struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "mahendran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4214) Rename of struts token attribute name
Date Tue, 01 Oct 2013 11:51:24 GMT

    [ https://issues.apache.org/jira/browse/WW-4214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782845#comment-13782845
] 

mahendran commented on WW-4214:
-------------------------------

There are possibilities using the struts.token at javascript to make http get requests from
the loaded page in the browser.
while preparing query string for HTTP get requests we need to append the struts,token values.

Hence we would require a configurable struts.token attribute name. 

> Rename of struts token attribute name
> -------------------------------------
>
>                 Key: WW-4214
>                 URL: https://issues.apache.org/jira/browse/WW-4214
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Other
>    Affects Versions: 2.3.15.1, 2.3.15.2
>            Reporter: mahendran
>            Priority: Critical
>              Labels: struts.token, token
>             Fix For: 2.3.17
>
>
> we are using struts 2.0.5, and migrating to 2.3.15.1 to get the security patches.
> During that time we noticed, the default token attribute name is changed from 'struts.token'
to 'token'. Also this information is not published in change logs.
> This change impacts the application uses the custom token interceptor, where application
get the token value from request using request.getParameter("struts.token");
> I request to provide a constant value to keep the default token name to maintain struts.xml
file.
> This provides the generic approach to define the token attribute name during the implementation
level.
> otherwise this is painful to change the token name at each jsp pages.
> currently we are using <s:token/> the generated token name is struts.token
> The same code generates the token name as 'token' in struts 2.3.15.1
> there are two options left to us.
> 1. change the <s:token/> to <s:token name="struts.token"/>
> 2. keep the old version of token.class in 2.3.15.1
> The better approach is 
> create a constant to maintain the token name at struts.xml.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message