It is well known that by default, the Execute method in the Indexaction class is executed in the browser input indexaction!execute.action, which is convenient, but may pose a security risk, and can be executed by any method in the action by URL.
To suppress the invocation of a dynamic method, you disable the call to the dynamic method by setting the property strutsenabledynamicmethodinvocation to False in Struts.xml through the constant element.
<name= "Strutsenabledynamicmethodinvocation" value= "false" />
Method property: At this point we need to implement the call of the dynamic method through other secure methods. Specifies the method to invoke when the action is executed by the action element's Methods property
<Actionname= "Empaction_register"class= "Com.syaccp.erp.action.emp.EmpAction"Method= "Register"> <resultname= "Success">/web-inf/jsp/basic/emp_list.jsp</result> <resultname= "Input_edit">/web-inf/jsp/basic/emp_edit.jsp</result> <resultname= "Input_add">/web-inf/jsp/basic/emp_add.jsp</result> <resultname= "Reload"type= "Redirect">Empaction.action</result> </Action>
The method property is used in one of these configuration fragments, and the STRUTS2 framework looks up the register method in Empaction and executes it when the/empaction_register.action is requested. Struts2 There are two ways to find methods based on the method property: 1. Find the method that is exactly the same as the value of methods 2, find the method of Domethod form using the difference between the dynamic method call and the method property:
<Actionname= "Empaction"class= "Com.syaccp.erp.action.emp.EmpAction"> <resultname= "Success">/web-inf/jsp/basic/emp_list.jsp</result> <resultname= "Reload"type= "Redirect">Empaction.action</result> </Action> <Actionname= "Empaction_register"class= "Com.syaccp.erp.action.emp.EmpAction"Method= "Register"> <resultname= "Success">/web-inf/jsp/basic/emp_register.jsp</result> </Action> <Actionname= "Empaction_login"class= "Com.syaccp.erp.action.emp.EmpAction"Method= "Login"> <resultname= "Success">/web-inf/jsp/basic/emp_login.jsp</result> </Action>
Narrated by the above three configurations, these three configurations essentially operate the same action. The first dynamic method pattern, by requesting/empaction!register.action or/empaction!login.action, or/empaction.action. If the Register method, the login method, and the Execute method return value are all "success", the emp_list.jsp page will be entered. The 23rd one is accessed dynamically by specifying the method property. Here the Register and login methods assume that the return is "success", but they do not go to the same page, but instead enter the page specified by their result. From the above we analyzed: If the response of the different methods of the same action uses the same configuration (result, etc.), then the method property of the action element is used if the response of the different methods of the same action uses a different configuration respectively. Configure multiple names for the same action.
wildcard characters:When dealing with different requests using the method property to implement different methods of the same action, it is found that as the method increases, resulting in a large number of action configurations, we need to use wildcards to resolve too many methods of the action configuration. When configuring <action.../> elements, you need to specify the name, class, and Method properties. Where the Name property supports wildcard characters, you can then use the expression in the class and method properties. Wildcard Shing * indicates.
< action name = "empaction_*" class = "Com.syaccp.erp.action.emp.EmpAction" method = "{1}" > < result name = "Success" > /web-inf/jsp/basic/emp_{1}.jsp</ result > </ action >
The above configuration indicates that when the request/empaction_login, the wildcard matches the login, this value will replace {1}, the final execution of the Empaction login method, if the method return value of success, jump to the emp_login.jsp page.
Default action:In the browser input a non-existent action, the page will render 404 error, in order to make the site more friendly, we can set a default action. There are two forms of setting the default action: 1. Configure the default action for each package, and if there is not an action match request under the corresponding namespace, the namespace default action, different packages, can be configured with different default actions. The configuration is as follows: DefaultAction is the Name property value of the default action, which must be written on the first line.
< Packagename= "Default"namespace= "/emp"extends= "Struts-default"> <Default-action-refname= "DefaultAction"></Default-action-ref> <Actionname= "DefaultAction"> <result>/error.jsp</result> </Action></ Package>
2. Configure the default action in the root directory without filling in the namespace attribute
< Packagename= "Default"extends= "Struts-default"> <Default-action-refname= "DefaultAction"></Default-action-ref> <Actionname= "DefaultAction"> <result>/error.jsp</result> </Action></ Package>
If the first is declared, STRUTS2 will invoke the default action declared under the current package. Ignore the global default action. In general, the second, unified default action, regardless of the URL entered in which directory or the package does not have an action, the error page is displayed.
Struts2 Understanding--dynamic methods and method attributes and wildcard characters _ default action