[Stripes-dev] [JIRA] Commented: (STS-811) Make @StrictBinding @Validate "on" aware

Thu, 03 Mar 2011 15:44:04 -0800 

    [ 
http://www.stripesframework.org/jira/browse/STS-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12231#comment-12231
 ] 

Jacob Champlin commented on STS-811:
------------------------------------

Good point, thanks for looking.  Maybe a  "bind" on attribute?

> Make @StrictBinding  @Validate "on" aware
> -----------------------------------------
>
>                 Key: STS-811
>                 URL: http://www.stripesframework.org/jira/browse/STS-811
>             Project: Stripes
>          Issue Type: Improvement
>          Components: Validation
>    Affects Versions: Release 1.5.5
>         Environment: N/A
>            Reporter: Jacob Champlin
>            Assignee: Ben Gunter
>              Labels: binding
>
> I would like to request that @StrictBinding  only bind a url parameter if the 
> @Validate annotation has the action called in the "on" attribute.
> The @StrictBinding was a great addition!!  It was such a huge security threat 
> to bind every member in the ActionBean.  Especially combined with hibernates 
> auto flushing.
> However, If you use your ActionBean for say all your CRUD operations.  Then 
> your all your operations are subject to the Superset of binding for that 
> ActionBean.  IE  your "read" operation can potentually bind anything your 
> "create" operation requires.
> There are lots of solutions for this including putting each operation into 
> its own Action, or having a different binding bean for each operation.  I 
> don't think either of these would be as clean as makeing use of the @Validate 
> on="read" metadata.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development

Reply via email to