I am getting token error on page refresh in struts2 application. What i am doing, I submit a form on page abc(this page having multiple forms to post different data on same url) with token and data to xyz page where i am displaying record based on data. Whenever i refresh the xyz page i am getting token error and then page will redirect to token error page.
What should i do to over come this issue. my CSRFstack is below.
<interceptor-stack name="CSRFStack">
<interceptor-ref name="token">
<param name="includeMethods">*</param>
</interceptor-ref>
<interceptor-ref name="dataSourceCheck"/>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>
I have found the suggestion i should place token session interception above all interceptors and stack, but this is also not working.
What to do to avoid this problem?
Related
I know I can call a url with the "request_locale" parameter but that won't last long. Maybe storing it in a cookie? Which I don't know how to do.
After many hours of searching I found:
A low of dead links in the apache API
Setting the locale in session attribute "org.apache.struts.action.LOCALE"
... or "request_locale"
... or "request_cookie_locale"
... or "WW_TRANS_I18N_LOCALE"
Setting the locale in ActionContext.getContext()
Something about interceptors that make my application throws exceptions so I don't know if I should pursue...
There's a mix of Struts 1 and Struts 2 in there which is not making things easier...
Here's what I have so far:
In the XML config:
<action name="languageSelection" class="changeSelectionAction">
<result name="input" type="redirect">${redirectUrl}</result>
</action>
I figured I'd use "Input" to go back to the previous page after the user selected a language.
The redirect variable is defined in my Action Class.
In the Web Page:
<webwork:url id="url" action="languageSelection">
<webwork:param name="lang">fr</webwork:param>
</webwork:url>
<webwork:a href="%{url}">French</webwork:a>
This sends "lang=fr" which I can read in my Action Class.
In the Action Class, I have:
HttpServletRequest request = ServletActionContext.getRequest();
String refererUrl = ServletActionContext.getRequest().getHeader("Referer"); // gives me the source page so I can go back to it.
setRedirectUrl(refererUrl);
String[] langs = request.getParameterValues("lang"); // getting the language the user selected
... followed by a lot of garbage that doesn't work and some insults for the compiler that are commented out.
I'm not the best web developer so any basic web advice will be welcome.
You can implement a i18n interceptor which can store your locale in the session or a cookie. See https://struts.apache.org/core-developers/i18n-interceptor.html
<interceptor name="i18nCookie" class="org.apache.struts2.interceptor.I18nInterceptor"/>
<action name="someAction" class="com.examples.SomeAction">
<interceptor-ref name="i18nCookie">
<param name="localeStorage">cookie</param>
</interceptor-ref>
<interceptor-ref name="basicStack"/>
<result name="success">good_result.ftl</result>
</action>
We use the org.apache.struts2.interceptor.I18nInterceptor in our default interceptor stack. After that struts listen to the parameter request_locale and every action that gets a ?request_locale=LANGCODE parameter will change the language for the user. Normally this setting is stored in the session of the user, so make sure user sessions are enabled too.
With the link from #TheSlavMan you can read all the possible options available for this interceptor.
Of course a simple "change language and redirect to a page"-action is possible. You are on the right path, my first guess would be to change the lang-parameter to request_locale.
In struts.xml file
<action name="myJasperTest" class="com.sample.SupplierEnquiryReport">
<result name="success" type="jasper">
<param name="location">/reports/xyz.jasper</param>
<param name="dataSource">myList</param>
<param name="format">PDF</param>
</result>
</action>
I need to return multiple pdf files after one action.
Is it possible?
No, but from your UI JSP you can:
open multiple actions, each one returning a PDF;
open another JSP, with multiple <iframe>, each one pointing (with src attribute) to a different Action (or better, to the same, but passing different parameters), and returning a PDF.
Then several pages each one with a PDF, or a big page with several iframes, each iframe with a PDF.
I want to use a struts2 interceptor for all actions which start with the specific name:
Say I want to intercept all actions which start with Module. Is there any way I can configure an interceptor something like the Spring AOP does e.g: com.acme.web.actions.Module*
I can't use AOP because it breaks all page params (As I guess there is no way the params interceptor is invoked there).
is this possible?
In Struts you can define different interceptor stacks and apply different stacks to different actions.
So in your situation you can define a different stack like this:
<interceptors>
<interceptor name="myInterceptor" class="com.company.security.MyInterceptor"/>
<interceptor-stack name="myStack">
<interceptor-ref name="myInterceptor"/>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>
</interceptors>
And, using wildcard mappings, the configuration bellow is essentially "map all actions named ModuleSomething to a class com.acme.web.actions.ModuleSometing, and apply myStack of interceptors to it:
<action name="Module*" class="com.acme.web.actions.Module{1}">
<result>{1}.jsp</result>
<interceptor-ref name="myStack"/>
</action>
Im wondering if it's possible to set a default result that would apply to every action in struts2.
For example to say that result "FOO" will always redirect to action BAR or to jsp "BAR.jsp" instead of adding <result name="FOO">xxx</result> to every action I define ...
That would help me to create a generic error page
Thanks
Yes, you can set global results for a package.
<global-results>
<result name="error">/Error.jsp</result>
<result name="invalid.token">/Error.jsp</result>
<result name="login" type="redirectAction">Logon!input</result>
</global-results>
For more details read Result Configuration Page
One quick solution that comes to my mind is global result configuration.Most often, results are nested with the action element. But some results apply to multiple actions. In a secure application, a client might try to access a page without being authorized, and many actions may need access to a "logon" result.
If actions need to share results, a set of global results can be defined for each package. The framework will first look for a local result nested in the action. If a local match is not found, then the global results are checked.
<global-results>
<result name="error">/Error.jsp</result>
<result name="invalid.token">/Error.jsp</result>
<result name="login" type="redirectAction">Logon!input</result>
</global-results>
For more details refer to the official doc
result-configuration
I'm using Struts 2.1.8.1. I have a requirement to embed some pages from another server on my own app, so the users will access to them through my application, without accessing directly the other server. My idea is to have a package definition for that, so any access to that package would be redirected to the internal server.
<package name="eco-marketing" namespace="/marketing" extends="eco-default">
<action name="*">
<result name="success" type="dispatcher">
<param name="location">http://myotherserver:8080/test/{1}</param>
</result>
</action>
</package>
But it does not work, I got a Error 404--Not Found, so I suppouse is not as easy as it sounds. Any ideas on how to do this?
TIA
I'll assume that you are accessing just html, then see: http://download.oracle.com/javase/tutorial/networking/urls/readingWriting.html
I would recommend creating an action in that package to do the work for you, and use the value of the parameter to get the required data.
You probably already know but an iframe in the consumer action will make this easier to use than trying to parse what you need out.
After you have that figured out, if you decide to create a custom result type, please post it back to us here it would be very interesting.
An example of a custom result type can be found here (4th code block from the top): http://siriwardana.blogspot.com/2008/12/creating-custom-result-type-struts-2.html