As for now I will rollback my changes regarding this, maybe I will come back to the idea in 2.3.17
Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ 2013/10/18 Lukasz Lenart <lukaszlen...@apache.org>: > 2013/10/17 Paul Benedict <pbened...@apache.org>: >> Throw an exception instead. If Struts has a default exception handler, >> translate the exception into a 403; but the goal is to give the user a >> chance to customize the response. > > That's the problem .... exceptions handling is provided by an > interceptor, deep in execution chain and checking security at that > level can be too late :\ > > Right now I have added SecurityGate directly into Dispatcher and it > will block the whole request if something suspicious will be > discovered - and added two SecurityGuards, but they don't perform the > real check now. They're there just to show the idea. Please review if > it makes sense. > > https://issues.apache.org/jira/browse/WW-4227 > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
