在練習動態方法呼叫DMI（Dynamic Method Invoke）時，按照書上的配置（Struts2.2.1）struts.xml檔案，執行時總提示找不到Action。查看了下struts2.5.10包裡的文件有關DMI的部分，說是考慮到安全問題，預設是關閉DMI的，也建議使用者關掉DMI。

參見docs\docs\action-configuration.html
1、Dynamic Method Invocation
For Struts 2, we added a switch to disable DMI for two reasons. First, DMI can cause security issues if POJO actions are used. Second, DMI overlaps with the Wildcard Method feature that we brought over from Struts 1 (and from Cocoon before that). If you have security concerns, or would like to use the “!” character with Wildcard Method actions, then set struts.enable.DynamicMethodInvocation

to FALSE in the application configuration.

The framework does support DMI, but there are problems with way DMI is implemented【什麼意思呢？】. Essentially, the code scans the action name for a “!” character, and finding one, tricks the framework into invoking the other method instead of execute. The other method is invoked, but it uses the same configuration as the execute method, including validations. The framework “believes” it is invoking the Category action with the execute method.

The Wildcard Method feature is implemented differently. When a Wildcard Method action is invoked, the framework acts as if the matching action had been hardcoded in the configuration. The framework “believes” it’s executing the action Category!create and “knows” it is executing the create method of the corresponding Action class. Accordingly, we can add for a Wildcard Method action mapping its own validations, message resources, and type converters, just like a conventional action mapping. For this reason, the Wildcard Method is preferred.

【推薦使用萬用字元方式】

2、Strict DMI
In Struts 2.3, an option was added to restrict the methods that DMI can invoke. First, set the attribute strict-method-invocation="true" on your <package> element. This tells Struts to reject any method that is not explicitly allowed via either the method attribute (including wildcards) or the <allowed-methods> tag. Then specify <allowed-methods> as a comma-separated list of method names in your <action>. (If you specify a method attribute for your action, you do not need to list it in <allowed-methods>.)

Note that you can specify <allowed-methods> even without strict-method-invocation. This restricts access only for the specific actions that have <allowed-methods>.

也就是從2.3版本起，為安全起見，執行了嚴格的DMI限制，所有未知的方法將不被執行。只有應用所有者允許的方法才允許執行，這些方法在Action下的 <allowed-methods>標籤內定義。

<!-- struts.xml頭配置 --> 
<?xml version="1.0" encoding="UTF-8"?>  
<!DOCTYPE struts PUBLIC  
            "-//Apache Software Foundation//DTD Struts Configuration 2.5//EN"  
    "http://struts.apache.org/dtds/struts-2.5.dtd">  
     <!-- struts.xml中Action配置 -->  
    <package name="loginPack" extends="struts-default">
        <action name="*Action" class="yu.j2ee.ch03.LoginAction" method="{1}">
            <!-- <result name="input">/login.jsp</result>-->
            <result name="error">/Log/error.jsp</result>
            <result name="success">/Log/welcome.jsp</result>
            <result name="regist">/Log/regist.jsp</result>
            <allowed-methods>regist,login</allowed-methods>
        </action>
    </package>

即使將DMI設定為false，上面的配置也能奏效。所以方法需要在<allowed-methods>才是關鍵

<constant name="struts.enable.DynamicMethodInvocation" value="false" />