Re: [S2] Parameterized File Downloading
Ok, I finally see the error of my ways: I originally defined my parameter like this: when it should be like this: now the proper string is passed. Thanks so much for the help! DNewfield wrote: > > Grish wrote: >> >> >> >> Get image > > So does this generate a link relative to your webapp of > filedownload/download.action?inputPath=/images/test.gif > > ? > > ( note, ".action" could be ".do", ".html" or whatever you have that > extension set to, apparently even "". (I may have to try that in my > app...) ) > > If so, then the problem is somewhere between the receipt of the request > and the handoff after the execute() method is run from the bean defined > as fileDownloadAction. I leave it to you to trace through the process. > Is the setter being called? In the execute method is there a value? Is > it using the class you think it's using? You can specify a method > (other than the default execute) if you'd like to put your checks there. > > -Dale > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/-S2--Parameterized-File-Downloading-tf4191759.html#a11976775 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [S2] Parameterized File Downloading
Grish wrote: Get image So does this generate a link relative to your webapp of filedownload/download.action?inputPath=/images/test.gif ? ( note, ".action" could be ".do", ".html" or whatever you have that extension set to, apparently even "". (I may have to try that in my app...) ) If so, then the problem is somewhere between the receipt of the request and the handoff after the execute() method is run from the bean defined as fileDownloadAction. I leave it to you to trace through the process. Is the setter being called? In the execute method is there a value? Is it using the class you think it's using? You can specify a method (other than the default execute) if you'd like to put your checks there. -Dale - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [S2] Parameterized File Downloading
Good ideas! I try them out, my only problem now is that if i try to pass the parameter via the link, I still get the following error: Can not find a java.io.InputStream with the name [inputStream] in the invocation stack. Check the tag specified for this action. this is my action: image/gif inputStream filename="test.gif" 4096 Same as in the struts 2 showcase example but I removed the set parameter for the action. Then I defined my link like so: Get image I check the logs and I notice my inputPath parameter in my fileDownloadAction is null. I have a setter for my inputPath parameter so I don't understand why it's null or why I get this error. Is there something wrong with my setup? If I do put a parameter for the inputPath in my action definition like in the Struts 2 showcase example, it works fine. Any ideas? DNewfield wrote: > > Grish wrote: >> Hmmm good point. So does this mean that the only secure way of having >> downloads is to have specific actions for each download? Or is there a >> better approach? > > I don't claim to know what the best approach is. As long as your action > does sufficient validation of the specified input path (like checking > against a whitelist, or only allowing from certain directories (check > for ".." path segments!)), your approach may be OK. I tend to have a > separate action for each "category" of stuff downloaded from my app > (along with category-specific validation). Since I don't know your > requirements, I cannot know that that is applicable for you. > > -Dale > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/-S2--Parameterized-File-Downloading-tf4191759.html#a11957463 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [S2] Parameterized File Downloading
Grish wrote: Hmmm good point. So does this mean that the only secure way of having downloads is to have specific actions for each download? Or is there a better approach? I don't claim to know what the best approach is. As long as your action does sufficient validation of the specified input path (like checking against a whitelist, or only allowing from certain directories (check for ".." path segments!)), your approach may be OK. I tend to have a separate action for each "category" of stuff downloaded from my app (along with category-specific validation). Since I don't know your requirements, I cannot know that that is applicable for you. -Dale - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [S2] Parameterized File Downloading
Isn't it closed with the /> in the end? I just copied the examples in the tutorials and url examples: http://struts.apache.org/2.x/docs/url.html nuwan chandrasoma-2 wrote: > > Hi, > > Is it a typo, I dont see a tag in ur code? > > Thanks, > > Nuwan > > Grish wrote: >> I studied the struts showcase sample of file downloading. I wanted to do >> something similar but instead of setting the inputPath paremeter in >> struts.xml I wanted to pass it in the url. I was thinking of using the >> same >> action for several downloads and I would just pass the inputPath. But >> when I >> tried using the following: >> >> >> >> download file >> >> and I took out the inputPath param in the struts.xml: >> >> >> >> image/gif >> inputStream >> filename="test.gif" >> 4096 >> >> >> >> I noticed that my inputPath would be null and I would get the following >> error: >> >> java.lang.IllegalArgumentException: Can not find a java.io.InputStream >> with >> the name [inputStream] in the invocation stack >> >> Is there another way i should be setting my inputPath parameter for my >> File >> or do I just have to make a lot of actions for each of my download? >> >> >> > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/-S2--Parameterized-File-Downloading-tf4191759.html#a11938302 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [S2] Parameterized File Downloading
Hmmm good point. So does this mean that the only secure way of having downloads is to have specific actions for each download? Or is there a better approach? DNewfield wrote: > > Grish wrote: >> I studied the struts showcase sample of file downloading. I wanted to do >> something similar but instead of setting the inputPath paremeter in >> struts.xml I wanted to pass it in the url. > > Sounds like you're opening a very large security hole here... > > -Dale > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/-S2--Parameterized-File-Downloading-tf4191759.html#a11938299 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [S2] Parameterized File Downloading
Grish wrote: I studied the struts showcase sample of file downloading. I wanted to do something similar but instead of setting the inputPath paremeter in struts.xml I wanted to pass it in the url. Sounds like you're opening a very large security hole here... -Dale - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [S2] Parameterized File Downloading
Hi, Is it a typo, I dont see a tag in ur code? Thanks, Nuwan Grish wrote: I studied the struts showcase sample of file downloading. I wanted to do something similar but instead of setting the inputPath paremeter in struts.xml I wanted to pass it in the url. I was thinking of using the same action for several downloads and I would just pass the inputPath. But when I tried using the following: download file and I took out the inputPath param in the struts.xml: image/gif inputStream filename="test.gif" 4096 I noticed that my inputPath would be null and I would get the following error: java.lang.IllegalArgumentException: Can not find a java.io.InputStream with the name [inputStream] in the invocation stack Is there another way i should be setting my inputPath parameter for my File or do I just have to make a lot of actions for each of my download? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]