经过大量的关于stackoverflow的研究后,我张贴这个问题,因为我找不到解决方案的问题。Struts2的URL标记 - 隐藏查询字符串
要求方案:根据每个客户ID作为参数更新客户列表。
解决方案尝试:基于从jsp接收到的客户ID,将它作为Struts2 url标记传递给Action。
面临的问题 - 在URL上可见的查询字符串。
http://foo.com/Struts2Example/getCustomerAction?customerId=2
问题:
- 难道我们不能隐藏查询字符串,如果我们使用Struts网址标记?
- 如果我们在使用Url标签时无法隐藏使用的查询字符串?上述场景的替代方案是什么?
代码struts.xml中,JSP和下面的动作 -
<h2>All Customers Details</h2>
<s:if test="customerList.size() > 0">
<table border="1px" cellpadding="8px">
<tr>
<th>Customer Id</th>
<th>First Name</th>
<th>Last Name</th>
<th>Age</th>
<th>Created Date</th>
</tr>
<s:iterator value="customerList" status="userStatus">
<tr>
<td><s:url var="editCustomer" action="getCustomerAction">
<s:param name="customerId" value="%{customerId}" />
</s:url>
<p>
<s:a href="%{editCustomer}">
<s:property value="customerId" />
</s:a>
</p></td>
<td><s:property value="firstname" /></td>
<td><s:property value="lastname" /></td>
<td><s:property value="age" /></td>
<td><s:date name="createdDate" format="dd/MM/yyyy" /></td>
</tr>
</s:iterator>
</table>
</s:if>
<br />
<br />
struts.xml-
<!-- Get Customer Details - To Pre-Populate the form to update a Customer -->
<action name="getCustomerAction" method="getCustomerById"
class="com.hcl.customer.action.CustomerAction">
<result name="success">pages/customerForm.jsp </result>
</action>
客户采取的行动接收机类
public class CustomerAction extends ActionSupport implements ModelDriven {
Logger logger = Logger.getLogger(CustomerAction.class);
Customer customer = new Customer();
List<Customer> customerList = new ArrayList<Customer>();
CustomerDAO customerDAO = new CustomerDAOImpl();
public Customer getCustomer() {
return customer;
}
//Set Customer onto Value Stack
public void setCustomer(Customer customer) {
this.customer = customer;
}
public List<Customer> getCustomerList() {
return customerList;
}
//Set Customer List onto Value Stack
public void setCustomerList(List<Customer> customerList) {
this.customerList = customerList;
}
public String execute() throws Exception {
return SUCCESS;
}
public Object getModel() {
return customer;
}
// Edit customer details, it will retrieve the records based on customerId
//SkipValidation is used to skip the validate()
@SkipValidation
public String getCustomerById() {
logger.info("** Customer Id to edit ** " + customer.getCustomerId());
customer = customerDAO.customerById(customer.getCustomerId());
return SUCCESS;
}
为什么你想隐藏ID?如果您将值存储在客户端,任何人都可以查看源代码并获取它。您当然可以使用帖子发送结果,但考虑用户需要为页面添加书签。真的,答案是安全性......该用户是否应该能够访问该客户ID?如果不是,那么在任何情况下都不应该被允许。 – Quaternion 2013-02-19 05:41:31
是的,用户可以像这样收藏一个页面......但问题是,当URL为'** getCustomer ** Action?customerId = 2'时,更新客户'...这里有点奇怪:> – 2013-02-19 09:06:33
@AndreaLigios - 情景是,为了更新客户,我必须在表单上预先填写他的详细信息。要获取细节,我使用customerId查询数据库。 – 2013-02-19 10:48:13