struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurie Harper <lau...@holoweb.net>
Subject Re: Validation result URL contains failed parameters
Date Fri, 11 Apr 2008 12:06:34 GMT
Guillaume Bilodeau wrote:
> Hi guys,
> 
> I'm using Struts 2.0.11 for a standard web application and using annotations
> all the way.  I have the following action, with some fields and getters /
> setters omitted for brevity:
> 
> @ParentPackage("default")
> @Results( {
> 		@Result(name = "input", type = ServletDispatcherResult.class, value =
> "/views/users/changePassword.jsp"),
> 		@Result(type = ServletActionRedirectResult.class, value = "workbench",
> params = {
> 				"namespace", "/workbench", "parse", "true", "actionMessageKey",
> 				"${actionMessageKey}" }) })
> @Validation
> public class ChangePasswordAction extends ActionSupport {
> 	@Override
> 	@Validations(requiredStrings = {
> 			@RequiredStringValidator(fieldName = "currentPassword", message = "", key
> = "users.changePassword.currentPassword.invalid"),
> 			@RequiredStringValidator(fieldName = "newPassword1", message = "", key =
> "users.changePassword.newPassword.invalid"),
> 			@RequiredStringValidator(fieldName = "newPassword2", message = "", key =
> "users.changePassword.newPassword.invalid") }, expressions = {
> @ExpressionValidator(expression = "newPassword1.equals(newPassword2)",
> message = "", key = "users.changePassword.mismatch") })
> 	public String execute() {
> 		String result = Action.INPUT;
> 
> 		try {
> 			userService.changeUserPassword(getUser().getId(), currentPassword,
> newPassword1);
> 			result = Action.SUCCESS;
> 		}
> 		catch (InvalidPasswordException e) {
> 			addActionError(getText("users.changePassword.currentPassword.invalid"));
> 		}
> 
> 		return result;
> 	}
> }
> 
> The accompanying JSP, changePassword.jsp, contains a simple form with 3
> fields (current, new, confirm new password) and a submit button.
> 
> When leaving all form fields and submitting the form, the validation
> interceptor correctly executes, correctly identifies all validation errors
> and correctly executes the input result.  The rendered page correctly shows
> the correct form with all expected error messages next to the corresponding
> fields.  Basically, the whole request handling works as expected.  However,
> the browser's address bar now shows the following:
> 
> http://localhost:8080/healthcheck/users/changePassword.go?currentPassword=&newPassword1=&newPassword2=&general.submit=Submit
> 
> The URL contains all failed parameters with their values in clear text,
> which is something I don't want.  The behavior is the same when using an
> empty result type for the input result.
> 
> 1. Is there a way not to see these parameters in the final URL?
> 2. I don't see why these parameters need to be added to the URL when they
> are clearly accessible to the JSP using the value stack.  Surely there must
> be a good reason to this?


That's basic HTML/HTTP. You need to change your form to submit using the 
POST method instead of GET. See the 'method' attribute of s:form.

L.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message