Re: Action mapping documentation (and a security question)

2009-06-28 Thread musomesa
If you lecture your developers to be aware that any public method becomes fair game the security concern might be mitigated but you still have a maintainability issue. With explicit configuration someone inheriting the code can easily figure out how an action method is used by looking at annot

Re: Action mapping documentation (and a security question)

2009-06-28 Thread Dave Newton
Jan T. Kim wrote: (2) Isn't encoding methods in action name suffixes like this a potential security issue? So, are wildcards useful for development but have to be expanded before putting a system to production use? The only security issue I'm aware of is if the developer exposes unwanted be

Re: Action mapping documentation (and a security question)

2009-06-28 Thread Jan T. Kim
On Sun, Jun 28, 2009 at 08:15:43AM -0400, Dave Newton wrote: > Jan T. Kim wrote: > >(1) Where is the documentation of this wildcard syntax? > > http://struts.apache.org/2.x/docs/wildcard-mappings.html > http://struts.apache.org/2.x/docs/action-configuration.html#ActionConfiguration-WildcardMethod

Re: Action mapping documentation (and a security question)

2009-06-28 Thread Dave Newton
Jan T. Kim wrote: (1) Where is the documentation of this wildcard syntax? http://struts.apache.org/2.x/docs/wildcard-mappings.html http://struts.apache.org/2.x/docs/action-configuration.html#ActionConfiguration-WildcardMethod Although the underscore thing is mentioned I don't think it's explic

Action mapping documentation (and a security question)

2009-06-28 Thread Jan T. Kim
Hi All, In the "Validating Input" section of the "Bootstrap" tutorial, I've noticed the action mapping syntax ... which the tutorial suggests as a shorthand for configuring ... ... I have two questions about this: (1) Where is the documentation

Re: How to correct this syntax for multiple submit buttons?

2009-06-28 Thread Paweł Wielgus
Hi Sam, remove "submit" word. Best greetings, Paweł Wielgus. 2009/6/27 Sam Wun : > Hi, > > here are the offending lines in my jsp file: > > > /> > > > Errors on console: > > org.apache.jasper.JasperException: > /html/portlet/onlinepayment_portlet/sign_in.jsp(110,18) equal symbol > expected > o