If you use struts.mapper.action.prefix.enabled to enable action: prefix support are you opening up a security whole? What is the liability?
On Fri, Oct 18, 2013 at 12:28 PM, Lukasz Lenart <lukaszlen...@apache.org>wrote: > 2013/10/18 Emi Lu <em...@encs.concordia.ca>: > > Good morning, > > > > > > Tried the new version15.3, but failed: > > > > login() method is not called at all. > > > > (1) login.jsp > > ================ > > <s:submit value="Login" > > theme="simple" > > action="loginProcessLoginAction" /> > > Struts 2.3.15.3 disables support for action: prefix by default [1], to > enable it you must set struts.mapper.action.prefix.enabled to true. > Instead action: you can use method: prefix (but you must enable > struts.enable.DynamicMethodInvocation to true [2]) > > [1] http://struts.apache.org/release/2.3.x/docs/s2-018.html > [2] http://struts.apache.org/release/2.3.x/docs/s2-019.html > > > Regards > -- > Ćukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
