[ https://issues.apache.org/jira/browse/WW-4963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16658838#comment-16658838 ] 

ASF subversion and git services commented on WW-4963:
-----------------------------------------------------

Commit f59860026c890f0e2dcc3edea8a41f0e989027f9 in struts's branch refs/heads/master from [~lukaszlenart]
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=f598600 ]

WW-4963 Implements new PortletPreferencesAware interface
that uses withPortletPreferences instead of setPortletPreferences


> Implement new Aware interfaces that are using withXxxx pattern instead of setters
> ---------------------------------------------------------------------------------
>
>                 Key: WW-4963
>                 URL: https://issues.apache.org/jira/browse/WW-4963
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Actions
>            Reporter: Lukasz Lenart
>            Assignee: Lukasz Lenart
>            Priority: Major
>             Fix For: 2.6
>
>
> In matter of security I wonder if we should stop using setters in internal API. Like in {{SessionAware}} interface we use {{setSession()}} and each actions must implement this method. Then we have a logic to avoid mapping incoming values to {{setSession()}} to permit injecting values into Session.
> Instead of {{setSession()}} we can use {{withSession()}} or {{applySession()}} - the same can be applied to any *Aware interface.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)