原文链接:https://docs.spring.io/spring/docs/current/spring-framework-reference/web.html#mvc
1.1. Introduction
Spring Web MVC is the original web framework built on the Servlet API and included in the Spring Framework from the very beginning. The formal name "Spring Web MVC" comes from the name of its source module spring-webmvc but it is more commonly known as "Spring MVC".
Parallel to Spring Web MVC, Spring Framework 5.0 introduced a reactive stack, web framework whose name Spring WebFlux is also based on its source module spring-webflux. This section covers Spring Web MVC. The next section covers Spring WebFlux.
1.2. The DispatcherServlet
Spring MVC, like many other web frameworks, is designed around the front controller pattern where a central Servlet
, the DispatcherServlet
, provides a shared algorithm for request processing while actual work is performed by configurable, delegate components. This model is flexible and supports diverse workflows.
The DispatcherServlet
, as any Servlet
, needs to be declared and mapped according to the Servlet specification using Java configuration or in web.xml
. In turn the DispatcherServlet
uses Spring configuration to discover the delegate components it needs for request mapping, view resolution, exception handling, and more.
Below is an example of the Java configuration that registers and initializes the DispatcherServlet
. This class is auto-detected by the Servlet container (see Code-based, Servlet container initialization):
public class MyWebApplicationInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletCxt) {
// Load Spring web application configuration
AnnotationConfigWebApplicationContext cxt = new AnnotationConfigWebApplicationContext();
cxt.register(AppConfig.class);
cxt.refresh();
// Create DispatcherServlet
DispatcherServlet servlet = new DispatcherServlet(cxt);
// Register and map the Servlet
ServletRegistration.Dynamic registration = servletCxt.addServlet("app", servlet);
registration.setLoadOnStartup(1);
registration.addMapping("/app/*");
}
}
In addition to using the ServletContext API directly, you can also extend |
Below is an example of web.xml
configuration to register and initialize the DispatcherServlet
:
<web-app>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/app-context.xml</param-value>
</context-param>
<servlet>
<servlet-name>app</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>app</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
</web-app>
Spring Boot follows a different initialization sequence. Rather than hooking into the lifecycle of the Servlet container, Spring Boot uses Spring configuration to bootstrap itself and the embedded Servlet container. |
1.2.1. WebApplicationContext Hierarchy
DispatcherServlet
expects a WebApplicationContext
, an extension of a plain ApplicationContext
, for its own configuration. WebApplicationContext
has a link to the ServletContext
and Servlet
it is associated with. It is also bound to the ServletContext
such that applications can use static methods on RequestContextUtils
to look up the WebApplicationContext
if they need access to it.
For many applications having a single WebApplicationContext
is simple and sufficient. It is also possible to have a context hierarchy where one root WebApplicationContext
is shared across multiple DispatcherServlet
(or other Servlet
) instances, each with its own child WebApplicationContext
configuration. See Additional Capabilities of the ApplicationContext for more on the context hierarchy feature.
The root WebApplicationContext
typically contains infrastructure beans such as data repositories and business services that need to be shared across multiple Servlet
instances. Those beans are effectively inherited and could be overridden (i.e. re-declared) in the Servlet-specific, child WebApplicationContext
which typically contains beans local to the given Servlet
:
![mvc context hierarchy](https://docs.spring.io/spring/docs/current/spring-framework-reference/images/mvc-context-hierarchy.png)
Below is example configuration with a WebApplicationContext
hierarchy:
public class MyWebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { RootConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { App1Config.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/app1/*" };
}
}
And the web.xml
equivalent:
<web-app>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/root-context.xml</param-value>
</context-param>
<servlet>
<servlet-name>app1</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/app1-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>app1</servlet-name>
<url-pattern>/app1/*</url-pattern>
</servlet-mapping>
</web-app>
1.2.2. Special Bean Types In the WebApplicationContext
The DispatcherServlet
delegates to special beans to process requests and render the appropriate responses. By "special beans" we mean Spring-managed Object instances that implement one of the framework contracts listed in the table below. Spring MVC provides built-in implementations of these contracts but you can also customize, extend, or replace them.
Bean type | Explanation |
---|---|
Map a request to a handler along with a list of | |
HandlerAdapter | Helps the |
Strategy to resolve exceptions possibly mapping them to handlers, or to HTML error views, or other. | |
Resolves logical String-based view names returned from a handler to an actual | |
Resolves the | |
Resolves themes your web application can use, for example, to offer personalized layouts | |
Abstraction for parsing a multi-part request (e.g. browser form file upload) with the help of some multipart parsing library. | |
Stores and retrieves the "input" and the "output" |
DispatcherServlet
Configuration
1.2.3. For each type of special bean, the DispatcherServlet
checks for the WebApplicationContext
first. If there are no matching bean types, it falls back on the default types listed in DispatcherServlet.properties.
Applications can declare the special beans they wish to have. Most applications however will find a better starting point in the MVC Java config or the MVC XML namespace which provide a higher level configuration API that in turn make the necessary bean declarations. See MVC Java config, XML namespace for more details.
Spring Boot relies on the MVC Java config to configure Spring MVC and also provides many extra convenient options on top. |
1.2.4. DispatcherServlet Processing Sequence
The DispatcherServlet
processes requests as follows:
-
The
WebApplicationContext
is searched for and bound in the request as an attribute that the controller and other elements in the process can use. It is bound by default under the keyDispatcherServlet.WEB_APPLICATION_CONTEXT_ATTRIBUTE
. -
The locale resolver is bound to the request to enable elements in the process to resolve the locale to use when processing the request (rendering the view, preparing data, and so on). If you do not need locale resolving, you do not need it.
-
The theme resolver is bound to the request to let elements such as views determine which theme to use. If you do not use themes, you can ignore it.
-
If you specify a multipart file resolver, the request is inspected for multiparts; if multiparts are found, the request is wrapped in a
MultipartHttpServletRequest
for further processing by other elements in the process. See Multipart (file upload) support for further information about multipart handling. -
An appropriate handler is searched for. If a handler is found, the execution chain associated with the handler (preprocessors, postprocessors, and controllers) is executed in order to prepare a model or rendering. Or alternatively for annotated controllers, the response may be rendered (within the
HandlerAdapter
) instead of returning a view. -
If a model is returned, the view is rendered. If no model is returned, (may be due to a preprocessor or postprocessor intercepting the request, perhaps for security reasons), no view is rendered, because the request could already have been fulfilled.
The HandlerExceptionResolver
beans declared in the WebApplicationContext
are used to resolve exceptions thrown during request processing. Those exception resolvers allow customizing the logic to address exceptions. See Handling exceptions for more details.
The Spring DispatcherServlet
also supports the return of the last-modification-date, as specified by the Servlet API. The process of determining the last modification date for a specific request is straightforward: the DispatcherServlet
looks up an appropriate handler mapping and tests whether the handler that is found implements the LastModified interface. If so, the value of the long getLastModified(request)
method of the LastModified
interface is returned to the client.
You can customize individual DispatcherServlet
instances by adding Servlet initialization parameters ( init-param
elements) to the Servlet declaration in the web.xml
file. See the following table for the list of supported parameters.
Parameter | Explanation |
---|---|
| Class that implements |
| String that is passed to the context instance (specified by |
| Namespace of the |
1.3. Annotated Controllers
Spring MVC provides an annotation-based programming model where @Controller
and @RestController
components use annotations to express request mappings, request input, exception handling, and more. Annotated controllers have flexible method signatures and do not have to extend base classes nor implement specific interfaces.
@Controller
public class HelloController {
@GetMapping("/hello")
public String handle(Model model) {
model.addAttribute("message", "Hello World!");
return "index";
}
}
In this particular example the method accepts a Model
and returns a view name as a String
but many other options exist and are explained further below in this chapter.
Guides and tutorials on spring.io use the annotation-based programming model described in this section. |
1.3.1. Defining a controller with @Controller
You can define controller beans using a standard Spring bean definition in the Servlet’s WebApplicationContext
. The @Controller
stereotype allows for auto-detection, aligned with Spring general support for detecting @Component
classes in the classpath and auto-registering bean definitions for them. It also acts as a stereotype for the annotated class, indicating its role as a web component.
To enable auto-detection of such @Controller
beans, you can add component scanning to your Java configuration:
@Configuration
@ComponentScan("org.example.web")
public class WebConfig {
// ...
}
The XML configuration equivalent:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:component-scan base-package="org.example.web"/>
<!-- ... -->
</beans>
|
1.3.2. Mapping Requests With @RequestMapping
The @RequestMapping
annotation is used to map requests to controllers methods. It has various attributes to match by URL, HTTP method, request parameters, headers, and media types. It can be used at the class-level to express shared mappings or at the method level to narrow down to a specific endpoint mapping.
There are also HTTP method specific shortcut variants of @RequestMapping
:
-
@GetMapping
-
@PostMapping
-
@PutMapping
-
@DeleteMapping
-
@PatchMapping
The shortcut variants are composed annotations — themselves annotated with @RequestMapping
. They are commonly used at the method level. At the class level an @RequestMapping
is more useful for expressing shared mappings.
@RestController
@RequestMapping("/persons")
class PersonController {
@GetMapping("/{id}")
public Person getPerson(@PathVariable Long id) {
// ...
}
@PostMapping
@ResponseStatus(HttpStatus.CREATED)
public void add(@RequestBody Person person) {
// ...
}
}
@Controller and AOP Proxying
In some cases a controller may need to be decorated with an AOP proxy at runtime. One example is if you choose to have @Transactional
annotations directly on the controller. When this is the case, for controllers specifically, we recommend using class-based proxying. This is typically the default choice with controllers. However if a controller must implement an interface that is not a Spring Context callback (e.g. InitializingBean
, *Aware
, etc), you may need to explicitly configure class-based proxying. For example with <tx:annotation-driven/>
, change to <tx:annotation-driven proxy-target-class="true"/>
.
URI Path Patterns
You can map requests using glob patterns and wildcards:
-
?
matches one character -
*
matches zero or more characters within a path segment -
**
match zero or more path segments
You can also declare URI variables and access their values with @PathVariable
:
@GetMapping("/owners/{ownerId}/pets/{petId}")
public Pet findPet(@PathVariable Long ownerId, @PathVariable Long petId) {
// ...
}
URI variables can be declared at the class and method level:
@Controller
@RequestMapping("/owners/{ownerId}")
public class OwnerController {
@GetMapping("/pets/{petId}")
public Pet findPet(@PathVariable Long ownerId, @PathVariable Long petId) {
// ...
}
}
URI variables are automatically converted to the appropriate type or`TypeMismatchException` is raised. Simple types — int
, long
, Date
, are supported by default and you can register support for any other data type. See Method Parameters And Type Conversion and Customizing WebDataBinder initialization.
URI variables can be named explicitly — e.g. @PathVariable("customId")
, but you can leave that detail out if the names are the same and your code is compiled with debugging information or with the -parameters
compiler flag on Java 8.
The syntax {varName:regex}
declares a URI variable with a regular expressions with the syntax {varName:regex}
— e.g. given URL "/spring-web-3.0.5 .jar"
, the below method extracts the name, version, and file extension:
@GetMapping("/{name:[a-z-]+}-{version:\\d\\.\\d\\.\\d}{ext:\\.[a-z]+}")
public void handle(@PathVariable String version, @PathVariable String ext) {
// ...
}
URI path patterns can also have embedded ${…}
placeholders that are resolved on startup via PropertyPlaceHolderConfigurer
against local, system, environment, and other property sources. This can be used for example to parameterize a base URL based on some external configuration.
Spring MVC uses the |
Path Pattern Comparison
When multiple patterns match a URL, they must be compared to find the best match. This done via AntPathMatcher.getPatternComparator(String path)
which looks for patterns that more specific.
A pattern is less specific if it has a lower count of URI variables and single wildcards counted as 1 and double wildcards counted as 2. Given an equal score, the longer pattern is chosen. Given the same score and length, the pattern with more URI variables than wildcards is chosen.
The default mapping pattern /**
is excluded from scoring and always sorted last. Also prefix patterns such as /public/**
are considered less specific than other pattern that don’t have double wildcards.
For the full details see AntPatternComparator
in AntPathMatcher
and also keep mind that the PathMatcher
implementation used can be customized. See Path Matching in the configuration section.
Suffix Pattern Matching
By default Spring MVC performs ".*"
suffix pattern matching so that a controller mapped to /person
is also implicitly mapped to /person.*
. This is used for URL based content negotiation, e.g. /person.pdf
, /person.xml
, etc.
Suffix pattern matching was quite helpful when browsers used to send Accept headers that are hard to interpet consistently. In the present, and for REST services, the Accept
header should be the preferred choice.
Suffix patterns can cause ambiguity and complexity in combination with path parameters, encoded characters, and URI variables. It also makes it harder to reason about URL-based authorization rules and security (see Suffix Pattern Matching and RFD).
Suffix pattern matching can be turned off completely or restricted to a set of explicitly registered path extensions. We strongly recommend using of one those options. See Path Matching and Requested Content Types. If you need URL based content negotiation consider using query parameters instead.
Suffix Pattern Matching and RFD
Reflected file download (RFD) attack is similar to XSS in that it relies on request input, e.g. query parameter, URI variable, being reflected in the response. However instead of inserting JavaScript into HTML, an RFD attack relies on the browser switching to perform a download and treating the response as an executable script when double-clicked later.
In Spring MVC @ResponseBody
and ResponseEntity
methods are at risk because they can render different content types which clients can request via URL path extensions. Disabling suffix pattern matching and the use of path extensions for content negotiation lower the risk but are not sufficient to prevent RFD attacks.
To prevent RFD attacks, prior to rendering the response body Spring MVC adds a Content-Disposition:inline;filename=f.txt
header to suggest a fixed and safe download file. This is done only if the URL path contains a file extension that is neither whitelisted nor explicitly registered for content negotiation purposes. However it may potentially have side effects when URLs are typed directly into a browser.
Many common path extensions are whitelisted by default. Applications with custom HttpMessageConverter
implementations can explicitly register file extensions for content negotiation to avoid having a Content-Disposition
header added for those extensions. See Requested Content Types.
Check CVE-2015-5211 for additional recommendations related to RFD.
Matrix Variables
The URI specification RFC 3986 defines the possibility of including name-value pairs within path segments. There is no specific term used in the spec. The general "URI path parameters" could be applied although the more unique "Matrix URIs", originating from an old post by Tim Berners-Lee, is also frequently used and fairly well known. Within Spring MVC these are referred to as matrix variables.
Matrix variables can appear in any path segment, each matrix variable separated with a ";" (semicolon). For example: "/cars;color=red;year=2012"
. Multiple values may be either "," (comma) separated "color=red,green,blue"
or the variable name may be repeated "color=red;color=green;color=blue"
.
If a URL is expected to contain matrix variables, the request mapping pattern must represent them with a URI template. This ensures the request can be matched correctly regardless of whether matrix variables are present or not and in what order they are provided.
Below is an example of extracting the matrix variable "q":
// GET /pets/42;q=11;r=22
@GetMapping("/pets/{petId}")
public void findPet(@PathVariable String petId, @MatrixVariable int q) {
// petId == 42
// q == 11
}
Since all path segments may contain matrix variables, in some cases you need to be more specific to identify where the variable is expected to be:
// GET /owners/42;q=11/pets/21;q=22
@GetMapping("/owners/{ownerId}/pets/{petId}")
public void findPet(
@MatrixVariable(name="q", pathVar="ownerId") int q1,
@MatrixVariable(name="q", pathVar="petId") int q2) {
// q1 == 11
// q2 == 22
}
A matrix variable may be defined as optional and a default value specified:
// GET /pets/42
@GetMapping("/pets/{petId}")
public void findPet(@MatrixVariable(required=false, defaultValue="1") int q) {
// q == 1
}
All matrix variables may be obtained in a Map:
// GET /owners/42;q=11;r=12/pets/21;q=22;s=23
@GetMapping("/owners/{ownerId}/pets/{petId}")
public void findPet(
@MatrixVariable MultiValueMap<String, String> matrixVars,
@MatrixVariable(pathVar="petId"") MultiValueMap<String, String> petMatrixVars) {
// matrixVars: ["q" : [11,22], "r" : 12, "s" : 23]
// petMatrixVars: ["q" : 22, "s" : 23]
}
Note that to enable the use of matrix variables, you must set the removeSemicolonContent
property of RequestMappingHandlerMapping
to false
. By default it is set to true
.
The MVC Java config and the MVC namespace both provide options for enabling the use of matrix variables. If you are using Java config, The Advanced Customizations with MVC Java Config section describes how the In the MVC namespace, the
|
Consumable Media Types
You can narrow the request mapping based on the Content-Type
of the request:
@PostMapping(path = "/pets", consumes = "application/json")
public void addPet(@RequestBody Pet pet) {
// ...
}
The consumes attribute also supports negation expressions — e.g. !text/plain
means any content type other than "text/plain".
You can declare a shared consumes attribute at the class level. Unlike most other request mapping attributes however when used at the class level, a method-level consumes attribute will overrides rather than extend the class level declaration.
|
Producible Media Types
You can narrow the request mapping based on the Accept
request header and the list of content types that a controller method produces:
@GetMapping(path = "/pets/{petId}", produces = "application/json;charset=UTF-8")
@ResponseBody
public Pet getPet(@PathVariable String petId) {
// ...
}
The media type can specify a character set. Negated expressions are supported — e.g. !text/plain
means any content type other than "text/plain".
You can declare a shared produces attribute at the class level. Unlike most other request mapping attributes however when used at the class level, a method-level produces attribute will overrides rather than extend the class level declaration.
|
Request Parameters and Header Values
You can narrow request mappings based on request parameter conditions. You can test for the presence of a request parameter ("myParam"
), for the absence ("!myParam"
), or for a specific value ("myParam=myValue"
):
@GetMapping(path = "/pets/{petId}", params = "myParam=myValue")
public void findPet(@PathVariable String petId) {
// ...
}
You can also use the same with request header conditions:
@GetMapping(path = "/pets", headers = "myHeader=myValue")
public void findPet(@PathVariable String petId) {
// ...
}
HTTP HEAD and OPTIONS
@GetMapping
— and also @RequestMapping(method=HttpMethod.GET)
, support HTTP HEAD transparently for request mapping purposes. Controller methods don’t need to change. A response wrapper, applied in javax.servlet.http.HttpServlet
, ensures a "Content-Length"
header is set to the number of bytes written and without actually writing to the response.
@GetMapping
— and also @RequestMapping(method=HttpMethod.GET)
, are implicitly mapped to and also support HTTP HEAD. An HTTP HEAD request is processed as if it were HTTP GET except but instead of writing the body, the number of bytes are counted and the "Content-Length" header set.
By default HTTP OPTIONS is handled by setting the "Allow" response header to the list of HTTP methods listed in all @RequestMapping
methods with matching URL patterns.
For a @RequestMapping
without HTTP method declarations, the "Allow" header is set to"GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS"
. Controller methods should always declare the supported HTTP methods for example by using the HTTP method specific variants — @GetMapping
, @PostMapping
, etc.
@RequestMapping
method can be explicitly mapped to HTTP HEAD and HTTP OPTIONS, but that is not necessary in the common case.
1.3.3. Defining @RequestMapping methods
@RequestMapping
handler methods have a flexible signature and can choose from a range of supported controller method arguments and return values.
Supported Controller Method Arguments
The table below shows supported controller method arguments. Reactive types are not supported for any arguments.
JDK 1.8’s java.util.Optional
is supported as a method argument in combination with annotations that have a required
attribute — e.g. @RequestParam
, @RequestHeader
, etc, and is equivalent to required=false
.
Controller method argument | Description |
---|---|
| Generic access to request parameters, request & session attributes, without direct use of the Servlet API. |
| Choose any specific request or response type — e.g. |
| Enforces the presence of a session. As a consequence, such an argument is never |
| Servlet 4.0 push builder API for programmatic HTTP/2 resource pushes. |
| Currently authenticated user; possibly a specific |
| The HTTP method of the request. |
| The current request locale, determined by the most specific |
Java 6+: | The time zone associated with the current request, as determined by a |
| For access to the raw request body as exposed by the Servlet API. |
| For access to the raw response body as exposed by the Servlet API. |
| For access to URI template variables. See URI Path Patterns. |
| For access to name-value pairs in URI path segments. See Matrix Variables. |
| For access to Servlet request parameters. Parameter values are converted to the declared method argument type. See Binding request parameters to method parameters with @RequestParam. |
| For access to request headers. Header values are converted to the declared method argument type. See Mapping request header attributes with the @RequestHeader annotation. |
| For access to the HTTP request body. Body content is converted to the declared method argument type using |
| For access to request headers and body. The body is converted with |
| For access to a part in a "multipart/form-data" request. See Handling a file upload request from programmatic clients and Multipart (file upload) support. |
| For access and updates of the implicit model that is exposed to the web view. |
| Specify attributes to use in case of a redirect — i.e. to be appended to the query string, and/or flash attributes to be stored temporarily until the request after redirect. See Passing Data To the Redirect Target and Using flash attributes. |
Command or form object (with optional | Command object whose properties to bind to request parameters — via setters or directly to fields, with customizable type conversion, depending on Command objects along with their validation results are exposed as model attributes, by default using the command class name - e.g. model attribute "orderAddress" for a command object of type "some.package.OrderAddress". |
| Validation results for the command/form object data binding; this argument must be declared immediately after the command/form object in the controller method signature. |
| For marking form processing complete which triggers cleanup of session attributes declared through a class-level |
| For preparing a URL relative to the current request’s host, port, scheme, context path, and the literal part of the servlet mapping also taking into account |
| For access to any session attribute; in contrast to model attributes stored in the session as a result of a class-level |
| For access to request attributes. |
Supported Controller Method Return Values
The table below shows supported controller method return values. Reactive types are supported for all return values, see below for more details.
Controller method return value | Description |
---|---|
| The return value is converted through |
| The return value specifies the full response including HTTP headers and body be converted through |
| For returning a response with headers and no body. |
| A view name to be resolved with |
| A |
| Attributes to be added to the implicit model with the view name implicitly determined through a |
| The view and model attributes to use, and optionally a response status. |
| For use in methods that declare a |
| Produce any of the above return values asynchronously in a Spring MVC managed thread. |
| Produce any of the above return values asynchronously from any thread — e.g. possibly as a result of some event or callback. |
| Alternative to |
| Emit a stream of objects asynchronously to be written to the response with |
| Write to the response |
Reactive types — Reactor, RxJava, or others via | Alternative to For streaming scenarios — .e.g. |
Any other return type | A single model attribute to be added to the implicit model with the view name implicitly determined through a |
Binding request parameters to method parameters with @RequestParam
Use the @RequestParam
annotation to bind request parameters to a method parameter in your controller.
The following code snippet shows the usage:
@Controller
@RequestMapping("/pets")
@SessionAttributes("pet")
public class EditPetForm {
// ...
@GetMapping
public String setupForm(@RequestParam("petId") int petId, ModelMap model) {
Pet pet = this.clinic.loadPet(petId);
model.addAttribute("pet", pet);
return "petForm";
}
// ...
}
Parameters using this annotation are required by default, but you can specify that a parameter is optional by setting @RequestParam
's required
attribute to false
(e.g., @RequestParam(name="id", required=false)
).
Type conversion is applied automatically if the target method parameter type is not String
. See Method Parameters And Type Conversion.
When an @RequestParam
annotation is used on a Map<String, String>
or MultiValueMap<String, String>
argument, the map is populated with all request parameters.
Mapping the request body with the @RequestBody annotation
The @RequestBody
method parameter annotation indicates that a method parameter should be bound to the value of the HTTP request body. For example:
@PutMapping("/something")
public void handle(@RequestBody String body, Writer writer) throws IOException {
writer.write(body);
}
You convert the request body to the method argument by using an HttpMessageConverter
. HttpMessageConverter
is responsible for converting from the HTTP request message to an object and converting from an object to the HTTP response body. TheRequestMappingHandlerAdapter
supports the @RequestBody
annotation with the following default HttpMessageConverters
:
-
ByteArrayHttpMessageConverter
converts byte arrays. -
StringHttpMessageConverter
converts strings. -
FormHttpMessageConverter
converts form data to/from a MultiValueMap<String, String>. -
SourceHttpMessageConverter
converts to/from a javax.xml.transform.Source.
For more information on these converters, see Message Converters. Also note that if using the MVC namespace or the MVC Java config, a wider range of message converters are registered by default. See Enable the Configuration for more information.
If you intend to read and write XML, you will need to configure the MarshallingHttpMessageConverter
with a specific Marshaller
and an Unmarshaller
implementation from the org.springframework.oxm
package. The example below shows how to do that directly in your configuration but if your application is configured through the MVC namespace or the MVC Java config see Enable the Configuration instead.
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter">
<property name="messageConverters">
<util:list id="beanList">
<ref bean="stringHttpMessageConverter"/>
<ref bean="marshallingHttpMessageConverter"/>
</util:list>
</property>
</bean>
<bean id="stringHttpMessageConverter"
class="org.springframework.http.converter.StringHttpMessageConverter"/>
<bean id="marshallingHttpMessageConverter"
class="org.springframework.http.converter.xml.MarshallingHttpMessageConverter">
<property name="marshaller" ref="castorMarshaller"/>
<property name="unmarshaller" ref="castorMarshaller"/>
</bean>
<bean id="castorMarshaller" class="org.springframework.oxm.castor.CastorMarshaller"/>
An @RequestBody
method parameter can be annotated with @Valid
, in which case it will be validated using the configured Validator
instance. When using the MVC namespace or the MVC Java config, a JSR-303 validator is configured automatically assuming a JSR-303 implementation is available on the classpath.
Just like with @ModelAttribute
parameters, an Errors
argument can be used to examine the errors. If such an argument is not declared, a MethodArgumentNotValidException
will be raised. The exception is handled in the DefaultHandlerExceptionResolver
, which sends a 400
error back to the client.
Also see Enable the Configuration for information on configuring message converters and a validator through the MVC namespace or the MVC Java config. |
Mapping the response body with the @ResponseBody annotation
The @ResponseBody
annotation is similar to @RequestBody
. This annotation can be placed on a method and indicates that the return type should be written straight to the HTTP response body (and not placed in a Model, or interpreted as a view name). For example:
@GetMapping("/something")
@ResponseBody
public String helloWorld() {
return "Hello World";
}
The above example will result in the text Hello World
being written to the HTTP response stream.
As with @RequestBody
, Spring converts the returned object to a response body by using an HttpMessageConverter
. For more information on these converters, see the previous section and Message Converters.
Creating REST Controllers with the @RestController annotation
It’s a very common use case to have Controllers implement a REST API, thus serving only JSON, XML or custom MediaType content. For convenience, instead of annotating all your @RequestMapping
methods with @ResponseBody
, you can annotate your controller Class with @RestController
.
@RestController
is a stereotype annotation that combines @ResponseBody
and @Controller
. More than that, it gives more meaning to your Controller and also may carry additional semantics in future releases of the framework.
As with regular @Controller
s, a @RestController
may be assisted by @ControllerAdvice
or @RestControllerAdvice
beans. See the Advising controllers with @ControllerAdvice and @RestControllerAdvice section for more details.
Using HttpEntity
The HttpEntity
is similar to @RequestBody
and @ResponseBody
. Besides getting access to the request and response body, HttpEntity
(and the response-specific subclass ResponseEntity
) also allows access to the request and response headers, like so:
@RequestMapping("/something")
public ResponseEntity<String> handle(HttpEntity<byte[]> requestEntity) throws UnsupportedEncodingException {
String requestHeader = requestEntity.getHeaders().getFirst("MyRequestHeader");
byte[] requestBody = requestEntity.getBody();
// do something with request header and body
HttpHeaders responseHeaders = new HttpHeaders();
responseHeaders.set("MyResponseHeader", "MyValue");
return new ResponseEntity<String>("Hello World", responseHeaders, HttpStatus.CREATED);
}
The above example gets the value of the MyRequestHeader
request header, and reads the body as a byte array. It adds the MyResponseHeader
to the response, writes Hello World
to the response stream, and sets the response status code to 201 (Created).
As with @RequestBody
and @ResponseBody
, Spring uses HttpMessageConverter
to convert from and to the request and response streams. For more information on these converters, see the previous section and Message Converters.
Using @ModelAttribute on a method
The @ModelAttribute
annotation can be used on methods or on method arguments. This section explains its usage on methods while the next section explains its usage on method arguments.
An @ModelAttribute
on a method indicates the purpose of that method is to add one or more model attributes. Such methods support the same argument types as @RequestMapping
methods but cannot be mapped directly to requests. Instead @ModelAttribute
methods in a controller are invoked before @RequestMapping
methods, within the same controller. A couple of examples:
// Add one attribute
// The return value of the method is added to the model under the name "account"
// You can customize the name via @ModelAttribute("myAccount")
@ModelAttribute
public Account addAccount(@RequestParam String number) {
return accountManager.findAccount(number);
}
// Add multiple attributes
@ModelAttribute
public void populateModel(@RequestParam String number, Model model) {
model.addAttribute(accountManager.findAccount(number));
// add more ...
}
@ModelAttribute
methods are used to populate the model with commonly needed attributes for example to fill a drop-down with states or with pet types, or to retrieve a command object like Account in order to use it to represent the data on an HTML form. The latter case is further discussed in the next section.
Note the two styles of @ModelAttribute
methods. In the first, the method adds an attribute implicitly by returning it. In the second, the method accepts a Model
and adds any number of model attributes to it. You can choose between the two styles depending on your needs.
A controller can have any number of @ModelAttribute
methods. All such methods are invoked before @RequestMapping
methods of the same controller.
@ModelAttribute
methods can also be defined in an @ControllerAdvice
-annotated class and such methods apply to many controllers. See the Advising controllers with @ControllerAdvice and @RestControllerAdvice section for more details.
What happens when a model attribute name is not explicitly specified? In such cases a default name is assigned to the model attribute based on its type. For example if the method returns an object of type |
The @ModelAttribute
annotation can be used on @RequestMapping
methods as well. In that case the return value of the @RequestMapping
method is interpreted as a model attribute rather than as a view name. The view name is then derived based on view name conventions instead, much like for methods returning void
— see The View - RequestToViewNameTranslator.
Using @ModelAttribute on a method argument
As explained in the previous section @ModelAttribute
can be used on methods or on method arguments. This section explains its usage on method arguments.
An @ModelAttribute
on a method argument indicates the argument should be retrieved from the model. If not present in the model, the argument should be instantiated first and then added to the model. Once present in the model, the argument’s fields should be populated from all request parameters that have matching names. This is known as data binding in Spring MVC, a very useful mechanism that saves you from having to parse each form field individually.
@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
public String processSubmit(@ModelAttribute Pet pet) { }
Given the above example where can the Pet instance come from? There are several options:
-
It may already be in the model due to use of
@SessionAttributes
— see Using @SessionAttributes to store model attributes in the HTTP session between requests. -
It may already be in the model due to an
@ModelAttribute
method in the same controller — as explained in the previous section. -
It may be retrieved based on a URI template variable and type converter (explained in more detail below).
-
It may be instantiated using its default constructor.
An @ModelAttribute
method is a common way to retrieve an attribute from the database, which may optionally be stored between requests through the use of @SessionAttributes
. In some cases it may be convenient to retrieve the attribute by using an URI template variable and a type converter. Here is an example:
@PutMapping("/accounts/{account}")
public String save(@ModelAttribute("account") Account account) {
// ...
}
In this example the name of the model attribute (i.e. "account") matches the name of a URI template variable. If you register Converter<String, Account>
that can turn the String
account value into an Account
instance, then the above example will work without the need for an @ModelAttribute
method.
The next step is data binding. The WebDataBinder
class matches request parameter names — including query string parameters and form fields — to model attribute fields by name. Matching fields are populated after type conversion (from String to the target field type) has been applied where necessary. Data binding and validation are covered in Validation. Customizing the data binding process for a controller level is covered in Customizing WebDataBinder initialization.
As a result of data binding there may be errors such as missing required fields or type conversion errors. To check for such errors add a BindingResult
argument immediately following the @ModelAttribute
argument:
@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
public String processSubmit(@ModelAttribute("pet") Pet pet, BindingResult result) {
if (result.hasErrors()) {
return "petForm";
}
// ...
}
With a BindingResult
you can check if errors were found in which case it’s common to render the same form where the errors can be shown with the help of Spring’s <errors>
form tag.
Note that in some cases it may be useful to gain access to an attribute in the model without data binding. For such cases you may inject the Model
into the controller or alternatively use the binding
flag on the annotation:
@ModelAttribute
public AccountForm setUpForm() {
return new AccountForm();
}
@ModelAttribute
public Account findAccount(@PathVariable String accountId) {
return accountRepository.findOne(accountId);
}
@PostMapping("update")
public String update(@Valid AccountUpdateForm form, BindingResult result,
@ModelAttribute(binding=false) Account account) {
// ...
}
In addition to data binding you can also invoke validation using your own custom validator passing the same BindingResult
that was used to record data binding errors. That allows for data binding and validation errors to be accumulated in one place and subsequently reported back to the user:
@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
public String processSubmit(@ModelAttribute("pet") Pet pet, BindingResult result) {
new PetValidator().validate(pet, result);
if (result.hasErrors()) {
return "petForm";
}
// ...
}
Or you can have validation invoked automatically by adding the JSR-303 @Valid
annotation:
@PostMapping("/owners/{ownerId}/pets/{petId}/edit")
public String processSubmit(@Valid @ModelAttribute("pet") Pet pet, BindingResult result) {
if (result.hasErrors()) {
return "petForm";
}
// ...
}
See Bean validation and Spring validation for details on how to configure and use validation.
Using @SessionAttributes to store model attributes in the HTTP session between requests
The type-level @SessionAttributes
annotation declares session attributes used by a specific handler. This will typically list the names of model attributes or types of model attributes which should be transparently stored in the session or some conversational storage, serving as form-backing beans between subsequent requests.
The following code snippet shows the usage of this annotation, specifying the model attribute name:
@Controller
@RequestMapping("/editPet.do")
@SessionAttributes("pet")
public class EditPetForm {
// ...
}
Using @SessionAttribute to access pre-existing global session attributes
If you need access to pre-existing session attributes that are managed globally, i.e. outside the controller (e.g. by a filter), and may or may not be present use the @SessionAttribute
annotation on a method parameter:
@RequestMapping("/")
public String handle(@SessionAttribute User user) {
// ...
}
For use cases that require adding or removing session attributes consider injectingorg.springframework.web.context.request.WebRequest
or javax.servlet.http.HttpSession
into the controller method.
For temporary storage of model attributes in the session as part of a controller workflow consider using SessionAttributes
as described in Using @SessionAttributes to store model attributes in the HTTP session between requests.
Using @RequestAttribute to access request attributes
Similar to @SessionAttribute
the @RequestAttribute
annotation can be used to access pre-existing request attributes created by a filter or interceptor:
@RequestMapping("/")
public String handle(@RequestAttribute Client client) {
// ...
}
Working with "application/x-www-form-urlencoded" data
The previous sections covered use of @ModelAttribute
to support form submission requests from browser clients. The same annotation is recommended for use with requests from non-browser clients as well. However there is one notable difference when it comes to working with HTTP PUT requests. Browsers can submit form data via HTTP GET or HTTP POST. Non-browser clients can also submit forms via HTTP PUT. This presents a challenge because the Servlet specification requires the ServletRequest.getParameter*()
family of methods to support form field access only for HTTP POST, not for HTTP PUT.
To support HTTP PUT and PATCH requests, the spring-web
module provides the filter HttpPutFormContentFilter
, which can be configured in web.xml
:
<filter>
<filter-name>httpPutFormFilter</filter-name>
<filter-class>org.springframework.web.filter.HttpPutFormContentFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>httpPutFormFilter</filter-name>
<servlet-name>dispatcherServlet</servlet-name>
</filter-mapping>
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
The above filter intercepts HTTP PUT and PATCH requests with content type application/x-www-form-urlencoded
, reads the form data from the body of the request, and wraps the ServletRequest
in order to make the form data available through theServletRequest.getParameter*()
family of methods.
As |
Mapping cookie values with the @CookieValue annotation
The @CookieValue
annotation allows a method parameter to be bound to the value of an HTTP cookie.
Let us consider that the following cookie has been received with an http request:
JSESSIONID=415A4AC178C59DACE0B2C9CA727CDD84
The following code sample demonstrates how to get the value of the JSESSIONID
cookie:
@RequestMapping("/displayHeaderInfo.do")
public void displayHeaderInfo(@CookieValue("JSESSIONID") String cookie) {
//...
}
Type conversion is applied automatically if the target method parameter type is not String
. See Method Parameters And Type Conversion.
Mapping request header attributes with the @RequestHeader annotation
The @RequestHeader
annotation allows a method parameter to be bound to a request header.
Here is a sample request header:
Host localhost:8080 Accept text/html,application/xhtml+xml,application/xml;q=0.9 Accept-Language fr,en-gb;q=0.7,en;q=0.3 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 300
The following code sample demonstrates how to get the value of the Accept-Encoding
and Keep-Alive
headers:
@RequestMapping("/displayHeaderInfo.do")
public void displayHeaderInfo(@RequestHeader("Accept-Encoding") String encoding,
@RequestHeader("Keep-Alive") long keepAlive) {
//...
}
Type conversion is applied automatically if the method parameter is not String
. See Method Parameters And Type Conversion.
When an @RequestHeader
annotation is used on a Map<String, String>
, MultiValueMap<String, String>
, or HttpHeaders
argument, the map is populated with all header values.
Built-in support is available for converting a comma-separated string into an array/collection of strings or other types known to the type conversion system. For example a method parameter annotated with |
Method Parameters And Type Conversion
String-based values extracted from the request including request parameters, path variables, request headers, and cookie values may need to be converted to the target type of the method parameter or field (e.g., binding a request parameter to a field in an @ModelAttribute
parameter) they’re bound to. If the target type is not String
, Spring automatically converts to the appropriate type. All simple types such as int, long, Date, etc. are supported. You can further customize the conversion process through a WebDataBinder
(see Customizing WebDataBinder initialization) or by registering Formatters
with the FormattingConversionService
(see Spring Field Formatting).
Customizing WebDataBinder initialization
To customize request parameter binding with PropertyEditors through Spring’s WebDataBinder
, you can use @InitBinder
-annotated methods within your controller, @InitBinder
methods within an @ControllerAdvice
class, or provide a customWebBindingInitializer
. See the Advising controllers with @ControllerAdvice and @RestControllerAdvice section for more details.
Customizing data binding with @InitBinder
Annotating controller methods with @InitBinder
allows you to configure web data binding directly within your controller class. @InitBinder
identifies methods that initialize the WebDataBinder
that will be used to populate command and form object arguments of annotated handler methods.
Such init-binder methods support all arguments that @RequestMapping
methods support, except for command/form objects and corresponding validation result objects. Init-binder methods must not have a return value. Thus, they are usually declared as void
. Typical arguments include WebDataBinder
in combination with WebRequest
or java.util.Locale
, allowing code to register context-specific editors.
The following example demonstrates the use of @InitBinder
to configure a CustomDateEditor
for all java.util.Date
form properties.
@Controller
public class MyFormController {
@InitBinder
protected void initBinder(WebDataBinder binder) {
SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd");
dateFormat.setLenient(false);
binder.registerCustomEditor(Date.class, new CustomDateEditor(dateFormat, false));
}
// ...
}
Alternatively, as of Spring 4.2, consider using addCustomFormatter
to specify Formatter
implementations instead of PropertyEditor
instances. This is particularly useful if you happen to have a Formatter
-based setup in a sharedFormattingConversionService
as well, with the same approach to be reused for controller-specific tweaking of the binding rules.
@Controller
public class MyFormController {
@InitBinder
protected void initBinder(WebDataBinder binder) {
binder.addCustomFormatter(new DateFormatter("yyyy-MM-dd"));
}
// ...
}
Configuring a custom WebBindingInitializer
To externalize data binding initialization, you can provide a custom implementation of the WebBindingInitializer
interface, which you then enable by supplying a custom bean configuration for an RequestMappingHandlerAdapter
, thus overriding the default configuration.
The following example from the PetClinic application shows a configuration using a custom implementation of the WebBindingInitializer
interface, org.springframework.samples.petclinic.web.ClinicBindingInitializer
, which configures PropertyEditors required by several of the PetClinic controllers.
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter">
<property name="cacheSeconds" value="0"/>
<property name="webBindingInitializer">
<bean class="org.springframework.samples.petclinic.web.ClinicBindingInitializer"/>
</property>
</bean>
@InitBinder
methods can also be defined in an @ControllerAdvice
-annotated class in which case they apply to matching controllers. This provides an alternative to using a WebBindingInitializer
. See the Advising controllers with @ControllerAdvice and @RestControllerAdvice section for more details.
Advising controllers with @ControllerAdvice and @RestControllerAdvice
The @ControllerAdvice
annotation is a component annotation allowing implementation classes to be auto-detected through classpath scanning. It is automatically enabled when using the MVC namespace or the MVC Java config.
Classes annotated with @ControllerAdvice
can contain @ExceptionHandler
, @InitBinder
, and @ModelAttribute
annotated methods, and these methods will apply to @RequestMapping
methods across all controller hierarchies as opposed to the controller hierarchy within which they are declared.
@RestControllerAdvice
is an alternative where @ExceptionHandler
methods assume @ResponseBody
semantics by default.
Both @ControllerAdvice
and @RestControllerAdvice
can target a subset of controllers:
// Target all Controllers annotated with @RestController
@ControllerAdvice(annotations = RestController.class)
public class AnnotationAdvice {}
// Target all Controllers within specific packages
@ControllerAdvice("org.example.controllers")
public class BasePackageAdvice {}
// Target all Controllers assignable to specific classes
@ControllerAdvice(assignableTypes = {ControllerInterface.class, AbstractController.class})
public class AssignableTypesAdvice {}
Check out the @ControllerAdvice
documentation for more details.
Jackson Serialization View Support
It can sometimes be useful to filter contextually the object that will be serialized to the HTTP response body. In order to provide such capability, Spring MVC has built-in support for rendering with Jackson’s Serialization Views.
To use it with an @ResponseBody
controller method or controller methods that return ResponseEntity
, simply add the @JsonView
annotation with a class argument specifying the view class or interface to be used:
@RestController
public class UserController {
@GetMapping("/user")
@JsonView(User.WithoutPasswordView.class)
public User getUser() {
return new User("eric", "7!jd#h23");
}
}
public class User {
public interface WithoutPasswordView {};
public interface WithPasswordView extends WithoutPasswordView {};
private String username;
private String password;
public User() {
}
public User(String username, String password) {
this.username = username;
this.password = password;
}
@JsonView(WithoutPasswordView.class)
public String getUsername() {
return this.username;
}
@JsonView(WithPasswordView.class)
public String getPassword() {
return this.password;
}
}
Note that despite |
For controllers relying on view resolution, simply add the serialization view class to the model:
@Controller
public class UserController extends AbstractController {
@GetMapping("/user")
public String getUser(Model model) {
model.addAttribute("user", new User("eric", "7!jd#h23"));
model.addAttribute(JsonView.class.getName(), User.WithoutPasswordView.class);
return "userView";
}
}
Jackson JSONP Support
In order to enable JSONP support for @ResponseBody
and ResponseEntity
methods, declare an @ControllerAdvice
bean that extends AbstractJsonpResponseBodyAdvice
as shown below where the constructor argument indicates the JSONP query parameter name(s):
@ControllerAdvice
public class JsonpAdvice extends AbstractJsonpResponseBodyAdvice {
public JsonpAdvice() {
super("callback");
}
}
For controllers relying on view resolution, JSONP is automatically enabled when the request has a query parameter named jsonp
or callback
. Those names can be customized through jsonpParameterNames
property.
1.3.4. Asynchronous Request Processing
Spring MVC 3.2 introduced Servlet 3 based asynchronous request processing. Instead of returning a value, as usual, a controller method can now return a java.util.concurrent.Callable
and produce the return value from a Spring MVC managed thread. Meanwhile the main Servlet container thread is exited and released and allowed to process other requests. Spring MVC invokes the Callable
in a separate thread with the help of a TaskExecutor
and when the Callable
returns, the request is dispatched back to the Servlet container to resume processing using the value returned by the Callable
. Here is an example of such a controller method:
@PostMapping
public Callable<String> processUpload(final MultipartFile file) {
return new Callable<String>() {
public String call() throws Exception {
// ...
return "someView";
}
};
}
Another option is for the controller method to return an instance of DeferredResult
. In this case the return value will also be produced from any thread, i.e. one that is not managed by Spring MVC. For example the result may be produced in response to some external event such as a JMS message, a scheduled task, and so on. Here is an example of such a controller method:
@RequestMapping("/quotes")
@ResponseBody
public DeferredResult<String> quotes() {
DeferredResult<String> deferredResult = new DeferredResult<String>();
// Save the deferredResult somewhere..
return deferredResult;
}
// In some other thread...
deferredResult.setResult(data);
This may be difficult to understand without any knowledge of the Servlet 3.0 asynchronous request processing features. It would certainly help to read up on that. Here are a few basic facts about the underlying mechanism:
-
A
ServletRequest
can be put in asynchronous mode by callingrequest.startAsync()
. The main effect of doing so is that the Servlet, as well as any Filters, can exit but the response will remain open to allow processing to complete later. -
The call to
request.startAsync()
returnsAsyncContext
which can be used for further control over async processing. For example it provides the methoddispatch
, that is similar to a forward from the Servlet API except it allows an application to resume request processing on a Servlet container thread. -
The
ServletRequest
provides access to the currentDispatcherType
that can be used to distinguish between processing the initial request, an async dispatch, a forward, and other dispatcher types.
With the above in mind, the following is the sequence of events for async request processing with a Callable
:
-
Controller returns a
Callable
. -
Spring MVC starts asynchronous processing and submits the
Callable
to aTaskExecutor
for processing in a separate thread. -
The
DispatcherServlet
and all Filter’s exit the Servlet container thread but the response remains open. -
The
Callable
produces a result and Spring MVC dispatches the request back to the Servlet container to resume processing. -
The
DispatcherServlet
is invoked again and processing resumes with the asynchronously produced result from theCallable
.
The sequence for DeferredResult
is very similar except it’s up to the application to produce the asynchronous result from any thread:
-
Controller returns a
DeferredResult
and saves it in some in-memory queue or list where it can be accessed. -
Spring MVC starts async processing.
-
The
DispatcherServlet
and all configured Filter’s exit the request processing thread but the response remains open. -
The application sets the
DeferredResult
from some thread and Spring MVC dispatches the request back to the Servlet container. -
The
DispatcherServlet
is invoked again and processing resumes with the asynchronously produced result.
For further background on the motivation for async request processing and when or why to use it please read this blog post series.
Exception Handling for Async Requests
What happens if a Callable
returned from a controller method raises an Exception while being executed? The short answer is the same as what happens when a controller method raises an exception. It goes through the regular exception handling mechanism. The longer explanation is that when a Callable
raises an Exception Spring MVC dispatches to the Servlet container with the Exception
as the result and that leads to resume request processing with the Exception
instead of a controller method return value. When using a DeferredResult
you have a choice whether to call setResult
or setErrorResult
with an Exception
instance.
Intercepting Async Requests
A HandlerInterceptor
can also implement AsyncHandlerInterceptor
in order to implement the afterConcurrentHandlingStarted
callback, which is called instead of postHandle
and afterCompletion
when asynchronous processing starts.
A HandlerInterceptor
can also register a CallableProcessingInterceptor
or a DeferredResultProcessingInterceptor
in order to integrate more deeply with the lifecycle of an asynchronous request and for example handle a timeout event. See the Javadoc of AsyncHandlerInterceptor
for more details.
The DeferredResult
type also provides methods such as onTimeout(Runnable)
and onCompletion(Runnable)
. See the Javadoc of DeferredResult
for more details.
When using a Callable
you can wrap it with an instance of WebAsyncTask
which also provides registration methods for timeout and completion.
HTTP Streaming
A controller method can use DeferredResult
and Callable
to produce its return value asynchronously and that can be used to implement techniques such as long polling where the server can push an event to the client as soon as possible.
What if you wanted to push multiple events on a single HTTP response? This is a technique related to "Long Polling" that is known as "HTTP Streaming". Spring MVC makes this possible through the ResponseBodyEmitter
return value type which can be used to send multiple Objects, instead of one as is normally the case with @ResponseBody
, where each Object sent is written to the response with an HttpMessageConverter
.
Here is an example of that:
@RequestMapping("/events")
public ResponseBodyEmitter handle() {
ResponseBodyEmitter emitter = new ResponseBodyEmitter();
// Save the emitter somewhere..
return emitter;
}
// In some other thread
emitter.send("Hello once");
// and again later on
emitter.send("Hello again");
// and done at some point
emitter.complete();
Note that ResponseBodyEmitter
can also be used as the body in a ResponseEntity
in order to customize the status and headers of the response.
HTTP Streaming With Server-Sent Events
SseEmitter
is a sub-class of ResponseBodyEmitter
providing support for Server-Sent Events. Server-sent events is a just another variation on the same "HTTP Streaming" technique except events pushed from the server are formatted according to the W3C Server-Sent Events specification.
Server-Sent Events can be used for their intended purpose, that is to push events from the server to clients. It is quite easy to do in Spring MVC and requires simply returning a value of type SseEmitter
.
Note however that Internet Explorer does not support Server-Sent Events and that for more advanced web application messaging scenarios such as online games, collaboration, financial applicatinos, and others it’s better to consider Spring’s WebSocket support that includes SockJS-style WebSocket emulation falling back to a very wide range of browsers (including Internet Explorer) and also higher-level messaging patterns for interacting with clients through a publish-subscribe model within a more messaging-centric architecture. For further background on this see the following blog post.
HTTP Streaming Directly To The OutputStream
ResponseBodyEmitter
allows sending events by writing Objects to the response through an HttpMessageConverter
. This is probably the most common case, for example when writing JSON data. However sometimes it is useful to bypass message conversion and write directly to the response OutputStream
for example for a file download. This can be done with the help of the StreamingResponseBody
return value type.
Here is an example of that:
@RequestMapping("/download")
public StreamingResponseBody handle() {
return new StreamingResponseBody() {
@Override
public void writeTo(OutputStream outputStream) throws IOException {
// write...
}
};
}
Note that StreamingResponseBody
can also be used as the body in a ResponseEntity
in order to customize the status and headers of the response.
Async Requests with Reactive Types
If using the reactive WebClient
from spring-webflux
, or another client, or a data store with reactive support, you can return reactive types directly from Spring MVC controller methods.
Spring MVC adapts transparently to the reactive library in use with proper translation of cardinality — i.e. how many values are expected. This is done with the help of the ReactiveAdapterRegistry from spring-core
which provides pluggable support for reactive and async types. The registry has built-in support for RxJava but others can be registered.
Return values are handled as follows:
-
If the return type has single-value stream semantics such as Reactor
Mono
or RxJavaSingle
it is adapted and equivalent to usingDeferredResult
. -
If the return type has multi-value stream semantics such as Reactor
Flux
or RxJavaObservable
/Flowable
and if the media type indicates streaming, e.g. "application/stream+json" or "text/event-stream", it is adapted and equivalent to usingResponseBodyEmitter
orSseEmitter
. You can also returnFlux<ServerSentEvent>
orObservable<ServerSentEvent>
. -
If the return type has multi-value stream semantics but the media type does not imply streaming, e.g. "application/json", it is adapted and equivalent to using
DeferredResult<List<?>>
, e.g. JSON array.
Reactive libraries are detected and adapted to a Reactive Streams Publisher
through Spring’s pluggable ReactiveAdapterRegistry
which by default supports Reactor 3, RxJava 2, and RxJava 1. Note that for RxJava 1 you will need to add "io.reactivex:rxjava-reactive-streams" to the classpath.
A common assumption with reactive libraries is to not block the processing thread. The WebClient
with Reactor Netty for example is based on event-loop style handling using a small, fixed number of threads and those must not be blocked when writing to the ServletResponseOutputStream
. Reactive libraries have operators for that but Spring MVC automatically writes asynchronously so you don’t need to use them. The underlying TaskExecutor
for this must be configured through the MVC Java config and the MVC namespace as described in the following section which by default is a SyncTaskExecutor
and hence not suitable for production use.
Unlike Spring MVC, Spring WebFlux is built on a non-blocking, reactive foundation and uses the Servlet 3.1 non-blocking I/O that’s also based on event loop style processing and hence does not require a thread to absorb the effect of blocking. |
Configuring Asynchronous Request Processing
Servlet Container Configuration
For applications configured with a web.xml
be sure to update to version 3.0:
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
...
</web-app>
Asynchronous support must be enabled on the DispatcherServlet
through the <async-supported>true</async-supported>
sub-element in web.xml
. Additionally any Filter
that participates in asyncrequest processing must be configured to support the ASYNC dispatcher type. It should be safe to enable the ASYNC dispatcher type for all filters provided with the Spring Framework since they usually extend OncePerRequestFilter
and that has runtime checks for whether the filter needs to be involved in async dispatches or not.
Below is some example web.xml configuration:
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<filter>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<filter-class>org.springframework.~.OpenEntityManagerInViewFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ASYNC</dispatcher>
</filter-mapping>
</web-app>
If using Servlet 3, Java based configuration for example via WebApplicationInitializer
, you’ll also need to set the "asyncSupported" flag as well as the ASYNC dispatcher type just like with web.xml
. To simplify all this configuration, consider extending AbstractDispatcherServletInitializer
, or better AbstractAnnotationConfigDispatcherServletInitializer
which automatically set those options and make it very easy to register Filter
instances.
Spring MVC Configuration
The MVC Java config and the MVC namespace provide options for configuring asynchronous request processing. WebMvcConfigurer
has the method configureAsyncSupport
while <mvc:annotation-driven>
has an <async-support>
sub-element.
Those allow you to configure the default timeout value to use for async requests, which if not set depends on the underlying Servlet container (e.g. 10 seconds on Tomcat). You can also configure an AsyncTaskExecutor
to use for executing Callable
instances returned from controller methods. It is highly recommended to configure this property since by default Spring MVC uses SimpleAsyncTaskExecutor
. The MVC Java config and the MVC namespace also allow you to register CallableProcessingInterceptor
and DeferredResultProcessingInterceptor
instances.
If you need to override the default timeout value for a specific DeferredResult
, you can do so by using the appropriate class constructor. Similarly, for a Callable
, you can wrap it in a WebAsyncTask
and use the appropriate class constructor to customize the timeout value. The class constructor of WebAsyncTask
also allows providing an AsyncTaskExecutor
.
1.3.5. Testing Controllers
The spring-test
module offers first class support for testing annotated controllers. See Spring MVC Test Framework.
1.4. Handler mappings
In previous versions of Spring, users were required to define one or more HandlerMapping
beans in the web application context to map incoming web requests to appropriate handlers. With the introduction of annotated controllers, you generally don’t need to do that because the RequestMappingHandlerMapping
automatically looks for @RequestMapping
annotations on all @Controller
beans. However, do keep in mind that all HandlerMapping
classes extending from AbstractHandlerMapping
have the following properties that you can use to customize their behavior:
-
interceptors
List of interceptors to use.HandlerInterceptor
s are discussed in Intercepting requests with a HandlerInterceptor. -
defaultHandler
Default handler to use, when this handler mapping does not result in a matching handler. -
order
Based on the value of the order property (see theorg.springframework.core.Ordered
interface), Spring sorts all handler mappings available in the context and applies the first matching handler. -
alwaysUseFullPath
Iftrue
, Spring uses the full path within the current Servlet context to find an appropriate handler. Iffalse
(the default), the path within the current Servlet mapping is used. For example, if a Servlet is mapped using/testing/*
and thealwaysUseFullPath
property is set to true,/testing/viewPage.html
is used, whereas if the property is set to false,/viewPage.html
is used. -
urlDecode
Defaults totrue
, as of Spring 2.5. If you prefer to compare encoded paths, set this flag tofalse
. However, theHttpServletRequest
always exposes the Servlet path in decoded form. Be aware that the Servlet path will not match when compared with encoded paths so you cannot useurlDecode=false
with prefix-based Servlet mappings and likewise must also setalwaysUseFullPath=true
.
The following example shows how to configure an interceptor:
<beans>
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
<property name="interceptors">
<bean class="example.MyInterceptor"/>
</property>
</bean>
</beans>
1.4.1. Intercepting requests with a HandlerInterceptor
Spring’s handler mapping mechanism includes handler interceptors, which are useful when you want to apply specific functionality to certain requests, for example, checking for a principal.
Interceptors located in the handler mapping must implement HandlerInterceptor
from the org.springframework.web.servlet
package. This interface defines three methods: preHandle(..)
is called before the actual handler is executed; postHandle(..)
is called after the handler is executed; and afterCompletion(..)
is called after the complete request has finished. These three methods should provide enough flexibility to do all kinds of preprocessing and postprocessing.
The preHandle(..)
method returns a boolean value. You can use this method to break or continue the processing of the execution chain. When this method returns true
, the handler execution chain will continue; when it returns false, the DispatcherServlet
assumes the interceptor itself has taken care of requests (and, for example, rendered an appropriate view) and does not continue executing the other interceptors and the actual handler in the execution chain.
Interceptors can be configured using the interceptors
property, which is present on all HandlerMapping
classes extending from AbstractHandlerMapping
. This is shown in the example below:
<beans>
<bean id="handlerMapping"
class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
<property name="interceptors">
<list>
<ref bean="officeHoursInterceptor"/>
</list>
</property>
</bean>
<bean id="officeHoursInterceptor"
class="samples.TimeBasedAccessInterceptor">
<property name="openingTime" value="9"/>
<property name="closingTime" value="18"/>
</bean>
</beans>
package samples;
public class TimeBasedAccessInterceptor extends HandlerInterceptorAdapter {
private int openingTime;
private int closingTime;
public void setOpeningTime(int openingTime) {
this.openingTime = openingTime;
}
public void setClosingTime(int closingTime) {
this.closingTime = closingTime;
}
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object handler) throws Exception {
Calendar cal = Calendar.getInstance();
int hour = cal.get(HOUR_OF_DAY);
if (openingTime <= hour && hour < closingTime) {
return true;
}
response.sendRedirect("http://host.com/outsideOfficeHours.html");
return false;
}
}
Any request handled by this mapping is intercepted by the TimeBasedAccessInterceptor
. If the current time is outside office hours, the user is redirected to a static HTML file that says, for example, you can only access the website during office hours.
When using the |
As you can see, the Spring adapter class HandlerInterceptorAdapter
makes it easier to extend the HandlerInterceptor
interface.
In the example above, the configured interceptor will apply to all requests handled with annotated controller methods. If you want to narrow down the URL paths to which an interceptor applies, you can use the MVC namespace or the MVC Java config, or declare bean instances of type |
Note that the postHandle
method of HandlerInterceptor
is not always ideally suited for use with @ResponseBody
and ResponseEntity
methods. In such cases an HttpMessageConverter
writes to and commits the response before postHandle
is called which makes it impossible to change the response, for example to add a header. Instead an application can implementResponseBodyAdvice
and either declare it as an @ControllerAdvice
bean or configure it directly on RequestMappingHandlerAdapter
.
1.5. Resolving views
All MVC frameworks for web applications provide a way to address views. Spring provides view resolvers, which enable you to render models in a browser without tying you to a specific view technology. Out of the box, Spring enables you to use JSPs, FreeMarker templates and XSLT views, for example. See View Technologies for a discussion of how to integrate and use a number of disparate view technologies.
The two interfaces that are important to the way Spring handles views are ViewResolver
and View
. The ViewResolver
provides a mapping between view names and actual views. The View
interface addresses the preparation of the request and hands the request over to one of the view technologies.
1.5.1. Resolving views with the ViewResolver interface
As discussed in Annotated Controllers, all handler methods in the Spring Web MVC controllers must resolve to a logical view name, either explicitly (e.g., by returning a String
, View
, or ModelAndView
) or implicitly (i.e., based on conventions). Views in Spring are addressed by a logical view name and are resolved by a view resolver. Spring comes with quite a few view resolvers. This table lists most of them; a couple of examples follow.
ViewResolver | Description |
---|---|
| Abstract view resolver that caches views. Often views need preparation before they can be used; extending this view resolver provides caching. |
| Implementation of |
| Implementation of |
| Simple implementation of the |
| Convenient subclass of |
| Convenient subclass of |
| Implementation of the |
As an example, with JSP as a view technology, you can use the UrlBasedViewResolver
. This view resolver translates a view name to a URL and hands the request over to the RequestDispatcher to render the view.
<bean id="viewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
When returning test
as a logical view name, this view resolver forwards the request to the RequestDispatcher
that will send the request to /WEB-INF/jsp/test.jsp
.
When you combine different view technologies in a web application, you can use the ResourceBundleViewResolver
:
<bean id="viewResolver"
class="org.springframework.web.servlet.view.ResourceBundleViewResolver">
<property name="basename" value="views"/>
<property name="defaultParentView" value="parentView"/>
</bean>
The ResourceBundleViewResolver
inspects the ResourceBundle
identified by the basename, and for each view it is supposed to resolve, it uses the value of the property [viewname].(class)
as the view class and the value of the property [viewname].url
as the view url. Examples can be found in the next chapter which covers view technologies. As you can see, you can identify a parent view, from which all views in the properties file "extend". This way you can specify a default view class, for example.
Subclasses of |
1.5.2. Chaining ViewResolvers
Spring supports multiple view resolvers. Thus you can chain resolvers and, for example, override specific views in certain circumstances. You chain view resolvers by adding more than one resolver to your application context and, if necessary, by setting the order
property to specify ordering. Remember, the higher the order property, the later the view resolver is positioned in the chain.
In the following example, the chain of view resolvers consists of two resolvers, an InternalResourceViewResolver
, which is always automatically positioned as the last resolver in the chain, and an XmlViewResolver
for specifying Excel views. Excel views are not supported by the InternalResourceViewResolver
.
<bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean id="excelViewResolver" class="org.springframework.web.servlet.view.XmlViewResolver">
<property name="order" value="1"/>
<property name="location" value="/WEB-INF/views.xml"/>
</bean>
<!-- in views.xml -->
<beans>
<bean name="report" class="org.springframework.example.ReportExcelView"/>
</beans>
If a specific view resolver does not result in a view, Spring examines the context for other view resolvers. If additional view resolvers exist, Spring continues to inspect them until a view is resolved. If no view resolver returns a view, Spring throws aServletException
.
The contract of a view resolver specifies that a view resolver can return null to indicate the view could not be found. Not all view resolvers do this, however, because in some cases, the resolver simply cannot detect whether or not the view exists. For example, the InternalResourceViewResolver
uses the RequestDispatcher
internally, and dispatching is the only way to figure out if a JSP exists, but this action can only execute once. The same holds for the FreeMarkerViewResolver
and some others. Check the javadocs of the specific view resolver to see whether it reports non-existing views. Thus, putting an InternalResourceViewResolver
in the chain in a place other than the last results in the chain not being fully inspected, because the InternalResourceViewResolver
will always return a view!
1.5.3. Redirecting to Views
As mentioned previously, a controller typically returns a logical view name, which a view resolver resolves to a particular view technology. For view technologies such as JSPs that are processed through the Servlet or JSP engine, this resolution is usually handled through the combination of InternalResourceViewResolver
and InternalResourceView
, which issues an internal forward or include via the Servlet API’s RequestDispatcher.forward(..)
method or RequestDispatcher.include()
method. For other view technologies, such as FreeMarker, XSLT, and so on, the view itself writes the content directly to the response stream.
It is sometimes desirable to issue an HTTP redirect back to the client, before the view is rendered. This is desirable, for example, when one controller has been called with POST
data, and the response is actually a delegation to another controller (for example on a successful form submission). In this case, a normal internal forward will mean that the other controller will also see the same POST
data, which is potentially problematic if it can confuse it with other expected data. Another reason to perform a redirect before displaying the result is to eliminate the possibility of the user submitting the form data multiple times. In this scenario, the browser will first send an initial POST
; it will then receive a response to redirect to a different URL; and finally the browser will perform a subsequent GET
for the URL named in the redirect response. Thus, from the perspective of the browser, the current page does not reflect the result of a POST
but rather of a GET
. The end effect is that there is no way the user can accidentally re- POST
the same data by performing a refresh. The refresh forces a GET
of the result page, not a resend of the initial POST
data.
RedirectView
One way to force a redirect as the result of a controller response is for the controller to create and return an instance of Spring’s RedirectView
. In this case, DispatcherServlet
does not use the normal view resolution mechanism. Rather because it has been given the (redirect) view already, the DispatcherServlet
simply instructs the view to do its work. The RedirectView
in turn calls HttpServletResponse.sendRedirect()
to send an HTTP redirect to the client browser.
If you use RedirectView
and the view is created by the controller itself, it is recommended that you configure the redirect URL to be injected into the controller so that it is not baked into the controller but configured in the context along with the view names. The The redirect: prefix facilitates this decoupling.
Passing Data To the Redirect Target
By default all model attributes are considered to be exposed as URI template variables in the redirect URL. Of the remaining attributes those that are primitive types or collections/arrays of primitive types are automatically appended as query parameters.
Appending primitive type attributes as query parameters may be the desired result if a model instance was prepared specifically for the redirect. However, in annotated controllers the model may contain additional attributes added for rendering purposes (e.g. drop-down field values). To avoid the possibility of having such attributes appear in the URL, an @RequestMapping
method can declare an argument of type RedirectAttributes
and use it to specify the exact attributes to make available to RedirectView
. If the method does redirect, the content of RedirectAttributes
is used. Otherwise the content of the model is used.
The RequestMappingHandlerAdapter
provides a flag called "ignoreDefaultModelOnRedirect"
that can be used to indicate the content of the default Model
should never be used if a controller method redirects. Instead the controller method should declare an attribute of type RedirectAttributes
or if it doesn’t do so no attributes should be passed on to RedirectView
. Both the MVC namespace and the MVC Java config keep this flag set to false
in order to maintain backwards compatibility. However, for new applications we recommend setting it to true
Note that URI template variables from the present request are automatically made available when expanding a redirect URL and do not need to be added explicitly neither through Model
nor RedirectAttributes
. For example:
@PostMapping("/files/{path}")
public String upload(...) {
// ...
return "redirect:files/{path}";
}
Another way of passing data to the redirect target is via Flash Attributes. Unlike other redirect attributes, flash attributes are saved in the HTTP session (and hence do not appear in the URL). See Using flash attributes for more information.
The redirect: prefix
While the use of RedirectView
works fine, if the controller itself creates the RedirectView
, there is no avoiding the fact that the controller is aware that a redirection is happening. This is really suboptimal and couples things too tightly. The controller should not really care about how the response gets handled. In general it should operate only in terms of view names that have been injected into it.
The special redirect:
prefix allows you to accomplish this. If a view name is returned that has the prefix redirect:
, the UrlBasedViewResolver
(and all subclasses) will recognize this as a special indication that a redirect is needed. The rest of the view name will be treated as the redirect URL.
The net effect is the same as if the controller had returned a RedirectView
, but now the controller itself can simply operate in terms of logical view names. A logical view name such as redirect:/myapp/some/resource
will redirect relative to the current Servlet context, while a name such as redirect:http://myhost.com/some/arbitrary/path
will redirect to an absolute URL.
Note that the controller handler is annotated with the @ResponseStatus
, the annotation value takes precedence over the response status set by RedirectView
.
The forward: prefix
It is also possible to use a special forward:
prefix for view names that are ultimately resolved by UrlBasedViewResolver
and subclasses. This creates an InternalResourceView
(which ultimately does a RequestDispatcher.forward()
) around the rest of the view name, which is considered a URL. Therefore, this prefix is not useful with InternalResourceViewResolver
and InternalResourceView
(for JSPs for example). But the prefix can be helpful when you are primarily using another view technology, but still want to force a forward of a resource to be handled by the Servlet/JSP engine. (Note that you may also chain multiple view resolvers, instead.)
As with the redirect:
prefix, if the view name with the forward:
prefix is injected into the controller, the controller does not detect that anything special is happening in terms of handling the response.
1.5.4. ContentNegotiatingViewResolver
The ContentNegotiatingViewResolver
does not resolve views itself but rather delegates to other view resolvers, selecting the view that resembles the representation requested by the client. Two strategies exist for a client to request a representation from the server:
-
Use a distinct URI for each resource, typically by using a different file extension in the URI. For example, the URI
http://www.example.com/users/fred.pdf
requests a PDF representation of the user fred, andhttp://www.example.com/users/fred.xml
requests an XML representation. -
Use the same URI for the client to locate the resource, but set the
Accept
HTTP request header to list the media types that it understands. For example, an HTTP request forhttp://www.example.com/users/fred
with anAccept
header set toapplication/pdf
requests a PDF representation of the user fred, whilehttp://www.example.com/users/fred
with anAccept
header set totext/xml
requests an XML representation. This strategy is known as content negotiation.
One issue with the Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 For this reason it is common to see the use of a distinct URI for each representation when developing browser based web applications. |
To support multiple representations of a resource, Spring provides the ContentNegotiatingViewResolver
to resolve a view based on the file extension or Accept
header of the HTTP request. ContentNegotiatingViewResolver
does not perform the view resolution itself but instead delegates to a list of view resolvers that you specify through the bean property ViewResolvers
.
The ContentNegotiatingViewResolver
selects an appropriate View
to handle the request by comparing the request media type(s) with the media type (also known as Content-Type
) supported by the View
associated with each of its ViewResolvers
. The first View
in the list that has a compatible Content-Type
returns the representation to the client. If a compatible view cannot be supplied by the ViewResolver
chain, then the list of views specified through the DefaultViews
property will be consulted. This latter option is appropriate for singleton Views
that can render an appropriate representation of the current resource regardless of the logical view name. The Accept
header may include wild cards, for example text/*
, in which case a View
whose Content-Type was text/xml
is a compatible match.
To support custom resolution of a view based on a file extension, use a ContentNegotiationManager
: see Requested Content Types.
Here is an example configuration of a ContentNegotiatingViewResolver
:
<bean class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
<property name="viewResolvers">
<list>
<bean class="org.springframework.web.servlet.view.BeanNameViewResolver"/>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
</list>
</property>
<property name="defaultViews">
<list>
<bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView"/>
</list>
</property>
</bean>
<bean id="content" class="com.foo.samples.rest.SampleContentAtomView"/>
The InternalResourceViewResolver
handles the translation of view names and JSP pages, while the BeanNameViewResolver
returns a view based on the name of a bean. (See "Resolving views with the ViewResolver interface" for more details on how Spring looks up and instantiates a view.) In this example, the content
bean is a class that inherits from AbstractAtomFeedView
, which returns an Atom RSS feed. For more information on creating an Atom Feed representation, see the section Atom Views.
In the above configuration, if a request is made with an .html
extension, the view resolver looks for a view that matches the text/html
media type. The InternalResourceViewResolver
provides the matching view for text/html
. If the request is made with the file extension .atom
, the view resolver looks for a view that matches the application/atom+xml
media type. This view is provided by the BeanNameViewResolver
that maps to the SampleContentAtomView
if the view name returned is content
. If the request is made with the file extension .json
, the MappingJackson2JsonView
instance from the DefaultViews
list will be selected regardless of the view name. Alternatively, client requests can be made without a file extension but with the Accept
header set to the preferred media-type, and the same resolution of request to views would occur.
If `ContentNegotiatingViewResolver’s list of ViewResolvers is not configured explicitly, it automatically uses any ViewResolvers defined in the application context. |
The corresponding controller code that returns an Atom RSS feed for a URI of the form http://localhost/content.atom
or http://localhost/content
with an Accept
header of application/atom+xml is shown below.
@Controller
public class ContentController {
private List<SampleContent> contentList = new ArrayList<SampleContent>();
@GetMapping("/content")
public ModelAndView getContent() {
ModelAndView mav = new ModelAndView();
mav.setViewName("content");
mav.addObject("sampleContentList", contentList);
return mav;
}
}
1.6. Using flash attributes
Flash attributes provide a way for one request to store attributes intended for use in another. This is most commonly needed when redirecting — for example, the Post/Redirect/Get pattern. Flash attributes are saved temporarily before the redirect (typically in the session) to be made available to the request after the redirect and removed immediately.
Spring MVC has two main abstractions in support of flash attributes. FlashMap
is used to hold flash attributes while FlashMapManager
is used to store, retrieve, and manage FlashMap
instances.
Flash attribute support is always "on" and does not need to enabled explicitly although if not used, it never causes HTTP session creation. On each request there is an "input" FlashMap
with attributes passed from a previous request (if any) and an "output"FlashMap
with attributes to save for a subsequent request. Both FlashMap
instances are accessible from anywhere in Spring MVC through static methods in RequestContextUtils
.
Annotated controllers typically do not need to work with FlashMap
directly. Instead an @RequestMapping
method can accept an argument of type RedirectAttributes
and use it to add flash attributes for a redirect scenario. Flash attributes added viaRedirectAttributes
are automatically propagated to the "output" FlashMap. Similarly, after the redirect, attributes from the "input" FlashMap
are automatically added to the Model
of the controller serving the target URL.
1.7. Building URIs
Spring MVC provides a mechanism for building and encoding a URI using UriComponentsBuilder
and UriComponents
.
For example you can expand and encode a URI template string:
UriComponents uriComponents = UriComponentsBuilder.fromUriString(
"http://example.com/hotels/{hotel}/bookings/{booking}").build();
URI uri = uriComponents.expand("42", "21").encode().toUri();
Note that UriComponents
is immutable and the expand()
and encode()
operations return new instances if necessary.
You can also expand and encode using individual URI components:
UriComponents uriComponents = UriComponentsBuilder.newInstance()
.scheme("http").host("example.com").path("/hotels/{hotel}/bookings/{booking}").build()
.expand("42", "21")
.encode();
In a Servlet environment the ServletUriComponentsBuilder
sub-class provides static factory methods to copy available URL information from a Servlet requests:
HttpServletRequest request = ...
// Re-use host, scheme, port, path and query string
// Replace the "accountId" query param
ServletUriComponentsBuilder ucb = ServletUriComponentsBuilder.fromRequest(request)
.replaceQueryParam("accountId", "{id}").build()
.expand("123")
.encode();
Alternatively, you may choose to copy a subset of the available information up to and including the context path:
// Re-use host, port and context path
// Append "/accounts" to the path
ServletUriComponentsBuilder ucb = ServletUriComponentsBuilder.fromContextPath(request)
.path("/accounts").build()
Or in cases where the DispatcherServlet
is mapped by name (e.g. /main/*
), you can also have the literal part of the servlet mapping included:
// Re-use host, port, context path
// Append the literal part of the servlet mapping to the path
// Append "/accounts" to the path
ServletUriComponentsBuilder ucb = ServletUriComponentsBuilder.fromServletMapping(request)
.path("/accounts").build()
1.7.1. Building URIs to Controllers and methods
Spring MVC also provides a mechanism for building links to controller methods. For example, given:
@Controller
@RequestMapping("/hotels/{hotel}")
public class BookingController {
@GetMapping("/bookings/{booking}")
public String getBooking(@PathVariable Long booking) {
// ...
}
}
You can prepare a link by referring to the method by name:
UriComponents uriComponents = MvcUriComponentsBuilder
.fromMethodName(BookingController.class, "getBooking", 21).buildAndExpand(42);
URI uri = uriComponents.encode().toUri();
In the above example we provided actual method argument values, in this case the long value 21, to be used as a path variable and inserted into the URL. Furthermore, we provided the value 42 in order to fill in any remaining URI variables such as the "hotel" variable inherited from the type-level request mapping. If the method had more arguments you can supply null for arguments not needed for the URL. In general only @PathVariable
and @RequestParam
arguments are relevant for constructing the URL.
There are additional ways to use MvcUriComponentsBuilder
. For example you can use a technique akin to mock testing through proxies to avoid referring to the controller method by name (the example assumes static import of MvcUriComponentsBuilder.on
):
UriComponents uriComponents = MvcUriComponentsBuilder
.fromMethodCall(on(BookingController.class).getBooking(21)).buildAndExpand(42);
URI uri = uriComponents.encode().toUri();
The above examples use static methods in MvcUriComponentsBuilder
. Internally they rely on ServletUriComponentsBuilder
to prepare a base URL from the scheme, host, port, context path and servlet path of the current request. This works well in most cases, however sometimes it may be insufficient. For example you may be outside the context of a request (e.g. a batch process that prepares links) or perhaps you need to insert a path prefix (e.g. a locale prefix that was removed from the request path and needs to be re-inserted into links).
For such cases you can use the static "fromXxx" overloaded methods that accept a UriComponentsBuilder
to use base URL. Or you can create an instance of MvcUriComponentsBuilder
with a base URL and then use the instance-based "withXxx" methods. For example:
UriComponentsBuilder base = ServletUriComponentsBuilder.fromCurrentContextPath().path("/en");
MvcUriComponentsBuilder builder = MvcUriComponentsBuilder.relativeTo(base);
builder.withMethodCall(on(BookingController.class).getBooking(21)).buildAndExpand(42);
URI uri = uriComponents.encode().toUri();
1.7.2. Working with "Forwarded" and "X-Forwarded-*" Headers
As a request goes through proxies such as load balancers the host, port, and scheme may change presenting a challenge for applications that need to create links to resources since the links should reflect the host, port, and scheme of the original request as seen from a client perspective.
RFC 7239 defines the "Forwarded" HTTP header for proxies to use to provide information about the original request. There are also other non-standard headers in use such as "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto".
Both ServletUriComponentsBuilder
and MvcUriComponentsBuilder
detect, extract, and use information from the "Forwarded" header, or from "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto" if "Forwarded" is not present, so that the resulting links reflect the original request.
The ForwardedHeaderFilter
provides an alternative to do the same once and globally for the entire application. The filter wraps the request in order to overlay host, port, and scheme information and also "hides" any forwarded headers for subsequent processing.
Note that there are security considerations when using forwarded headers as explained in Section 8 of RFC 7239. At the application level it is difficult to determine whether forwarded headers can be trusted or not. This is why the network upstream should be configured correctly to filter out untrusted forwarded headers from the outside.
Applications that don’t have a proxy and don’t need to use forwarded headers can configure the ForwardedHeaderFilter
to remove and ignore such headers.
1.7.3. Building URIs to Controllers and methods from views
You can also build links to annotated controllers from views such as JSP, Thymeleaf, FreeMarker. This can be done using the fromMappingName
method in MvcUriComponentsBuilder
which refers to mappings by name.
Every @RequestMapping
is assigned a default name based on the capital letters of the class and the full method name. For example, the method getFoo
in class FooController
is assigned the name "FC#getFoo". This strategy can be replaced or customized by creating an instance of HandlerMethodMappingNamingStrategy
and plugging it into yourRequestMappingHandlerMapping
. The default strategy implementation also looks at the name attribute on @RequestMapping
and uses that if present. That means if the default mapping name assigned conflicts with another (e.g. overloaded methods) you can assign a name explicitly on the @RequestMapping
.
The assigned request mapping names are logged at TRACE level on startup. |
The Spring JSP tag library provides a function called mvcUrl
that can be used to prepare links to controller methods based on this mechanism.
For example given:
@RequestMapping("/people/{id}/addresses")
public class PersonAddressController {
@RequestMapping("/{country}")
public HttpEntity getAddress(@PathVariable String country) { ... }
}
You can prepare a link from a JSP as follows:
<%@ taglib uri="http://www.springframework.org/tags" prefix="s" %>
...
<a href="${s:mvcUrl('PAC#getAddress').arg(0,'US').buildAndExpand('123')}">Get Address</a>
The above example relies on the mvcUrl
JSP function declared in the Spring tag library (i.e. META-INF/spring.tld). For more advanced cases (e.g. a custom base URL as explained in the previous section), it is easy to define your own function, or use a custom tag file, in order to use a specific instance of MvcUriComponentsBuilder
with a custom base URL.
1.8. Using locales
Most parts of Spring’s architecture support internationalization, just as the Spring web MVC framework does. DispatcherServlet
enables you to automatically resolve messages using the client’s locale. This is done with LocaleResolver
objects.
When a request comes in, the DispatcherServlet
looks for a locale resolver, and if it finds one it tries to use it to set the locale. Using the RequestContext.getLocale()
method, you can always retrieve the locale that was resolved by the locale resolver.
In addition to automatic locale resolution, you can also attach an interceptor to the handler mapping (see Intercepting requests with a HandlerInterceptor for more information on handler mapping interceptors) to change the locale under specific circumstances, for example, based on a parameter in the request.
Locale resolvers and interceptors are defined in the org.springframework.web.servlet.i18n
package and are configured in your application context in the normal way. Here is a selection of the locale resolvers included in Spring.
1.8.1. Obtaining Time Zone Information
In addition to obtaining the client’s locale, it is often useful to know their time zone. The LocaleContextResolver
interface offers an extension to LocaleResolver
that allows resolvers to provide a richer LocaleContext
, which may include time zone information.
When available, the user’s TimeZone
can be obtained using the RequestContext.getTimeZone()
method. Time zone information will automatically be used by Date/Time Converter
and Formatter
objects registered with Spring’s ConversionService
.
1.8.2. AcceptHeaderLocaleResolver
This locale resolver inspects the accept-language
header in the request that was sent by the client (e.g., a web browser). Usually this header field contains the locale of the client’s operating system. Note that this resolver does not support time zone information.
1.8.3. CookieLocaleResolver
This locale resolver inspects a Cookie
that might exist on the client to see if a Locale
or TimeZone
is specified. If so, it uses the specified details. Using the properties of this locale resolver, you can specify the name of the cookie as well as the maximum age. Find below an example of defining a CookieLocaleResolver
.
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
<property name="cookieName" value="clientlanguage"/>
<!-- in seconds. If set to -1, the cookie is not persisted (deleted when browser shuts down) -->
<property name="cookieMaxAge" value="100000"/>
</bean>
Property | Default | Description |
---|---|---|
cookieName | classname + LOCALE | The name of the cookie |
cookieMaxAge | Servlet container default | The maximum time a cookie will stay persistent on the client. If -1 is specified, the cookie will not be persisted; it will only be available until the client shuts down their browser. |
cookiePath | / | Limits the visibility of the cookie to a certain part of your site. When cookiePath is specified, the cookie will only be visible to that path and the paths below it. |
1.8.4. SessionLocaleResolver
The SessionLocaleResolver
allows you to retrieve Locale
and TimeZone
from the session that might be associated with the user’s request. In contrast to CookieLocaleResolver
, this strategy stores locally chosen locale settings in the Servlet container’s HttpSession
. As a consequence, those settings are just temporary for each session and therefore lost when each session terminates.
Note that there is no direct relationship with external session management mechanisms such as the Spring Session project. This SessionLocaleResolver
will simply evaluate and modify corresponding HttpSession
attributes against the current HttpServletRequest
.
1.8.5. LocaleChangeInterceptor
You can enable changing of locales by adding the LocaleChangeInterceptor
to one of the handler mappings (see Handler mappings). It will detect a parameter in the request and change the locale. It calls setLocale()
on the LocaleResolver
that also exists in the context. The following example shows that calls to all *.view
resources containing a parameter named siteLanguage
will now change the locale. So, for example, a request for the following URL, http://www.sf.net/home.view?siteLanguage=nl
will change the site language to Dutch.
<bean id="localeChangeInterceptor"
class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="siteLanguage"/>
</bean>
<bean id="localeResolver"
class="org.springframework.web.servlet.i18n.CookieLocaleResolver"/>
<bean id="urlMapping"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="interceptors">
<list>
<ref bean="localeChangeInterceptor"/>
</list>
</property>
<property name="mappings">
<value>/**/*.view=someController</value>
</property>
</bean>
1.9. Using themes
1.9.1. Overview of themes
You can apply Spring Web MVC framework themes to set the overall look-and-feel of your application, thereby enhancing user experience. A theme is a collection of static resources, typically style sheets and images, that affect the visual style of the application.
1.9.2. Defining themes
To use themes in your web application, you must set up an implementation of theorg.springframework.ui.context.ThemeSource
interface. The WebApplicationContext
interface extends ThemeSource
but delegates its responsibilities to a dedicated implementation. By default the delegate will be anorg.springframework.ui.context.support.ResourceBundleThemeSource
implementation that loads properties files from the root of the classpath. To use a custom ThemeSource
implementation or to configure the base name prefix of the ResourceBundleThemeSource
, you can register a bean in the application context with the reserved name themeSource
. The web application context automatically detects a bean with that name and uses it.
When using the ResourceBundleThemeSource
, a theme is defined in a simple properties file. The properties file lists the resources that make up the theme. Here is an example:
styleSheet=/themes/cool/style.css background=/themes/cool/img/coolBg.jpg
The keys of the properties are the names that refer to the themed elements from view code. For a JSP, you typically do this using the spring:theme
custom tag, which is very similar to the spring:message
tag. The following JSP fragment uses the theme defined in the previous example to customize the look and feel:
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<html>
<head>
<link rel="stylesheet" href="<spring:theme code='styleSheet'/>" type="text/css"/>
</head>
<body style="background=<spring:theme code='background'/>">
...
</body>
</html>
By default, the ResourceBundleThemeSource
uses an empty base name prefix. As a result, the properties files are loaded from the root of the classpath. Thus you would put the cool.properties
theme definition in a directory at the root of the classpath, for example, in /WEB-INF/classes
. The ResourceBundleThemeSource
uses the standard Java resource bundle loading mechanism, allowing for full internationalization of themes. For example, we could have a /WEB-INF/classes/cool_nl.properties
that references a special background image with Dutch text on it.
1.9.3. Theme resolvers
After you define themes, as in the preceding section, you decide which theme to use. The DispatcherServlet
will look for a bean named themeResolver
to find out which ThemeResolver
implementation to use. A theme resolver works in much the same way as a LocaleResolver
. It detects the theme to use for a particular request and can also alter the request’s theme. The following theme resolvers are provided by Spring:
Class | Description |
---|---|
| Selects a fixed theme, set using the |
| The theme is maintained in the user’s HTTP session. It only needs to be set once for each session, but is not persisted between sessions. |
| The selected theme is stored in a cookie on the client. |
Spring also provides a ThemeChangeInterceptor
that allows theme changes on every request with a simple request parameter.
1.10. Multipart (file upload) support
1.10.1. Introduction
Spring’s built-in multipart support handles file uploads in web applications. You enable this multipart support with pluggable MultipartResolver
objects, defined in the org.springframework.web.multipart
package. Spring provides one MultipartResolver
implementation for use with Commons FileUpload and another for use with Servlet 3.0 multipart request parsing.
By default, Spring does no multipart handling, because some developers want to handle multiparts themselves. You enable Spring multipart handling by adding a multipart resolver to the web application’s context. Each request is inspected to see if it contains a multipart. If no multipart is found, the request continues as expected. If a multipart is found in the request, the MultipartResolver
that has been declared in your context is used. After that, the multipart attribute in your request is treated like any other attribute.
Commons FileUpload
1.10.2. Using a MultipartResolver with The following example shows how to use the CommonsMultipartResolver
:
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!-- one of the properties available; the maximum file size in bytes -->
<property name="maxUploadSize" value="100000"/>
</bean>
Of course you also need to put the appropriate jars in your classpath for the multipart resolver to work. In the case of the CommonsMultipartResolver
, you need to use commons-fileupload.jar
.
When the Spring DispatcherServlet
detects a multi-part request, it activates the resolver that has been declared in your context and hands over the request. The resolver then wraps the current HttpServletRequest
into a MultipartHttpServletRequest
that supports multipart file uploads. Using the MultipartHttpServletRequest
, you can get information about the multiparts contained by this request and actually get access to the multipart files themselves in your controllers.
Servlet 3.0
1.10.3. Using a MultipartResolver with In order to use Servlet 3.0 based multipart parsing, you need to mark the DispatcherServlet
with a "multipart-config"
section in web.xml
, or with a javax.servlet.MultipartConfigElement
in programmatic Servlet registration, or in case of a custom Servlet class possibly with a javax.servlet.annotation.MultipartConfig
annotation on your Servlet class. Configuration settings such as maximum sizes or storage locations need to be applied at that Servlet registration level as Servlet 3.0 does not allow for those settings to be done from the MultipartResolver.
Once Servlet 3.0 multipart parsing has been enabled in one of the above mentioned ways you can add the StandardServletMultipartResolver
to your Spring configuration:
<bean id="multipartResolver"
class="org.springframework.web.multipart.support.StandardServletMultipartResolver">
</bean>
1.10.4. Handling a file upload in a form
After the MultipartResolver
completes its job, the request is processed like any other. First, create a form with a file input that will allow the user to upload a form. The encoding attribute ( enctype="multipart/form-data"
) lets the browser know how to encode the form as multipart request:
<html>
<head>
<title>Upload a file please</title>
</head>
<body>
<h1>Please upload a file</h1>
<form method="post" action="/form" enctype="multipart/form-data">
<input type="text" name="name"/>
<input type="file" name="file"/>
<input type="submit"/>
</form>
</body>
</html>
The next step is to create a controller that handles the file upload. This controller is very similar to a normal annotated @Controller
, except that we use MultipartHttpServletRequest
or MultipartFile
in the method parameters:
@Controller
public class FileUploadController {
@PostMapping("/form")
public String handleFormUpload(@RequestParam("name") String name,
@RequestParam("file") MultipartFile file) {
if (!file.isEmpty()) {
byte[] bytes = file.getBytes();
// store the bytes somewhere
return "redirect:uploadSuccess";
}
return "redirect:uploadFailure";
}
}
Note how the @RequestParam
method parameters map to the input elements declared in the form. In this example, nothing is done with the byte[]
, but in practice you can save it in a database, store it on the file system, and so on.
When using Servlet 3.0 multipart parsing you can also use javax.servlet.http.Part
for the method parameter:
@Controller
public class FileUploadController {
@PostMapping("/form")
public String handleFormUpload(@RequestParam("name") String name,
@RequestParam("file") Part file) {
InputStream inputStream = file.getInputStream();
// store bytes from uploaded file somewhere
return "redirect:uploadSuccess";
}
}
1.10.5. Handling a file upload request from programmatic clients
Multipart requests can also be submitted from non-browser clients in a RESTful service scenario. All of the above examples and configuration apply here as well. However, unlike browsers that typically submit files and simple form fields, a programmatic client can also send more complex data of a specific content type — for example a multipart request with a file and second part with JSON formatted data:
POST /someUrl Content-Type: multipart/mixed --edt7Tfrdusa7r3lNQc79vXuhIIMlatb7PQg7Vp Content-Disposition: form-data; name="meta-data" Content-Type: application/json; charset=UTF-8 Content-Transfer-Encoding: 8bit { "name": "value" } --edt7Tfrdusa7r3lNQc79vXuhIIMlatb7PQg7Vp Content-Disposition: form-data; name="file-data"; filename="file.properties" Content-Type: text/xml Content-Transfer-Encoding: 8bit ... File Data ...
You could access the part named "meta-data" with a @RequestParam("meta-data") String metadata
controller method argument. However, you would probably prefer to accept a strongly typed object initialized from the JSON formatted data in the body of the request part, very similar to the way @RequestBody
converts the body of a non-multipart request to a target object with the help of an HttpMessageConverter
.
You can use the @RequestPart
annotation instead of the @RequestParam
annotation for this purpose. It allows you to have the content of a specific multipart passed through an HttpMessageConverter
taking into consideration the 'Content-Type'
header of the multipart:
@PostMapping("/someUrl")
public String onSubmit(@RequestPart("meta-data") MetaData metadata,
@RequestPart("file-data") MultipartFile file) {
// ...
}
Notice how MultipartFile
method arguments can be accessed with @RequestParam
or with @RequestPart
interchangeably. However, the @RequestPart("meta-data") MetaData
method argument in this case is read as JSON content based on its 'Content-Type'
header and converted with the help of the MappingJackson2HttpMessageConverter
.
1.11. Handling exceptions
1.11.1. HandlerExceptionResolver
Spring HandlerExceptionResolver
implementations deal with unexpected exceptions that occur during controller execution. A HandlerExceptionResolver
somewhat resembles the exception mappings you can define in the web application descriptor web.xml
. However, they provide a more flexible way to do so. For example they provide information about which handler was executing when the exception was thrown. Furthermore, a programmatic way of handling exceptions gives you more options for responding appropriately before the request is forwarded to another URL (the same end result as when you use the Servlet specific exception mappings).
Besides implementing the HandlerExceptionResolver
interface, which is only a matter of implementing the resolveException(Exception, Handler)
method and returning a ModelAndView
, you may also use the provided SimpleMappingExceptionResolver
or create @ExceptionHandler
methods. The SimpleMappingExceptionResolver
enables you to take the class name of any exception that might be thrown and map it to a view name. This is functionally equivalent to the exception mapping feature from the Servlet API, but it is also possible to implement more finely grained mappings of exceptions from different handlers. The @ExceptionHandler
annotation on the other hand can be used on methods that should be invoked to handle an exception. Such methods may be defined locally within an @Controller
or may apply to many @Controller
classes when defined within an @ControllerAdvice
class. The following sections explain this in more detail.
1.11.2. @ExceptionHandler
The HandlerExceptionResolver
interface and the SimpleMappingExceptionResolver
implementations allow you to map Exceptions to specific views declaratively along with some optional Java logic before forwarding to those views. However, in some cases, especially when relying on @ResponseBody
methods rather than on view resolution, it may be more convenient to directly set the status of the response and optionally write error content to the body of the response.
You can do that with @ExceptionHandler
methods. When declared within a controller such methods apply to exceptions raised by @RequestMapping
methods of that controller (or any of its sub-classes). You can also declare an @ExceptionHandler
method within an @ControllerAdvice
class in which case it handles exceptions from @RequestMapping
methods from many controllers. Below is an example of a controller-local @ExceptionHandler
method:
@Controller
public class SimpleController {
// @RequestMapping methods omitted ...
@ExceptionHandler(IOException.class)
public ResponseEntity<String> handleIOException(IOException ex) {
// prepare responseEntity
return responseEntity;
}
}
The @ExceptionHandler
value can be set to an array of Exception types. If an exception is thrown that matches one of the types in the list, then the method annotated with the matching @ExceptionHandler
will be invoked. If the annotation value is not set then the exception types listed as method arguments are used.
Much like standard controller methods annotated with a @RequestMapping
annotation, the method arguments and return values of @ExceptionHandler
methods can be flexible. For example, the HttpServletRequest
can be accessed in Servlet environments. The return type can be a String
, which is interpreted as a view name, a ModelAndView
object, a ResponseEntity
, or you can also add the @ResponseBody
to have the method return value converted with message converters and written to the response stream.
1.11.3. Handling Standard Spring MVC Exceptions
Spring MVC may raise a number of exceptions while processing a request. The SimpleMappingExceptionResolver
can easily map any exception to a default error view as needed. However, when working with clients that interpret responses in an automated way you will want to set specific status code on the response. Depending on the exception raised the status code may indicate a client error (4xx) or a server error (5xx).
The DefaultHandlerExceptionResolver
translates Spring MVC exceptions to specific error status codes. It is registered by default with the MVC namespace, the MVC Java config, and also by the DispatcherServlet
(i.e. when not using the MVC namespace or Java config). Listed below are some of the exceptions handled by this resolver and the corresponding status codes:
Exception | HTTP Status Code |
---|---|
| 400 (Bad Request) |
| 500 (Internal Server Error) |
| 406 (Not Acceptable) |
| 415 (Unsupported Media Type) |
| 400 (Bad Request) |
| 500 (Internal Server Error) |
| 405 (Method Not Allowed) |
| 400 (Bad Request) |
| 500 (Internal Server Error) |
| 400 (Bad Request) |
| 400 (Bad Request) |
| 404 (Not Found) |
| 404 (Not Found) |
| 400 (Bad Request) |
The DefaultHandlerExceptionResolver
works transparently by setting the status of the response. However, it stops short of writing any error content to the body of the response while your application may need to add developer-friendly content to every error response for example when providing a REST API. You can prepare a ModelAndView
and render error content through view resolution — i.e. by configuring a ContentNegotiatingViewResolver
, MappingJackson2JsonView
, and so on. However, you may prefer to use @ExceptionHandler
methods instead.
If you prefer to write error content via @ExceptionHandler
methods you can extend ResponseEntityExceptionHandler
instead. This is a convenient base for @ControllerAdvice
classes providing an @ExceptionHandler
method to handle standard Spring MVC exceptions and return ResponseEntity
. That allows you to customize the response and write error content with message converters. See the ResponseEntityExceptionHandler
javadocs for more details.
1.11.4. REST Controller Exception Handling
An @RestController
may use @ExceptionHandler
methods that return a ResponseEntity
to provide both a response status and error details in the body of the response. Such methods may also be added to @ControllerAdvice
classes for exception handling across a subset or all controllers.
A common requirement is to include error details in the body of the response. Spring does not automatically do this (although Spring Boot does) because the representation of error details in the response body is application specific.
Applications that wish to implement a global exception handling strategy with error details in the response body should consider extending the abstract base class ResponseEntityExceptionHandler
which provides handling for the exceptions that Spring MVC raises and provides hooks to customize the response body as well as to handle other exceptions. Simply declare the extension class as a Spring bean and annotate it with @ControllerAdvice
. For more details see See ResponseEntityExceptionHandler
.
1.11.5. Annotating Business Exceptions With @ResponseStatus
A business exception can be annotated with @ResponseStatus
. When the exception is raised, the ResponseStatusExceptionResolver
handles it by setting the status of the response accordingly. By default the DispatcherServlet
registers the ResponseStatusExceptionResolver
and it is available for use.
1.11.6. Customizing the Default Servlet Container Error Page
When the status of the response is set to an error status code and the body of the response is empty, Servlet containers commonly render an HTML formatted error page. To customize the default error page of the container, you can declare an <error-page>
element in web.xml
. Up until Servlet 3, that element had to be mapped to a specific status code or exception type. Starting with Servlet 3 an error page does not need to be mapped, which effectively means the specified location customizes the default Servlet container error page.
<error-page>
<location>/error</location>
</error-page>
Note that the actual location for the error page can be a JSP page or some other URL within the container including one handled through an @Controller
method:
When writing error information, the status code and the error message set on the HttpServletResponse
can be accessed through request attributes in a controller:
@Controller
public class ErrorController {
@RequestMapping(path = "/error", produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
@ResponseBody
public Map<String, Object> handle(HttpServletRequest request) {
Map<String, Object> map = new HashMap<String, Object>();
map.put("status", request.getAttribute("javax.servlet.error.status_code"));
map.put("reason", request.getAttribute("javax.servlet.error.message"));
return map;
}
}
or in a JSP:
<%@ page contentType="application/json" pageEncoding="UTF-8"%>
{
status:<%=request.getAttribute("javax.servlet.error.status_code") %>,
reason:<%=request.getAttribute("javax.servlet.error.message") %>
}
1.12. Web Security
The Spring Security project provides features to protect web applications from malicious exploits. Check out the reference documentation in the sections on "CSRF protection", "Security Response Headers", and also "Spring MVC Integration". Note that using Spring Security to secure the application is not necessarily required for all features. For example CSRF protection can be added simply by adding the CsrfFilter
and CsrfRequestDataValueProcessor
to your configuration. See the Spring MVC Showcase for an example.
Another option is to use a framework dedicated to Web Security. HDIV is one such framework and integrates with Spring MVC.
1.13. Convention over configuration support
For a lot of projects, sticking to established conventions and having reasonable defaults is just what they (the projects) need, and Spring Web MVC now has explicit support for convention over configuration. What this means is that if you establish a set of naming conventions and suchlike, you can substantially cut down on the amount of configuration that is required to set up handler mappings, view resolvers, ModelAndView
instances, etc. This is a great boon with regards to rapid prototyping, and can also lend a degree of (always good-to-have) consistency across a codebase should you choose to move forward with it into production.
Convention-over-configuration support addresses the three core areas of MVC: models, views, and controllers.
1.13.1. The Controller ControllerClassNameHandlerMapping
The ControllerClassNameHandlerMapping
class is a HandlerMapping
implementation that uses a convention to determine the mapping between request URLs and the Controller
instances that are to handle those requests.
Consider the following simple Controller
implementation. Take special notice of the name of the class.
public class ViewShoppingCartController implements Controller {
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) {
// the implementation is not hugely important for this example...
}
}
Here is a snippet from the corresponding Spring Web MVC configuration file:
<bean class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping"/>
<bean id="viewShoppingCart" class="x.y.z.ViewShoppingCartController">
<!-- inject dependencies as required... -->
</bean>
The ControllerClassNameHandlerMapping
finds all of the various handler (or Controller
) beans defined in its application context and strips Controller
off the name to define its handler mappings. Thus, ViewShoppingCartController
maps to the/viewshoppingcart*
request URL.
Let’s look at some more examples so that the central idea becomes immediately familiar. (Notice all lowercase in the URLs, in contrast to camel-cased Controller
class names.)
-
WelcomeController
maps to the/welcome*
request URL -
HomeController
maps to the/home*
request URL -
IndexController
maps to the/index*
request URL -
RegisterController
maps to the/register*
request URL
In the case of MultiActionController
handler classes, the mappings generated are slightly more complex. The Controller
names in the following examples are assumed to be MultiActionController
implementations:
-
AdminController
maps to the/admin/*
request URL -
CatalogController
maps to the/catalog/*
request URL
If you follow the convention of naming your Controller
implementations as xxxController
, the ControllerClassNameHandlerMapping
saves you the tedium of defining and maintaining a potentially looooongSimpleUrlHandlerMapping
(or suchlike).
The ControllerClassNameHandlerMapping
class extends the AbstractHandlerMapping
base class so you can define HandlerInterceptor
instances and everything else just as you would with many other HandlerMapping
implementations.
1.13.2. The Model ModelMap (ModelAndView)
The ModelMap
class is essentially a glorified Map
that can make adding objects that are to be displayed in (or on) a View
adhere to a common naming convention. Consider the following Controller
implementation; notice that objects are added to theModelAndView
without any associated name specified.
public class DisplayShoppingCartController implements Controller {
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) {
List cartItems = // get a List of CartItem objects
User user = // get the User doing the shopping
ModelAndView mav = new ModelAndView("displayShoppingCart"); <-- the logical view name
mav.addObject(cartItems); <-- look ma, no name, just the object
mav.addObject(user); <-- and again ma!
return mav;
}
}
The ModelAndView
class uses a ModelMap
class that is a custom Map
implementation that automatically generates a key for an object when an object is added to it. The strategy for determining the name for an added object is, in the case of a scalar object such as User
, to use the short class name of the object’s class. The following examples are names that are generated for scalar objects put into a ModelMap
instance.
-
An
x.y.User
instance added will have the nameuser
generated. -
An
x.y.Registration
instance added will have the nameregistration
generated. -
An
x.y.Foo
instance added will have the namefoo
generated. -
A
java.util.HashMap
instance added will have the namehashMap
generated. You probably want to be explicit about the name in this case becausehashMap
is less than intuitive. -
Adding
null
will result in anIllegalArgumentException
being thrown. If the object (or objects) that you are adding could benull
, then you will also want to be explicit about the name.
The strategy for generating a name after adding a Set
or a List
is to peek into the collection, take the short class name of the first object in the collection, and use that with List
appended to the name. The same applies to arrays although with arrays it is not necessary to peek into the array contents. A few examples will make the semantics of name generation for collections clearer:
-
An
x.y.User[]
array with zero or morex.y.User
elements added will have the nameuserList
generated. -
An
x.y.Foo[]
array with zero or morex.y.User
elements added will have the namefooList
generated. -
A
java.util.ArrayList
with one or morex.y.User
elements added will have the nameuserList
generated. -
A
java.util.HashSet
with one or morex.y.Foo
elements added will have the namefooList
generated. -
An empty
java.util.ArrayList
will not be added at all (in effect, theaddObject(..)
call will essentially be a no-op).
1.13.3. The View - RequestToViewNameTranslator
The RequestToViewNameTranslator
interface determines a logical View
name when no such logical view name is explicitly supplied. It has just one implementation, the DefaultRequestToViewNameTranslator
class.
The DefaultRequestToViewNameTranslator
maps request URLs to logical view names, as with this example:
public class RegistrationController implements Controller {
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) {
// process the request...
ModelAndView mav = new ModelAndView();
// add data as necessary to the model...
return mav;
// notice that no View or logical view name has been set
}
}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- this bean with the well known name generates view names for us -->
<bean id="viewNameTranslator"
class="org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator"/>
<bean class="x.y.RegistrationController">
<!-- inject dependencies as necessary -->
</bean>
<!-- maps request URLs to Controller names -->
<bean class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping"/>
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
</beans>
Notice how in the implementation of the handleRequest(..)
method no View
or logical view name is ever set on the ModelAndView
that is returned. The DefaultRequestToViewNameTranslator
is tasked with generating a logical view name from the URL of the request. In the case of the above RegistrationController
, which is used in conjunction with the ControllerClassNameHandlerMapping
, a request URL of http://localhost/registration.html
results in a logical view name of registration
being generated by the DefaultRequestToViewNameTranslator
. This logical view name is then resolved into the /WEB-INF/jsp/registration.jsp
view by the InternalResourceViewResolver
bean.
You do not need to define a |
Of course, if you need to change the default settings, then you do need to configure your own DefaultRequestToViewNameTranslator
bean explicitly. Consult the comprehensive DefaultRequestToViewNameTranslator
javadocs for details on the various properties that can be configured.
1.14. HTTP caching support
A good HTTP caching strategy can significantly improve the performance of a web application and the experience of its clients. The 'Cache-Control'
HTTP response header is mostly responsible for this, along with conditional headers such as 'Last-Modified'
and 'ETag'
.
The 'Cache-Control'
HTTP response header advises private caches (e.g. browsers) and public caches (e.g. proxies) on how they can cache HTTP responses for further reuse.
An ETag (entity tag) is an HTTP response header returned by an HTTP/1.1 compliant web server used to determine change in content at a given URL. It can be considered to be the more sophisticated successor to the Last-Modified
header. When a server returns a representation with an ETag header, the client can use this header in subsequent GETs, in an If-None-Match
header. If the content has not changed, the server returns 304: Not Modified
.
This section describes the different choices available to configure HTTP caching in a Spring Web MVC application.
1.14.1. Cache-Control HTTP header
Spring Web MVC supports many use cases and ways to configure "Cache-Control" headers for an application. While RFC 7234 Section 5.2.2 completely describes that header and its possible directives, there are several ways to address the most common cases.
Spring Web MVC uses a configuration convention in several of its APIs: setCachePeriod(int seconds)
:
-
A
-1
value won’t generate a'Cache-Control'
response header. -
A
0
value will prevent caching using the'Cache-Control: no-store'
directive. -
An
n > 0
value will cache the given response forn
seconds using the'Cache-Control: max-age=n'
directive.
The CacheControl
builder class simply describes the available "Cache-Control" directives and makes it easier to build your own HTTP caching strategy. Once built, a CacheControl
instance can then be accepted as an argument in several Spring Web MVC APIs.
// Cache for an hour - "Cache-Control: max-age=3600"
CacheControl ccCacheOneHour = CacheControl.maxAge(1, TimeUnit.HOURS);
// Prevent caching - "Cache-Control: no-store"
CacheControl ccNoStore = CacheControl.noStore();
// Cache for ten days in public and private caches,
// public caches should not transform the response
// "Cache-Control: max-age=864000, public, no-transform"
CacheControl ccCustom = CacheControl.maxAge(10, TimeUnit.DAYS)
.noTransform().cachePublic();
1.14.2. HTTP caching support for static resources
Static resources should be served with appropriate 'Cache-Control'
and conditional headers for optimal performance.Configuring a ResourceHttpRequestHandler
for serving static resources not only natively writes 'Last-Modified'
headers by reading a file’s metadata, but also 'Cache-Control'
headers if properly configured.
You can set the cachePeriod
attribute on a ResourceHttpRequestHandler
or use a CacheControl
instance, which supports more specific directives:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**")
.addResourceLocations("/public-resources/")
.setCacheControl(CacheControl.maxAge(1, TimeUnit.HOURS).cachePublic());
}
}
And in XML:
<mvc:resources mapping="/resources/**" location="/public-resources/">
<mvc:cache-control max-age="3600" cache-public="true"/>
</mvc:resources>
1.14.3. Support for the Cache-Control, ETag and Last-Modified response headers in Controllers
Controllers can support 'Cache-Control'
, 'ETag'
, and/or 'If-Modified-Since'
HTTP requests; this is indeed recommended if a 'Cache-Control'
header is to be set on the response. This involves calculating a lastModified long
and/or an Etag value for a given request, comparing it against the 'If-Modified-Since'
request header value, and potentially returning a response with status code 304 (Not Modified).
As described in Using HttpEntity, controllers can interact with the request/response using HttpEntity
types. Controllers returning ResponseEntity
can include HTTP caching information in responses like this:
@GetMapping("/book/{id}")
public ResponseEntity<Book> showBook(@PathVariable Long id) {
Book book = findBook(id);
String version = book.getVersion();
return ResponseEntity
.ok()
.cacheControl(CacheControl.maxAge(30, TimeUnit.DAYS))
.eTag(version) // lastModified is also available
.body(book);
}
Doing this will not only include 'ETag'
and 'Cache-Control'
headers in the response, it will also convert the response to an HTTP 304 Not Modified
response with an empty body if the conditional headers sent by the client match the caching information set by the Controller.
An @RequestMapping
method may also wish to support the same behavior. This can be achieved as follows:
@RequestMapping
public String myHandleMethod(WebRequest webRequest, Model model) {
long lastModified = // 1. application-specific calculation
if (request.checkNotModified(lastModified)) {
// 2. shortcut exit - no further processing necessary
return null;
}
// 3. or otherwise further request processing, actually preparing content
model.addAttribute(...);
return "myViewName";
}
There are two key elements here: calling request.checkNotModified(lastModified)
and returning null
. The former sets the appropriate response status and headers before it returns true
. The latter, in combination with the former, causes Spring MVC to do no further processing of the request.
Note that there are 3 variants for this:
-
request.checkNotModified(lastModified)
compares lastModified with the'If-Modified-Since'
or'If-Unmodified-Since'
request header -
request.checkNotModified(eTag)
compares eTag with the'If-None-Match'
request header -
request.checkNotModified(eTag, lastModified)
does both, meaning that both conditions should be valid
When receiving conditional 'GET'
/'HEAD'
requests, checkNotModified
will check that the resource has not been modified and if so, it will result in a HTTP 304 Not Modified
response. In case of conditional 'POST'
/'PUT'
/'DELETE'
requests, checkNotModified
will check that the resource has not been modified and if it has been, it will result in a HTTP 409 Precondition Failed
response to prevent concurrent modifications.
1.14.4. Shallow ETag support
Support for ETags is provided by the Servlet filter ShallowEtagHeaderFilter
. It is a plain Servlet Filter, and thus can be used in combination with any web framework. The ShallowEtagHeaderFilter
filter creates so-called shallow ETags (as opposed to deep ETags, more about that later).The filter caches the content of the rendered JSP (or other content), generates an MD5 hash over that, and returns that as an ETag header in the response. The next time a client sends a request for the same resource, it uses that hash as the If-None-Match
value. The filter detects this, renders the view again, and compares the two hashes. If they are equal, a 304
is returned.
Note that this strategy saves network bandwidth but not CPU, as the full response must be computed for each request. Other strategies at the controller level (described above) can save network bandwidth and avoid computation.
This filter has a writeWeakETag
parameter that configures the filter to write Weak ETags, like this: W/"02a2d595e6ed9a0b24f027f2b63b134d6"
, as defined in RFC 7232 Section 2.3.
You configure the ShallowEtagHeaderFilter
in web.xml
:
<filter>
<filter-name>etagFilter</filter-name>
<filter-class>org.springframework.web.filter.ShallowEtagHeaderFilter</filter-class>
<!-- Optional parameter that configures the filter to write weak ETags
<init-param>
<param-name>writeWeakETag</param-name>
<param-value>true</param-value>
</init-param>
-->
</filter>
<filter-mapping>
<filter-name>etagFilter</filter-name>
<servlet-name>petclinic</servlet-name>
</filter-mapping>
Or in Servlet 3.0+ environments,
public class MyWebAppInitializer extends AbstractDispatcherServletInitializer {
// ...
@Override
protected Filter[] getServletFilters() {
return new Filter[] { new ShallowEtagHeaderFilter() };
}
}
See Code-based Servlet container initialization for more details.
1.15. Code-based Servlet container initialization
In a Servlet 3.0+ environment, you have the option of configuring the Servlet container programmatically as an alternative or in combination with a web.xml
file. Below is an example of registering a DispatcherServlet
:
import org.springframework.web.WebApplicationInitializer;
public class MyWebApplicationInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext container) {
XmlWebApplicationContext appContext = new XmlWebApplicationContext();
appContext.setConfigLocation("/WEB-INF/spring/dispatcher-config.xml");
ServletRegistration.Dynamic registration = container.addServlet("dispatcher", new DispatcherServlet(appContext));
registration.setLoadOnStartup(1);
registration.addMapping("/");
}
}
WebApplicationInitializer
is an interface provided by Spring MVC that ensures your implementation is detected and automatically used to initialize any Servlet 3 container. An abstract base class implementation of WebApplicationInitializer
named AbstractDispatcherServletInitializer
makes it even easier to register the DispatcherServlet
by simply overriding methods to specify the servlet mapping and the location of the DispatcherServlet
configuration.
This is recommended for applications that use Java-based Spring configuration:
public class MyWebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return null;
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { MyWebConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
If using XML-based Spring configuration, you should extend directly from AbstractDispatcherServletInitializer
:
public class MyWebAppInitializer extends AbstractDispatcherServletInitializer {
@Override
protected WebApplicationContext createRootApplicationContext() {
return null;
}
@Override
protected WebApplicationContext createServletApplicationContext() {
XmlWebApplicationContext cxt = new XmlWebApplicationContext();
cxt.setConfigLocation("/WEB-INF/spring/dispatcher-config.xml");
return cxt;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
AbstractDispatcherServletInitializer
also provides a convenient way to add Filter
instances and have them automatically mapped to the DispatcherServlet
:
public class MyWebAppInitializer extends AbstractDispatcherServletInitializer {
// ...
@Override
protected Filter[] getServletFilters() {
return new Filter[] { new HiddenHttpMethodFilter(), new CharacterEncodingFilter() };
}
}
Each filter is added with a default name based on its concrete type and automatically mapped to the DispatcherServlet
.
The isAsyncSupported
protected method of AbstractDispatcherServletInitializer
provides a single place to enable async support on the DispatcherServlet
and all filters mapped to it. By default this flag is set to true
.
Finally, if you need to further customize the DispatcherServlet
itself, you can override the createDispatcherServlet
method.
1.16. MVC Java config, XML namespace
The MVC Java config and the MVC namespace provide default configuration suitable for most applications along with a configuration API to customize it.
For more advanced customizations, not available in the configuration API, see Advanced Config Mode and Advanced MVC Namespace.
You do not need to understand the underlying beans created by the MVC Java config and the MVC namespace but if you want to learn more, see Special Bean Types In the WebApplicationContext and DispatcherServlet
Configuration.
1.16.1. Enable the Configuration
In Java config use the @EnableWebMvc
annotation:
@Configuration
@EnableWebMvc
public class WebConfig {
}
In XML use the <mvc:annotation-driven>
element:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<mvc:annotation-driven/>
</beans>
The above registers a number of Spring MVC infrastructure beans also adapting to dependencies available on the classpath — for JSON, XML, etc.
1.16.2. Configuration Mechanism
In Java config implement WebMvcConfigurer
interface:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
// Implement configuration methods...
}
In XML check attributes and sub-elements of <mvc:annotation-driven/>
. You can view the Spring MVC XML schema or use the code completion feature of your IDE to discover what attributes and sub-elements are available.
1.16.3. Conversion and Formatting
By default formatters for Number
and Date
types are installed, including support for the @NumberFormat
and @DateTimeFormat
annotations. Full support for the Joda Time formatting library is also installed if Joda Time is present on the classpath.
In Java config, register custom formatters and converters:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addFormatters(FormatterRegistry registry) {
// ...
}
}
In XML, the same:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<mvc:annotation-driven conversion-service="conversionService"/>
<bean id="conversionService"
class="org.springframework.format.support.FormattingConversionServiceFactoryBean">
<property name="converters">
<set>
<bean class="org.example.MyConverter"/>
</set>
</property>
<property name="formatters">
<set>
<bean class="org.example.MyFormatter"/>
<bean class="org.example.MyAnnotationFormatterFactory"/>
</set>
</property>
<property name="formatterRegistrars">
<set>
<bean class="org.example.MyFormatterRegistrar"/>
</set>
</property>
</bean>
</beans>
See FormatterRegistrar SPI and the |
1.16.4. Validation
By default if Bean Validation is present on the classpath — e.g. Hibernate Validator, the LocalValidatorFactoryBean
is registered as a global Validator for use with @Valid
and Validated
on controller method arguments.
In Java config, you can customize the global Validator
instance:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public Validator getValidator(); {
// ...
}
}
In XML, the same:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<mvc:annotation-driven validator="globalValidator"/>
</beans>
Note that you can also register Validator
's locally:
@Controller
public class MyController {
@InitBinder
protected void initBinder(WebDataBinder binder) {
binder.addValidators(new FooValidator());
}
}
If you need to have a |
1.16.5. Interceptors
In Java config, register interceptors to apply to incoming requests:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LocaleInterceptor());
registry.addInterceptor(new ThemeInterceptor()).addPathPatterns("/**").excludePathPatterns("/admin/**");
registry.addInterceptor(new SecurityInterceptor()).addPathPatterns("/secure/*");
}
}
In XML, the same:
<mvc:interceptors>
<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"/>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<mvc:exclude-mapping path="/admin/**"/>
<bean class="org.springframework.web.servlet.theme.ThemeChangeInterceptor"/>
</mvc:interceptor>
<mvc:interceptor>
<mvc:mapping path="/secure/*"/>
<bean class="org.example.SecurityInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
1.16.6. Requested Content Types
You can configure how Spring MVC determines the requested media types from the request — e.g. Accept
header, URL path extension, query parameter, etc.
By default the URL path extension is checked first — with json
, xml
, rss
, and atom
registered as known extensions depending on classpath dependencies, and the "Accept" header is checked second.
Consider changing those defaults to Accept
header only and if you must use URL-based content type resolution consider the query parameter strategy over the path extensions. See Suffix Pattern Matching and Suffix Pattern Matching and RFD for more details.
In Java config, customize requested content type resolution:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void configureContentNegotiation(ContentNegotiationConfigurer configurer) {
configurer.mediaType("json", MediaType.APPLICATION_JSON);
}
}
In XML, the same:
<mvc:annotation-driven content-negotiation-manager="contentNegotiationManager"/>
<bean id="contentNegotiationManager" class="org.springframework.web.accept.ContentNegotiationManagerFactoryBean">
<property name="mediaTypes">
<value>
json=application/json
xml=application/xml
</value>
</property>
</bean>
1.16.7. Message Converters
Customization of HttpMessageConverter
can be achieved in Java config by overriding configureMessageConverters()
if you want to replace the default converters created by Spring MVC, or by overriding extendMessageConverters()
if you just want to customize them or add additional converters to the default ones.
Below is an example that adds Jackson JSON and XML converters with a customized ObjectMapper
instead of default ones:
@Configuration
@EnableWebMvc
public class WebConfiguration implements WebMvcConfigurer {
@Override
public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
Jackson2ObjectMapperBuilder builder = new Jackson2ObjectMapperBuilder()
.indentOutput(true)
.dateFormat(new SimpleDateFormat("yyyy-MM-dd"))
.modulesToInstall(new ParameterNamesModule());
converters.add(new MappingJackson2HttpMessageConverter(builder.build()));
converters.add(new MappingJackson2XmlHttpMessageConverter(builder.xml().build()));
}
}
In this example, Jackson2ObjectMapperBuilder is used to create a common configuration for both MappingJackson2HttpMessageConverter
and MappingJackson2XmlHttpMessageConverter
with indentation enabled, a customized date format and the registration of jackson-module-parameter-names that adds support for accessing parameter names (feature added in Java 8).
This builder customizes Jackson’s default properties with the following ones:
-
DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES
is disabled. -
MapperFeature.DEFAULT_VIEW_INCLUSION
is disabled.
It also automatically registers the following well-known modules if they are detected on the classpath:
-
jackson-datatype-jdk7: support for Java 7 types like
java.nio.file.Path
. -
jackson-datatype-joda: support for Joda-Time types.
-
jackson-datatype-jsr310: support for Java 8 Date & Time API types.
-
jackson-datatype-jdk8: support for other Java 8 types like
Optional
.
Enabling indentation with Jackson XML support requires |
Other interesting Jackson modules are available:
-
jackson-datatype-money: support for
javax.money
types (unofficial module) -
jackson-datatype-hibernate: support for Hibernate specific types and properties (including lazy-loading aspects)
It is also possible to do the same in XML:
<mvc:annotation-driven>
<mvc:message-converters>
<bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
<property name="objectMapper" ref="objectMapper"/>
</bean>
<bean class="org.springframework.http.converter.xml.MappingJackson2XmlHttpMessageConverter">
<property name="objectMapper" ref="xmlMapper"/>
</bean>
</mvc:message-converters>
</mvc:annotation-driven>
<bean id="objectMapper" class="org.springframework.http.converter.json.Jackson2ObjectMapperFactoryBean"
p:indentOutput="true"
p:simpleDateFormat="yyyy-MM-dd"
p:modulesToInstall="com.fasterxml.jackson.module.paramnames.ParameterNamesModule"/>
<bean id="xmlMapper" parent="objectMapper" p:createXmlMapper="true"/>
1.16.8. View Controllers
This is a shortcut for defining a ParameterizableViewController
that immediately forwards to a view when invoked. Use it in static cases when there is no Java controller logic to execute before the view generates the response.
An example of forwarding a request for "/"
to a view called "home"
in Java:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("home");
}
}
And the same in XML use the <mvc:view-controller>
element:
<mvc:view-controller path="/" view-name="home"/>
1.16.9. View Resolvers
The MVC config simplifies the registration of view resolvers.
The following is a Java config example that configures content negotiation view resolution using FreeMarker HTML templates and Jackson as a default View
for JSON rendering:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void configureViewResolvers(ViewResolverRegistry registry) {
registry.enableContentNegotiation(new MappingJackson2JsonView());
registry.jsp();
}
}
And the same in XML:
<mvc:view-resolvers>
<mvc:content-negotiation>
<mvc:default-views>
<bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView"/>
</mvc:default-views>
</mvc:content-negotiation>
<mvc:jsp/>
</mvc:view-resolvers>
Note however that FreeMarker, Tiles, Groovy Markup and script templates also require configuration of the underlying view technology.
The MVC namespace provides dedicated elements. For example with FreeMarker:
<mvc:view-resolvers>
<mvc:content-negotiation>
<mvc:default-views>
<bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView"/>
</mvc:default-views>
</mvc:content-negotiation>
<mvc:freemarker cache="false"/>
</mvc:view-resolvers>
<mvc:freemarker-configurer>
<mvc:template-loader-path location="/freemarker"/>
</mvc:freemarker-configurer>
In Java config simply add the respective "Configurer" bean:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void configureViewResolvers(ViewResolverRegistry registry) {
registry.enableContentNegotiation(new MappingJackson2JsonView());
registry.freeMarker().cache(false);
}
@Bean
public FreeMarkerConfigurer freeMarkerConfigurer() {
FreeMarkerConfigurer configurer = new FreeMarkerConfigurer();
configurer.setTemplateLoaderPath("/WEB-INF/");
return configurer;
}
}
1.16.10. Static Resources
This option provides a convenient way to serve static resources from a list of Resource-based locations.
In the example below, given a request that starts with "/resources"
, the relative path is used to find and serve static resources relative to "/public" under the web application root or on the classpath under "/static"
. The resources are served with a 1-year future expiration to ensure maximum use of the browser cache and a reduction in HTTP requests made by the browser. The Last-Modified
header is also evaluated and if present a 304
status code is returned.
In Java config:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**")
.addResourceLocations("/public", "classpath:/static/")
.setCachePeriod(31556926);
}
}
In XML:
<mvc:resources mapping="/resources/**"
location="/public, classpath:/static/"
cache-period="31556926" />
The resource handler also supports a chain of ResourceResolver's and ResourceResolver's. which can be used to create a toolchain for working with optimized resources.
The VersionResourceResolver
can be used for versioned resource URLs based on an MD5 hash computed from the content, a fixed application version, or other. A ContentVersionStrategy
(MD5 hash) is a good choice with some notable exceptions such as JavaScript resources used with a module loader.
For example in Java config;
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**")
.addResourceLocations("/public/")
.resourceChain(true)
.addResolver(new VersionResourceResolver().addContentVersionStrategy("/**"));
}
}
In XML, the same:
<mvc:resources mapping="/resources/**" location="/public/">
<mvc:resource-chain>
<mvc:resource-cache/>
<mvc:resolvers>
<mvc:version-resolver>
<mvc:content-version-strategy patterns="/**"/>
</mvc:version-resolver>
</mvc:resolvers>
</mvc:resource-chain>
</mvc:resources>
You can use ResourceUrlProvider
to rewrite URLs and apply the full chain of resolvers and transformers — e.g. to insert versions. The MVC config provides a ResourceUrlProvider
bean so it can be injected into others. You can also make the rewrite transparent with the ResourceUrlEncodingFilter
for Thymeleaf, JSPs, FreeMarker, and others with URL tags that rely on HttpServletResponse#encodeURL
.
WebJars is also supported via WebJarsResourceResolver
and automatically registered when "org.webjars:webjars-locator"
is present on the classpath. The resolver can re-write URLs to include the version of the jar and can also match to incoming URLs without versions — e.g. "/jquery/jquery.min.js"
to "/jquery/1.2.0/jquery.min.js"
.
1.16.11. "Default" Servlet Handler
This allows for mapping the DispatcherServlet
to "/" (thus overriding the mapping of the container’s default Servlet), while still allowing static resource requests to be handled by the container’s default Servlet. It configures aDefaultServletHttpRequestHandler
with a URL mapping of "/**" and the lowest priority relative to other URL mappings.
This handler will forward all requests to the default Servlet. Therefore it is important that it remains last in the order of all other URL HandlerMappings
. That will be the case if you use <mvc:annotation-driven>
or alternatively if you are setting up your own customized HandlerMapping
instance be sure to set its order
property to a value lower than that of the DefaultServletHttpRequestHandler
, which is Integer.MAX_VALUE
.
To enable the feature using the default setup use:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}
Or in XML:
<mvc:default-servlet-handler/>
The caveat to overriding the "/" Servlet mapping is that the RequestDispatcher
for the default Servlet must be retrieved by name rather than by path. The DefaultServletHttpRequestHandler
will attempt to auto-detect the default Servlet for the container at startup time, using a list of known names for most of the major Servlet containers (including Tomcat, Jetty, GlassFish, JBoss, Resin, WebLogic, and WebSphere). If the default Servlet has been custom configured with a different name, or if a different Servlet container is being used where the default Servlet name is unknown, then the default Servlet’s name must be explicitly provided as in the following example:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable("myCustomDefaultServlet");
}
}
Or in XML:
<mvc:default-servlet-handler default-servlet-name="myCustomDefaultServlet"/>
1.16.12. Path Matching
This allows customizing options related to URL matching and treatment of the URL. For details on the individual options check out the PathMatchConfigurer API.
Example in Java config:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void configurePathMatch(PathMatchConfigurer configurer) {
configurer
.setUseSuffixPatternMatch(true)
.setUseTrailingSlashMatch(false)
.setUseRegisteredSuffixPatternMatch(true)
.setPathMatcher(antPathMatcher())
.setUrlPathHelper(urlPathHelper());
}
@Bean
public UrlPathHelper urlPathHelper() {
//...
}
@Bean
public PathMatcher antPathMatcher() {
//...
}
}
In XML, the same:
<mvc:annotation-driven>
<mvc:path-matching
suffix-pattern="true"
trailing-slash="false"
registered-suffixes-only="true"
path-helper="pathHelper"
path-matcher="pathMatcher"/>
</mvc:annotation-driven>
<bean id="pathHelper" class="org.example.app.MyPathHelper"/>
<bean id="pathMatcher" class="org.example.app.MyPathMatcher"/>
1.16.13. Advanced Config Mode
@EnableWebMvc
imports DelegatingWebMvcConfiguration
that (1) provides default Spring configuration for Spring MVC applications and (2) detects and delegates to WebMvcConfigurer
's to customize that configuration.
For advanced mode, remove @EnableWebMvc
and extend directly from DelegatingWebMvcConfiguration
instead of implementing WebMvcConfigurer
:
@Configuration
public class WebConfig extends DelegatingWebMvcConfiguration {
// ...
}
You can keep existing methods in WebConfig
but you can now also override bean declarations from the base class and you can still have any number of other WebMvcConfigurer
's on the classpath.
1.16.14. Advanced MVC Namespace
The MVC namespace does not have an advanced mode. If you need to customize a property on a bean that you can’t change otherwise, you can use the BeanPostProcessor
lifecycle hook of the Spring ApplicationContext
:
@Component
public class MyPostProcessor implements BeanPostProcessor {
public Object postProcessBeforeInitialization(Object bean, String name) throws BeansException {
// ...
}
}
Note that MyPostProcessor
needs to be declared as a bean either explicitly in XML or detected through a <component scan/>
declaration.