Get your CodeRanch badge!*
The moose likes Struts and the fly likes How are Struts action forms stored? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "How are Struts action forms stored?" Watch "How are Struts action forms stored?" New topic
Author

How are Struts action forms stored?

Arun
Ranch Hand

Joined: Oct 03, 2003
Posts: 40
Hello,
I have an action mapping that defines a form with name="abcForm" and says scope="session". I would like to know how struts saves this form in the session.

I assume it is stored as an attribute. Is it stored under some simple key like the form name? If so, then if I do a session.setAttribute("abcForm", someObj) will that overwrite the form bean that struts has stored in the session??

I am trying to know the answer to see if a user could accidentally overwirte the struts action form bean.

Thanks.
Pranav Sharma
Ranch Hand

Joined: Oct 27, 2003
Posts: 256
From what I know Struts adds it as an attribute
the attribute name comes from the ActionMapping. Struts uses the form bean "name" attribute you add to the action-mapping in the config file.

To get the name you could get it in action by:
mapping.getAttribute()
Jason Menard
Sheriff

Joined: Nov 09, 2000
Posts: 6450
"linoops",

Welcome to JavaRanch. We don't have many rules here, but we do have a naming policy which we try to strictly enforce. Please re-read this document and edit your display name in order to comply. Thanks in advance, and we look forward to seeing you around the Ranch.
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

mannu is correct.

I believe that when Struts check the parameter for a form it checks to see if it is of the correct ActionForm type. If it isn't the correct type, it makes the correct ActionForm and sets the attribute.

You should have no worries of a user spoofing parameters or attributes.


A good workman is known by his tools.
Arun
Ranch Hand

Joined: Oct 03, 2003
Posts: 40
Thank you for your replies. I am not concerned about the user spoofing attributes, but wondering if a programmer could mess the application by using the form name for some attribute he wants to store in session scope.

For ex.. say i have an action that uses a form name 'abcForm' and struts works with this form and sets data into the form and stores it in the session as an attribtue under the name 'abcForm'.
Say some developer in some other part of the application does a session.setAttribute("abcForm","Just a string object"). If this gets invoked while my action is working on the struts form could that lead to a potential conflict? Does struts store action forms under some key like struts.abcForm instead just abcForm to avoid such a situation??

Regards.
Jason Menard
Sheriff

Joined: Nov 09, 2000
Posts: 6450
"Arun",

Thanks for your attempt to comply with our naming policy. Unfortunately your name is still not in compliance. Specifically, you must have a valid first name and a valid last name, and neither of these names may be obviously fictitious. If you have any questions on our naming policy or don't understand something you read in the document I pointed you towards previously, please feel free to bring up the issue in the JavaRanch forum. Thanks again.
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

Originally posted by Arun:
Thank you for your replies. I am not concerned about the user spoofing attributes, but wondering if a programmer could mess the application by using the form name for some attribute he wants to store in session scope.

For ex.. say i have an action that uses a form name 'abcForm' and struts works with this form and sets data into the form and stores it in the session as an attribtue under the name 'abcForm'.
Say some developer in some other part of the application does a session.setAttribute("abcForm","Just a string object"). If this gets invoked while my action is working on the struts form could that lead to a potential conflict? Does struts store action forms under some key like struts.abcForm instead just abcForm to avoid such a situation??

Regards.


A programmer could "mess it up" but such a mistake would be blaringly obvious. It should not be of concern, especially if the names follow a unique convention in the struts-config, such as ended all in "Form" (ie employeeForm, accountForm).

But now that you mention it, I'd like to show you a simple trick I like to use for other purposes:

I have the above code in a parent ActionForm that all other ActionForms extend. This automatically places every ActionForm under the request attribute of "form" in addition to its struts-config name. I like this because it makes my JSPs and especially their JSTL tags easier to write, read, and maintain.

Notice that I made a new hook method called doReset() to be used for the scenarios that I would previously call reset().
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How are Struts action forms stored?
 
Similar Threads
What's the best way to handle multiple Java bean instance in Jsp?
Need fetch fullpath of a file uploaded
Use form bean in more than one action method
Retrieving a list for a dynavalidator form
Struts Session Scope Listener