Struts2 understanding -- dynamic methods and method attributes and wildcards _ default Action

As we all know, by default, when the browser enters indexAction!execute.action, the execute method in the indexAction class will be executed. Although this is convenient, it may bring security risks. Any method in the Action can be executed through the url.

To prohibit calling dynamic methods, set the attribute strutsenableDynamicMethodInvocation to false through the constant element in struts.xml to prohibit calling dynamic methods.

method attribute:

At this time, we need to implement dynamic method invocation in other safe ways

1. Specify the method to be called when the Action is executed through the method attribute of the action element

<result name="success">/WEB-INF/jsp/basic/emp_list.jsp</result>

<result name="input_edit">/WEB-INF/jsp/basic/emp_edit.jsp</result>

<result name="input_add">/WEB-INF/jsp/basic/emp_add.jsp</result>

<result name="reload" type="redirect">empAction.action</result>

</action>

The method attribute is used in the above configuration fragment. When requesting /empAction_register.action, the Struts2 framework will find the register method in EmpAction and execute it.

There are two ways for Struts2 to find methods according to the method attribute:

1. Find a method that is exactly the same as the method attribute value

2. Find methods in the form of doMethod

The difference between using dynamic method calls and the method attribute:

<result name="success">/WEB-INF/jsp/basic/emp_list.jsp</result>

<result name="reload" type="redirect"> empAction.action </result>

</action>

<result name="success">/WEB-INF/jsp/basic/emp_register.jsp</result>

</action>

<result name="success">/WEB-INF/jsp/basic/emp_login.jsp</result>

</action>

Described through the above three configurations, these three configurations are essentially operating the same Action.

The first dynamic method pattern, by requesting /empAction!register.action or /empAction!login.action, or /empAction.action. if

If the return value of the register method, login method, and execute method is "success", they will all enter the emp_list.jsp page.

The second and third are accessed dynamically by specifying the method attribute. Here, the register and login methods assume that the return is "success", but they will not enter the same page, but enter the pages specified by their respective results.

From the above we analyze:

If the responses of different methods of the same Action use the same configuration (result, etc.), use dynamic method invocation

If the responses of different methods of the same Action use different configurations, use the method attribute of the action element to configure multiple names for the same Action.

Wildcard:

在使用method属性来实现同一个Action的不同方法处理不同的请求时，会发现，随着方法的增多，从而导致大量的Action配置，这时我们就需要通过使用通配符来解决Action配置过多的方法。

在配置<action.../>元素时，需要指定name、class、method属性。其中name属性可支持通配符，然后可以在class、method属性中使用表达式。通配符用星号 * 表示。

<result name="success">/WEB-INF/jsp/basic/emp_{1}.jsp</result>

</action>

以上配置表明，当请求/empAction_login时，通配符匹配的是login，这个值将替换{1}，最终执行EmpAction的login方法，如果方法返回值为success，跳转到emp_login.jsp页面。

默认Action：

在浏览器输入一个不存在的Action，页面将呈现404错误，为了网站更友好，我们可以设置一个默认的Action。

设置默认Action有两种形式：

1、配置每个包的默认Action，如果在相应的namespace下没有一个Action匹配请求，那么将执行该namespace默认的Action，不同的包，可配置不同的默认Action，配置如下：defaultAction为默认Action的name属性值， default语句必须写在首行。

<default-action-ref name="defaultAction"></default-action-ref>

<result>/error.jsp</result>

</action>

</package>

2、在根目录下配置默认Action，不用填写namespace属性

<default-action-ref name="defaultAction"></default-action-ref>

<result>/error.jsp</result>

</action>

</package>

如果声明了第一种，Struts2将会调用当前包下声明的默认Action。忽视全局的默认Action。

一般用第二种，统一默认的Action，不论在url中输入哪个目录或包下没有的Action，都显示错误页面。

Struts2 understanding -- dynamic methods and method attributes and wildcards _ default Action

Guess you like