Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Restrict HTTP requests to 'POST' only in Struts 1.x

Tags:

java

http

struts

Is there a configurable way in Struts 1.x so my action classses are only executed on HTTP 'POST' only.

I understand I can use request.getMethod() within my action class and then do certain 'stuff' based on that.

Regards, Jonathan

like image 423
Jonathan Avatar asked Jun 15 '09 14:06

Jonathan


People also ask

How does Struts action forward work?

An ActionForward represents a destination to which the controller, RequestProcessor, might be directed to perform a RequestDispatcher. forward or HttpServletResponse. sendRedirect to, as a result of processing activities of an Action class.

What's the role of action class in struts?

Action classes act as the controller in the MVC pattern. Action classes respond to a user action, execute business logic (or call upon other classes to do that), and then return a result that tells Struts what view to render.

What is action path in struts config XML?

<action-mappings> path— The path the application maps to the action. For instance, http://localhost/myserver/login.do would call the user login in the example that follows. type— The full package and class of the action needed. name— The name of the <form-bean> element that's used with the action.


2 Answers

You can use your web.xml to define access permissions. This constraint prevents GET requests:

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>struts action servlet</web-resource-name>
      <url-pattern>*.do</url-pattern>
      <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
      <!-- no one! -->
    </auth-constraint>
  </security-constraint>
like image 69
McDowell Avatar answered Sep 20 '22 16:09

McDowell


Here's and idea that is both some programmatic and config solution. You can create a custom ActionMapping...

public class YourPOSTRequiredActionMapping extends ActionMapping { }

... and use in your struts config for the mappings that are POST only.

<action path="/your/path" type="YourAction" className="YourPOSTRequiredActionMapping" />

Then, you could extend the struts RequestProcessor and override processMapping

public class YourRequestProcessor extends RequestProcessor {
    protected ActionMapping processMapping(HttpServletRequest request, HttpServletResponse response, String path) throws IOException {
        ActionMapping mapping = super.processMapping(request, response, path);
        if (mapping instanceof YourPOSTRequiredActionMapping) {
            if (!request.getMethod().equals("POST")) {
                mapping = null;
            }
        }
        return mapping;
    }
}

Make sure to configure your struts config to use YourRequestProcessor.

<controller processorClass="YourRequestProcessor" nocache="true" contentType="text/html; charset=UTF-8" locale="false" />

I based this on some old working code, but I haven't even compiled the sample code above.

like image 34
Kevin Hakanson Avatar answered Sep 21 '22 16:09

Kevin Hakanson