url=action?username=admin&password=blah you means the GET way is too weakness and wanne avoid to use 'get' method?
Get the request of context, and test the method, if it's post-method handle the process, if it's get-method, refuse the connection. String method = ServletActionContext.getRequest().getMethod(); But is awkward way. Although servlets has doPost and doGet method, it can't stop the GET-Method connection at all, so do struts2. Any way, "Http" is not safe, 'post' is a little better than 'get'. On Tue, Oct 28, 2008 at 11:25 AM, esemba <[EMAIL PROTECTED]> wrote: > > Thank you for your reply. > Well, yes, but it doesn't answer my question. I'm aware of this, but it > specifies only the method the form uses. But when i call the targeted > action > directly e.g. from browser (and thus use GET method), the action will work > as well. > Thank you for your suggestions. > > > > > > Mead Lai wrote: > > > > . How can i write an action, that only serves GET / > > POST requests. > > > > <s:form method ='post'></s:form> > > or > > <s:form method ='get'></s:form> > > > > > > On Tue, Oct 28, 2008 at 11:09 AM, esemba <[EMAIL PROTECTED]> wrote: > > > >> > >> I've a simple question. How can i write an action, that only serves GET > / > >> POST requests. Lets suppose I've an actions that authenticates users. In > >> action there are fields username and password, which i set from a form > >> via > >> post http method. The action works the same as I request URL like > >> myAction.action?username=admin&password=blah (the GET way). It is > >> definitely > >> a security weakness and reminds me php directive register_globals (which > >> treats post/get variables the same way and in newer versions is > >> deprectated, > >> or even not present). Even in servlets there are methods like doPost, > >> doGet, > >> doXXX, so you can distinguish servlet's behavior for different types of > >> requests. I'm pretty sure this has already been solved here, but search > >> for > >> keywords like "get post method problem" didn't return any reasonable > >> threads. > >> > >> Thank you for your suggestions. > >> -- > >> View this message in context: > >> > http://www.nabble.com/-S2--actions-responding-only-to-POST-GET-methods-tp20200721p20200721.html > >> Sent from the Struts - User mailing list archive at Nabble.com. > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > -- > > BestRegards, > > Mead > > http://yayisoft.com > > > > Quentin Crisp - "If at first you don't succeed, failure may be your > > style." > > > > > > -- > View this message in context: > http://www.nabble.com/-S2--actions-responding-only-to-POST-GET-methods-tp20200721p20200834.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- BestRegards, Mead http://yayisoft.com George Carlin - "The other night I ate at a real nice family restaurant. Every table had an argument going."
