You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Don Brown (JIRA)" <ji...@apache.org> on 2007/12/09 13:09:33 UTC

[jira] Created: (WW-2363) Allow limiting of action methods

Allow limiting of action methods
--------------------------------

                 Key: WW-2363
                 URL: https://issues.apache.org/struts/browse/WW-2363
             Project: Struts 2
          Issue Type: New Feature
          Components: XML Configuration
    Affects Versions: 2.1.0
            Reporter: Don Brown
             Fix For: 2.1.1


Struts should allow developers to limit the methods that can be called on an action.  Currently, any public, no-arg method can be executed by the user.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (WW-2363) Allow limiting of action methods

Posted by "Don Brown (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/struts/browse/WW-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Don Brown updated WW-2363:
--------------------------

    Fix Version/s:     (was: 2.1.x)
                   2.1.3

> Allow limiting of action methods
> --------------------------------
>
>                 Key: WW-2363
>                 URL: https://issues.apache.org/struts/browse/WW-2363
>             Project: Struts 2
>          Issue Type: New Feature
>          Components: XML Configuration
>    Affects Versions: 2.1.0
>            Reporter: Don Brown
>             Fix For: 2.1.3
>
>
> Struts should allow developers to limit the methods that can be called on an action.  Currently, any public, no-arg method can be executed by the user.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (WW-2363) Allow limiting of action methods

Posted by "James Holmes (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/struts/browse/WW-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=43977#action_43977 ] 

James Holmes commented on WW-2363:
----------------------------------

I like this feature and definitely think it will be more necessary (from a security standpoint) as more applications move to convention over configuration. I've had a good deal of experience using Musachy's S2 JSON plugin and it has an excludeProperties parameter. That is useful, but an includeProperties parameter is desparately needed to cut down on the amount of configuration data. That said, I think allow and deny parameters should both be supported (similar to typical networking configuration).

> Allow limiting of action methods
> --------------------------------
>
>                 Key: WW-2363
>                 URL: https://issues.apache.org/struts/browse/WW-2363
>             Project: Struts 2
>          Issue Type: New Feature
>          Components: XML Configuration
>    Affects Versions: 2.1.0
>            Reporter: Don Brown
>             Fix For: 2.1.x
>
>
> Struts should allow developers to limit the methods that can be called on an action.  Currently, any public, no-arg method can be executed by the user.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (WW-2363) Allow limiting of action methods

Posted by "Don Brown (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/struts/browse/WW-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Don Brown updated WW-2363:
--------------------------

    Fix Version/s:     (was: 2.1.1)
                   2.1.x

Moving off 2.1.1 as it needs more discussion

> Allow limiting of action methods
> --------------------------------
>
>                 Key: WW-2363
>                 URL: https://issues.apache.org/struts/browse/WW-2363
>             Project: Struts 2
>          Issue Type: New Feature
>          Components: XML Configuration
>    Affects Versions: 2.1.0
>            Reporter: Don Brown
>             Fix For: 2.1.x
>
>
> Struts should allow developers to limit the methods that can be called on an action.  Currently, any public, no-arg method can be executed by the user.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (WW-2363) Allow limiting of action methods

Posted by "Don Brown (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/struts/browse/WW-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_42798 ] 

Don Brown commented on WW-2363:
-------------------------------

At this point, the ability to limit methods is in the Struts and XWork code, but it isn't exposed to the user in any real way.  The next step will probably be to update the XML configuration somehow to allow the specification of allowed methods, and we'll want to add the feature to the codebehind plugin as well.

> Allow limiting of action methods
> --------------------------------
>
>                 Key: WW-2363
>                 URL: https://issues.apache.org/struts/browse/WW-2363
>             Project: Struts 2
>          Issue Type: New Feature
>          Components: XML Configuration
>    Affects Versions: 2.1.0
>            Reporter: Don Brown
>             Fix For: 2.1.1
>
>
> Struts should allow developers to limit the methods that can be called on an action.  Currently, any public, no-arg method can be executed by the user.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Assigned: (WW-2363) Allow limiting of action methods

Posted by "Don Brown (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/struts/browse/WW-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Don Brown reassigned WW-2363:
-----------------------------

    Assignee: Don Brown

> Allow limiting of action methods
> --------------------------------
>
>                 Key: WW-2363
>                 URL: https://issues.apache.org/struts/browse/WW-2363
>             Project: Struts 2
>          Issue Type: New Feature
>          Components: XML Configuration
>    Affects Versions: 2.1.0
>            Reporter: Don Brown
>            Assignee: Don Brown
>             Fix For: 2.2.x
>
>
> Struts should allow developers to limit the methods that can be called on an action.  Currently, any public, no-arg method can be executed by the user.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (WW-2363) Allow limiting of action methods

Posted by "Don Brown (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/struts/browse/WW-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Don Brown updated WW-2363:
--------------------------

    Fix Version/s:     (was: 2.1.3)
                   2.2.x

This feature is almost done, but I'm moving it to 2.2 as it shouldn't hold up a 2.1 GA release.

> Allow limiting of action methods
> --------------------------------
>
>                 Key: WW-2363
>                 URL: https://issues.apache.org/struts/browse/WW-2363
>             Project: Struts 2
>          Issue Type: New Feature
>          Components: XML Configuration
>    Affects Versions: 2.1.0
>            Reporter: Don Brown
>             Fix For: 2.2.x
>
>
> Struts should allow developers to limit the methods that can be called on an action.  Currently, any public, no-arg method can be executed by the user.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (WW-2363) Allow limiting of action methods

Posted by "Don Brown (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/struts/browse/WW-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_42797 ] 

Don Brown commented on WW-2363:
-------------------------------

This issue is related to these XWork issues:
http://jira.opensymphony.com/browse/XW-595
http://jira.opensymphony.com/browse/XW-594

> Allow limiting of action methods
> --------------------------------
>
>                 Key: WW-2363
>                 URL: https://issues.apache.org/struts/browse/WW-2363
>             Project: Struts 2
>          Issue Type: New Feature
>          Components: XML Configuration
>    Affects Versions: 2.1.0
>            Reporter: Don Brown
>             Fix For: 2.1.1
>
>
> Struts should allow developers to limit the methods that can be called on an action.  Currently, any public, no-arg method can be executed by the user.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (WW-2363) Allow limiting of action methods

Posted by "Musachy Barroso (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/struts/browse/WW-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=45071#action_45071 ] 

Musachy Barroso commented on WW-2363:
-------------------------------------

Don, what is missing to get this done? This would be very nice to have for 2.1

> Allow limiting of action methods
> --------------------------------
>
>                 Key: WW-2363
>                 URL: https://issues.apache.org/struts/browse/WW-2363
>             Project: Struts 2
>          Issue Type: New Feature
>          Components: XML Configuration
>    Affects Versions: 2.1.0
>            Reporter: Don Brown
>            Assignee: Don Brown
>             Fix For: 2.2.x
>
>
> Struts should allow developers to limit the methods that can be called on an action.  Currently, any public, no-arg method can be executed by the user.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.