Jason Carreira wrote:
Ok, I'm confused. So now we have to intercept all requests, not justEither that or limit to .action. I guess it depends on how you define web.xml, i.e. what you put the filter that handles this on.
the ones for *.action?
Could be in the session or could be in WebWork/XWork. Not implemented yet, so this remains to be seen. Both would work.Where is this temporary association between URLs and actions stored? Is it in the Session, so it's user specific?
Why? With this method you don't have to think about adding a hidden field; it just works. With this method you will be sure that noone executes actions unless it is specified by your application flow. It's transparent from the developers point of view, which is better IMO than having to think about hidden fields and tokens and whatnot.The hidden token is still sounding much more straightforward and easy to understand, IMHO.
/Rickard
--
Rickard �berg
[EMAIL PROTECTED]
Senselogic
Got blog? I do. http://dreambean.com
-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
_______________________________________________
Opensymphony-webwork mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
