staticParams provide some sort of default parameter injection when you declare an action in your struts.xml, but it should be ok to override this value if it came as a parameter. If the interceptor order would be the opposite, then static parameters would take precedence over regular parameters.
As you said, actions are POJOs and its properties can be used with many design intentions: 1) hold URL parameters 2) hold static initialization parameters 3) Hold action result objects (but you want to write a setter too to perform some repetitive logic) 4) hold injected objects (think S2 beans or Spring's) >From the security perspective, for the 4) case is not much I think (because probably the ParameterInterceptor will throw an exception when type conversion fails). To differentiate between the 1) and both 2) and 3), it could be an improvement if with some annotation you could tag a parameter as "static only" and then the ParameterInterceptor will not try to set any value there (or throw an exception). 2008/8/1 Andy Law <[EMAIL PROTECTED]>: > > Is there any design reason why staticParams is not called before prepare in > the paramsPrepareParams stack? > > Also, in a potential RFE sort of vein, would there be any support for a > request for a way of making staticParams non-overwritable? (i.e. the params > defined in the action configuration XML and specified as non-mutable would > not be overwritten by clever folk sticking > '?paramname=value¶m2name=value2' at the end of any given URL) > > Later, > > Andy > -- > View this message in context: > http://www.nabble.com/paramsPrepareParams-vs.-staticParams-tp18773842p18773842.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
