• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How are Struts action forms stored?

 
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
I have an action mapping that defines a form with name="abcForm" and says scope="session". I would like to know how struts saves this form in the session.

I assume it is stored as an attribute. Is it stored under some simple key like the form name? If so, then if I do a session.setAttribute("abcForm", someObj) will that overwrite the form bean that struts has stored in the session??

I am trying to know the answer to see if a user could accidentally overwirte the struts action form bean.

Thanks.
 
Ranch Hand
Posts: 261
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
From what I know Struts adds it as an attribute
the attribute name comes from the ActionMapping. Struts uses the form bean "name" attribute you add to the action-mapping in the config file.

To get the name you could get it in action by:
mapping.getAttribute()
 
Sheriff
Posts: 6450
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"linoops",

Welcome to JavaRanch. We don't have many rules here, but we do have a naming policy which we try to strictly enforce. Please re-read this document and edit your display name in order to comply. Thanks in advance, and we look forward to seeing you around the Ranch.
 
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
mannu is correct.

I believe that when Struts check the parameter for a form it checks to see if it is of the correct ActionForm type. If it isn't the correct type, it makes the correct ActionForm and sets the attribute.

You should have no worries of a user spoofing parameters or attributes.
 
Arun
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for your replies. I am not concerned about the user spoofing attributes, but wondering if a programmer could mess the application by using the form name for some attribute he wants to store in session scope.

For ex.. say i have an action that uses a form name 'abcForm' and struts works with this form and sets data into the form and stores it in the session as an attribtue under the name 'abcForm'.
Say some developer in some other part of the application does a session.setAttribute("abcForm","Just a string object"). If this gets invoked while my action is working on the struts form could that lead to a potential conflict? Does struts store action forms under some key like struts.abcForm instead just abcForm to avoid such a situation??

Regards.
 
Jason Menard
Sheriff
Posts: 6450
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"Arun",

Thanks for your attempt to comply with our naming policy. Unfortunately your name is still not in compliance. Specifically, you must have a valid first name and a valid last name, and neither of these names may be obviously fictitious. If you have any questions on our naming policy or don't understand something you read in the document I pointed you towards previously, please feel free to bring up the issue in the JavaRanch forum. Thanks again.
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Arun:
Thank you for your replies. I am not concerned about the user spoofing attributes, but wondering if a programmer could mess the application by using the form name for some attribute he wants to store in session scope.

For ex.. say i have an action that uses a form name 'abcForm' and struts works with this form and sets data into the form and stores it in the session as an attribtue under the name 'abcForm'.
Say some developer in some other part of the application does a session.setAttribute("abcForm","Just a string object"). If this gets invoked while my action is working on the struts form could that lead to a potential conflict? Does struts store action forms under some key like struts.abcForm instead just abcForm to avoid such a situation??

Regards.



A programmer could "mess it up" but such a mistake would be blaringly obvious. It should not be of concern, especially if the names follow a unique convention in the struts-config, such as ended all in "Form" (ie employeeForm, accountForm).

But now that you mention it, I'd like to show you a simple trick I like to use for other purposes:

I have the above code in a parent ActionForm that all other ActionForms extend. This automatically places every ActionForm under the request attribute of "form" in addition to its struts-config name. I like this because it makes my JSPs and especially their JSTL tags easier to write, read, and maintain.

Notice that I made a new hook method called doReset() to be used for the scenarios that I would previously call reset().
 
reply
    Bookmark Topic Watch Topic
  • New Topic