You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "semaj.najraham" <se...@hotmail.com> on 2008/02/20 17:52:11 UTC
Is it post or get?
This is a novice question about post and get form submission and I am
confused.
I really appreciate if you could help me. I have included some sample codes
for explanation.
I have following action mappings in struts-config file
<action parameter="methodToCall" path="/viewUsersList"
type="com.company.myapp.user.UserAction"
scope="request" validate="false" id="View_Users_List">
<forward name="load" path=".user.usersListView" />
</action>
<action parameter="methodToCall" path="/viewUserDetails"
type="com.company.myapp.user.UserAction"
name="userForm" scope="request" validate="false"
input=".user.userEdit" id="View_User_Details">
<forward name="view" path=".user.userView" />
<forward name="edit" path=".user.userEdit" />
<forward name="save" path=".user.userView" />
</action>
I have following definitions in tiles-defs file
<definition name=".user.usersListView" extends="main.layout">
<put name="title" value="My App - View Users List" />
<put name="body" value="/user/usersListView.jsp" />
</definition>
<definition name=".user.userView" extends="main.layout">
<put name="title" value="My App - View User Details" />
<put name="body" value="/user/userView.jsp" />
</definition>
<definition name=".user.userEdit" extends="main.layout">
<put name="title" value="My App - Edit User Details" />
<put name="body" value="/user/userEdit.jsp" />
</definition>
I have following methods in UserAction (which extends DispatchAction) -
viewList, view, edit, save
In View Users List page, I am displaying list of users and link to View User
Details page using <c:url> and <c:param>.
So, when I go to View User Details page, the url looks something like this
../myApp/viewUserDetails.do?methodToCall=view&userId=1. If the Edit button
is clicked on that page, it forwards to Edit User Details and the url looks
like this ../myApp/viewUserDetails.do. I have hidden fields for methodToCall
with value 'edit' and userId with value '1'. Everything works fine, but my
point is if the user directly types
../myApp/viewUserDetails.do?methodToCall=edit&userid=1, it goes to Edit User
page.
Is this how it should behave even if it is POST or I am misunderstanding how
POST and GET works? Am I following best-practices?
My userEdit.jsp looks something like this. (By default, <html:form> method
is POST)
<html:form action="/viewUserDetails">
First Name: <html:text property="firstName" /><br />
Last Name: <html:text property="lastName" /><br />
<html:hidden property="userId" />
<html:hidden property="methodToCall" value="edit" />
<html:submit value="Save" />
</html:form>
Thank you guys..
semaj
--
View this message in context: http://www.nabble.com/Is-it-post-or-get--tp15592354p15592354.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [OT] Re: Is it post or get?
Posted by bhaarat Sharma <bh...@gmail.com>.
>../myApp/viewUserDetails.do?methodToCall=edit&userid=1, it >goes to
Edit User page.
so whats wrong with that? even if you are using \'hidden\' fields you
will retrieve them as request.getParameter(). If you dont pass the
hidden field but just type it in the url then also it will work.
If you are worried that user with userid 1 might be able to see edit
page for user with userid 20 by just changing the
url(/myApp/viewUserDetails.do?methodToCall=edit&userid=20)
then really your action should be checking whether logged in urerid
matches userid coming from request.getParameter() or whatever logic
your application requires...
On 2/20/08, Dave Newton <ne...@yahoo.com> wrote:
--- \"semaj.najraham\" <se...@hotmail.com> wrote:
> > How do I allow only POST form submission? Do I need to check on each Struts
> > Action method request.getMethod() is POST? If that\'s true, then I\'m
> > screwed. I will need to make changes on all my action classes.
>
> If you actually *care*, then yes, you\'d need to implement that across the
> application somehow. There are several ways you could go about this,
> including creating a custom request processor (which could be combined with a
> struts configuration property, marker interface, or whatever), implement an
> action sub-class (that\'s what I always used to do, IIRC), or put it in each
> action, or...
>
> I seriously doubt that you\'re \"screwed\" to any great degree.
>
> Dave
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [OT] Re: Is it post or get?
Posted by Dave Newton <ne...@yahoo.com>.
--- "semaj.najraham" <se...@hotmail.com> wrote:
> How do I allow only POST form submission? Do I need to check on each Struts
> Action method request.getMethod() is POST? If that's true, then I'm
> screwed. I will need to make changes on all my action classes.
If you actually *care*, then yes, you'd need to implement that across the
application somehow. There are several ways you could go about this,
including creating a custom request processor (which could be combined with a
struts configuration property, marker interface, or whatever), implement an
action sub-class (that's what I always used to do, IIRC), or put it in each
action, or...
I seriously doubt that you're "screwed" to any great degree.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [OT] Re: Is it post or get?
Posted by "semaj.najraham" <se...@hotmail.com>.
Thank you for replying Dave.
How do I allow only POST form submission? Do I need to check on each Struts
Action method request.getMethod() is POST? If that's true, then I'm screwed.
I will need to make changes on all my action classes.
Thank you,
semaj
newton.dave wrote:
>
> --- "semaj.najraham" <se...@hotmail.com> wrote:
>> my point is if the user directly types
>> ../myApp/viewUserDetails.do?methodToCall=edit&userid=1, it goes to Edit
>> User page.
>>
>> Is this how it should behave even if it is POST or I am misunderstanding
>> how POST and GET works?
>
> You appear to be misunderstanding not how they work, but what they are.
>
> A form submission may be GET or POST. An *action* is just an action; you
> don't define an action as a GET or POST action. Actions (in general) it
> will
> get the parameters regardless of how the request was made.
>
> The only way an action will differentiate between the two methods is if
> you
> explicitly code different paths for the different request types. For
> example,
> you may wish to only allow POST form submissions.
>
> Dave
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Is-it-post-or-get--tp15592354p15595291.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Is it post or get?
Posted by Randy Burgess <RB...@nuvox.com>.
If the user types in the URL it is a GET.
Regards,
Randy Burgess
Sr. Web Applications Developer
Nuvox Communications
> From: "semaj.najraham" <se...@hotmail.com>
> Reply-To: Struts Users Mailing List <us...@struts.apache.org>
> Date: Wed, 20 Feb 2008 08:52:11 -0800 (PST)
> To: <us...@struts.apache.org>
> Subject: Is it post or get?
>
>
> This is a novice question about post and get form submission and I am
> confused.
> I really appreciate if you could help me. I have included some sample codes
> for explanation.
>
> I have following action mappings in struts-config file
>
> <action parameter="methodToCall" path="/viewUsersList"
> type="com.company.myapp.user.UserAction"
> scope="request" validate="false" id="View_Users_List">
> <forward name="load" path=".user.usersListView" />
> </action>
>
> <action parameter="methodToCall" path="/viewUserDetails"
> type="com.company.myapp.user.UserAction"
> name="userForm" scope="request" validate="false"
> input=".user.userEdit" id="View_User_Details">
> <forward name="view" path=".user.userView" />
> <forward name="edit" path=".user.userEdit" />
> <forward name="save" path=".user.userView" />
> </action>
>
> I have following definitions in tiles-defs file
>
> <definition name=".user.usersListView" extends="main.layout">
> <put name="title" value="My App - View Users List" />
> <put name="body" value="/user/usersListView.jsp" />
> </definition>
>
> <definition name=".user.userView" extends="main.layout">
> <put name="title" value="My App - View User Details" />
> <put name="body" value="/user/userView.jsp" />
> </definition>
>
> <definition name=".user.userEdit" extends="main.layout">
> <put name="title" value="My App - Edit User Details" />
> <put name="body" value="/user/userEdit.jsp" />
> </definition>
>
> I have following methods in UserAction (which extends DispatchAction) -
> viewList, view, edit, save
>
> In View Users List page, I am displaying list of users and link to View User
> Details page using <c:url> and <c:param>.
> So, when I go to View User Details page, the url looks something like this
> ../myApp/viewUserDetails.do?methodToCall=view&userId=1. If the Edit button
> is clicked on that page, it forwards to Edit User Details and the url looks
> like this ../myApp/viewUserDetails.do. I have hidden fields for methodToCall
> with value 'edit' and userId with value '1'. Everything works fine, but my
> point is if the user directly types
> ../myApp/viewUserDetails.do?methodToCall=edit&userid=1, it goes to Edit User
> page.
>
> Is this how it should behave even if it is POST or I am misunderstanding how
> POST and GET works? Am I following best-practices?
>
> My userEdit.jsp looks something like this. (By default, <html:form> method
> is POST)
>
> <html:form action="/viewUserDetails">
> First Name: <html:text property="firstName" /><br />
> Last Name: <html:text property="lastName" /><br />
> <html:hidden property="userId" />
> <html:hidden property="methodToCall" value="edit" />
> <html:submit value="Save" />
> </html:form>
>
> Thank you guys..
> semaj
> --
> View this message in context:
> http://www.nabble.com/Is-it-post-or-get--tp15592354p15592354.html
> Sent from the Struts - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
This email and any attachments ("Message") may contain legally privileged and/or confidential information. If you are not the addressee, or if this Message has been addressed to you in error, you are not authorized to read, copy, or distribute it, and we ask that you please delete it (including all copies) and notify the sender by return email. Delivery of this Message to any person other than the intended recipient(s) shall not be deemed a waiver of confidentiality and/or a privilege.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
[OT] Re: Is it post or get?
Posted by Dave Newton <ne...@yahoo.com>.
--- "semaj.najraham" <se...@hotmail.com> wrote:
> my point is if the user directly types
> ../myApp/viewUserDetails.do?methodToCall=edit&userid=1, it goes to Edit
> User page.
>
> Is this how it should behave even if it is POST or I am misunderstanding
> how POST and GET works?
You appear to be misunderstanding not how they work, but what they are.
A form submission may be GET or POST. An *action* is just an action; you
don't define an action as a GET or POST action. Actions (in general) it will
get the parameters regardless of how the request was made.
The only way an action will differentiate between the two methods is if you
explicitly code different paths for the different request types. For example,
you may wish to only allow POST form submissions.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org