What exactly is it that you're trying to stop people accessing/doing? Daniel.
> -----Original Message----- > From: Peter Neu [mailto:[EMAIL PROTECTED] > Sent: 10 November 2004 14:24 > To: Struts Users Mailing List > Subject: Re: Hiding Url File Parameters > > > OK. Then I will have rely on the filter mechanism > defined in the web.xml. > > Regards, > > Peter > > >In short no. > > > >To execute a struts action, the browser MUST make an HTTP request. This > >request MUST specify an object (in HTTP context) to retrieve. > There is no > >way to fully hide this url. It can appear to be achieved using > a frameset > >with one frame 100%x100% - only the frameset url is shown in the browser. > > > >You can also not use .do - set the servlet mapping to anything > you want - i > >believe that you can even use .html as the extension. > > > >Whatever you do will only be effective at hiding it from people > in general - > >anyone who knows about HTTP (eg hackers) can manually make the > requests and > >get round this, so really there is no advantage to hiding the url in the > >first place. > > > >Daniel. > > > > > > > > > > > >>-----Original Message----- > >>From: Peter Neu [mailto:[EMAIL PROTECTED] > >>Sent: 09 November 2004 19:02 > >>To: Struts Users Mailing List > >>Subject: Re: Hiding Url File Parameters > >> > >> > >>Thanks that definitely solved the problem. > >> > >>Is there also a way to get rid of the Action.do ? > >> > >>Regards, > >> > >>Swen > >> > >> > >> > >>Daniel Perry schrieb: > >> > >> > >> > >>>Yep, > >>>Change your code to: > >>>nextPage = mapping.findForward("struts"); > >>> > >>>and change the forward to: > >>> > >>><forward name="struts" path="/WEB-INF/struts.jsp" redirect="false" > >>>contextRelative="true"/> > >>> > >>>Note if you dont want a lot of mess in WEB-INF, put them in a > >>> > >>> > >>folder ie jsps > >> > >> > >>>and use /WEB-INF/jsps/struts.jsp > >>> > >>>Hope that helps, > >>> > >>>Daniel. > >>> > >>> > >>> > >>> > >>> > >>>>-----Original Message----- > >>>>From: Peter Neu [mailto:[EMAIL PROTECTED] > >>>>Sent: 09 November 2004 17:55 > >>>>To: Struts Users Mailing List > >>>>Subject: Re: Hiding Url File Parameters > >>>> > >>>> > >>>>OK. I tried this : > >>>> > >>>>nextPage = new ActionForward(mapping.findForward("struts").getPath(), > >>>>false); // set the flag to false > >>>> > >>>>and put the JSP's into the WEB-INF folder. > >>>> > >>>>When I tried to call the ActionClass the following error occured : > >>>> > >>>>java.lang.IllegalArgumentException: Path struts.jsp does not > >>>>start with a "/" character > >>>> > >>>>org.apache.struts.action.RequestProcessor.doForward(RequestProcess > >>>>or.java:1062) > >>>> > >>>>org.apache.struts.action.RequestProcessor.processForwardConfig(Req > >>>>uestProcessor.java:455) > >>>> > >>>>org.apache.struts.action.RequestProcessor.process(RequestProcessor > >>>>.java:279) > >>>> > >>>>org.apache.struts.action.ActionServlet.process(ActionServlet.j > ava:1482) > >>>> > >>>>org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525) > >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:709) > >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > >>>> > >>>>Here is the definition of the Action which is explicitly called > >>>>and which causes the error: > >>>> > >>>><action path="/postHv" > >>>> input="struts.jsp" > >>>> name="postHvForm" > >>>> scope="request" > >>>> validate="true" > >>>> type="pack.servlets.PostHv"> > >>>> <forward name="struts" path="struts.jsp" /> > >>>> </action> > >>>> > >>>>Do you have any idea what I did wrong ? > >>>> > >>>> > >>>>Regards, > >>>> > >>>>Peter > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>Daniel Perry schrieb: > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>So you have an action, which forwards to a jsp page, and you > >>>>> > >>>>> > >>>>> > >>>>> > >>>>dont want the > >>>> > >>>> > >>>> > >>>> > >>>>>users to see the blah.jsp? > >>>>> > >>>>>Just set redirect to false. This causes it to forward the request > >>>>>internally without sending a browser redirect. The jsp will be > >>>>> > >>>>> > >>>>> > >>>>> > >>>>processed, > >>>> > >>>> > >>>> > >>>> > >>>>>and return the result to the browser, but as far as the browser > >>>>> > >>>>> > >>>>> > >>>>> > >>>>is concerned > >>>> > >>>> > >>>> > >>>> > >>>>>it will look like its come from the action. > >>>>> > >>>>>One method of 'hiding' jsps is to put them in the WEB-INF > >>>>> > >>>>> > >>>>> > >>>>> > >>>>directory, and use > >>>> > >>>> > >>>> > >>>> > >>>>>forwards (not redirects) as this way the client CANNOT > access the jsps > >>>>>directly. > >>>>> > >>>>>Daniel. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>-----Original Message----- > >>>>>>From: Peter Neu [mailto:[EMAIL PROTECTED] > >>>>>>Sent: 09 November 2004 16:41 > >>>>>>To: Struts Users Mailing List > >>>>>>Subject: Re: Hiding Url File Parameters > >>>>>> > >>>>>> > >>>>>>Hello Joe, > >>>>>> > >>>>>>the value of the redirect flag is true since I cannot forward when > >>>>>>it is set to false. I thought this was the regular way to forward > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>from one jsp-page to another. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>Isn't there any other option how I can do the forward and > >>>>>>keep the file-name of the jsp-page out of the URL ? > >>>>>> > >>>>>>Best Regards, > >>>>>> > >>>>>>Peter > >>>>>> > >>>>>> > >>>>>> > >>>>>>Joe Germuska schrieb: > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>>At 4:03 PM +0100 11/9/04, Peter Neu wrote: > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>>Hello, > >>>>>>>> > >>>>>>>>How can I manipulate the URL-Mapping in the > >>>>>>>>web.xml /struts-config.xml in order to hide > >>>>>>>>the filenames when I use the ActionForward in an ActionServlet? > >>>>>>>>Currently the URL displays all the files which I forward to. > >>>>>>>> > >>>>>>>>Before I posted this message I looked through the mail archieve > >>>>>>>>but I only found some suggestions using JScript which I would like > >>>>>>>>to keep out of my application as much as possible. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>Are you returning an ActionForward which has a 'true' value for its > >>>>>>>redirect property? In this case, the answer is "no." > >>>>>>> > >>>>>>>Otherwise, you could have a Struts action read the file from the > >>>>>>>filesystem and write the bytes to the response. This > would hide the > >>>>>>>true file name. > >>>>>>> > >>>>>>>Joe > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>------------------------------------------------------------ > --------- > >>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>--------------------------------------------------------------------- > >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>--------------------------------------------------------------------- > >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>--------------------------------------------------------------------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>> > >>> > >>> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
