Is there any way with which I can stop http processing unknown methods?

Question

We are using Spring MVC framework, and have a button on our storefront on clicking on the button, we rarely receive the following error on console.

INFO | jvm 1 | main | 2017/06/28 13:08:03.644 | Jun 28, 2017 1:08:03 PM org.apache.catalina.core.StandardWrapperValve invoke
INFO | jvm 1 | main | 2017/06/28 13:08:03.644 | SEVERE: Servlet.service() for servlet [DispatcherServlet] in context with path [] threw exception [Error while processing internal filterchain. Exception occurred at chain position: 8 of 11. Current filter: 'FilterChainProxy[Filter Chains: [[ Ant [pattern='/_ui/**'], []], [ Ant [pattern='/steeldeals/**'], []], [ Ant [pattern='/checkout/**'], [org.springframework.security.web.access.channel.ChannelProcessingFilter@6ccd9b91, org.springframework.security.web.context.SecurityContextPersistenceFilter@2ea08465, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@2c541acd, org.springframework.security.web.authentication.logout.LogoutFilter@45ab9f77, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@672615d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@3f5623f9, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3053d0eb, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4eb90d16, org.springframework.security.web.session.SessionManagementFilter@570a47ba, org.springframework.security.web.access.ExceptionTranslationFilter@63eb30fa, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@65dca055]], [ com.amc.storefront.security.ExcludeUrlRequestMatcher@27f047cf, [org.springframework.security.web.access.channel.ChannelProcessingFilter@ffa7b85, org.springframework.security.web.context.SecurityContextPersistenceFilter@5c360f5, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5e1277c7, org.springframework.security.web.authentication.logout.LogoutFilter@e75da11, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5b3f9981, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2c7712f4, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3d7d67fa, org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@74356d9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@5fb01d53, org.springframework.security.web.session.SessionManagementFilter@23556539, org.springframework.security.web.access.ExceptionTranslationFilter@3b68934e, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4e9f045a]]]]'!; nested exception is java.lang.IllegalArgumentException: No enum constant org.springframework.http.HttpMethod.PROPFIND] with root cause
INFO | jvm 1 | main | 2017/06/28 13:08:03.644 | java.lang.IllegalArgumentException: No enum constant org.springframework.http.HttpMethod.PROPFIND
INFO | jvm 1 | main | 2017/06/28 13:08:03.644 | at java.lang.Enum.valueOf(Enum.java:236)
INFO | jvm 1 | main | 2017/06/28 13:08:03.644 | at org.springframework.http.HttpMethod.valueOf(HttpMethod.java:27)
INFO | jvm 1 | main | 2017/06/28 13:08:03.644 | at org.springframework.security.web.util.matcher.AntPathRequestMatcher.matches(AntPathRequestMatcher.java:125)
INFO | jvm 1 | main | 2017/06/28 13:08:03.644 | at org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource.getAttributes(DefaultFilterInvocationSecurityMetadataSource.java:86)
INFO | jvm 1 | main | 2017/06/28 13:08:03.644 | at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:130)
INFO | jvm 1 | main | 2017/06/28 13:08:03.644 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
INFO | jvm 1 | main | 2017/06/28 13:08:03.644 | at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
INFO | jvm 1 | main | 2017/06/28 13:08:03.644 | at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
INFO | jvm 1 | main | 2017/06/28 13:08:03.644 | at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:226)

We are using the following code snippet in spring-security-config.xml

<security:http pattern="/_ui/**" security="none"/>
<security:http pattern="/SteelDeals/**" security="none"/>

<!-- Security config for checkout - it has its own login page -->
<security:http disable-url-rewriting="true" pattern="/checkout/**" use-expressions="true">
  <security:anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS" />
    <security:session-management session-authentication-strategy-ref="fixation" />

    <!--<security:session-management session-fixation-protection="none" />-->

    <!-- SSL / AUTHENTICATED pages -->
    <security:intercept-url pattern="/checkout/j_spring_security_check" requires-channel="https"/>
    <security:intercept-url pattern="/checkout*"  requires-channel="https"/>
    <security:intercept-url pattern="/checkout/**"  requires-channel="https"/>

Answer 1

You can configure the dispatcherServlet to dispatch only the methods you want to process. However, you wn't be able to process non existent HTTP methods.

Answer 2

Your code is already rejecting the wrong methods, You are getting this error it means there is some problem in your client code (code which is accessing your controller eg ui code).

However, if you want to define a specific method for your controller url you can do by using method property of @RequestMapping annotation

@RequestMapping(value = "/bucket", method = {RequestMethod.GET})
public Collection<BucketResponse> getBucket() {
    return service.getBucket();
}