On 10/21/2013 07:03 PM, Greg Lindholm wrote:
If you use struts.mapper.action.prefix.enabled to enable action: prefix
support are you opening up a security whole?
What is the liability?
No comments from users. Could consider no security issues, I guess?
On Fri, Oct 18, 2013 at 12:28 PM, Lukasz Lenart <lukaszlen...@apache.org>wrote:
2013/10/18 Emi Lu <em...@encs.concordia.ca>:
Good morning,
Tried the new version15.3, but failed:
login() method is not called at all.
(1) login.jsp
================
<s:submit value="Login"
theme="simple"
action="loginProcessLoginAction" />
Struts 2.3.15.3 disables support for action: prefix by default [1], to
enable it you must set struts.mapper.action.prefix.enabled to true.
Instead action: you can use method: prefix (but you must enable
struts.enable.DynamicMethodInvocation to true [2])
[1] http://struts.apache.org/release/2.3.x/docs/s2-018.html
[2] http://struts.apache.org/release/2.3.x/docs/s2-019.html
Regards
--
Ćukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
