Skip to content

Comments

WW-5535: enforce HTTP method annotations for wildcard actions#1593

Open
lukaszlenart wants to merge 1 commit intorelease/struts-6-8-xfrom
fix/WW-5535-http-method-interceptor-wildcard-6.8.x
Open

WW-5535: enforce HTTP method annotations for wildcard actions#1593
lukaszlenart wants to merge 1 commit intorelease/struts-6-8-xfrom
fix/WW-5535-http-method-interceptor-wildcard-6.8.x

Conversation

@lukaszlenart
Copy link
Member

@lukaszlenart lukaszlenart commented Feb 22, 2026
edited
Loading

Summary

  • Fix DefaultActionProxy.resolveMethod() to only set methodSpecified=false when truly defaulting to "execute", not when the method is resolved from action config (including wildcard substitution like method="{1}")
  • This ensures HttpMethodInterceptor checks method-level @HttpPost/@HttpGet annotations for wildcard-resolved actions
  • Backport of PR WW-5535 Fix HttpMethodInterceptor with wildcard action names #1592 to the 6.8.x branch

Test plan

  • DefaultActionProxyTest — 4 new tests covering explicit method, config-resolved method, execute default, and wildcard resolution
  • HttpMethodInterceptorTest — 2 new tests verifying wildcard-resolved methods respect @HttpPost annotations
  • XmlConfigurationProviderAllowedMethodsTest — updated assertion for 3 new action configs
  • Full CI passes

🤖 Generated with Claude Code

@lukaszlenart @claude
fix(core): WW-5535 enforce HTTP method annotations for wildcard actions
784af67 
DefaultActionProxy.resolveMethod() incorrectly set methodSpecified=false
for config-resolved methods (including wildcard-substituted ones), causing
HttpMethodInterceptor to skip method-level @HttpPost/@httpget annotation
checks. Move methodSpecified=false inside the inner if block so it only
applies when truly defaulting to "execute".

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 22, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
22 Security Hotspots
42.4% Coverage on New Code (required ≥ 80%)
3.4% Duplication on New Code (required ≤ 3%)
E Reliability Rating on New Code (required ≥ A)
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rgielen rgielen Awaiting requested review from rgielen

@jogep jogep Awaiting requested review from jogep

@aleksandr-m aleksandr-m Awaiting requested review from aleksandr-m

@yasserzamani yasserzamani Awaiting requested review from yasserzamani

@sdutry sdutry Awaiting requested review from sdutry

@cnenning cnenning Awaiting requested review from cnenning

@kusalk kusalk Awaiting requested review from kusalk

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lukaszlenart