On Sun, Jun 28, 2009 at 11:51:59AM -0400, Dave Newton wrote:
> Jan T. Kim wrote:
> >>>(2) Isn't encoding methods in action name suffixes like this a potential
> >>>security issue?
> >
> >So, are wildcards useful for development but have to be expanded before
> >putting a system to production use?
>
> The only security issue I'm aware of is if the developer exposes
> unwanted behavior in an action by making methods public when they
> shouldn't be. A web app should have a real security mechanism in place
> anyway, making sure that only users with appropriate access rights are
> able to execute actions (or whatever granularity is required).
>
> >Replacing the filename globbing like wildcard system with a complete
> >regular expression system would allow writing more precise rules, e.g.
> >one could write
> >
> > <action name="^bleh(_((input)|(dummy)))?$" method="{2}" ...>
> > ...
> > </action>
> >
> >and be certain that the method attribute won't take any values other
> >than "input", "dummy", or the empty string (which then probably should
> >map to the execute method).
>
> I'm sure we'd consider a patch, if such a matcher doesn't already
> exist--but personally I'm not convinced of the utility, since it
> basically means you'd then have two places to keep up to date: the
> action class and its mapping (assuming XML configuration).
That wouldn't be a change from the current state, my suggestion was to
replace / extend the current wildcard (plus special characters) mechanism
with / to a fully fledged regular expression mechanism (as provided
by java.util.regex), so that the "{n}" type references pertain to
groups, and ambiguities over whether special characters need to be
matched and end up in groups would disappear.
However, upon reflection I think that this could cause more backwards
compatibility issues than I originally anticipated, so it's probably
not worth pursuing.
Instead, I now wonder whether it would make sense to introduce an
additional level of indirection for the content of the action element
in struts.xml, so the content of action elements that differ in
method only wouldn't have to be repeated (similar to the way that
interceptor-ref works).
Best regards, Jan
--
+- Jan T. Kim -------------------------------------------------------+
| email: j....@uea.ac.uk |
| WWW: http://www.cmp.uea.ac.uk/people/jtk |
*-----=< hierarchical systems are for files, not for humans >=-----*
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
