Then whitelist/blacklist.
Or don't expose sensitive data directly to the user.
Dave
(pardon brevity, typos, and top-quoting; on cell)
On Jul 4, 2012 8:49 AM, "J. Garcia" <jogaco...@gmail.com> wrote:
> My action would have:
>
> public void setMyBean( MyBean myBean) {...}
>
> and I would like to avoid an injection on myBean.field3. This field could
> be the owner id for instance!
>
> On Wed, Jul 4, 2012 at 3:34 PM, Łukasz Lenart
> <lukasz.len...@googlemail.com>wrote:
>
> > Another way is to use AnnotationParameterFilterIntereptor (name
> > contains typo) and @Allowed and @Blocked annotations
> >
> >
> > Regards
> > --
> > Łukasz
> > mobile +48 606 323 122 http://www.lenart.org.pl/
> > Warszawa JUG conference - Confitura http://confitura.pl/
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> > For additional commands, e-mail: user-h...@struts.apache.org
> >
> >
>
