RE: DispatchAction and Security

2003-11-14 Thread Vara Prasad Reddy
How about using LookupDispatch Action in struts 1.1 ? -Original Message- From: Robert S. Sfeir [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 7:45 PM To: Struts Users Mailing List Subject: DispatchAction and Security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Been

Re: DispatchAction and Security

2003-11-14 Thread Robert S. Sfeir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 How is that any different? LookupDispatchAction, if I understand it correctly, allows you to dynamically specify the method name, instead of adding a parameter in specifying your action info in struts-config.xml. ~ You can still pass that information

RE: DispatchAction and Security

2003-11-14 Thread Paul McCulloch
One of the joys of using Struts is that you have access to all the source code so you can answer these questions yourself. I had a quick look at the source - only public methods with the same signature as execute() will be called. So getServlet() cannot be called as it has the 'wrong' signature.

RE: DispatchAction and Security

2003-11-14 Thread Paananen, Tero
So, only methods which you delibaratly implement with the approrpriate sifgnature can be executed via a dispatch action - you shouldn't be concerned. You also have to specify the allowed methods and their lookup key in the key method map; see getKeyMethodMap().

RE: DispatchAction and Security

2003-11-14 Thread Paul McCulloch
The key method map relates to LookupDispatchAction, the original question was about DispatchAction. Paul -Original Message- From: Paananen, Tero [mailto:[EMAIL PROTECTED] Sent: 14 November 2003 14:52 To: 'Struts Users Mailing List' Subject: RE: DispatchAction and Security So, only

Re: DispatchAction and Security

2003-11-14 Thread Robert S. Sfeir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Not using LookupDispatchAction, but now that you explain it that way I can see how LookupDispatchAction can help me lock things down even more. ~ I hadn't realized that and misunderstood the API docs. I think I'll give this a try. R Paananen, Tero

Re: DispatchAction and Security

2003-11-14 Thread Robert S. Sfeir
to LookupDispatchAction, the original question | was about DispatchAction. | | Paul | | -Original Message- | From: Paananen, Tero [mailto:[EMAIL PROTECTED] | Sent: 14 November 2003 14:52 | To: 'Struts Users Mailing List' | Subject: RE: DispatchAction and Security | | | |So, only methods which you

Re: DispatchAction and Security

2003-11-14 Thread Robert S. Sfeir
user will always | be able to make an 'illegal' request to your application. | | Paul | | -Original Message- | From: Robert S. Sfeir [mailto:[EMAIL PROTECTED] | Sent: 14 November 2003 15:17 | To: Struts Users Mailing List | Subject: Re: DispatchAction and Security

RE: DispatchAction and Security

2003-11-14 Thread Vara Prasad Reddy
I think lookupdispatch is definetly better than dispatch. -Original Message- From: Robert S. Sfeir [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 9:25 PM To: Struts Users Mailing List Subject: Re: DispatchAction and Security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 True