struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <>
Subject SMI on steroids
Date Fri, 05 Feb 2016 09:04:48 GMT

There is a huge discussion about how SMI should work in case of using
wildcard mapping [1]. Basically when action is defined as follow:

<action name="person*" class="com.demo.PersonAction" method="{1}">
    <result name="success">view.jsp</result>
    <result name="input">input.jsp</result>

SMI will allow access any method in PersonAction class because {1} is
translated into RegEx (.*) - as you can see SMI simply won't work

Greg propose to drop the translation ({1} -> (.*)) and only base on
what was defined in <global-allowed-methods/> or <allowed-method/> in
that case, thus will truly limit access to methods.



+ 48 606 323 122

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message