struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4596) Strict DMI causes This method: for action is not allowed!
Date Thu, 04 Feb 2016 09:21:39 GMT

    [ https://issues.apache.org/jira/browse/WW-4596?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15132010#comment-15132010
] 

Lukasz Lenart commented on WW-4596:
-----------------------------------

That's the correct behaviour, basically {{<global-allowed-methods>}} should define the
smallest subset of allowed methods (or even it should be empty - but there are some common
used methods just to keep user's life easier). Now each action can define their own set of
allowed actions that can be unique per action and can be different than {{<global-allowed-methods>}}.

Now, wildcard mapping allows to simplify configuration by using one action config to cover
many possible methods. That's why \{0\} is converted into {{(.*)}} as basically it means the
same. As you have noticed you can define {{method}} as {{method="somePrefix\{0\}WithSuffix"}}
which allow limit access to methods that match such pattern, ie. {{somePrefixCancelWithSuffix}},
{{somePrefixSubmitWithSuffix}}, {{somePrefixEditWithSuffix}}, etc. So it isn't possible to
drop \{0\} in {{buildAllowedMethods}} as proposed by you as this break other users' configurations.

> Strict DMI causes This method: for action is not allowed!  
> -----------------------------------------------------------
>
>                 Key: WW-4596
>                 URL: https://issues.apache.org/jira/browse/WW-4596
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core Actions
>    Affects Versions: 2.5
>            Reporter: Greg Huber
>             Fix For: 2.5
>
>
> I have tried adding
> {code:xml}
> <global-allowed-methods>execute,input,cancel</global-allowed-methods>
> {code}
> and get
> {noformat}
> This method: cancel for action eventAdd is not allowed! - [unknown location]
> {noformat}
> {code:xml}
> <action name="eventAdd!*" method="{1}"
>                 class="ui.struts2.editor.EventAdd">
>             <result name="input" type="tiles">.EventAdd</result>
>             <result name="success" type="chain">eventEdit</result>
>             <result name="cancel" type="redirectAction">
>                 <param name="actionName">memberEvents</param>
>                 <param name="pgn">${bean.pageNum}</param>
>                 <param name="suppressEmptyParameters">true</param>
>             </result>
>         </action>
> {code}
> checking ActionConfig:
> {code:java}
> public boolean isAllowedMethod(String method) {
>         return method.equals(methodName != null ? methodName : DEFAULT_METHOD) || allowedMethods.isAllowed(method);
>     }
> {code}
> Debugging  I get a calls to isAllowedMethod with :
> {noformat}
> 1 methodName = {1}​ and method = execute
> 2 methodName = execute and method = cancel
> {noformat}
> ​Only #1 has the required cancel
> #2 there is only a {{\[LiteralAllowedMethod\{allowedMethod='execute'\}\]}}
> On further investigation {{com.opensymphony.xwork2.config.implActionConfigMatcher}} seems
to create a new ActionConfig but then only uses the default allowed names:
> {code:java}
> return new ActionConfig.Builder(pkgName, orig.getName(), className)
>                 .methodName(methodName)
>                 .addParams(params)
>                 .addResultConfigs(results)
>                 .addInterceptors(orig.getInterceptors())
>                 .addExceptionMappings(exs)
>                 .location(orig.getLocation())
>                 .build();
> {code}
> Could use the original by appending .addAllowedMethod(orig.getAllowedMethods()), but
I guess it should come from the ActionConfig stored in the packageContext or wherever the
orig object gets its allowedMethods from.
> Cheers Greg



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message