chain action in interceptor

Question

Here is my code:

import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import javax.servlet.http.HttpServletRequest;
import org.apache.struts2.StrutsStatics;

@SuppressWarnings("serial")
public class PostOnlyInterceptor extends AbstractInterceptor {

    @Override
    public String intercept(ActionInvocation ai) throws Exception {
        final ActionContext context = ai.getInvocationContext();
        HttpServletRequest request = (HttpServletRequest) context.get(StrutsStatics.HTTP_REQUEST);
        if (!request.getMethod().equals("POST")) {
            return Action.ERROR;
        }

        return ai.invoke();

    }
}

I am using this interceptor to avoid 'GET' method requests for security reasons. But when I am calling it by using chain action method: request.getMethod() returns GET request.

So how to handle this situation?

Answer 1

Beware of Action Chaining, that is discouraged :

As a rule, Action Chaining is not recommended. First explore other options, such as the Redirect After Post technique.

But if you already are using it and can't change, you can bypass the POST check from within your Interceptor by checking if the result is of type chain :

public String intercept(ActionInvocation ai) throws Exception {
    final ActionContext context = ai.getInvocationContext();
    HttpServletRequest request = (HttpServletRequest) 
                                  context.get(StrutsStatics.HTTP_REQUEST);

    boolean isChainResult = ai.getResult() != null 
          && ActionChainResult.class.isAssignableFrom(ai.getResult().getClass());

    if (!request.getMethod().equals("POST") && !isChainResult) {
        return Action.ERROR;
    }

    return ai.invoke();

}