A security issue of struts 1.x is worth noting. Because the previous mode was passed in by the front-end page data through actionform, The excute method in the action was received, and this problem does not exist.
However, if you define instance variables directly in action, the problem is very high. The reason is actually very simple:
To ensure thread-safe, the Struts framework creates only one action instance for each action class in the life cycle of an application (the same as servlet ). All client requests share an action instance, and all request threads can execute its execute () method at the same time.
Therefore, each action has only one instance. You can also see that the printing of this in action is indeed the same,
So,
Do not use global variables to remember data in actions. It is meaningless and insecure.
There is no problem with using actionform, and the reason is also very simple:
Actionform is passed into action through parameters, and there is no shared variable problem. In fact, the actionform instances generated by each request are also different.
Therefore, when using struts 1.x, pay attention to thread security issues.