{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 疯言疯语 的问题《How does Spring call these @RequestMappings》','https://www.manongdao.com/q-992847.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
The source code for Spring OAuth2's AuthorizationEndpoint contains two redundant @RequestMapping annotations for the same /oauth/authorize endpoint. One of them specifies the POST method, while the other does not specify a method.
How are the two @RequestMapping annotations interpreted? Does the one that specifies POST exclusively handle all POST /oauth/authorize requests, and does the one that does not specify a method exclusively handle any non-POST requests to /oauth/authorize? Or do both methods overlap, with both methods being called for certain requests?
This is probably a Spring MVC question, though the source code on GitHub uses Spring MVC to define what is Spring OAuth2.
Though the complete source code is available on GitHub at the link that the top of this OP, the headers for the two relevant methods are summarized here as follows:
@RequestMapping(value = "/oauth/authorize")
public ModelAndView authorize(Map<String, Object> model, @RequestParam Map<String, String> parameters,
SessionStatus sessionStatus, Principal principal) {
//other stuff
}
@RequestMapping(value = "/oauth/authorize", method = RequestMethod.POST, params = OAuth2Utils.USER_OAUTH_APPROVAL)
public View approveOrDeny(@RequestParam Map<String, String> approvalParameters, Map<String, ?> model,
SessionStatus sessionStatus, Principal principal) {
//other stuff
}
First of, from http://javatechig.com/java/spring/how-spring-controller-request-mapping-works-in-spring-mvc the default is interpreted as a
GET. This is the first distinction. Second the paramaters of both methods are slightly different where method 1 requests aMap<String, String>and the other methodMap<String, ?>. So even if both methods wereGET, it would still make the distinction on parameter level.The
POSTexclusively handles post and nothing else. The other method only handlesGETrequests. They never overlap. As is java's law andSpringis still bound by the rules of the java overlords =)This is already explained in the official documentation: if you provide the values for the
methodfield, they'll be used to narrow the mapping. In other words: Spring MVC will use these hints to find the most precise match for each request.It's also easy to build a simple proof-of-concept application that demonstrates it in practice:
Hitting
/foowith a GET request, for instance using Postman, will return "hello, GET". All other supported HTTP methods (POST, PUT, DELETE, etc.) will result in "hello, default".The default method used by Spring request mapping is GET, so if you specify a request mapping with only
@RequestMappingannotation, Spring will route all GET requests for the value of the annotation to this method.To use any other method you basically need to say the method in the annotation. like
@RequestMapping(method = RequestMethod.POST)So for your example the first method will only handle the GET requests, while the other will handle the POST requests exclusively.
Usually GET in OAuth is used for normal interpretations, while the POST is used to authenticate un-authenticated users using the param passed to the method, which in this case is
OAuth2Utils.USER_OAUTH_APPROVAL.