> Pretty much, yes. There's no real trouble with allowing .action > invocations as before, but if it's possible to get them to go away it > would be nice.
I find having the actions available directly with the .action notation very handy for developing/debugging. I am hoping you mean "possible to avoid them if you want". It sounds to me like you want to force users to not use the .action notation, when it can definetely be useful. Anders Hovmöller [EMAIL PROTECTED] http://boxed.killingar.net ----- Original Message ----- From: "Rickard Öberg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 02, 2003 20:00 Subject: Re: [OS-webwork] Action invocation Chris Nokleberg wrote: > I don't understand why URLs need to have ".action" OR ".jsp". In my > mind, direct requests to resources is okay for static files, but all > action-related requests should flow through the action mappings. The point is to try and avoid .action URL's for mentioned reasons. Since we can filter calls to .jsp it's certainly doable. > *If* actions are always tied to a path (or paths), *and* there is a > filter controller, then: > > a) Your URLs can be anything you want. > b) You can use the same JSP as the view for multiple actions. Pretty much, yes. There's no real trouble with allowing .action invocations as before, but if it's possible to get them to go away it would be nice. > I think in the latest design there is a View factory chain which > produces a View class, just like for actions. A ".jsp" view should > result in a JSP View class, which will just forward the request to a JSP > page via a RequestDispatcher. I don't see any point in having a JSP View class as opposed to a generic "include a servlet" View class. > In servlet 2.3 (and by default in 2.4), a > forward this way will *not* go through the filter chain again. This > de-facto prevents against public requests to your jsp view pages--they > can only be run by the controller. But the security problem is not with pages really, but with actions. If the request is stopped at the View stage it's already too late: you may have executed code that the user was not allowed to execute. /Rickard -- Rickard Öberg [EMAIL PROTECTED] Senselogic Got blog? I do. http://dreambean.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
