WW-5535 fix(core): enforce class-level HTTP method annotations for wildcard-resolved unannotated methods#1693
Open
lukaszlenart wants to merge 1 commit into
Open
Conversation
…ldcard-resolved unannotated methods The WW-5535 change to DefaultActionProxy.resolveMethod() (which made wildcard-resolved methods report isMethodSpecified()=true) interacted with HttpMethodInterceptor's if/else-if so that the class-level annotation branch became unreachable when the resolved method carried no method-level annotation: if (isMethodSpecified()) { if (method has annotation) return doIntercept(method); // unannotated method falls through silently } else if (class has annotation) { return doIntercept(class); // never reached when methodSpecified=true } Convert the else-if to a standalone if so the class-level check is always evaluated as a fallback. Method-level annotations still take precedence — they are checked first and return early. Adds three tests: - testWildcardResolvedUnannotatedMethodRespectsClassLevelAnnotation: GET on a wildcard-resolved unannotated method is rejected when the class is @AllowedHttpMethod(POST). - testWildcardResolvedUnannotatedMethodAllowsPostWithClassLevelAnnotation: POST on the same configuration succeeds. - testWildcardResolvedExecuteRejectsGetThroughRealProxy: end-to-end via a real DefaultActionProxy with <action name="Wild-*" method="{1}">, resolving to ActionSupport.execute().
|
lukaszlenart
requested review from
aleksandr-m,
cnenning,
jogep,
kusalk,
rgielen,
sdutry and
yasserzamani
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backports #1690 to the 6.x line.
The WW-5535 change in #1593 made wildcard-resolved methods report
isMethodSpecified()=true, which leftHttpMethodInterceptor's class-level annotation branch unreachable when the resolved method had no method-level annotation. Convertelse ifto a standaloneifso the class-level check runs as a fallback; method-level annotations still take precedence.See #1690 for the full analysis and affected scenario.
Adds three tests covering the unannotated-method fallback (mock proxy) and the end-to-end wildcard path through a real
DefaultActionProxy.Fixes WW-5535.