RE: calling actions directly
I've noticed that I can do that too. I'm not expert, but I'm guessing that it's not an issue, and this behavior is fine (as long as it is login protected if necessary). I'm also GUESSING that the rule that actions can only be called from JSP pages is made with the assumption that you're taking input from that page to use within the action. So, if there is no input necessary for the action, then this is fine. Maybe some of the struts gurus out there can tell me if I'm on the right track? Keith Kamholz Programming and Architecture Moog Inc. Phone: (716) 687-7001 www.buffalo.edu/~kkamholz -Original Message- From: Brian McSweeney [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 9:03 AM To: Struts Users Mailing List Subject: calling actions directly Hi again everyone, yet another question. I read that one of the things about struts is the actions are only able to be called from the pages directly. Ie, you shouldn't be able to bookmark the actions themselves like: http://myhost/myaction.do However, I can do this no problem and it runs the action. Am I missing something? I'm using JBoss3.04_tomcat4.1.12 thanks, Brian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: calling actions directly
I read that one of the things about struts is the actions are only able to be called from the pages directly. Ie, you shouldn't be able to bookmark the actions themselves like: http://myhost/myaction.do Where did you hear this? That's totally not true - any action can be called directly as long as it has a mapping. It's just a URL. Otherwise, how would you enter the first action? :) Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. Matt Kruse
Re: calling actions directly
+ 1 It helps if people read one of the many books on Struts or one of the many tutorials on Struts or take one of the many instructor lead hands on training classes on Struts (I have many competitors now, just google for Struts training). (I think we need a bit of RTFM) .V ps/ot: Just hours before FRIDAY! Kruse, Matt wrote: I read that one of the things about struts is the actions are only able to be called from the pages directly. Ie, you shouldn't be able to bookmark the actions themselves like: http://myhost/myaction.do Where did you hear this? That's totally not true - any action can be called directly as long as it has a mapping. It's just a URL. Otherwise, how would you enter the first action? :) Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. Matt Kruse -- Vic Cekvenich, Struts Instructor, 1-800-917-JAVA Advanced a href =baseBeans.comStruts Training/a and project recovery in North East. Open Source a href =baseBeans.comContent Management/a basicPortal sofware Best practicea href =baseBeans.comStruts Support/a v.1.1 helper ScafflodingXPress
Re: calling actions directly
Ah yes, Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. that was it - sorry - stupid of me. Could you tell me how to secure the jsps so that they are only a result of the action? cheers, Brian - Original Message - From: Kruse, Matt [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Thursday, June 05, 2003 3:12 PM Subject: RE: calling actions directly I read that one of the things about struts is the actions are only able to be called from the pages directly. Ie, you shouldn't be able to bookmark the actions themselves like: http://myhost/myaction.do Where did you hear this? That's totally not true - any action can be called directly as long as it has a mapping. It's just a URL. Otherwise, how would you enter the first action? :) Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. Matt Kruse - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: calling actions directly
Brian, If you put all your jsp's inside a the WEB-INF directory, they will not be accessible directly -- only through an action. I think this is part of the jsp specification that nothing can be directly served out of this special directory..Otherwise, a user could pull up configuration files that reside there -- web.xml for example.For example, I have a directory structure containing jsp's under WEB-INF/jsp in my current web applicationHope this helps! --nathan On Thursday, June 5, 2003, at 09:47 AM, Brian McSweeney wrote: Ah yes, Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. that was it - sorry - stupid of me. Could you tell me how to secure the jsps so that they are only a result of the action? cheers, Brian - Original Message - From: Kruse, Matt [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Thursday, June 05, 2003 3:12 PM Subject: RE: calling actions directly I read that one of the things about struts is the actions are only able to be called from the pages directly. Ie, you shouldn't be able to bookmark the actions themselves like: http://myhost/myaction.do Where did you hear this? That's totally not true - any action can be called directly as long as it has a mapping. It's just a URL. Otherwise, how would you enter the first action? :) Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. Matt Kruse - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = Nathan Pitts Programmer Analyst Texas Animal Health Commission = - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: calling actions directly
Unfortunately, not all web containers will support this. There was apparent disagreement on the interpretation of the specification in this area. In particular, WebLogic does not support this. I believe, however, that in version 8.1 it's possible to do this, although I believe you have to set some non-standard configuration flag. I don't know the details. The alternative is to put all JSP pages into a security constraint on a role that no user is set to. -Original Message- From: Nathan Pitts [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 8:02 AM To: Struts Users Mailing List Subject: Re: calling actions directly Brian, If you put all your jsp's inside a the WEB-INF directory, they will not be accessible directly -- only through an action. I think this is part of the jsp specification that nothing can be directly served out of this special directory..Otherwise, a user could pull up configuration files that reside there -- web.xml for example.For example, I have a directory structure containing jsp's under WEB-INF/jsp in my current web applicationHope this helps! --nathan On Thursday, June 5, 2003, at 09:47 AM, Brian McSweeney wrote: Ah yes, Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. that was it - sorry - stupid of me. Could you tell me how to secure the jsps so that they are only a result of the action? cheers, Brian - Original Message - From: Kruse, Matt [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Thursday, June 05, 2003 3:12 PM Subject: RE: calling actions directly I read that one of the things about struts is the actions are only able to be called from the pages directly. Ie, you shouldn't be able to bookmark the actions themselves like: http://myhost/myaction.do Where did you hear this? That's totally not true - any action can be called directly as long as it has a mapping. It's just a URL. Otherwise, how would you enter the first action? :) Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. Matt Kruse - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = Nathan Pitts Programmer Analyst Texas Animal Health Commission = - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: calling actions directly
thanks Nathan! makes perfect sense :-) Brian - Original Message - From: Nathan Pitts [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Thursday, June 05, 2003 4:02 PM Subject: Re: calling actions directly Brian, If you put all your jsp's inside a the WEB-INF directory, they will not be accessible directly -- only through an action. I think this is part of the jsp specification that nothing can be directly served out of this special directory..Otherwise, a user could pull up configuration files that reside there -- web.xml for example.For example, I have a directory structure containing jsp's under WEB-INF/jsp in my current web applicationHope this helps! --nathan On Thursday, June 5, 2003, at 09:47 AM, Brian McSweeney wrote: Ah yes, Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. that was it - sorry - stupid of me. Could you tell me how to secure the jsps so that they are only a result of the action? cheers, Brian - Original Message - From: Kruse, Matt [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Thursday, June 05, 2003 3:12 PM Subject: RE: calling actions directly I read that one of the things about struts is the actions are only able to be called from the pages directly. Ie, you shouldn't be able to bookmark the actions themselves like: http://myhost/myaction.do Where did you hear this? That's totally not true - any action can be called directly as long as it has a mapping. It's just a URL. Otherwise, how would you enter the first action? :) Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. Matt Kruse - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = Nathan Pitts Programmer Analyst Texas Animal Health Commission = - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: calling actions directly
Right, I'm running Websphere and we couldn't get it to work. However, I just upgraded to version 5. Does anyone know if changes in v5 allow the web-inf trick to work? Keith Kamholz Programming and Architecture Moog Inc. Phone: (716) 687-7001 -Original Message- From: Karr, David [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 11:09 AM To: Struts Users Mailing List Subject: RE: calling actions directly Unfortunately, not all web containers will support this. There was apparent disagreement on the interpretation of the specification in this area. In particular, WebLogic does not support this. I believe, however, that in version 8.1 it's possible to do this, although I believe you have to set some non-standard configuration flag. I don't know the details. The alternative is to put all JSP pages into a security constraint on a role that no user is set to. -Original Message- From: Nathan Pitts [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 8:02 AM To: Struts Users Mailing List Subject: Re: calling actions directly Brian, If you put all your jsp's inside a the WEB-INF directory, they will not be accessible directly -- only through an action. I think this is part of the jsp specification that nothing can be directly served out of this special directory..Otherwise, a user could pull up configuration files that reside there -- web.xml for example.For example, I have a directory structure containing jsp's under WEB-INF/jsp in my current web applicationHope this helps! --nathan On Thursday, June 5, 2003, at 09:47 AM, Brian McSweeney wrote: Ah yes, Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. that was it - sorry - stupid of me. Could you tell me how to secure the jsps so that they are only a result of the action? cheers, Brian - Original Message - From: Kruse, Matt [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Thursday, June 05, 2003 3:12 PM Subject: RE: calling actions directly I read that one of the things about struts is the actions are only able to be called from the pages directly. Ie, you shouldn't be able to bookmark the actions themselves like: http://myhost/myaction.do Where did you hear this? That's totally not true - any action can be called directly as long as it has a mapping. It's just a URL. Otherwise, how would you enter the first action? :) Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. Matt Kruse - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = Nathan Pitts Programmer Analyst Texas Animal Health Commission = - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: calling actions directly
I don't have experience with WebLogic (it's all opensource sw and no $$ around here), but I'll take your word for it. -nathan On Thursday, June 5, 2003, at 10:08 AM, Karr, David wrote: Unfortunately, not all web containers will support this. There was apparent disagreement on the interpretation of the specification in this area. In particular, WebLogic does not support this. I believe, however, that in version 8.1 it's possible to do this, although I believe you have to set some non-standard configuration flag. I don't know the details. The alternative is to put all JSP pages into a security constraint on a role that no user is set to. -Original Message- From: Nathan Pitts [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 8:02 AM To: Struts Users Mailing List Subject: Re: calling actions directly Brian, If you put all your jsp's inside a the WEB-INF directory, they will not be accessible directly -- only through an action. I think this is part of the jsp specification that nothing can be directly served out of this special directory..Otherwise, a user could pull up configuration files that reside there -- web.xml for example.For example, I have a directory structure containing jsp's under WEB-INF/jsp in my current web applicationHope this helps! --nathan On Thursday, June 5, 2003, at 09:47 AM, Brian McSweeney wrote: Ah yes, Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. that was it - sorry - stupid of me. Could you tell me how to secure the jsps so that they are only a result of the action? cheers, Brian - Original Message - From: Kruse, Matt [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Thursday, June 05, 2003 3:12 PM Subject: RE: calling actions directly I read that one of the things about struts is the actions are only able to be called from the pages directly. Ie, you shouldn't be able to bookmark the actions themselves like: http://myhost/myaction.do Where did you hear this? That's totally not true - any action can be called directly as long as it has a mapping. It's just a URL. Otherwise, how would you enter the first action? :) Perhaps what you're thinking of is that JSP files should not be called directly or bookmarked. They should be hidden from the user completely, and only accessible through an action. Matt Kruse - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = Nathan Pitts Programmer Analyst Texas Animal Health Commission = - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = Nathan Pitts Programmer Analyst Texas Animal Health Commission = - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: calling actions directly
Karr, David wrote: The alternative is to put all JSP pages into a security constraint on a role that no user is set to. Or you could put all JSP pages into a directory that is protected by a filter which both logs the access attempt (including all relevant data such as IP address, params, etc) and then redirects the user to an error page warning them that they have been logged. You can get quite sophisticated with this, for instance if you run behind apache, you can have repeat offenders (spiders, etc) written to a .htaccess list to reject their HTTP requests outright, etc. Erik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: calling actions directly
Websphere 5 allows you to place JSPs under the WEB-INF directory. So did Websphere 4. It's not a trick but, as Nathan said, part of the specification. The reason some containers didn't support it for version 2.2 is that the spec was a little ambiguous. It has been clarified in 2.3 as being permitted. Steve -Original Message- From: Kamholz, Keith (corp-staff) USX [mailto:[EMAIL PROTECTED] Right, I'm running Websphere and we couldn't get it to work. However, I just upgraded to version 5. Does anyone know if changes in v5 allow the web-inf trick to work? From: Karr, David [mailto:[EMAIL PROTECTED] Unfortunately, not all web containers will support this. There was apparent disagreement on the interpretation of the specification in this area. From: Nathan Pitts [mailto:[EMAIL PROTECTED] If you put all your jsp's inside a the WEB-INF directory, they will not be accessible directly -- only through an action. I think this is part of the jsp specification that nothing can be directly served out of this special directory..Otherwise, a user could pull up configuration files that reside there -- web.xml for example.For example, I have a directory structure containing jsp's under WEB-INF/jsp in my current web applicationHope this helps! --nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: calling actions directly
Websphere 5 allows you to place JSPs under the WEB-INF directory. So did Websphere 4. It's not a trick but, as Nathan said, part of the specification. The reason some containers didn't support it for version 2.2 is that the spec was a little ambiguous. It has been clarified in 2.3 as being permitted. Steve -Original Message- From: Kamholz, Keith (corp-staff) USX [mailto:[EMAIL PROTECTED] Right, I'm running Websphere and we couldn't get it to work. However, I just upgraded to version 5. Does anyone know if changes in v5 allow the web-inf trick to work? From: Karr, David [mailto:[EMAIL PROTECTED] Unfortunately, not all web containers will support this. There was apparent disagreement on the interpretation of the specification in this area. From: Nathan Pitts [mailto:[EMAIL PROTECTED] If you put all your jsp's inside a the WEB-INF directory, they will not be accessible directly -- only through an action. I think this is part of the jsp specification that nothing can be directly served out of this special directory..Otherwise, a user could pull up configuration files that reside there -- web.xml for example.For example, I have a directory structure containing jsp's under WEB-INF/jsp in my current web applicationHope this helps! --nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]