[
https://issues.apache.org/jira/browse/WW-4404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14227523#comment-14227523
]
Michael Hintenaus commented on WW-4404:
---------------------------------------
I have some notes:
HttpMethodInterceptor#HTTP_METHOD_ANNOTATIONS doesn't contain HttpPut and
HttpDelete
HttpMethodInterceptor#intercept checks
invocation.getProxy().isMethodSpecified() which means a normal action-method
won't be checked because it's not method-specific.
For example it's method-specific if a sent parameter "method:cancel" but that's
not the default-way.
First we have to check the method of the proxy, then the action-method of the
proxy and at least the action-class
why we have the possibility to set a value for the @Http-Annotations - what's
the meaning of @HttpPost(HttpMethod.GET)?
I think we should map the Annotation and HttpMethod in the Interceptor not in
the Annotation itself
> Implement HttpInterceptor
> -------------------------
>
> Key: WW-4404
> URL: https://issues.apache.org/jira/browse/WW-4404
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Interceptors
> Affects Versions: 2.3.20
> Reporter: Lukasz Lenart
> Priority: Minor
> Fix For: 2.5
>
>
> Allows limit access to actions based on used Http method type
> https://github.com/apache/struts/pull/25
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
