Originally posted by Arun:
Thank you for your replies. I am not concerned about the user spoofing attributes, but wondering if a programmer could mess the application by using the form name for some attribute he wants to store in session scope.
For ex.. say i have an action that uses a form name 'abcForm' and struts works with this form and sets data into the form and stores it in the session as an attribtue under the name 'abcForm'.
Say some developer in some other part of the application does a session.setAttribute("abcForm","Just a string object"). If this gets invoked while my action is working on the struts form could that lead to a potential conflict? Does struts store action forms under some key like struts.abcForm instead just abcForm to avoid such a situation??
Regards.
A programmer
could "mess it up" but such a mistake would be blaringly obvious. It should not be of concern, especially if the names follow a unique convention in the struts-config, such as ended all in "Form" (ie employeeForm, accountForm).
But now that you mention it, I'd like to show you a simple trick I like to use for other purposes:
I have the above code in a parent ActionForm that all other ActionForms extend. This automatically places every ActionForm under the request attribute of "form" in addition to its struts-config name. I like this because it makes my JSPs and especially their JSTL tags easier to write, read, and maintain.
Notice that I made a new hook method called doReset() to be used for the scenarios that I would previously call reset().