You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Michael Hintenaus (JIRA)" <ji...@apache.org> on 2014/11/27 12:07:12 UTC

[jira] [Commented] (WW-4404) Implement HttpInterceptor

    [ https://issues.apache.org/jira/browse/WW-4404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14227523#comment-14227523 ] 

Michael Hintenaus commented on WW-4404:
---------------------------------------

I have some notes:
HttpMethodInterceptor#HTTP_METHOD_ANNOTATIONS doesn't contain HttpPut and HttpDelete

HttpMethodInterceptor#intercept checks invocation.getProxy().isMethodSpecified() which means a normal action-method won't be checked because it's not method-specific.
For example it's method-specific if a sent parameter "method:cancel" but that's not the default-way.
First we have to check the method of the proxy, then the action-method of the proxy and at least the action-class

 why we have the possibility to set a value for the @Http-Annotations - what's the meaning of @HttpPost(HttpMethod.GET)?
I think we should map the Annotation and HttpMethod in the Interceptor not in the Annotation itself

> Implement HttpInterceptor
> -------------------------
>
>                 Key: WW-4404
>                 URL: https://issues.apache.org/jira/browse/WW-4404
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Interceptors
>    Affects Versions: 2.3.20
>            Reporter: Lukasz Lenart
>            Priority: Minor
>             Fix For: 2.5
>
>
> Allows limit access to actions based on used Http method type
> https://github.com/apache/struts/pull/25



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)