According to the documentation: In Struts 2.3, an option was added to restrict the methods that DMI can invoke. First, set the attribute strict-method-invocation="true" on your <package> element. Then specify <allowed-methods> as a comma-separated list of method names in your <action>. A request for any other method will be rejected. (If you specify a method attribute for your action, you do not need to list it in <allowed-methods>.)
It's not defined what will happen if a method attribute for the action is specified (wildcard or not) and <allowed-methods> is also specified. Can you make the documentation of <allowed-methods> and strict-method-invocation more clear? What does strict-method-invocation mean: set to true: -method attribute must be specified or allowed-methods must be defined? set to false: -method attribute need not be specified and allowed-methods need not be defined. But what will happen if i add allowed-methods? (is the invocation limited to these methods?) What does <allowed-methods> mean: If a method attribute and allowed-methods is specified, will allowed-methods be respected (this makes only sense if the method attribute contains a wildcard)? >From my point of view <allowed-methods> should be treated independently of >strict-method-invocation: allowed_method: if specified, it should be respected, even if strict-method-invocation is turned off. strict-method-invocation: if turned on, methods must be specified (by method-attribute or allowed_method) Thanks Andi -------- Original-Nachricht -------- > Datum: Tue, 3 Jan 2012 15:42:50 -0800 > Von: John Lindal <support_0...@newplanetsoftware.com> > An: "Struts Developers List" <dev@struts.apache.org> > Betreff: Re: strict DMI > I think the <allowed-methods> tag inside an <action> controls both. > > John > > On Jan 3, 2012, at 2:50 PM, Andreas Sachs wrote: > > > Hi, > > i like the idea of strict-method-invocation="true" and the > > possibility to define the allowed methods. I'm just wondering why > > this is only implemented for DMI and not for wildcard method > > invocation. > > Are there any reasons for this? > > > > Thanks > > Andi > > -- > > Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir > > belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > > For additional commands, e-mail: dev-h...@struts.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > -- NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie! Jetzt informieren: http://www.gmx.net/de/go/freephone --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
