Skip to content

Comments

WW-5535: enforce HTTP method annotations for wildcard actions#1593

Open
lukaszlenart wants to merge 1 commit intorelease/struts-6-8-xfrom
fix/WW-5535-http-method-interceptor-wildcard-6.8.x
Open

WW-5535: enforce HTTP method annotations for wildcard actions#1593
lukaszlenart wants to merge 1 commit intorelease/struts-6-8-xfrom
fix/WW-5535-http-method-interceptor-wildcard-6.8.x

Conversation

@lukaszlenart
Copy link
Member

@lukaszlenart lukaszlenart commented Feb 22, 2026

Summary

  • Fix DefaultActionProxy.resolveMethod() to only set methodSpecified=false when truly defaulting to "execute", not when the method is resolved from action config (including wildcard substitution like method="{1}")
  • This ensures HttpMethodInterceptor checks method-level @HttpPost/@HttpGet annotations for wildcard-resolved actions
  • Backport of PR WW-5535 Fix HttpMethodInterceptor with wildcard action names #1592 to the 6.8.x branch

Test plan

  • DefaultActionProxyTest — 4 new tests covering explicit method, config-resolved method, execute default, and wildcard resolution
  • HttpMethodInterceptorTest — 2 new tests verifying wildcard-resolved methods respect @HttpPost annotations
  • XmlConfigurationProviderAllowedMethodsTest — updated assertion for 3 new action configs
  • Full CI passes

🤖 Generated with Claude Code

DefaultActionProxy.resolveMethod() incorrectly set methodSpecified=false
for config-resolved methods (including wildcard-substituted ones), causing
HttpMethodInterceptor to skip method-level @HttpPost/@httpget annotation
checks. Move methodSpecified=false inside the inner if block so it only
applies when truly defaulting to "execute".

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@sonarqubecloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
22 Security Hotspots
42.4% Coverage on New Code (required ≥ 80%)
3.4% Duplication on New Code (required ≤ 3%)
E Reliability Rating on New Code (required ≥ A)
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant