Re: [S2] Annotations (was Plugins gone wild!)

Thu, 25 Oct 2007 08:53:49 -0700

I tried to send a reply early, but it got rejected because it was HTML (oops).
I'm wondering if this is just another layer of configuration to alleviate flawed designs. I always find that the web tier should be accessible and only reveal setters for things it wants to consume. If I want something protected I put it in a web-business-service tier where it is better protected and I can control the injection and settings and frameworks don't introduce dangerous automatic handling. 

-bp


Martin Gilday wrote:

I've created an draft version and attached it to
https://issues.apache.org/struts/browse/WW-2274
It is a little bit messy at the moment and could be trimmed down a bit,
but from my basic tests it seems to be working.
Currently it only works on simple parameter names, so if you have a
parameter called 'one.two' then it will not match as you only have a
field named 'one'.  A quick way around this might be to simply trim the
parameter name to the first '.'


----- Original message -----
From: "Ted Husted" <[EMAIL PROTECTED]>
To: "Struts Developers List" <dev@struts.apache.org>
Date: Wed, 24 Oct 2007 14:52:16 -0400
Subject: Re: [S2] Annotations (was Plugins gone wild!)

On 10/23/07, Martin Gilday <[EMAIL PROTECTED]> wrote:

  

Well I am looking at the Parameter Filter Interceptor
(http://cwiki.apache.org/WW/parameter-filter-interceptor.html) which I
am proposing we complement by allowing the same thing with annotations.
Currently we have a wizard like section in one of our sites which we are
backing with Spring session scope beans.  So the Struts2 Spring plugin
injects it.  To allow this we have a setMySessionBeanName(), which is
public.  So a user could call an action with a parameter
mySessionBeanName.forename and change that value.  You can stop that
with the filter interceptor by defining mySessionBeanName as a blocked
parameter name,  I would prefer to mark it @NotAParameter.

    


Why not @blocked and @allowed for the properties, and @defaultBlock
for the class?

-Ted.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


  



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to