I believe Rickard has made it clear both will be available. ----- Original Message ----- From: "boxed" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 02, 2003 11:15 AM Subject: Re: [OS-webwork] Action invocation
> > Pretty much, yes. There's no real trouble with allowing .action > > invocations as before, but if it's possible to get them to go away it > > would be nice. > > I find having the actions available directly with the .action notation very > handy for developing/debugging. I am hoping you mean "possible to avoid them > if you want". It sounds to me like you want to force users to not use the > .action notation, when it can definetely be useful. > > Anders Hovmöller > [EMAIL PROTECTED] http://boxed.killingar.net > > > > > ----- Original Message ----- > From: "Rickard Öberg" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, January 02, 2003 20:00 > Subject: Re: [OS-webwork] Action invocation > > > Chris Nokleberg wrote: > > I don't understand why URLs need to have ".action" OR ".jsp". In my > > mind, direct requests to resources is okay for static files, but all > > action-related requests should flow through the action mappings. > > The point is to try and avoid .action URL's for mentioned reasons. Since > we can filter calls to .jsp it's certainly doable. > > > *If* actions are always tied to a path (or paths), *and* there is a > > filter controller, then: > > > > a) Your URLs can be anything you want. > > b) You can use the same JSP as the view for multiple actions. > > Pretty much, yes. There's no real trouble with allowing .action > invocations as before, but if it's possible to get them to go away it > would be nice. > > > I think in the latest design there is a View factory chain which > > produces a View class, just like for actions. A ".jsp" view should > > result in a JSP View class, which will just forward the request to a JSP > > page via a RequestDispatcher. > > I don't see any point in having a JSP View class as opposed to a generic > "include a servlet" View class. > > > In servlet 2.3 (and by default in 2.4), a > > forward this way will *not* go through the filter chain again. This > > de-facto prevents against public requests to your jsp view pages--they > > can only be run by the controller. > > But the security problem is not with pages really, but with actions. If > the request is stopped at the View stage it's already too late: you may > have executed code that the user was not allowed to execute. > > /Rickard > > -- > Rickard Öberg > [EMAIL PROTECTED] > Senselogic > > Got blog? I do. http://dreambean.com > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Opensymphony-webwork mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Opensymphony-webwork mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
