> -----Original Message----- > From: Lukasz Lenart > Sent: Friday, May 23, 2014 7:38 > > 2014-05-23 10:28 GMT+02:00 Lukasz Lenart <lukaszlen...@apache.org>: > > 2014-05-23 10:19 GMT+02:00 Christoph Nenning > <christoph.nenn...@lex-com.net>: > >> what about these ? > >> > >> - javax.* > > > > +1 <snip/> > Too broad... maybe add white-listening but how to discover > user's classes ? >
Third config param ActionPackageTLDAllow. I am terrible at names and this may be a rabbit hole but I think it is a good hole to explore. ActionPackageTLDAllow=-1 //disable ActionPackageTLDAllow=0 //allows any package bad value to use ActionPackageTLDAllow=2 //default shipping with struts ActionPackageTLDAllow=5 If actions are in us.pdinc.customer.com.foo.actions.* And it is set to 2, then us.pdinc.* would be allowed or if set to 5 then us.pdinc.customer.com.foo.* would be allowed. -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
