AO Servlet Filter Changelog

ao-servlet-filter-2.0.1-SNAPSHOT

Snapshot Notes

  • Minimum Java version changed from 1.7 to 1.8.
  • Fixed ClassCastException in EncodeURIFilter.getActiveFilter(ServletRequest).

ao-servlet-filter-2.0.0

Release Notes

  • Case-insensitive matching of URL schemes. Previously, URL schemes were matched case-sensitive, while the spec is case-insensitive. This has been OK given we only use lower-case schemes within our code and tools, but this is now a correct implementation.
  • NoSessionFilter now passes the URL encoding up the filter chain after its modifications. Previously, the URL rewriting was stopped here. To obtain the previous behavior, use in conjunction with session-config.
  • New context init parameter com.aoindustries.servlet.filter.NoSessionFilter.cookieUrlParamPrefix that may be used to provide a custom cookie URL prefix. A fun alternative is Unicode Character 'COOKIE' (U+1F36A).
  • StripInvalidXmlCharactersFilter now removes parameters that have invalid names.
  • HideJspExtensionFilter no longer removes index.jsp(x) or .jsp(x) extensions from URLs that have a scheme. However, http:// and https:// links to the same host are still rewritten in order to handle absolute URLs.
  • HideJspExtensionFilter now sends redirect in UTF-8.
  • LocaleFilter now sends redirect in UTF-8.
  • Cookie names, values, comments, and paths are now URI-encoded.
  • New filter EncodeURIFilter which encodes the URL to either RFC 3986 URI US-ASCII format or RFC 3987 IRI Unicode format. If the URL begins with javascript:, cid:, or data:, (case-insensitive) it is not altered. Canonical URLs are always encoded to US-ASCII format.

    IRI support is disabled by default, and only recommended for development or internal systems. IRI may result in slightly smaller output, and more readable HTML source, but for interoperability should be off in production systems.

    RFC 7231 - 7.1.2. Location refers only to RFC 3986 URI for URI-reference, thus redirects are always formatted as RFC 3986 URI.

  • No longer URL rewriting file: and data: URLs.
  • Removed NoEncodeUrlFilter in favor of Servlet 3.0 session-config in WEB-INF/web.xml:
    <session-config>
    	<cookie-config>
    		<http-only>true</http-only>
    		<!-- <secure>true</secure> -->
    	</cookie-config>
    	<tracking-mode>COOKIE</tracking-mode>
    </session-config>
    See also:
    1. Tomcat - Disable JSESSIONID in URL
    2. How to enable HttpOnly and Secure Session Cookies in EAP 6.x
    3. Disable URL Rewriting by default with Servlet 3.0 config
  • No longer URL rewriting *.dia URLs.
  • NoSessionFilter will now not write cookie parameters into Canonical URLs.
  • New filter LastModifiedCacheControlFilter that adds a Cache-Control header to any request with a LAST_MODIFIED_PARAMETER_NAME parameter. Defaults to a very aggressive setting of public, one-year, allowing stale, and immutable.
  • New optional init parameter allowMultiple on AddResponseHeaderFilter allows multiple headers of the same name. When true, the header will not be added when a header of the same name already exists on the response. Defaults to true for compatibility.
  • Changed CountConcurrencyFilter from a <filter> to a <listener> named CountConcurrencyListener.
  • Changed Utf8RequestCharacterEncodingFilter from a <filter> to a <listener> named Utf8RequestCharacterEncodingListener.
  • Removed deprecated com.aoindustries.servlet.filter.TempFileContext in favor of new ServletTempFileContext that does not require web.xml configuration, supports additional scopes (application and session), and registers a shutdown hook to delete on JVM exit.

ao-servlet-filter-1.6.1

Release Notes

  • Using managed dependencies:
    1. This project uses managed dependencies.
    2. This project's managed dependencies may also be imported by other projects.

ao-servlet-filter-1.6.0

Release Notes

  • Minimum Java version changed from 1.6 to 1.7.
  • Deprecated com.aoindustries.servlet.filter.TempFileContext in favor of new ServletTempFileContext that does not require web.xml configuration, supports additional scopes (application and session), and registers a shutdown hook to delete on JVM exit.
  • Aligned the session URL rewriting excluded path extensions to match other projects. The list is now:
    1. *.bmp (added this release)
    2. *.css
    3. *.exe (added this release)
    4. *.gif
    5. *.ico
    6. *.jpeg
    7. *.jpg
    8. *.js
    9. *.png
    10. *.svg (added this release)
    11. *.txt
    12. *.zip

ao-servlet-filter-1.5.0

Release Notes

  • Updated dependencies.
  • New AddResponseHeaderFilter filter to add response headers. For when filter mappings are not expressive enough, supports both lightning-fast WildcardPatternMatcher and standard Java Pattern.

ao-servlet-filter-1.4.2

Release Notes

  • New AO OSS Parent POM to simplify pom.xml files.
  • Project documentation moved to per-project book in SemanticCMS format.
  • Added changelog as top-level project link.

ao-servlet-filter-1.4.1

Release Notes

  • Improved Javadoc formatting.
  • Improved README formatting.

ao-servlet-filter-1.4.0

Release Notes

  • Improved Javadoc formatting.
  • Now automatically maintains some ThreadLocal values between caller and executor during concurrent processing, and provides wrapper hook for subclasses to extend.
  • May now provide temp file list.
  • Tracks the request concurrency.
  • Added a hook for subclasses to take further action based on concurrency.
  • Now only setting encoding when not provided by client. Also removed ThreadLocale stuff that was unnecessary and never belonged here.
  • Each lock object now a small empty class to help identify lock contention.

    The lock contention profiler in NetBeans is just showing "java.lang.Object" all over, and can't seem to get from the lock object id to the actual object in the heap dump using OQL (id not found).

  • Trim on includes is just unnecessary filter invocation.
  • Avoiding setting ThreadLocal when value has not changed.
  • Using ServletContextCache for more throughput on Tomcat.

ao-servlet-filter-1.3.1

Release Notes

  • Improved Maven configuration for Java EE 6 dependencies.

ao-servlet-filter-1.3

Release Notes

  • Improved Javadoc formatting.

ao-servlet-filter-1.2

Release Notes

  • Now also hiding .jspx extension in addition to .jsp.

ao-servlet-filter-1.1

Release Notes

  • Reverted to Java 1.6 for Android and Java EE 6 compatibility.

ao-servlet-filter-1.0

Release Notes

  • Project moved to GitHub and Maven.