2013/10/17 Paul Benedict <[email protected]>: > Throw an exception instead. If Struts has a default exception handler, > translate the exception into a 403; but the goal is to give the user a > chance to customize the response.
That's the problem .... exceptions handling is provided by an interceptor, deep in execution chain and checking security at that level can be too late :\ Right now I have added SecurityGate directly into Dispatcher and it will block the whole request if something suspicious will be discovered - and added two SecurityGuards, but they don't perform the real check now. They're there just to show the idea. Please review if it makes sense. https://issues.apache.org/jira/browse/WW-4227 Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
