[ https://issues.apache.org/jira/browse/WW-4404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14227523#comment-14227523 ]
Michael Hintenaus commented on WW-4404: --------------------------------------- I have some notes: HttpMethodInterceptor#HTTP_METHOD_ANNOTATIONS doesn't contain HttpPut and HttpDelete HttpMethodInterceptor#intercept checks invocation.getProxy().isMethodSpecified() which means a normal action-method won't be checked because it's not method-specific. For example it's method-specific if a sent parameter "method:cancel" but that's not the default-way. First we have to check the method of the proxy, then the action-method of the proxy and at least the action-class why we have the possibility to set a value for the @Http-Annotations - what's the meaning of @HttpPost(HttpMethod.GET)? I think we should map the Annotation and HttpMethod in the Interceptor not in the Annotation itself > Implement HttpInterceptor > ------------------------- > > Key: WW-4404 > URL: https://issues.apache.org/jira/browse/WW-4404 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors > Affects Versions: 2.3.20 > Reporter: Lukasz Lenart > Priority: Minor > Fix For: 2.5 > > > Allows limit access to actions based on used Http method type > https://github.com/apache/struts/pull/25 -- This message was sent by Atlassian JIRA (v6.3.4#6332)