On 5/11/10 11:34 AM, Mitch Claborn wrote:
A security scan on our site is sending a request like
/emailalink!"Xx<XaXaXXaXaX>xX.html
I'd advise setting struts.enable.DynamicMethodInvocation=false as a
first step.
I'd like to be able to somehow capture those requests into a catch-all
or default method on the action so that I can do something intelligent,
rather than just allowing an error page to show up. Is there a way to do
this?
By "error page" do you mean a page that shows the call stack you just
showed us, or a more generic "something bad happened" page? The former
should only happen if you have devMode turned on.
In general I think the answer you're looking for is
<global-results>
<result name="404">/404.jsp</result>
</global-results>
<global-exception-mappings>
<exception-mapping exception="java.lang.Exception" result="404"/>
</global-exception-mappings>
-Dale
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
