File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Securing URLs Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Securing URLs" Watch "Securing URLs" New topic

Securing URLs

Jeffies Shah

Joined: Mar 27, 2006
Posts: 7
This is a Struts related query.
In my web app, I have a folder named XX which has two files, Show.html and Game.swf, with the Show.html having the code to show the swf (Game.swf) file. This folder XX is in no way related to the web app. In a page in the web app, I have to point a link "GAME" to Show.html.
The folder XX exists outside WEB-INF and I coded as:
<a href='/XX/Show.html'>GAME</a>. The code worked well.

But the problem is the URL appeared on the browser bar as http://localhost:8080/XX/Show.html. So, with the idea of securing the URL, I planned to use an action named with the following mapping in the struts-config file:
<action path="/ShowGame"
type="org.apache.struts.actions.ForwardAction" />
and changed the href code to:
<jaf:link action='/ShowGame'>GAME</jaf:link>
This is not working.

Can you please tell me why?

"He owns Pan-Am. He owns Congress. He owns the Civil Aeronautics Board. But he does not own the sky." (Howard Hughes in 'The Aviator').
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
The problem here is that by doing this, you have changed the current directory from /XX to /. This means that /XX/Show.html can no longer find Game.swf.

You can fix this by putting a <base> tag at the beginning of your html document:

<base href="/MyApp/XX/Show.html">

Then, any references to "game.swf" will be resolved correctly.

If you want to avoid hard-coding a reference to the context root, change the page to a JSP, and use the Struts <html:base> tag.

Consultant, Sima Solutions
I agree. Here's the link:
subject: Securing URLs
It's not a secret anymore!