Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Why does using RequestMap allow delete for unauthorized users?

delete unauthorized Users
0
Posted

Why does using RequestMap allow delete for unauthorized users?

0 CommentsAdd a Comment

1 Answer

0

First ReadThe problem with delete is due to the actionSubmit in the generated GSPs. This is a way of putting multiple submit buttons in one form, each sending the action name as a parameter so the controller can figure out which to use. Unfortunately it posts to the ‘index’ action, so URL-based security doesn’t work for this case. There are two options – rework the two buttons to be regular submit buttons each in its own with ‘action’ set to the real action being used, or use annotations.

0 CommentsAdd a Comment
What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123