struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Carreira <>
Subject Re: [s2] Action ! Method syntax (was Freemarker transform name)
Date Fri, 25 Aug 2006 15:52:09 GMT
> ...unless you really want to take the security
> exercise all the way, 
> i.e., secure each and every method via
> container-managed security using 
> annotations (ideally) to configure what roles/users
> can access what 
> methods, thereby taking the URI out of the equation
> entirely... if you 
> aren't in an allowed role, you can't execute the
> method, regardless of 
> what URI was used to request it.
> Might not be a bad feature actually, but seems like a
> bit of overkill to 
> me :)

I do this now, with Acegi and Spring. Not so much on actions, but on the Services they call.

Let's not re-invent the wheel.

RE: This being a security hole or not. I don't even really care if it's a security hole. That's
the most minor of problems with this feature. It's all of the special case hacks in the code
to accomodate it and the requests for more special case hacks for other parts of the framework
that it engenders.
Posted via Jive Forums

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message