You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@struts.apache.org by Lukasz Lenart <lu...@apache.org> on 2013/11/26 08:16:55 UTC

Re: Security judges

As for now I will rollback my changes regarding this, maybe I will
come back to the idea in 2.3.17


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

2013/10/18 Lukasz Lenart <lu...@apache.org>:
> 2013/10/17 Paul Benedict <pb...@apache.org>:
>> Throw an exception instead. If Struts has a default exception handler,
>> translate the exception into a 403; but the goal is to give the user a
>> chance to customize the response.
>
> That's the problem .... exceptions handling is provided by an
> interceptor, deep in execution chain and checking security at that
> level can be too late :\
>
> Right now I have added SecurityGate directly into Dispatcher and it
> will block the whole request if something suspicious will be
> discovered - and added two SecurityGuards, but they don't perform the
> real check now. They're there just to show the idea. Please review if
> it makes sense.
>
> https://issues.apache.org/jira/browse/WW-4227
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org