tags:

views:

306

answers:

3
+2  Q: 

Restrict HTTP requests to 'POST' only in Struts 1.x

Hello,

Is there a configurable way in Struts 1.x so my action classses are only executed on HTTP 'POST' only.

I understand I can use request.getMethod() within my action class and then do certain 'stuff' based on that.

Regards, Jonathan

A: 

Here's and idea that is both some programmatic and config solution. You can create a custom ActionMapping...

public class YourPOSTRequiredActionMapping extends ActionMapping { }

... and use in your struts config for the mappings that are POST only.

<action path="/your/path" type="YourAction" className="YourPOSTRequiredActionMapping" />

Then, you could extend the struts RequestProcessor and override processMapping

public class YourRequestProcessor extends RequestProcessor {
    protected ActionMapping processMapping(HttpServletRequest request, HttpServletResponse response, String path) throws IOException {
        ActionMapping mapping = super.processMapping(request, response, path);
        if (mapping instanceof YourPOSTRequiredActionMapping) {
            if (!request.getMethod().equals("POST")) {
                mapping = null;
            }
        }
        return mapping;
    }
}

Make sure to configure your struts config to use YourRequestProcessor.

<controller processorClass="YourRequestProcessor" nocache="true" contentType="text/html; charset=UTF-8" locale="false" />

I based this on some old working code, but I haven't even compiled the sample code above.

Kevin Hakanson  2009-06-15 16:44:39
A: 

One way of doing this without changing your application is to write a servlet Filter which rejects non-POST requests. You can then plug this filter into your web.xml file and configure its url-patterns to match your Struts controllers' paths.

skaffman  2009-06-15 19:07:54
+2  A: 

You can use your web.xml to define access permissions. This constraint prevents GET requests:

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>struts action servlet</web-resource-name>
      <url-pattern>*.do</url-pattern>
      <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
      <!-- no one! -->
    </auth-constraint>
  </security-constraint>
McDowell  2009-11-01 15:18:49

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java