Am 05.10.2015 um 16:43 schrieb Volker Krebs: > Am 03.10.2015 um 09:35 schrieb Lukasz Lenart: >> Hi, >> >> I have updated docs about the latest SMI addition: >> >> https://cwiki.apache.org/confluence/display/WW/Security#Security-StrictMethodInvocation >> https://cwiki.apache.org/confluence/display/WW/Action+Configuration#ActionConfiguration-DynamicMethodInvocation >> >> wdyt? > > > Looks good. > I was able to run our application. Just had to white list some methods > with the allowed-methods tag. >
One thing, when using extends the allowed-methods won't be merged. Only the ones from action definition are used. E.g.: <package name="my-default" extends="struts-default"> <global-allowed-methods>m1,m2</global-allowed-methods> </package> <package name="my-app1" namespace="/app1" extends="my-default"> <action name="a1"> ... <allowed-methods>m3,m4</allowed-methods> </action> </package> /app1/a1!m3.action is working. /app1/a1!m1.action is *not* working. I think it is ok, but should be clarified in the docs. regards Volker --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org