subject:"Re\: Strict Method Invocation"

Re: Strict Method Invocation

2015-10-06 Thread Volker Krebs

Am 05.10.2015 um 16:43 schrieb Volker Krebs:
> Am 03.10.2015 um 09:35 schrieb Lukasz Lenart:
>> Hi,
>>
>> I have updated docs about the latest SMI addition:
>>
>> https://cwiki.apache.org/confluence/display/WW/Security#Security-StrictMethodInvocation
>> https://cwiki.apache.org/confluence/display/WW/Action+Configuration#ActionConfiguration-DynamicMethodInvocation
>>
>> wdyt?
>
>
> Looks good.
> I was able to run our application. Just had to white list some methods
> with the allowed-methods tag.
>

One thing,
when using extends the allowed-methods won't be merged.
Only the ones from action definition are used.

E.g.:

   m1,m2



   
 ...
 m3,m4
   


/app1/a1!m3.action is working.
/app1/a1!m1.action is *not* working.

I think it is ok, but should be clarified in the docs.

regards
Volker
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Strict Method Invocation

2015-10-06 Thread Lukasz Lenart

2015-10-06 11:46 GMT+02:00 Volker Krebs :
> One thing,
> when using extends the allowed-methods won't be merged.
> Only the ones from action definition are used.
>
> E.g.:
> 
>m1,m2
> 
>
> 
>
>  ...
>  m3,m4
>
> 
>
> /app1/a1!m3.action is working.
> /app1/a1!m1.action is *not* working.
>
> I think it is ok, but should be clarified in the docs.

It's a bug, thanks for bringing this up! Resolved :)


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Strict Method Invocation

2015-10-05 Thread Volker Krebs

Am 03.10.2015 um 09:35 schrieb Lukasz Lenart:
> Hi,
>
> I have updated docs about the latest SMI addition:
>
> https://cwiki.apache.org/confluence/display/WW/Security#Security-StrictMethodInvocation
> https://cwiki.apache.org/confluence/display/WW/Action+Configuration#ActionConfiguration-DynamicMethodInvocation
>
> wdyt?


Looks good.
I was able to run our application. Just had to white list some methods 
with the allowed-methods tag.

Nice
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

RE: Strict Method Invocation

2015-10-03 Thread Martin Gainty





> From: lukaszlen...@apache.org
> Date: Sat, 3 Oct 2015 09:35:04 +0200
> Subject: Strict Method Invocation
> To: user@struts.apache.org
> 
> Hi,
> 
> I have updated docs about the latest SMI addition:
> 
> https://cwiki.apache.org/confluence/display/WW/Security#Security-StrictMethodInvocation
> https://cwiki.apache.org/confluence/display/WW/Action+Configuration#ActionConfiguration-DynamicMethodInvocation
> 
> wdyt?
> 
> 
> Regards
> -- 
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/

MG>Dzięki Lukasz
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>

Re: Strict Method Invocation

Re: Strict Method Invocation

Re: Strict Method Invocation

RE: Strict Method Invocation

4 matches

Site Navigation

Mail list logo

Footer information