struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prasanth <dbad...@pangburngroup.com>
Subject Re: Struts2 login action class seems to be reused
Date Fri, 18 May 2018 14:52:22 GMT
The forward happens only to LoginAction. In some cases a PostBack will work but in cases where
we have given the end user a choice of applications PostBack will not work as browser has
to post back
the 1st request information rather than the second request information.

Agree I guess we have to make sure we don't have any get methods in the second application
LoginAction to avoid similar issues.

We have removed the getUsername, getPassword, getAction methods which has stopped the issue
of having login credentials in the LoginAction when those are not submitted by user. Now I
have removed the
setRequest method (not getRequest) and that seems to solve the session invalid exception.
May be I can remove the getRequest also as this is not really needed. We have one more get
method getMessage
this is used to display error messages on login page, which we probably need to keep but should
not cause any issues as this data does not change site behavior but I might set this to empty
at the
start of execute (effectively clearing, if this is set from old action).

Thanks,
Prasanth

On 05/17/2018 06:11 AM, Yasser Zamani wrote:
>
> On 5/16/2018 11:51 PM, Prasanth wrote:
>> Would struts2 call this setRequest method even if the class is implementing just
ServletRequestAware?
> No. Additionally Struts RequestAware method signature is
> setRequest(Map<String,Object> request); i.e. it's parameter is Map not
> ServletRequest.
>
>> Any insights as to why this additional setRequest method causes the problem? 
> Yes. It's same as your issue with username/password copy from previous
> action. Your previous action is in value stack (I don't know why! see
> [1]) ChainingInterceptor thinks it's a chain result, so, calls
> getRequest on previous action and then calls setRequest on your current
> action with returned value (i.e. copies this value from previous action
> and overrides your private request field inside your action).
>
> You can fix this also by removing getRequest method which disables
> ChainingInterceptor to copies this.
>
> But you may encounter several same issues when you have both setX and
> getX methods on your actions.
>
> [1] So, as I mentioned before, could you please rewrite all of your
> FORWARDs with Struts ServletRedirect or PostBack results (also revert
> back all removed getter methods)? this shows us if FORWARDs are root
> cause of these issues or not. Then we can investigate more on other
> possible causes.
>
> Regards.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message