File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how to hide the struts2 action name being displayed in the URL

 
manjesh ipp
Greenhorn
Posts: 9
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am using struts2 for an application,
I have some methods in action class like getContactDetails(), updateContactDetails() with getcontact.action and updatecontact.action.
when the request is made those action names are shown in the URL.
is there any way to hide this action name is being displayed in the URL?

The reason is simple that I donot want someone to guess the action name and try to manipulate it though I have taken care of CSRF and XSS prevention.
alternatively I can code action name something like ...ABCDG00 but it will damage the programming conventions.



-Manjesh
 
Jimmy Clark
Ranch Hand
Posts: 2187
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
when the request is made those action names are shown in the URL.


Your issue is coming from the way "you" have designed the navigation.

Your Action objects should forward processing to JSP files.

The Action object is the Controller. The JSP file is the View. The URL displayed in brower should only show JSP file-names.
 
manjesh ipp
Greenhorn
Posts: 9
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jimmy,

what do you meant by "Action objects should forward processing to JSP files" ?

When updateContactDetails() returns SUCCESS, contact.jsp will be displayed and I do see the 'updateContact' in the URL at this point of time..
do you meant I should use something like ResultType "Chain" I donot find anything similar to RequestDispatcher.forward(req,res) .

Thanks
Manjesh



 
Shankar Tanikella
Ranch Hand
Posts: 329
Eclipse IDE Java Oracle
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
though I have taken care of CSRF and XSS prevention.

So what are you protecting the application from to think about disguising URL.. Id on not see any reason as you already stated...
damage the programming conventions

Identification of threat is the first and must activity that should be done, unnecessary implementations would result in maintenance issues/burden and performance issues but nothing else...
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic