I think in the applications that use ParameterNameAware there are two use cases - use it to specify a "blacklist" of parameter names that Struts should not try to process or use it to specify a "whitelist" of parameter names that Struts should allow.
If we change the OR to AND then the people who have used ParameterNameAware to create a whitelist may have to change their code if they are returning false in method acceptableParameterName if the parameter name is not one of their whitelist ones. Otherwise all parameters not in their whitelist will not be processed by Struts 2. Also what if we change the OR to AND and someone has whitelisted a parameter name in the acceptableParameterName method but the ParametersInterceptor method acceptableName returns false--with the AND logic the user's whitelisted parameter name will be ignored. I also think that most people implementing ParameterNameAware DO NOT understand the implications of using it given the changes made recently. Our documentation and examples are not clear about how and why to use the ParameterNameAware interface - we've buried a warning about using ParameterNameAware deep in the JavaDoc (which most people do not read). I also think we need a larger discussion about whether or not ParameterNameAware interface a good idea going forward. Is there a valid use case for making ParameterInterceptor less restrictive for which parameters are processed? I'm very new to improving the Struts 2 code so please take my comments with a grain of salt. Bruce -- View this message in context: http://struts.1045723.n5.nabble.com/Add-to-ParameterNameAware-JavaDoc-Warning-About-Using-tp5713285p5713406.html Sent from the Struts - Dev mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
