Hello everyone,
it's not really an issue but I'd like to know how do I restrict the following behavior.
I have this set in my stuts.xml file.
<struts>
<constant name="struts.enable.DynamicMethodInvocation" value="false" />
<constant name="struts.devMode" value="false" />
<constant name="struts.custom.i18n.resources" value="ApplicationResources" />
<package name="default" extends="struts-default" namespace="/">
<result-types>
<result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult" />
</result-types>
<action name="blue">
<result name="success" type="tiles">/blue.tiles</result>
</action>
<action name="yellow">
<result name="success" type="tiles">/yellow.tiles</result>
</action>
<action name="red">
<result name="success" type="tiles">/red.tiles</result>
</action>
</package>
</struts>
Now what bothers me, is that the actions are acessible like this:
http://localhost:port/blue
http://localhost:port/yellow
http://localhost:port/red
but you can also access them like this..
http://localhost:port/yellow/blue/
http://localhost:port/red/blue/yellow
so ti triggers all the actions mentioned after "/".
I want to prevent this from happening , so I'd like to know if there's any way to restrict it?
thanks in advance, Alex
In the web.xml
you might having an entry like this for the struts action mapping
<servlet-mapping>
<servlet-name>struts2</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
As per the servlet specification A string beginning with a '/' character and ending with a '/*' suffix is used for path mapping
So if you want to give the absolute url mapping, then you have to specify them like below
<servlet-mapping>
<servlet-name>struts2</servlet-name>
<url-pattern>/blue</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>struts2</servlet-name>
<url-pattern>/yellow</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>struts2</servlet-name>
<url-pattern>/red</url-pattern>
</servlet-mapping>
If you are using struts 2.1.7 or more then you can add a exclude pattern like below
<constant name="struts.action.excludePattern" value="/([a-zA-Z0-9]+)/.*"/>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.