Issue: SPR-13067

Issue: SPR-13239

Issue: SPR-13241

When resolving resources, the PathResourceResolver creates a Resource
instance and checks whether this resource `exists()` and `isReadable()`.
While that last call returns false for folders on the file system, both
calls return true for folders located inside JARs.

If a JAR location is configured as a resource location, then
PathResourceResolver can resolve folders in JARs as valid locations and
candidates for paths resolution.

Prior to this change, the PathResourceResolver would resolve "" as a
valid resource path (here, the "/META-INF/resources/webjars" if
configured, for example) and return a "" path for this resource,
effectively turning all "/" URLs into empty ones "".

This commit fixes the resolveUrlPathInternal implementation by not
allowing empty paths as valid resource paths.

Issue: SPR-13241

* pr/839:
  Fix package references

Closes gh-839

* pr/838:
  Update book reference

Closes gh-838

There is a new version of AspectJ in Action which is now mentioned in the
Further Resources section of the AOP chapter.

Issue: SPR-13034

Refined spring-oxm test execution check for compatibility with the recently announced JDK 9 version scheme

Issue: SPR-13012

This commit adds a new sharedEngine property to ScriptTemplateConfigurer
and ScriptTemplateView in order to support non thread-safe ScriptEngine
implementations like Nashorn.

When this flag is set to false, the engine is retrieved from a
ThreadLocal<ScriptEngine> field instead of a ScriptEngine one.

Also as part of this commit, all the initialization logic has been moved from
ScriptTemplateConfigurer to ScriptTemplateView since the script engine can
now be lazily initialized multiple time in the view when sharedEngine is
set to false.

Issue: SPR-13034

Issue: SPR-13231

Issue: SPR-13232

Merged bean definitions are now cached early and selectively evicted after post-processing and before actual bean creation

Issue: SPR-12236

Issue: SPR-13210

Issue: SPR-13232

Plus latest dependency updates (Hibernate ORM 5.0 RC2, Jackson 2.6 RC4, Reactor 2.0.4, Tomcat 8.0.24, C3P0 0.9.5.1, Rome 1.5.1, FreeMarker 2.3.23, JRuby 1.7.21)

Issue: SPR-13012

* ndebeiss-master:
  Support single quotes nested in double quotes in SQL scripts

Some databases such as Oracle permit double quoted column aliases that
contain case-sensitive characters, single quotes, and other special
characters; however, prior to this commit, SqlScripts interpreted a
single quote nested within double quotes as the start of a string
literal resulting in improper parsing.

This commit addresses this issue by ensuring that double quoted strings
such as column aliases are properly parsed even when containing single
quotes.

Issue: SPR-13218

When using an Apache Http components based infrastructure, a null header
value is handled as the empty string. The exact same infrastructure using
HttpURLConnection generates a header with no colon. This is actually not
proper HTTP and some components fail to read such request.

We now make sure to call HttpURLConnection#addRequestProperty with the
empty String for a null header value.

Issue: SPR-13225

Issue: SPR-13223
Issue: SPR-13224

Issue: SPR-13191

Issue: SPR-13220

Issue: SPR-13212

Issue: SPR-13221

Issue: SPR-13216

Issue: SPR-13209

Add an extra hook point in `AbstractDispatcherServletInitializer` to
customize the `DispatcherServlet`.

Issue: SPR-13222

Browsers like Chrome or Safari include an Origin header for same-origin
POST/PUT/DELETE requests, not only for cross-origin requests.

Before this commit, these same-origin requests would have been detected
as potential cross-origin requests, and rejected if the same-origin domain
is not part of the configured allowedOrigins.

This commit avoid to reject same-origin requests by reusing the logic
introduced in Spring 4.1 for detecting reliably Websocket/SockJS
same-origin requests with the WebUtils.isValidOrigin() method. This
logic has been extracted in a new WebUtils.isSameOrigin() method.

Issue: SPR-13206

When using the Spring TestContext Framework (TCF) to load a
WebApplicationContext and the Spring MVC Test Framework (MockMvc) to
test a controller, two instances of MockHttpServletRequest will be
created. Due to an ordering issue with regard to population of the
RequestAttributes, it is therefore possible that a filter accesses the
mocked request managed by the TCF, while the controller accesses the
mocked request managed by MockMvc, and this leads to test failures if
the controller expects data from the filter to be present in the
request.

This commit fixes this bug by ensuring that the RequestAttributes
backed by the mocked request managed by MockMvc are stored in the
RequestContextHolder before any filters are invoked by MockMvc.

Issue: SPR-13217

Issue: SPR-11902

This commit introduces the following changes:
 - The new CorsConfigurationMapping class allows to share the mapped
   CorsConfiguration logic between AbstractHandlerMapping and CorsFilter
 - In AbstractHandlerMapping, the Map<String, CorsConfiguration>
   corsConfiguration property has been renamed to corsConfigurations
 - CorsFilter allows to process CORS requests at filter level, using any
   CorsConfigurationSource implementation (for example
   CorsConfigurationMapping)

Issue: SPR-13192

Issue: SPR-13120

Issue: SPR-13012

By default, RedirectViews have http10Compatible set to true, which means
that they use HTTP 302 as a default HTTP response status. Setting this
property to false make RedirectViews use HTTP 303 by default.

Now when set to false, RedirectViews also don't use the
RESPONSE_STATUS_ATTRIBUTE request attribute as a response HTTP if it is
available.

This commit makes both configuration choices behave the same regarding
this request attribute: use it as a response status if it's available.

Issue: SPR-13208