struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "bhaarat Sharma" <bhaara...@gmail.com>
Subject Re: [OT] Re: Is it post or get?
Date Wed, 20 Feb 2008 20:02:17 GMT
>../myApp/viewUserDetails.do?methodToCall=edit&userid=1, it >goes to
Edit User page.
so whats wrong with that? even if you are using \'hidden\' fields you
will retrieve them as request.getParameter().  If you dont pass the
hidden field but just type it in the url then also it will work.

If you are worried that user with userid 1 might be able to see edit
page for user with userid 20 by just changing the
url(/myApp/viewUserDetails.do?methodToCall=edit&userid=20)

then really your action should be checking whether logged in urerid
matches userid coming from request.getParameter() or whatever logic
your application requires...


On 2/20/08, Dave Newton <newton.dave@yahoo.com> wrote:
--- \"semaj.najraham\" <semaj.najraham@hotmail.com> wrote:
> > How do I allow only POST form submission? Do I need to check on each Struts
> > Action method request.getMethod() is POST? If that\'s true, then I\'m
> > screwed. I will need to make changes on all my action classes.
>
> If you actually *care*, then yes, you\'d need to implement that across the
> application somehow. There are several ways you could go about this,
> including creating a custom request processor (which could be combined with a
> struts configuration property, marker interface, or whatever), implement an
> action sub-class (that\'s what I always used to do, IIRC), or put it in each
> action, or...
>
> I seriously doubt that you\'re \"screwed\" to any great degree.
>
> Dave
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message