How about using LookupDispatch Action in struts 1.1 ?
-Original Message-
From: Robert S. Sfeir [mailto:[EMAIL PROTECTED]
Sent: Friday, November 14, 2003 7:45 PM
To: Struts Users Mailing List
Subject: DispatchAction and Security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Been
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How is that any different? LookupDispatchAction, if I understand it
correctly, allows you to dynamically specify the method name, instead of
adding a parameter in specifying your action info in struts-config.xml.
~ You can still pass that information
One of the joys of using Struts is that you have access to all the source
code so you can answer these questions yourself.
I had a quick look at the source - only public methods with the same
signature as execute() will be called. So getServlet() cannot be called as
it has the 'wrong' signature.
So, only methods which you delibaratly implement
with the approrpriate sifgnature can be executed
via a dispatch action - you shouldn't be
concerned.
You also have to specify the allowed methods and
their lookup key in the key method map; see
getKeyMethodMap().
The key method map relates to LookupDispatchAction, the original question
was about DispatchAction.
Paul
-Original Message-
From: Paananen, Tero [mailto:[EMAIL PROTECTED]
Sent: 14 November 2003 14:52
To: 'Struts Users Mailing List'
Subject: RE: DispatchAction and Security
So, only
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Not using LookupDispatchAction, but now that you explain it that way I
can see how LookupDispatchAction can help me lock things down even more.
~ I hadn't realized that and misunderstood the API docs.
I think I'll give this a try.
R
Paananen, Tero
to LookupDispatchAction, the original question
| was about DispatchAction.
|
| Paul
|
| -Original Message-
| From: Paananen, Tero [mailto:[EMAIL PROTECTED]
| Sent: 14 November 2003 14:52
| To: 'Struts Users Mailing List'
| Subject: RE: DispatchAction and Security
|
|
|
|So, only methods which you
user will
always
| be able to make an 'illegal' request to your application.
|
| Paul
|
| -Original Message-
| From: Robert S. Sfeir [mailto:[EMAIL PROTECTED]
| Sent: 14 November 2003 15:17
| To: Struts Users Mailing List
| Subject: Re: DispatchAction and Security
I think lookupdispatch is definetly better than dispatch.
-Original Message-
From: Robert S. Sfeir [mailto:[EMAIL PROTECTED]
Sent: Friday, November 14, 2003 9:25 PM
To: Struts Users Mailing List
Subject: Re: DispatchAction and Security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
True
9 matches
Mail list logo