2015-09-02 9:55 GMT+02:00 Greg Huber <gregh3...@gmail.com>: > Probably a good idea to be strict, but I have lots of methods, only use > DMI, so it may get to be a very long element. > > Maybe I could prefix all my required methods with something, ie with > allowedPublish() allowedPublishNow() etc > > and use : > > <allowed-methods>regex:allowed(([A-Z]?)([a-z]+)?)</allowed-methods> > > > I previously added a salt interceptor and went through changing all > sensitive post methods to be one of the below, > > <interceptor-ref name="ActionSaltInterceptor"> > <param name="excludeMethods">*</param> > <param name="includeMethods">save,delete,publish*,expire</param> > </interceptor-ref> > > but on general methods there are many, and could be alot or work going > through and updating all the screens etc. (no chaining actions) > > public void refresh() {..} > public String query() {..} > public String cancel() {..} > public String cancelClosed() {..} > public String cancelCurrent() {..} > public String cancelOpen() {..} > public String cancelOpenAuction() {..}
I have added <global-allowed-methods/> which can be defined per <package/> and with regex support it shouldn't be so hard IMO. Also with regex support you can define very wide regex to match most of the methods. Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org