struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Sykes <a.sy...@ucl.ac.uk>
Subject Re: Only call actions from certain forms
Date Sat, 24 Jan 2009 03:49:31 GMT
Hi all,

Cheers for the suggestions - I guess I was just looking for a sanity  
check from the list.

My current method (almost exactly the same as below) is to check a  
choice form field for null in the validateXXX() method - this is the  
case when you call the action without POST from a form. If null, I can  
return INPUT from the validation method (which, interestingly enough,  
lets me set the return type as String, and have it honoured as a valid  
result - I thought void was the only valid validateXXX result type).  
The input result kicks the user to the form they should've used. Job  
done.

I'm not using XML or annotation validators - 95% of my validation is  
more complex than those allow.

The reasoning behind wanting to do this is my users are somewhat  
curious, and are prone to poking. I'd prefer for them to not see blank  
pages, stack traces, or otherwise!

Andy.

On 24 Jan 2009, at 02:52, Dave Newton wrote:

> Andy Sykes wrote:
>> My forms all submit to a different action than that which renders  
>> the pages.
>> Is there a recommended way to prevent/mitigate the effect of users  
>> directly calling the actions (via their URL) that forms are  
>> submitted to? In this case, the actions' fields are null, which is  
>> somewhat irritating in an action method that has associated  
>> validation..
>
> The simplest solution, although somewhat hacky, might be to just  
> check for a hidden form token in the action's validate method. If  
> it's not there, it wasn't reached from the form. If it is, call  
> super.validate() which will run any XML/annotation-based validation.
>
> Dave
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message