(struts) branch main updated: WW-5535 test(core): cover wildcard-resolved unannotated methods via real proxy (#1692)

Tue, 19 May 2026 01:27:21 -0700 

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/struts.git


The following commit(s) were added to refs/heads/main by this push:
     new 419fb1f5c WW-5535 test(core): cover wildcard-resolved unannotated 
methods via real proxy (#1692)
419fb1f5c is described below

commit 419fb1f5c6a17a68ae7083b3a200d4c72cb7201d
Author: Lukasz Lenart <[email protected]>
AuthorDate: Tue May 19 10:26:49 2026 +0200

    WW-5535 test(core): cover wildcard-resolved unannotated methods via real 
proxy (#1692)
    
    Closes the test gap noted in the WW-5535 research: no integration test
    exercised HttpMethodInterceptor against a real DefaultActionProxy resolving
    a wildcard action with an unannotated method.
    
    Uses xwork-test-allowed-methods.xml's existing <action name="Wild-*"
    method="{1}"> on HttpMethodsTestAction. URL "Wild-execute" resolves to
    ActionSupport.execute() (no method-level HTTP annotation); the class-level
    @AllowedHttpMethod(POST) must still reject GET end-to-end.
    
    Together with the prior MockActionProxy regression tests, this locks in
    both halves of the fix:
    - DefaultActionProxy.resolveMethod() sets isMethodSpecified()=true for
      wildcard-resolved methods (WW-5535 / #1592)
    - HttpMethodInterceptor falls back to class-level annotations when the
      resolved method is unannotated (#1690)
---
 .../httpmethod/HttpMethodInterceptorTest.java      | 36 ++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git 
a/core/src/test/java/org/apache/struts2/interceptor/httpmethod/HttpMethodInterceptorTest.java
 
b/core/src/test/java/org/apache/struts2/interceptor/httpmethod/HttpMethodInterceptorTest.java
index ef67d65ab..0403152ba 100644
--- 
a/core/src/test/java/org/apache/struts2/interceptor/httpmethod/HttpMethodInterceptorTest.java
+++ 
b/core/src/test/java/org/apache/struts2/interceptor/httpmethod/HttpMethodInterceptorTest.java
@@ -19,6 +19,8 @@
 package org.apache.struts2.interceptor.httpmethod;
 
 import org.apache.struts2.ActionContext;
+import org.apache.struts2.ActionProxy;
+import org.apache.struts2.config.StrutsXmlConfigurationProvider;
 import org.apache.struts2.mock.MockActionInvocation;
 import org.apache.struts2.mock.MockActionProxy;
 import org.apache.struts2.HttpMethodsTestAction;
@@ -26,6 +28,8 @@ import org.apache.struts2.StrutsInternalTestCase;
 import org.apache.struts2.TestAction;
 import org.springframework.mock.web.MockHttpServletRequest;
 
+import java.util.Map;
+
 public class HttpMethodInterceptorTest extends StrutsInternalTestCase {
 
     private HttpMethodInterceptor interceptor;
@@ -318,6 +322,38 @@ public class HttpMethodInterceptorTest extends 
StrutsInternalTestCase {
         assertEquals("success", resultName);
     }
 
+    /**
+     * Integration regression for WW-5535: exercise the full wildcard 
resolution path through
+     * a real {@link org.apache.struts2.DefaultActionProxy} (not a 
MockActionProxy).
+     * <p>
+     * Config: {@code <action name="Wild-*" class="HttpMethodsTestAction" 
method="{1}">} —
+     * URL {@code Wild-execute} resolves to method {@code execute()} inherited 
from
+     * {@code ActionSupport} (no method-level HTTP annotation). The class 
carries
+     * {@code @AllowedHttpMethod(POST)}, so GET must be rejected end-to-end.
+     */
+    public void testWildcardResolvedExecuteRejectsGetThroughRealProxy() throws 
Exception {
+        loadConfigurationProviders(new StrutsXmlConfigurationProvider(
+            
"org/apache/struts2/config/providers/xwork-test-allowed-methods.xml"));
+
+        MockHttpServletRequest request = new MockHttpServletRequest("GET", 
"/Wild-execute");
+        Map<String, Object> extraContext = ActionContext.of()
+            .withServletRequest(request)
+            .getContextMap();
+
+        ActionProxy proxy = actionProxyFactory.createActionProxy("", 
"Wild-execute", null, extraContext);
+
+        // sanity: confirms the WW-5535 fix in 
DefaultActionProxy.resolveMethod() is wired up
+        assertEquals("execute", proxy.getMethod());
+        assertTrue("Wildcard-resolved method must report 
isMethodSpecified()=true", proxy.isMethodSpecified());
+
+        HttpMethodInterceptor realInterceptor = new HttpMethodInterceptor();
+        String result = realInterceptor.intercept(proxy.getInvocation());
+
+        // class-level @AllowedHttpMethod(POST) must still be enforced even 
though the resolved
+        // method carries no method-level annotation — this is what #1690 fixed
+        assertEquals("bad-request", result);
+    }
+
     private void prepareRequest(String httpMethod) {
         MockHttpServletRequest request = new 
MockHttpServletRequest(httpMethod, "/action");
         ActionContext.getContext().withServletRequest(request);

Reply via email to