java Struts2,使用method={1}的最佳实践
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/729885/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Struts2, best practice for using method={1}
提问by Pool
I'm new to Struts 2 and I've come across this syntax (recommended in the tutorial).
我是 Struts 2 的新手,我遇到过这种语法(在教程中推荐)。
<action name="Register_*" method="{1}" class="Register">
<result name="input">/member/Register.jsp</result>
<result type="redirectAction">Menu</result>
</action>
I understand that it calls Register.{1} method. The problem is a user could put in another (random) value and cause a 500 error (which would correctly be logged as an error).
我知道它调用了 Register.{1} 方法。问题是用户可以输入另一个(随机)值并导致 500 错误(这将正确记录为错误)。
How can this be prevented?
如何防止这种情况发生?
采纳答案by kazanaki
First of all it won't call the Register.{1} method. It would call Register_{1} where {1} might be an action type (usually edit, show e.t.c)
首先,它不会调用 Register.{1} 方法。它会调用 Register_{1},其中 {1} 可能是操作类型(通常是编辑、显示等)
Meaning that the URL is actually
这意味着 URL 实际上是
Register_View
Register_Edit
e.t.c.
So if a user manually changes the URL to something that is not there such as
因此,如果用户手动将 URL 更改为不存在的内容,例如
Register_methodThatDoesNotExist
then struts 2 will return an error.
那么 struts 2 将返回一个错误。
But why is this a problem? In any web application that uses any technology if the user tampers manually with the URL an error will be returned (also the 404)
但为什么这是一个问题?在任何使用任何技术的 Web 应用程序中,如果用户手动篡改 URL,将返回错误(也是 404)
What are you trying to prevent exactly?
你到底想阻止什么?
Update:
更新:
To prevent 500 errors you can catch all actions (that do not match any rule) and redirect them in an error page. See the "Wildcard Default" default paragraph at the struts 2 wiki
为了防止 500 错误,您可以捕获所有操作(不匹配任何规则)并将它们重定向到错误页面。请参阅 struts 2 wiki 上的“通配符默认”默认段落
http://cwiki.apache.org/WW/action-configuration.html
http://cwiki.apache.org/WW/action-configuration.html
This mustbe at the end of the struts configuration
这必须在struts配置的最后
回答by Diego Magalh?es
In my applications we use it like this:
在我的应用程序中,我们像这样使用它:
<action name="*/*" class="{1}Action" method="{2}">
<interceptor-ref name="CustomAuthStack" />
<result>/pages/{1}/{2}.jsp</result>
<result name="input">/pages/error/denied.jsp</result>
<result name="logout">/pages/error/denied.jsp</result>
<!-- methods that come back to listing after processing -->
<result name="remove" type="redirectAction">{1}/list</result>
<result name="save" type="redirectAction">{1}/list</result>
<result name="enable" type="redirectAction">{1}/list</result>
....
</action>
for slashes in action like myapp/users/list you must enable slashes in action with the
对于像 myapp/users/list 这样的斜杠,你必须启用斜杠
<constant name="struts.enable.SlashesInActionNames" value="true" />
in the strus.xml.
在 strus.xml 中。
so now you have a standard:
所以现在你有了一个标准:
action --> UserAction jsp -----> users/list.jsp
action --> UserAction jsp -----> users/list.jsp
etc.
等等。
