Is there any kind of functionality in webwork or xwork that will allow
error messages to persist across a redirect result? Or is there some
other set of functions I can use to achieve what I need? Here's what I'm
looking for:
I have a user admin page that allows user to change their passwords.
Users enter their old pwd, the new one, and a confirmation of the new
one. These are configured as properties on my action (call it
UserAdminAction for now). When the rules for pwd checking fail (old pwd
not correct, new doesn't match confirm, etc.), I take them back to the
input page. Each rule could potentially add an error message to the
action. When they succeed, I want to take them back to the page from
which they started. My action implements a collection of messages that
work exactly the way error messages do but are stored in a separate
collection and accessed separately. These messages can be displayed on
the page so that, for example, after a password change, the user sees
"Your password was successfully changed." Without that functionality, I
can't give the user feedback about the result of the change where it
makes the most sense, which is the page from which they started.
Here's the problem: After a failed attempt or after a success, if I just
chain the actions together, when I get to the error or success page my
browser address field will show the password information as a set of url
parameters. I'm assuming this comes from the parameters interceptor. The
issue is, I absolutely don't want to have password information sitting
around in the browser bar. It's a pretty heavy security breach, IMHO. If
it wasn't, no one would go to the trouble of masking passwords using a
password control.
The only way out that I know of is to do a redirect to the error and
success pages. That ends up killing my action errors or my custom action
messages, because the request context dies (a redirect is an entirely
new request). So I'm stuck b/w a rock and a hard place. If I recall,
Struts didn't have this problem because actions were stored at a session
level, so you could get at the messages. Does webwork have some sort of
similar facility, or is there something I'm missing about redirects and
chaining (i.e., is there some way to chain or dispatch to another page
without showing the parameters that got you there)?
Here's a sample of my xwork config:
<!-- Custom user management actions (not normal data management) -->
<package name="customSceaUser" extends="web" namespace="/admin">
<!-- begin changing password (go to custom form) -->
<action name="changePasswordBegin"
class="com.scea.admin.web.actions.CustomSceaUserAction">
<result name="success"
type="velocity">/views/pagesetOutput.vm</result>
<interceptor-ref name="static-params"/>
<param name="page">changePassword</param>
</action>
<!-- change password (for current user) -->
<action name="changePassword"
class="com.scea.admin.web.actions.CustomSceaUserAction"
method="changePassword">
<result name="success" type="redirect">
<param
name="location">myInfo.view.jspa</param>
</result>
<result name="error" type="chain">
<param
name="actionName">changePasswordBegin</param>
</result>
<interceptor-ref name="static-params"/>
<interceptor-ref name="params"/>
<param name="page">changePassword</param>
</action>
<!-- reset password (of selected user) -->
<action name="resetPassword"
class="com.scea.admin.web.actions.CustomSceaUserAction"
method="resetPassword">
<result name="success" type="chain">
<param
name="actionName">sceaUser.view</param>
</result>
<result name="error" type="chain">
<param
name="actionName">sceaUser.view</param>
</result>
<interceptor-ref name="params"/>
</action>
<!-- Load current user -->
<action name="myInfo.view"
class="com.scea.admin.web.actions.CustomSceaUserAction"
method="loadCurrentUser">
<result name="success"
type="velocity">/views/pagesetOutput.vm</result>
<interceptor-ref name="static-params"/>
<param name="page">myInfo</param>
</action>
</package>
Thanks,
Drew
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Opensymphony-webwork mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
