struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Husted" <hus...@apache.org>
Subject Re: [S2] Annotations (was Plugins gone wild!)
Date Wed, 24 Oct 2007 18:52:16 GMT
On 10/23/07, Martin Gilday <martin.lists@imap.cc> wrote:
> Well I am looking at the Parameter Filter Interceptor
> (http://cwiki.apache.org/WW/parameter-filter-interceptor.html) which I
> am proposing we complement by allowing the same thing with annotations.
> Currently we have a wizard like section in one of our sites which we are
> backing with Spring session scope beans.  So the Struts2 Spring plugin
> injects it.  To allow this we have a setMySessionBeanName(), which is
> public.  So a user could call an action with a parameter
> mySessionBeanName.forename and change that value.  You can stop that
> with the filter interceptor by defining mySessionBeanName as a blocked
> parameter name,  I would prefer to mark it @NotAParameter.

Why not @blocked and @allowed for the properties, and @defaultBlock
for the class?

-Ted.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message