> Following up to myself: I want to also make it > clear > > that I'm not opposed to changing my way of doing > > things, but so far I haven't seen anything that > seems > > any better than what I'm doing now. I'm happy to > > explain more about how the ! syntax is used with > all > > my forms, so that alternative approaches can be > > proposed to me. > > Well, how about a proposal for something that does > what you want but meets people's security concerns?
Christ - I have proposed things, many times. Why are the words "annotations" and "convention" being ignored by everyone. Let's try one more time. 1) Convention-based protection: only allow methods of the form "String doXxx()" to be called via the request. 2) Annotation-based protection: only allow methods that are annotated with @Public to be called via the request. I'm implementing #2 right now. > > > > However, the introduction of doInput() in > > ActionSupport, the fact that the > > DefaultWorkflowInterceptor and > ValidationInterceptors > > are configured to ingore the "input" method in > > webwork-default.xml, and the pattern being used > all > > over the place in the Showcase should be enough > > evidence that this pattern has been one that has > been > > quietly pushed forward for a long time to WebWork > > users. So it's not just that I personally use this > > style - the framework itself has been designed to > > accommodate this style. If we're going to remove > !, > > we need to be ready to also change other parts of > the > > framework to recommend the new approach. > > Umm... but didn't you add a lot of that? And the > Showcase just copied what it found already. That's > not proving it's a good way of doing things. There > are lots of places in the code where changes have > been made to accomodate the "!" notation, usually to > the detriment of the codebase and leading to > unexpected bugs later. While I added much of it, parts were added by others. For example, the support for <ww:submit method="cancel"/> was added by Bob Lee. This is a great way to allow for cancel buttons without having to use javascript to change the form target. This would be impossible to do if multiple entry points per action were turned off. --------------------------------------------------------------------- Posted via Jive Forums http://forums.opensymphony.com/thread.jspa?threadID=40932&messageID=82479#82479 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
