Hi,
There is a huge discussion about how SMI should work in case of using
wildcard mapping [1]. Basically when action is defined as follow:
<action name="person*" class="com.demo.PersonAction" method="{1}">
<result name="success">view.jsp</result>
<result name="input">input.jsp</result>
</action>
SMI will allow access any method in PersonAction class because {1} is
translated into RegEx (.*) - as you can see SMI simply won't work
here.
Greg propose to drop the translation ({1} -> (.*)) and only base on
what was defined in <global-allowed-methods/> or <allowed-method/> in
that case, thus will truly limit access to methods.
wdyt?
[1] https://issues.apache.org/jira/browse/WW-4596
Regards
--
Ćukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
