SEC-718: Support additional HTTP methods.

18 years ago · e4c6022b36
3 changed files with 1009 additions and 1938 deletions
--- a/core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java
+++ b/core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java
@ -55,7 +55,7 @@ import java.util.Collections;
				@@ -55,7 +55,7 @@ import java.util.Collections;
 */
 public class DefaultFilterInvocationDefinitionSource implements FilterInvocationDefinitionSource {

-    private static final Set HTTP_METHODS = new HashSet(Arrays.asList(new String[]{ "GET", "PUT", "DELETE", "POST" }));
+    private static final Set HTTP_METHODS = new HashSet(Arrays.asList(new String[]{ "DELETE", "GET", "HEAD", "OPTIONS", "POST", "PUT", "TRACE" }));

    protected final Log logger = LogFactory.getLog(getClass());

--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
@ -200,7 +200,7 @@ intercept-url.attlist &=
				@@ -200,7 +200,7 @@ intercept-url.attlist &=
    attribute access {xsd:string}?
 intercept-url.attlist &=
    ## The HTTP Method for which the access configuration attributes should apply. If not specified, the attributes will apply to any method.
-    attribute method {"GET" | "PUT" | "POST" | "DELETE"}?
+    attribute method {"GET", "DELETE", "HEAD", "OPTIONS", "POST", "PUT", "TRACE"}?

 intercept-url.attlist &=
    ## The filter list for the path. Currently can be set to "none" to remove a path from having any filters applied. The full filter stack (consisting of all defined filters, will be applied to any other paths).
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd