[
https://issues.apache.org/jira/browse/FINERACT-2568?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ralph Hopman updated FINERACT-2568:
-----------------------------------
Description:
HTTP {{GET}} and {{DELETE}} operations typically do not accept a request body.
However, many JAX-RS API resource classes in the codebase annotate these
methods with {{{}@Consumes(\{ MediaType.APPLICATION_JSON }){}}}. This is
misleading, as it implies the endpoint expects a request body when it does not.
It can also result in unexpected {{415 Unsupported Media Type}} responses on
{{DELETE}} requests where the {{Content-Type}} header is not set.
There are two variants of this issue:
# *Method-level:* {{@Consumes}} is placed directly on {{@GET}} or {{@DELETE}}
methods that have no body parameter. For example, the {{retrieveAll}} method in
{{SavingsProductsApiResource}} or the {{delete}} method in
{{{}UsersApiResource{}}}.
# *Class-level:* {{@Consumes}} is placed on the class, which causes it to
apply to _all_ methods — including {{@GET}} and {{@DELETE}} methods that should
not have it. For example, {{{}NotesApiResource{}}}, {{{}SearchApiResource{}}},
{{{}HookApiResource{}}}, and others.
h3. Scope
A thorough analysis of the codebase identifies approximately *138 affected
files* across all modules ({{{}fineract-provider{}}}, {{{}fineract-core{}}},
{{{}fineract-accounting{}}}, {{{}fineract-branch{}}}, {{{}fineract-charge{}}},
{{{}fineract-document{}}}, {{{}fineract-investor{}}}, {{{}fineract-loan{}}},
{{{}fineract-loan-origination{}}}, {{{}fineract-mix{}}},
{{{}fineract-progressive-loan{}}}, {{{}fineract-rates{}}},
{{{}fineract-security{}}}, {{{}fineract-tax{}}},
{{{}fineract-working-capital-loan{}}}).
h3. Proposed Changes
* Remove {{@Consumes(\{ MediaType.APPLICATION_JSON })}} from all {{@GET}}
methods (they never accept a body).
* Remove {{@Consumes(\{ MediaType.APPLICATION_JSON })}} from {{@DELETE}}
methods that do not accept a body parameter. {{@DELETE}} methods that _do_
accept a body (e.g., in {{{}DatatablesApiResource{}}},
{{{}EntityDatatableChecksApiResource{}}},
{{{}CreditBureauIntegrationApiResource{}}},
{{{}ReportMailingJobApiResource{}}}) will be left unchanged.
* For class-level {{@Consumes}} annotations on classes that contain {{@GET}}
or {{@DELETE}} methods: remove the class-level annotation and add {{@Consumes}}
to each individual {{@POST}} / {{@PUT}} method that needs it.
* Special case: {{EchoHeadersApiResource}} uses {{@Consumes(\{
MediaType.WILDCARD })}} on a {{@GET}} intentionally and will not be modified.
* Remove unused {{Consumes}} and {{MediaType}} imports where applicable.
h3. Motivation
* Improved API correctness and clarity for consumers of the REST API.
* More accurate OpenAPI / Swagger documentation generation ({{{}@Consumes{}}}
affects the generated spec).
* Aligns with JAX-RS best practices.
h3. Risk Assessment
Low. This is a metadata-only change on the JAX-RS annotations. It does not
alter any business logic, request routing, or response behavior. {{GET}} and
{{DELETE}} requests without a body were never actually consuming JSON — the
annotation was simply ignored by the runtime.
was:
HTTP {{GET}} and {{DELETE}} operations typically do not accept a request body.
However, many JAX-RS API resource classes in the codebase annotate these
methods with {{{}@Consumes(\{ MediaType.APPLICATION_JSON }){}}}. This is
misleading, as it implies the endpoint expects a request body when it does not.
There are two variants of this issue:
# *Method-level:* {{@Consumes}} is placed directly on {{@GET}} or {{@DELETE}}
methods that have no body parameter. For example, the {{retrieveAll}} method in
{{SavingsProductsApiResource}} or the {{delete}} method in
{{{}UsersApiResource{}}}.
# *Class-level:* {{@Consumes}} is placed on the class, which causes it to
apply to _all_ methods — including {{@GET}} and {{@DELETE}} methods that should
not have it. For example, {{{}NotesApiResource{}}}, {{{}SearchApiResource{}}},
{{{}HookApiResource{}}}, and others.
h3. Scope
A thorough analysis of the codebase identifies approximately *138 affected
files* across all modules ({{{}fineract-provider{}}}, {{{}fineract-core{}}},
{{{}fineract-accounting{}}}, {{{}fineract-branch{}}}, {{{}fineract-charge{}}},
{{{}fineract-document{}}}, {{{}fineract-investor{}}}, {{{}fineract-loan{}}},
{{{}fineract-loan-origination{}}}, {{{}fineract-mix{}}},
{{{}fineract-progressive-loan{}}}, {{{}fineract-rates{}}},
{{{}fineract-security{}}}, {{{}fineract-tax{}}},
{{{}fineract-working-capital-loan{}}}).
h3. Proposed Changes
* Remove {{@Consumes(\{ MediaType.APPLICATION_JSON })}} from all {{@GET}}
methods (they never accept a body).
* Remove {{@Consumes(\{ MediaType.APPLICATION_JSON })}} from {{@DELETE}}
methods that do not accept a body parameter. {{@DELETE}} methods that _do_
accept a body (e.g., in {{{}DatatablesApiResource{}}},
{{{}EntityDatatableChecksApiResource{}}},
{{{}CreditBureauIntegrationApiResource{}}},
{{{}ReportMailingJobApiResource{}}}) will be left unchanged.
* For class-level {{@Consumes}} annotations on classes that contain {{@GET}}
or {{@DELETE}} methods: remove the class-level annotation and add {{@Consumes}}
to each individual {{@POST}} / {{@PUT}} method that needs it.
* Special case: {{EchoHeadersApiResource}} uses {{@Consumes(\{
MediaType.WILDCARD })}} on a {{@GET}} intentionally and will not be modified.
* Remove unused {{Consumes}} and {{MediaType}} imports where applicable.
h3. Motivation
* Improved API correctness and clarity for consumers of the REST API.
* More accurate OpenAPI / Swagger documentation generation ({{{}@Consumes{}}}
affects the generated spec).
* Aligns with JAX-RS best practices.
h3. Risk Assessment
Low. This is a metadata-only change on the JAX-RS annotations. It does not
alter any business logic, request routing, or response behavior. {{GET}} and
{{DELETE}} requests without a body were never actually consuming JSON — the
annotation was simply ignored by the runtime.
> Remove unnecessary @Consumes annotations from GET and DELETE endpoints
> ----------------------------------------------------------------------
>
> Key: FINERACT-2568
> URL: https://issues.apache.org/jira/browse/FINERACT-2568
> Project: Apache Fineract
> Issue Type: Improvement
> Reporter: Ralph Hopman
> Assignee: Ralph Hopman
> Priority: Trivial
>
> HTTP {{GET}} and {{DELETE}} operations typically do not accept a request
> body. However, many JAX-RS API resource classes in the codebase annotate
> these methods with {{{}@Consumes(\{ MediaType.APPLICATION_JSON }){}}}. This
> is misleading, as it implies the endpoint expects a request body when it does
> not. It can also result in unexpected {{415 Unsupported Media Type}}
> responses on {{DELETE}} requests where the {{Content-Type}} header is not set.
> There are two variants of this issue:
> # *Method-level:* {{@Consumes}} is placed directly on {{@GET}} or
> {{@DELETE}} methods that have no body parameter. For example, the
> {{retrieveAll}} method in {{SavingsProductsApiResource}} or the {{delete}}
> method in {{{}UsersApiResource{}}}.
> # *Class-level:* {{@Consumes}} is placed on the class, which causes it to
> apply to _all_ methods — including {{@GET}} and {{@DELETE}} methods that
> should not have it. For example, {{{}NotesApiResource{}}},
> {{{}SearchApiResource{}}}, {{{}HookApiResource{}}}, and others.
> h3. Scope
> A thorough analysis of the codebase identifies approximately *138 affected
> files* across all modules ({{{}fineract-provider{}}}, {{{}fineract-core{}}},
> {{{}fineract-accounting{}}}, {{{}fineract-branch{}}},
> {{{}fineract-charge{}}}, {{{}fineract-document{}}},
> {{{}fineract-investor{}}}, {{{}fineract-loan{}}},
> {{{}fineract-loan-origination{}}}, {{{}fineract-mix{}}},
> {{{}fineract-progressive-loan{}}}, {{{}fineract-rates{}}},
> {{{}fineract-security{}}}, {{{}fineract-tax{}}},
> {{{}fineract-working-capital-loan{}}}).
> h3. Proposed Changes
> * Remove {{@Consumes(\{ MediaType.APPLICATION_JSON })}} from all {{@GET}}
> methods (they never accept a body).
> * Remove {{@Consumes(\{ MediaType.APPLICATION_JSON })}} from {{@DELETE}}
> methods that do not accept a body parameter. {{@DELETE}} methods that _do_
> accept a body (e.g., in {{{}DatatablesApiResource{}}},
> {{{}EntityDatatableChecksApiResource{}}},
> {{{}CreditBureauIntegrationApiResource{}}},
> {{{}ReportMailingJobApiResource{}}}) will be left unchanged.
> * For class-level {{@Consumes}} annotations on classes that contain {{@GET}}
> or {{@DELETE}} methods: remove the class-level annotation and add
> {{@Consumes}} to each individual {{@POST}} / {{@PUT}} method that needs it.
> * Special case: {{EchoHeadersApiResource}} uses {{@Consumes(\{
> MediaType.WILDCARD })}} on a {{@GET}} intentionally and will not be modified.
> * Remove unused {{Consumes}} and {{MediaType}} imports where applicable.
> h3. Motivation
> * Improved API correctness and clarity for consumers of the REST API.
> * More accurate OpenAPI / Swagger documentation generation
> ({{{}@Consumes{}}} affects the generated spec).
> * Aligns with JAX-RS best practices.
> h3. Risk Assessment
> Low. This is a metadata-only change on the JAX-RS annotations. It does not
> alter any business logic, request routing, or response behavior. {{GET}} and
> {{DELETE}} requests without a body were never actually consuming JSON — the
> annotation was simply ignored by the runtime.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
