struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Lindal <support_0...@newplanetsoftware.com>
Subject Re: strict DMI
Date Wed, 04 Jan 2012 19:13:40 GMT
Actually, the wiki did mention that "method" is in addition to allowed- 
methods.  I have  updated it to make it clearer and also explain that  
since wildcards are specified in the "method", this is not blocked by  
allowed-methods.  I also added a note about allowed-methods without  
strict-method-invocation.  (They are independent.)

Thanks for the feedback.

John

On Jan 4, 2012, at 12:49 AM, Andreas Sachs wrote:

> According to the documentation:
> In Struts 2.3, an option was added to restrict the methods that DMI  
> can invoke. First, set the attribute strict-method-invocation="true"  
> on your <package> element. Then specify <allowed-methods> as a comma- 
> separated list of method names in your <action>. A request for any  
> other method will be rejected. (If you specify a method attribute  
> for your action, you do not need to list it in <allowed-methods>.)
>
> It's not defined what will happen if a method attribute for the  
> action is specified (wildcard or not) and <allowed-methods> is also  
> specified.
>
> Can you make the documentation of <allowed-methods> and strict- 
> method-invocation more clear?
>
> What does strict-method-invocation mean:
> set to true:
> -method attribute must be specified or allowed-methods must be  
> defined?
>
> set to false:
> -method attribute need not be specified and allowed-methods need not  
> be defined. But what will happen if i add allowed-methods? (is the  
> invocation limited to these methods?)
>
>
> What does <allowed-methods> mean:
> If a method attribute  and allowed-methods is specified, will  
> allowed-methods be respected (this makes only sense if the method  
> attribute contains a wildcard)?
>
>
> From my point of view <allowed-methods> should be treated  
> independently of strict-method-invocation:
>
> allowed_method: if specified, it should be respected, even if strict- 
> method-invocation is turned off.
> strict-method-invocation: if turned on, methods must be specified  
> (by method-attribute or allowed_method)
>
>
> Thanks
> Andi
>
>
>
> -------- Original-Nachricht --------
>> Datum: Tue, 3 Jan 2012 15:42:50 -0800
>> Von: John Lindal <support_0384@newplanetsoftware.com>
>> An: "Struts Developers List" <dev@struts.apache.org>
>> Betreff: Re: strict DMI
>
>> I think the <allowed-methods> tag inside an <action> controls both.
>>
>> John
>>
>> On Jan 3, 2012, at 2:50 PM, Andreas Sachs wrote:
>>
>>> Hi,
>>> i like the idea of strict-method-invocation="true" and the
>>> possibility to define the allowed methods. I'm just wondering why
>>> this is only implemented for DMI and not for wildcard method
>>> invocation.
>>> Are there any reasons for this?
>>>
>>> Thanks
>>> Andi
>>> -- 
>>> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
>>> belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>>
>
> -- 
> NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!		
> Jetzt informieren: http://www.gmx.net/de/go/freephone
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message