Can you clarify how this would affect custom action mappers?
On Wed, Oct 9, 2013 at 4:05 PM, Lukasz Lenart <lukaszlen...@apache.org>wrote: > Hi, > > Another idea is to add some logic to handle security aspects of the > framework in one place - it would be some kind of stack of interfaces > which will try to cleanup incoming request. > > For example: > > - ActionNameJudge#accept() will handle if action name match expected > pattern, the same what is already defined with constant in > DefaultActionMapper > - ParameterNameJudge#accept() will handle if given parameter name is > acceptable - the same what ParametersInterceptor do right now > - etc > > The idea is simple - have all the security related logic in one place > and to have it applied to the whole framework not to some parts, i.e. > someone will implement their own ActionMapper and won't escape/clear > action names as it is done in DefaultActionMapper, and so on. > > These handlers will be configured in struts-default.xml and user can > re-define them, additional judges, etc. > > > Regards > -- > Ćukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
