I'm just trying to hide all the technical details from the user. Nobody
should attempt to bookmark a page using the Action.do
even if it's technically not possible (when using a filter).
Regards,
Peter
Daniel Perry schrieb:
What exactly is it that you're trying to stop people accessing/doing?
Daniel.
-----Original Message-----
From: Peter Neu [mailto:[EMAIL PROTECTED]
Sent: 10 November 2004 14:24
To: Struts Users Mailing List
Subject: Re: Hiding Url File Parameters
OK. Then I will have rely on the filter mechanism
defined in the web.xml.
Regards,
Peter
In short no.
To execute a struts action, the browser MUST make an HTTP request. This
request MUST specify an object (in HTTP context) to retrieve.
There is no
way to fully hide this url. It can appear to be achieved using
a frameset
with one frame 100%x100% - only the frameset url is shown in the browser.
You can also not use .do - set the servlet mapping to anything
you want - i
believe that you can even use .html as the extension.
Whatever you do will only be effective at hiding it from people
in general -
anyone who knows about HTTP (eg hackers) can manually make the
requests and
get round this, so really there is no advantage to hiding the url in the
first place.
Daniel.
-----Original Message-----
From: Peter Neu [mailto:[EMAIL PROTECTED]
Sent: 09 November 2004 19:02
To: Struts Users Mailing List
Subject: Re: Hiding Url File Parameters
Thanks that definitely solved the problem.
Is there also a way to get rid of the Action.do ?
Regards,
Swen
Daniel Perry schrieb:
Yep,
Change your code to:
nextPage = mapping.findForward("struts");
and change the forward to:
<forward name="struts" path="/WEB-INF/struts.jsp" redirect="false"
contextRelative="true"/>
Note if you dont want a lot of mess in WEB-INF, put them in a
folder ie jsps
and use /WEB-INF/jsps/struts.jsp
Hope that helps,
Daniel.
-----Original Message-----
From: Peter Neu [mailto:[EMAIL PROTECTED]
Sent: 09 November 2004 17:55
To: Struts Users Mailing List
Subject: Re: Hiding Url File Parameters
OK. I tried this :
nextPage = new ActionForward(mapping.findForward("struts").getPath(),
false); // set the flag to false
and put the JSP's into the WEB-INF folder.
When I tried to call the ActionClass the following error occured :
java.lang.IllegalArgumentException: Path struts.jsp does not
start with a "/" character
org.apache.struts.action.RequestProcessor.doForward(RequestProcess
or.java:1062)
org.apache.struts.action.RequestProcessor.processForwardConfig(Req
uestProcessor.java:455)
org.apache.struts.action.RequestProcessor.process(RequestProcessor
.java:279)
org.apache.struts.action.ActionServlet.process(ActionServlet.j
ava:1482)
org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
Here is the definition of the Action which is explicitly called
and which causes the error:
<action path="/postHv"
input="struts.jsp"
name="postHvForm"
scope="request"
validate="true"
type="pack.servlets.PostHv">
<forward name="struts" path="struts.jsp" />
</action>
Do you have any idea what I did wrong ?
Regards,
Peter
Daniel Perry schrieb:
So you have an action, which forwards to a jsp page, and you
dont want the
users to see the blah.jsp?
Just set redirect to false. This causes it to forward the request
internally without sending a browser redirect. The jsp will be
processed,
and return the result to the browser, but as far as the browser
is concerned
it will look like its come from the action.
One method of 'hiding' jsps is to put them in the WEB-INF
directory, and use
forwards (not redirects) as this way the client CANNOT
access the jsps
directly.
Daniel.
-----Original Message-----
From: Peter Neu [mailto:[EMAIL PROTECTED]
Sent: 09 November 2004 16:41
To: Struts Users Mailing List
Subject: Re: Hiding Url File Parameters
Hello Joe,
the value of the redirect flag is true since I cannot forward when
it is set to false. I thought this was the regular way to forward
from one jsp-page to another.
Isn't there any other option how I can do the forward and
keep the file-name of the jsp-page out of the URL ?
Best Regards,
Peter
Joe Germuska schrieb:
At 4:03 PM +0100 11/9/04, Peter Neu wrote:
Hello,
How can I manipulate the URL-Mapping in the
web.xml /struts-config.xml in order to hide
the filenames when I use the ActionForward in an ActionServlet?
Currently the URL displays all the files which I forward to.
Before I posted this message I looked through the mail archieve
but I only found some suggestions using JScript which I would like
to keep out of my application as much as possible.
Are you returning an ActionForward which has a 'true' value for its
redirect property? In this case, the answer is "no."
Otherwise, you could have a Struts action read the file from the
filesystem and write the bytes to the response. This
would hide the
true file name.
Joe
------------------------------------------------------------
---------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
