A @RequestMapping method handles all matching requests by default. That means that a method you intended only to be
POST-ed to could also be called by a GET, thereby allowing hackers to call the method inappropriately. For example a
"transferFunds" method might be invoked like so: <img
src="http://bank.com/actions/transferFunds?reciepientRouting=000000&receipientAccount=11111111&amount=200.00" width="1"
height="1"/>
For that reason, you should always explicitly list the single HTTP method with which you expect your @RequestMapping Java method to be
called. This rule raises an issue when method is missing.
@RequestMapping("/greet") // Noncompliant
public String greet(String greetee) {
@RequestMapping("/greet", method = GET)
public String greet(String greetee) {