struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From esemba <ese...@gmail.com>
Subject [S2] actions responding only to POST/GET methods
Date Tue, 28 Oct 2008 03:09:07 GMT

I've a simple question. How can i write an action, that only serves GET /
POST requests. Lets suppose I've an actions that authenticates users. In
action there are fields username and password, which i set from a form via
post http method. The action works the same as I request URL like
myAction.action?username=admin&password=blah (the GET way). It is definitely
a security weakness and reminds me php directive register_globals (which
treats post/get variables the same way and in newer versions is deprectated,
or even not present). Even in servlets there are methods like doPost, doGet,
doXXX, so you can distinguish servlet's behavior for different types of
requests. I'm pretty sure this has already been solved here, but search for
keywords like "get post method problem" didn't return any reasonable
threads. 

Thank you for your suggestions.
-- 
View this message in context: http://www.nabble.com/-S2--actions-responding-only-to-POST-GET-methods-tp20200721p20200721.html
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message