- The ability to load mustache view templates from the classpath, in situations where they're bundled in a jar. (#72)
- An additional clause to route definitions for routing requests based on the HTTP
- A way to do simple static routing based on HTTP verbs using
A set of basic predicates is provided out-of-the-box. (#70)
Matcherinterface in favor of Java 8
- As a consequence to introduction of static routing,
DynamicRouteshas been renamed to
- An error occurring when compressing responses without a content type. (#71)
This version introduces a major breaking change in the API. It implements a more functional
- Simplified request URI handling with a new
Uriclass to manipulate and deconstruct URIs.
It is immutable and replaces individual URI components in
Applicationare now simple functions of
Request -> Response. Middlewares become simple functions of
Application -> Application. (#64)
uriis now the full URI, reconstructed from server host and port. (#67)
HttpStatusis now a class rather than an enum, which means custom HTTP statuses are supported. (#66)
- A middleware to force SSL connections. It does permanent redirects and adds the HSTS header (#36)
- Session cookies are now encrypted using SHA256 instead of SHA1 by default (#60)
- Session cookies are now encoded in RFC4648 base64 (#61)
- URL Map middleware was failing to dispatch to root mount.
/foois now matched if mounted to
- A basic authentication middleware with pluggable authentication providers. (#28)
- A server adapter for powering Molecule with Undertow. Undertow is fast! (#53)
- The possibility to check for the presence of a given request parameter.
This avoids checks against null for boolean parameters. See
- The request query string. See
- The server host name and the request host name, the latter taken from the HOST header.
- The server port and the request port, the latter taken from the HOST header.
- The request scheme. See
- The reconstructed request URL. See
testingpackage, which contains helpers for testing applications built with Molecule, is now included in the main jar.
The test jar is no longer distributed. (#51)
- Request input streams are now closed automatically at the end of the request cycle. This includes file uploads. (#52)
- The test HTTP client no longer loses the Content-Type header when creating a fresh request from
a prototype request. (#50)
- ETag middleware now properly closes original body after computing ETag.
- Add a cookie session storage mechanism, as an alternative to the in-memory session pool.
Sessions stored on the client include a secure digest of the content to prevent against session forgery. (#4)
- Cookie session storage supports secret key rotation. (#48)
- Add an hex decoder that decodes hexadecimal representations to their bytes form.
HexEncoderdoes encoding and decoding to/from hex representations. (#47)
- Add a flash hash as a way of passing messages through redirection.
Anything in the flash is exposed to the very next request and then cleared out. (#44)
- Session pool can now renew a session id whenever the session changes.
This helps prevent from session fixation attacks. (#41)
SessionIdentifierPolicynow receives the session data to support more complex use cases of session id generation
ConditionalGetmiddleware no longer throws an exception when Modified-Since header has unsupported format
- It is now possible to replace the session bound to the request by a fresh new session to avoid session fixation attacks. (#43)
- Session pool now sweeps sessions that have exceeded the maximum lifetime. The maximum lifetime is configurable. (#42)
This helps prevent sessions from being maintained and kept alive forever.
- Session pool can now renew a session id whenever the session changes. This helps prevent from session fixation attacks. (#41)
- Session pool now sweeps stale sessions.
Sessions are considered stale when they have been inactive for longer than the configurable idle timeout. (#40)
- It is now possible to boot the application with a warm-up sequence
- Add an
URLMapmiddleware for dispatching requests to different apps based on the request URI. (#38)
- Add support for logging in Apache Combine Format to logger middleware (@ensonik in #37)
- Write multiple cookie values as distinct Set-Cookie headers instead of single one - as per rfc6265 recommendation. (@gbranchaudrubenovitch in #46)
- Session keys are automatically converted to their string representations
- Default session cookie name is now molecule.session
PlainErrorReporteris no longer provided - you have to write your own reporters
MiddlewareStackno longer mixes up middlewares and mount points when several mount points are defined
ApacheLoggers will now correctly log request parameters as they were received, in case they are modified down the middleware chain
- It is now possible to serve content asynchronously in a separate thread to the original servicing thread. (#35)
- Filters can now be set using custom
ApacheCommonLoggernow correctly logs request parameters as they were received, in case they are modified down the middleware chain