Struts2- URL tag - Hide query String -



Struts2- URL tag - Hide query String -

after lot of research on stackoverflow i'm posting question not find solution issue.

requirement scenario : update client list of customers based on each client id parameter.

solution tried: based on client id received jsp, pass action struts2 url tag.

issue faced - query string visible on url. http://foo.com/struts2example/getcustomeraction?customerid=2

questions :

can not hide query string if utilize struts url tag? if cannot hide using query string while using url tag? alternative above scenario.

code struts.xml,jsp , action below -

class="lang-html prettyprint-override"><h2>all customers details</h2> <s:if test="customerlist.size() > 0"> <table border="1px" cellpadding="8px"> <tr> <th>customer id</th> <th>first name</th> <th>last name</th> <th>age</th> <th>created date</th> </tr> <s:iterator value="customerlist" status="userstatus"> <tr> <td><s:url var="editcustomer" action="getcustomeraction"> <s:param name="customerid" value="%{customerid}" /> </s:url> <p> <s:a href="%{editcustomer}"> <s:property value="customerid" /> </s:a> </p></td> <td><s:property value="firstname" /></td> <td><s:property value="lastname" /></td> <td><s:property value="age" /></td> <td><s:date name="createddate" format="dd/mm/yyyy" /></td> </tr> </s:iterator> </table> </s:if> <br /> <br />

struts.xml-

class="lang-xml prettyprint-override"><!-- client details - pre-populate form update client --> <action name="getcustomeraction" method="getcustomerbyid" class="com.hcl.customer.action.customeraction"> <result name="success">pages/customerform.jsp </result> </action>

customer action class-

class="lang-java prettyprint-override">public class customeraction extends actionsupport implements modeldriven { logger logger = logger.getlogger(customeraction.class); client customer = new customer(); list<customer> customerlist = new arraylist<customer>(); customerdao customerdao = new customerdaoimpl(); public client getcustomer() { homecoming customer; } //set client onto value stack public void setcustomer(customer customer) { this.customer = customer; } public list<customer> getcustomerlist() { homecoming customerlist; } //set client list onto value stack public void setcustomerlist(list<customer> customerlist) { this.customerlist = customerlist; } public string execute() throws exception { homecoming success; } public object getmodel() { homecoming customer; } // edit client details, retrieve records based on customerid //skipvalidation used skip validate() @skipvalidation public string getcustomerbyid() { logger.info("** client id edit ** " + customer.getcustomerid()); client = customerdao.customerbyid(customer.getcustomerid()); homecoming success; }

some unordered considerations:

use different actions (with execute method only), or different methods of same action, perform different "actions"; the name of each action/method should match operation performed , self-explanatory, illustration should have editcustomer method (or action) edit client , getcustomer method (or action) obtain customer; the http method should used read data, while post http method should used send data; every non-reading operation should ideally performed through post; using send info old bad practice born 20 years ago , never died :/ reasons utilize post hidden url, higher load capacity, ability send binary data, etc...

that said, url http://foo.com/struts2example/getcustomeraction?customerid=2 should visible (to bookmarked example), , ideally should prettified (rest style, stackoverflow): http://foo.com/struts2example/customer/2/

an url http://foo.com/struts2example/editcustomeraction?customerid=2 can't work, because not passing other parameter; know id of client edit, not info alter... become like: http://foo.com/struts2example/editcustomeraction?customerid=2&name=foo&lastname=bar&age=42, work, said (and inquire in question) should hidden, , handled through post.

if printing in source of page ids, there should no need hide them user;

what need ensure user can't alter ids outside range specified; if drawed in page list of customers id {1,2,3} must block effort of user alter id , trying update client id = 4... accomplish that, store list of id in session before populating page, , check ids returned page against list. if don't match, block malicious operation.

hope helps

url struts2 tags

Comments

Post a Comment

Popular posts from this blog

web services - java.lang.NoClassDefFoundError: Could not initialize class net.sf.cglib.proxy.Enhancer -

web services - java.lang.NoClassDefFoundError: Could not initialize class net.sf.cglib.proxy.Enhancer - when trying request rest service @ time of response getting exception.. feb 21, 2013 2:34:49 pm com.sun.jersey.spi.container.containerresponse mapmappablecontainerexception severe: exception contained within mappablecontainerexception not mapped response, re-throwing http container java.lang.noclassdeffounderror: not initialize class net.sf.cglib.proxy.enhancer @ org.hibernate.proxy.pojo.cglib.cgliblazyinitializer.getproxyfactory(cgliblazyinitializer.java:117) @ org.hibernate.proxy.pojo.cglib.cglibproxyfactory.postinstantiate(cglibproxyfactory.java:43) @ org.hibernate.tuple.entity.pojoentitytuplizer.buildproxyfactory(pojoentitytuplizer.java:162) @ org.hibernate.tuple.entity.abstractentitytuplizer.<init>(abstractentitytuplizer.java:135) @ org.hibernate.tuple.entity.pojoentitytuplizer.<init>(pojoentitytuplizer.java:55) @ org.hibernate.tuple.e...
Read more

Accessing MATLAB's unicode strings from C -

Accessing MATLAB's unicode strings from C - how can access underlying unicode info of matlab strings through matlab engine or mex c interfaces? here's example. let's set unicode characters in utf-8 encoded file test.txt, read as fid=fopen('test.txt','r','l','utf-8'); s=fscanf(fid, '%s') in matlab. now if first feature('defaultcharacterset', 'utf-8') , c engevalstring(ep, "s") , output text file utf-8. proves matlab stores unicode internally. if mxarraytostring(enggetvariable(ep, "s")) , unicode2native(s, 'latin-1') give me in matlab: non-latin-1 characters replaced character code 26. need getting access underlying unicode info c string in unicode format (utf-8, utf-16, etc.), , preserving non-latin-1 characters. is possible? my platform os x, matlab r2012b. addendum: documentation explicitly states "[mxarraytostring()] supports multibyte encoded characters...
Read more

javascript - mongodb won't find my schema method in nested container -

javascript - mongodb won't find my schema method in nested container - i trying access method of schema stored within mixed container. here situation : have cases model can many different things, have schema each of these things stored in "casecontent" mixed property. var caseschema = mongoose.schema({ casecontent : {}, object : {type:string, default : "null"}, collision : {type : boolean, default : false} }); the casecontent property filled model of 1 of schemas, 1 exemple : var treeschema = new mongoose.schema({ applecount : {type : number, default : 3} }); treeschema.methods.dostuff = function (data) { console.log('hey, listen'); homecoming true; }; then, want utilize method of schema original container : caseschema.methods.dostuff = function (data) { if (this.casecontent.dostuff !== undefined) { this.casecontent.dostuff(); console.log('it worked'); } else { ...
Read more