Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
Nightly Build
-
None
-
None
-
Operating System: other
Platform: Other
-
12600
Description
The getActionMappingURL method in FormTag.java always prepends the context to
an action and makes pure relative URL references impossible. Therefore, a
multi-tier architecture which maps "app-name.domain1.com/login.do"
to "domain2.com/app-name/login.do" cannot work with Struts form tags.
Why would you want to do such a thing, you ask? In some cases, it is
considered more secure to restrict access to a back-end servlet container
through a front-end web server via some sort of bridge. The bridge may further
shield the back-end server by mapping an app-specific domain to the back end
server's domain. That way access to applications can be managed on the
network/firewall level in addition to container and application levels. The
key to this strategy is avoiding absolute URL references.
Always including the context path in the action attribute of the html:form tag
makes such an architecture impossible without subclassing the off-the-shelf
Struts 1.1b2 version of FormTag.java. Perhaps the prepending of the context
could be optional depending on a boolean attribute of <html:form>,
e.g., "<html:form action=/foo relative=true>". As an aside, as far as I can
tell, it's not really necessary to include the context path since "foo.do" is
resolved to "/app-name/foo.do" within the "app-name" context. What's the
reason context is always pre-pended?