rspec/rules/S3753/java/rule.adoc

== Why is this an issue?

A Spring ``++@Controller++`` that uses ``++@SessionAttributes++`` is designed to handle a stateful / multi-post form. Such ``++@Controller++``s use the specified ``++@SessionAttributes++`` to store data on the server between requests. That data should be cleaned up when the session is over, but unless ``++setComplete()++`` is called on the ``++SessionStatus++`` object from a ``++@RequestMapping++`` method, neither Spring nor the JVM will know it's time to do that. Note that the ``++SessionStatus++`` object must be passed to that method as a parameter.


=== Noncompliant code example

[source,java]
----
@Controller
@SessionAttributes("hello")  // Noncompliant; this doesn't get cleaned up
public class HelloWorld {

  @RequestMapping("/greet", method = GET)
  public String greet(String greetee) {

    return "Hello " + greetee;
  }
}
----


=== Compliant solution

[source,java]
----
@Controller
@SessionAttributes("hello")
public class HelloWorld {

  @RequestMapping("/greet", method = GET)
  public String greet(String greetee) {

    return "Hello " + greetee;
  }

  @RequestMapping("/goodbye", method = POST)
  public String goodbye(SessionStatus status) {
    //... 
    status.setComplete();    
  }

}
----


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Add a call to "setComplete()" on the SessionStatus object in a "@RequestMapping" method.


=== Highlighting

``++@SessionAttributes++``


'''
== Comments And Links
(visible only on this page)

=== on 21 Jun 2018, 14:52:21 Andrei Epure wrote:
Note: The RuleAPI will correctly interpret the markdown, even if JIRA does not

=== on 26 Jun 2018, 10:49:54 Alban Auzeill wrote:
SessionStatus could be a parameter of, not only POST requests, but any kind of @RequestMapping  (like GET requests). Example:

https://www.logicbig.com/tutorials/spring-framework/spring-web-mvc/spring-model-attribute-with-session.html[spring-model-attribute-with-session] § Removing Model Attribute from the session

IMO the implementation of this rule should check for each class annotated by @Controller and @SessionAttributes, there's at least one call to "sessionStatus.setComplete()" in any method body of this class. Because if such call exist, there's other rules to ensure that the code is reachable, the method is used, ... So we don't need to focus on @RequestMapping, @PostMapping, GET, POST, ...

endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			A Spring ``++@Controller++`` that uses ``++@SessionAttributes++`` is designed to handle a stateful / multi-post form. Such ``++@Controller++``s use the specified ``++@SessionAttributes++`` to store data on the server between requests. That data should be cleaned up when the session is over, but unless ``++setComplete()++`` is called on the ``++SessionStatus++`` object from a ``++@RequestMapping++`` method, neither Spring nor the JVM will know it's time to do that. Note that the ``++SessionStatus++`` object must be passed to that method as a parameter.

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`----`
			`@Controller`
			`@SessionAttributes("hello") // Noncompliant; this doesn't get cleaned up`
			`public class HelloWorld {`

			`@RequestMapping("/greet", method = GET)`
			`public String greet(String greetee) {`

			`return "Hello " + greetee;`
			`}`
			`}`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`----`
			`@Controller`
			`@SessionAttributes("hello")`
			`public class HelloWorld {`

			`@RequestMapping("/greet", method = GET)`
			`public String greet(String greetee) {`

			`return "Hello " + greetee;`
			`}`

			`@RequestMapping("/goodbye", method = POST)`
			`public String goodbye(SessionStatus status) {`
			`//...`
			`status.setComplete();`
			`}`

			`}`
			`----`
Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00

Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== Message`

			`Add a call to "setComplete()" on the SessionStatus object in a "@RequestMapping" method.`


			`=== Highlighting`

			``++@SessionAttributes++``
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00

RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== on 21 Jun 2018, 14:52:21 Andrei Epure wrote:`
			`Note: The RuleAPI will correctly interpret the markdown, even if JIRA does not`

			`=== on 26 Jun 2018, 10:49:54 Alban Auzeill wrote:`
			`SessionStatus could be a parameter of, not only POST requests, but any kind of @RequestMapping (like GET requests). Example:`

			`https://www.logicbig.com/tutorials/spring-framework/spring-web-mvc/spring-model-attribute-with-session.html[spring-model-attribute-with-session] § Removing Model Attribute from the session`

			`IMO the implementation of this rule should check for each class annotated by @Controller and @SessionAttributes, there's at least one call to "sessionStatus.setComplete()" in any method body of this class. Because if such call exist, there's other rules to ensure that the code is reachable, the method is used, ... So we don't need to focus on @RequestMapping, @PostMapping, GET, POST, ...`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`