--- Brian Relph <[EMAIL PROTECTED]> wrote:
> I have also created a new AnnontationParameterInterceptor, along with a
> class-level annontation and a field-level annontation. As of now, the
> annotations just store a boolean value of whether to allow the field to be
> set, and for the class, what t
I was able to use the ParameterNameAware interface after all ... I needed to
rebuild my project, it wasn't updating in my workspace for some reason.
I have also created a new AnnontationParameterInterceptor, along with a
class-level annontation and a field-level annontation. As of now, the
annota
--- Laurie Harper <[EMAIL PROTECTED]> wrote:
> That would require a getMailSender() on the action, wouldn't it? I'd
> strongly suggest not having getters for 'sensitive' internals like that
It's pretty typical to have a service injected like that, though. The issue
here is that a sensitive config
Brian Relph wrote:
Here is a better example of what i am concerned about ...
I send emails in my application, and i use spring to configure a
JavaMailSender - this has a getter/setter for the"from" email address ... as
well, i use a singleton bean for this object (this is the spring default
nowa
Here is a better example of what i am concerned about ...
I send emails in my application, and i use spring to configure a
JavaMailSender - this has a getter/setter for the"from" email address ... as
well, i use a singleton bean for this object (this is the spring default
nowadays), so a malicious
--- Brian Relph <[EMAIL PROTECTED]> wrote:
> So i guess this is a legitimate security concern. Is there a
> cleaner way to do this? Is there annotations support for it?
Not that I'm aware of.
Note that setting a DAO-style class with a string would most likely end in an
exception.
Dave
-
So i guess this is a legitimate security concern. Is there a cleaner way to
do this? Is there annotations support for it?
On Thu, Feb 28, 2008 at 10:05 AM, Daniel Baldes <[EMAIL PROTECTED]> wrote:
> Brian Relph wrote:
> > Hi, I am concerned about security in my struts2 actions. I am using
> sp
Brian Relph wrote:
Hi, I am concerned about security in my struts2 actions. I am using spring
to auto-wire my actions by name, but this leads me to believe that a
malicious user can set action properties that i do not want them to. For
example, i have a .jsp with a form input of "name". My act
Hi, I am concerned about security in my struts2 actions. I am using spring
to auto-wire my actions by name, but this leads me to believe that a
malicious user can set action properties that i do not want them to. For
example, i have a .jsp with a form input of "name". My action has a
getter/sett
9 matches
Mail list logo
