--- Laurie Harper <[EMAIL PROTECTED]> wrote:
> That would require a getMailSender() on the action, wouldn't it? I'd
> strongly suggest not having getters for 'sensitive' internals like that
It's pretty typical to have a service injected like that, though. The issue
here is that a sensitive configuration parameter is being trivially exposed
via a Spring-settable property.
> >> --- Brian Relph <[EMAIL PROTECTED]> wrote:
> >>> So i guess this is a legitimate security concern. Is there a
> >>> cleaner way to do this? Is there annotations support for it?
> >> Not that I'm aware of.
Have you solved your ParameterNameAware problem?
I can't reproduce it; if I have a Spring-injected class (my test uses
'testService') with a property and my 'acceptableParameterName' method
returns 'false' for parameters starting with the name of the service's
parameter it's not being set.
In other words, if the parameter name 'startsWith("testService")' I return
false, the parameter in the service isn't being set on a request containing
something like 'testService.senderName'.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
