[ 
https://issues.apache.org/jira/browse/WW-4540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14724851#comment-14724851
 ] 

ASF GitHub Bot commented on WW-4540:
------------------------------------

GitHub user lukaszlenart opened a pull request:

    https://github.com/apache/struts/pull/47

    WW-4540: Strict DMI

    This PR enables `Strict DMI` be default (or rather it's always enabled). 
Thus will limit possible methods which can be called and executed as an action 
methods.
    
    Right now you can configure `global-allowed-methods` and `allowed-methods` 
via `struts.xml` only but I'm going to add support for annotations as well.
    
    To use the new functionality you must update DTD definition to `2.5`

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/lukaszlenart/struts strict-dmi

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/struts/pull/47.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #47
    
----
commit 065b5b79ae068ab7891a4232a0769290fd21bb17
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T12:31:59Z

    Drops wildcard as a valid action method

commit ce884e92a15ef601b0e119963d3c521fa68d8bb1
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T12:33:31Z

    Defines global-allowed-methods

commit fd22e3a16c88ef0528c1e26e0d6bdfdf1c02c755
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T12:35:16Z

    Uses global-allowed-methods config para

commit 55b8070048cbec0a6e08b1781f81b1bfdb3354f2
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T12:41:57Z

    Drops strict DMI

commit fb0c4a58507c7fb1af135bb376af5b475f43d7ee
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T12:42:44Z

    Drops outdated attribute

commit 4565993463f660e9be90b9fe9c3597ce54b58917
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T12:43:21Z

    Extends Unknown Handler to allowed check if method is allowed

commit c3f4457b8b8ad6bd0e89646d825f2ef5f9f91118
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T12:43:31Z

    Fixes tests

commit c1928ad06bdfbe245b1ed7d5bfeb07ed9bface37
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T16:36:04Z

    Fixes tests

commit 3b31c428856766389ad6df4ba1edc3d60ecf5e24
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T16:36:29Z

    Adds support for wildcards

commit 185530464b838b3aac9681b5ff5b16401ccef56d
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T16:36:41Z

    Simplifies implementation

commit 47a01eab10d940fdc134cb666d3d2db0280d8ca8
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T18:28:45Z

    Fixes typo

commit 63bb6e30e75facf5382608857494cf971f0378dd
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T19:06:06Z

    Adds missing comma

commit 4c7a7dd6c02457cf006318ed4621b7c432cc478c
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T19:46:16Z

    Adds null-safety

commit 77691563b9b8d2ad01c078a66d1ed207bf3611b3
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T19:46:47Z

    Implements required method

commit dd406fbb04e755c0545c318c3ea099674fb78363
Author: Lukasz Lenart <lukaszlen...@apache.org>
Date:   2015-08-31T19:46:55Z

    Fixes test

----


> Enable Strict DMI be default
> ----------------------------
>
>                 Key: WW-4540
>                 URL: https://issues.apache.org/jira/browse/WW-4540
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Actions
>            Reporter: Lukasz Lenart
>            Assignee: Lukasz Lenart
>             Fix For: 2.5
>
>
> Struts 2 already support {{Strict DMI}} but it's disabled by default. 
> {{Strict DMI}} should be always enable to allow access only specific methods.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to