Make @StrickBinding @Validate "on" aware
-----------------------------------------
Key: STS-811
URL: http://www.stripesframework.org/jira/browse/STS-811
Project: Stripes
Issue Type: Improvement
Components: Validation
Affects Versions: Release 1.5.5
Environment: N/A
Reporter: Jacob Champlin
I would like to request that @StrictBinding only bind a url parameter if the
@Validate annotation has the action called in the "on" attribute.
The @StrictBinding was a great addition!! It was such a huge security threat
to bind every member in the ActionBean. Especially combined with hibernates
auto flushing.
However, If you use your ActionBean for say all your CRUD operations. Then
your all your operations are subject to the Superset of binding for that
ActionBean. IE your "read" operation can potentually bind anything your
"create" operation requires.
There are lots of solutions for this including putting each operation into its
own Action, or having a different binding bean for each operation. I don't
think either of these would be as clean as makeing use of the @Validate
on="read" metadata.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
