You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Paul Benedict (JIRA)" <ji...@apache.org> on 2007/08/31 08:09:34 UTC
[jira] Updated: (STR-768) [taglib] html:form tag always prepends
context path to action via getActionMappingURL
[ https://issues.apache.org/struts/browse/STR-768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Benedict updated STR-768:
------------------------------
Comment: was deleted
> [taglib] html:form tag always prepends context path to action via getActionMappingURL
> -------------------------------------------------------------------------------------
>
> Key: STR-768
> URL: https://issues.apache.org/struts/browse/STR-768
> Project: Struts 1
> Issue Type: Improvement
> Components: Taglibs
> Affects Versions: Nightly Build
> Environment: Operating System: other
> Platform: Other
> Reporter: Jason Taylor
> Priority: Minor
>
> The getActionMappingURL method in FormTag.java always prepends the context to
> an action and makes pure relative URL references impossible. Therefore, a
> multi-tier architecture which maps "app-name.domain1.com/login.do"
> to "domain2.com/app-name/login.do" cannot work with Struts form tags.
> Why would you want to do such a thing, you ask? In some cases, it is
> considered more secure to restrict access to a back-end servlet container
> through a front-end web server via some sort of bridge. The bridge may further
> shield the back-end server by mapping an app-specific domain to the back end
> server's domain. That way access to applications can be managed on the
> network/firewall level in addition to container and application levels. The
> key to this strategy is avoiding absolute URL references.
> Always including the context path in the action attribute of the html:form tag
> makes such an architecture impossible without subclassing the off-the-shelf
> Struts 1.1b2 version of FormTag.java. Perhaps the prepending of the context
> could be optional depending on a boolean attribute of <html:form>,
> e.g., "<html:form action=/foo relative=true>". As an aside, as far as I can
> tell, it's not really necessary to include the context path since "foo.do" is
> resolved to "/app-name/foo.do" within the "app-name" context. What's the
> reason context is always pre-pended?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.