fix(core): enforce class-level HTTP method annotations for wildcard-resolved unannotated methods#1689
Closed
g0w6y wants to merge 1 commit into
Closed
Conversation
…esolved unannotated methods The WW-5535 fix (commit 4d2eb93) corrected isMethodSpecified() for wildcard-resolved methods but introduced a structural gap in HttpMethodInterceptor.intercept(). The if/else-if structure made the class-level annotation check unreachable whenever isMethodSpecified()=true and the resolved method carries no method-level annotation: if (isMethodSpecified()) { if (isAnnotatedBy(method)) { ... } // falls through silently } else if (isAnnotatedBy(class)) { ... } // never reached return invocation.invoke(); // no enforcement Fix: convert else-if to standalone if so the class-level check is always evaluated as a fallback when the method itself has no annotation. Method-level annotations still take precedence (checked first). Add two regression tests covering the wildcard-resolved unannotated method scenario.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes a regression introduced by the WW-5535 fix (commit 4d2eb93) where class-level
HTTP method annotations are silently ignored for wildcard-resolved action methods that
carry no method-level annotation.
Problem
HttpMethodInterceptor.intercept()uses anif/else-ifstructure that creates a deadzone. After the WW-5535 fix made wildcard-resolved methods report
isMethodSpecified()=true,the class-level annotation branch became structurally unreachable for unannotated methods:
Affected scenario:
GET /order-create— resolvescreate()via wildcard,isMethodSpecified()=true,method has no annotation, else-if never evaluated,
@HttpPoston the class is ignored,request proceeds.
Fix
Convert
else ifto a standaloneifso the class-level annotation check is alwaysevaluated as a fallback when the method carries no annotation. Method-level annotations
still take precedence (checked first). One-line change.
Tests Added
Two regression tests in
HttpMethodInterceptorTest:testWildcardResolvedUnannotatedMethodRespectsClassLevelAnnotation— GET rejected ona class annotated with
@AllowedHttpMethod(POST)when the resolved method is unannotatedtestWildcardResolvedUnannotatedMethodAllowsPostWithClassLevelAnnotation— POST allowedon the same configuration
Related