Sorry i was not very clear: when you configure your application to allow the bang (!) notation, the client gets to choose *any* of the public methods on your action and use them as action methods as opposed to you listing what your action methods are explicitly. So?the developer has to be cautious because all public methods on the action become fair game. Chris?
-----Original Message----- From: Dave Newton <newton.d...@yahoo.com> To: Struts Users Mailing List <user@struts.apache.org> Sent: Tue, 14 Apr 2009 2:25 pm Subject: Re: sample CRUD application question Bhaarat Sharma wrote:? > so what would be a way to avoid that?? > > use this instead?? > >> <s:url action="crud" method="delete" id="url">? >> <s:param name="employee.employeeId" value="employeeId"/>? >> </s:url>? ? I don't see any difference there.? ? I'm not sure what the original response had in mind; the same thing could happen with a POST form.? ? Normally one would check for delete access rights on the server side before allowing deletions.? ? Dave? ? ---------------------------------------------------------------------? To unsubscribe, e-mail: user-unsubscr...@struts.apache.org? For additional commands, e-mail: user-h...@struts.apache.org? ?
