On 4/30/2018 11:27 AM, Lukasz Lenart wrote:
> The problem is that we should support existing configurations (like
> automatically define allowed methods for those used in struts.xml).
Sorry, I didn't get again :( AFAIK defined actions with any defined
method in struts.xml are callable. However,
2018-04-29 11:24 GMT+02:00 Yasser Zamani :
> I couldn't understand what's the user expected behavior and what we
> should try to fix. Because of security, SMI is enabled by default and
> user has to annotate or define allowed methods. right? I think there are
> no other solution to keep both securi
Hi Yasser,
We already have a layer of security(a filter which runs first in our
web-app) which handles allowed url patterns. So in this we have to again add
code for allowed methods. So we are trying to get an option to disable it.
Thanks,
Deva.
--
Sent from: http://struts.1045723.n5.nabble.c
On 4/26/2018 4:03 PM, Lukasz Lenart wrote:
> Thinking on solution ... not so easy :(
I couldn't understand what's the user expected behavior and what we
should try to fix. Because of security, SMI is enabled by default and
user has to annotate or define allowed methods. right? I think there are
Thanks for the reply. We will use the existing (regex in
global-allowed-methods) solution till that.
--
Sent from: http://struts.1045723.n5.nabble.com/Struts-User-f3426046.html
-
To unsubscribe, e-mail: user-unsubscr...@struts.
Thinking on solution ... not so easy :(
2018-04-26 13:24 GMT+02:00 DevaGerald :
> Any update on this?
>
>
>
> --
> Sent from: http://struts.1045723.n5.nabble.com/Struts-User-f3426046.html
>
> -
> To unsubscribe, e-mail: user-unsub
Any update on this?
--
Sent from: http://struts.1045723.n5.nabble.com/Struts-User-f3426046.html
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
http://struts.apache.org/dtds/struts-2.5.dtd";>
regex:[a-zA-Z]*
--
Sent from: http://struts.1045723.n5.nabble.com/Struts-Us
2018-04-19 8:58 GMT+02:00 DevaGerald :
> Just a clarification. May be my point was misunderstood.
>
> Ex : /resource/resource_id/hello
> This will call the hello method of my controller.
> REST plugin directly maps to my custom method. In this case, it calls the
> hello method of my ResourceControl
Just a clarification. May be my point was misunderstood.
Ex : /resource/resource_id/hello
This will call the hello method of my controller.
REST plugin directly maps to my custom method. In this case, it calls the
hello method of my ResourceController.
What will be the best solution for this case
Here https://issues.apache.org/jira/projects/WW/issues
2018-04-18 15:04 GMT+02:00 DevaGerald :
> Sorry if I am so dumb. Where should i file the ticket?
>
>
>
> --
> Sent from: http://struts.1045723.n5.nabble.com/Struts-User-f3426046.html
>
>
Sorry if I am so dumb. Where should i file the ticket?
--
Sent from: http://struts.1045723.n5.nabble.com/Struts-User-f3426046.html
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: us
2018-04-18 9:15 GMT+02:00 DevaGerald :
> Yes i have configured rest plugin for that
Ach... so we must fix allowed-methods to include those REST methods,
could you fill a ticket?
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---
Yes i have configured rest plugin for that
--
Sent from: http://struts.1045723.n5.nabble.com/Struts-User-f3426046.html
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@stru
2018-04-14 11:58 GMT+02:00 DevaGerald :
> I don't use DMI. I have the following configured in struts.xml.
>
>
> So is there any other way for me to disable strict method invocation? I am
> just using struts 2 rest plugin.
Hm... so how do you call those custom methods? Did y
On 4/11/2018 11:11 AM, Lukasz Lenart wrote:
> 2018-04-09 16:59 GMT+02:00 DevaGerald :
>> Thanks a lot Lukasz.
>>
>> I have resolved it by adding
>> regex:[a-zA-Z]* in my
>> struts.xml
>>
>> Do I have any alternative for this?
>
> No but I didn't want to suggest this as this basically opens a
> p
I don't use DMI. I have the following configured in struts.xml.
So is there any other way for me to disable strict method invocation? I am
just using struts 2 rest plugin.
Thanks & Regards
Deva.
--
Sent from: http://struts.1045723.n5.nabble.com/Struts-User-f342
2018-04-09 16:59 GMT+02:00 DevaGerald :
> Thanks a lot Lukasz.
>
> I have resolved it by adding
> regex:[a-zA-Z]* in my
> struts.xml
>
> Do I have any alternative for this?
No but I didn't want to suggest this as this basically opens a
potential security hole in your app. In this case any public m
Thanks a lot Lukasz.
I have resolved it by adding
regex:[a-zA-Z]* in my
struts.xml
Do I have any alternative for this?
Thanks & Regards,
Deva Gerald.
--
Sent from: http://struts.1045723.n5.nabble.com/Struts-User-f3426046.html
--
he default CRUD
> operations. As the strict method invocation is enabled now by default, i
> cannot use those custom methods now. I am using only the "rest-default"
> package and want to disable the *strict method invocation* as I have a
> larger number of methods (Adding those many
I am using Struts 2 with rest plugin and I need to migrate from struts 2.3 to
struts 2.5. My application also has struts 1 with the older apis unmigrated
to struts2.
I have some custom methods in my application other than the default CRUD
operations. As the strict method invocation is enabled now
2015-10-06 11:46 GMT+02:00 Volker Krebs :
> One thing,
> when using extends the allowed-methods won't be merged.
> Only the ones from action definition are used.
>
> E.g.:
>
>m1,m2
>
>
>
>
> ...
> m3,m4
>
>
>
> /app1/a1!m3.action is working.
> /app1/a1!m1.action is *not* w
Am 05.10.2015 um 16:43 schrieb Volker Krebs:
> Am 03.10.2015 um 09:35 schrieb Lukasz Lenart:
>> Hi,
>>
>> I have updated docs about the latest SMI addition:
>>
>> https://cwiki.apache.org/confluence/display/WW/Security#Security-StrictMethodInvocation
>> https://cwiki.apache.org/confluence/display/W
Am 03.10.2015 um 09:35 schrieb Lukasz Lenart:
> Hi,
>
> I have updated docs about the latest SMI addition:
>
> https://cwiki.apache.org/confluence/display/WW/Security#Security-StrictMethodInvocation
> https://cwiki.apache.org/confluence/display/WW/Action+Configuration#ActionConfiguration-DynamicMet
> From: lukaszlen...@apache.org
> Date: Sat, 3 Oct 2015 09:35:04 +0200
> Subject: Strict Method Invocation
> To: user@struts.apache.org
>
> Hi,
>
> I have updated docs about the latest SMI addition:
>
> https://cwiki.apache.org/confluence/display/WW/Security#S
Hi,
I have updated docs about the latest SMI addition:
https://cwiki.apache.org/confluence/display/WW/Security#Security-StrictMethodInvocation
https://cwiki.apache.org/confluence/display/WW/Action+Configuration#ActionConfiguration-DynamicMethodInvocation
wdyt?
Regards
--
Łukasz
+ 48 606 323 1
26 matches
Mail list logo
