May be we can add explicit url to action mapping instead of relying on using the success view. For e.g, something like:
<url path="/admin/deleteUser.jsp"> <action-ref name="admin.deleteUser"/> </url> Or that can be implemented as part of a servlet filter configuration. Regards, Low --- Rickard_Öberg <[EMAIL PROTECTED]> wrote: > Chris Miller wrote: > > Remind me again why .action causes problems with declaritive security? > > Surely the real problem is that Webwork currently doesn't care if an > > arbitrary path is specified in the URL. ie: > > http://www.me.com/abc123/admin/deleteUser.action is treated the same as > > http://www.me.com/admin/deleteUser.action - which makes it very messy to > > nail down in web.xml. > > That *is* the problem. And itt's not messy; it's impossible! No matter > how you construct your web.xml I can circumvent it by doing an arbitrary > path like so: > http://www.me.com/jkldsdfglkjglkdhgdklhg/asdasdasd/deleteUser.action > > If .action invocations are not allowed then it's possible to use > declarative security. Plus if execution of actions is only possible if a > URL has been previously associated with it during form creation, then > it's even safer. > > /Rickard > > -- > Rickard Öberg > [EMAIL PROTECTED] > Senselogic > > Got blog? I do. http://dreambean.com > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Opensymphony-webwork mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
