0 Replies Latest reply on Jul 18, 2018 10:00 AM by 3262004

    HttpURLConnection: Invalid HTTP method PATCH

    3262004

      Hi,

      I am working on one ADF application(Using Jdeveloper 11.1.1.7.0, JDK 1.7.0.80), where I am calling one REST API patch operation using HttpURLConnection . I got to know that HttpURLConnection does not support PATCH operation. I tried some solutions found on some forums and finally one solution worked in my application.

      Solution:

          /**

           * This method is used to allows PATCH operation for HttpURLConnection class

           * @param methods is a method name

           */

          public void allowMethods(String methods) {

              try {

                  Field methodsField =

                      HttpURLConnection.class.getDeclaredField("methods");

       

       

                  Field modifiersField = Field.class.getDeclaredField("modifiers");

                  modifiersField.setAccessible(true);

                  modifiersField.setInt(methodsField,

                                        methodsField.getModifiers() & ~Modifier.FINAL);

                  methodsField.setAccessible(true);

       

       

                  String[] oldMethods = (String[])methodsField.get(null);

                  Set<String> methodsSet =

                      new LinkedHashSet<>(Arrays.asList(oldMethods));

                  methodsSet.addAll(Arrays.asList(methods));

                  String[] newMethods = methodsSet.toArray(new String[0]);

       

       

                  methodsField.set(null, /*static field*/newMethods);

              } catch (NoSuchFieldException | IllegalAccessException e) {

                  throw new IllegalStateException(e);

              }

          }

       

      The above solution  is using reflection method and add the 'PATCH' to the HttpURLConnection methods. This solution is working fine, however foritfy security tool  is reporting the issue for the method setAccessible(). Can we use setAccessible() method on production? I mean can we use the  above workaround on production environment ? Is there any issue if we deploy the application with this workaround on production?

      Can anyone please suggest me on this.

       

      Thanks,

      Kratika