[
https://issues.apache.org/struts/browse/WW-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=43977#action_43977
]
James Holmes commented on WW-2363:
----------------------------------
I like this feature and definitely think it will be more necessary (from a
security standpoint) as more applications move to convention over
configuration. I've had a good deal of experience using Musachy's S2 JSON
plugin and it has an excludeProperties parameter. That is useful, but an
includeProperties parameter is desparately needed to cut down on the amount of
configuration data. That said, I think allow and deny parameters should both be
supported (similar to typical networking configuration).
> Allow limiting of action methods
> --------------------------------
>
> Key: WW-2363
> URL: https://issues.apache.org/struts/browse/WW-2363
> Project: Struts 2
> Issue Type: New Feature
> Components: XML Configuration
> Affects Versions: 2.1.0
> Reporter: Don Brown
> Fix For: 2.1.x
>
>
> Struts should allow developers to limit the methods that can be called on an
> action. Currently, any public, no-arg method can be executed by the user.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
