[
https://issues.apache.org/struts/browse/WW-3228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy Chapman updated WW-3228:
-----------------------------
Assignee: Andy Chapman
> behaves as if default namespace contains all actions
> ----------------------------------------------------
>
> Key: WW-3228
> URL: https://issues.apache.org/struts/browse/WW-3228
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions
> Affects Versions: 2.1.6
> Environment: Vista
> Tomcat 5.5
> Java 1.5.0_08
> Reporter: Andy Chapman
> Assignee: Andy Chapman
> Priority: Minor
>
> struts.xml as follows:
> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts
> Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd";>
> <struts>
> <package name="default" extends="struts-default" namespace="">
> <action name="dummy">
> <result>/WEB-INF/jsp/dummy.jsp</result>
> </action>
> </package>
> <package name="wibble" extends="struts-default" namespace="/specific">
> <action name="bar">
> <results>/WEB-INF/jsp/specific.jsp</result>
> </action>
> </package>
> </struts>
> Browsing results:
> http://mydomain/specific/bar.action gives specific.jsp
> http://mydomain/randomcombinationofletters/bar.action it also gives
> specific.jsp
> I could understand this happening if there was a bar action in the default
> namespace but when there isn't it seems wrong. It causes problems when
> security is set up by namespaces as someone can just craft a namespace to
> avoid the security rules.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
