struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Cookie Interceptor
Date Thu, 16 May 2013 19:48:14 GMT
If this is gonna break backward compatibility, please register an
issue with JIRA and we will introduce the change with Struts 2.5/3
version.


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

2013/4/4 Maurizio Cucchiara <mcucchiara@apache.org>:
>> My proposal would
>> be to simplify the interceptor in two ways:
>> 1) Remove the filter by cookie value: I don't know under which
>> circumstances that could be useful
> I'm not able to identify those circumstances, but AFAIU that filter is
> harmless, if you don't define a cookie value, struts will never filter
> your cookies.
> Furthermore, this change would break bacward compatibility, and this
> may make unhappy many users which know those circumstances :(.
>
>> 2) Parse the cookieName as a OGNL expression, so I can setup the cookie
>> names I want to receive dynamically, instead of harcoding them in the
>> configuration files.
> This could be useful, but at the same time there would be some
> security risk related to it.
>
>
>> Also related, there is no way in Struts to setup a Cookie.
> Actually, ATM you can implement ServletResponseAware interface. Yes, I
> know this don't mean that there is a direct way, but it is not so hard
> to implement IMHO.
>
>> I developed my
>> own CookieProviderInterceptor and CookieProvider (interfaces) to allow an
>> Action to create a cookie and pass it to the CookieProviderInterceptor to
>> ser it in the request, but I would love to see a more integrated process.
>
> At first glance, the patch you provided sounds good to me, I will get
> a deeper look in the next days.
> Further, CPI could provide remove cookie method.
>
>
> Twitter     :http://www.twitter.com/m_cucchiara
> G+          :https://plus.google.com/107903711540963855921
> Linkedin    :http://www.linkedin.com/in/mauriziocucchiara
> VisualizeMe: http://vizualize.me/maurizio.cucchiara?r=maurizio.cucchiara
>
> Maurizio Cucchiara
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message