2018-04-09 16:59 GMT+02:00 DevaGerald <devasakayam...@gmail.com>:
> Thanks a lot Lukasz.
> I have resolved it by adding
> <global-allowed-methods>regex:[a-zA-Z]*</global-allowed-methods> in my
> struts.xml
> Do I have any alternative for this?

No but I didn't want to suggest this as this basically opens a
potential security hole in your app. In this case any public method
can be called especially when using DMI.
I wonder if we can introduce another pattern here like "allow methods
for this class hierarchy":
<allowed-methods>class:BaseAction</allowed-methods> - wdyt?

+ 48 606 323 122 http://www.lenart.org.pl/

To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Reply via email to