I like the idea except the Judge name. I think Authenticator is fine.
On Wed, Oct 9, 2013 at 3:21 PM, Steven Benitez <steven.beni...@gmail.com>wrote: > Can you clarify how this would affect custom action mappers? > > > On Wed, Oct 9, 2013 at 4:05 PM, Lukasz Lenart <lukaszlen...@apache.org > >wrote: > > > Hi, > > > > Another idea is to add some logic to handle security aspects of the > > framework in one place - it would be some kind of stack of interfaces > > which will try to cleanup incoming request. > > > > For example: > > > > - ActionNameJudge#accept() will handle if action name match expected > > pattern, the same what is already defined with constant in > > DefaultActionMapper > > - ParameterNameJudge#accept() will handle if given parameter name is > > acceptable - the same what ParametersInterceptor do right now > > - etc > > > > The idea is simple - have all the security related logic in one place > > and to have it applied to the whole framework not to some parts, i.e. > > someone will implement their own ActionMapper and won't escape/clear > > action names as it is done in DefaultActionMapper, and so on. > > > > These handlers will be configured in struts-default.xml and user can > > re-define them, additional judges, etc. > > > > > > Regards > > -- > > Ćukasz > > + 48 606 323 122 http://www.lenart.org.pl/ > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > > For additional commands, e-mail: dev-h...@struts.apache.org > > > > > -- Cheers, Paul
