If your action names have slashes in them (for example,
If Wildcard Method mapping uses a "
The Wildcard Method feature is implemented differently. When a Wildcard Method action is invoked, the framework acts as if the matching action had been hardcoded in the configuration. The framework "believes" it's executing the action
Category!create and "knows" it is executing the
create method of the corresponding Action class. Accordingly, we can add for a Wildcard Method action mapping its own validations, message resources, and type converters, just like a conventional action mapping. For this reason, the Wildcard Method is preferred.
In Struts 2.3, an option was added to restrict the methods that DMI can invoke. First, set the attribute
strict-method-invocation="true" on your
<package> element. This tells Struts to reject any method that is not explicitly allowed via either the
method attribute (including wildcards) or the
<allowed-methods> tag. Then specify
<allowed-methods> as a comma-separated list of method names in your
<action>. (If you specify a
method attribute for your action, you do not need to list it in
Note that you can specify
<allowed-methods> even without
strict-method-invocation. This restricts access only for the specific actions that have
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.3//EN" "http://struts.apache.org/dtds/struts-2.3.dtd"> <struts> <constant name="struts.enable.DynamicMethodInvocation" value="true"/> <package name="default" extends="struts-default" strict-method-invocation="true"> <action name="index" class="org.apache.struts2.examples.actions.Index"> <result name="success" type="redirectAction">hello</result> </action> <action name="hello" class="org.apache.struts2.examples.actions.HelloAction"> <result name="success">/WEB-INF/content/hello.jsp</result> <result name="redisplay" type="redirectAction">hello</result> <allowed-methods>add</allowed-methods> </action> </package> </struts>
Strict DMI doesn't work with the Convention Plugin yet!
If the class attribute in an action mapping is left blank, the
com.opensymphony.xwork2.ActionSupport class is used as a default.
It's important to put a "catchall" wildcard mapping like this at the end of your configuration so it won't attempt to map every request!