Hi,
i am looking for a sponsor. In the issue comment it says: "sounds
feasible for jdk7" - but well, it didn't make it...
Bug:
http://bugs.sun.com/view_bug.do?bug_id=6560175
I checked the code and would like to update the comment and javadoc of
the current setRequestMethod() - no code change there. Then i would add
a new method setExtensionMethod() with a sandbox, add a
"setExtensionMethod" to NetPermissions (also in the policy tool) plus a
new jtreg test.
Looks like a small change.
One minor thing is the new HttpURLPermission class where '*' is used
as wild-card. This is a valid extension-method. Not that i know one
implemented such a method but it means a URL permission could not be
set for a '*' method. Request methods are case sensitive, but
converted to uppercase in HttpURLPermission. This means a URL
permission could not be set for a 'lowercase' method.
Other option would be to allow only the following known extension methods:
WebDAV (RFC 2518, RFC 3253, RFC 4437 experimental)
"BASELINE-CONTROL", "CHECKIN", "CHECKOUT", "CONNECT", "COPY", "LABEL",
"LOCK", "MERGE", "MKCOL", "MKWORKSPACE", "MKACTIVITY", "MOVE", "PATCH",
"PROPFIND", "PROPPATCH", "REPORT", "UNLOCK", "UNCHECKOUT", "UPDATE",
"VERSION-CONTROL", "MKREDIRECTREF", "UPDATEREDIRECTREF"
Still a small change and up to you.
Thanks
Andreas
