<s:url action="someAction" var="act">
<s:param name="param1">value1</s:param>
</s:url>
<s:a href="%{act}">Go Action</s:a>
By clicking Go Action link, the address will be www.example.com/someAction?param1=value1
I want to hide passed parameters (param1=value1) like method="POST" in submitting of form. Is there anyway I can do it? Thanks.
No a URL is a GET request. If you want to POST you can do a post request with a form. If you want a button or link to do a post request, best to use JS/jQuery to hide the form and tie the buttons/links click event to submitting the form.
Struts2 has no control over the client side, there it's just HTML, CSS and JS.
As mentioned by JB Nizet, if it is about securing your information see the discussion here: How to send password securely over HTTP?
There is little issue sending most data in a get request (other than a password!) because if it is a form someone can readily see the content of the form, where seeing the parameters in the url is certainly harder.
From a server security stand point you should always assume the client can and will be able to send the worst possible data. That is why the validation framework in struts2 is so easy to use, and unlike primitive web programming systems, type conversion is a huge help. If you have a property that is an int and use that in a query you know it will be an int and not a String. If you need a String better use an Enum to ensure the value is allowed.
To hide passed parameter actually you need to submit the form. You should prevent the default behavior of the click event and replace it with the form event. Do it like in this example
<s:form id="f1" action="someAction">
<s:hidden name="param1" value="value1"/>
<s:url action="someAction" var="act"/>
<s:a id="a1" href="%{act}">Go Action</s:a>
<script type="text/javascript">
$(document).ready(function() {
$("#a1").click(function(event) {
event.preventDefault();
$("#f1").submit();
});
});
</script>
</s:form>
Related
I know it must be simple, but still I am not able to figure it out.
I have a link on a jsp page.
When this link is clicked I want another tab (of browser) to open up.
The view of this new page is defined by action class, which needs a form field value.
The problem I am facing is that I can not get the values of form fields to the action class without submitting the form. And submitting the form changes the view of the original jsp as well, which defeats the whole purpose of opening a new tab.
So I need a way to get the form field values to action class without resetting the view of original jsp page.
One way I came across was URL re-writing but that would be my last option.
Please suggest something!!
Thanks!!
Firstly I would like to point out that currently possible (to my knowledge anyway) to force a new tab to appear, it is dependent on the users' browser and the settings that they have see here for more infomation.
Now onto your question, since links cannot send form data (on their own) you have 2 options:
You can use a form "submit" button pointing to the URL you want to send the data to and to and add the target="_blank" to the form which will cause a new page to open up when the form is submitted.
You can add a javascript event to your link so that when it is pressed you append the value of the input to the URL and open a new window with that URL.
Personally I would choose the first option.
Here is a simple example of option one which doesn't remove the input value when you submit...
<html>
<body>
<form action="test1.html" method="post" target="_blank">
<input type="text" name="bob" />
<input type="submit" value="Hello"/>
</form>
</body>
</html>
You could do an ajax call, or dynamically build the link url with get parameters in it.
I am using a html form like this:
<form action="question" method="get">
where question is a java servlet class which renders the data from the form and display on other page.
What I am trying to do is display this data just below the html form not on other screen.
(Somewhat like the page where we Ask Question in stackoverflow.com where the question you enter is rendered and displayed below.)
So I am trying to do same. Anyone has an idea how to do that?
The simplest way to do it, is to use javascript (client side).
Below is a very crude example on how to do this. This will give you an idea on how to proceed.
create a html page, with two separate text area boxes.
Let the first text area box be the source where you type in the text.
Assign it an id 'source_area'.
<textarea id='source_area'>
</textarea>
Let the second text area box be the destination.
Assign it an id 'destination_area'.
Set this area as "readonly" because you don't want users typing here directly.
<textarea id='destination_area' readonly>
</textarea>
Now when a user types into the first box, we need to capture the particular action.
For this example I will use the "onKeyUp" to capture events when a keyboard key is released.
Now when typing into the source text box, a key on your keyboard is released, it will invoke a javascript function "transferToNextArea()" is invoked.
We will create the javascript function "transferToNextArea()" in
Read more about javascripts here. http://w3schools.com/js/js_events.asp
Complete list of events here. http://w3schools.com/jsref/dom_obj_event.asp
The javascript function will extract text from 'source_area' text box.
It will then assign the same text into 'destination_area'.
function transferToNextArea()
{
//extracting text.
var varSrcText = document.getElementById("source_area").value;
//assigning text to destination.
document.getElementById("destination_area").value=varSrcText
}
Complete html (tested in Google Chrome)
<html>
<body >
Source Box
<textarea id='source_area' onKeyUp="transferToNextArea();">
</textarea>
<br>
Destination Box
<textarea id='destination_area' readonly>
</textarea>
</body>
<script type="text/javascript">
function transferToNextArea()
{
var varSrcText = document.getElementById("source_area").value;
document.getElementById("destination_area").value=varSrcText
}
</script>
</html>
This is just a very basic example. It is not very effecient, but it will give you an idea of how data can be moved around.
Before assigning the text, you could manipulate the text however you want it using javascript.
Stackoverflow formats the text as per the html tags after extracting it. This will require lot more code and more work.
Using a servlet for the above task is overkill.
You would use a servlet, only if you want to do something with the data on the server side.
Example
a) store it in a database before displaying it below.
Read about "ajax" calls to send and recieve data between the server and client.
Ajax will give you the means to send data to the servlet without having to refresh the whole page.
Create a JSP with a form
on submit post the data to some servlet
process request and produce resultant data and set it to request's attribute
forward the request to same jsp
check if the data is not null display under the form
Just let the servlet forward the request to the same JSP page and use JSTL <c:if> to conditionally display the results.
request.setAttribute("questions", questions);
request.getRequestDispatcher("/WEB-INF/questions.jsp").forward(request, response);
with
<c:if test="${not empty questions}">
<h2>There are ${fn:length(questions)} questions.</h2>
<c:forEach items="${questions}" var="question">
<div class="question">${question}</div>
</c:forEach>
</c:if>
See also:
Our servlets wiki page - Contains concrete Hello World examples.
I am a beginner in the JSP World as per I have noticed that, there is one form tag which has action and method attribute. In action tag we must write the URL of the servlet which gets activated after clicking the submit button.
But my problem start here. I am trying to develop a register page.
I have two servlets:
one checks for the availability of existing user,
second register the user.
Does anyone have any idea how to achieve it without a href link or image button?
Move the code that checks for availability of the existing user and register the user to its own service class say UserService. Make the form submit to 2nd servlet which uses UserService to perform both the operations.
You can have two separate forms but not nested forms in HTML. If you want a single form to change its actions (its target URL) depending on which submit is used, the only way you can achieve that is through javascript.
You can do this with your existing approach by registering a Javascript function
<body>
<script type="text/javascript">
function submitType(submitType)
{
if(submitType==0)
document.userForm.action="CheckUserAvailability.do";
else
document.userForm.action="RegisterUser.do";
}
</script>
<form name="userForm" method="post">
--Other elements here
<input type="submit" value="Check User Availabiliy" onClick="submitType(0)"/>
<input type="submit" value="Check User Availabiliy" onClick="submitType(1)"/>
</form>
</body>
Yes You can.. In the action you give the Servlet name. and inside that servlet you can call java methods which are written in other classes.
Which means you can check
1.one checks for the availability of existing user
2.second register the user
Using two java classes(may be according to your choice)
Just call those methods with in the same servlet..Guess you got an idea.
I am working in a web application using struts. I am performing some operations in struts action class and using session.setAttribute i am setting result value. My struts action class sends result to jsp page where i am displaying result. I have to display message after loading jsp page, hence i am trying to use jquery. But i am not getting how to handle http sesion request in jquery.
Earlier i was taking one property in sturts-config.xml and setting the value instead of sending http session request parameter. But it doesn't work for me, because every time when i refresh my page it takes initial value from struts-config.xml. i am taking struts property as hidden field in jsp page by writing:
<html:hidden property="propname" styleId="id_propname" name="formname" />
for setting property value null I am writing following code in jquery.
<script type="text/javascript">
$(document).ready(function()
{
alert("some text");
$("#id_propname").val("");
});
</script>
Is there any way where i can directly get the http session request in jquery ? please reply me if you can give some suggestions I thanks to all valuable suggestions in advance.
IMHO there is no simple way to pass your session to the jquery . What you can do is to set the value of some hidden field and declare a global variable on the script and access the value and check for the valid condition if any .
Although its ugly and highly discouraged to use scriptlet inside jsp , this might work :-
<% String sessionVal = session.getAttribute("yourSessionValue").toString() %>
<html type="hidden" id="id_propname" name="propname" value=<%=sessionVal> >
In your jquery :
<script type="text/javascript">
var sessionVal;
$(document).ready(function()
{
sessionVal = $("#id_propname").val();
alert("this is the session value at Script " + sessionVal );
});
</script>
Null check for session is not done.
Or
If you are using tag libraries you can set the session value on form bean and use something like this in jsp :-
<logic:equal name="yourFormBean" property="yourProperty" value="someDefinedValue">
Do your action here
</logic:equal> <br />
Well http Sessions and Requests, in the form of java Objects and related to servlets, live in the server side. JQuery on the other hand will "normally" live in the client side... therefore your problem description is a bit "off".
The parameters you "send" in the httpsession or/and in the httprequest are for the jsp generation where jQuery does not play any part. What then gets sent to the browser is the HTML generated by the jsp engine. This HTML when in the browser can then be used by jQuery.
By the way the framework name is Struts and not Sturts.
Taking in account this information I don't really understand what in fact you want to do.
I have a login form with username and password. It works, but after the request I see on the web browser something like "...login?user=myUser&password=myPassword".
Given that the form has a password field that hides the password while it's typed, it would not be funny to see the password on the address bar.
Is it possible to avoid this?
The user verification is done on the server with a custom java web server.
Set your HTTP form method to a POST, instead of a GET. This eliminates the form to append the parameters on the url.
Secure your page to use HTTPS instead of HTTP. That way, an eavesdropper cannot read unencrypted HTTP POST message.
The only way that this can be done is by not using the GET method of form submission. You need to use the POST method. More information can be found here http://www.cs.tut.fi/~jkorpela/forms/methods.html
Your form will look like this
<form method="post" action="somepage.php">
</form>
Your form is using the GET not POST. Passing variables via a query-string in the URL (GET) can be dangerous as users can see and modify these values. Change your form's method to POST. In standard HTML this would look like:
<form method="GET" action="......
...to...
<form method="POST" action=".....
You can encode the password, which will obscure it.
However using a POST form instead will hide all its fields.
Yes, use a POST request instead of GET.
Convert your form to use the HTTP "POST" method instead of "GET", e.g.:
<form action="/login" method="post">
Also consider obscuring the password before it is transmitted, e.g. using a scheme such as Base64 or MD5.
Change the 'method' attribute on the form from "get" to "post" -- and send the request over HTTPS, preferably.
When you see a "login?user=myUser&password=myPassword" in your address bar this means that your Login form is using the GET request method:
<form id="login" action="some_file" method="get">
The easiest way of hiding this info would be to change from GET to POST method:
<form id="login" action="some_file" method="post">
You can read more about both of these methods here:
When to use POST and GET?
However, note that POST is not much safer than GET. You can read more about this here:
POST and GET in terms of Security