import org.sonar.api.server.ws.WebService;
import org.sonar.server.exceptions.ServerException;
-import javax.servlet.http.HttpServletResponse;
+import static javax.servlet.http.HttpServletResponse.SC_METHOD_NOT_ALLOWED;
public class RequestVerifier {
private RequestVerifier() {
}
public static void verifyRequest(WebService.Action action, Request request) {
- // verify the HTTP verb
- if (action.isPost() && !"POST".equals(request.method())) {
- throw new ServerException(HttpServletResponse.SC_METHOD_NOT_ALLOWED, "HTTP method POST is required");
+ switch (request.method()) {
+ case "GET":
+ if (action.isPost()) {
+ throw new ServerException(SC_METHOD_NOT_ALLOWED, "HTTP method POST is required");
+ }
+ return;
+ case "PUT":
+ case "DELETE":
+ throw new ServerException(SC_METHOD_NOT_ALLOWED, String.format("HTTP method %s is not allowed", request.method()));
+ default:
+ // Nothing to do
}
}
}
assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method POST is required\"}]}");
}
+ @Test
+ public void method_put_not_allowed() {
+ ValidatingRequest request = new TestRequest().setMethod("PUT").setPath("/api/system/ping");
+ DumbResponse response = new DumbResponse();
+ underTest.execute(request, response);
+
+ assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method PUT is not allowed\"}]}");
+ }
+
+ @Test
+ public void method_delete_not_allowed() {
+ ValidatingRequest request = new TestRequest().setMethod("DELETE").setPath("/api/system/ping");
+ DumbResponse response = new DumbResponse();
+ underTest.execute(request, response);
+
+ assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"HTTP method DELETE is not allowed\"}]}");
+ }
+
@Test
public void method_post_required() {
ValidatingRequest request = new TestRequest().setMethod("POST").setPath("/api/system/ping");