[Stripes-dev] [JIRA] Updated: (STS-811) Make @StrictBinding @Validate "on" aware

Thu, 03 Mar 2011 11:58:55 -0800 

     [ 
http://www.stripesframework.org/jira/browse/STS-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ben Gunter updated STS-811:
---------------------------

    Fix Version/s: Release 1.5.6
         Assignee: Ben Gunter
          Summary: Make @StrictBinding  @Validate "on" aware  (was: Make 
@StrickBinding  @Validate "on" aware)

> Make @StrictBinding  @Validate "on" aware
> -----------------------------------------
>
>                 Key: STS-811
>                 URL: http://www.stripesframework.org/jira/browse/STS-811
>             Project: Stripes
>          Issue Type: Improvement
>          Components: Validation
>    Affects Versions: Release 1.5.5
>         Environment: N/A
>            Reporter: Jacob Champlin
>            Assignee: Ben Gunter
>              Labels: binding
>             Fix For: Release 1.5.6
>
>
> I would like to request that @StrictBinding  only bind a url parameter if the 
> @Validate annotation has the action called in the "on" attribute.
> The @StrictBinding was a great addition!!  It was such a huge security threat 
> to bind every member in the ActionBean.  Especially combined with hibernates 
> auto flushing.
> However, If you use your ActionBean for say all your CRUD operations.  Then 
> your all your operations are subject to the Superset of binding for that 
> ActionBean.  IE  your "read" operation can potentually bind anything your 
> "create" operation requires.
> There are lots of solutions for this including putting each operation into 
> its own Action, or having a different binding bean for each operation.  I 
> don't think either of these would be as clean as makeing use of the @Validate 
> on="read" metadata.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development

Reply via email to