ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S3753/java/rule.adoc
Fred Tingaud 16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
2023-05-25 14:18:12 +02:00

79 lines
2.4 KiB
Plaintext
Raw Permalink Blame History

== Why is this an issue?
A Spring ``++@Controller++`` that uses ``++@SessionAttributes++`` is designed to handle a stateful / multi-post form. Such ``++@Controller++``s use the specified ``++@SessionAttributes++`` to store data on the server between requests. That data should be cleaned up when the session is over, but unless ``++setComplete()++`` is called on the ``++SessionStatus++`` object from a ``++@RequestMapping++`` method, neither Spring nor the JVM will know it's time to do that. Note that the ``++SessionStatus++`` object must be passed to that method as a parameter.
=== Noncompliant code example
[source,java]
----
@Controller
@SessionAttributes("hello") // Noncompliant; this doesn't get cleaned up
public class HelloWorld {
@RequestMapping("/greet", method = GET)
public String greet(String greetee) {
return "Hello " + greetee;
}
}
----
=== Compliant solution
[source,java]
----
@Controller
@SessionAttributes("hello")
public class HelloWorld {
@RequestMapping("/greet", method = GET)
public String greet(String greetee) {
return "Hello " + greetee;
}
@RequestMapping("/goodbye", method = POST)
public String goodbye(SessionStatus status) {
//...
status.setComplete();
}
}
----
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Add a call to "setComplete()" on the SessionStatus object in a "@RequestMapping" method.
=== Highlighting
``++@SessionAttributes++``
'''
== Comments And Links
(visible only on this page)
=== on 21 Jun 2018, 14:52:21 Andrei Epure wrote:
Note: The RuleAPI will correctly interpret the markdown, even if JIRA does not
=== on 26 Jun 2018, 10:49:54 Alban Auzeill wrote:
SessionStatus could be a parameter of, not only POST requests, but any kind of @RequestMapping (like GET requests). Example:
https://www.logicbig.com/tutorials/spring-framework/spring-web-mvc/spring-model-attribute-with-session.html[spring-model-attribute-with-session] § Removing Model Attribute from the session
IMO the implementation of this rule should check for each class annotated by @Controller and @SessionAttributes, there's at least one call to "sessionStatus.setComplete()" in any method body of this class. Because if such call exist, there's other rules to ensure that the code is reachable, the method is used, ... So we don't need to focus on @RequestMapping, @PostMapping, GET, POST, ...
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink