You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Paul Benedict (JIRA)" <ji...@apache.org> on 2007/08/31 08:09:34 UTC

[jira] Updated: (STR-768) [taglib] html:form tag always prepends context path to action via getActionMappingURL

     [ https://issues.apache.org/struts/browse/STR-768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paul Benedict updated STR-768:
------------------------------

    Comment: was deleted

> [taglib] html:form tag always prepends context path to action via getActionMappingURL
> -------------------------------------------------------------------------------------
>
>                 Key: STR-768
>                 URL: https://issues.apache.org/struts/browse/STR-768
>             Project: Struts 1
>          Issue Type: Improvement
>          Components: Taglibs
>    Affects Versions: Nightly Build
>         Environment: Operating System: other
> Platform: Other
>            Reporter: Jason Taylor
>            Priority: Minor
>
> The getActionMappingURL method in FormTag.java always prepends the context to 
> an action and makes pure relative URL references impossible.  Therefore, a 
> multi-tier architecture which maps "app-name.domain1.com/login.do" 
> to "domain2.com/app-name/login.do" cannot work with Struts form tags.  
> Why would you want to do such a thing, you ask?  In some cases, it is 
> considered more secure to restrict access to a back-end servlet container 
> through a front-end web server via some sort of bridge.  The bridge may further 
> shield the back-end server by mapping an app-specific domain to the back end 
> server's domain.  That way access to applications can be managed on the 
> network/firewall level in addition to container and application levels.  The 
> key to this strategy is avoiding absolute URL references.  
> Always including the context path in the action attribute of the html:form tag 
> makes such an architecture impossible without subclassing the off-the-shelf 
> Struts 1.1b2 version of FormTag.java.  Perhaps the prepending of the context 
> could be optional depending on a boolean attribute of <html:form>, 
> e.g., "<html:form action=/foo relative=true>".  As an aside, as far as I can 
> tell, it's not really necessary to include the context path since "foo.do" is 
> resolved to "/app-name/foo.do" within the "app-name" context.  What's the 
> reason context is always pre-pended?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.