I have the following actions defined in my struts.xml
<action name="Search" method="prepareLookUpvalues" class="com.mycompany.actions.FrSearchAction">
<result name="success" type="tiles">search.layout</result>
</action>
<action name="List" class="com.mycompany.actions.FrSearchAction">
<result name="success" type="tiles">results.layout</result>
<result name="input" type="tiles">search.layout</result>
</action>
<action name="SearchDetails" class="com.mycompany.actions.FrSearchDetailsAction">
<result name="success" type="tiles">details.layout</result>
</action>
<action name="Logoff" class="com.mycompany.actions.LogoffAction" >
<result name="success" type="tiles">logoff.layout</result>
</action>
Assuming that a user goes directly to my page home http://localhost:8080/fr/Search.action everything works OK, but it has been discovered hat some users are accessing http://localhost:8080/fr/List.action directly without first going to the search page which is causing problems.
When a user goes to the search page and enters criteria and submits, it is only then that the "List" action should be called via the struts form's action attribute. I basically want to stop users from being able to access the "List", "SearchDetails", and "Logoff" actions directly unless those actions are invoked from my JSPs or code.
I'm new to maintaining/developing Struts2 applications and I haven't found clear answers to this. Any suggestions would be greatly appreciated!
There's a few details missing so the answer will be a bit vague, but the list action probably pulls values from a form submission to search? Or pulls state from session? Or...?
Anyways, however that may be stored, simply check and then redirect the user to Search if the state is not set as expected.
For details on doing redirects in struts2, see, for e.g. http://www.roseindia.net/struts/struts2/actions/struts-2-redirect-action.shtml
This isn't an elegant solution but you could try checking for the referer to see who called the action. You action class will need to implement ServletRequestAware.
String referrer = request.getHeader("referer");
if (referrer.equals("http://localhost:8080/fr/Search.action")) {
// do the action
} else {
// handle unwanted access
}
Remember that the referer is a client-controlled value and can be spoofed or removed.
Related
I am writing an application using struts2. I am facing a problem in the login part. When a login is performed,it will redirect to the index.jsp page.Now the problem arises. The problem is when after loggin in, index.jsp is reloaded, browser asks me resend data. I dont know why it is happening?
here is my struts.xml code for authenticate action:-
<action name="authenticate" class="com.action.LoginAction">
<result name="success">index.jsp</result>
<result name="failure">loginerror.jsp</result>
</action>
and here is code for the login action class:-
public String execute() {
if(sessionMap.containsKey("project_user")){
return "success";
}
Project_User project_User=Login.checkCredentials(email_id,password);
if(project_User!=null) {
sessionMap.put("project_user", project_User);
return "success";
} else
return "failure";
}
also when index.jsp comes, the url area of browser remians unchanged, the link in url field of browser still shows the action name like:- localhost:8084/Tek-Hub/authenticate/
if anyone knows about it plzzz help me.
Thanxx
You need to use a pattern named PRG (Post / Redirect / Get).
This way, a second request will be performed when executing the first action result (because of the redirection), and a refresh of the landing page (eg. pressing F5) will hit the second action (the GET one), instead of the login action (the POST one).
Change this:
<action name="authenticate" class="com.action.LoginAction">
<result name="success">index.jsp</result>
<result name="failure">loginerror.jsp</result>
</action>
to this:
<action name="authenticate" class="com.action.LoginAction">
<result name="success" type="redirectAction">index.action</result>
<result name="failure">loginerror.jsp</result>
</action>
<action name="index" class="com.action.IndexAction">
<result name="success">index.jsp</result>
</action>
On a button click, I am adding an object using struts 2 actions and that action is redirected to the same page on which retrieval of the object is done.
The object which I am adding is getting saved into the database immediately after the button click. But when redirection is happening it is not getting reflected at the same time. Instead when I again load that page through the sidebar buttons (with struts action), that object which I added previously, is coming.
I am not getting why it is happening and what should I do to resolve this issue.
UI of that page:-
Image Shows the UI on which plus icon has the functionality to add a complete row (an object is getting added in back-end)
struts.xml
<action name="AddCategory" class="Action.GoalSheetAction" method="AddCategoryy">
<result name="Success" type="redirectAction">
<param name="actionName">EditGoalSheet</param>
</result>
</action>
<action name="EditGoalSheet" class="Action.GoalSheetAction" method="EditGoalSheet">
<result name="Success">/employee/GoalSheet.jsp</result>
<result name="input">/employee/GoalSheet.jsp</result>
</action>
I found the solution for my problem.
Wherever I was using .equals to equate the objects, I replaced that with == and the problem is solved. Also I did some modifications in my struts.xml.
I added <param> with all the redirect actions I was using.
In plain old servlets I can use doGet and doPost methods. Where in doGet i'm forwarding user to some page and in doPost i'm proccessing data entered from the page that I gave. That all happening in one servlet.
But the Struts2 works on Front Controller pattern and instead doGet/doPost I have only execute method. So how can I properly give user some page, so then he can see it, enter data, submit and application as result proccess it in execute ?
From what I know I have two options (example on registration form):
Map page to another url:
<action name="register_display">
<result name="success" type="dispatcher">register.jsp</result>
</action>
<action name="register"
class="magazine.action.client.RegisterClientAction"
method="execute">
<result name="success" type="redirectAction">/index</result>
<result name="error" type="redirectAction">register_display
</result>
</action>
Create whole package named display and place there all view from which POST can be performed:
<package name="display" namespace="/display" extends="struts-default">
<action name="register">
<result name="success" type="dispatcher">register.jsp</result>
</action>
...
</package>
Is there any other options ? Which one is prefered ?
In the standard Struts2 style, an Action class has only one work method, this is the execute method. However, you do not necessary have to follow this. You can define multiple actions in a single Action class.
For example you make a GET request to users, which is handled in the default execute method of UsersAction.
#Override
public String execute() {
// fetch the list of users
return SUCCESS;
}
Let's suppose you would like to add a new user in this same action, by POSTing to user_add. So you define an add method:
public String add() {
// add the user
return SUCCESS;
}
The struts.xml would look similar to this:
<package name="users" extends="defaultPackage">
<action name="users" class="com.example.UsersAction">
<result>users.jsp</result>
</action>
<action name="user_add" class="com.example.UsersAction" method="add">
<result type="redirect">users</result>
</action>
</package>
In your scenario, you would render your page, which the user should see after the run of the (maybe empty) execute method. Then, you would make the post request, which would be mapped to the other method of the Action class.
I have a slight problem with forwarding using Struts.
Now when users accessing my page like this -> http://mypage/
they are automatically forwarded to /index.jsp.
But I'd also like to have index.jsp to be linked to name "sg".
So when they access page like this :
http://mypage/ > they will be forwarded to http://mypage/sg
which is http://mypage/index.jsp.
As I've already mentioned above I'm using Struts to handle all these action. The below example is what I have in my struts.xml file. But it's working rather partially. When I access the page as stated above I'm getting redirected to http://mypage/sg and it also gives me 404 - Not Found.
However when I try manually accessing the url (http://mypage/sg), it works perfectly.
<package name="index" namespace="/" extends="default">
<action name="">
<result>/sg</result>
</action>
<action name="/sg">
<result>/index.jsp</result>
</action>
</package>
When I access the page as stated above I'm getting redirected to http://mypage.com/sg and it also gives me 404 - Not Found.
Answer :
If you want to call another action as result of one action then you need to mention attribute type of result tag
<action name="">
<result type="redirect">/sg</result>
</action>
This will redirect to action sg.
The redirect result type:
The redirect result type calls the standard response.sendRedirect() method, causing the browser to create a new request to the given location.
I'm working on a little project which uses Struts 1.3 and I encountered the following problem.
After some business logic takes place in an Action i want to forward the control to another Action which is mapped in struts-config.xml.
Usually this is the way I'm solving this:
struts-config.xml
<action path="/boardCreate" type="com.example.BoardCreateAction" name="BoardCreateForm" input="/board.jsp">
<forward name="success" path="/board.do" redirect="true" />
</action>
Java action class
return mapping.findForward("success");
This will take make a redirect to the board.do action which is also mapped there.
My problem is that I want to redirect the control to something like:
<forward name="success" path="/board.do?id=1" redirect="true" />
Notice the id=1 parameter. Is this any other way except rebuilding my own action forward for this? I can't find any documentation debating this matter. Thanks!
ActionRedirect redirect = new ActionRedirect(mapping.findForward("success"));
redirect.addParameter("id", theId);
return redirect;
See http://tool.oschina.net/uploads/apidocs/struts-1.3.10/org/apache/struts/action/ActionRedirect.html