{api-spring-framework}/web/context/support/GenericWebApplicationContext.html[GenericWebApplicationContext ]
javadoc for details.
|
The following example of web.xml
configuration registers and initializes the DispatcherServlet
:
<web-app>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/app-context.xml</param-value>
</context-param>
<servlet>
<servlet-name>app</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>app</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
</web-app>
Note
|
Spring Boot follows a different initialization sequence. Rather than hooking into
the lifecycle of the Servlet container, Spring Boot uses Spring configuration to
bootstrap itself and the embedded Servlet container. Filter and Servlet declarations
are detected in Spring configuration and registered with the Servlet container.
For more details, see the
Spring Boot documentation.
|
DispatcherServlet
expects a WebApplicationContext
(an extension of a plain
ApplicationContext
) for its own configuration. WebApplicationContext
has a link to the
ServletContext
and the Servlet
with which it is associated. It is also bound to the ServletContext
such that applications can use static methods on RequestContextUtils
to look up the
WebApplicationContext
if they need access to it.
For many applications, having a single WebApplicationContext
is simple and suffices.
It is also possible to have a context hierarchy where one root WebApplicationContext
is shared across multiple DispatcherServlet
(or other Servlet
) instances, each with
its own child WebApplicationContext
configuration.
See Additional Capabilities of the ApplicationContext
for more on the context hierarchy feature.
The root WebApplicationContext
typically contains infrastructure beans, such as data repositories and
business services that need to be shared across multiple Servlet
instances. Those beans
are effectively inherited and can be overridden (that is, re-declared) in the Servlet-specific
child WebApplicationContext
, which typically contains beans local to the given Servlet
.
The following image shows this relationship:
The following example configures a WebApplicationContext
hierarchy:
public class MyWebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[] { RootConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class<?>[] { App1Config.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/app1/*" };
}
}
class MyWebAppInitializer : AbstractAnnotationConfigDispatcherServletInitializer() {
override fun getRootConfigClasses(): Array<Class<*>> {
return arrayOf(RootConfig::class.java)
}
override fun getServletConfigClasses(): Array<Class<*>> {
return arrayOf(App1Config::class.java)
}
override fun getServletMappings(): Array<String> {
return arrayOf("/app1/*")
}
}
Tip
|
If an application context hierarchy is not required, applications can return all
configuration through getRootConfigClasses() and null from getServletConfigClasses() .
|
The following example shows the web.xml
equivalent:
<web-app>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/root-context.xml</param-value>
</context-param>
<servlet>
<servlet-name>app1</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/app1-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>app1</servlet-name>
<url-pattern>/app1/*</url-pattern>
</servlet-mapping>
</web-app>
Tip
|
If an application context hierarchy is not required, applications may configure a
“root” context only and leave the contextConfigLocation Servlet parameter empty.
|
The DispatcherServlet
delegates to special beans to process requests and render the
appropriate responses. By “special beans” we mean Spring-managed Object
instances that
implement framework contracts. Those usually come with built-in contracts, but
you can customize their properties and extend or replace them.
The following table lists the special beans detected by the DispatcherServlet
:
Bean type | Explanation |
---|---|
|
Map a request to a handler along with a list of
interceptors for pre- and post-processing.
The mapping is based on some criteria, the details of which vary by The two main |
|
Help the |
Strategy to resolve exceptions, possibly mapping them to handlers, to HTML error views, or other targets. See Exceptions. |
|
Resolve logical |
|
Resolve the |
|
Resolve themes your web application can use — for example, to offer personalized layouts. See Themes. |
|
Abstraction for parsing a multi-part request (for example, browser form file upload) with the help of some multipart parsing library. See Multipart Resolver. |
|
Store and retrieve the “input” and the “output” |
Applications can declare the infrastructure beans listed in Special Bean Types
that are required to process requests. The DispatcherServlet
checks the
WebApplicationContext
for each special bean. If there are no matching bean types,
it falls back on the default types listed in
{spring-framework-main-code}/spring-webmvc/src/main/resources/org/springframework/web/servlet/DispatcherServlet.properties[DispatcherServlet.properties
].
In most cases, the MVC Config is the best starting point. It declares the required beans in either Java or XML and provides a higher-level configuration callback API to customize it.
Note
|
Spring Boot relies on the MVC Java configuration to configure Spring MVC and provides many extra convenient options. |
In a Servlet environment, you have the option of configuring the Servlet container
programmatically as an alternative or in combination with a web.xml
file.
The following example registers a DispatcherServlet
:
import org.springframework.web.WebApplicationInitializer;
public class MyWebApplicationInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext container) {
XmlWebApplicationContext appContext = new XmlWebApplicationContext();
appContext.setConfigLocation("/WEB-INF/spring/dispatcher-config.xml");
ServletRegistration.Dynamic registration = container.addServlet("dispatcher", new DispatcherServlet(appContext));
registration.setLoadOnStartup(1);
registration.addMapping("/");
}
}
import org.springframework.web.WebApplicationInitializer
class MyWebApplicationInitializer : WebApplicationInitializer {
override fun onStartup(container: ServletContext) {
val appContext = XmlWebApplicationContext()
appContext.setConfigLocation("/WEB-INF/spring/dispatcher-config.xml")
val registration = container.addServlet("dispatcher", DispatcherServlet(appContext))
registration.setLoadOnStartup(1)
registration.addMapping("/")
}
}
WebApplicationInitializer
is an interface provided by Spring MVC that ensures your
implementation is detected and automatically used to initialize any Servlet 3 container.
An abstract base class implementation of WebApplicationInitializer
named
AbstractDispatcherServletInitializer
makes it even easier to register the
DispatcherServlet
by overriding methods to specify the servlet mapping and the
location of the DispatcherServlet
configuration.
This is recommended for applications that use Java-based Spring configuration, as the following example shows:
public class MyWebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return null;
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class<?>[] { MyWebConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
class MyWebAppInitializer : AbstractAnnotationConfigDispatcherServletInitializer() {
override fun getRootConfigClasses(): Array<Class<*>>? {
return null
}
override fun getServletConfigClasses(): Array<Class<*>>? {
return arrayOf(MyWebConfig::class.java)
}
override fun getServletMappings(): Array<String> {
return arrayOf("/")
}
}
If you use XML-based Spring configuration, you should extend directly from
AbstractDispatcherServletInitializer
, as the following example shows:
public class MyWebAppInitializer extends AbstractDispatcherServletInitializer {
@Override
protected WebApplicationContext createRootApplicationContext() {
return null;
}
@Override
protected WebApplicationContext createServletApplicationContext() {
XmlWebApplicationContext cxt = new XmlWebApplicationContext();
cxt.setConfigLocation("/WEB-INF/spring/dispatcher-config.xml");
return cxt;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
class MyWebAppInitializer : AbstractDispatcherServletInitializer() {
override fun createRootApplicationContext(): WebApplicationContext? {
return null
}
override fun createServletApplicationContext(): WebApplicationContext {
return XmlWebApplicationContext().apply {
setConfigLocation("/WEB-INF/spring/dispatcher-config.xml")
}
}
override fun getServletMappings(): Array<String> {
return arrayOf("/")
}
}
AbstractDispatcherServletInitializer
also provides a convenient way to add Filter
instances and have them be automatically mapped to the DispatcherServlet
, as the
following example shows:
public class MyWebAppInitializer extends AbstractDispatcherServletInitializer {
// ...
@Override
protected Filter[] getServletFilters() {
return new Filter[] {
new HiddenHttpMethodFilter(), new CharacterEncodingFilter() };
}
}
class MyWebAppInitializer : AbstractDispatcherServletInitializer() {
// ...
override fun getServletFilters(): Array<Filter> {
return arrayOf(HiddenHttpMethodFilter(), CharacterEncodingFilter())
}
}
Each filter is added with a default name based on its concrete type and automatically
mapped to the DispatcherServlet
.
The isAsyncSupported
protected method of AbstractDispatcherServletInitializer
provides a single place to enable async support on the DispatcherServlet
and all
filters mapped to it. By default, this flag is set to true
.
Finally, if you need to further customize the DispatcherServlet
itself, you can
override the createDispatcherServlet
method.
The DispatcherServlet
processes requests as follows:
-
The
WebApplicationContext
is searched for and bound in the request as an attribute that the controller and other elements in the process can use. It is bound by default under theDispatcherServlet.WEB_APPLICATION_CONTEXT_ATTRIBUTE
key. -
The locale resolver is bound to the request to let elements in the process resolve the locale to use when processing the request (rendering the view, preparing data, and so on). If you do not need locale resolving, you do not need the locale resolver.
-
The theme resolver is bound to the request to let elements such as views determine which theme to use. If you do not use themes, you can ignore it.
-
If you specify a multipart file resolver, the request is inspected for multiparts. If multiparts are found, the request is wrapped in a
MultipartHttpServletRequest
for further processing by other elements in the process. See Multipart Resolver for further information about multipart handling. -
An appropriate handler is searched for. If a handler is found, the execution chain associated with the handler (preprocessors, postprocessors, and controllers) is run to prepare a model for rendering. Alternatively, for annotated controllers, the response can be rendered (within the
HandlerAdapter
) instead of returning a view. -
If a model is returned, the view is rendered. If no model is returned (maybe due to a preprocessor or postprocessor intercepting the request, perhaps for security reasons), no view is rendered, because the request could already have been fulfilled.
The HandlerExceptionResolver
beans declared in the WebApplicationContext
are used to
resolve exceptions thrown during request processing. Those exception resolvers allow
customizing the logic to address exceptions. See Exceptions for more details.
For HTTP caching support, handlers can use the checkNotModified
methods of WebRequest
,
along with further options for annotated controllers as described in
HTTP Caching for Controllers.
You can customize individual DispatcherServlet
instances by adding Servlet
initialization parameters (init-param
elements) to the Servlet declaration in the
web.xml
file. The following table lists the supported parameters:
Parameter | Explanation |
---|---|
|
Class that implements |
|
String that is passed to the context instance (specified by |
|
Namespace of the |
|
Whether to throw a By default, this is set to Note that, if default servlet handling is also configured, unresolved requests are always forwarded to the default servlet and a 404 is never raised. |
The Servlet API exposes the full request path as requestURI
and further sub-divides it
into contextPath
, servletPath
, and pathInfo
whose values vary depending on how a
Servlet is mapped. From these inputs, Spring MVC needs to determine the lookup path to
use for mapping handlers, which should exclude the contextPath
and any servletMapping
prefix, if applicable.
The servletPath
and pathInfo
are decoded and that makes them impossible to compare
directly to the full requestURI
in order to derive the lookupPath and that makes it
necessary to decode the requestURI
. However this introduces its own issues because the
path may contain encoded reserved characters such as "/"
or ";"
that can in turn
alter the structure of the path after they are decoded which can also lead to security
issues. In addition, Servlet containers may normalize the servletPath
to varying
degrees which makes it further impossible to perform startsWith
comparisons against
the requestURI
.
This is why it is best to avoid reliance on the servletPath
which comes with the
prefix-based servletPath
mapping type. If the DispatcherServlet
is mapped as the
default Servlet with "/"
or otherwise without a prefix with "/*"
and the Servlet
container is 4.0+ then Spring MVC is able to detect the Servlet mapping type and avoid
use of the servletPath
and pathInfo
altogether. On a 3.1 Servlet container,
assuming the same Servlet mapping types, the equivalent can be achieved by providing
a UrlPathHelper
with alwaysUseFullPath=true
via Path Matching in
the MVC config.
Fortunately the default Servlet mapping "/"
is a good choice. However, there is still
an issue in that the requestURI
needs to be decoded to make it possible to compare to
controller mappings. This is again undesirable because of the potential to decode
reserved characters that alter the path structure. If such characters are not expected,
then you can reject them (like the Spring Security HTTP firewall), or you can configure
UrlPathHelper
with urlDecode=false
but controller mappings will need to match to the
encoded path which may not always work well. Furthermore, sometimes the
DispatcherServlet
needs to share the URL space with another Servlet and may need to
be mapped by prefix.
The above issues are addressed when using PathPatternParser
and parsed patterns, as
an alternative to String path matching with AntPathMatcher
. The PathPatternParser
has
been available for use in Spring MVC from version 5.3, and is enabled by default from
version 6.0. Unlike AntPathMatcher
which needs either the lookup path decoded or the
controller mapping encoded, a parsed PathPattern
matches to a parsed representation
of the path called RequestPath
, one path segment at a time. This allows decoding and
sanitizing path segment values individually without the risk of altering the structure
of the path. Parsed PathPattern
also supports the use of servletPath
prefix mapping
as long as a Servlet path mapping is used and the prefix is kept simple, i.e. it has no
encoded characters. For pattern syntax details and comparison, see
Pattern Comparison.
All HandlerMapping
implementations support handler interceptors that are useful when
you want to apply specific functionality to certain requests — for example, checking for
a principal. Interceptors must implement HandlerInterceptor
from the
org.springframework.web.servlet
package with three methods that should provide enough
flexibility to do all kinds of pre-processing and post-processing:
-
preHandle(..)
: Before the actual handler is run -
postHandle(..)
: After the handler is run -
afterCompletion(..)
: After the complete request has finished
The preHandle(..)
method returns a boolean value. You can use this method to break or
continue the processing of the execution chain. When this method returns true
, the
handler execution chain continues. When it returns false, the DispatcherServlet
assumes the interceptor itself has taken care of requests (and, for example, rendered an
appropriate view) and does not continue executing the other interceptors and the actual
handler in the execution chain.
See Interceptors in the section on MVC configuration for examples of how to
configure interceptors. You can also register them directly by using setters on individual
HandlerMapping
implementations.
postHandle
method is less useful with @ResponseBody
and ResponseEntity
methods for
which the response is written and committed within the HandlerAdapter
and before
postHandle
. That means it is too late to make any changes to the response, such as adding
an extra header. For such scenarios, you can implement ResponseBodyAdvice
and either
declare it as an Controller Advice bean or configure it directly on
RequestMappingHandlerAdapter
.
If an exception occurs during request mapping or is thrown from a request handler (such as
a @Controller
), the DispatcherServlet
delegates to a chain of HandlerExceptionResolver
beans to resolve the exception and provide alternative handling, which is typically an
error response.
The following table lists the available HandlerExceptionResolver
implementations:
HandlerExceptionResolver |
Description |
---|---|
|
A mapping between exception class names and error view names. Useful for rendering error pages in a browser application. |
{api-spring-framework}/web/servlet/mvc/support/DefaultHandlerExceptionResolver.html[ |
Resolves exceptions raised by Spring MVC and maps them to HTTP status codes.
See also alternative |
|
Resolves exceptions with the |
|
Resolves exceptions by invoking an |
You can form an exception resolver chain by declaring multiple HandlerExceptionResolver
beans in your Spring configuration and setting their order
properties as needed.
The higher the order property, the later the exception resolver is positioned.
The contract of HandlerExceptionResolver
specifies that it can return:
-
a
ModelAndView
that points to an error view. -
An empty
ModelAndView
if the exception was handled within the resolver. -
null
if the exception remains unresolved, for subsequent resolvers to try, and, if the exception remains at the end, it is allowed to bubble up to the Servlet container.
The MVC Config automatically declares built-in resolvers for default Spring MVC
exceptions, for @ResponseStatus
annotated exceptions, and for support of
@ExceptionHandler
methods. You can customize that list or replace it.
If an exception remains unresolved by any HandlerExceptionResolver
and is, therefore,
left to propagate or if the response status is set to an error status (that is, 4xx, 5xx),
Servlet containers can render a default error page in HTML. To customize the default
error page of the container, you can declare an error page mapping in web.xml
.
The following example shows how to do so:
<error-page>
<location>/error</location>
</error-page>
Given the preceding example, when an exception bubbles up or the response has an error status, the
Servlet container makes an ERROR dispatch within the container to the configured URL
(for example, /error
). This is then processed by the DispatcherServlet
, possibly mapping it
to a @Controller
, which could be implemented to return an error view name with a model
or to render a JSON response, as the following example shows:
@RestController
public class ErrorController {
@RequestMapping(path = "/error")
public Map<String, Object> handle(HttpServletRequest request) {
Map<String, Object> map = new HashMap<String, Object>();
map.put("status", request.getAttribute("jakarta.servlet.error.status_code"));
map.put("reason", request.getAttribute("jakarta.servlet.error.message"));
return map;
}
}
@RestController
class ErrorController {
@RequestMapping(path = ["/error"])
fun handle(request: HttpServletRequest): Map<String, Any> {
val map = HashMap<String, Any>()
map["status"] = request.getAttribute("jakarta.servlet.error.status_code")
map["reason"] = request.getAttribute("jakarta.servlet.error.message")
return map
}
}
Tip
|
The Servlet API does not provide a way to create error page mappings in Java. You can,
however, use both a WebApplicationInitializer and a minimal web.xml .
|
Spring MVC defines the ViewResolver
and View
interfaces that let you render
models in a browser without tying you to a specific view technology. ViewResolver
provides a mapping between view names and actual views. View
addresses the preparation
of data before handing over to a specific view technology.
The following table provides more details on the ViewResolver
hierarchy:
ViewResolver | Description |
---|---|
|
Subclasses of |
|
Simple implementation of the |
|
Convenient subclass of |
|
Convenient subclass of |
|
Implementation of the |
|
Implementation of the |
You can chain view resolvers by declaring more than one resolver bean and, if necessary, by
setting the order
property to specify ordering. Remember, the higher the order property,
the later the view resolver is positioned in the chain.
The contract of a ViewResolver
specifies that it can return null to indicate that the
view could not be found. However, in the case of JSPs and InternalResourceViewResolver
,
the only way to figure out if a JSP exists is to perform a dispatch through
RequestDispatcher
. Therefore, you must always configure an InternalResourceViewResolver
to be last in the overall order of view resolvers.
Configuring view resolution is as simple as adding ViewResolver
beans to your Spring
configuration. The MVC Config provides a dedicated configuration API for
View Resolvers and for adding logic-less
View Controllers which are useful for HTML template
rendering without controller logic.
The special redirect:
prefix in a view name lets you perform a redirect. The
UrlBasedViewResolver
(and its subclasses) recognize this as an instruction that a
redirect is needed. The rest of the view name is the redirect URL.
The net effect is the same as if the controller had returned a RedirectView
, but now
the controller itself can operate in terms of logical view names. A logical view
name (such as redirect:/myapp/some/resource
) redirects relative to the current
Servlet context, while a name such as redirect:https://myhost.com/some/arbitrary/path
redirects to an absolute URL.
Note that, if a controller method is annotated with the @ResponseStatus
, the annotation
value takes precedence over the response status set by RedirectView
.
You can also use a special forward:
prefix for view names that are
ultimately resolved by UrlBasedViewResolver
and subclasses. This creates an
InternalResourceView
, which does a RequestDispatcher.forward()
.
Therefore, this prefix is not useful with InternalResourceViewResolver
and
InternalResourceView
(for JSPs), but it can be helpful if you use another view
technology but still want to force a forward of a resource to be handled by the
Servlet/JSP engine. Note that you may also chain multiple view resolvers, instead.
{api-spring-framework}/web/servlet/view/ContentNegotiatingViewResolver.html[ContentNegotiatingViewResolver
]
does not resolve views itself but rather delegates
to other view resolvers and selects the view that resembles the representation requested
by the client. The representation can be determined from the Accept
header or from a
query parameter (for example, "/path?format=pdf"
).
The ContentNegotiatingViewResolver
selects an appropriate View
to handle the request
by comparing the request media types with the media type (also known as
Content-Type
) supported by the View
associated with each of its ViewResolvers
. The
first View
in the list that has a compatible Content-Type
returns the representation
to the client. If a compatible view cannot be supplied by the ViewResolver
chain,
the list of views specified through the DefaultViews
property is consulted. This
latter option is appropriate for singleton Views
that can render an appropriate
representation of the current resource regardless of the logical view name. The Accept
header can include wildcards (for example text/*
), in which case a View
whose
Content-Type
is text/xml
is a compatible match.
See View Resolvers under MVC Config for configuration details.
Most parts of Spring’s architecture support internationalization, as the Spring web
MVC framework does. DispatcherServlet
lets you automatically resolve messages
by using the client’s locale. This is done with LocaleResolver
objects.
When a request comes in, the DispatcherServlet
looks for a locale resolver and, if it
finds one, it tries to use it to set the locale. By using the RequestContext.getLocale()
method, you can always retrieve the locale that was resolved by the locale resolver.
In addition to automatic locale resolution, you can also attach an interceptor to the handler mapping (see Interception for more information on handler mapping interceptors) to change the locale under specific circumstances (for example, based on a parameter in the request).
Locale resolvers and interceptors are defined in the
org.springframework.web.servlet.i18n
package and are configured in your application
context in the normal way. The following selection of locale resolvers is included in
Spring.
In addition to obtaining the client’s locale, it is often useful to know its time zone.
The LocaleContextResolver
interface offers an extension to LocaleResolver
that lets
resolvers provide a richer LocaleContext
, which may include time zone information.
When available, the user’s TimeZone
can be obtained by using the
RequestContext.getTimeZone()
method. Time zone information is automatically used
by any Date/Time Converter
and Formatter
objects that are registered with Spring’s
ConversionService
.
This locale resolver inspects the accept-language
header in the request that was sent
by the client (for example, a web browser). Usually, this header field contains the locale of
the client’s operating system. Note that this resolver does not support time zone
information.
This locale resolver inspects a Cookie
that might exist on the client to see if a
Locale
or TimeZone
is specified. If so, it uses the specified details. By using the
properties of this locale resolver, you can specify the name of the cookie as well as the
maximum age. The following example defines a CookieLocaleResolver
:
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
<property name="cookieName" value="clientlanguage"/>
<!-- in seconds. If set to -1, the cookie is not persisted (deleted when browser shuts down) -->
<property name="cookieMaxAge" value="100000"/>
</bean>
The following table describes the properties CookieLocaleResolver
:
Property | Default | Description |
---|---|---|
|
class name + LOCALE |
The name of the cookie |
|
Servlet container default |
The maximum time a cookie persists on the client. If |
|
/ |
Limits the visibility of the cookie to a certain part of your site. When |
The SessionLocaleResolver
lets you retrieve Locale
and TimeZone
from the
session that might be associated with the user’s request. In contrast to
CookieLocaleResolver
, this strategy stores locally chosen locale settings in the
Servlet container’s HttpSession
. As a consequence, those settings are temporary
for each session and are, therefore, lost when each session ends.
Note that there is no direct relationship with external session management mechanisms,
such as the Spring Session project. This SessionLocaleResolver
evaluates and
modifies the corresponding HttpSession
attributes against the current HttpServletRequest
.
You can enable changing of locales by adding the LocaleChangeInterceptor
to one of the
HandlerMapping
definitions. It detects a parameter in the request and changes the locale
accordingly, calling the setLocale
method on the LocaleResolver
in the dispatcher’s
application context. The next example shows that calls to all *.view
resources
that contain a parameter named siteLanguage
now changes the locale. So, for example,
a request for the URL, https://www.sf.net/home.view?siteLanguage=nl
, changes the site
language to Dutch. The following example shows how to intercept the locale:
<bean id="localeChangeInterceptor"
class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="siteLanguage"/>
</bean>
<bean id="localeResolver"
class="org.springframework.web.servlet.i18n.CookieLocaleResolver"/>
<bean id="urlMapping"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="interceptors">
<list>
<ref bean="localeChangeInterceptor"/>
</list>
</property>
<property name="mappings">
<value>/**/*.view=someController</value>
</property>
</bean>
You can apply Spring Web MVC framework themes to set the overall look-and-feel of your application, thereby enhancing user experience. A theme is a collection of static resources, typically style sheets and images, that affect the visual style of the application.
Warning
|
as of 6.0 support for themes has been deprecated theme in favor of using CSS, and without any special support on the server side. |
To use themes in your web application, you must set up an implementation of the
org.springframework.ui.context.ThemeSource
interface. The WebApplicationContext
interface extends ThemeSource
but delegates its responsibilities to a dedicated
implementation. By default, the delegate is an
org.springframework.ui.context.support.ResourceBundleThemeSource
implementation that
loads properties files from the root of the classpath. To use a custom ThemeSource
implementation or to configure the base name prefix of the ResourceBundleThemeSource
,
you can register a bean in the application context with the reserved name, themeSource
.
The web application context automatically detects a bean with that name and uses it.
When you use the ResourceBundleThemeSource
, a theme is defined in a simple properties
file. The properties file lists the resources that make up the theme, as the following example shows:
styleSheet=/themes/cool/style.css background=/themes/cool/img/coolBg.jpg
The keys of the properties are the names that refer to the themed elements from view
code. For a JSP, you typically do this using the spring:theme
custom tag, which is
very similar to the spring:message
tag. The following JSP fragment uses the theme
defined in the previous example to customize the look and feel:
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<html>
<head>
<link rel="stylesheet" href="<spring:theme code='styleSheet'/>" type="text/css"/>
</head>
<body style="background=<spring:theme code='background'/>">
...
</body>
</html>
By default, the ResourceBundleThemeSource
uses an empty base name prefix. As a result,
the properties files are loaded from the root of the classpath. Thus, you would put the
cool.properties
theme definition in a directory at the root of the classpath (for
example, in /WEB-INF/classes
). The ResourceBundleThemeSource
uses the standard Java
resource bundle loading mechanism, allowing for full internationalization of themes. For
example, we could have a /WEB-INF/classes/cool_nl.properties
that references a special
background image with Dutch text on it.
After you define themes, as described in the preceding section,
you decide which theme to use. The DispatcherServlet
looks for a bean named themeResolver
to find out which ThemeResolver
implementation to use. A theme resolver works in much the same
way as a LocaleResolver
. It detects the theme to use for a particular request and can also
alter the request’s theme. The following table describes the theme resolvers provided by Spring:
Class | Description |
---|---|
|
Selects a fixed theme, set by using the |
|
The theme is maintained in the user’s HTTP session. It needs to be set only once for each session but is not persisted between sessions. |
|
The selected theme is stored in a cookie on the client. |
Spring also provides a ThemeChangeInterceptor
that lets theme changes on every
request with a simple request parameter.
MultipartResolver
from the org.springframework.web.multipart
package is a strategy
for parsing multipart requests including file uploads. There is a container-based
StandardServletMultipartResolver
implementation for Servlet multipart request parsing.
Note that the outdated CommonsMultipartResolver
based on Apache Commons FileUpload is
not available anymore, as of Spring Framework 6.0 with its new Servlet 5.0+ baseline.
To enable multipart handling, you need to declare a MultipartResolver
bean in your
DispatcherServlet
Spring configuration with a name of multipartResolver
.
The DispatcherServlet
detects it and applies it to the incoming request. When a POST
with a content type of multipart/form-data
is received, the resolver parses the
content wraps the current HttpServletRequest
as a MultipartHttpServletRequest
to
provide access to resolved files in addition to exposing parts as request parameters.
Servlet multipart parsing needs to be enabled through Servlet container configuration. To do so:
-
In Java, set a
MultipartConfigElement
on the Servlet registration. -
In
web.xml
, add a"<multipart-config>"
section to the servlet declaration.
The following example shows how to set a MultipartConfigElement
on the Servlet registration:
public class AppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
// ...
@Override
protected void customizeRegistration(ServletRegistration.Dynamic registration) {
// Optionally also set maxFileSize, maxRequestSize, fileSizeThreshold
registration.setMultipartConfig(new MultipartConfigElement("/tmp"));
}
}
class AppInitializer : AbstractAnnotationConfigDispatcherServletInitializer() {
// ...
override fun customizeRegistration(registration: ServletRegistration.Dynamic) {
// Optionally also set maxFileSize, maxRequestSize, fileSizeThreshold
registration.setMultipartConfig(MultipartConfigElement("/tmp"))
}
}
Once the Servlet multipart configuration is in place, you can add a bean of type
StandardServletMultipartResolver
with a name of multipartResolver
.
Note
|
This resolver variant uses your Servlet container’s multipart parser as-is,
potentially exposing the application to container implementation differences.
By default, it will try to parse any |
DEBUG-level logging in Spring MVC is designed to be compact, minimal, and human-friendly. It focuses on high-value bits of information that are useful over and over again versus others that are useful only when debugging a specific issue.
TRACE-level logging generally follows the same principles as DEBUG (and, for example, also should not be a fire hose) but can be used for debugging any issue. In addition, some log messages may show a different level of detail at TRACE versus DEBUG.
Good logging comes from the experience of using the logs. If you spot anything that does not meet the stated goals, please let us know.
DEBUG and TRACE logging may log sensitive information. This is why request parameters and
headers are masked by default and their logging in full must be enabled explicitly
through the enableLoggingRequestDetails
property on DispatcherServlet
.
The following example shows how to do so by using Java configuration:
public class MyInitializer
extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return ... ;
}
@Override
protected Class<?>[] getServletConfigClasses() {
return ... ;
}
@Override
protected String[] getServletMappings() {
return ... ;
}
@Override
protected void customizeRegistration(ServletRegistration.Dynamic registration) {
registration.setInitParameter("enableLoggingRequestDetails", "true");
}
}
class MyInitializer : AbstractAnnotationConfigDispatcherServletInitializer() {
override fun getRootConfigClasses(): Array<Class<*>>? {
return ...
}
override fun getServletConfigClasses(): Array<Class<*>>? {
return ...
}
override fun getServletMappings(): Array<String> {
return ...
}
override fun customizeRegistration(registration: ServletRegistration.Dynamic) {
registration.setInitParameter("enableLoggingRequestDetails", "true")
}
}
The spring-web
module provides some useful filters:
Browsers can submit form data only through HTTP GET or HTTP POST but non-browser clients can also
use HTTP PUT, PATCH, and DELETE. The Servlet API requires ServletRequest.getParameter*()
methods to support form field access only for HTTP POST.
The spring-web
module provides FormContentFilter
to intercept HTTP PUT, PATCH, and DELETE
requests with a content type of application/x-www-form-urlencoded
, read the form data from
the body of the request, and wrap the ServletRequest
to make the form data
available through the ServletRequest.getParameter*()
family of methods.
As a request goes through proxies (such as load balancers) the host, port, and scheme may change, and that makes it a challenge to create links that point to the correct host, port, and scheme from a client perspective.
RFC 7239 defines the Forwarded
HTTP header
that proxies can use to provide information about the original request. There are other
non-standard headers, too, including X-Forwarded-Host
, X-Forwarded-Port
,
X-Forwarded-Proto
, X-Forwarded-Ssl
, and X-Forwarded-Prefix
.
ForwardedHeaderFilter
is a Servlet filter that modifies the request in order to
a) change the host, port, and scheme based on Forwarded
headers, and b) to remove those
headers to eliminate further impact. The filter relies on wrapping the request, and
therefore it must be ordered ahead of other filters, such as RequestContextFilter
, that
should work with the modified and not the original request.
There are security considerations for forwarded headers since an application cannot know
if the headers were added by a proxy, as intended, or by a malicious client. This is why
a proxy at the boundary of trust should be configured to remove untrusted Forwarded
headers that come from the outside. You can also configure the ForwardedHeaderFilter
with removeOnly=true
, in which case it removes but does not use the headers.
In order to support asynchronous requests and error dispatches this
filter should be mapped with DispatcherType.ASYNC
and also DispatcherType.ERROR
.
If using Spring Framework’s AbstractAnnotationConfigDispatcherServletInitializer
(see Servlet Config) all filters are automatically registered for all dispatch
types. However if registering the filter via web.xml
or in Spring Boot via a
FilterRegistrationBean
be sure to include DispatcherType.ASYNC
and
DispatcherType.ERROR
in addition to DispatcherType.REQUEST
.
The ShallowEtagHeaderFilter
filter creates a “shallow” ETag by caching the content
written to the response and computing an MD5 hash from it. The next time a client sends,
it does the same, but it also compares the computed value against the If-None-Match
request header and, if the two are equal, returns a 304 (NOT_MODIFIED).
This strategy saves network bandwidth but not CPU, as the full response must be computed for each request. Other strategies at the controller level, described earlier, can avoid the computation. See HTTP Caching.
This filter has a writeWeakETag
parameter that configures the filter to write weak ETags
similar to the following: W/"02a2d595e6ed9a0b24f027f2b63b134d6"
(as defined in
RFC 7232 Section 2.3).
In order to support asynchronous requests this filter must be mapped
with DispatcherType.ASYNC
so that the filter can delay and successfully generate an
ETag to the end of the last async dispatch. If using Spring Framework’s
AbstractAnnotationConfigDispatcherServletInitializer
(see Servlet Config)
all filters are automatically registered for all dispatch types. However if registering
the filter via web.xml
or in Spring Boot via a FilterRegistrationBean
be sure to include
DispatcherType.ASYNC
.
Spring MVC provides fine-grained support for CORS configuration through annotations on
controllers. However, when used with Spring Security, we advise relying on the built-in
CorsFilter
that must be ordered ahead of Spring Security’s chain of filters.
See the sections on [mvc-cors] and the [mvc-cors-filter] for more details.
Spring MVC provides an annotation-based programming model where @Controller
and
@RestController
components use annotations to express request mappings, request input,
exception handling, and more. Annotated controllers have flexible method signatures and
do not have to extend base classes nor implement specific interfaces.
The following example shows a controller defined by annotations:
@Controller
public class HelloController {
@GetMapping("/hello")
public String handle(Model model) {
model.addAttribute("message", "Hello World!");
return "index";
}
}
import org.springframework.ui.set
@Controller
class HelloController {
@GetMapping("/hello")
fun handle(model: Model): String {
model["message"] = "Hello World!"
return "index"
}
}
In the preceding example, the method accepts a Model
and returns a view name as a String
,
but many other options exist and are explained later in this chapter.
Tip
|
Guides and tutorials on spring.io use the annotation-based programming model described in this section. |
You can define controller beans by using a standard Spring bean definition in the
Servlet’s WebApplicationContext
. The @Controller
stereotype allows for auto-detection,
aligned with Spring general support for detecting @Component
classes in the classpath
and auto-registering bean definitions for them. It also acts as a stereotype for the
annotated class, indicating its role as a web component.
To enable auto-detection of such @Controller
beans, you can add component scanning to
your Java configuration, as the following example shows:
@Configuration
@ComponentScan("org.example.web")
public class WebConfig {
// ...
}
@Configuration
@ComponentScan("org.example.web")
class WebConfig {
// ...
}
The following example shows the XML configuration equivalent of the preceding example:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
https://www.springframework.org/schema/context/spring-context.xsd">
<context:component-scan base-package="org.example.web"/>
<!-- ... -->
</beans>
@RestController
is a composed annotation that is
itself meta-annotated with @Controller
and @ResponseBody
to indicate a controller whose
every method inherits the type-level @ResponseBody
annotation and, therefore, writes
directly to the response body versus view resolution and rendering with an HTML template.
In some cases, you may need to decorate a controller with an AOP proxy at runtime.
One example is if you choose to have @Transactional
annotations directly on the
controller. When this is the case, for controllers specifically, we recommend
using class-based proxying. This is automatically the case with such annotations
directly on the controller.
If the controller implements an interface, and needs AOP proxying, you may need to
explicitly configure class-based proxying. For example, with @EnableTransactionManagement
you can change to @EnableTransactionManagement(proxyTargetClass = true)
, and with
<tx:annotation-driven/>
you can change to <tx:annotation-driven proxy-target-class="true"/>
.
Note
|
Keep in mind that as of 6.0, with interface proxying, Spring MVC no longer detects
controllers based solely on a type-level @RequestMapping annotation on the interface.
Please, enable class based proxying, or otherwise the interface must also have an
@Controller annotation.
|
You can use the @RequestMapping
annotation to map requests to controllers methods. It has
various attributes to match by URL, HTTP method, request parameters, headers, and media
types. You can use it at the class level to express shared mappings or at the method level
to narrow down to a specific endpoint mapping.
There are also HTTP method specific shortcut variants of @RequestMapping
:
-
@GetMapping
-
@PostMapping
-
@PutMapping
-
@DeleteMapping
-
@PatchMapping
The shortcuts are Custom Annotations that are provided because,
arguably, most controller methods should be mapped to a specific HTTP method versus
using @RequestMapping
, which, by default, matches to all HTTP methods.
A @RequestMapping
is still needed at the class level to express shared mappings.
The following example has type and method level mappings:
@RestController
@RequestMapping("/persons")
class PersonController {
@GetMapping("/{id}")
public Person getPerson(@PathVariable Long id) {
// ...
}
@PostMapping
@ResponseStatus(HttpStatus.CREATED)
public void add(@RequestBody Person person) {
// ...
}
}
@RestController
@RequestMapping("/persons")
class PersonController {
@GetMapping("/{id}")
fun getPerson(@PathVariable id: Long): Person {
// ...
}
@PostMapping
@ResponseStatus(HttpStatus.CREATED)
fun add(@RequestBody person: Person) {
// ...
}
}
@RequestMapping
methods can be mapped using URL patterns. There are two alternatives:
-
PathPattern
— a pre-parsed pattern matched against the URL path also pre-parsed asPathContainer
. Designed for web use, this solution deals effectively with encoding and path parameters, and matches efficiently. -
AntPathMatcher
— match String patterns against a String path. This is the original solution also used in Spring configuration to select resources on the classpath, on the filesystem, and other locations. It is less efficient and the String path input is a challenge for dealing effectively with encoding and other issues with URLs.
PathPattern
is the recommended solution for web applications and it is the only choice in
Spring WebFlux. It was enabled for use in Spring MVC from version 5.3 and is enabled by
default from version 6.0. See MVC config for
customizations of path matching options.
PathPattern
supports the same pattern syntax as AntPathMatcher
. In addition, it also
supports the capturing pattern, e.g. {*spring}
, for matching 0 or more path segments
at the end of a path. PathPattern
also restricts the use of **
for matching multiple
path segments such that it’s only allowed at the end of a pattern. This eliminates many
cases of ambiguity when choosing the best matching pattern for a given request.
For full pattern syntax please refer to
{api-spring-framework}/web/util/pattern/PathPattern.html[PathPattern] and
{api-spring-framework}/util/AntPathMatcher.html[AntPathMatcher].
Some example patterns:
-
"/resources/ima?e.png"
- match one character in a path segment -
"/resources/*.png"
- match zero or more characters in a path segment -
"/resources/**"
- match multiple path segments -
"/projects/{project}/versions"
- match a path segment and capture it as a variable -
"/projects/{project:[a-z]}/versions"+
- match and capture a variable with a regex
Captured URI variables can be accessed with @PathVariable
. For example:
@GetMapping("/owners/{ownerId}/pets/{petId}")
public Pet findPet(@PathVariable Long ownerId, @PathVariable Long petId) {
// ...
}
@GetMapping("/owners/{ownerId}/pets/{petId}")
fun findPet(@PathVariable ownerId: Long, @PathVariable petId: Long): Pet {
// ...
}
You can declare URI variables at the class and method levels, as the following example shows:
@Controller
@RequestMapping("/owners/{ownerId}")
public class OwnerController {
@GetMapping("/pets/{petId}")
public Pet findPet(@PathVariable Long ownerId, @PathVariable Long petId) {
// ...
}
}
@Controller
@RequestMapping("/owners/{ownerId}")
class OwnerController {
@GetMapping("/pets/{petId}")
fun findPet(@PathVariable ownerId: Long, @PathVariable petId: Long): Pet {
// ...
}
}
URI variables are automatically converted to the appropriate type, or TypeMismatchException
is raised. Simple types (int
, long
, Date
, and so on) are supported by default and you can
register support for any other data type.
See Type Conversion and DataBinder
.
You can explicitly name URI variables (for example, @PathVariable("customId")
), but you can
leave that detail out if the names are the same and your code is compiled with the -parameters
compiler flag.
The syntax {varName:regex}
declares a URI variable with a regular expression that has
syntax of {varName:regex}
. For example, given URL "/spring-web-3.0.5.jar"
, the following method
extracts the name, version, and file extension:
@GetMapping("/{name:[a-z-]+}-{version:\\d\\.\\d\\.\\d}{ext:\\.[a-z]+}")
public void handle(@PathVariable String name, @PathVariable String version, @PathVariable String ext) {
// ...
}
@GetMapping("/{name:[a-z-]+}-{version:\\d\\.\\d\\.\\d}{ext:\\.[a-z]+}")
fun handle(@PathVariable name: String, @PathVariable version: String, @PathVariable ext: String) {
// ...
}
URI path patterns can also have embedded ${…}
placeholders that are resolved on startup
by using PropertySourcesPlaceholderConfigurer
against local, system, environment, and
other property sources. You can use this, for example, to parameterize a base URL based on
some external configuration.
When multiple patterns match a URL, the best match must be selected. This is done with
one of the following depending on whether use of parsed PathPattern
is enabled for use or not:
-
{api-spring-framework}/web/util/pattern/PathPattern.html#SPECIFICITY_COMPARATOR[
PathPattern.SPECIFICITY_COMPARATOR
] -
{api-spring-framework}/util/AntPathMatcher.html#getPatternComparator-java.lang.String-[
AntPathMatcher.getPatternComparator(String path)
]
Both help to sort patterns with more specific ones on top. A pattern is less specific if it has a lower count of URI variables (counted as 1), single wildcards (counted as 1), and double wildcards (counted as 2). Given an equal score, the longer pattern is chosen. Given the same score and length, the pattern with more URI variables than wildcards is chosen.
The default mapping pattern (/**
) is excluded from scoring and always
sorted last. Also, prefix patterns (such as /public/**
) are considered less
specific than other pattern that do not have double wildcards.
For the full details, follow the above links to the pattern Comparators.
Starting in 5.3, by default Spring MVC no longer performs .*
suffix pattern
matching where a controller mapped to /person
is also implicitly mapped to
/person.*
. As a consequence path extensions are no longer used to interpret
the requested content type for the response — for example, /person.pdf
, /person.xml
,
and so on.
Using file extensions in this way was necessary when browsers used to send Accept
headers
that were hard to interpret consistently. At present, that is no longer a necessity and
using the Accept
header should be the preferred choice.
Over time, the use of file name extensions has proven problematic in a variety of ways. It can cause ambiguity when overlain with the use of URI variables, path parameters, and URI encoding. Reasoning about URL-based authorization and security (see next section for more details) also becomes more difficult.
To completely disable the use of path extensions in versions prior to 5.3, set the following:
-
useSuffixPatternMatching(false)
, see PathMatchConfigurer -
favorPathExtension(false)
, see ContentNegotiationConfigurer
Having a way to request content types other than through the "Accept"
header can still
be useful, e.g. when typing a URL in a browser. A safe alternative to path extensions is
to use the query parameter strategy. If you must use file extensions, consider restricting
them to a list of explicitly registered extensions through the mediaTypes
property of
ContentNegotiationConfigurer.
A reflected file download (RFD) attack is similar to XSS in that it relies on request input (for example, a query parameter and a URI variable) being reflected in the response. However, instead of inserting JavaScript into HTML, an RFD attack relies on the browser switching to perform a download and treating the response as an executable script when double-clicked later.
In Spring MVC, @ResponseBody
and ResponseEntity
methods are at risk, because
they can render different content types, which clients can request through URL path extensions.
Disabling suffix pattern matching and using path extensions for content negotiation
lower the risk but are not sufficient to prevent RFD attacks.
To prevent RFD attacks, prior to rendering the response body, Spring MVC adds a
Content-Disposition:inline;filename=f.txt
header to suggest a fixed and safe download
file. This is done only if the URL path contains a file extension that is neither
allowed as safe nor explicitly registered for content negotiation. However, it can
potentially have side effects when URLs are typed directly into a browser.
Many common path extensions are allowed as safe by default. Applications with custom
HttpMessageConverter
implementations can explicitly register file extensions for content
negotiation to avoid having a Content-Disposition
header added for those extensions.
See Content Types.
See CVE-2015-5211 for additional recommendations related to RFD.
You can narrow the request mapping based on the Content-Type
of the request,
as the following example shows:
@PostMapping(path = "/pets", consumes = "application/json") // (1)
public void addPet(@RequestBody Pet pet) {
// ...
}
-
Using a
consumes
attribute to narrow the mapping by the content type.
@PostMapping("/pets", consumes = ["application/json"]) // (1)
fun addPet(@RequestBody pet: Pet) {
// ...
}
-
Using a
consumes
attribute to narrow the mapping by the content type.
The consumes
attribute also supports negation expressions — for example, !text/plain
means any
content type other than text/plain
.
You can declare a shared consumes
attribute at the class level. Unlike most other
request-mapping attributes, however, when used at the class level, a method-level consumes
attribute
overrides rather than extends the class-level declaration.
Tip
|
MediaType provides constants for commonly used media types, such as
APPLICATION_JSON_VALUE and APPLICATION_XML_VALUE .
|
You can narrow the request mapping based on the Accept
request header and the list of
content types that a controller method produces, as the following example shows:
@GetMapping(path = "/pets/{petId}", produces = "application/json") // (1)
@ResponseBody
public Pet getPet(@PathVariable String petId) {
// ...
}
-
Using a
produces
attribute to narrow the mapping by the content type.
@GetMapping("/pets/{petId}", produces = ["application/json"]) // (1)
@ResponseBody
fun getPet(@PathVariable petId: String): Pet {
// ...
}
-
Using a
produces
attribute to narrow the mapping by the content type.
The media type can specify a character set. Negated expressions are supported — for example,
!text/plain
means any content type other than "text/plain".
You can declare a shared produces
attribute at the class level. Unlike most other
request-mapping attributes, however, when used at the class level, a method-level produces
attribute
overrides rather than extends the class-level declaration.
Tip
|
MediaType provides constants for commonly used media types, such as
APPLICATION_JSON_VALUE and APPLICATION_XML_VALUE .
|
You can narrow request mappings based on request parameter conditions. You can test for the
presence of a request parameter (myParam
), for the absence of one (!myParam
), or for a
specific value (myParam=myValue
). The following example shows how to test for a specific value:
@GetMapping(path = "/pets/{petId}", params = "myParam=myValue") // (1)
public void findPet(@PathVariable String petId) {
// ...
}
-
Testing whether
myParam
equalsmyValue
.
@GetMapping("/pets/{petId}", params = ["myParam=myValue"]) // (1)
fun findPet(@PathVariable petId: String) {
// ...
}
-
Testing whether
myParam
equalsmyValue
.
You can also use the same with request header conditions, as the following example shows:
@GetMapping(path = "/pets", headers = "myHeader=myValue") // (1)
public void findPet(@PathVariable String petId) {
// ...
}
-
Testing whether
myHeader
equalsmyValue
.
@GetMapping("/pets", headers = ["myHeader=myValue"]) // (1)
fun findPet(@PathVariable petId: String) {
// ...
}
-
Testing whether
myHeader
equalsmyValue
.
@GetMapping
(and @RequestMapping(method=HttpMethod.GET)
) support HTTP HEAD
transparently for request mapping. Controller methods do not need to change.
A response wrapper, applied in jakarta.servlet.http.HttpServlet
, ensures a Content-Length
header is set to the number of bytes written (without actually writing to the response).
@GetMapping
(and @RequestMapping(method=HttpMethod.GET)
) are implicitly mapped to
and support HTTP HEAD. An HTTP HEAD request is processed as if it were HTTP GET except
that, instead of writing the body, the number of bytes are counted and the Content-Length
header is set.
By default, HTTP OPTIONS is handled by setting the Allow
response header to the list of HTTP
methods listed in all @RequestMapping
methods that have matching URL patterns.
For a @RequestMapping
without HTTP method declarations, the Allow
header is set to
GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
. Controller methods should always declare the
supported HTTP methods (for example, by using the HTTP method specific variants:
@GetMapping
, @PostMapping
, and others).
You can explicitly map the @RequestMapping
method to HTTP HEAD and HTTP OPTIONS, but that
is not necessary in the common case.
Spring MVC supports the use of composed annotations
for request mapping. Those are annotations that are themselves meta-annotated with
@RequestMapping
and composed to redeclare a subset (or all) of the @RequestMapping
attributes with a narrower, more specific purpose.
@GetMapping
, @PostMapping
, @PutMapping
, @DeleteMapping
, and @PatchMapping
are
examples of composed annotations. They are provided because, arguably, most
controller methods should be mapped to a specific HTTP method versus using @RequestMapping
,
which, by default, matches to all HTTP methods. If you need an example of composed
annotations, look at how those are declared.
Spring MVC also supports custom request-mapping attributes with custom request-matching
logic. This is a more advanced option that requires subclassing
RequestMappingHandlerMapping
and overriding the getCustomMethodCondition
method, where
you can check the custom attribute and return your own RequestCondition
.
You can programmatically register handler methods, which you can use for dynamic registrations or for advanced cases, such as different instances of the same handler under different URLs. The following example registers a handler method:
@Configuration
public class MyConfig {
@Autowired
public void setHandlerMapping(RequestMappingHandlerMapping mapping, UserHandler handler) // (1)
throws NoSuchMethodException {
RequestMappingInfo info = RequestMappingInfo
.paths("/user/{id}").methods(RequestMethod.GET).build(); // (2)
Method method = UserHandler.class.getMethod("getUser", Long.class); // (3)
mapping.registerMapping(info, handler, method); // (4)
}
}
-
Inject the target handler and the handler mapping for controllers.
-
Prepare the request mapping meta data.
-
Get the handler method.
-
Add the registration.
@Configuration
class MyConfig {
@Autowired
fun setHandlerMapping(mapping: RequestMappingHandlerMapping, handler: UserHandler) { // (1)
val info = RequestMappingInfo.paths("/user/{id}").methods(RequestMethod.GET).build() // (2)
val method = UserHandler::class.java.getMethod("getUser", Long::class.java) // (3)
mapping.registerMapping(info, handler, method) // (4)
}
}
-
Inject the target handler and the handler mapping for controllers.
-
Prepare the request mapping meta data.
-
Get the handler method.
-
Add the registration.
@RequestMapping
handler methods have a flexible signature and can choose from a range of
supported controller method arguments and return values.
The next table describes the supported controller method arguments. Reactive types are not supported for any arguments.
JDK 8’s java.util.Optional
is supported as a method argument in combination with
annotations that have a required
attribute (for example, @RequestParam
, @RequestHeader
,
and others) and is equivalent to required=false
.
Controller method argument | Description |
---|---|
|
Generic access to request parameters and request and session attributes, without direct use of the Servlet API. |
|
Choose any specific request or response type — for example, |
|
Enforces the presence of a session. As a consequence, such an argument is never |
|
Servlet 4.0 push builder API for programmatic HTTP/2 resource pushes.
Note that, per the Servlet specification, the injected |
|
Currently authenticated user — possibly a specific Note that this argument is not resolved eagerly, if it is annotated in order to allow a custom resolver to resolve it
before falling back on default resolution via |
|
The HTTP method of the request. |
|
The current request locale, determined by the most specific |
|
The time zone associated with the current request, as determined by a |
|
For access to the raw request body as exposed by the Servlet API. |
|
For access to the raw response body as exposed by the Servlet API. |
|
For access to URI template variables. See URI patterns. |
|
For access to name-value pairs in URI path segments. See Matrix Variables. |
|
For access to the Servlet request parameters, including multipart files. Parameter values
are converted to the declared method argument type. See Note that use of |
|
For access to request headers. Header values are converted to the declared method argument
type. See |
|
For access to cookies. Cookies values are converted to the declared method argument
type. See |
|
For access to the HTTP request body. Body content is converted to the declared method
argument type by using |
|
For access to request headers and body. The body is converted with an |
|
For access to a part in a |
|
For access to the model that is used in HTML controllers and exposed to templates as part of view rendering. |
|
Specify attributes to use in case of a redirect (that is, to be appended to the query string) and flash attributes to be stored temporarily until the request after redirect. See Redirect Attributes and Flash Attributes. |
|
For access to an existing attribute in the model (instantiated if not present) with
data binding and validation applied. See Note that use of |
|
For access to errors from validation and data binding for a command object
(that is, a |
|
For marking form processing complete, which triggers cleanup of session attributes
declared through a class-level |
|
For preparing a URL relative to the current request’s host, port, scheme, context path, and the literal part of the servlet mapping. See URI Links. |
|
For access to any session attribute, in contrast to model attributes stored in the session
as a result of a class-level |
|
For access to request attributes. See |
Any other argument |
If a method argument is not matched to any of the earlier values in this table and it is
a simple type (as determined by
{api-spring-framework}/beans/BeanUtils.html#isSimpleProperty-java.lang.Class-[BeanUtils#isSimpleProperty]),
it is resolved as a |
The next table describes the supported controller method return values. Reactive types are supported for all return values.
Controller method return value | Description |
---|---|
|
The return value is converted through |
|
The return value that specifies the full response (including HTTP headers and body) is to be converted
through |
|
For returning a response with headers and no body. |
|
To render an RFC 7807 error response with details in the body, see Error Responses |
|
To render an RFC 7807 error response with details in the body, see Error Responses |
|
A view name to be resolved with |
|
A |
|
Attributes to be added to the implicit model, with the view name implicitly determined
through a |
|
An attribute to be added to the model, with the view name implicitly determined through
a Note that |
|
The view and model attributes to use and, optionally, a response status. |
|
A method with a If none of the above is true, a |
|
Produce any of the preceding return values asynchronously from any thread — for example, as a
result of some event or callback. See Asynchronous Requests and |
|
Produce any of the above return values asynchronously in a Spring MVC-managed thread.
See Asynchronous Requests and |
|
Alternative to |
|
Emit a stream of objects asynchronously to be written to the response with
|
|
Write to the response |
Reactor and other reactive types registered via |
A single value type, e.g. |
Other return values |
If a return value remains unresolved in any other way, it is treated as a model attribute, unless it is a simple type as determined by {api-spring-framework}/beans/BeanUtils.html#isSimpleProperty-java.lang.Class-[BeanUtils#isSimpleProperty], in which case it remains unresolved. |
Some annotated controller method arguments that represent String
-based request input (such as
@RequestParam
, @RequestHeader
, @PathVariable
, @MatrixVariable
, and @CookieValue
)
can require type conversion if the argument is declared as something other than String
.
For such cases, type conversion is automatically applied based on the configured converters.
By default, simple types (int
, long
, Date
, and others) are supported. You can customize
type conversion through a WebDataBinder
(see DataBinder
) or by registering
Formatters
with the FormattingConversionService
.
See Spring Field Formatting.
A practical issue in type conversion is the treatment of an empty String source value.
Such a value is treated as missing if it becomes null
as a result of type conversion.
This can be the case for Long
, UUID
, and other target types. If you want to allow null
to be injected, either use the required
flag on the argument annotation, or declare the
argument as @Nullable
.
Note
|
As of 5.3, non-null arguments will be enforced even after type conversion. If your handler
method intends to accept a null value as well, either declare your argument as Alternatively, you may specifically handle e.g. the resulting |
RFC 3986 discusses name-value pairs in path segments. In Spring MVC, we refer to those as “matrix variables” based on an “old post” by Tim Berners-Lee, but they can be also be referred to as URI path parameters.
Matrix variables can appear in any path segment, with each variable separated by a semicolon and
multiple values separated by comma (for example, /cars;color=red,green;year=2012
). Multiple
values can also be specified through repeated variable names (for example,
color=red;color=green;color=blue
).
If a URL is expected to contain matrix variables, the request mapping for a controller method must use a URI variable to mask that variable content and ensure the request can be matched successfully independent of matrix variable order and presence. The following example uses a matrix variable:
// GET /pets/42;q=11;r=22
@GetMapping("/pets/{petId}")
public void findPet(@PathVariable String petId, @MatrixVariable int q) {
// petId == 42
// q == 11
}
// GET /pets/42;q=11;r=22
@GetMapping("/pets/{petId}")
fun findPet(@PathVariable petId: String, @MatrixVariable q: Int) {
// petId == 42
// q == 11
}
Given that all path segments may contain matrix variables, you may sometimes need to disambiguate which path variable the matrix variable is expected to be in. The following example shows how to do so:
// GET /owners/42;q=11/pets/21;q=22
@GetMapping("/owners/{ownerId}/pets/{petId}")
public void findPet(
@MatrixVariable(name="q", pathVar="ownerId") int q1,
@MatrixVariable(name="q", pathVar="petId") int q2) {
// q1 == 11
// q2 == 22
}
// GET /owners/42;q=11/pets/21;q=22
@GetMapping("/owners/{ownerId}/pets/{petId}")
fun findPet(
@MatrixVariable(name = "q", pathVar = "ownerId") q1: Int,
@MatrixVariable(name = "q", pathVar = "petId") q2: Int) {
// q1 == 11
// q2 == 22
}
A matrix variable may be defined as optional and a default value specified, as the following example shows:
// GET /pets/42
@GetMapping("/pets/{petId}")
public void findPet(@MatrixVariable(required=false, defaultValue="1") int q) {
// q == 1
}
// GET /pets/42
@GetMapping("/pets/{petId}")
fun findPet(@MatrixVariable(required = false, defaultValue = "1") q: Int) {
// q == 1
}
To get all matrix variables, you can use a MultiValueMap
, as the following example shows:
// GET /owners/42;q=11;r=12/pets/21;q=22;s=23
@GetMapping("/owners/{ownerId}/pets/{petId}")
public void findPet(
@MatrixVariable MultiValueMap<String, String> matrixVars,
@MatrixVariable(pathVar="petId") MultiValueMap<String, String> petMatrixVars) {
// matrixVars: ["q" : [11,22], "r" : 12, "s" : 23]
// petMatrixVars: ["q" : 22, "s" : 23]
}
// GET /owners/42;q=11;r=12/pets/21;q=22;s=23
@GetMapping("/owners/{ownerId}/pets/{petId}")
fun findPet(
@MatrixVariable matrixVars: MultiValueMap<String, String>,
@MatrixVariable(pathVar="petId") petMatrixVars: MultiValueMap<String, String>) {
// matrixVars: ["q" : [11,22], "r" : 12, "s" : 23]
// petMatrixVars: ["q" : 22, "s" : 23]
}
Note that you need to enable the use of matrix variables. In the MVC Java configuration,
you need to set a UrlPathHelper
with removeSemicolonContent=false
through
Path Matching. In the MVC XML namespace, you can set
<mvc:annotation-driven enable-matrix-variables="true"/>
.
You can use the @RequestParam
annotation to bind Servlet request parameters (that is,
query parameters or form data) to a method argument in a controller.
The following example shows how to do so:
@Controller
@RequestMapping("/pets")
public class EditPetForm {
// ...
@GetMapping
public String setupForm(@RequestParam("petId") int petId, Model model) { (1)
Pet pet = this.clinic.loadPet(petId);
model.addAttribute("pet", pet);
return "petForm";
}
// ...
}
-
Using
@RequestParam
to bindpetId
.
import org.springframework.ui.set
@Controller
@RequestMapping("/pets")
class EditPetForm {
// ...
@GetMapping
fun setupForm(@RequestParam("petId") petId: Int, model: Model): String { // (1)
val pet = this.clinic.loadPet(petId);
model["pet"] = pet
return "petForm"
}
// ...
}
-
Using
@RequestParam
to bindpetId
.
By default, method parameters that use this annotation are required, but you can specify that
a method parameter is optional by setting the @RequestParam
annotation’s required
flag to
false
or by declaring the argument with an java.util.Optional
wrapper.
Type conversion is automatically applied if the target method parameter type is not
String
. See Type Conversion.
Declaring the argument type as an array or list allows for resolving multiple parameter values for the same parameter name.
When an @RequestParam
annotation is declared as a Map<String, String>
or
MultiValueMap<String, String>
, without a parameter name specified in the annotation,
then the map is populated with the request parameter values for each given parameter name.
Note that use of @RequestParam
is optional (for example, to set its attributes).
By default, any argument that is a simple value type (as determined by
{api-spring-framework}/beans/BeanUtils.html#isSimpleProperty-java.lang.Class-[BeanUtils#isSimpleProperty])
and is not resolved by any other argument resolver, is treated as if it were annotated
with @RequestParam
.
You can use the @RequestHeader
annotation to bind a request header to a method argument in a
controller.
Consider the following request, with headers:
Host localhost:8080 Accept text/html,application/xhtml+xml,application/xml;q=0.9 Accept-Language fr,en-gb;q=0.7,en;q=0.3 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 300
The following example gets the value of the Accept-Encoding
and Keep-Alive
headers:
@GetMapping("/demo")
public void handle(
@RequestHeader("Accept-Encoding") String encoding, // (1)
@RequestHeader("Keep-Alive") long keepAlive) { // (2)
//...
}
-
Get the value of the
Accept-Encoding
header. -
Get the value of the
Keep-Alive
header.
@GetMapping("/demo")
fun handle(
@RequestHeader("Accept-Encoding") encoding: String, // (1)
@RequestHeader("Keep-Alive") keepAlive: Long) { // (2)
//...
}
-
Get the value of the
Accept-Encoding
header. -
Get the value of the
Keep-Alive
header.
If the target method parameter type is not
String
, type conversion is automatically applied. See Type Conversion.
When an @RequestHeader
annotation is used on a Map<String, String>
,
MultiValueMap<String, String>
, or HttpHeaders
argument, the map is populated
with all header values.
Tip
|
Built-in support is available for converting a comma-separated string into an
array or collection of strings or other types known to the type conversion system. For
example, a method parameter annotated with @RequestHeader("Accept") can be of type
String but also String[] or List<String> .
|
You can use the @CookieValue
annotation to bind the value of an HTTP cookie to a method argument
in a controller.
Consider a request with the following cookie:
JSESSIONID=415A4AC178C59DACE0B2C9CA727CDD84
The following example shows how to get the cookie value:
@GetMapping("/demo")
public void handle(@CookieValue("JSESSIONID") String cookie) { (1)
//...
}
-
Get the value of the
JSESSIONID
cookie.
@GetMapping("/demo")
fun handle(@CookieValue("JSESSIONID") cookie: String) { // (1)
//...
}
-
Get the value of the
JSESSIONID
cookie.
If the target method parameter type is not String
, type conversion is applied automatically.
See Type Conversion.
You can use the @ModelAttribute
annotation on a method argument to access an attribute from
the model or have it be instantiated if not present. The model attribute is also overlain with
values from HTTP Servlet request parameters whose names match to field names. This is referred
to as data binding, and it saves you from having to deal with parsing and converting individual
query parameters and form fields. The following example shows how to do so:
@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
public String processSubmit(@ModelAttribute Pet pet) { // (1)
// method logic...
}
-
Bind an instance of
Pet
.
@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
fun processSubmit(@ModelAttribute pet: Pet): String { // (1)
// method logic...
}
-
Bind an instance of
Pet
.
The Pet
instance above is sourced in one of the following ways:
-
Retrieved from the model where it may have been added by a @ModelAttribute method.
-
Retrieved from the HTTP session if the model attribute was listed in the class-level
@SessionAttributes
annotation. -
Obtained through a
Converter
where the model attribute name matches the name of a request value such as a path variable or a request parameter (see next example). -
Instantiated using its default constructor.
-
Instantiated through a “primary constructor” with arguments that match to Servlet request parameters. Argument names are determined through JavaBeans
@ConstructorProperties
or through runtime-retained parameter names in the bytecode.
One alternative to using a @ModelAttribute method to
supply it or relying on the framework to create the model attribute, is to have a
Converter<String, T>
to provide the instance. This is applied when the model attribute
name matches to the name of a request value such as a path variable or a request
parameter, and there is a Converter
from String
to the model attribute type.
In the following example, the model attribute name is account
which matches the URI
path variable account
, and there is a registered Converter<String, Account>
which
could load the Account
from a data store:
@PutMapping("/accounts/{account}")
public String save(@ModelAttribute("account") Account account) { // (1)
// ...
}
-
Bind an instance of
Account
using an explicit attribute name.
@PutMapping("/accounts/{account}")
fun save(@ModelAttribute("account") account: Account): String { // (1)
// ...
}
-
Bind an instance of
Account
using an explicit attribute name.
After the model attribute instance is obtained, data binding is applied. The
WebDataBinder
class matches Servlet request parameter names (query parameters and form
fields) to field names on the target Object
. Matching fields are populated after type
conversion is applied, where necessary. For more on data binding (and validation), see
Validation. For more on customizing data binding, see
DataBinder
.
Data binding can result in errors. By default, a BindException
is raised. However, to check
for such errors in the controller method, you can add a BindingResult
argument immediately next
to the @ModelAttribute
, as the following example shows:
@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
public String processSubmit(@ModelAttribute("pet") Pet pet, BindingResult result) { // (1)
if (result.hasErrors()) {
return "petForm";
}
// ...
}
-
Adding a
BindingResult
next to the@ModelAttribute
.
@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
fun processSubmit(@ModelAttribute("pet") pet: Pet, result: BindingResult): String { // (1)
if (result.hasErrors()) {
return "petForm"
}
// ...
}
-
Adding a
BindingResult
next to the@ModelAttribute
.
In some cases, you may want access to a model attribute without data binding. For such
cases, you can inject the Model
into the controller and access it directly or,
alternatively, set @ModelAttribute(binding=false)
, as the following example shows:
@ModelAttribute
public AccountForm setUpForm() {
return new AccountForm();
}
@ModelAttribute
public Account findAccount(@PathVariable String accountId) {
return accountRepository.findOne(accountId);
}
@PostMapping("update")
public String update(@Valid AccountForm form, BindingResult result,
@ModelAttribute(binding=false) Account account) { // (1)
// ...
}
-
Setting
@ModelAttribute(binding=false)
.
@ModelAttribute
fun setUpForm(): AccountForm {
return AccountForm()
}
@ModelAttribute
fun findAccount(@PathVariable accountId: String): Account {
return accountRepository.findOne(accountId)
}
@PostMapping("update")
fun update(@Valid form: AccountForm, result: BindingResult,
@ModelAttribute(binding = false) account: Account): String { // (1)
// ...
}
-
Setting
@ModelAttribute(binding=false)
.
You can automatically apply validation after data binding by adding the
jakarta.validation.Valid
annotation or Spring’s @Validated
annotation
(Bean Validation and
Spring validation). The following example shows how to do so:
@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
public String processSubmit(@Valid @ModelAttribute("pet") Pet pet, BindingResult result) { // (1)
if (result.hasErrors()) {
return "petForm";
}
// ...
}
-
Validate the
Pet
instance.
@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
fun processSubmit(@Valid @ModelAttribute("pet") pet: Pet, result: BindingResult): String { // (1)
if (result.hasErrors()) {
return "petForm"
}
// ...
}
-
Validate the
Pet
instance.
Note that using @ModelAttribute
is optional (for example, to set its attributes).
By default, any argument that is not a simple value type (as determined by
{api-spring-framework}/beans/BeanUtils.html#isSimpleProperty-java.lang.Class-[BeanUtils#isSimpleProperty])
and is not resolved by any other argument resolver is treated as if it were annotated
with @ModelAttribute
.
@SessionAttributes
is used to store model attributes in the HTTP Servlet session between
requests. It is a type-level annotation that declares the session attributes used by a
specific controller. This typically lists the names of model attributes or types of
model attributes that should be transparently stored in the session for subsequent
requests to access.
The following example uses the @SessionAttributes
annotation:
@Controller
@SessionAttributes("pet") // (1)
public class EditPetForm {
// ...
}
-
Using the
@SessionAttributes
annotation.
@Controller
@SessionAttributes("pet") // (1)
class EditPetForm {
// ...
}
-
Using the
@SessionAttributes
annotation.
On the first request, when a model attribute with the name, pet
, is added to the model,
it is automatically promoted to and saved in the HTTP Servlet session. It remains there
until another controller method uses a SessionStatus
method argument to clear the
storage, as the following example shows:
@Controller
@SessionAttributes("pet") // (1)
public class EditPetForm {
// ...
@PostMapping("/pets/{id}")
public String handle(Pet pet, BindingResult errors, SessionStatus status) {
if (errors.hasErrors) {
// ...
}
status.setComplete(); // (2)
// ...
}
}
-
Storing the
Pet
value in the Servlet session. -
Clearing the
Pet
value from the Servlet session.
@Controller
@SessionAttributes("pet") // (1)
class EditPetForm {
// ...
@PostMapping("/pets/{id}")
fun handle(pet: Pet, errors: BindingResult, status: SessionStatus): String {
if (errors.hasErrors()) {
// ...
}
status.setComplete() // (2)
// ...
}
}
-
Storing the
Pet
value in the Servlet session. -
Clearing the
Pet
value from the Servlet session.
If you need access to pre-existing session attributes that are managed globally
(that is, outside the controller — for example, by a filter) and may or may not be present,
you can use the @SessionAttribute
annotation on a method parameter,
as the following example shows:
@RequestMapping("/")
public String handle(@SessionAttribute User user) { (1)
// ...
}
-
Using a
@SessionAttribute
annotation.
@RequestMapping("/")
fun handle(@SessionAttribute user: User): String { // (1)
// ...
}
-
Using a
@SessionAttribute
annotation.
For use cases that require adding or removing session attributes, consider injecting
org.springframework.web.context.request.WebRequest
or
jakarta.servlet.http.HttpSession
into the controller method.
For temporary storage of model attributes in the session as part of a controller
workflow, consider using @SessionAttributes
as described in
@SessionAttributes
.
Similar to @SessionAttribute
, you can use the @RequestAttribute
annotations to
access pre-existing request attributes created earlier (for example, by a Servlet Filter
or HandlerInterceptor
):
@GetMapping("/")
public String handle(@RequestAttribute Client client) { // (1)
// ...
}
-
Using the
@RequestAttribute
annotation.
@GetMapping("/")
fun handle(@RequestAttribute client: Client): String { // (1)
// ...
}
-
Using the
@RequestAttribute
annotation.
By default, all model attributes are considered to be exposed as URI template variables in the redirect URL. Of the remaining attributes, those that are primitive types or collections or arrays of primitive types are automatically appended as query parameters.
Appending primitive type attributes as query parameters can be the desired result if a
model instance was prepared specifically for the redirect. However, in annotated
controllers, the model can contain additional attributes added for rendering purposes (for example,
drop-down field values). To avoid the possibility of having such attributes appear in the
URL, a @RequestMapping
method can declare an argument of type RedirectAttributes
and
use it to specify the exact attributes to make available to RedirectView
. If the method
does redirect, the content of RedirectAttributes
is used. Otherwise, the content of the
model is used.
The RequestMappingHandlerAdapter
provides a flag called
ignoreDefaultModelOnRedirect
, which you can use to indicate that the content of the default
Model
should never be used if a controller method redirects. Instead, the controller
method should declare an attribute of type RedirectAttributes
or, if it does not do so,
no attributes should be passed on to RedirectView
. Both the MVC namespace and the MVC
Java configuration keep this flag set to false
, to maintain backwards compatibility.
However, for new applications, we recommend setting it to true
.
Note that URI template variables from the present request are automatically made
available when expanding a redirect URL, and you don’t need to explicitly add them
through Model
or RedirectAttributes
. The following example shows how to define a redirect:
@PostMapping("/files/{path}")
public String upload(...) {
// ...
return "redirect:files/{path}";
}
@PostMapping("/files/{path}")
fun upload(...): String {
// ...
return "redirect:files/{path}"
}
Another way of passing data to the redirect target is by using flash attributes. Unlike other redirect attributes, flash attributes are saved in the HTTP session (and, hence, do not appear in the URL). See Flash Attributes for more information.
Flash attributes provide a way for one request to store attributes that are intended for use in another. This is most commonly needed when redirecting — for example, the Post-Redirect-Get pattern. Flash attributes are saved temporarily before the redirect (typically in the session) to be made available to the request after the redirect and are removed immediately.
Spring MVC has two main abstractions in support of flash attributes. FlashMap
is used
to hold flash attributes, while FlashMapManager
is used to store, retrieve, and manage
FlashMap
instances.
Flash attribute support is always “on” and does not need to be enabled explicitly.
However, if not used, it never causes HTTP session creation. On each request, there is an
“input” FlashMap
with attributes passed from a previous request (if any) and an
“output” FlashMap
with attributes to save for a subsequent request. Both FlashMap
instances are accessible from anywhere in Spring MVC through static methods in
RequestContextUtils
.
Annotated controllers typically do not need to work with FlashMap
directly. Instead, a
@RequestMapping
method can accept an argument of type RedirectAttributes
and use it
to add flash attributes for a redirect scenario. Flash attributes added through
RedirectAttributes
are automatically propagated to the “output” FlashMap. Similarly,
after the redirect, attributes from the “input” FlashMap
are automatically added to the
Model
of the controller that serves the target URL.
The concept of flash attributes exists in many other web frameworks and has proven to sometimes be exposed to concurrency issues. This is because, by definition, flash attributes are to be stored until the next request. However the very “next” request may not be the intended recipient but another asynchronous request (for example, polling or resource requests), in which case the flash attributes are removed too early.
To reduce the possibility of such issues, RedirectView
automatically “stamps”
FlashMap
instances with the path and query parameters of the target redirect URL. In
turn, the default FlashMapManager
matches that information to incoming requests when
it looks up the “input” FlashMap
.
This does not entirely eliminate the possibility of a concurrency issue but reduces it greatly with information that is already available in the redirect URL. Therefore, we recommend that you use flash attributes mainly for redirect scenarios.
After a MultipartResolver
has been enabled, the content of POST
requests with multipart/form-data
is parsed and accessible as regular request
parameters. The following example accesses one regular form field and one uploaded
file:
@Controller
public class FileUploadController {
@PostMapping("/form")
public String handleFormUpload(@RequestParam("name") String name,
@RequestParam("file") MultipartFile file) {
if (!file.isEmpty()) {
byte[] bytes = file.getBytes();
// store the bytes somewhere
return "redirect:uploadSuccess";
}
return "redirect:uploadFailure";
}
}
@Controller
class FileUploadController {
@PostMapping("/form")
fun handleFormUpload(@RequestParam("name") name: String,
@RequestParam("file") file: MultipartFile): String {
if (!file.isEmpty) {
val bytes = file.bytes
// store the bytes somewhere
return "redirect:uploadSuccess"
}
return "redirect:uploadFailure"
}
}
Declaring the argument type as a List<MultipartFile>
allows for resolving multiple
files for the same parameter name.
When the @RequestParam
annotation is declared as a Map<String, MultipartFile>
or
MultiValueMap<String, MultipartFile>
, without a parameter name specified in the annotation,
then the map is populated with the multipart files for each given parameter name.
Note
|
With Servlet multipart parsing, you may also declare jakarta.servlet.http.Part
instead of Spring’s MultipartFile , as a method argument or collection value type.
|
You can also use multipart content as part of data binding to a command object. For example, the form field and file from the preceding example could be fields on a form object, as the following example shows:
class MyForm {
private String name;
private MultipartFile file;
// ...
}
@Controller
public class FileUploadController {
@PostMapping("/form")
public String handleFormUpload(MyForm form, BindingResult errors) {
if (!form.getFile().isEmpty()) {
byte[] bytes = form.getFile().getBytes();
// store the bytes somewhere
return "redirect:uploadSuccess";
}
return "redirect:uploadFailure";
}
}
class MyForm(val name: String, val file: MultipartFile, ...)
@Controller
class FileUploadController {
@PostMapping("/form")
fun handleFormUpload(form: MyForm, errors: BindingResult): String {
if (!form.file.isEmpty) {
val bytes = form.file.bytes
// store the bytes somewhere
return "redirect:uploadSuccess"
}
return "redirect:uploadFailure"
}
}
Multipart requests can also be submitted from non-browser clients in a RESTful service scenario. The following example shows a file with JSON:
POST /someUrl Content-Type: multipart/mixed --edt7Tfrdusa7r3lNQc79vXuhIIMlatb7PQg7Vp Content-Disposition: form-data; name="meta-data" Content-Type: application/json; charset=UTF-8 Content-Transfer-Encoding: 8bit { "name": "value" } --edt7Tfrdusa7r3lNQc79vXuhIIMlatb7PQg7Vp Content-Disposition: form-data; name="file-data"; filename="file.properties" Content-Type: text/xml Content-Transfer-Encoding: 8bit ... File Data ...
You can access the "meta-data" part with @RequestParam
as a String
but you’ll
probably want it deserialized from JSON (similar to @RequestBody
). Use the
@RequestPart
annotation to access a multipart after converting it with an
HttpMessageConverter:
@PostMapping("/")
public String handle(@RequestPart("meta-data") MetaData metadata,
@RequestPart("file-data") MultipartFile file) {
// ...
}
@PostMapping("/")
fun handle(@RequestPart("meta-data") metadata: MetaData,
@RequestPart("file-data") file: MultipartFile): String {
// ...
}
You can use @RequestPart
in combination with jakarta.validation.Valid
or use Spring’s
@Validated
annotation, both of which cause Standard Bean Validation to be applied.
By default, validation errors cause a MethodArgumentNotValidException
, which is turned
into a 400 (BAD_REQUEST) response. Alternatively, you can handle validation errors locally
within the controller through an Errors
or BindingResult
argument,
as the following example shows:
@PostMapping("/")
public String handle(@Valid @RequestPart("meta-data") MetaData metadata,
BindingResult result) {
// ...
}
@PostMapping("/")
fun handle(@Valid @RequestPart("meta-data") metadata: MetaData,
result: BindingResult): String {
// ...
}
You can use the @RequestBody
annotation to have the request body read and deserialized into an
Object
through an HttpMessageConverter
.
The following example uses a @RequestBody
argument:
@PostMapping("/accounts")
public void handle(@RequestBody Account account) {
// ...
}
@PostMapping("/accounts")
fun handle(@RequestBody account: Account) {
// ...
}
You can use the Message Converters option of the MVC Config to configure or customize message conversion.
You can use @RequestBody
in combination with jakarta.validation.Valid
or Spring’s
@Validated
annotation, both of which cause Standard Bean Validation to be applied.
By default, validation errors cause a MethodArgumentNotValidException
, which is turned
into a 400 (BAD_REQUEST) response. Alternatively, you can handle validation errors locally
within the controller through an Errors
or BindingResult
argument,
as the following example shows:
@PostMapping("/accounts")
public void handle(@Valid @RequestBody Account account, BindingResult result) {
// ...
}
@PostMapping("/accounts")
fun handle(@Valid @RequestBody account: Account, result: BindingResult) {
// ...
}
HttpEntity
is more or less identical to using @RequestBody
but is based on a
container object that exposes request headers and body. The following listing shows an example:
@PostMapping("/accounts")
public void handle(HttpEntity<Account> entity) {
// ...
}
@PostMapping("/accounts")
fun handle(entity: HttpEntity<Account>) {
// ...
}
You can use the @ResponseBody
annotation on a method to have the return serialized
to the response body through an
HttpMessageConverter.
The following listing shows an example:
@GetMapping("/accounts/{id}")
@ResponseBody
public Account handle() {
// ...
}
@GetMapping("/accounts/{id}")
@ResponseBody
fun handle(): Account {
// ...
}
@ResponseBody
is also supported at the class level, in which case it is inherited by
all controller methods. This is the effect of @RestController
, which is nothing more
than a meta-annotation marked with @Controller
and @ResponseBody
.
You can use @ResponseBody
with reactive types.
See Asynchronous Requests and Reactive Types for more details.
You can use the Message Converters option of the MVC Config to configure or customize message conversion.
You can combine @ResponseBody
methods with JSON serialization views.
See Jackson JSON for details.
ResponseEntity
is like @ResponseBody
but with status and headers. For example:
@GetMapping("/something")
public ResponseEntity<String> handle() {
String body = ... ;
String etag = ... ;
return ResponseEntity.ok().eTag(etag).body(body);
}
@GetMapping("/something")
fun handle(): ResponseEntity<String> {
val body = ...
val etag = ...
return ResponseEntity.ok().eTag(etag).build(body)
}
Spring MVC supports using a single value reactive type
to produce the ResponseEntity
asynchronously, and/or single and multi-value reactive
types for the body. This allows the following types of async responses:
-
ResponseEntity<Mono<T>>
orResponseEntity<Flux<T>>
make the response status and headers known immediately while the body is provided asynchronously at a later point. UseMono
if the body consists of 0..1 values orFlux
if it can produce multiple values. -
Mono<ResponseEntity<T>>
provides all three — response status, headers, and body, asynchronously at a later point. This allows the response status and headers to vary depending on the outcome of asynchronous request handling.
Spring offers support for the Jackson JSON library.
Spring MVC provides built-in support for
Jackson’s Serialization Views,
which allow rendering only a subset of all fields in an Object
. To use it with
@ResponseBody
or ResponseEntity
controller methods, you can use Jackson’s
@JsonView
annotation to activate a serialization view class, as the following example shows:
@RestController
public class UserController {
@GetMapping("/user")
@JsonView(User.WithoutPasswordView.class)
public User getUser() {
return new User("eric", "7!jd#h23");
}
}
public class User {
public interface WithoutPasswordView {};
public interface WithPasswordView extends WithoutPasswordView {};
private String username;
private String password;
public User() {
}
public User(String username, String password) {
this.username = username;
this.password = password;
}
@JsonView(WithoutPasswordView.class)
public String getUsername() {
return this.username;
}
@JsonView(WithPasswordView.class)
public String getPassword() {
return this.password;
}
}
@RestController
class UserController {
@GetMapping("/user")
@JsonView(User.WithoutPasswordView::class)
fun getUser() = User("eric", "7!jd#h23")
}
class User(
@JsonView(WithoutPasswordView::class) val username: String,
@JsonView(WithPasswordView::class) val password: String) {
interface WithoutPasswordView
interface WithPasswordView : WithoutPasswordView
}
Note
|
@JsonView allows an array of view classes, but you can specify only one per
controller method. If you need to activate multiple views, you can use a composite interface.
|
If you want to do the above programmatically, instead of declaring an @JsonView
annotation,
wrap the return value with MappingJacksonValue
and use it to supply the serialization view:
@RestController
public class UserController {
@GetMapping("/user")
public MappingJacksonValue getUser() {
User user = new User("eric", "7!jd#h23");
MappingJacksonValue value = new MappingJacksonValue(user);
value.setSerializationView(User.WithoutPasswordView.class);
return value;
}
}
@RestController
class UserController {
@GetMapping("/user")
fun getUser(): MappingJacksonValue {
val value = MappingJacksonValue(User("eric", "7!jd#h23"))
value.serializationView = User.WithoutPasswordView::class.java
return value
}
}
For controllers that rely on view resolution, you can add the serialization view class to the model, as the following example shows:
@Controller
public class UserController extends AbstractController {
@GetMapping("/user")
public String getUser(Model model) {
model.addAttribute("user", new User("eric", "7!jd#h23"));
model.addAttribute(JsonView.class.getName(), User.WithoutPasswordView.class);
return "userView";
}
}
@Controller
class UserController : AbstractController() {
@GetMapping("/user")
fun getUser(model: Model): String {
model["user"] = User("eric", "7!jd#h23")
model[JsonView::class.qualifiedName] = User.WithoutPasswordView::class.java
return "userView"
}
}
You can use the @ModelAttribute
annotation:
-
On a method argument in
@RequestMapping
methods to create or access anObject
from the model and to bind it to the request through aWebDataBinder
. -
As a method-level annotation in
@Controller
or@ControllerAdvice
classes that help to initialize the model prior to any@RequestMapping
method invocation. -
On a
@RequestMapping
method to mark its return value is a model attribute.
This section discusses @ModelAttribute
methods — the second item in the preceding list.
A controller can have any number of @ModelAttribute
methods. All such methods are
invoked before @RequestMapping
methods in the same controller. A @ModelAttribute
method can also be shared across controllers through @ControllerAdvice
. See the section on
Controller Advice for more details.
@ModelAttribute
methods have flexible method signatures. They support many of the same
arguments as @RequestMapping
methods, except for @ModelAttribute
itself or anything
related to the request body.
The following example shows a @ModelAttribute
method:
@ModelAttribute
public void populateModel(@RequestParam String number, Model model) {
model.addAttribute(accountRepository.findAccount(number));
// add more ...
}
@ModelAttribute
fun populateModel(@RequestParam number: String, model: Model) {
model.addAttribute(accountRepository.findAccount(number))
// add more ...
}
The following example adds only one attribute:
@ModelAttribute
public Account addAccount(@RequestParam String number) {
return accountRepository.findAccount(number);
}
@ModelAttribute
fun addAccount(@RequestParam number: String): Account {
return accountRepository.findAccount(number)
}
Note
|
When a name is not explicitly specified, a default name is chosen based on the Object
type, as explained in the javadoc for {api-spring-framework}/core/Conventions.html[Conventions ].
You can always assign an explicit name by using the overloaded addAttribute method or
through the name attribute on @ModelAttribute (for a return value).
|
You can also use @ModelAttribute
as a method-level annotation on @RequestMapping
methods,
in which case the return value of the @RequestMapping
method is interpreted as a model
attribute. This is typically not required, as it is the default behavior in HTML controllers,
unless the return value is a String
that would otherwise be interpreted as a view name.
@ModelAttribute
can also customize the model attribute name, as the following example shows:
@GetMapping("/accounts/{id}")
@ModelAttribute("myAccount")
public Account handle() {
// ...
return account;
}
@GetMapping("/accounts/{id}")
@ModelAttribute("myAccount")
fun handle(): Account {
// ...
return account
}
@Controller
or @ControllerAdvice
classes can have @InitBinder
methods that
initialize instances of WebDataBinder
, and those, in turn, can:
-
Bind request parameters (that is, form or query data) to a model object.
-
Convert String-based request values (such as request parameters, path variables, headers, cookies, and others) to the target type of controller method arguments.
-
Format model object values as
String
values when rendering HTML forms.
@InitBinder
methods can register controller-specific java.beans.PropertyEditor
or
Spring Converter
and Formatter
components. In addition, you can use the
MVC config to register Converter
and Formatter
types in a globally shared FormattingConversionService
.
@InitBinder
methods support many of the same arguments that @RequestMapping
methods
do, except for @ModelAttribute
(command object) arguments. Typically, they are declared
with a WebDataBinder
argument (for registrations) and a void
return value.
The following listing shows an example:
@Controller
public class FormController {
@InitBinder // (1)
public void initBinder(WebDataBinder binder) {
SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd");
dateFormat.setLenient(false);
binder.registerCustomEditor(Date.class, new CustomDateEditor(dateFormat, false));
}
// ...
}
-
Defining an
@InitBinder
method.
@Controller
class FormController {
@InitBinder // (1)
fun initBinder(binder: WebDataBinder) {
val dateFormat = SimpleDateFormat("yyyy-MM-dd")
dateFormat.isLenient = false
binder.registerCustomEditor(Date::class.java, CustomDateEditor(dateFormat, false))
}
// ...
}
-
Defining an
@InitBinder
method.
Alternatively, when you use a Formatter
-based setup through a shared
FormattingConversionService
, you can re-use the same approach and register
controller-specific Formatter
implementations, as the following example shows:
@Controller
public class FormController {
@InitBinder // (1)
protected void initBinder(WebDataBinder binder) {
binder.addCustomFormatter(new DateFormatter("yyyy-MM-dd"));
}
// ...
}
-
Defining an
@InitBinder
method on a custom formatter.
@Controller
class FormController {
@InitBinder // (1)
protected fun initBinder(binder: WebDataBinder) {
binder.addCustomFormatter(DateFormatter("yyyy-MM-dd"))
}
// ...
}
-
Defining an
@InitBinder
method on a custom formatter.
@Controller
and @ControllerAdvice classes can have
@ExceptionHandler
methods to handle exceptions from controller methods, as the following example shows:
@Controller
public class SimpleController {
// ...
@ExceptionHandler
public ResponseEntity<String> handle(IOException ex) {
// ...
}
}
@Controller
class SimpleController {
// ...
@ExceptionHandler
fun handle(ex: IOException): ResponseEntity<String> {
// ...
}
}
The exception may match against a top-level exception being propagated (e.g. a direct
IOException
being thrown) or against a nested cause within a wrapper exception (e.g.
an IOException
wrapped inside an IllegalStateException
). As of 5.3, this can match
at arbitrary cause levels, whereas previously only an immediate cause was considered.
For matching exception types, preferably declare the target exception as a method argument,
as the preceding example shows. When multiple exception methods match, a root exception match is
generally preferred to a cause exception match. More specifically, the ExceptionDepthComparator
is used to sort exceptions based on their depth from the thrown exception type.
Alternatively, the annotation declaration may narrow the exception types to match, as the following example shows:
@ExceptionHandler({FileSystemException.class, RemoteException.class})
public ResponseEntity<String> handle(IOException ex) {
// ...
}
@ExceptionHandler(FileSystemException::class, RemoteException::class)
fun handle(ex: IOException): ResponseEntity<String> {
// ...
}
You can even use a list of specific exception types with a very generic argument signature, as the following example shows:
@ExceptionHandler({FileSystemException.class, RemoteException.class})
public ResponseEntity<String> handle(Exception ex) {
// ...
}
@ExceptionHandler(FileSystemException::class, RemoteException::class)
fun handle(ex: Exception): ResponseEntity<String> {
// ...
}
Note
|
The distinction between root and cause exception matching can be surprising. In the The behavior is even simpler in the |
We generally recommend that you be as specific as possible in the argument signature,
reducing the potential for mismatches between root and cause exception types.
Consider breaking a multi-matching method into individual @ExceptionHandler
methods, each matching a single specific exception type through its signature.
In a multi-@ControllerAdvice
arrangement, we recommend declaring your primary root exception
mappings on a @ControllerAdvice
prioritized with a corresponding order. While a root
exception match is preferred to a cause, this is defined among the methods of a given
controller or @ControllerAdvice
class. This means a cause match on a higher-priority
@ControllerAdvice
bean is preferred to any match (for example, root) on a lower-priority
@ControllerAdvice
bean.
Last but not least, an @ExceptionHandler
method implementation can choose to back
out of dealing with a given exception instance by rethrowing it in its original form.
This is useful in scenarios where you are interested only in root-level matches or in
matches within a specific context that cannot be statically determined. A rethrown
exception is propagated through the remaining resolution chain, as though
the given @ExceptionHandler
method would not have matched in the first place.
Support for @ExceptionHandler
methods in Spring MVC is built on the DispatcherServlet
level, HandlerExceptionResolver mechanism.
@ExceptionHandler
methods support the following arguments:
Method argument | Description |
---|---|
Exception type |
For access to the raised exception. |
|
For access to the controller method that raised the exception. |
|
Generic access to request parameters and request and session attributes without direct use of the Servlet API. |
|
Choose any specific request or response type (for example, |
|
Enforces the presence of a session. As a consequence, such an argument is never |
|
Currently authenticated user — possibly a specific |
|
The HTTP method of the request. |
|
The current request locale, determined by the most specific |
|
The time zone associated with the current request, as determined by a |
|
For access to the raw response body, as exposed by the Servlet API. |
|
For access to the model for an error response. Always empty. |
|
Specify attributes to use in case of a redirect — (that is to be appended to the query string) and flash attributes to be stored temporarily until the request after the redirect. See Redirect Attributes and Flash Attributes. |
|
For access to any session attribute, in contrast to model attributes stored in the
session as a result of a class-level |
|
For access to request attributes. See |
@ExceptionHandler
methods support the following return values:
Return value | Description |
---|---|
|
The return value is converted through |
|
The return value specifies that the full response (including the HTTP headers and the body)
be converted through |
|
To render an RFC 7807 error response with details in the body, see Error Responses |
|
To render an RFC 7807 error response with details in the body, see Error Responses |
|
A view name to be resolved with |
|
A |
|
Attributes to be added to the implicit model with the view name implicitly determined
through a |
|
An attribute to be added to the model with the view name implicitly determined through
a Note that |
|
The view and model attributes to use and, optionally, a response status. |
|
A method with a If none of the above is true, a |
Any other return value |
If a return value is not matched to any of the above and is not a simple type (as determined by {api-spring-framework}/beans/BeanUtils.html#isSimpleProperty-java.lang.Class-[BeanUtils#isSimpleProperty]), by default, it is treated as a model attribute to be added to the model. If it is a simple type, it remains unresolved. |
@ExceptionHandler
, @InitBinder
, and @ModelAttribute
methods apply only to the
@Controller
class, or class hierarchy, in which they are declared. If, instead, they
are declared in an @ControllerAdvice
or @RestControllerAdvice
class, then they apply
to any controller. Moreover, as of 5.3, @ExceptionHandler
methods in @ControllerAdvice
can be used to handle exceptions from any @Controller
or any other handler.
@ControllerAdvice
is meta-annotated with @Component
and therefore can be registered as
a Spring bean through component scanning. @RestControllerAdvice
is meta-annotated with @ControllerAdvice
and @ResponseBody
, and that means @ExceptionHandler
methods will have their return
value rendered via response body message conversion, rather than via HTML views.
On startup, RequestMappingHandlerMapping
and ExceptionHandlerExceptionResolver
detect
controller advice beans and apply them at runtime. Global @ExceptionHandler
methods,
from an @ControllerAdvice
, are applied after local ones, from the @Controller
.
By contrast, global @ModelAttribute
and @InitBinder
methods are applied before local ones.
The @ControllerAdvice
annotation has attributes that let you narrow the set of controllers
and handlers that they apply to. For example:
// Target all Controllers annotated with @RestController
@ControllerAdvice(annotations = RestController.class)
public class ExampleAdvice1 {}
// Target all Controllers within specific packages
@ControllerAdvice("org.example.controllers")
public class ExampleAdvice2 {}
// Target all Controllers assignable to specific classes
@ControllerAdvice(assignableTypes = {ControllerInterface.class, AbstractController.class})
public class ExampleAdvice3 {}
// Target all Controllers annotated with @RestController
@ControllerAdvice(annotations = [RestController::class])
class ExampleAdvice1
// Target all Controllers within specific packages
@ControllerAdvice("org.example.controllers")
class ExampleAdvice2
// Target all Controllers assignable to specific classes
@ControllerAdvice(assignableTypes = [ControllerInterface::class, AbstractController::class])
class ExampleAdvice3
The selectors in the preceding example are evaluated at runtime and may negatively impact
performance if used extensively. See the
{api-spring-framework}/web/bind/annotation/ControllerAdvice.html[@ControllerAdvice
]
javadoc for more details.
This section describes various options available in the Spring Framework to work with URI’s.
You can use ServletUriComponentsBuilder
to create URIs relative to the current request,
as the following example shows:
HttpServletRequest request = ...
// Re-uses scheme, host, port, path, and query string...
URI uri = ServletUriComponentsBuilder.fromRequest(request)
.replaceQueryParam("accountId", "{id}")
.build("123");
val request: HttpServletRequest = ...
// Re-uses scheme, host, port, path, and query string...
val uri = ServletUriComponentsBuilder.fromRequest(request)
.replaceQueryParam("accountId", "{id}")
.build("123")
You can create URIs relative to the context path, as the following example shows:
HttpServletRequest request = ...
// Re-uses scheme, host, port, and context path...
URI uri = ServletUriComponentsBuilder.fromContextPath(request)
.path("/accounts")
.build()
.toUri();
val request: HttpServletRequest = ...
// Re-uses scheme, host, port, and context path...
val uri = ServletUriComponentsBuilder.fromContextPath(request)
.path("/accounts")
.build()
.toUri()
You can create URIs relative to a Servlet (for example, /main/*
),
as the following example shows:
HttpServletRequest request = ...
// Re-uses scheme, host, port, context path, and Servlet mapping prefix...
URI uri = ServletUriComponentsBuilder.fromServletMapping(request)
.path("/accounts")
.build()
.toUri();
val request: HttpServletRequest = ...
// Re-uses scheme, host, port, context path, and Servlet mapping prefix...
val uri = ServletUriComponentsBuilder.fromServletMapping(request)
.path("/accounts")
.build()
.toUri()
Note
|
As of 5.1, ServletUriComponentsBuilder ignores information from the Forwarded and
X-Forwarded-* headers, which specify the client-originated address. Consider using the
ForwardedHeaderFilter to extract and use or to discard
such headers.
|
Spring MVC provides a mechanism to prepare links to controller methods. For example, the following MVC controller allows for link creation:
@Controller
@RequestMapping("/hotels/{hotel}")
public class BookingController {
@GetMapping("/bookings/{booking}")
public ModelAndView getBooking(@PathVariable Long booking) {
// ...
}
}
@Controller
@RequestMapping("/hotels/{hotel}")
class BookingController {
@GetMapping("/bookings/{booking}")
fun getBooking(@PathVariable booking: Long): ModelAndView {
// ...
}
}
You can prepare a link by referring to the method by name, as the following example shows:
UriComponents uriComponents = MvcUriComponentsBuilder
.fromMethodName(BookingController.class, "getBooking", 21).buildAndExpand(42);
URI uri = uriComponents.encode().toUri();
val uriComponents = MvcUriComponentsBuilder
.fromMethodName(BookingController::class.java, "getBooking", 21).buildAndExpand(42)
val uri = uriComponents.encode().toUri()
In the preceding example, we provide actual method argument values (in this case, the long value: 21
)
to be used as a path variable and inserted into the URL. Furthermore, we provide the
value, 42
, to fill in any remaining URI variables, such as the hotel
variable inherited
from the type-level request mapping. If the method had more arguments, we could supply null for
arguments not needed for the URL. In general, only @PathVariable
and @RequestParam
arguments
are relevant for constructing the URL.
There are additional ways to use MvcUriComponentsBuilder
. For example, you can use a technique
akin to mock testing through proxies to avoid referring to the controller method by name, as the following example shows
(the example assumes static import of MvcUriComponentsBuilder.on
):
UriComponents uriComponents = MvcUriComponentsBuilder
.fromMethodCall(on(BookingController.class).getBooking(21)).buildAndExpand(42);
URI uri = uriComponents.encode().toUri();
val uriComponents = MvcUriComponentsBuilder
.fromMethodCall(on(BookingController::class.java).getBooking(21)).buildAndExpand(42)
val uri = uriComponents.encode().toUri()
Note
|
Controller method signatures are limited in their design when they are supposed to be usable for
link creation with fromMethodCall . Aside from needing a proper parameter signature,
there is a technical limitation on the return type (namely, generating a runtime proxy
for link builder invocations), so the return type must not be final . In particular,
the common String return type for view names does not work here. You should use ModelAndView
or even plain Object (with a String return value) instead.
|
The earlier examples use static methods in MvcUriComponentsBuilder
. Internally, they rely
on ServletUriComponentsBuilder
to prepare a base URL from the scheme, host, port,
context path, and servlet path of the current request. This works well in most cases.
However, sometimes, it can be insufficient. For example, you may be outside the context of
a request (such as a batch process that prepares links) or perhaps you need to insert a path
prefix (such as a locale prefix that was removed from the request path and needs to be
re-inserted into links).
For such cases, you can use the static fromXxx
overloaded methods that accept a
UriComponentsBuilder
to use a base URL. Alternatively, you can create an instance of MvcUriComponentsBuilder
with a base URL and then use the instance-based withXxx
methods. For example, the
following listing uses withMethodCall
:
UriComponentsBuilder base = ServletUriComponentsBuilder.fromCurrentContextPath().path("/en");
MvcUriComponentsBuilder builder = MvcUriComponentsBuilder.relativeTo(base);
builder.withMethodCall(on(BookingController.class).getBooking(21)).buildAndExpand(42);
URI uri = uriComponents.encode().toUri();
val base = ServletUriComponentsBuilder.fromCurrentContextPath().path("/en")
val builder = MvcUriComponentsBuilder.relativeTo(base)
builder.withMethodCall(on(BookingController::class.java).getBooking(21)).buildAndExpand(42)
val uri = uriComponents.encode().toUri()
Note
|
As of 5.1, MvcUriComponentsBuilder ignores information from the Forwarded and
X-Forwarded-* headers, which specify the client-originated address. Consider using the
ForwardedHeaderFilter to extract and use or to discard
such headers.
|
In views such as Thymeleaf, FreeMarker, or JSP, you can build links to annotated controllers by referring to the implicitly or explicitly assigned name for each request mapping.
Consider the following example:
@RequestMapping("/people/{id}/addresses")
public class PersonAddressController {
@RequestMapping("/{country}")
public HttpEntity<PersonAddress> getAddress(@PathVariable String country) { ... }
}
@RequestMapping("/people/{id}/addresses")
class PersonAddressController {
@RequestMapping("/{country}")
fun getAddress(@PathVariable country: String): HttpEntity<PersonAddress> { ... }
}
Given the preceding controller, you can prepare a link from a JSP, as follows:
<%@ taglib uri="http://www.springframework.org/tags" prefix="s" %>
...
<a href="${s:mvcUrl('PAC#getAddress').arg(0,'US').buildAndExpand('123')}">Get Address</a>
The preceding example relies on the mvcUrl
function declared in the Spring tag library
(that is, META-INF/spring.tld), but it is easy to define your own function or prepare a
similar one for other templating technologies.
Here is how this works. On startup, every @RequestMapping
is assigned a default name
through HandlerMethodMappingNamingStrategy
, whose default implementation uses the
capital letters of the class and the method name (for example, the getThing
method in
ThingController
becomes "TC#getThing"). If there is a name clash, you can use
@RequestMapping(name="..")
to assign an explicit name or implement your own
HandlerMethodMappingNamingStrategy
.
Spring MVC has an extensive integration with Servlet asynchronous request processing:
-
DeferredResult
andCallable
return values in controller methods provide basic support for a single asynchronous return value. -
Controllers can stream multiple values, including SSE and raw data.
-
Controllers can use reactive clients and return reactive types for response handling.
For an overview of how this differs from Spring WebFlux, see the Async Spring MVC compared to WebFlux section below.
Once the asynchronous request processing feature is enabled
in the Servlet container, controller methods can wrap any supported controller method
return value with DeferredResult
, as the following example shows:
@GetMapping("/quotes")
@ResponseBody
public DeferredResult<String> quotes() {
DeferredResult<String> deferredResult = new DeferredResult<String>();
// Save the deferredResult somewhere..
return deferredResult;
}
// From some other thread...
deferredResult.setResult(result);
@GetMapping("/quotes")
@ResponseBody
fun quotes(): DeferredResult<String> {
val deferredResult = DeferredResult<String>()
// Save the deferredResult somewhere..
return deferredResult
}
// From some other thread...
deferredResult.setResult(result)
The controller can produce the return value asynchronously, from a different thread — for example, in response to an external event (JMS message), a scheduled task, or other event.
A controller can wrap any supported return value with java.util.concurrent.Callable
,
as the following example shows:
@PostMapping
public Callable<String> processUpload(final MultipartFile file) {
return () -> "someView";
}
@PostMapping
fun processUpload(file: MultipartFile) = Callable<String> {
// ...
"someView"
}
The return value can then be obtained by running the given task through the
configured TaskExecutor
.
Here is a very concise overview of Servlet asynchronous request processing:
-
A
ServletRequest
can be put in asynchronous mode by callingrequest.startAsync()
. The main effect of doing so is that the Servlet (as well as any filters) can exit, but the response remains open to let processing complete later. -
The call to
request.startAsync()
returnsAsyncContext
, which you can use for further control over asynchronous processing. For example, it provides thedispatch
method, which is similar to a forward from the Servlet API, except that it lets an application resume request processing on a Servlet container thread. -
The
ServletRequest
provides access to the currentDispatcherType
, which you can use to distinguish between processing the initial request, an asynchronous dispatch, a forward, and other dispatcher types.
DeferredResult
processing works as follows:
-
The controller returns a
DeferredResult
and saves it in some in-memory queue or list where it can be accessed. -
Spring MVC calls
request.startAsync()
. -
Meanwhile, the
DispatcherServlet
and all configured filters exit the request processing thread, but the response remains open. -
The application sets the
DeferredResult
from some thread, and Spring MVC dispatches the request back to the Servlet container. -
The
DispatcherServlet
is invoked again, and processing resumes with the asynchronously produced return value.
Callable
processing works as follows:
-
The controller returns a
Callable
. -
Spring MVC calls
request.startAsync()
and submits theCallable
to aTaskExecutor
for processing in a separate thread. -
Meanwhile, the
DispatcherServlet
and all filters exit the Servlet container thread, but the response remains open. -
Eventually the
Callable
produces a result, and Spring MVC dispatches the request back to the Servlet container to complete processing. -
The
DispatcherServlet
is invoked again, and processing resumes with the asynchronously produced return value from theCallable
.
For further background and context, you can also read the blog posts that introduced asynchronous request processing support in Spring MVC 3.2.
When you use a DeferredResult
, you can choose whether to call setResult
or
setErrorResult
with an exception. In both cases, Spring MVC dispatches the request back
to the Servlet container to complete processing. It is then treated either as if the
controller method returned the given value or as if it produced the given exception.
The exception then goes through the regular exception handling mechanism (for example, invoking
@ExceptionHandler
methods).
When you use Callable
, similar processing logic occurs, the main difference being that
the result is returned from the Callable
or an exception is raised by it.
HandlerInterceptor
instances can be of type AsyncHandlerInterceptor
, to receive the
afterConcurrentHandlingStarted
callback on the initial request that starts asynchronous
processing (instead of postHandle
and afterCompletion
).
HandlerInterceptor
implementations can also register a CallableProcessingInterceptor
or a DeferredResultProcessingInterceptor
, to integrate more deeply with the
lifecycle of an asynchronous request (for example, to handle a timeout event). See
{api-spring-framework}/web/servlet/AsyncHandlerInterceptor.html[AsyncHandlerInterceptor
]
for more details.
DeferredResult
provides onTimeout(Runnable)
and onCompletion(Runnable)
callbacks.
See the {api-spring-framework}/web/context/request/async/DeferredResult.html[javadoc of DeferredResult
]
for more details. Callable
can be substituted for WebAsyncTask
that exposes additional
methods for timeout and completion callbacks.
The Servlet API was originally built for making a single pass through the Filter-Servlet
chain. Asynchronous request processing lets applications exit the Filter-Servlet chain
but leave the response open for further processing. The Spring MVC asynchronous support
is built around that mechanism. When a controller returns a DeferredResult
, the
Filter-Servlet chain is exited, and the Servlet container thread is released. Later, when
the DeferredResult
is set, an ASYNC
dispatch (to the same URL) is made, during which the
controller is mapped again but, rather than invoking it, the DeferredResult
value is used
(as if the controller returned it) to resume processing.
By contrast, Spring WebFlux is neither built on the Servlet API, nor does it need such an asynchronous request processing feature, because it is asynchronous by design. Asynchronous handling is built into all framework contracts and is intrinsically supported through all stages of request processing.
From a programming model perspective, both Spring MVC and Spring WebFlux support asynchronous and Reactive Types as return values in controller methods. Spring MVC even supports streaming, including reactive back pressure. However, individual writes to the response remain blocking (and are performed on a separate thread), unlike WebFlux, which relies on non-blocking I/O and does not need an extra thread for each write.
Another fundamental difference is that Spring MVC does not support asynchronous or reactive
types in controller method arguments (for example, @RequestBody
, @RequestPart
, and others),
nor does it have any explicit support for asynchronous and reactive types as model attributes.
Spring WebFlux does support all that.
Finally, from a configuration perspective the asynchronous request processing feature must be enabled at the Servlet container level.
You can use DeferredResult
and Callable
for a single asynchronous return value.
What if you want to produce multiple asynchronous values and have those written to the
response? This section describes how to do so.
You can use the ResponseBodyEmitter
return value to produce a stream of objects, where
each object is serialized with an
HttpMessageConverter
and written to the
response, as the following example shows:
@GetMapping("/events")
public ResponseBodyEmitter handle() {
ResponseBodyEmitter emitter = new ResponseBodyEmitter();
// Save the emitter somewhere..
return emitter;
}
// In some other thread
emitter.send("Hello once");
// and again later on
emitter.send("Hello again");
// and done at some point
emitter.complete();
@GetMapping("/events")
fun handle() = ResponseBodyEmitter().apply {
// Save the emitter somewhere..
}
// In some other thread
emitter.send("Hello once")
// and again later on
emitter.send("Hello again")
// and done at some point
emitter.complete()
You can also use ResponseBodyEmitter
as the body in a ResponseEntity
, letting you
customize the status and headers of the response.
When an emitter
throws an IOException
(for example, if the remote client went away), applications
are not responsible for cleaning up the connection and should not invoke emitter.complete
or emitter.completeWithError
. Instead, the servlet container automatically initiates an
AsyncListener
error notification, in which Spring MVC makes a completeWithError
call.
This call, in turn, performs one final ASYNC
dispatch to the application, during which Spring MVC
invokes the configured exception resolvers and completes the request.
SseEmitter
(a subclass of ResponseBodyEmitter
) provides support for
Server-Sent Events, where events sent from the server
are formatted according to the W3C SSE specification. To produce an SSE
stream from a controller, return SseEmitter
, as the following example shows:
@GetMapping(path="/events", produces=MediaType.TEXT_EVENT_STREAM_VALUE)
public SseEmitter handle() {
SseEmitter emitter = new SseEmitter();
// Save the emitter somewhere..
return emitter;
}
// In some other thread
emitter.send("Hello once");
// and again later on
emitter.send("Hello again");
// and done at some point
emitter.complete();
@GetMapping("/events", produces = [MediaType.TEXT_EVENT_STREAM_VALUE])
fun handle() = SseEmitter().apply {
// Save the emitter somewhere..
}
// In some other thread
emitter.send("Hello once")
// and again later on
emitter.send("Hello again")
// and done at some point
emitter.complete()
While SSE is the main option for streaming into browsers, note that Internet Explorer does not support Server-Sent Events. Consider using Spring’s WebSocket messaging with SockJS fallback transports (including SSE) that target a wide range of browsers.
See also previous section for notes on exception handling.
Sometimes, it is useful to bypass message conversion and stream directly to the response
OutputStream
(for example, for a file download). You can use the StreamingResponseBody
return value type to do so, as the following example shows:
@GetMapping("/download")
public StreamingResponseBody handle() {
return new StreamingResponseBody() {
@Override
public void writeTo(OutputStream outputStream) throws IOException {
// write...
}
};
}
@GetMapping("/download")
fun handle() = StreamingResponseBody {
// write...
}
You can use StreamingResponseBody
as the body in a ResponseEntity
to
customize the status and headers of the response.
Spring MVC supports use of reactive client libraries in a controller (also read
Reactive Libraries in the WebFlux section).
This includes the WebClient
from spring-webflux
and others, such as Spring Data
reactive data repositories. In such scenarios, it is convenient to be able to return
reactive types from the controller method.
Reactive return values are handled as follows:
-
A single-value promise is adapted to, similar to using
DeferredResult
. Examples includeMono
(Reactor) orSingle
(RxJava). -
A multi-value stream with a streaming media type (such as
application/x-ndjson
ortext/event-stream
) is adapted to, similar to usingResponseBodyEmitter
orSseEmitter
. Examples includeFlux
(Reactor) orObservable
(RxJava). Applications can also returnFlux<ServerSentEvent>
orObservable<ServerSentEvent>
. -
A multi-value stream with any other media type (such as
application/json
) is adapted to, similar to usingDeferredResult<List<?>>
.
Tip
|
Spring MVC supports Reactor and RxJava through the
{api-spring-framework}/core/ReactiveAdapterRegistry.html[ReactiveAdapterRegistry ] from
spring-core , which lets it adapt from multiple reactive libraries.
|
For streaming to the response, reactive back pressure is supported, but writes to the
response are still blocking and are run on a separate thread through the
configured TaskExecutor
, to avoid
blocking the upstream source (such as a Flux
returned from WebClient
).
By default, SimpleAsyncTaskExecutor
is used for the blocking writes, but that is not
suitable under load. If you plan to stream with a reactive type, you should use the
MVC configuration to configure a task executor.
It is common to propagate context via java.lang.ThreadLocal
. This works transparently
for handling on the same thread, but requires additional work for asynchronous handling
across multiple threads. The Micrometer
Context Propagation
library simplifies context propagation across threads, and across context mechanisms such
as ThreadLocal
values,
Reactor context,
GraphQL Java context,
and others.
If Micrometer Context Propagation is present on the classpath, when a controller method
returns a reactive type such as Flux
or Mono
, all
ThreadLocal
values, for which there is a registered io.micrometer.ThreadLocalAccessor
,
are written to the Reactor Context
as key-value pairs, using the key assigned by the
ThreadLocalAccessor
.
For other asynchronous handling scenarios, you can use the Context Propagation library directly. For example:
// Capture ThreadLocal values from the main thread ...
ContextSnapshot snapshot = ContextSnapshot.captureAll();
// On a different thread: restore ThreadLocal values
try (ContextSnapshot.Scope scoped = snapshot.setThreadLocals()) {
// ...
}
For more details, see the documentation of the Micrometer Context Propagation library.
The Servlet API does not provide any notification when a remote client goes away. Therefore, while streaming to the response, whether through SseEmitter or reactive types, it is important to send data periodically, since the write fails if the client has disconnected. The send could take the form of an empty (comment-only) SSE event or any other data that the other side would have to interpret as a heartbeat and ignore.
Alternatively, consider using web messaging solutions (such as STOMP over WebSocket or WebSocket with SockJS) that have a built-in heartbeat mechanism.
The asynchronous request processing feature must be enabled at the Servlet container level. The MVC configuration also exposes several options for asynchronous requests.
Filter and Servlet declarations have an asyncSupported
flag that needs to be set to true
to enable asynchronous request processing. In addition, Filter mappings should be
declared to handle the ASYNC
jakarta.servlet.DispatchType
.
In Java configuration, when you use AbstractAnnotationConfigDispatcherServletInitializer
to initialize the Servlet container, this is done automatically.
In web.xml
configuration, you can add <async-supported>true</async-supported>
to the
DispatcherServlet
and to Filter
declarations and add
<dispatcher>ASYNC</dispatcher>
to filter mappings.
The MVC configuration exposes the following options related to asynchronous request processing:
-
Java configuration: Use the
configureAsyncSupport
callback onWebMvcConfigurer
. -
XML namespace: Use the
<async-support>
element under<mvc:annotation-driven>
.
You can configure the following:
-
Default timeout value for async requests, which if not set, depends on the underlying Servlet container.
-
AsyncTaskExecutor
to use for blocking writes when streaming with Reactive Types and for executingCallable
instances returned from controller methods. We highly recommended configuring this property if you stream with reactive types or have controller methods that returnCallable
, since by default, it is aSimpleAsyncTaskExecutor
. -
DeferredResultProcessingInterceptor
implementations andCallableProcessingInterceptor
implementations.
Note that you can also set the default timeout value on a DeferredResult
,
a ResponseBodyEmitter
, and an SseEmitter
. For a Callable
, you can use
WebAsyncTask
to provide a timeout value.
A common requirement for REST services is to include details in the body of error responses. The Spring Framework supports the "Problem Details for HTTP APIs" specification, RFC 7807.
The following are the main abstractions for this support:
-
ProblemDetail
— representation for an RFC 7807 problem detail; a simple container for both standard fields defined in the spec, and for non-standard ones. -
ErrorResponse
— contract to expose HTTP error response details including HTTP status, response headers, and a body in the format of RFC 7807; this allows exceptions to encapsulate and expose the details of how they map to an HTTP response. All Spring MVC exceptions implement this. -
ErrorResponseException
— basicErrorResponse
implementation that others can use as a convenient base class. -
ResponseEntityExceptionHandler
— convenient base class for an @ControllerAdvice that handles all Spring MVC exceptions, and anyErrorResponseException
, and renders an error response with a body.
You can return ProblemDetail
or ErrorResponse
from any @ExceptionHandler
or from
any @RequestMapping
method to render an RFC 7807 response. This is processed as follows:
-
The
status
property ofProblemDetail
determines the HTTP status. -
The
instance
property ofProblemDetail
is set from the current URL path, if not already set. -
For content negotiation, the Jackson
HttpMessageConverter
prefers "application/problem+json" over "application/json" when rendering aProblemDetail
, and also falls back on it if no compatible media type is found.
To enable RFC 7807 responses for Spring WebFlux exceptions and for any
ErrorResponseException
, extend ResponseEntityExceptionHandler
and declare it as an
@ControllerAdvice in Spring configuration. The handler
has an @ExceptionHandler
method that handles any ErrorResponse
exception, which
includes all built-in web exceptions. You can add more exception handling methods, and
use a protected method to map any exception to a ProblemDetail
.
You can extend an RFC 7807 response with non-standard fields in one of two ways.
One, insert into the "properties" Map
of ProblemDetail
. When using the Jackson
library, the Spring Framework registers ProblemDetailJacksonMixin
that ensures this
"properties" Map
is unwrapped and rendered as top level JSON properties in the
response, and likewise any unknown property during deserialization is inserted into
this Map
.
You can also extend ProblemDetail
to add dedicated non-standard properties.
The copy constructor in ProblemDetail
allows a subclass to make it easy to be created
from an existing ProblemDetail
. This could be done centrally, e.g. from an
@ControllerAdvice
such as ResponseEntityExceptionHandler
that re-creates the
ProblemDetail
of an exception into a subclass with the additional non-standard fields.
It is a common requirement to internationalize error response details, and good practice to customize the problem details for Spring MVC exceptions. This is supported as follows:
-
Each
ErrorResponse
exposes a message code and arguments to resolve the "detail" field through a MessageSource. The actual message code value is parameterized with placeholders, e.g."HTTP method {0} not supported"
to be expanded from the arguments. -
Each
ErrorResponse
also exposes a message code to resolve the "title" field. -
ResponseEntityExceptionHandler
uses the message code and arguments to resolve the "detail" and the "title" fields.
By default, the message code for the "detail" field is "problemDetail." + the fully qualified exception class name. Some exceptions may expose additional message codes in which case a suffix is added to the default message code. The table below lists message arguments and codes for Spring MVC exceptions:
Exception | Message Code | Message Code Arguments |
---|---|---|
|
(default) |
|
|
(default) |
|
|
(default) |
|
|
(default) + ".parseError" |
|
|
(default) |
|
|
(default) + ".parseError" |
|
|
(default) |
|
|
(default) |
|
|
(default) |
|
|
(default) |
|
|
(default) |
|
|
(default) |
|
|
(default) |
|
|
(default) |
|
|
(default) |
|
|
(default) |
|
|
(default) |
|
|
(default) |
|
|
(default) |
|
By default, the message code for the "title" field is "problemDetail.title." + the fully qualified exception class name.
A client application can catch WebClientResponseException
, when using the WebClient
,
or RestClientResponseException
when using the RestTemplate
, and use their
getResponseBodyAs
methods to decode the error response body to any target type such as
ProblemDetail
, or a subclass of ProblemDetail
.
The Spring Security project provides support for protecting web applications from malicious exploits. See the Spring Security reference documentation, including:
-
{docs-spring-security}/servlet/integrations/mvc.html[Spring MVC Security]
-
{docs-spring-security}/servlet/test/mockmvc/setup.html[Spring MVC Test Support]
-
{docs-spring-security}/features/exploits/csrf.html#csrf-protection[CSRF protection]
-
{docs-spring-security}/features/exploits/headers.html[Security Response Headers]
HDIV is another web security framework that integrates with Spring MVC.
HTTP caching can significantly improve the performance of a web application. HTTP caching
revolves around the Cache-Control
response header and, subsequently, conditional request
headers (such as Last-Modified
and ETag
). Cache-Control
advises private (for example, browser)
and public (for example, proxy) caches on how to cache and re-use responses. An ETag
header is used
to make a conditional request that may result in a 304 (NOT_MODIFIED) without a body,
if the content has not changed. ETag
can be seen as a more sophisticated successor to
the Last-Modified
header.
This section describes the HTTP caching-related options that are available in Spring Web MVC.
{api-spring-framework}/http/CacheControl.html[CacheControl
] provides support for
configuring settings related to the Cache-Control
header and is accepted as an argument
in a number of places:
-
{api-spring-framework}/web/servlet/mvc/WebContentInterceptor.html[
WebContentInterceptor
] -
{api-spring-framework}/web/servlet/support/WebContentGenerator.html[
WebContentGenerator
]
While RFC 7234 describes all possible
directives for the Cache-Control
response header, the CacheControl
type takes a
use case-oriented approach that focuses on the common scenarios:
// Cache for an hour - "Cache-Control: max-age=3600"
CacheControl ccCacheOneHour = CacheControl.maxAge(1, TimeUnit.HOURS);
// Prevent caching - "Cache-Control: no-store"
CacheControl ccNoStore = CacheControl.noStore();
// Cache for ten days in public and private caches,
// public caches should not transform the response
// "Cache-Control: max-age=864000, public, no-transform"
CacheControl ccCustom = CacheControl.maxAge(10, TimeUnit.DAYS).noTransform().cachePublic();
// Cache for an hour - "Cache-Control: max-age=3600"
val ccCacheOneHour = CacheControl.maxAge(1, TimeUnit.HOURS)
// Prevent caching - "Cache-Control: no-store"
val ccNoStore = CacheControl.noStore()
// Cache for ten days in public and private caches,
// public caches should not transform the response
// "Cache-Control: max-age=864000, public, no-transform"
val ccCustom = CacheControl.maxAge(10, TimeUnit.DAYS).noTransform().cachePublic()
WebContentGenerator
also accepts a simpler cachePeriod
property (defined in seconds) that
works as follows:
-
A
-1
value does not generate aCache-Control
response header. -
A
0
value prevents caching by using the'Cache-Control: no-store'
directive. -
An
n > 0
value caches the given response forn
seconds by using the'Cache-Control: max-age=n'
directive.
Controllers can add explicit support for HTTP caching. We recommended doing so, since the
lastModified
or ETag
value for a resource needs to be calculated before it can be compared
against conditional request headers. A controller can add an ETag
header and Cache-Control
settings to a ResponseEntity
, as the following example shows:
@GetMapping("/book/{id}")
public ResponseEntity<Book> showBook(@PathVariable Long id) {
Book book = findBook(id);
String version = book.getVersion();
return ResponseEntity
.ok()
.cacheControl(CacheControl.maxAge(30, TimeUnit.DAYS))
.eTag(version) // lastModified is also available
.body(book);
}
@GetMapping("/book/{id}")
fun showBook(@PathVariable id: Long): ResponseEntity<Book> {
val book = findBook(id);
val version = book.getVersion()
return ResponseEntity
.ok()
.cacheControl(CacheControl.maxAge(30, TimeUnit.DAYS))
.eTag(version) // lastModified is also available
.body(book)
}
The preceding example sends a 304 (NOT_MODIFIED) response with an empty body if the comparison
to the conditional request headers indicates that the content has not changed. Otherwise, the
ETag
and Cache-Control
headers are added to the response.
You can also make the check against conditional request headers in the controller, as the following example shows:
@RequestMapping
public String myHandleMethod(WebRequest request, Model model) {
long eTag = ... // (1)
if (request.checkNotModified(eTag)) {
return null; // (2)
}
model.addAttribute(...); // (3)
return "myViewName";
}
-
Application-specific calculation.
-
The response has been set to 304 (NOT_MODIFIED) — no further processing.
-
Continue with the request processing.
@RequestMapping
fun myHandleMethod(request: WebRequest, model: Model): String? {
val eTag: Long = ... // (1)
if (request.checkNotModified(eTag)) {
return null // (2)
}
model[...] = ... // (3)
return "myViewName"
}
-
Application-specific calculation.
-
The response has been set to 304 (NOT_MODIFIED) — no further processing.
-
Continue with the request processing.
There are three variants for checking conditional requests against eTag
values, lastModified
values, or both. For conditional GET
and HEAD
requests, you can set the response to
304 (NOT_MODIFIED). For conditional POST
, PUT
, and DELETE
, you can instead set the response
to 412 (PRECONDITION_FAILED), to prevent concurrent modification.
You should serve static resources with a Cache-Control
and conditional response headers
for optimal performance. See the section on configuring Static Resources.
You can use the ShallowEtagHeaderFilter
to add “shallow” eTag
values that are computed from the
response content and, thus, save bandwidth but not CPU time. See Shallow ETag.
The MVC Java configuration and the MVC XML namespace provide default configuration suitable for most applications and a configuration API to customize it.
For more advanced customizations, which are not available in the configuration API, see Advanced Java Config and Advanced XML Config.
You do not need to understand the underlying beans created by the MVC Java configuration and the MVC namespace. If you want to learn more, see Special Bean Types and Web MVC Config.
In Java configuration, you can use the @EnableWebMvc
annotation to enable MVC
configuration, as the following example shows:
@Configuration
@EnableWebMvc
public class WebConfig {
}
@Configuration
@EnableWebMvc
class WebConfig
In XML configuration, you can use the <mvc:annotation-driven>
element to enable MVC
configuration, as the following example shows:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
https://www.springframework.org/schema/mvc/spring-mvc.xsd">
<mvc:annotation-driven/>
</beans>
The preceding example registers a number of Spring MVC infrastructure beans and adapts to dependencies available on the classpath (for example, payload converters for JSON, XML, and others).
In Java configuration, you can implement the WebMvcConfigurer
interface, as the
following example shows:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
// Implement configuration methods...
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
// Implement configuration methods...
}
In XML, you can check attributes and sub-elements of <mvc:annotation-driven/>
. You can
view the Spring MVC XML schema or use
the code completion feature of your IDE to discover what attributes and
sub-elements are available.
By default, formatters for various number and date types are installed, along with support
for customization via @NumberFormat
and @DateTimeFormat
on fields.
To register custom formatters and converters in Java config, use the following:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addFormatters(FormatterRegistry registry) {
// ...
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun addFormatters(registry: FormatterRegistry) {
// ...
}
}
To do the same in XML config, use the following:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
https://www.springframework.org/schema/mvc/spring-mvc.xsd">
<mvc:annotation-driven conversion-service="conversionService"/>
<bean id="conversionService"
class="org.springframework.format.support.FormattingConversionServiceFactoryBean">
<property name="converters">
<set>
<bean class="org.example.MyConverter"/>
</set>
</property>
<property name="formatters">
<set>
<bean class="org.example.MyFormatter"/>
<bean class="org.example.MyAnnotationFormatterFactory"/>
</set>
</property>
<property name="formatterRegistrars">
<set>
<bean class="org.example.MyFormatterRegistrar"/>
</set>
</property>
</bean>
</beans>
By default Spring MVC considers the request Locale when parsing and formatting date values. This works for forms where dates are represented as Strings with "input" form fields. For "date" and "time" form fields, however, browsers use a fixed format defined in the HTML spec. For such cases date and time formatting can be customized as follows:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addFormatters(FormatterRegistry registry) {
DateTimeFormatterRegistrar registrar = new DateTimeFormatterRegistrar();
registrar.setUseIsoFormat(true);
registrar.registerFormatters(registry);
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun addFormatters(registry: FormatterRegistry) {
val registrar = DateTimeFormatterRegistrar()
registrar.setUseIsoFormat(true)
registrar.registerFormatters(registry)
}
}
Note
|
See the FormatterRegistrar SPI
and the FormattingConversionServiceFactoryBean for more information on when to use
FormatterRegistrar implementations.
|
By default, if Bean Validation is present
on the classpath (for example, Hibernate Validator), the LocalValidatorFactoryBean
is
registered as a global Validator for use with @Valid
and
Validated
on controller method arguments.
In Java configuration, you can customize the global Validator
instance, as the
following example shows:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public Validator getValidator() {
// ...
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun getValidator(): Validator {
// ...
}
}
The following example shows how to achieve the same configuration in XML:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
https://www.springframework.org/schema/mvc/spring-mvc.xsd">
<mvc:annotation-driven validator="globalValidator"/>
</beans>
Note that you can also register Validator
implementations locally, as the following
example shows:
@Controller
public class MyController {
@InitBinder
protected void initBinder(WebDataBinder binder) {
binder.addValidators(new FooValidator());
}
}
@Controller
class MyController {
@InitBinder
protected fun initBinder(binder: WebDataBinder) {
binder.addValidators(FooValidator())
}
}
Tip
|
If you need to have a LocalValidatorFactoryBean injected somewhere, create a bean and
mark it with @Primary in order to avoid conflict with the one declared in the MVC configuration.
|
In Java configuration, you can register interceptors to apply to incoming requests, as the following example shows:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LocaleChangeInterceptor());
registry.addInterceptor(new ThemeChangeInterceptor()).addPathPatterns("/**").excludePathPatterns("/admin/**");
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun addInterceptors(registry: InterceptorRegistry) {
registry.addInterceptor(LocaleChangeInterceptor())
registry.addInterceptor(ThemeChangeInterceptor()).addPathPatterns("/**").excludePathPatterns("/admin/**")
}
}
The following example shows how to achieve the same configuration in XML:
<mvc:interceptors>
<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"/>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<mvc:exclude-mapping path="/admin/**"/>
<bean class="org.springframework.web.servlet.theme.ThemeChangeInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
Note
|
Mapped interceptors are not ideally suited as a security layer due to the potential for a mismatch with annotated controller path matching, which can also match trailing slashes and path extensions transparently, along with other path matching options. Many of these options have been deprecated but the potential for a mismatch remains. Generally, we recommend using Spring Security which includes a dedicated MvcRequestMatcher to align with Spring MVC path matching and also has a security firewall that blocks many unwanted characters in URL paths. |
You can configure how Spring MVC determines the requested media types from the request
(for example, Accept
header, URL path extension, query parameter, and others).
By default, only the Accept
header is checked.
If you must use URL-based content type resolution, consider using the query parameter strategy over path extensions. See Suffix Match and Suffix Match and RFD for more details.
In Java configuration, you can customize requested content type resolution, as the following example shows:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void configureContentNegotiation(ContentNegotiationConfigurer configurer) {
configurer.mediaType("json", MediaType.APPLICATION_JSON);
configurer.mediaType("xml", MediaType.APPLICATION_XML);
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun configureContentNegotiation(configurer: ContentNegotiationConfigurer) {
configurer.mediaType("json", MediaType.APPLICATION_JSON)
configurer.mediaType("xml", MediaType.APPLICATION_XML)
}
}
The following example shows how to achieve the same configuration in XML:
<mvc:annotation-driven content-negotiation-manager="contentNegotiationManager"/>
<bean id="contentNegotiationManager" class="org.springframework.web.accept.ContentNegotiationManagerFactoryBean">
<property name="mediaTypes">
<value>
json=application/json
xml=application/xml
</value>
</property>
</bean>
You can customize HttpMessageConverter
in Java configuration by overriding
{api-spring-framework}/web/servlet/config/annotation/WebMvcConfigurer.html#configureMessageConverters-java.util.List-[configureMessageConverters()
]
(to replace the default converters created by Spring MVC) or by overriding
{api-spring-framework}/web/servlet/config/annotation/WebMvcConfigurer.html#extendMessageConverters-java.util.List-[extendMessageConverters()
]
(to customize the default converters or add additional converters to the default ones).
The following example adds XML and Jackson JSON converters with a customized
ObjectMapper
instead of the default ones:
@Configuration
@EnableWebMvc
public class WebConfiguration implements WebMvcConfigurer {
@Override
public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
Jackson2ObjectMapperBuilder builder = new Jackson2ObjectMapperBuilder()
.indentOutput(true)
.dateFormat(new SimpleDateFormat("yyyy-MM-dd"))
.modulesToInstall(new ParameterNamesModule());
converters.add(new MappingJackson2HttpMessageConverter(builder.build()));
converters.add(new MappingJackson2XmlHttpMessageConverter(builder.createXmlMapper(true).build()));
}
}
@Configuration
@EnableWebMvc
class WebConfiguration : WebMvcConfigurer {
override fun configureMessageConverters(converters: MutableList<HttpMessageConverter<*>>) {
val builder = Jackson2ObjectMapperBuilder()
.indentOutput(true)
.dateFormat(SimpleDateFormat("yyyy-MM-dd"))
.modulesToInstall(ParameterNamesModule())
converters.add(MappingJackson2HttpMessageConverter(builder.build()))
converters.add(MappingJackson2XmlHttpMessageConverter(builder.createXmlMapper(true).build()))
In the preceding example,
{api-spring-framework}/http/converter/json/Jackson2ObjectMapperBuilder.html[Jackson2ObjectMapperBuilder
]
is used to create a common configuration for both MappingJackson2HttpMessageConverter
and
MappingJackson2XmlHttpMessageConverter
with indentation enabled, a customized date format,
and the registration of
jackson-module-parameter-names
,
Which adds support for accessing parameter names (a feature added in Java 8).
This builder customizes Jackson’s default properties as follows:
-
DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES
is disabled. -
MapperFeature.DEFAULT_VIEW_INCLUSION
is disabled.
It also automatically registers the following well-known modules if they are detected on the classpath:
-
jackson-datatype-joda: Support for Joda-Time types.
-
jackson-datatype-jsr310: Support for Java 8 Date and Time API types.
-
jackson-datatype-jdk8: Support for other Java 8 types, such as
Optional
. -
jackson-module-kotlin
: Support for Kotlin classes and data classes.
Note
|
Enabling indentation with Jackson XML support requires
woodstox-core-asl
dependency in addition to jackson-dataformat-xml one.
|
Other interesting Jackson modules are available:
-
jackson-datatype-money: Support for
javax.money
types (unofficial module). -
jackson-datatype-hibernate: Support for Hibernate-specific types and properties (including lazy-loading aspects).
The following example shows how to achieve the same configuration in XML:
<mvc:annotation-driven>
<mvc:message-converters>
<bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
<property name="objectMapper" ref="objectMapper"/>
</bean>
<bean class="org.springframework.http.converter.xml.MappingJackson2XmlHttpMessageConverter">
<property name="objectMapper" ref="xmlMapper"/>
</bean>
</mvc:message-converters>
</mvc:annotation-driven>
<bean id="objectMapper" class="org.springframework.http.converter.json.Jackson2ObjectMapperFactoryBean"
p:indentOutput="true"
p:simpleDateFormat="yyyy-MM-dd"
p:modulesToInstall="com.fasterxml.jackson.module.paramnames.ParameterNamesModule"/>
<bean id="xmlMapper" parent="objectMapper" p:createXmlMapper="true"/>
This is a shortcut for defining a ParameterizableViewController
that immediately
forwards to a view when invoked. You can use it in static cases when there is no Java controller
logic to run before the view generates the response.
The following example of Java configuration forwards a request for /
to a view called home
:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("home");
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun addViewControllers(registry: ViewControllerRegistry) {
registry.addViewController("/").setViewName("home")
}
}
The following example achieves the same thing as the preceding example, but with XML, by
using the <mvc:view-controller>
element:
<mvc:view-controller path="/" view-name="home"/>
If an @RequestMapping
method is mapped to a URL for any HTTP method then a view
controller cannot be used to handle the same URL. This is because a match by URL to an
annotated controller is considered a strong enough indication of endpoint ownership so
that a 405 (METHOD_NOT_ALLOWED), a 415 (UNSUPPORTED_MEDIA_TYPE), or similar response can
be sent to the client to help with debugging. For this reason it is recommended to avoid
splitting URL handling across an annotated controller and a view controller.
The MVC configuration simplifies the registration of view resolvers.
The following Java configuration example configures content negotiation view
resolution by using JSP and Jackson as a default View
for JSON rendering:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void configureViewResolvers(ViewResolverRegistry registry) {
registry.enableContentNegotiation(new MappingJackson2JsonView());
registry.jsp();
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun configureViewResolvers(registry: ViewResolverRegistry) {
registry.enableContentNegotiation(MappingJackson2JsonView())
registry.jsp()
}
}
The following example shows how to achieve the same configuration in XML:
<mvc:view-resolvers>
<mvc:content-negotiation>
<mvc:default-views>
<bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView"/>
</mvc:default-views>
</mvc:content-negotiation>
<mvc:jsp/>
</mvc:view-resolvers>
Note, however, that FreeMarker, Tiles, Groovy Markup, and script templates also require configuration of the underlying view technology.
The MVC namespace provides dedicated elements. The following example works with FreeMarker:
<mvc:view-resolvers>
<mvc:content-negotiation>
<mvc:default-views>
<bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView"/>
</mvc:default-views>
</mvc:content-negotiation>
<mvc:freemarker cache="false"/>
</mvc:view-resolvers>
<mvc:freemarker-configurer>
<mvc:template-loader-path location="/freemarker"/>
</mvc:freemarker-configurer>
In Java configuration, you can add the respective Configurer
bean,
as the following example shows:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void configureViewResolvers(ViewResolverRegistry registry) {
registry.enableContentNegotiation(new MappingJackson2JsonView());
registry.freeMarker().cache(false);
}
@Bean
public FreeMarkerConfigurer freeMarkerConfigurer() {
FreeMarkerConfigurer configurer = new FreeMarkerConfigurer();
configurer.setTemplateLoaderPath("/freemarker");
return configurer;
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun configureViewResolvers(registry: ViewResolverRegistry) {
registry.enableContentNegotiation(MappingJackson2JsonView())
registry.freeMarker().cache(false)
}
@Bean
fun freeMarkerConfigurer() = FreeMarkerConfigurer().apply {
setTemplateLoaderPath("/freemarker")
}
}
This option provides a convenient way to serve static resources from a list of
{api-spring-framework}/core/io/Resource.html[Resource
]-based locations.
In the next example, given a request that starts with /resources
, the relative path is
used to find and serve static resources relative to /public
under the web application
root or on the classpath under /static
. The resources are served with a one-year future
expiration to ensure maximum use of the browser cache and a reduction in HTTP requests
made by the browser. The Last-Modified
information is deduced from Resource#lastModified
so that HTTP conditional requests are supported with "Last-Modified"
headers.
The following listing shows how to do so with Java configuration:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**")
.addResourceLocations("/public", "classpath:/static/")
.setCacheControl(CacheControl.maxAge(Duration.ofDays(365)));
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun addResourceHandlers(registry: ResourceHandlerRegistry) {
registry.addResourceHandler("/resources/**")
.addResourceLocations("/public", "classpath:/static/")
.setCacheControl(CacheControl.maxAge(Duration.ofDays(365)))
}
}
The following example shows how to achieve the same configuration in XML:
<mvc:resources mapping="/resources/**"
location="/public, classpath:/static/"
cache-period="31556926" />
The resource handler also supports a chain of
{api-spring-framework}/web/servlet/resource/ResourceResolver.html[ResourceResolver
] implementations and
{api-spring-framework}/web/servlet/resource/ResourceTransformer.html[ResourceTransformer
] implementations,
which you can use to create a toolchain for working with optimized resources.
You can use the VersionResourceResolver
for versioned resource URLs based on an MD5 hash
computed from the content, a fixed application version, or other. A
ContentVersionStrategy
(MD5 hash) is a good choice — with some notable exceptions, such as
JavaScript resources used with a module loader.
The following example shows how to use VersionResourceResolver
in Java configuration:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**")
.addResourceLocations("/public/")
.resourceChain(true)
.addResolver(new VersionResourceResolver().addContentVersionStrategy("/**"));
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun addResourceHandlers(registry: ResourceHandlerRegistry) {
registry.addResourceHandler("/resources/**")
.addResourceLocations("/public/")
.resourceChain(true)
.addResolver(VersionResourceResolver().addContentVersionStrategy("/**"))
}
}
The following example shows how to achieve the same configuration in XML:
<mvc:resources mapping="/resources/**" location="/public/">
<mvc:resource-chain resource-cache="true">
<mvc:resolvers>
<mvc:version-resolver>
<mvc:content-version-strategy patterns="/**"/>
</mvc:version-resolver>
</mvc:resolvers>
</mvc:resource-chain>
</mvc:resources>
You can then use ResourceUrlProvider
to rewrite URLs and apply the full chain of resolvers and
transformers — for example, to insert versions. The MVC configuration provides a ResourceUrlProvider
bean so that it can be injected into others. You can also make the rewrite transparent with the
ResourceUrlEncodingFilter
for Thymeleaf, JSPs, FreeMarker, and others with URL tags that
rely on HttpServletResponse#encodeURL
.
Note that, when using both EncodedResourceResolver
(for example, for serving gzipped or
brotli-encoded resources) and VersionResourceResolver
, you must register them in this order.
That ensures content-based versions are always computed reliably, based on the unencoded file.
For WebJars, versioned URLs like
/webjars/jquery/1.2.0/jquery.min.js
are the recommended and most efficient way to use them.
The related resource location is configured out of the box with Spring Boot (or can be configured
manually via ResourceHandlerRegistry
) and does not require to add the
org.webjars:webjars-locator-core
dependency.
Version-less URLs like /webjars/jquery/jquery.min.js
are supported through the
WebJarsResourceResolver
which is automatically registered when the
org.webjars:webjars-locator-core
library is present on the classpath, at the cost of a
classpath scanning that could slow down application startup. The resolver can re-write URLs to
include the version of the jar and can also match against incoming URLs without versions — for example, from /webjars/jquery/jquery.min.js
to /webjars/jquery/1.2.0/jquery.min.js
.
Tip
|
The Java configuration based on ResourceHandlerRegistry provides further options
for fine-grained control, e.g. last-modified behavior and optimized resource resolution.
|
Spring MVC allows for mapping the DispatcherServlet
to /
(thus overriding the mapping
of the container’s default Servlet), while still allowing static resource requests to be
handled by the container’s default Servlet. It configures a
DefaultServletHttpRequestHandler
with a URL mapping of /**
and the lowest priority
relative to other URL mappings.
This handler forwards all requests to the default Servlet. Therefore, it must
remain last in the order of all other URL HandlerMappings
. That is the
case if you use <mvc:annotation-driven>
. Alternatively, if you set up your
own customized HandlerMapping
instance, be sure to set its order
property to a value
lower than that of the DefaultServletHttpRequestHandler
, which is Integer.MAX_VALUE
.
The following example shows how to enable the feature by using the default setup:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun configureDefaultServletHandling(configurer: DefaultServletHandlerConfigurer) {
configurer.enable()
}
}
The following example shows how to achieve the same configuration in XML:
<mvc:default-servlet-handler/>
The caveat to overriding the /
Servlet mapping is that the RequestDispatcher
for the
default Servlet must be retrieved by name rather than by path. The
DefaultServletHttpRequestHandler
tries to auto-detect the default Servlet for
the container at startup time, using a list of known names for most of the major Servlet
containers (including Tomcat, Jetty, GlassFish, JBoss, Resin, WebLogic, and WebSphere).
If the default Servlet has been custom-configured with a different name, or if a
different Servlet container is being used where the default Servlet name is unknown,
then you must explicitly provide the default Servlet’s name, as the following example shows:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable("myCustomDefaultServlet");
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun configureDefaultServletHandling(configurer: DefaultServletHandlerConfigurer) {
configurer.enable("myCustomDefaultServlet")
}
}
The following example shows how to achieve the same configuration in XML:
<mvc:default-servlet-handler default-servlet-name="myCustomDefaultServlet"/>
You can customize options related to path matching and treatment of the URL.
For details on the individual options, see the
{api-spring-framework}/web/servlet/config/annotation/PathMatchConfigurer.html[PathMatchConfigurer
] javadoc.
The following example shows how to customize path matching in Java configuration:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void configurePathMatch(PathMatchConfigurer configurer) {
configurer.addPathPrefix("/api", HandlerTypePredicate.forAnnotation(RestController.class));
}
private PathPatternParser patternParser() {
// ...
}
}
@Configuration
@EnableWebMvc
class WebConfig : WebMvcConfigurer {
override fun configurePathMatch(configurer: PathMatchConfigurer) {
configurer.addPathPrefix("/api", HandlerTypePredicate.forAnnotation(RestController::class.java))
}
fun patternParser(): PathPatternParser {
//...
}
}
The following example shows how to customize path matching in XML configuration:
<mvc:annotation-driven>
<mvc:path-matching
path-helper="pathHelper"
path-matcher="pathMatcher"/>
</mvc:annotation-driven>
<bean id="pathHelper" class="org.example.app.MyPathHelper"/>
<bean id="pathMatcher" class="org.example.app.MyPathMatcher"/>
@EnableWebMvc
imports DelegatingWebMvcConfiguration
, which:
-
Provides default Spring configuration for Spring MVC applications
-
Detects and delegates to
WebMvcConfigurer
implementations to customize that configuration.
For advanced mode, you can remove @EnableWebMvc
and extend directly from
DelegatingWebMvcConfiguration
instead of implementing WebMvcConfigurer
,
as the following example shows:
@Configuration
public class WebConfig extends DelegatingWebMvcConfiguration {
// ...
}
@Configuration
class WebConfig : DelegatingWebMvcConfiguration() {
// ...
}
You can keep existing methods in WebConfig
, but you can now also override bean declarations
from the base class, and you can still have any number of other WebMvcConfigurer
implementations on
the classpath.
The MVC namespace does not have an advanced mode. If you need to customize a property on
a bean that you cannot change otherwise, you can use the BeanPostProcessor
lifecycle
hook of the Spring ApplicationContext
, as the following example shows:
@Component
public class MyPostProcessor implements BeanPostProcessor {
public Object postProcessBeforeInitialization(Object bean, String name) throws BeansException {
// ...
}
}
@Component
class MyPostProcessor : BeanPostProcessor {
override fun postProcessBeforeInitialization(bean: Any, name: String): Any {
// ...
}
}
Note that you need to declare MyPostProcessor
as a bean, either explicitly in XML or
by letting it be detected through a <component-scan/>
declaration.
Servlet 4 containers are required to support HTTP/2, and Spring Framework 5 is compatible with Servlet API 4. From a programming model perspective, there is nothing specific that applications need to do. However, there are considerations related to server configuration. For more details, see the HTTP/2 wiki page.
The Servlet API does expose one construct related to HTTP/2. You can use the
jakarta.servlet.http.PushBuilder
to proactively push resources to clients, and it
is supported as a method argument to @RequestMapping
methods.