Joe Germuska wrote:
At 11:38 AM -0500 1/23/06, Frank W. Zammetti wrote:
Joe, I think Rick is correct, I too do not see how this will solve the
problem.
Recall that the way it works today, you can bypass validate() being fired
for *any* Action, not just those which are designed to handle a cancel
button. This is where the problem arises... depending on what is done in
validate() (whether we as architects find it appropriate or not) can
cause
problems in execute() and beyond, potentially security problems.
Of course, perhaps Rick and I are *both* not seeing it :)
Or it could be me. But this solution puts burden of activating the
cancel semantics on the person who manages the struts-config file. When
the command was not in legacy mode, it would only check for the cancel
parameter for requests whose Struts action path looks up an
ActionMapping which has had an explicit value set.
So once this was done, you couldn't bypass validate(), except for
actions that should be designed to handle it.
Yep, makes sense. +1 for Nico's approach, both for being easier to
implement and for being the simplest thing that could possibly work (TM) :-)
L.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
