On Sun, Jun 28, 2009 at 11:51:59AM -0400, Dave Newton wrote:
> Jan T. Kim wrote:
> >>>(2) Isn't encoding methods in action name suffixes like this a potential
> >>>security issue?
> >
> >So, are wildcards useful for development but have to be expanded before
> >putting a system to production use?
Mailing List
Sent: Sun, Jun 28, 2009 10:55 am
Subject: Re: Action mapping documentation (and a security question)
On Sun, Jun 28, 2009 at 08:15:43AM -0400, Dave Newton wrote:
> Jan T. Kim wrote:
> >(1) Where is the documentation of this wildcard syntax?
>
> http://struts
Jan T. Kim wrote:
(2) Isn't encoding methods in action name suffixes like this a potential
security issue?
So, are wildcards useful for development but have to be expanded before
putting a system to production use?
The only security issue I'm aware of is if the developer exposes
unwanted be
On Sun, Jun 28, 2009 at 08:15:43AM -0400, Dave Newton wrote:
> Jan T. Kim wrote:
> >(1) Where is the documentation of this wildcard syntax?
>
> http://struts.apache.org/2.x/docs/wildcard-mappings.html
> http://struts.apache.org/2.x/docs/action-configuration.html#ActionConfiguration-WildcardMethod
Jan T. Kim wrote:
(1) Where is the documentation of this wildcard syntax?
http://struts.apache.org/2.x/docs/wildcard-mappings.html
http://struts.apache.org/2.x/docs/action-configuration.html#ActionConfiguration-WildcardMethod
Although the underscore thing is mentioned I don't think it's explic
Hi All,
In the "Validating Input" section of the "Bootstrap" tutorial, I've
noticed the action mapping syntax
...
which the tutorial suggests as a shorthand for configuring
...
...
I have two questions about this:
(1) Where is the documentation
with that. Thank you.
-Original Message-
From: Chaikin, Yaakov Y. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 04, 2005 1:55 PM
To: 'Struts Users Mailing List'
Subject: RE: Security question
I don't know of any other way than to programmatically check user's role
insi
Hi,
You may find some information in
http://pow2acl.sourceforge.net/
Good Luck
Cliff
- Original Message -
From: "Barnett, Brian W." <[EMAIL PROTECTED]>
To: "'Struts Users Mailing List'"
Sent: Wednesday, January 05, 2005 4:50 AM
Subject: RE: Secu
Well, I guess I'll proceed with that. Thank you.
-Original Message-
From: Chaikin, Yaakov Y. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 04, 2005 1:55 PM
To: 'Struts Users Mailing List'
Subject: RE: Security question
I don't know of any other way than to pr
ECTED]
Sent: Tuesday, January 04, 2005 1:30 PM
To: Struts Users Mailing List
Subject: RE: Security question
> -Original Message-
> From: Barnett, Brian W. [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 04, 2005 11:04 AM
> To: 'Struts Users Mailing List'
&g
> -Original Message-
> From: Barnett, Brian W. [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 04, 2005 11:04 AM
> To: 'Struts Users Mailing List'
> Subject: Security question
>
>
> I'm using LookupDispatchAction and role-based security. I
&g
I'm using LookupDispatchAction and role-based security. I want to allow
certain roles to access certain dispatches of an action. I'm not sure what
the best way to handle this is.
Should I create separate Action classes? Is there a slick way to specify
"dispatch level" security in web.xml?
Can som
12 matches
Mail list logo
