jQuery in Action, 2nd edition*
The moose likes Struts and the fly likes how to hide the struts2 action name being displayed in the URL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "how to hide the struts2 action name being displayed in the URL" Watch "how to hide the struts2 action name being displayed in the URL" New topic
Author

how to hide the struts2 action name being displayed in the URL

manjesh ipp
Greenhorn

Joined: Jan 01, 2011
Posts: 9
Hi,
I am using struts2 for an application,
I have some methods in action class like getContactDetails(), updateContactDetails() with getcontact.action and updatecontact.action.
when the request is made those action names are shown in the URL.
is there any way to hide this action name is being displayed in the URL?

The reason is simple that I donot want someone to guess the action name and try to manipulate it though I have taken care of CSRF and XSS prevention.
alternatively I can code action name something like ...ABCDG00 but it will damage the programming conventions.



-Manjesh
Jimmy Clark
Ranch Hand

Joined: Apr 16, 2008
Posts: 2187
when the request is made those action names are shown in the URL.


Your issue is coming from the way "you" have designed the navigation.

Your Action objects should forward processing to JSP files.

The Action object is the Controller. The JSP file is the View. The URL displayed in brower should only show JSP file-names.
manjesh ipp
Greenhorn

Joined: Jan 01, 2011
Posts: 9
Jimmy,

what do you meant by "Action objects should forward processing to JSP files" ?

When updateContactDetails() returns SUCCESS, contact.jsp will be displayed and I do see the 'updateContact' in the URL at this point of time..
do you meant I should use something like ResultType "Chain" I donot find anything similar to RequestDispatcher.forward(req,res) .

Thanks
Manjesh



Shankar Tanikella
Ranch Hand

Joined: Jan 30, 2011
Posts: 329

though I have taken care of CSRF and XSS prevention.

So what are you protecting the application from to think about disguising URL.. Id on not see any reason as you already stated...
damage the programming conventions

Identification of threat is the first and must activity that should be done, unnecessary implementations would result in maintenance issues/burden and performance issues but nothing else...


Have Fun with Java
little,little.. little by little makes a lot..
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to hide the struts2 action name being displayed in the URL