Could you post somewhere (GitHub) the whole code base ?
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts
Dear all,
I have got a performance issue on a nested iterator, running Struts
2.3.1.1.
Consider the code below, (the example is a Book with chapters and
subchapters and we're displaying the book index - bookIndex is a
Map>.
This takes several seconds to load (map has size 10, each list is no
mo
Spring security allows to protect method calls via annotacions like
@Secured, @PreAuthorize, @PostFilter, but I was interested in something
lighter.
On Wed, Jul 4, 2012 at 4:29 PM, Marcus Bond wrote:
> You could implement a class that delegates to your bean but only exposes
> setters and getters
You could implement a class that delegates to your bean but only exposes
setters and getters that are appropriate, so in the case of the id then you
could let the user view it (getter) but not allow the setter.
A perhaps even better approach would be to devise a proxying mechanism (perhaps
conf
Implementing the ParameterNameAware interface with white/black list seems
the best solution.
Thanks,
J.
On Wed, Jul 4, 2012 at 3:51 PM, Dave Newton wrote:
> Then whitelist/blacklist.
>
> Or don't expose sensitive data directly to the user.
>
> Dave
>
> (pardon brevity, typos, and top-quoting; on
Hi,
Can we define @TypeConversion annotation of the nested property at the parent
level.
For Example I have a bean
public class Bike {
private Name name;
public Name getName() {
return this.name;
}
public void setName(Name name) {
this.name = name;
}
Then whitelist/blacklist.
Or don't expose sensitive data directly to the user.
Dave
(pardon brevity, typos, and top-quoting; on cell)
On Jul 4, 2012 8:49 AM, "J. Garcia" wrote:
> My action would have:
>
> public void setMyBean( MyBean myBean) {...}
>
> and I would like to avoid an injection on
My action would have:
public void setMyBean( MyBean myBean) {...}
and I would like to avoid an injection on myBean.field3. This field could
be the owner id for instance!
On Wed, Jul 4, 2012 at 3:34 PM, Łukasz Lenart
wrote:
> Another way is to use AnnotationParameterFilterIntereptor (name
> cont
Another way is to use AnnotationParameterFilterIntereptor (name
contains typo) and @Allowed and @Blocked annotations
Regards
--
Łukasz
mobile +48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/
--
You can always implement ParameterNameAware interface and boolean
acceptableParameterName(String parameterName);
Regards
--
Łukasz
mobile +48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/
--
Lukas: that's not always viable though. You might need a setter for your
model object elsewhere, but don't want that action to set that property.
On Wed, 2012-07-04 at 14:57 +0200, Lukasz Lenart wrote:
> By removing setter for it ?
>
>
> Regards
>
By removing setter for it ?
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
2012/7/4 J. Garcia :
> An interesting article that I found:
>
> http://websec.wordpress.com/2012/01/04/multiple-vulnerabilities-in-apache-struts2-and-property-oriented-programming-with-java/
>
> In struts
An interesting article that I found:
http://websec.wordpress.com/2012/01/04/multiple-vulnerabilities-in-apache-struts2-and-property-oriented-programming-with-java/
In struts2 it is pretty easy to set attribute values of any bean field when
a form is posted, even if the field is not in the form.
F
Hi,
you have no result named "success" for your "user" action defined in
struts.xml, but you return "success" in your execute method.
also check the case sensitivity of "login.jsp" and "Login.jsp" defined
as result.
Markus
Markus
Am 03.07.2012 20:31, schrieb Avinash:
login.jsp
<%@
14 matches
Mail list logo
