Have dynamic method invocation off and be careful with wildcards. Another possibility is to have an interceptor veto calls to that method but that would get tedious if you have many of them. chris
-----Original Message----- From: Louis Voo <jl...@yahoo.com> To: Struts Users Mailing List <user@struts.apache.org> Sent: Thu, Aug 13, 2009 6:54 am Subject: How to prevent user invoke a method? Hello, Is there anyway to prevent user invoke a method which is not define in the configuration file? For e.g, in my UserAction, there is a public String getPassword() method. So in the url, user can enter User!getPassword to directly call this method(), of course they won't be a result map to the return value, so in the front end it will show HTTP Status 404 - No result defined for action com.demo.action.UserAction and result thisisapassword How to prevent this happen? Regards Louis
