What makes Action Chaining in Struts2 a bad idea?
The link above suggests using Redirect After Post, via Redirect Result or Redirect Action Result. Is Redirect Action the way to go?
As mentioned in that link itself
If chaining is overused, an application can turn into "spaghetti code".
As far as I understand there is no performance issue with this.
Related
In my MVC Web application, I have created two controllers. One for handling requests coming from Mobile devices and other for handling desktop browsers.
I am trying to call the appropriate controller's action depending on who is calling the application. This check will be done by a custom logic which is ready with me.
What will be the best approach to achive this dynamic redirection to controller? My approach is to use one HTTPHandler (ashx), in which I will check the source and then give a call to appropriate controller. The device/browser will hit the URL pointing to this ashx file.
I tried somehting like this..... in ProcessRequest() method of my handler.
<source checking logic>
...
...
var webRequest = HttpWebRequest.Create(MyFinalURL);
var response = webRequest.GetResponse();
context.Response.Write(response);
Will this be the best approach? or is there any better alternative? Will HTTPModule also work for this prupose? Please suggest.
Also how will I redirect to controller action from ashx file?
Take a look at Scott Hanselman's blog post on mobile capable view engine
I was trying to understand how to perform PRG on a JSF app using this link
https://blogs.oracle.com/enterprisetechtips/entry/post_redirect_get_and_jsf
but somehow I got confused on three items.
From the blog, I see from firebug that it is issuing a 302 and GET redirect when rendering pages instead of the POST method which is a PRG.
The only changes in the blog is the scope of the bean from being a session scoped to a request scope. SO does this link suggest that
all my managed bean be at Request Scope level? I check my sample app that I am doing and I am heavily using ViewScoped and SessionScope beans.
Whats the usefulness of ViewParameters? Arent that a security problem, supposed I add more query string parameters at the url?
I am actually finding a use case on where can I used such feature.
If the transaction that I am doing will not do any transactional nature such as ADD/EDIT/DELETE, is it still a good practice to just merely use the JSF navigation which is a POST request? I just wanted to navigate to a new page.
Thanks
So does this link suggest that all my managed bean be at Request Scope level? I check my sample app that I am doing and I am heavily using ViewScoped and SessionScope beans.
The bean's scope doesn't matter for the PRG itself. It only matters for the lifespan of the data the bean holds. See also How to choose the right bean scope?
Whats the usefulness of ViewParameters? Arent that a security problem, supposed I add more query string parameters at the url? I am actually finding a use case on where can I used such feature.
The includeViewParams will only include the parameters which you've manually specified in <f:metadata><f:viewParam>. It will not include all original query parameters. This is not necessary for the PRG itself. Whether to use it or not depends on the concrete functional requirements. The article just shows that it's possible to copy all view parameters into the redirect URL, which may be useful/mandatory for some functional requirements. See also What can <f:metadata>, <f:viewParam> and <f:viewAction> be used for?
I just wanted to navigate to a new page.
Use <h:link> instead of <h:commandLink>.
<h:link value="Go to next.xhxml" outcome="next" />
See also When should I use h:outputLink instead of h:commandLink?
I am not sure my question makes sense. I have read everything I could on the subject but it did not answered my interrogation.
So here it is: I know search engines do not consider temporary redirects, with 302 status.
They do not pass any link juice in redirecting one page to another.
This is not the case for 301 status redirects.
Grails default all its redirects to 302 status.
My question is:
Does that affect SEO in any bad way, or not at all ?
I am speaking about controllers' redirects here, when handling action calls. As it is not the change of one page location to another, but just the way users move into the application, should I care about what kind of redirect is issued by my controllers actions ?
Any bit of explanation is most welcome.
Normally redirects (302) are used in response to some user input, for example a user post a form and the controller redirect to a different page based on form input.
If this is your scenario you have not to worry about SEO, search engine never compile forms.
But if you use grails controller redirect as a default navigation system for your app this is wrong. In the web every page may have a unique uri so a search engine can find it.
It doesn't affect the search engine rankings, if you properly include canonical tag and set up preferred domain in Google webmaster tools
Should the AntiForgeryToken be applied to every post action in an ASP.NET MVC application? Off the top of my head I can't think of any reason why you would not want to include this on every post action, but it seems that nobody ever actually recommends using it on all of your actions.
I'd love to hear your thoughts.
I always use it on POST/DELETE/PUT actions. I want to be as sure as I can that the request is coming from a page that my server sent to the browser when I'm changing data as a result.
Not adding an anti-forgery token to a form would require being completely sure there is no possibility of a cross site forgery (or other) attack. And that such attach will not be found in the future for that case.
On the other hand is there ever a significant disadvantage to having a token?
It seems to be that not doing it always will be more (mental) effort in finding those "no risk" cases.
Let's say you have a profile page that can only be accessed by the owner of that profile. This profile page is located at:
User/Profile/{userID}
Now, I imagine in order to prevent access to this page by other users, you could structure your UserController class's Profile function to check the current session's identity:
HttpContext.Current.User.Identity.Name
If the id matches the one in the url, then you proceed. Otherwise you redirect to some sort of error page.
My question is how do you unit test something like this? I'm guessing that you need to use some sort of dependency injection instead of the HttpContext in the controller to do the check on, but I am unclear what the best way to do that is. Any advice would be helpful.
The link above is a good one. I would also add that instead of programmatically checking the User.Identity.Name value, you should use the Authorize attributes as outlined in the article:
http://weblogs.asp.net/scottgu/archive/2008/07/14/asp-net-mvc-preview-4-release-part-1.aspx
I ended up going with the "UserNameFilter" shown in Kazi Manzur's blog post. Works like a charm and easy to unit test.
You can probably do it by using a fake for the controller context. Check out this article: http://stephenwalther.com/blog/archive/2008/07/01/asp-net-mvc-tip-12-faking-the-controller-context.aspx
This is where mocking comes in, with a fake HttpContext.