ContentCachingRequestWrapper

javax.servlet.http.HttpServletRequest wrapper that caches all content read from the input stream and reader, and allows this content to be retrieved via a byte array.

Used e.g. by org.springframework.web.filter.AbstractRequestLoggingFilter. Note: As of Spring Framework 5.0, this wrapper is built on the Servlet 3.1 API.

ContentCachingResponseWrapper

javax.servlet.http.HttpServletResponse wrapper that caches all content written to the output stream and writer, and allows this content to be retrieved via a byte array.

Used e.g. by org.springframework.web.filter.ShallowEtagHeaderFilter. Note: As of Spring Framework 5.0, this wrapper is built on the Servlet 3.1 API.

CookieGenerator

Helper class for cookie generation, carrying cookie descriptor settings as bean properties and being able to add and remove cookie to/from a given response.

Can serve as base class for components that generate specific cookies, such as CookieLocaleResolver and CookieThemeResolver.

DefaultUriBuilderFactory

Default implementation of UriBuilderFactory providing options to pre-configure all UriBuilder instances with common properties such as a base URI, encoding mode, and default URI variables.

Uses UriComponentsBuilder for URI building.

DefaultUriTemplateHandler

Default implementation of UriTemplateHandler based on the use of UriComponentsBuilder for expanding and encoding variables.

There are also several properties to customize how URI template handling is performed, including a baseUrl to be used as a prefix for all URI templates and a couple of encoding related options — parsePath and strictEncoding respectively.

HtmlUtils

Utility class for HTML escaping. Escapes and unescapes based on the W3C HTML 4.01 recommendation, handling character entity references.

Reference: http://www.w3.org/TR/html4/charset.html

For a comprehensive set of String escaping utilities, consider Apache Commons Lang and its StringEscapeUtils class. We are not using that class here to avoid a runtime dependency on Commons Lang just for HTML escaping. Furthermore, Spring's HTML escaping is more flexible and 100% HTML 4.0 compliant.

HttpSessionMutexListener

Servlet HttpSessionListener that automatically exposes the session mutex when an HttpSession gets created. To be registered as a listener in web.xml.

The session mutex is guaranteed to be the same object during the entire lifetime of the session, available under the key defined by the SESSION_MUTEX_ATTRIBUTE constant. It serves as a safe reference to synchronize on for locking on the current session.

In many cases, the HttpSession reference itself is a safe mutex as well, since it will always be the same object reference for the same active logical session. However, this is not guaranteed across different servlet containers; the only 100% safe way is a session mutex.

IntrospectorCleanupListener

Listener that flushes the JDK's java.beans.Introspector cache on web app shutdown. Register this listener in your web.xml to guarantee proper release of the web application class loader and its loaded classes.

If the JavaBeans Introspector has been used to analyze application classes, the system-level Introspector cache will hold a hard reference to those classes. Consequently, those classes and the web application class loader will not be garbage-collected on web app shutdown! This listener performs proper cleanup, to allow for garbage collection to take effect.

Unfortunately, the only way to clean up the Introspector is to flush the entire cache, as there is no way to specifically determine the application's classes referenced there. This will remove cached introspection results for all other applications in the server too.

Note that this listener is not necessary when using Spring's beans infrastructure within the application, as Spring's own introspection results cache will immediately flush an analyzed class from the JavaBeans Introspector cache and only hold a cache within the application's own ClassLoader. Although Spring itself does not create JDK Introspector leaks, note that this listener should nevertheless be used in scenarios where the Spring framework classes themselves reside in a 'common' ClassLoader (such as the system ClassLoader). In such a scenario, this listener will properly clean up Spring's introspection cache.

Application classes hardly ever need to use the JavaBeans Introspector directly, so are normally not the cause of Introspector resource leaks. Rather, many libraries and frameworks do not clean up the Introspector: e.g. Struts and Quartz.

Note that a single such Introspector leak will cause the entire web app class loader to not get garbage collected! This has the consequence that you will see all the application's static class resources (like singletons) around after web app shutdown, which is not the fault of those classes!

This listener should be registered as the first one in web.xml, before any application listeners such as Spring's ContextLoaderListener. This allows the listener to take full effect at the right time of the lifecycle.

JavaScriptUtils

Utility class for JavaScript escaping. Escapes based on the JavaScript 1.5 recommendation.

Reference: JavaScript Guide on Mozilla Developer Network.

ServletContextPropertyUtils

Helper class for resolving placeholders in texts. Usually applied to file paths.

A text may contain ${...} placeholders, to be resolved as servlet context init parameters or system properties: e.g. ${user.dir}. Default values can be supplied using the ":" separator between key and value.

TagUtils

Utility class for tag library related code, exposing functionality such as translating String to web scopes.

• page will be transformed to PageContext.PAGE_SCOPE
• request will be transformed to PageContext.REQUEST_SCOPE
• session will be transformed to PageContext.SESSION_SCOPE
• application will be transformed to PageContext.APPLICATION_SCOPE

UriTemplate

Represents a URI template. A URI template is a URI-like String that contains variables enclosed by braces ({}) which can be expanded to produce an actual URI.

See #expand(Map), #expand(Object[]), and #match(String) for example usages.

This class is designed to be thread-safe and reusable, allowing for any number of expand or match calls.

UriUtils

Utility class for URI encoding and decoding based on RFC 3986. Offers encoding methods for the various URI components.

All encode*(String, String) methods in this class operate in a similar way:

• Valid characters for the specific URI component as defined in RFC 3986 stay the same.
• All other characters are converted into one or more bytes in the given encoding scheme. Each of the resulting bytes is written as a hexadecimal string in the "%xy" format.

WebAppRootListener

Listener that sets a system property to the web application root directory. The key of the system property can be defined with the "webAppRootKey" init parameter at the servlet context level (i.e. context-param in web.xml), the default key is "webapp.root".

Can be used for toolkits that support substitution with system properties (i.e. System.getProperty values), like log4j's "${key}" syntax within log file locations.

Note: This listener should be placed before ContextLoaderListener in web.xml, at least when used for log4j. Log4jConfigListener sets the system property implicitly, so there's no need for this listener in addition to it.

WARNING: Some containers, e.g. Tomcat, do NOT keep system properties separate per web app. You have to use unique "webAppRootKey" context-params per web app then, to avoid clashes. Other containers like Resin do isolate each web app's system properties: Here you can use the default key (i.e. no "webAppRootKey" context-param at all) without worrying.

WARNING: The WAR file containing the web application needs to be expanded to allow for setting the web app root system property. This is by default not the case when a WAR file gets deployed to WebLogic, for example. Do not use this listener in such an environment!