On Tue, Jun 23, 2009 at 09:03:22AM -0400, Wes Wannemacher wrote: > On Tue, Jun 23, 2009 at 8:50 AM, Jim Kiley<jhki...@summa-tech.com> wrote: > [...] > > From a philosophical perspective, though -- no clue, I don't have a lot of > > insight into why the devs make all the decisions they make. > > > [...] > > The decisions I make are usually heavily weighted by how impressed > girls will be :) > > I would go against adding security via exceptions thrown by a > constructor. In the default ObjectFactory for xwork, the flow for > creating instances of classes is pretty easy to follow. The exception > handling is deferred to callers (as evidenced by the various "throws > Exception" qualifiers on the methods). The main reason I would be > against it is that you aren't the one calling "new" on the classes. I > can appreciate what you are trying to do, so file a JIRA and when we > have time to investigate, we could probably implement it, but to solve > your problem, the best bet is an interceptor.
I (again) agree that an interceptor is more suited for security. I'm undecided whether this is an issue suitable for a JIRA, it's more that based on the documentation on Exception Configuration [http://struts.apache.org/2.0.14/docs/exception-configuration.html], I would have anticipated that exceptions would be mapped as configured by exception-mapping elements regardless of whether they're thrown by execute() or by a constructor. My guess is it's more likely this is an issue for documentation, or perhaps it's a (not exceedingly) FAQ. Or perhaps it's just me, as I've only started with struts a few weeks ago. Best regards, Jan -- +- Jan T. Kim -------------------------------------------------------+ | email: j....@uea.ac.uk | | WWW: http://www.cmp.uea.ac.uk/people/jtk | *-----=< hierarchical systems are for files, not for humans >=-----* --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
