Re: [Stripes-users] Why can I visit /jspname.action ?
This is documented in the Javadoc for NameBasedActionResolver[1]: Another useful feature of the NameBasedActionResolver is that when a request arrives for a URL that is not bound to an ActionBean the resolver will attempt to map the request to a view and return a 'dummy' ActionBean that will take the user to the view. The exact behaviour is modifiable by overriding one or more of [1]handleActionBeanNotFound(ActionBeanContext, String), [2]findView(String) or [3]getFindViewAttempts(String). The default behaviour is to map the URL being requested to three potential JSP names/paths, check for the existence of a JSP at those locations and if one exists then to return an ActionBean that will render the view. For example if a user requested '/account/ViewAccount.action' but an ActionBean does not yet exist bound to that URL, the resolver will check for JSPs in the following order: * /account/ViewAccount.jsp * /account/viewAccount.jsp * /account/view_account.jsp The value of this approach comes from the fact that by default all pages can appear to have a pre-action whether they actually have one or not. In the above can you might chose to link to /account/ViewAccount.action even though you know that no action exists and you want to navigate directly to a page. This way, if you later decide you do need a pre-action for any reason you can simply code the ActionBean and be done. No URLs or links need to be modified and all requests to /account/ViewAccount.action will flow through the ActionBean. [1]:http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge /stripes/controller/NameBasedActionResolver.html Freddy On Mon, Nov 4, 2013, at 02:28 PM, Dan Kaplan wrote: After setting up the starting guide, it appears that I can visit /jspname.action and this will directly render the jsp. Why does stripes let me do this? I'd think that the .action extension would only work on ActionBeans, not jsps. When is this functionality useful? Seems like it should be a bug to me. Keep in mind I can already visit /jspname.jsp if I want to. -- Thanks, Dan CONFIDENTIALITY NOTICE: The information contained in this electronic transmission may be confidential. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by email reply and then erase it from your computer system. --- --- Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. [4]http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg .clktrk ___ Stripes-users mailing list [5]Stripes-users@lists.sourceforge.net [6]https://lists.sourceforge.net/lists/listinfo/stripes-users References 1. http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/controller/NameBasedActionResolver.html#handleActionBeanNotFound%28net.sourceforge.stripes.action.ActionBeanContext,%20java.lang.String%29 2. http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/controller/NameBasedActionResolver.html#findView%28java.lang.String%29 3. http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/controller/NameBasedActionResolver.html#getFindViewAttempts%28java.lang.String%29 4. http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk 5. mailto:Stripes-users@lists.sourceforge.net 6. https://lists.sourceforge.net/lists/listinfo/stripes-users -- Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Why can I visit /jspname.action ?
cool thanks for the info On Mon, Nov 4, 2013 at 12:30 PM, Freddy Daoud xf2...@fastmail.fm wrote: This is documented in the Javadoc for NameBasedActionResolver[1]: Another useful feature of the NameBasedActionResolver is that when a request arrives for a URL that is not bound to an ActionBean the resolver will attempt to map the request to a view and return a 'dummy' ActionBean that will take the user to the view. The exact behaviour is modifiable by overriding one or more of handleActionBeanNotFound(ActionBeanContext, String)http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/controller/NameBasedActionResolver.html#handleActionBeanNotFound%28net.sourceforge.stripes.action.ActionBeanContext,%20java.lang.String%29, findView(String)http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/controller/NameBasedActionResolver.html#findView%28java.lang.String%29or getFindViewAttempts(String)http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/controller/NameBasedActionResolver.html#getFindViewAttempts%28java.lang.String%29. The default behaviour is to map the URL being requested to three potential JSP names/paths, check for the existence of a JSP at those locations and if one exists then to return an ActionBean that will render the view. For example if a user requested '/account/ViewAccount.action' but an ActionBean does not yet exist bound to that URL, the resolver will check for JSPs in the following order: - /account/ViewAccount.jsp - /account/viewAccount.jsp - /account/view_account.jsp The value of this approach comes from the fact that by default all pages can appear to have a pre-action whether they actually have one or not. In the above can you might chose to link to /account/ViewAccount.action even though you know that no action exists and you want to navigate directly to a page. This way, if you later decide you do need a pre-action for any reason you can simply code the ActionBean and be done. No URLs or links need to be modified and all requests to /account/ViewAccount.action will flow through the ActionBean. [1]: http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/controller/NameBasedActionResolver.html Freddy On Mon, Nov 4, 2013, at 02:28 PM, Dan Kaplan wrote: After setting up the starting guide, it appears that I can visit /jspname.action and this will directly render the jsp. Why does stripes let me do this? I'd think that the .action extension would only work on ActionBeans, not jsps. When is this functionality useful? Seems like it should be a bug to me. Keep in mind I can already visit /jspname.jsp if I want to. -- Thanks, Dan CONFIDENTIALITY NOTICE: The information contained in this electronic transmission may be confidential. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by email reply and then erase it from your computer system. -- Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk *___* Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users -- Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users -- Thanks, Dan -- CONFIDENTIALITY NOTICE: The information contained in this electronic transmission may be confidential. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by email reply and then erase it from your computer system. -- Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators.
Re: [Stripes-users] Why can I visit /jspname.action ?
If you don't want your jsp to be directly accessible, put it under the WEB-INF tree. That's the way stuff always works in the j2ee world as far as I know. On Nov 4, 2013 1:30 PM, Dan Kaplan d...@mirthcorp.com wrote: After setting up the starting guide, it appears that I can visit /jspname.action and this will directly render the jsp. Why does stripes let me do this? I'd think that the .action extension would only work on ActionBeans, not jsps. When is this functionality useful? Seems like it should be a bug to me. Keep in mind I can already visit /jspname.jsp if I want to. -- Thanks, Dan CONFIDENTIALITY NOTICE: The information contained in this electronic transmission may be confidential. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by email reply and then erase it from your computer system. -- Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users -- Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users