Re: Only call actions from certain forms

2009-01-24 Thread Andy Sykes
Doh. I was being very stupid - I looked in the XWork source and realised it's really straightforward. I'm blaming this one of lack of sleep :) Cheers, Andy. On 25 Jan 2009, at 01:25, Wes Wannemacher wrote: On Saturday 24 January 2009 20:17:49 Andy Sykes wrote: Actually, having an intercept

Re: Only call actions from certain forms

2009-01-24 Thread Wes Wannemacher
On Saturday 24 January 2009 20:17:49 Andy Sykes wrote: > Actually, having an interceptor makes some sense in this case. > > How can interceptors "short circuit" the stack and action to return a > result code? The ideal situation here would be that the "protector" > interceptor is above the validati

Re: Only call actions from certain forms

2009-01-24 Thread Andy Sykes
Actually, having an interceptor makes some sense in this case. How can interceptors "short circuit" the stack and action to return a result code? The ideal situation here would be that the "protector" interceptor is above the validation interceptor, checks for the form token, and chucks an

Re: Only call actions from certain forms

2009-01-24 Thread Dave Newton
Andy Sykes wrote: Cheers for the suggestions - I guess I was just looking for a sanity check from the list. It seems reasonable to me--the functionality *could* be wrapped up in an interceptor, which might be marginally cleaner, but it's one of those judgment calls that in real life I probabl

Re: Only call actions from certain forms

2009-01-23 Thread Andy Sykes
Hi all, Cheers for the suggestions - I guess I was just looking for a sanity check from the list. My current method (almost exactly the same as below) is to check a choice form field for null in the validateXXX() method - this is the case when you call the action without POST from a form.

Re: Only call actions from certain forms

2009-01-23 Thread Dave Newton
Andy Sykes wrote: My forms all submit to a different action than that which renders the pages. Is there a recommended way to prevent/mitigate the effect of users directly calling the actions (via their URL) that forms are submitted to? In this case, the actions' fields are null, which is some

Re: Only call actions from certain forms

2009-01-23 Thread Wes Wannemacher
Martin, I could be reading his question wrong, but I think he is trying to limit POSTs/GETs of his actions so that they only come from the JSPs that he intends. This is a harder problem than it seems. My gut response was to tell him to check out HDIV, but I'm not sure whether that is built-in f

RE: Only call actions from certain forms

2009-01-23 Thread Martin Gainty
I can think of 2 security implementations: 1)Portlets (Jetspeed or Plumtree comes to mind) 2)implement either JNDI/JDBC/or MemoryRealm http://tomcat.apache.org/tomcat-4.1-doc/catalina/funcspecs/fs-memory-realm.html HTH Martin __ Disclaimer and confide