From 9a65eec36fdbdf76c4ac45e3a1e106f0d26362d1 Mon Sep 17 00:00:00 2001 From: Sebastien Deleuze Date: Mon, 20 Apr 2015 09:03:25 +0200 Subject: [PATCH] Avoid registering CorsConfiguration for methods without @CrossOrigin Issue: SPR-12931 --- .../RequestMappingHandlerMapping.java | 10 +++++--- .../method/annotation/CrossOriginTests.java | 25 ++++++++++++++++++- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java index 7b28548e17..bcfe8c88e0 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java @@ -271,13 +271,15 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi @Override protected CorsConfiguration initCorsConfiguration(Object handler, Method method, RequestMappingInfo mappingInfo) { HandlerMethod handlerMethod = createHandlerMethod(handler, method); + CrossOrigin typeAnnotation = AnnotationUtils.findAnnotation(handlerMethod.getBeanType(), CrossOrigin.class); + CrossOrigin methodAnnotation = AnnotationUtils.findAnnotation(method, CrossOrigin.class); - CorsConfiguration config = new CorsConfiguration(); + if (typeAnnotation == null && methodAnnotation == null) { + return null; + } - CrossOrigin typeAnnotation = AnnotationUtils.findAnnotation(handlerMethod.getBeanType(), CrossOrigin.class); + CorsConfiguration config = new CorsConfiguration(); applyAnnotation(config, typeAnnotation); - - CrossOrigin methodAnnotation = AnnotationUtils.findAnnotation(method, CrossOrigin.class); applyAnnotation(config, methodAnnotation); if (CollectionUtils.isEmpty(config.getAllowedMethods())) { diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java index 5ff57a9c3d..6229e7cf16 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java @@ -66,7 +66,7 @@ public class CrossOriginTests { } @Test - public void noAnnotation() throws Exception { + public void noAnnotationWithoutOrigin() throws Exception { this.handlerMapping.registerHandler(new MethodLevelController()); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/no"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); @@ -74,6 +74,25 @@ public class CrossOriginTests { assertNull(config); } + @Test // SPR-12931 + public void noAnnotationWithOrigin() throws Exception { + this.handlerMapping.registerHandler(new MethodLevelController()); + this.request.setRequestURI("/no"); + HandlerExecutionChain chain = this.handlerMapping.getHandler(request); + CorsConfiguration config = getCorsConfiguration(chain, false); + assertNull(config); + } + + @Test // SPR-12931 + public void noAnnotationPostWithOrigin() throws Exception { + this.handlerMapping.registerHandler(new MethodLevelController()); + this.request.setMethod("POST"); + this.request.setRequestURI("/no"); + HandlerExecutionChain chain = this.handlerMapping.getHandler(request); + CorsConfiguration config = getCorsConfiguration(chain, false); + assertNull(config); + } + @Test public void defaultAnnotation() throws Exception { this.handlerMapping.registerHandler(new MethodLevelController()); @@ -203,6 +222,10 @@ public class CrossOriginTests { public void noAnnotation() { } + @RequestMapping(value = "/no", method = RequestMethod.POST) + public void noAnnotationPost() { + } + @CrossOrigin @RequestMapping(value = "/default", method = RequestMethod.GET) public void defaultAnnotation() { -- GitLab