Re: Strict Method Invocation
Am 05.10.2015 um 16:43 schrieb Volker Krebs: > Am 03.10.2015 um 09:35 schrieb Lukasz Lenart: >> Hi, >> >> I have updated docs about the latest SMI addition: >> >> https://cwiki.apache.org/confluence/display/WW/Security#Security-StrictMethodInvocation >> https://cwiki.apache.org/confluence/display/WW/Action+Configuration#ActionConfiguration-DynamicMethodInvocation >> >> wdyt? > > > Looks good. > I was able to run our application. Just had to white list some methods > with the allowed-methods tag. > One thing, when using extends the allowed-methods won't be merged. Only the ones from action definition are used. E.g.: m1,m2 ... m3,m4 /app1/a1!m3.action is working. /app1/a1!m1.action is *not* working. I think it is ok, but should be clarified in the docs. regards Volker - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Strict Method Invocation
2015-10-06 11:46 GMT+02:00 Volker Krebs: > One thing, > when using extends the allowed-methods won't be merged. > Only the ones from action definition are used. > > E.g.: > >m1,m2 > > > > > ... > m3,m4 > > > > /app1/a1!m3.action is working. > /app1/a1!m1.action is *not* working. > > I think it is ok, but should be clarified in the docs. It's a bug, thanks for bringing this up! Resolved :) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Strict Method Invocation
Am 03.10.2015 um 09:35 schrieb Lukasz Lenart: > Hi, > > I have updated docs about the latest SMI addition: > > https://cwiki.apache.org/confluence/display/WW/Security#Security-StrictMethodInvocation > https://cwiki.apache.org/confluence/display/WW/Action+Configuration#ActionConfiguration-DynamicMethodInvocation > > wdyt? Looks good. I was able to run our application. Just had to white list some methods with the allowed-methods tag. Nice - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: Strict Method Invocation
> From: lukaszlen...@apache.org > Date: Sat, 3 Oct 2015 09:35:04 +0200 > Subject: Strict Method Invocation > To: user@struts.apache.org > > Hi, > > I have updated docs about the latest SMI addition: > > https://cwiki.apache.org/confluence/display/WW/Security#Security-StrictMethodInvocation > https://cwiki.apache.org/confluence/display/WW/Action+Configuration#ActionConfiguration-DynamicMethodInvocation > > wdyt? > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ MG>Dzięki Lukasz > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >