I've created an draft version and attached it to https://issues.apache.org/struts/browse/WW-2274 It is a little bit messy at the moment and could be trimmed down a bit, but from my basic tests it seems to be working. Currently it only works on simple parameter names, so if you have a parameter called 'one.two' then it will not match as you only have a field named 'one'. A quick way around this might be to simply trim the parameter name to the first '.'
----- Original message ----- From: "Ted Husted" <[EMAIL PROTECTED]> To: "Struts Developers List" <dev@struts.apache.org> Date: Wed, 24 Oct 2007 14:52:16 -0400 Subject: Re: [S2] Annotations (was Plugins gone wild!) On 10/23/07, Martin Gilday <[EMAIL PROTECTED]> wrote: > Well I am looking at the Parameter Filter Interceptor > (http://cwiki.apache.org/WW/parameter-filter-interceptor.html) which I > am proposing we complement by allowing the same thing with annotations. > Currently we have a wizard like section in one of our sites which we are > backing with Spring session scope beans. So the Struts2 Spring plugin > injects it. To allow this we have a setMySessionBeanName(), which is > public. So a user could call an action with a parameter > mySessionBeanName.forename and change that value. You can stop that > with the filter interceptor by defining mySessionBeanName as a blocked > parameter name, I would prefer to mark it @NotAParameter. Why not @blocked and @allowed for the properties, and @defaultBlock for the class? -Ted. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]