On Sun, Jun 28, 2009 at 08:15:43AM -0400, Dave Newton wrote:
> Jan T. Kim wrote:
> >(1) Where is the documentation of this wildcard syntax?
>
> http://struts.apache.org/2.x/docs/wildcard-mappings.html
> http://struts.apache.org/2.x/docs/action-configuration.html#ActionConfiguration-WildcardMethod
>
> Although the underscore thing is mentioned I don't think it's explicitly
> stated. The first link above is linked off the "Guides" page directly,
> and from the action configuration page.
Ok -- from experimentation it seems to me that an "exclamation point
(aka 'bang'), underscore, or other special character" matches any other
special character or the empty string, as accessing "bleh", "bleh_"
and "bleh!" gives me a test form with validation errors while accessing
"bleh_input" gives me one without validation errors. (I tried a few
other characters but none exhibited this "special" behaviour so far --
does anyone know what the "other special characters" are?)
> >(2) Isn't encoding methods in action name suffixes like this a potential
> >security issue?
So, are wildcards useful for development but have to be expanded before
putting a system to production use?
Replacing the filename globbing like wildcard system with a complete
regular expression system would allow writing more precise rules, e.g.
one could write
<action name="^bleh(_((input)|(dummy)))?$" method="{2}" ...>
...
</action>
and be certain that the method attribute won't take any values other
than "input", "dummy", or the empty string (which then probably should
map to the execute method).
Best regards, Jan
--
+- Jan T. Kim -------------------------------------------------------+
| email: j....@uea.ac.uk |
| WWW: http://www.cmp.uea.ac.uk/people/jtk |
*-----=< hierarchical systems are for files, not for humans >=-----*
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
