Kusal Kithul-Godage created WW-5408:
---------------------------------------
Summary: Add option to NOT fallback to empty namespace when
unresolved
Key: WW-5408
URL: https://issues.apache.org/jira/browse/WW-5408
Project: Struts 2
Issue Type: Improvement
Components: Core
Reporter: Kusal Kithul-Godage
Fix For: 6.5.0
Currently, when a namespace cannot be resolved from a request URL, it falls
back to the empty namespace.
This effectively allows all Actions which are defined for the empty namespace
to be accessed from an infinite number of endpoints.
For example, you may have an Action defined in the empty namespace, intended
for access at:
{{www.domain.com/login.action}}
However, due to the current fallback behaviour, this Action can actually be
accessed at any non-resolving namespace, eg.:
{{www.domain.com/what/about/this/login.action}}
This behaviour is not usually beneficial and could lead to bugs if a developer
only expects their Action to be accessible at a very specific URL. Many
developers may not be aware of these Action resolving quirks of Struts.
As far as I can tell, there is not currently an option to prevent this
behaviour, so I propose we add one.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
