經過大量的關於stackoverflow的研究後,我張貼這個問題,因爲我找不到解決方案的問題。Struts2的URL標記 - 隱藏查詢字符串
要求方案:根據每個客戶ID作爲參數更新客戶列表。
解決方案嘗試:基於從jsp接收到的客戶ID,將它作爲Struts2 url標記傳遞給Action。
面臨的問題 - 在URL上可見的查詢字符串。
http://foo.com/Struts2Example/getCustomerAction?customerId=2
問題:
- 難道我們不能隱藏查詢字符串,如果我們使用Struts網址標記?
- 如果我們在使用Url標籤時無法隱藏使用的查詢字符串?上述場景的替代方案是什麼?
代碼struts.xml中,JSP和下面的動作 -
<h2>All Customers Details</h2>
<s:if test="customerList.size() > 0">
<table border="1px" cellpadding="8px">
<tr>
<th>Customer Id</th>
<th>First Name</th>
<th>Last Name</th>
<th>Age</th>
<th>Created Date</th>
</tr>
<s:iterator value="customerList" status="userStatus">
<tr>
<td><s:url var="editCustomer" action="getCustomerAction">
<s:param name="customerId" value="%{customerId}" />
</s:url>
<p>
<s:a href="%{editCustomer}">
<s:property value="customerId" />
</s:a>
</p></td>
<td><s:property value="firstname" /></td>
<td><s:property value="lastname" /></td>
<td><s:property value="age" /></td>
<td><s:date name="createdDate" format="dd/MM/yyyy" /></td>
</tr>
</s:iterator>
</table>
</s:if>
<br />
<br />
struts.xml-
<!-- Get Customer Details - To Pre-Populate the form to update a Customer -->
<action name="getCustomerAction" method="getCustomerById"
class="com.hcl.customer.action.CustomerAction">
<result name="success">pages/customerForm.jsp </result>
</action>
客戶採取的行動接收機類
public class CustomerAction extends ActionSupport implements ModelDriven {
Logger logger = Logger.getLogger(CustomerAction.class);
Customer customer = new Customer();
List<Customer> customerList = new ArrayList<Customer>();
CustomerDAO customerDAO = new CustomerDAOImpl();
public Customer getCustomer() {
return customer;
}
//Set Customer onto Value Stack
public void setCustomer(Customer customer) {
this.customer = customer;
}
public List<Customer> getCustomerList() {
return customerList;
}
//Set Customer List onto Value Stack
public void setCustomerList(List<Customer> customerList) {
this.customerList = customerList;
}
public String execute() throws Exception {
return SUCCESS;
}
public Object getModel() {
return customer;
}
// Edit customer details, it will retrieve the records based on customerId
//SkipValidation is used to skip the validate()
@SkipValidation
public String getCustomerById() {
logger.info("** Customer Id to edit ** " + customer.getCustomerId());
customer = customerDAO.customerById(customer.getCustomerId());
return SUCCESS;
}
爲什麼你想隱藏ID?如果您將值存儲在客戶端,任何人都可以查看源代碼並獲取它。您當然可以使用帖子發送結果,但考慮用戶需要爲頁面添加書籤。真的,答案是安全性......該用戶是否應該能夠訪問該客戶ID?如果不是,那麼在任何情況下都不應該被允許。 – Quaternion 2013-02-19 05:41:31
是的,用戶可以像這樣收藏一個頁面......但問題是,當URL爲'** getCustomer ** Action?customerId = 2'時,更新客戶'...這裏有點奇怪:> – 2013-02-19 09:06:33
@AndreaLigios - 情景是,爲了更新客戶,我必須在表單上預先填寫他的詳細信息。要獲取細節,我使用customerId查詢數據庫。 – 2013-02-19 10:48:13