Yes, you are right Alexandru… but doesn't the DispacthAction has the same
problem when using the method parameter in the request to specify the method
of action to execute?
Best regards,
JP
Alexandru Popescu ☀ wrote:
>
> On 8/30/07, jpedro <[EMAIL PROTECTED]> wrote:
>>
>> Not quite, it will only enter in an infinite recursion in the same way
>> that a
>> struts action will if it has a forward to it self.
>>
>> In this action that would only occour if the default forward were to
>> "/dosemething.do", something like
>> <forward name="default" path="/dosomething.do" />, because in any other
>> case
>> the first forward would be to the "/dosemething.do" and the second
>> forward
>> would be to the default forward, that shouldn't be the "/dosemething.do".
>>
>> So you see, the risk of infinite recursion is the same that in any other
>> struts action.
>>
>> Best regards,
>> JP
>>
>
> JP in big terms I agree with you. But as long as your stuff is using
> request parameters this means that it exposes the app to external
> exploits. The other risk you are mentioning is just internal to you
> app and your dev.
>
> bests,
> ./alex
> --
> .w( the_mindstorm )p.
>
>>
>> Alexandru Popescu ☀ wrote:
>> >
>> > If I'm reading it correctly there is a risk of infinite recursion in
>> > there (if the parameter is the same as the current action).
>> >
>> > bests,
>> > ./alex
>> > --
>> > .w( the_mindstorm )p.
>> >
>> >
>> > On 8/28/07, jpedro <[EMAIL PROTECTED]> wrote:
>> >>
>> >> Hi,
>> >>
>> >> I have written this Action for a project. It uses the parameter of a
>> >> mapped
>> >> action and gets the parameter's value from the request to execute the
>> >> action
>> >> forward.
>> >>
>> >> Also it has a default forward that is used when the forward parameter
>> is
>> >> not
>> >> present in the request.
>> >>
>> >> The action code is:
>> >>
>> >> public class DynamicForwardAction extends Action {
>> >>
>> >> public ActionForward execute(ActionMapping mapping, ActionForm
>> form,
>> >> HttpServletRequest req,
>> >> HttpServletResponse resp) throws Exception {
>> >>
>> >> ActionForward forward =
>> >> mapping.findForward(req.getParameter(mapping.getParameter()));
>> >> return (forward != null) ? forward :
>> >> mapping.findForward("default");
>> >> }
>> >> }
>> >>
>> >> An example of the mapping of this Action is:
>> >>
>> >> <action path="/dosomething"
>> >> type=" DynamicForwardAction"
>> >> validate="false"
>> >> parameter="option">
>> >> <forward name="opt1" path="app.forward1" />
>> >> <forward name="opt2" path="app.forward2" />
>> >> <forward name="default" path="app.defaultfForward" />
>> >> </action>
>> >>
>> >> If this action is invoked with something like
>> >> "/dosomething.do?option=op1"
>> >> the specified forward "op1" will be executed.
>> >>
>> >> If you think that this action may be useful for struts, fell free to
>> >> include
>> >> it.
>> >>
>> >> Best regards,
>> >> JP
>> >>
>> >> --
>> >> View this message in context:
>> >>
>> http://www.nabble.com/DynamicForwardAction-for-your-consideration-tf4341571.html#a12367415
>> >> Sent from the Struts - Dev mailing list archive at Nabble.com.
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > For additional commands, e-mail: [EMAIL PROTECTED]
>> >
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/DynamicForwardAction-for-your-consideration-tf4341571.html#a12403370
>> Sent from the Struts - Dev mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/DynamicForwardAction-for-your-consideration-tf4341571.html#a12403959
Sent from the Struts - Dev mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
