Raible's Wiki: CreateActions

At line 63 added 4 lines.

;: ''The files in the "pages" directory will end up in "WEB-INF/pages" at deployment time. The container provides security for all files below WEB-INF. This applies to client requests, but not to forwards from the DispatchServlet. Placing all JSPs below WEB-INF ensures they are only accessed through Controllers, and not directly by the client or each other. This allows security to be moved up into the Controller, where it can be handled more efficiently, and out of the base presentation layer.''

The web application security for AppFuse specifies that all *.html url-patterns should be protected. This guarantees 1) all Controllers are protected, and 2) you must go through a Controller to get to a JSP (or at least the ones in ''pages'').

At line 104 changed 1 line.

addRequestParameter("action", "Edit");

addRequestParameter("method", "Edit");

At line 115 changed 1 line.

addRequestParameter("action", "Edit");

addRequestParameter("method", "Edit");

At line 125 changed 1 line.

addRequestParameter("action", "Save");

addRequestParameter("method", "Save");

At line 139 changed 1 line.

addRequestParameter("action", "Delete");

addRequestParameter("method", "Delete");

At line 307 changed 1 line.

* @struts.action-forward name="edit" path=".personDetail"

* @struts.action-forward name="edit" path="/WEB-INF/pages/personForm.jsp"

Raible's Wiki

AppFuse

Other Applications

CreateActions