[
https://issues.apache.org/jira/browse/WW-4963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16620228#comment-16620228
]
ASF GitHub Bot commented on WW-4963:
------------------------------------
lukaszlenart opened a new pull request #252: WW-4963 Implement new Aware
interfaces
URL: https://github.com/apache/struts/pull/252
TBD
Implements [WW-4963](https://issues.apache.org/jira/browse/WW-4963)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Implement new Aware interfaces that are using withXxxx pattern instead of
> setters
> ---------------------------------------------------------------------------------
>
> Key: WW-4963
> URL: https://issues.apache.org/jira/browse/WW-4963
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Actions
> Reporter: Lukasz Lenart
> Assignee: Lukasz Lenart
> Priority: Major
> Fix For: 2.6
>
>
> In matter of security I wonder if we should stop using setters in internal
> API. Like in {{SessionAware}} interface we use {{setSession()}} and each
> actions must implement this method. Then we have a logic to avoid mapping
> incoming values to {{setSession()}} to permit injecting values into Session.
> Instead of {{setSession()}} we can use {{withSession()}} or
> {{applySession()}} - the same can be applied to any *Aware interface.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
