You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by James Mitchell <jm...@yahoo.com> on 2002/02/16 06:20:19 UTC
RE: I have a question about putting jsp in web-inf
Question?
What is the point of putting jsp pages in web-inf?
Someone please correct me if I am wrong but,
If I see a web application URL such as
http://www.someweb.com/myapp/web-inf/somedir/mypage.jsp then I can only
assume that I can also go to
http://www.someweb.com/myapp/web-inf/web.xml
or
http://www.someweb.com/myapp/web-inf/classes/ (god forbid that you have
"directory browsing" enabled, then I could read your database connection
login and passwords (if avaialable, such as poolman.xml) or any of your
resource bundle files.
Or worse, I could download your .class and .jar files.
P.S. Did you actually click on those links? They won't work because I made
them up:-)
James Mitchell
Software Engineer
Open-Tools.org
Home Phone (770) 822-3359
Cell Phone: (678) 910-8017
-----Original Message-----
From: holger.wiechert@web.de [mailto:holger.wiechert@web.de]
Sent: Friday, February 15, 2002 10:04 AM
To: Struts Users Mailing List
Subject: <no subject>
depends on where your pages are.
If you have them in the root web app dir, use:
<frameset>
<frame src="myNavigation.jsp">
<frame src="myContent.jsp">
</frameset>
If you have it , let's say under <root>/myjsps, use:
<frameset>
<frame src="myjsps/myNavigation.jsp">
<frame src="myjsps/myContent.jsp">
</frameset>
Having the jsps under WEB-INF doesn't work on some servers WL, for instance.
From: Henry Lu
Subject: Re: frame page src=?
Date: Fri, 15 Feb 2002 05:59:28 -0800
----------------------------------------------------------------------------
----
No it doesn't work either. Could you show me a working examples?
---------------------------------------------------------------------------
Henry Lu
MCIT phone: (734) 936-2063
University of Michigan Medical Center fax: (734) 763-4372
On Fri, 15 Feb 2002, Jin Bal wrote:
> how about
> src=something.do
> ----- Original Message -----
> From: "Henry Lu" <zh...@umich.edu>
> To: <st...@jakarta.apache.org>
> Sent: Friday, February 15, 2002 1:34 PM
> Subject: frame page src=?
>
>
> > How to specify src path in the frame tag under struts?
> >
> > I did the following and it didn't work
> >
> > src="/WEB-INF/jsp/login/blank.jsp"
> > neither
> > src="/do/someting"
> > neither
> > src="/jsp/login/blank.jsp"
> >
> > Could you show me an example?
> >
> >
>
> --------------------------------------------------------------------------
> -
> > Henry Lu
> > MCIT phone: (734) 936-2063
> > University of Michigan Medical Center fax: (734) 763-4372
> >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> >
> >
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
____________________________________________________________________________
__
Seien Sie dabei und sichern Sie sich 100% Leistung, 100% Prämie und
100% Zufriedenheit. Jetzt unter http://club.web.de/?mc=021105
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Changing Request Parameters
Posted by Michael Baldwin <mi...@sun.com>.
Since you're forwarding from Action to Action, you do have a minor issue. Things
you set in the request will be reset after the forward.
Solution 1: add what you need to the session.
Solution 2: extend ActionForward with a subclass that takes a map of name value
pairs to stick in the request. Override the getPath() method to return the path
for the forward, plus the query string to follow it. (e.g. String getPath() {
returns something like /myAction.do?mapParam1=val1&mapParam2=val2 )
You'll probably want to create this ActionForward yourself (MyActionForward f =
new MyActionForward(path, paramMap) ); You just need to be careful that the
ActionForward doesn't get reused (for obvious reasons). I believe that the
ActionForwards in struts are static so if you use mapping.findForward("foo"), and
then add params to that, I think other actions might see them. I'm not sure.
You could probably write your action forward to take an action forward in its
constructor such that you can reuse the static one in your dynamic one (if it is
static indeed). i.e., MyActionForward f = new MyActionForward
(mapping.findForward("foo"), Map paramMap)
cheers,
--Michael
Phase Communcations wrote:
> I am forwarding from one Action to Another. I need to tweak the request
> parameters. Is there a way to do this?
>
> I tried to set the reqest value by calling the FormBean and set it from the
> action. But, it doesn't carry over to the next Action. I can't find a way to
> change the request parameters. Please help.
>
> I saw some discussion on the archive. But, is pretty aimless and not very
> clear.
>
> I am running Servlet 2.2 so don't tell me about getParameterMap().
>
> Brandon Goodin
> Phase Web and Multimedia
> P (406) 862-2245
> F (406) 862-0354
> mail@phase.ws
> http://www.phase.ws
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
and action
Posted by Henry Lu <zh...@umich.edu>.
I got error:
javax.servlet.ServletException: MultipartIterator: no multipart request
my JSP file has:
<html:form method=post action="/saveIdForm" enctype="multipart/form-data">
<html:file property="myfile"/>
...
and my ActionForm has:
private FormFile myfile;
// getter and setter
What is wrong?
---------------------------------------------------------------------------
Henry Lu
MCIT phone: (734) 936-2063
University of Michigan Medical Center fax: (734) 763-4372
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: NEVERMIND: Changing Request Parameters
Posted by Ted Husted <hu...@apache.org>.
Phase Communcations wrote:
> I tried to set the reqest value by calling the FormBean and set it from the
> action. But, it doesn't carry over to the next Action. I can't find a way to
> change the request parameters. Please help.
The trick is to put a switch on your form bean to make it immutable.
This way the controller can't mess with it between actions.
private boolean mutable = true;
public void setMutable(boolean mutable) {
this.mutable = mutable;
}
public boolean isMutable() {
return this.mutable;
}
public String whatever = null;
public void setWhatever(String whatever) {
if (isMutable()) this.whatever = whatever;
}
public String getWhatever() {
return this.whatever;
}
Then be sure that reset uses the setters (and doesn't clear mutable).
-- Ted Husted, Husted dot Com, Fairport NY US
-- Developing Java Web Applications with Struts
-- Tel: +1 585 737-3463
-- Web: http://husted.com/about/services
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: NEVERMIND: Changing Request Parameters
Posted by Jin Bal <ji...@hotmail.com>.
Equally cheesy would be to set request attributes and get the receiving
action to check the attributes before checking the req params. It's dirty I
know, but it may be slightly preferable to constructing query strings on the
server and creating a new request.......
Just a thought.
HTH
Jin
----- Original Message -----
From: "Phase Communcations" <ma...@phase.ws>
To: "Struts Users Mailing List" <st...@jakarta.apache.org>
Sent: Friday, February 22, 2002 12:16 PM
Subject: NEVERMIND: Changing Request Parameters
> A little more research and I find that it is not possible and that I need
to
> rebuild the and redirect. Cheezy.
>
> -----Original Message-----
> From: Phase Communcations [mailto:mail@phase.ws]
> Sent: Friday, February 22, 2002 5:08 AM
> To: Struts Users Mailing List
> Subject: Changing Request Parameters
>
>
> I am forwarding from one Action to Another. I need to tweak the request
> parameters. Is there a way to do this?
>
> I tried to set the reqest value by calling the FormBean and set it from
the
> action. But, it doesn't carry over to the next Action. I can't find a way
to
> change the request parameters. Please help.
>
> I saw some discussion on the archive. But, is pretty aimless and not very
> clear.
>
> I am running Servlet 2.2 so don't tell me about getParameterMap().
>
> Brandon Goodin
> Phase Web and Multimedia
> P (406) 862-2245
> F (406) 862-0354
> mail@phase.ws
> http://www.phase.ws
>
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
NEVERMIND: Changing Request Parameters
Posted by Phase Communcations <ma...@phase.ws>.
A little more research and I find that it is not possible and that I need to
rebuild the and redirect. Cheezy.
-----Original Message-----
From: Phase Communcations [mailto:mail@phase.ws]
Sent: Friday, February 22, 2002 5:08 AM
To: Struts Users Mailing List
Subject: Changing Request Parameters
I am forwarding from one Action to Another. I need to tweak the request
parameters. Is there a way to do this?
I tried to set the reqest value by calling the FormBean and set it from the
action. But, it doesn't carry over to the next Action. I can't find a way to
change the request parameters. Please help.
I saw some discussion on the archive. But, is pretty aimless and not very
clear.
I am running Servlet 2.2 so don't tell me about getParameterMap().
Brandon Goodin
Phase Web and Multimedia
P (406) 862-2245
F (406) 862-0354
mail@phase.ws
http://www.phase.ws
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Changing Request Parameters
Posted by Phase Communcations <ma...@phase.ws>.
I am forwarding from one Action to Another. I need to tweak the request
parameters. Is there a way to do this?
I tried to set the reqest value by calling the FormBean and set it from the
action. But, it doesn't carry over to the next Action. I can't find a way to
change the request parameters. Please help.
I saw some discussion on the archive. But, is pretty aimless and not very
clear.
I am running Servlet 2.2 so don't tell me about getParameterMap().
Brandon Goodin
Phase Web and Multimedia
P (406) 862-2245
F (406) 862-0354
mail@phase.ws
http://www.phase.ws
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: I have a question about putting jsp in web-inf
Posted by Chuck Amadi <ch...@breconbeacons.org>.
Keith wrote:
>Users can't get at anything under web-inf by name. So it stops them running
>your jsp directly or viewing their source code.
>They still work because they can be referenced by a Sevlet (ie the struts
>ActionServlet). (not all servers are the same here).
>It's a 'rule' for commercial/senstive sites that every reference from the
>browser is a symbolic ref. (eg. a webapp + a ref. to an entry in
>struts-config.xml). This stops hackers/spies from viewing js source or even
>knowing directory names or file names.
>Looks like paranoia but I guess people have been burned.
>A few years ago you could get at server directory listing from browsers & steal
>files but these days this also is blocked. It's geting really boring...
>
>
>
>--- James Mitchell <jm...@yahoo.com> wrote:
>
>>Question?
>>
>>What is the point of putting jsp pages in web-inf?
>>
>>
>>Someone please correct me if I am wrong but,
>>
>>If I see a web application URL such as
>>http://www.someweb.com/myapp/web-inf/somedir/mypage.jsp then I can only
>>assume that I can also go to
>>
>>http://www.someweb.com/myapp/web-inf/web.xml
>>or
>>http://www.someweb.com/myapp/web-inf/classes/ (god forbid that you have
>>"directory browsing" enabled, then I could read your database connection
>>login and passwords (if avaialable, such as poolman.xml) or any of your
>>resource bundle files.
>>
>>Or worse, I could download your .class and .jar files.
>>
>>
>>
>>
>>
>>
>>P.S. Did you actually click on those links? They won't work because I made
>>them up:-)
>>
>>
>>James Mitchell
>>Software Engineer
>>Open-Tools.org
>>Home Phone (770) 822-3359
>>Cell Phone: (678) 910-8017
>>
>>
>>-----Original Message-----
>>From: holger.wiechert@web.de [mailto:holger.wiechert@web.de]
>>Sent: Friday, February 15, 2002 10:04 AM
>>To: Struts Users Mailing List
>>Subject: <no subject>
>>
>>
>>depends on where your pages are.
>>If you have them in the root web app dir, use:
>>
>><frameset>
>> <frame src="myNavigation.jsp">
>> <frame src="myContent.jsp">
>></frameset>
>>
>>If you have it , let's say under <root>/myjsps, use:
>>
>><frameset>
>> <frame src="myjsps/myNavigation.jsp">
>> <frame src="myjsps/myContent.jsp">
>></frameset>
>>
>>Having the jsps under WEB-INF doesn't work on some servers WL, for instance.
>>
>>From: Henry Lu
>>Subject: Re: frame page src=?
>>Date: Fri, 15 Feb 2002 05:59:28 -0800
>>
>>----------------------------------------------------------------------------
>>----
>>
>>No it doesn't work either. Could you show me a working examples?
>>
>>
>>---------------------------------------------------------------------------
>>Henry Lu
>>MCIT phone: (734) 936-2063
>>University of Michigan Medical Center fax: (734) 763-4372
>>
>>On Fri, 15 Feb 2002, Jin Bal wrote:
>>
>>>how about
>>>src=something.do
>>>----- Original Message -----
>>>From: "Henry Lu" <zh...@umich.edu>
>>>To: <st...@jakarta.apache.org>
>>>Sent: Friday, February 15, 2002 1:34 PM
>>>Subject: frame page src=?
>>>
>>>
>>>>How to specify src path in the frame tag under struts?
>>>>
>>>>I did the following and it didn't work
>>>>
>>>>src="/WEB-INF/jsp/login/blank.jsp"
>>>>neither
>>>>src="/do/someting"
>>>>neither
>>>>src="/jsp/login/blank.jsp"
>>>>
>>>>Could you show me an example?
>>>>
>>>>
>>>--------------------------------------------------------------------------
>>>-
>>>
>>>>Henry Lu
>>>>MCIT phone: (734) 936-2063
>>>>University of Michigan Medical Center fax: (734) 763-4372
>>>>
>>>>
>>>>--
>>>>To unsubscribe, e-mail:
>>>>
>>><ma...@jakarta.apache.org>
>>>
>>>>For additional commands, e-mail:
>>>>
>>><ma...@jakarta.apache.org>
>>>
>>>>
>>>--
>>>To unsubscribe, e-mail:
>>>
>><ma...@jakarta.apache.org>
>>
>>>For additional commands, e-mail:
>>>
>><ma...@jakarta.apache.org>
>>
>>
>>--
>>To unsubscribe, e-mail:
>><ma...@jakarta.apache.org>
>>For additional commands, e-mail:
>><ma...@jakarta.apache.org>
>>
>>
>>
>>____________________________________________________________________________
>>__
>>Seien Sie dabei und sichern Sie sich 100% Leistung, 100% Prmie und
>>100% Zufriedenheit. Jetzt unter http://club.web.de/?mc=021105
>>
>>
>>--
>>To unsubscribe, e-mail:
>><ma...@jakarta.apache.org>
>>For additional commands, e-mail:
>><ma...@jakarta.apache.org>
>>
>>
>>_________________________________________________________
>>Do You Yahoo!?
>>Get your free @yahoo.com address at http://mail.yahoo.com
>>
>>
>>--
>>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>>For additional commands, e-mail: <ma...@jakarta.apache.org>
>>
>
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Sports - Coverage of the 2002 Olympic Games
>http://sports.yahoo.com
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
Hi you may believe this is wrong albiet i have been briefed that the
WEB-INF is accessable if you are running the service under W$ NT thus
your classes,jsp and beans etc can be viewed. Apparently NT4 does not
know the difference between Web-Inf ,WEB-INF or web-inf . thus this may
now have been rectified. Please let me know otherwise.
Note "Could be the case of careless whispers"
Cheers Chuck Amadi
Systems Programmer.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: I have a question about putting jsp in web-inf
Posted by Keith <ke...@yahoo.com>.
Users can't get at anything under web-inf by name. So it stops them running
your jsp directly or viewing their source code.
They still work because they can be referenced by a Sevlet (ie the struts
ActionServlet). (not all servers are the same here).
It's a 'rule' for commercial/senstive sites that every reference from the
browser is a symbolic ref. (eg. a webapp + a ref. to an entry in
struts-config.xml). This stops hackers/spies from viewing js source or even
knowing directory names or file names.
Looks like paranoia but I guess people have been burned.
A few years ago you could get at server directory listing from browsers & steal
files but these days this also is blocked. It's geting really boring...
--- James Mitchell <jm...@yahoo.com> wrote:
> Question?
>
> What is the point of putting jsp pages in web-inf?
>
>
> Someone please correct me if I am wrong but,
>
> If I see a web application URL such as
> http://www.someweb.com/myapp/web-inf/somedir/mypage.jsp then I can only
> assume that I can also go to
>
> http://www.someweb.com/myapp/web-inf/web.xml
> or
> http://www.someweb.com/myapp/web-inf/classes/ (god forbid that you have
> "directory browsing" enabled, then I could read your database connection
> login and passwords (if avaialable, such as poolman.xml) or any of your
> resource bundle files.
>
> Or worse, I could download your .class and .jar files.
>
>
>
>
>
>
> P.S. Did you actually click on those links? They won't work because I made
> them up:-)
>
>
> James Mitchell
> Software Engineer
> Open-Tools.org
> Home Phone (770) 822-3359
> Cell Phone: (678) 910-8017
>
>
> -----Original Message-----
> From: holger.wiechert@web.de [mailto:holger.wiechert@web.de]
> Sent: Friday, February 15, 2002 10:04 AM
> To: Struts Users Mailing List
> Subject: <no subject>
>
>
> depends on where your pages are.
> If you have them in the root web app dir, use:
>
> <frameset>
> <frame src="myNavigation.jsp">
> <frame src="myContent.jsp">
> </frameset>
>
> If you have it , let's say under <root>/myjsps, use:
>
> <frameset>
> <frame src="myjsps/myNavigation.jsp">
> <frame src="myjsps/myContent.jsp">
> </frameset>
>
> Having the jsps under WEB-INF doesn't work on some servers WL, for instance.
>
> From: Henry Lu
> Subject: Re: frame page src=?
> Date: Fri, 15 Feb 2002 05:59:28 -0800
>
> ----------------------------------------------------------------------------
> ----
>
> No it doesn't work either. Could you show me a working examples?
>
>
> ---------------------------------------------------------------------------
> Henry Lu
> MCIT phone: (734) 936-2063
> University of Michigan Medical Center fax: (734) 763-4372
>
> On Fri, 15 Feb 2002, Jin Bal wrote:
>
> > how about
> > src=something.do
> > ----- Original Message -----
> > From: "Henry Lu" <zh...@umich.edu>
> > To: <st...@jakarta.apache.org>
> > Sent: Friday, February 15, 2002 1:34 PM
> > Subject: frame page src=?
> >
> >
> > > How to specify src path in the frame tag under struts?
> > >
> > > I did the following and it didn't work
> > >
> > > src="/WEB-INF/jsp/login/blank.jsp"
> > > neither
> > > src="/do/someting"
> > > neither
> > > src="/jsp/login/blank.jsp"
> > >
> > > Could you show me an example?
> > >
> > >
> >
> > --------------------------------------------------------------------------
> > -
> > > Henry Lu
> > > MCIT phone: (734) 936-2063
> > > University of Michigan Medical Center fax: (734) 763-4372
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> > <ma...@jakarta.apache.org>
> > > For additional commands, e-mail:
> > <ma...@jakarta.apache.org>
> > >
> > >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> >
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
>
> ____________________________________________________________________________
> __
> Seien Sie dabei und sichern Sie sich 100% Leistung, 100% Pr�mie und
> 100% Zufriedenheit. Jetzt unter http://club.web.de/?mc=021105
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>