struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stanlick <stanl...@gmail.com>
Subject Re: REST 2.1.2
Date Thu, 28 Aug 2008 15:20:11 GMT

Thanks Jeromy :jumping:

Have you considered the transparency of the REST URL as it relates to
security and tampering?  Would something like Acegi provide a solution? 
Also, have you considered the likliehood of a user discovering parms that
can be passed and mapped onto your action?  I am getting push back from
folks in security about how Struts 1.X could block this behavior by
including only acceptable parmaters in the ActionForm

Peace,
Scott



Jeromy Evans - Blue Sky Minds wrote:
> 
> stanlick@gmail.com wrote:
>> Has anyone experienced a problem with a trailing front slash being added
>> to
>> the generated URL?
>>
>>   
> 
> I've seen it before. I can't look at my code right now, but I think it's 
> because you have a trailing slash on a property either in struts xml 
> (default namespace?) or in the @Namespace annotation.  CodeBehind 
> doesn't append the paths together correctly; it just assumes they can be 
> concatenated.
> 
> Now I think about it, I recall rewrting that bit of codebeind. There may 
> be a fix in 2.1.3-SNAPSHOT, but it's possible I never committed though 
> and just removed the unexpected /.  I remember being very annoyed with it.
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/REST-2.1.2-tp19199057p19202842.html
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message