jamesfredley commented on code in PR #15541: URL: https://github.com/apache/grails-core/pull/15541#discussion_r3030395829
########## grails-web-common/src/main/groovy/org/grails/web/config/http/GrailsFilterOrder.java: ########## @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.grails.web.config.http; + +/** + * Constants for filter ordering in Grails applications. + * <p> + * These constants were previously obtained from Spring Boot's {@code SecurityProperties} + * class, but were removed in Spring Boot 4.0. They are now defined here for use by + * Grails filter configuration. + * + * @since 8.0 + */ +public final class GrailsFilterOrder { + + private GrailsFilterOrder() { + // Utility class + } + + /** + * Default order of Spring Security's Filter in the servlet container (i.e. amongst + * other filters registered with the container). There is no connection between this + * and the {@code @Order} on a {@code SecurityFilterChain}. + * <p> + * The value {@code -100} matches what was previously defined in Spring Boot's + * {@code SecurityProperties.DEFAULT_FILTER_ORDER} (computed as + * {@code OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER - 100}) before it was + * removed in Spring Boot 4.0. + */ + public static final int DEFAULT_FILTER_ORDER = -100; Review Comment: Yes - Spring Security is moving toward the fluent `HttpSecurity` configuration API and away from explicit filter ordering via `SecurityProperties`. The `DEFAULT_FILTER_ORDER` constant was removed because Spring now manages filter ordering internally through the security filter chain. We've preserved the computed value (`OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER - 100`) and documented the history in the Javadoc so the reasoning is clear for future reference. Longer term, we may want to align with Spring's fluent API approach. ########## grails-web-url-mappings/src/main/groovy/grails/web/mapping/ResponseRedirector.groovy: ########## @@ -139,7 +139,7 @@ class ResponseRedirector { status = moved ? HttpStatus.MOVED_PERMANENTLY.value() : HttpStatus.PERMANENT_REDIRECT.value() } else { - status = moved ? HttpStatus.MOVED_TEMPORARILY.value() : HttpStatus.TEMPORARY_REDIRECT.value() + status = moved ? HttpStatus.FOUND.value() : HttpStatus.TEMPORARY_REDIRECT.value() Review Comment: Good call - adding this to the upgrade guide. `HttpStatus.MOVED_TEMPORARILY` was deprecated by Spring and removed in favor of `HttpStatus.FOUND` (both are HTTP 302). This is a straightforward rename with no behavioral change, but should be documented for anyone referencing `MOVED_TEMPORARILY` in their application code. ########## grails-web-url-mappings/src/main/groovy/org/grails/web/mapping/mvc/UrlMappingsInfoHandlerAdapter.groovy: ########## @@ -158,6 +158,5 @@ class UrlMappingsInfoHandlerAdapter implements HandlerAdapter, ApplicationContex return null } - @Override long getLastModified(HttpServletRequest request, Object handler) { -1 } Review Comment: Done - removed the `getLastModified` method. It was deprecated and removed from the `HandlerAdapter` interface in Spring Framework 7. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
