SEC-718: Support additional HTTP methods.

core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java

@@ -55,7 +55,7 @@ import java.util.Collections;
  */
 public class DefaultFilterInvocationDefinitionSource implements FilterInvocationDefinitionSource {
 
-    private static final Set HTTP_METHODS = new HashSet(Arrays.asList(new String[]{ "GET", "PUT", "DELETE", "POST" }));
+    private static final Set HTTP_METHODS = new HashSet(Arrays.asList(new String[]{ "DELETE", "GET", "HEAD", "OPTIONS", "POST", "PUT", "TRACE" }));
 
     protected final Log logger = LogFactory.getLog(getClass());
 

core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc

@@ -200,7 +200,7 @@ intercept-url.attlist &=
     attribute access {xsd:string}?
 intercept-url.attlist &=
     ## The HTTP Method for which the access configuration attributes should apply. If not specified, the attributes will apply to any method.
-    attribute method {"GET" | "PUT" | "POST" | "DELETE"}?
+    attribute method {"GET", "DELETE", "HEAD", "OPTIONS", "POST", "PUT", "TRACE"}?
 
 intercept-url.attlist &=
     ## The filter list for the path. Currently can be set to "none" to remove a path from having any filters applied. The full filter stack (consisting of all defined filters, will be applied to any other paths).