Re: [OT] Re: Is it post or get?
Thank you for replying Dave. How do I allow only POST form submission? Do I need to check on each Struts Action method request.getMethod() is POST? If that's true, then I'm screwed. I will need to make changes on all my action classes. Thank you, semaj newton.dave wrote: --- semaj.najraham [EMAIL PROTECTED] wrote: my point is if the user directly types ../myApp/viewUserDetails.do?methodToCall=edituserid=1, it goes to Edit User page. Is this how it should behave even if it is POST or I am misunderstanding how POST and GET works? You appear to be misunderstanding not how they work, but what they are. A form submission may be GET or POST. An *action* is just an action; you don't define an action as a GET or POST action. Actions (in general) it will get the parameters regardless of how the request was made. The only way an action will differentiate between the two methods is if you explicitly code different paths for the different request types. For example, you may wish to only allow POST form submissions. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Is-it-post-or-get--tp15592354p15595291.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Re: Is it post or get?
--- semaj.najraham [EMAIL PROTECTED] wrote: How do I allow only POST form submission? Do I need to check on each Struts Action method request.getMethod() is POST? If that's true, then I'm screwed. I will need to make changes on all my action classes. If you actually *care*, then yes, you'd need to implement that across the application somehow. There are several ways you could go about this, including creating a custom request processor (which could be combined with a struts configuration property, marker interface, or whatever), implement an action sub-class (that's what I always used to do, IIRC), or put it in each action, or... I seriously doubt that you're screwed to any great degree. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Re: Is it post or get?
../myApp/viewUserDetails.do?methodToCall=edituserid=1, it goes to Edit User page. so whats wrong with that? even if you are using \'hidden\' fields you will retrieve them as request.getParameter(). If you dont pass the hidden field but just type it in the url then also it will work. If you are worried that user with userid 1 might be able to see edit page for user with userid 20 by just changing the url(/myApp/viewUserDetails.do?methodToCall=edituserid=20) then really your action should be checking whether logged in urerid matches userid coming from request.getParameter() or whatever logic your application requires... On 2/20/08, Dave Newton [EMAIL PROTECTED] wrote: --- \semaj.najraham\ [EMAIL PROTECTED] wrote: How do I allow only POST form submission? Do I need to check on each Struts Action method request.getMethod() is POST? If that\'s true, then I\'m screwed. I will need to make changes on all my action classes. If you actually *care*, then yes, you\'d need to implement that across the application somehow. There are several ways you could go about this, including creating a custom request processor (which could be combined with a struts configuration property, marker interface, or whatever), implement an action sub-class (that\'s what I always used to do, IIRC), or put it in each action, or... I seriously doubt that you\'re \screwed\ to any great degree. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
