Github user yasserzamani commented on the issue:
https://github.com/apache/struts/pull/133
@aleksandr-m , thank you for your reply.
> I'm still against adding bean attribute to action configuration. It is
not intuitive.
But I think using attribute `class` for both class name and bean name is
not intuitive too.
> Chain configuration options belong to chain interceptor, json to json
result, etc. In fact json result already allows to control what is serialized.
But by continuing includes/excludes approach, user has to manually concern
about run time of the action. I've done #118 before. It does not have fewer
changes that adding `bean` attribute.
> About security, I think we can and should do something better than that.
I.e. automatically detect proxied class and disallow to change it internals
Yes, but so we will have to add dependency of any possible java proxy
creators like Spring, cglib or etc to S2 core.
Additionally this PR has enhanced some things automatically for example
ServletUrlRenderer.java#178:
```
try {
Class clazz =
formComponent.objectFactory.getClassInstance(actionConfig.getClassName());
formComponent.addParameter("actionClass", clazz);
} catch (ClassNotFoundException e) {
// this is OK, we'll just move on
}
```
Here, this PR decreases search space for validation tags by excluding proxy
class when user has:
`<s:form validate=true ...
`
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
