0

In my Struts 2 Application, I am getting a table of values from the database using the iterator tag and using respective getter and setters for the same. For Example I am getting list of Account number, Name and Account Balance.

Now, What I wasn't do is if some one click on the Account number, then the request will be sent to another action class which has required getter and setter and will redirect him to a page where the account details will be shown based on that account number.

Problem is that, as the user clicks the URL, value is passed like get parameters so it is very insecure. I want to hide the values.

Currently I am using the following:

<s:url action="custACDetails" var="urlTag" >
    <s:param name="yourAc"><s:property value="acno"/></s:param>
</s:url>
<a href="<s:property value="#urlTag" />" ><s:property value="acno"/></a>
Roman C
  • 49,761
  • 33
  • 66
  • 176
Srijit B
  • 59
  • 1
  • 4
  • 16
  • Have u tried to add `method` property in the url tag. The documentation says it have the method property – Saif Aug 31 '14 at 14:39
  • Yes. There method indicates the name of the method in the action class, not GET or POST. Tried it. – Srijit B Sep 01 '14 at 02:11

1 Answers1

0

You can add a form to trigger a form submit event instead of default link's click event. A form should contain a hidden field to hold a parameter value. Then add javascript code to handle click event. 

<s:url action="custACDetails" includeContext="false" var="urlTag"/>
<s:set var="contextPath">${pageContext.request.contextPath}</s:set>
<s:a id="acno" href="%{#contextPath+#urlTag}"><s:property value="acno"/></s:a>
<s:form id="form" action="%{#urlTag}" method="POST">
  <s:hidden name="yourAc" value="%{acno}"/>
</s:form>
<script type="text/javascript">
  $(document).ready(function() {
    $("#acno").click(function(e) {
      e.preventDefault();
      $("#form").submit();
    });
  });
</script>
Roman C
  • 49,761
  • 33
  • 66
  • 176
  • Thank you. But the problem here is in the path. As per the code block, The URL is http://localhost:8000/FinaSoft/account//account/custACDetails.action. But actually it should be: http://localhost:8000/FinaSoft/account/custACDetails.action – Srijit B Sep 01 '14 at 02:27
  • I also added jquery, but acno is 0 on the action page. – Srijit B Sep 01 '14 at 03:24
  • The `s:a` tag requires tuning. – Roman C Sep 01 '14 at 12:17
  • I tried your last update. I am still getting 0 in the next page. Also getting following warning in apache log, WARNING: No configuration found for the specified action: '/account/custACDetails.action' in namespace: '/account'. Form action defaulting to 'action' attribute's literal value. Sep 01, 2014 9:29:06 PM com.opensymphony.xwork2.util.logging.commons.CommonsLogger warn WARNING: No configuration found for the specified action: '/account/custACDetails.action' in namespace: '/account'. Form action defaulting to 'action' attribute's literal value. – Srijit B Sep 01 '14 at 16:00
  • @SrijitB These are other questions are off topic here. You can post it with details in another post. Remember that incomplete questions are off topic on SO. You should post only [SSCCE](http://sscce.org). Also don't post the same question with these code again because it would be a duplicate. – Roman C Sep 01 '14 at 17:48