Right now we are using Struts 2.5 and I have Dynamic Method Invocation=true
in Struts configuration file .
And i have action mappings as below.
<action name="action name" class="action class"
<result name="view" type="redirectAction"></result>
<allowed-methods>
view,modify,delete,duplicate
</allowed-methods>
</action>
To remediate App-sec finding i have to set Dynamic Method Invocation to false
.
I have set Dynamic Method Invocation value="false"
. Now allowed methods are not working.
I did specify multiple actions with methods, it did not work as well. It is calling default reset
and process
method from the Action
class instead the specified method.
I have read that for allowed-methods
to work we have to have Dynamic Method Invocation set to true
?
How do i call multiple methods with the same action with disabling Dynamic Method Invocation?
If DMI is turned off you cannot invoke methods dynamically; that's the point of turning it off.
You can use Strict Method Invocation to explicitly allow methods; SMI is enabled by default.
You can't have it both ways--DMI is either enabled, or not.