Is there some way I'm unaware of by which Struts will forward/redirect a
user to another site? When modules came along, we were then faced with
either being relative to the module or the application. I don't know if
causing an inability to forward/redirect to another site was a conscious
Naw, that's just another person saying they have the same problem, I
think. I didn't see a patch in the attachment - but the question
remains if this is something we want to allow. Personally, I think we
should. If so, I'll see about getting it fixed-up.
That is the bug I was looking at
I thought of the http:// matching as well. Are there any cases when this
logic wouldn't work? Hardcoding the protocol may be a bad idea.
David
From: Eddie Bush [EMAIL PROTECTED]
Reply-To: Struts Developers List [EMAIL PROTECTED]
To: Struts Developers List [EMAIL PROTECTED]
Subject: Re:
David Graham wrote:
I thought of the http:// matching as well. Are there any cases when
this logic wouldn't work? Hardcoding the protocol may be a bad idea.
I don't like that idea either, but I can't think of a better approach.
As I said, I'm open to suggestions :-)
You could look for
I would have thought the same would apply for any specified protocol
scheme. For example someone may wish to redirect to an ftp:// through
the action forward, or maybe news:// - who knows. Without a protocol
specification of any description it's probably safe to assume we want
context relative.
Well, we could implement a static array of protocols somewhere - and
iterate over them to see if there's a match (like was being done with
module prefixes before). Then, adding support for another protocol
would just be a matter of editing that one array.
Should this go in Globals?
You've
Shouldn't you look for https: as well as a possible likely request? I've
seen several occurances where a special domain is setup for secure stuff
- e.g. www.mydomain.com - shop.mydomain.com which switches to https: in
the process.
Also, ftp:// would defeinitely need to be in there.
chanoch
What if we looked for :// instead of specific protocols?
We could also add an attribute like contextRelative=false.
David
From: Chanoch [EMAIL PROTECTED]
Reply-To: Struts Developers List [EMAIL PROTECTED]
To: 'Struts Developers List' [EMAIL PROTECTED]
Subject: RE: Going to other context
At the risk of entertaining the masses, I think I'll comment that I like
that idea. I'll try to get a fix in by this evening. If someone thinks
that is bad, speak now or forever hold your peas!
David Graham wrote:
What if we looked for :// instead of specific protocols?
We could also add an
If we are talking about the internal forward= form of the ActionMapping, then I would
say that perhaps we should
restrict this to the same context/module, and suggest that ActionForwards be used to
go outside the application
context. I believe this hehavior also applies to 1.0.x.
If we are
On Fri, 18 Oct 2002, Cliff Rowley wrote:
While I think about it, it may also be desirable in some situations to
keep the session information, even when redirecting to another scheme.
IMHO, passing the session identifier to something that is not a URL into
the same webapp is a security
IMHO, passing the session identifier to something that is not
a URL into the same webapp is a security vulnerability.
Struts should never do this
-- although applications may (of course) implement their own
schemes for establishing shared state, and such techniques
may or may not be
+1 - that would simplify things a great deal.
My idea was to have a static protocol list we'd iterate over - but I
like yours much better.
Craig R. McClanahan wrote:
On Fri, 18 Oct 2002, David Graham wrote:
Date: Fri, 18 Oct 2002 09:29:04 -0600
From: David Graham [EMAIL PROTECTED]
Reply-To:
Agreed, it would be the most flexible solution overall - allowing the
developer to programatically choose whether it's on or off.
Not that my opinion really counts :)
-Original Message-
From: Eddie Bush [mailto:ekbush;swbell.net]
Sent: 18 October 2002 18:33
To: Struts Developers
Well, someone's opinion counts - and you're someone. I beg to differ ;-)
The question is though: cringe/ How would I implement such a change?
I'd have to change:
- the DTD
- the ActionConfig/ForwardConfig classes
- refactor all places requests are finally redirected/forwarded
I guess I'm still missing the point here.
If contextRelative=true, are we not reverting to the Struts 1.0.x behavior?
If we didn't need an absolute property in Struts 1.0.x, why do we need one now?
-Ted.
10/18/2002 1:32:58 PM, Eddie Bush [EMAIL PROTECTED] wrote:
+1 - that would simplify
Maybe I'm being thick-headed here, but I cannot succeed in formulating
anything that lets me go to, say http://www.yahoo.com by way of an action.
My testing has centered primarily around use of ForwardAction.
Ted Husted wrote:
I guess I'm still missing the point here.
If
Or - ...
contextRelative is new to 1.1 (obviously). What if we replaced it with
relativeTo. relativeTo could take on the values:
application/module/absolute
Then we're not just growing warts on the side for effect.
Craig R. McClanahan wrote:
Failure case: https://www.mysecuresite.com
While this discussion is going on regarding 'relativity', I'd like to note
that bug #12600 reports a problem with the form tag that seems related:
Basically form action=login.do always prepends the module context,
making it impossible to specify a true relative link (like login.do rather
than
Yep - that's the ticket alright. I guess I still don't fully understand
the innards. I thought (after actually having examined the code) I had
a pretty bulletproof understanding. Looks like you just shot holes all
in it. APDS?
I guess I was focusing on the wrong thing. This is not a
On my current project, we've dealt with this situation (form tags with
context relative actions) by defining another action using the same classes,
i.e. now we have two actions in different modules defined using the same
Action class, Form class, etc. Then you can still use the Struts form tag.
The JavaDocs say context-relative, so I would say we should make that there
ActionForward context-relative.
Otherwise, how could it be used to interact with another servlet? Ditto for
IncludeAction.
We might also document that To forward to a module-relative resource, the
This behavior is consistent with Struts 1.0. It always prepended the application
context, and now it always
prepends the application/context.
Since actions are not physical files, and we spend a lot of time forwading from here
to there, trying to use
relative references is not really
23 matches
Mail list logo