Return-Path: Delivered-To: apmail-struts-user-archive@www.apache.org Received: (qmail 36143 invoked from network); 28 Oct 2008 03:09:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Oct 2008 03:09:47 -0000 Received: (qmail 90004 invoked by uid 500); 28 Oct 2008 03:09:43 -0000 Delivered-To: apmail-struts-user-archive@struts.apache.org Received: (qmail 89424 invoked by uid 500); 28 Oct 2008 03:09:42 -0000 Mailing-List: contact user-help@struts.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Struts Users Mailing List" Reply-To: "Struts Users Mailing List" Delivered-To: mailing list user@struts.apache.org Received: (qmail 89413 invoked by uid 99); 28 Oct 2008 03:09:42 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Oct 2008 20:09:42 -0700 X-ASF-Spam-Status: No, hits=2.6 required=10.0 tests=DNS_FROM_OPENWHOIS,SPF_HELO_PASS,SPF_PASS,WHOIS_MYPRIVREG X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Oct 2008 03:08:28 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1Kuex9-0004cf-Hk for user@struts.apache.org; Mon, 27 Oct 2008 20:09:07 -0700 Message-ID: <20200721.post@talk.nabble.com> Date: Mon, 27 Oct 2008 20:09:07 -0700 (PDT) From: esemba To: user@struts.apache.org Subject: [S2] actions responding only to POST/GET methods MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: esemba@gmail.com X-Virus-Checked: Checked by ClamAV on apache.org I've a simple question. How can i write an action, that only serves GET / POST requests. Lets suppose I've an actions that authenticates users. In action there are fields username and password, which i set from a form via post http method. The action works the same as I request URL like myAction.action?username=admin&password=blah (the GET way). It is definitely a security weakness and reminds me php directive register_globals (which treats post/get variables the same way and in newer versions is deprectated, or even not present). Even in servlets there are methods like doPost, doGet, doXXX, so you can distinguish servlet's behavior for different types of requests. I'm pretty sure this has already been solved here, but search for keywords like "get post method problem" didn't return any reasonable threads. Thank you for your suggestions. -- View this message in context: http://www.nabble.com/-S2--actions-responding-only-to-POST-GET-methods-tp20200721p20200721.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@struts.apache.org For additional commands, e-mail: user-help@struts.apache.org