looks like you might want to code your own logic to scan for those
manipulated URL params..like the URL which contains the dreaded /WEB-INF
(and as dale suggested scan URLs to reference known .action)
Martin Gainty
__
Verzicht und Vertraulichkeitanme
Martin,
Thanks for your reply it was really helpful. I defined an action in my
struts.xml file as follows:
/ajax/tabbedpanel/example1.jsp
Here is the image of the result page. I really dont understand what I am
missing:
http://www.nabble.com/file/p24882024/tabbedexamp
Kamlesh Koringa wrote:
- URL encryption (no one can modify generated URL).
Impossible. You cannot prevent people from requesting URLs your system
does not present to them. You should assume that any parameter that you
accept from a user can be manipulated at will by that user. You can
jum
On Yesterday at 12:36pm, THJ=>Tom Holmes Jr. wrote:
THJ>
THJ> [..snip..]
THJ> But again, since I am using Spring, I will stick qith Squartz.
THJ>
THJ> Again, sorry to be off topic ... but I have some great starting points.
THJ>
THJ> Thanks!
THJ>Tom
Perhaps Spring Ba
one way of achieving this is to assign the href attr of anchor to a scoped
variable
<%
java.net.URL =new java.net.URL("http://java.sun.com/index.html";);
ActionContext.getContext().getSession().put("testUrlId", url);
%>
anyone else?
Martin Gainty
Thanks Martin for your reply
I have checked QueryCrypt. It only works with Static URL generated from
Server side to encrypt Parameters. And I am doubt will it work with Struts2
tag. For that I have to use scriplet to get All paramters and encrypt it and
generate encrypted Parameters. If i not wron
Set the "actionPackages" filter init param to a comma-separated list of
packages containing Action classes in web.xml. The packages and their
subpackages will be scanned. All classes in the designated packages
that implement Action or end in "Action" are examined.
The latter is to
allow for POJO
Hi,
I am passing Json string UI to Struts action layer and convert back to UI. I
am using JsonInterceptor which intercepts the request and converts Json
String to BeanMap suitable for parametersInterceptor.
In the backend i have a Party.java which is extended by Person.java and
Company.java. So f
QueryCryptSessionListener handles authentication
http://www.theserverside.com/news/thread.tss?thread_id=36841
BASIC URL authorization can be achieved thru predefined roles from tomcat-users
http://www.informit.com/articles/article.aspx?p=24600
i assume you're using TC?
Martin Gainty
___
9 matches
Mail list logo
