struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>
Subject Re: Cookie Interceptor
Date Fri, 17 May 2013 03:03:15 GMT
Well, the only part that could break backward compatibility is the idea of
removing filter of cookies by value. But the CookieProviderInterceptor and
the idea of being able to OGNL-value the accepted cookie names should not
break anything.


2013/5/16 Lukasz Lenart <lukaszlenart@apache.org>

> If this is gonna break backward compatibility, please register an
> issue with JIRA and we will introduce the change with Struts 2.5/3
> version.
>
>
> Regards
> --
> Ɓukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> 2013/4/4 Maurizio Cucchiara <mcucchiara@apache.org>:
> >> My proposal would
> >> be to simplify the interceptor in two ways:
> >> 1) Remove the filter by cookie value: I don't know under which
> >> circumstances that could be useful
> > I'm not able to identify those circumstances, but AFAIU that filter is
> > harmless, if you don't define a cookie value, struts will never filter
> > your cookies.
> > Furthermore, this change would break bacward compatibility, and this
> > may make unhappy many users which know those circumstances :(.
> >
> >> 2) Parse the cookieName as a OGNL expression, so I can setup the cookie
> >> names I want to receive dynamically, instead of harcoding them in the
> >> configuration files.
> > This could be useful, but at the same time there would be some
> > security risk related to it.
> >
> >
> >> Also related, there is no way in Struts to setup a Cookie.
> > Actually, ATM you can implement ServletResponseAware interface. Yes, I
> > know this don't mean that there is a direct way, but it is not so hard
> > to implement IMHO.
> >
> >> I developed my
> >> own CookieProviderInterceptor and CookieProvider (interfaces) to allow
> an
> >> Action to create a cookie and pass it to the CookieProviderInterceptor
> to
> >> ser it in the request, but I would love to see a more integrated
> process.
> >
> > At first glance, the patch you provided sounds good to me, I will get
> > a deeper look in the next days.
> > Further, CPI could provide remove cookie method.
> >
> >
> > Twitter     :http://www.twitter.com/m_cucchiara
> > G+          :https://plus.google.com/107903711540963855921
> > Linkedin    :http://www.linkedin.com/in/mauriziocucchiara
> > VisualizeMe: http://vizualize.me/maurizio.cucchiara?r=maurizio.cucchiara
> >
> > Maurizio Cucchiara
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> > For additional commands, e-mail: dev-help@struts.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message