struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <>
Subject [jira] [Commented] (WW-4540) Enable Strict DMI by default
Date Tue, 13 Oct 2015 04:24:05 GMT


Lukasz Lenart commented on WW-4540:

First you can have public setters/getters which can be invoked, next most of the applications
that use standard configuration won't break - if method was configured to be an action via
{{@Action}} annotation or {{method}} attribute in struts.xml it will automatically be added
as an allowed method. Few people already tested large applications and didn't notice any problems.
And there is no overhead at all.

> Enable Strict DMI by default
> ----------------------------
>                 Key: WW-4540
>                 URL:
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Actions
>            Reporter: Lukasz Lenart
>            Assignee: Lukasz Lenart
>             Fix For: 2.5
> Struts 2 already supports {{Strict DMI}} but it's disabled by default. {{Strict DMI}}
should be always enable to allow access only specific methods.

This message was sent by Atlassian JIRA

View raw message