[
https://issues.apache.org/jira/browse/WW-4540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14954128#comment-14954128
]
zhouyanming commented on WW-4540:
---------------------------------
It works with actionConfig.addAllowedMethod(ActionConfig.REGEX_WILDCARD) and
strict DMI needn't be false.
I doubt this is useful, normally we have many methods in action to be invoked,
methods shouldn't be invoked can marked as protected or private, what's the
value of strict DMI?
It will bring two problem:
* It breaked compatibility, application with old version cannot upgrade
smoothly, I wish one constant in struts.xml can disable strict DMI globally not
per package.
* It will bring a little overhead for checking strict DMI.
> Enable Strict DMI by default
> ----------------------------
>
> Key: WW-4540
> URL: https://issues.apache.org/jira/browse/WW-4540
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Actions
> Reporter: Lukasz Lenart
> Assignee: Lukasz Lenart
> Fix For: 2.5
>
>
> Struts 2 already supports {{Strict DMI}} but it's disabled by default.
> {{Strict DMI}} should be always enable to allow access only specific methods.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
