This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Struts and the fly likes how to hide the struts2 action name being displayed in the URL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "how to hide the struts2 action name being displayed in the URL" Watch "how to hide the struts2 action name being displayed in the URL" New topic
Author

how to hide the struts2 action name being displayed in the URL

manjesh ipp
Greenhorn

Joined: Jan 01, 2011
Posts: 9
Hi,
I am using struts2 for an application,
I have some methods in action class like getContactDetails(), updateContactDetails() with getcontact.action and updatecontact.action.
when the request is made those action names are shown in the URL.
is there any way to hide this action name is being displayed in the URL?

The reason is simple that I donot want someone to guess the action name and try to manipulate it though I have taken care of CSRF and XSS prevention.
alternatively I can code action name something like ...ABCDG00 but it will damage the programming conventions.



-Manjesh
Jimmy Clark
Ranch Hand

Joined: Apr 16, 2008
Posts: 2187
when the request is made those action names are shown in the URL.


Your issue is coming from the way "you" have designed the navigation.

Your Action objects should forward processing to JSP files.

The Action object is the Controller. The JSP file is the View. The URL displayed in brower should only show JSP file-names.
manjesh ipp
Greenhorn

Joined: Jan 01, 2011
Posts: 9
Jimmy,

what do you meant by "Action objects should forward processing to JSP files" ?

When updateContactDetails() returns SUCCESS, contact.jsp will be displayed and I do see the 'updateContact' in the URL at this point of time..
do you meant I should use something like ResultType "Chain" I donot find anything similar to RequestDispatcher.forward(req,res) .

Thanks
Manjesh



Shankar Tanikella
Ranch Hand

Joined: Jan 30, 2011
Posts: 329

though I have taken care of CSRF and XSS prevention.

So what are you protecting the application from to think about disguising URL.. Id on not see any reason as you already stated...
damage the programming conventions

Identification of threat is the first and must activity that should be done, unnecessary implementations would result in maintenance issues/burden and performance issues but nothing else...


Have Fun with Java
little,little.. little by little makes a lot..
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to hide the struts2 action name being displayed in the URL
 
Similar Threads
Struts2
Struts2 with RAD7
How to handle java.lang.NullPointerException in Struts2?..
Problem of <frameset> tag with struts2
Struts2-Spring annotation