Steve, the solution you provide doesn't solve the problem with typing the link in the adress bar. user can copy from the html source of the page the hidden atribute org.apache.struts.taglib.html.TOKEN and provide to the adres with the value. somethig like this: http://www.domain./user/action.do?org.apache.struts.taglib.html.TOKEN=b3011824c268c91cceb23606515b7887
from the point of view of the problem: >the second is I mean that, I don't want User do my action by typing my >action path directly on address bar I know you can get the referer if I am not wrong or something like this to provide the information from what domain user clik on a link. On 5/19/05, Steve Bosman <[EMAIL PROTECTED]> wrote: > > the second is I mean that, I don't want User do my action by typing my > > action path directly on address bar, such as > > http://www.myweb/user/useraction.do, but I allow User do my action by > > clicking on certain link on webpage, such as <html:link > > page="/user/useraction.do">do</html:link> > > > > any solution :( > You could try using tokens, the relevant methods are in the Action > class. From memory you need to use saveToken in the action that prior > to your webpage with the link > and isTokenValid in the receiving action to validate you have been > given a valid token and resetToken to make sure it doesn't get used > again. > I know it gets included automatically when you use html:form and > believe you can have it included when using html:link (by setting an > attribute). > > Steve > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
