struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Benedict" <>
Subject Re: S1/2: Data integrity and security
Date Thu, 06 Dec 2007 18:22:31 GMT
On Dec 6, 2007 12:17 PM, Ted Husted <> wrote:

> Although I have no clue what SPI means, I do see the web page mentions
> Struts by name, and says that it can be added to applications
> transparently.

SPI is Service Provider Interface. The Framework would be built around an
interface, and then Struts would be configured to use an SPI implementation.
The JDK has many SPI packages.

> The vast majority of web applications run inside a firewall and are
> used by a handful of trusted employees. There are many cases where
> Klingon-grade security may not always trump day-to-day performance.


> On the Struts 1 security front, there are also projects like the
> Struts SSL Extension which could be subsumed into the core.

I am not strongly in favor of belonging to the core. I think the feature
should be optional, but I wouldn't also object if it was put of the core
with the option to turn on/off.

The developers of HDIV said their programming model would be extremely
simplified if they could have an SPI that targets both versions of Struts. I
agree and I think it also opens the door to other people doing other kinds
of implementations.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message