This content has been marked as final.
Show 1 reply
-
1. Re: Struts <Forward> - Bypass Security?
kinakuta Oct 15, 2002 11:37 AM (in response to lordlobster)Yes this is as Servlet Specification , bit of a flaw if you ask me...
"The security model applies to the static content part of the web application and to servlets within the application that are requested by the client. The security model does not apply when a servlet uses the RequestDispatcher to invoke a static resource or servlet using a forward or an include."
Bobby