Since you are using Struts2, I think the best method is Interceptors.
For inbound requests, you would put your decrypting interceptor BEFORE
your parameters interceptor and it should work like a charm. For
encrypting links and hidden field values, I think that is two
different issues. For links you would want to create your own tag the
incorporates the encryption. For hidden fields you want to encrypt
certain values in the ValueStack. I think you can use an interceptor
here as well, that will detect it is running for the result (after the
action) and then you can possibly swap a value for an encrypted value.
-D
On Dec 22, 2008, at 8:27 PM, ashan wrote:
Good explanation.
Is there a way to encrypt (transparently) form hidden fields and url
link
parameters?
Like the ones explained here:
http://today.java.net/pub/a/today/2008/05/20/securing-your-applications-request-parameters.html
http://www.hdiv.org/
Thanks,
Shan
melinate wrote:
Those are your basic options--store it in the request or in the
session. Neither is "better" than the other, but there are some
differences that might make one better suited to a particular
scenario. For example, if you need to hide the values from the user
or
ensure the are not tampered with, store them in the session. The down
side to storing in the session is that it uses more server resources,
especially if in a clustered environment.
Hope that helps,
Nathan
On 12/22/08, ashan <arthan...@gmail.com> wrote:
I'm working on a project that is build on top of Appfuse struts2
framework.
I need to pass some values between Actions. In the past I used to
pass
these
values either keeping in the form's hidden values or in session
attributes.
Is there a better alternative ways to do this now?
Thanks!
--
View this message in context:
http://www.nabble.com/passing-values-between-Actions---any-best-practice--tp21134753s2369p21134753.html
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net
For additional commands, e-mail: users-h...@appfuse.dev.java.net
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net
For additional commands, e-mail: users-h...@appfuse.dev.java.net
--
View this message in context:
http://www.nabble.com/passing-values-between-Actions---any-best-practice--tp21134753s2369p21139437.html
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net
For additional commands, e-mail: users-h...@appfuse.dev.java.net
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net
For additional commands, e-mail: users-h...@appfuse.dev.java.net
