Regression: HttpEntityMethodProcessor does not allow other Http methods than defined in the HttpMethod Enum [SPR-13776]

[spring-projects-issues]

Robert Winkler opened SPR-13776 and commented

The following commit "11b4e3b" did change the way how the
HttpEntityMethodProcessor.handleReturnValue() method checks if the current ServletRequest().getMethod() equals HttpMethod.GET.
The current implementation invokes HttpMethod.valueOf(getRequest().getMethod()) now and does not allow HTTP methods like WebDav's "PROPFIND" anymore.

Currently we can't use the Spring Framework anymore to provide a CalDav, CardDav application using the Miltion.io framework.

A PROPFIND requests fails with java.lang.IllegalArgumentException, Message: No enum constant org.springframework.http.HttpMethod.PROPFIND now.

---

Affects: 4.2.3

Reference URL:

spring-framework/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/HttpEntityMethodProcessor.java

Line 175 in 11b4e3b

if (inputMessage.getMethod() == HttpMethod.GET &&

Issue Links:

• Allow DispatcherServlet/ServletWrappingController to work with the extended WebDAV methods [SPR-4799] #9476 Allow DispatcherServlet/ServletWrappingController to work with the extended WebDAV methods ("is depended on by")
• ResponseEntity should allow the usage of unassigned HTTP status codes [SPR-14205] #18779 ResponseEntity should allow the usage of unassigned HTTP status codes
• Spring Web should process requests with empty/invalid mime type [SPR-14309] #18881 Spring Web should process requests with empty/invalid mime type
• Consistent comma splitting without regex overhead (e.g. in MediaType/MimeType) [SPR-14635] #19202 Consistent comma splitting without regex overhead (e.g. in MediaType/MimeType)

[spring-projects-issues]

Robert Winkler commented

Do you need more information or is it sufficient?

[spring-projects-issues]

Juergen Hoeller commented

Thanks for raising this; it's clear now that we have to consistently accept (or at least ignore) unknown HTTP methods. I'll do a comprehensive pass through all applicable spots, possibly in combination with relaxing HttpMethod.valueOf to return null for an unknown method.

Juergen

[spring-projects-issues]

Robert Winkler commented

Thx. A Snapshot would be great. :)
Would it even be possible to add WebDav HTTP Methods to RequestMethod and HttpMethod? And extend the following check in the FrameworkServlet.service() method in order to intercept and allow WebDav requests as well?

if (method.equalsIgnoreCase(RequestMethod.PATCH.name())) {
processRequest(request, response);
}
else {
super.service(request, response);
}

[spring-projects-issues]

Juergen Hoeller commented

I've relaxed HttpMethod resolution across our MVC infrastructure now, making it consistent with the previously relaxed check in HttpEntityMethodProcessor. I'll commit this tomorrow, so it'll be available in a 4.2.4.BUILD-SNAPSHOT in the course of the day.

As for relaxing HTTP method handling in DispatcherServlet itself, we've just found an old ticket asking for essentially the same: #9476. We might not go as far as adding those HTTP methods to our standard enums but we'd at least like to allow for custom HTTP methods with a first-class flag in DispatcherServlet etc... currently targeting 4.3. For the time being, you'll have to keep subclassing DispatcherServlet, I'm afraid.

Juergen

[spring-projects-issues]

Robert Winkler commented

Thank you very much. That was fast feedback.

Yes, we currently use the workaround explained in #9476. But we are not happy with it.

[spring-projects-issues]

Juergen Hoeller commented

The latest 4.2.4.BUILD-SNAPSHOT includes these changes already. Feel free to give them a try...

Juergen

[spring-projects-issues]

Robert Winkler commented

Works. Everything fine again :) Thanks.

[spring-projects-issues]

Juergen Hoeller commented

Alright, thanks for the feedback!

[spring-projects-issues]

Robert Winkler commented

Is it possible that this change has not been merged into 4.2.4.RELEASE?
In GitHub it seems to be the old source code?

[spring-projects-issues]

Juergen Hoeller commented

It should be in there just like in the snapshots: 4261f34

Juergen

[spring-projects-issues]

Robert Winkler commented

Ups sry. I've updated the Spring IO Platform in our project, but forgot to update the spring-boot-gradle-plugin to 1.3.1.RELEASE.
This caused a version mismatch and the build used the older Spring Framework version.