Re: [S2] Parameterized File Downloading

Grish Wed, 01 Aug 2007 19:51:32 -0700

Good ideas! I try them out, my only problem now is that if i try to pass the
parameter via the link, I still get the following error:


Can not find a java.io.InputStream with the name [inputStream] in the
invocation stack. Check the  tag specified for this action.

this is my action:

<package name="filedownload" extends="struts-default"
namespace="/filedownload">

        <action name="download" class="fileDownloadAction" >
                
            <result name="success" type="stream">
                image/gif
                inputStream
                filename="test.gif"
                4096
            </result>
        </action>

</package>

Same as in the struts 2 showcase example but I removed the set parameter for
the action.

Then I defined my link like so:

<s:url id="downloadUrl" action="download" namespace="/filedownload">
  <s:param name="inputPath" value="/images/test.gif" />
</s:url>
<s:a href="%{downloadUrl}">Get image</s:a>

I check the logs and I notice my inputPath parameter in my
fileDownloadAction is null. I have a setter for my inputPath parameter so I
don't understand why it's null or why I get this error.

Is there something wrong with my setup? If I do put a parameter for the
inputPath in my action definition like in the Struts 2 showcase example, it
works fine. Any ideas?



DNewfield wrote:
> 
> Grish wrote:
>> Hmmm good point. So does this mean that the only secure way of having
>> downloads is to have specific actions for each download? Or is there a
>> better approach?
> 
> I don't claim to know what the best approach is.  As long as your action 
> does sufficient validation of the specified input path (like checking 
> against a whitelist, or only allowing from certain directories (check 
> for ".." path segments!)), your approach may be OK.  I tend to have a 
> separate action for each "category" of stuff downloaded from my app 
> (along with category-specific validation).  Since I don't know your 
> requirements, I cannot know that that is applicable for you.
> 
> -Dale
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/-S2--Parameterized-File-Downloading-tf4191759.html#a11957463
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [S2] Parameterized File Downloading

Reply via email to