use 405 response code for unconfigured http actions

add http allow header in 405 response
opencadc · Nov 29, 2024 · ea6f36c · ea6f36c
1 parent 51d9671
commit ea6f36c
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 12 deletions.
diff --git a/cadc-rest/build.gradle b/cadc-rest/build.gradle
@@ -16,7 +16,7 @@ sourceCompatibility = 1.8
 
 group = 'org.opencadc'
 
-version = '1.4.0'
+version = '1.4.1'
 
 description = 'OpenCADC REST server library'
 def git_url = 'https://github.com/opencadc/core'

diff --git a/cadc-rest/src/main/java/ca/nrc/cadc/rest/RestServlet.java b/cadc-rest/src/main/java/ca/nrc/cadc/rest/RestServlet.java
@@ -111,7 +111,7 @@ public class RestServlet extends HttpServlet {
 
     private static final Map<URI,String> SEC_METHOD_CHALLENGES = new TreeMap<>();
 
-    private static final List<String> CITEMS = new ArrayList<String>();
+    private static final List<String> CITEMS = new ArrayList<>();
 
     static final String AUGMENT_SUBJECT_PARAM = "augmentSubject";
     static final String AUTH_HEADERS_PARAM = "authHeaders";
@@ -143,15 +143,18 @@ public class RestServlet extends HttpServlet {
     protected String componentID;
     protected boolean augmentSubject = true;
     protected boolean setAuthHeaders = true;
+
+    private String allowHeaderValue;
 
     @Override
     public void init(ServletConfig config) throws ServletException {
         super.init(config);
-        this.getAction = loadAction(config, "get");
-        this.postAction = loadAction(config, "post");
-        this.putAction = loadAction(config, "put");
-        this.deleteAction = loadAction(config, "delete");
-        this.headAction = loadAction(config, "head");
+        this.getAction = loadAction(config, "get", true);
+        this.postAction = loadAction(config, "post", true);
+        this.putAction = loadAction(config, "put", true);
+        this.deleteAction = loadAction(config, "delete", true);
+        this.headAction = loadAction(config, "head", true);
+        StringBuilder sb = new StringBuilder();
 
         // appName: war file foo#bar.war, context path /foo/bar -> foo-bar
         this.appName = config.getServletContext().getContextPath().substring(1).replaceAll("/", "-");
@@ -166,14 +169,14 @@ public void init(ServletConfig config) throws ServletException {
         }
 
         // application specific config
-        for (String name : new Enumerator<String>(config.getInitParameterNames())) {
+        for (String name : new Enumerator<>(config.getInitParameterNames())) {
             if (!CITEMS.contains(name)) {
                 initParams.put(name, config.getInitParameter(name));
             }
         }
 
         try {
-            Class<InitAction> initActionClass = loadAction(config, "init");
+            Class<InitAction> initActionClass = loadAction(config, "init", false);
             if (initActionClass != null) {
                 initAction = initActionClass.getDeclaredConstructor().newInstance();
                 initAction.setServletContext(getServletContext());
@@ -199,12 +202,19 @@ public void destroy() {
         }
     }
 
-    private <T> Class<T> loadAction(ServletConfig config, String method) {
+    private <T> Class<T> loadAction(ServletConfig config, String method, boolean httpAction) {
         String cname = config.getInitParameter(method);
         if (cname != null) {
             try {
                 Class<T> ret = (Class<T>) Class.forName(cname);
                 log.info(method + ": " + cname + " [loaded]");
+                if (httpAction) {
+                    if (allowHeaderValue == null) {
+                        allowHeaderValue = method.toUpperCase();
+                    } else {
+                        allowHeaderValue += ", " + method.toUpperCase();
+                    }
+                }
                 return ret;
             } catch (Exception ex) {
                 log.error(method + ": " + cname + " [FAILED]", ex);
@@ -224,7 +234,8 @@ private <T> Class<T> loadAction(ServletConfig config, String method) {
      */
     protected void handleUnsupportedAction(String action, HttpServletResponse response)
         throws IOException {
-        response.setStatus(400);
+        response.setStatus(405);
+        response.setHeader("Allow", allowHeaderValue);
         response.setHeader("Content-Type", "text/plain");
         PrintWriter w = response.getWriter();
         w.println("unsupported: HTTP " + action);
@@ -311,7 +322,7 @@ protected void doit(HttpServletRequest request, HttpServletResponse response,  C
                 nae = ex;
             }
 
-            RestAction action = actionClass.newInstance();
+            RestAction action = actionClass.getDeclaredConstructor().newInstance();
             action.setServletContext(getServletContext());
             action.setAppName(appName);
             action.setComponentID(componentID);