[Stripes-dev] [JIRA] Resolved: (STS-811) Make @StrictBinding @Validate "on" aware

Thu, 03 Mar 2011 12:27:00 -0800 

     [ 
http://www.stripesframework.org/jira/browse/STS-811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ben Gunter resolved STS-811.
----------------------------

       Resolution: Won't Fix
    Fix Version/s:     (was: Release 1.5.6)

This can't be done because @Validate's "on" element only applies in conjunction 
with its "required" element. For example, if you say @Validate(required=true, 
on="go") that only means that the property is *required* on the "go" event. It 
does not imply that the property may not be bound on some other event. It 
might, in fact, be optional on other events.

> Make @StrictBinding  @Validate "on" aware
> -----------------------------------------
>
>                 Key: STS-811
>                 URL: http://www.stripesframework.org/jira/browse/STS-811
>             Project: Stripes
>          Issue Type: Improvement
>          Components: Validation
>    Affects Versions: Release 1.5.5
>         Environment: N/A
>            Reporter: Jacob Champlin
>            Assignee: Ben Gunter
>              Labels: binding
>
> I would like to request that @StrictBinding  only bind a url parameter if the 
> @Validate annotation has the action called in the "on" attribute.
> The @StrictBinding was a great addition!!  It was such a huge security threat 
> to bind every member in the ActionBean.  Especially combined with hibernates 
> auto flushing.
> However, If you use your ActionBean for say all your CRUD operations.  Then 
> your all your operations are subject to the Superset of binding for that 
> ActionBean.  IE  your "read" operation can potentually bind anything your 
> "create" operation requires.
> There are lots of solutions for this including putting each operation into 
> its own Action, or having a different binding bean for each operation.  I 
> don't think either of these would be as clean as makeing use of the @Validate 
> on="read" metadata.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development

Reply via email to