>
>When was this introduced? I must've missed it...argh..
>
>What does this give that the above solution doesn't give? It seems as
>though this is a serious security issue since a user can tweak the URI to
>get to data which should usually not be possible. Not good.
>
I don't think that behaviour is there....
Let's release 1.0 , freeze and branch.... I need to commit a whole bunch of
stuff that I can't do at this point. Among these commits is a new
ServletDispatcher which handles "view plug-ins" , so you have
RedirectViewProcessor and ServletViewProcessor and ActionChainProcessor, the
latter being to execute another action without going through the servlet
engine.
This is all controlled from actions.xml ... now actions.xml also supports
string interpolation, so you can say something like,
<property name="shop" value="/shop"/>
<property name="checkout" value="${shop}/checkout"/>
<action name="checkout.ShippingAddressAction" login-required="true">
<command name="default" alias="shipping-address">
<view name="success">${checkout}/shippingAddress.vm</view>
</command>
<command name="setPickupLocation" alias="set-pickup-location">
<view name="success">redir://checkout.qsp</view>
</command>
<command name="setAddress" alias="set-shipping-address">
<view name="success">redir://checkout.qsp</view>
</command>
<command name="addAddress" alias="add-shipping-address">
<view name="success">redir://checkout.qsp</view>
<view name="input">${checkout}/shippingAddress.vm</view>
</command>
<command name="browseAddress" alias="modify-shipping-address">
<view name="success">${checkout}/edit-shipping-address.vm</view>
<view name="input">${checkout}/edit-shipping-address.vm</view>
<view name="error">${checkout}/edit-shipping-address.vm</view>
</command>
<command name="updateAddress" alias="update-shipping-address">
<view name="success">redir://shipping-address.qsp</view>
<view name="input">${checkout}/edit-shipping-address.vm</view>
<view name="error">redir://shipping-address.qsp</view>
</command>
<command name="deleteAddress" alias="delete-shipping-address">
<view name="success">redir://shipping-address.qsp</view>
<view name="input">redir://shipping-address.qsp</view>
<view name="error">redir://shipping-address.qsp</view>
</command>
</action>
The redir:// is mapped to "RedirectViewProcessor" which then transfers
control to the redirected page. And you don't expose Redirect.action to
anyone, since it's all internal.
Cheers,
/V
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.;
_______________________________________________
Webwork-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webwork-user
