struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Pyeron" <jpye...@pdinc.us>
Subject RE: [struts-dev] Re: Ultimate way to solve problems with Ognl
Date Fri, 23 May 2014 12:09:55 GMT
> -----Original Message-----
> From: Lukasz Lenart 
> Sent: Friday, May 23, 2014 7:38
> 
> 2014-05-23 10:28 GMT+02:00 Lukasz Lenart <lukaszlenart@apache.org>:
> > 2014-05-23 10:19 GMT+02:00 Christoph Nenning 
> <Christoph.Nenning@lex-com.net>:
> >> what about these ?
> >>
> >> - javax.*
> >
> > +1
<snip/>
> Too broad... maybe add white-listening but how to discover 
> user's classes ?
> 

Third config param ActionPackageTLDAllow. I am terrible at names and this may be
a rabbit hole but I think it is a good hole to explore.

ActionPackageTLDAllow=-1 //disable
ActionPackageTLDAllow=0 //allows any package bad value to use
ActionPackageTLDAllow=2 //default shipping with struts
ActionPackageTLDAllow=5 

If actions are in us.pdinc.customer.com.foo.actions.*
And it is set to 2, then us.pdinc.* would be allowed or if set to 5 then
us.pdinc.customer.com.foo.* would be allowed.

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message