Why can I visit /jspname.action ?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Why can I visit /jspname.action ?

Dan Kaplan-2
After setting up the starting guide, it appears that I can visit /jspname.action and this will directly render the jsp.  Why does stripes let me do this?  I'd think that the .action extension would only work on ActionBeans, not jsps.  When is this functionality useful?  Seems like it should be a bug to me.  Keep in mind I can already visit /jspname.jsp if I want to.

--
Thanks,
Dan

CONFIDENTIALITY NOTICE: The information contained in this electronic transmission may be confidential. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by email reply and then erase it from your computer system.
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can I visit /jspname.action ?

Freddy D.
This is documented in the Javadoc for NameBasedActionResolver[1]:

"Another useful feature of the NameBasedActionResolver is that when a request arrives for a URL that is not bound to an ActionBean the resolver will attempt to map the request to a view and return a 'dummy' ActionBean that will take the user to the view. The exact behaviour is modifiable by overriding one or more of handleActionBeanNotFound(ActionBeanContext, String), findView(String) or getFindViewAttempts(String). The default behaviour is to map the URL being requested to three potential JSP names/paths, check for the existence of a JSP at those locations and if one exists then to return an ActionBean that will render the view. For example if a user requested '/account/ViewAccount.action' but an ActionBean does not yet exist bound to that URL, the resolver will check for JSPs in the following order:

  • /account/ViewAccount.jsp
  • /account/viewAccount.jsp
  • /account/view_account.jsp

The value of this approach comes from the fact that by default all pages can appear to have a pre-action whether they actually have one or not. In the above can you might chose to link to /account/ViewAccount.action even though you know that no action exists and you want to navigate directly to a page. This way, if you later decide you do need a pre-action for any reason you can simply code the ActionBean and be done. No URLs or links need to be modified and all requests to /account/ViewAccount.action will flow through the ActionBean."

[1]:http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/controller/NameBasedActionResolver.html

Freddy

On Mon, Nov 4, 2013, at 02:28 PM, Dan Kaplan wrote:
After setting up the starting guide, it appears that I can visit /jspname.action and this will directly render the jsp.  Why does stripes let me do this?  I'd think that the .action extension would only work on ActionBeans, not jsps.  When is this functionality useful?  Seems like it should be a bug to me.  Keep in mind I can already visit /jspname.jsp if I want to.
 
--
Thanks,
Dan

CONFIDENTIALITY NOTICE: The information contained in this electronic transmission may be confidential. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by email reply and then erase it from your computer system.
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
_______________________________________________
Stripes-users mailing list
 

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can I visit /jspname.action ?

Dan Kaplan-2
cool thanks for the info


On Mon, Nov 4, 2013 at 12:30 PM, Freddy Daoud <[hidden email]> wrote:
This is documented in the Javadoc for NameBasedActionResolver[1]:

"Another useful feature of the NameBasedActionResolver is that when a request arrives for a URL that is not bound to an ActionBean the resolver will attempt to map the request to a view and return a 'dummy' ActionBean that will take the user to the view. The exact behaviour is modifiable by overriding one or more of handleActionBeanNotFound(ActionBeanContext, String), findView(String) or getFindViewAttempts(String). The default behaviour is to map the URL being requested to three potential JSP names/paths, check for the existence of a JSP at those locations and if one exists then to return an ActionBean that will render the view. For example if a user requested '/account/ViewAccount.action' but an ActionBean does not yet exist bound to that URL, the resolver will check for JSPs in the following order:

  • /account/ViewAccount.jsp
  • /account/viewAccount.jsp
  • /account/view_account.jsp

The value of this approach comes from the fact that by default all pages can appear to have a pre-action whether they actually have one or not. In the above can you might chose to link to /account/ViewAccount.action even though you know that no action exists and you want to navigate directly to a page. This way, if you later decide you do need a pre-action for any reason you can simply code the ActionBean and be done. No URLs or links need to be modified and all requests to /account/ViewAccount.action will flow through the ActionBean."

[1]:http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/controller/NameBasedActionResolver.html

Freddy

On Mon, Nov 4, 2013, at 02:28 PM, Dan Kaplan wrote:
After setting up the starting guide, it appears that I can visit /jspname.action and this will directly render the jsp.  Why does stripes let me do this?  I'd think that the .action extension would only work on ActionBeans, not jsps.  When is this functionality useful?  Seems like it should be a bug to me.  Keep in mind I can already visit /jspname.jsp if I want to.
 
--
Thanks,
Dan

CONFIDENTIALITY NOTICE: The information contained in this electronic transmission may be confidential. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by email reply and then erase it from your computer system.
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
_______________________________________________
Stripes-users mailing list
 

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users




--
Thanks,
Dan

CONFIDENTIALITY NOTICE: The information contained in this electronic transmission may be confidential. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by email reply and then erase it from your computer system.
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Why can I visit /jspname.action ?

Mike McNally-3
In reply to this post by Dan Kaplan-2

If you don't want your jsp to be directly accessible, put it under the WEB-INF tree. That's the way stuff always works in the j2ee world as far as I know.

On Nov 4, 2013 1:30 PM, "Dan Kaplan" <[hidden email]> wrote:
After setting up the starting guide, it appears that I can visit /jspname.action and this will directly render the jsp.  Why does stripes let me do this?  I'd think that the .action extension would only work on ActionBeans, not jsps.  When is this functionality useful?  Seems like it should be a bug to me.  Keep in mind I can already visit /jspname.jsp if I want to.

--
Thanks,
Dan

CONFIDENTIALITY NOTICE: The information contained in this electronic transmission may be confidential. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by email reply and then erase it from your computer system.
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users


------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users