struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: [GitHub] struts pull request: WW-4540: Strict DMI
Date Wed, 02 Sep 2015 09:52:12 GMT
2015-09-02 9:55 GMT+02:00 Greg Huber <gregh3269@gmail.com>:
> Probably a good idea to be strict, but I have lots of methods, only use
> DMI, so it may get to be a very long element.
>
> Maybe I could prefix all my required methods with something, ie with
> allowedPublish() allowedPublishNow() etc
>
> and use :
>
> <allowed-methods>regex:allowed(([A-Z]?)([a-z]+)?)</allowed-methods>
>
>
> I previously added a salt interceptor and went through changing all
> sensitive post methods to be one of the below,
>
> <interceptor-ref name="ActionSaltInterceptor">
>   <param name="excludeMethods">*</param>
>   <param name="includeMethods">save,delete,publish*,expire</param>
> </interceptor-ref>
>
> but on general methods there are many, and could be alot or work going
> through and updating all the screens etc. (no chaining actions)
>
> public void refresh() {..}
> public String query() {..}
> public String cancel() {..}
> public String cancelClosed() {..}
> public String cancelCurrent() {..}
> public String cancelOpen() {..}
> public String cancelOpenAuction() {..}

I have added <global-allowed-methods/> which can be defined per
<package/> and with regex support it shouldn't be so hard IMO. Also
with regex support you can define very wide regex to match most of the
methods.


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message