JSP pages should be under WEB-INF to avoid direct access; this has been a best practice for years.
Dave On Dec 29, 2010 1:14 AM, "maven apache" <apachemav...@gmail.com> wrote: > Hi: > In my application I first use the chain result type for one > action:"loginSub". > > If login success,user should be taken to the manager page. > This is the core content in struts.xml: > > <package name="default" extends="struts-default" namespace="/"> > ..... > <action name="loginSub" class="com.test.action.LoginAction"> > <result name="success" type="chain"> > <param name="actionName">manager</param> > <param name="namespace">/secure</param> > </result> > <result name="input">/jsp/login.jsp</result> > <result name="error">/jsp/login.jsp</result> > </action> > </package> > > <package name="sec" extends="struts-default" namespace="/secure"> > <action name="manager"> > <result>/jsp/secure/manager.jsp</result> > <result name="input" type="chain"> > <param name="actionName">loginPage</param> > <param name="namespace">/</param> > </result> > </action> > </package> > > It works,when user login,the page will show the content in the > /jsp/secure/manager.jsp. > > However the value in the browser address bar is also something like: > > http://localhost:8080/Test/loginSub.action. > > So once user refresh this page,it will result in a relogin. > > After read the struts2 tutorial,I found the result type of > "redirectAction",it will change the value of the Browser address bar. > I change the "loginSub" action: > > <action name="loginSub" class="com.test.action.LoginAction"> > <..... the authentication interceptor>... > <result name="success" type="redirectAction"> > <param name="actionName">manager</param> > <param name="namespace">/secure</param> > </result> > <result name="input">/jsp/login.jsp</result> > <result name="error">/jsp/login.jsp</result> > </action> > > Now after login,the browser address bar will change to : > > *http://localhost:8080/Test/secure/manager.action* > > Now no matter how frequently user refresh the page,it will not cause a > relogin. > > However I found that I can not get some properties in the LoginAction. > > I have a struts tag in the manager.jsp: > > *<s:property value="userBean.username">* > > Now using the redirectAction result type,I have no idea to get this value. > > Any ideas? > > BWT: > 1)what's the difference between "Dispatcher Result","Redirect > Result","Redirect Action Result" and "Chain Result"? > I read the contents at "....struts.apache.org/2.2.1/docs/result-types.html ",but > I am not exactly sure its meaning. > > 2)My action "manager" is a authentication required action,so I add a > authentication interceptor for them. > > But how about user enter the url directly like this: > * > http://localhost:8080/Test/jsp/secure/manager.jsp?* > > If so ,I do not think the interceptor will work. > > How do you guys slove this problem?
