Actually, the wiki did mention that "method" is in addition to allowed-
methods. I have updated it to make it clearer and also explain that
since wildcards are specified in the "method", this is not blocked by
allowed-methods. I also added a note about allowed-methods without
strict-method-invocation. (They are independent.)
Thanks for the feedback.
John
On Jan 4, 2012, at 12:49 AM, Andreas Sachs wrote:
According to the documentation:
In Struts 2.3, an option was added to restrict the methods that DMI
can invoke. First, set the attribute strict-method-invocation="true"
on your <package> element. Then specify <allowed-methods> as a comma-
separated list of method names in your <action>. A request for any
other method will be rejected. (If you specify a method attribute
for your action, you do not need to list it in <allowed-methods>.)
It's not defined what will happen if a method attribute for the
action is specified (wildcard or not) and <allowed-methods> is also
specified.
Can you make the documentation of <allowed-methods> and strict-
method-invocation more clear?
What does strict-method-invocation mean:
set to true:
-method attribute must be specified or allowed-methods must be
defined?
set to false:
-method attribute need not be specified and allowed-methods need not
be defined. But what will happen if i add allowed-methods? (is the
invocation limited to these methods?)
What does <allowed-methods> mean:
If a method attribute and allowed-methods is specified, will
allowed-methods be respected (this makes only sense if the method
attribute contains a wildcard)?
From my point of view <allowed-methods> should be treated
independently of strict-method-invocation:
allowed_method: if specified, it should be respected, even if strict-
method-invocation is turned off.
strict-method-invocation: if turned on, methods must be specified
(by method-attribute or allowed_method)
Thanks
Andi
-------- Original-Nachricht --------
Datum: Tue, 3 Jan 2012 15:42:50 -0800
Von: John Lindal <support_0...@newplanetsoftware.com>
An: "Struts Developers List" <dev@struts.apache.org>
Betreff: Re: strict DMI
I think the <allowed-methods> tag inside an <action> controls both.
John
On Jan 3, 2012, at 2:50 PM, Andreas Sachs wrote:
Hi,
i like the idea of strict-method-invocation="true" and the
possibility to define the allowed methods. I'm just wondering why
this is only implemented for DMI and not for wildcard method
invocation.
Are there any reasons for this?
Thanks
Andi
--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
--
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
Jetzt informieren: http://www.gmx.net/de/go/freephone
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
