Github user aleksandr-m commented on the issue:
https://github.com/apache/struts/pull/133
You're mixing two very different topics together, security and `chain`
configuration.
> But I think using attribute class for both class name and bean name is
not intuitive too.
What do you mean by that? There is no *bean* name.
> But by continuing includes/excludes approach, user has to manually
concern about run time of the action.
But it the same or maybe even much more tedious manual work for defining
`bean` in **every** action you want to *protect*.
> I've done #118 before. It does not have fewer changes that adding bean
attribute.
It is not about the amount of changes, it is about separation of concerns.
Configuration for `chain` interceptor belongs to `chain` configuration.
> Yes, but so we will have to add dependency of any possible java proxy
creators like Spring, cglib or etc to S2 core.
Not necessarily. For example, it can be just delegated to the object
factory at hand.
Another possibility is to search for `getTarget` methods.
Yet another is to compare action configuration `class` with the current
instance `toString` / `getClass().toString`.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
