struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4540) Enable Strict DMI by default
Date Tue, 13 Oct 2015 04:24:05 GMT

    [ https://issues.apache.org/jira/browse/WW-4540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14954354#comment-14954354
] 

Lukasz Lenart commented on WW-4540:
-----------------------------------

First you can have public setters/getters which can be invoked, next most of the applications
that use standard configuration won't break - if method was configured to be an action via
{{@Action}} annotation or {{method}} attribute in struts.xml it will automatically be added
as an allowed method. Few people already tested large applications and didn't notice any problems.
And there is no overhead at all.

> Enable Strict DMI by default
> ----------------------------
>
>                 Key: WW-4540
>                 URL: https://issues.apache.org/jira/browse/WW-4540
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Actions
>            Reporter: Lukasz Lenart
>            Assignee: Lukasz Lenart
>             Fix For: 2.5
>
>
> Struts 2 already supports {{Strict DMI}} but it's disabled by default. {{Strict DMI}}
should be always enable to allow access only specific methods.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message