[PR] WW-5408 add option to not fallback to empty namespace when unresolved [struts]

via GitHub Mon, 08 Apr 2024 22:34:28 -0700


jefferyxhy opened a new pull request, #912:
URL: https://github.com/apache/struts/pull/912


   WW-5408
   
   **Reason**
   There is a case we want to enhance to improve security for struts url 
mapping: Be able to prevent arbitrary namespace fallback to empty (root) 
namespace when not match
   
   &nbsp;
    
   **Changes/ Solution**
   *  introduce new Struts constant ` STRUTS_DISABLE_EMPTY_NAMESPACE_FALLBACK 
[struts.disableActionConfigFallbackToEmptyNamespace]` to disable fallback to 
empty namespace when not match
   *  default as null which means does not disable (Need to manually set as 
true in confluence struts.xml)
   
    &nbsp;
    
   **Result & Impact**
   * By default `struts.disableActionConfigFallbackToEmptyNamespace` is `null`, 
no difference.
   * Set `struts.disableActionConfigFallbackToEmptyNamespace`  as `true`, not 
matched namepsace **WILL NOT** fallback to empty namespace anymore, and struts 
will threw `ConfigurationException`, it relies on the application to handle 
this exception.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[PR] WW-5408 add option to not fallback to empty namespace when unresolved [struts]

Reply via email to