HttpInterceptor

[lukaszlenart]

New annotation and interceptor to allow limit access to action based on used http request type, ie:

@GetOnly
public class MyAction extends ActionSupport {

     @PostOnly
     public String execute() {

     }
}

[jogep]

Nice, but why not extending the current @action annotation? May like this:

@action(value="my-action", httpMethod=GET)

@action(value="my-action", httpMethod=ALL) <- default

[lukaszlenart]

You don't have to use @Action annotation to convert class/method into action, the Convention plugin can do it for you. Another thing is that you can use wildcard mapping in struts.xml and you won't have @Action annotations as well.

That's why using dedicated set of annotations is the less intrusive way to have such functionality (I though about extending <action .. http-method="get|post|all"/> but thus requires DTD change)

[jogep]

The DTD change should not be the problem because it is a compatible change to previous releases.
The convention plugin applies the default values and all action related configurations should configured with the @Action annotation.

I think the simplest possible way to configure it should be like this:

@Action(httpMethod=GET) instead of @GetOnly

[lukaszlenart]

But then you limit usage of it only to the Convention plugin based applications. Even with extending DTD and adding httpMethod to <action/> you will have limitations of using this to whole set of actions, eg. <action name="empoyee-*" httpMethod="get"> - all actions can be called via GET only.

Another problem is the REST plugin and its default behaviour (/orders/1/edit -> edit()) - you will have to annotated each method with @Action - instead, with current approach, you can annotate the whole Controller class with @GetOnly and add few exceptions on methods (check OrdersController in rest-showcase)

This approach is far more flexible then extending @Action annotation - you can precisely set limitations where you want without changing existing behaviour (@Action can override far more settings than just allowed http method)

[jogep]

Good point. :-)

+1 for merge this.

[lukaszlenart]

Let's treat this as a Proof-of-Concept and if will work we can think about further extensions (like extending @Action annotation)

[davelnewton]

I'm not excited about @GetOnly, either; if we're tying it to the HTTP protocol then let's make it explicit we're dealing with requests, e.g., @GetRequests or @HttpGet etc.

[lukaszlenart]

Ok, I wasn't sure about naming as well, I will rename the annotations to @HttpGet, @HttpPost, etc

[jogep]

Is it possible to apply Get and Post together to one method in an action and Delete to an other?

public class MyAction extends ActionSupport {

     @HttpGet @HttpPost
     public String execute() {

     }
     @HttpDelete
     public String execute() {

     }
}

[lukaszlenart]

Good questions, will check that. I have added @AllowedMethod({GET, POST, PUT}) to cover that case - but I need advice on naming as I'm not convenient is a good name though ;-)

[lukaszlenart]

I've moved this branch into my fork - will work on that there