struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Newfield <d...@newfield.org>
Subject Re: Catch all method for actions?
Date Tue, 11 May 2010 15:57:09 GMT
On 5/11/10 11:34 AM, Mitch Claborn wrote:
> A security scan on our site is sending a request like
>
> /emailalink!"Xx<XaXaXXaXaX>xX.html

I'd advise setting struts.enable.DynamicMethodInvocation=false as a 
first step.

> I'd like to be able to somehow capture those requests into a catch-all
> or default method on the action so that I can do something intelligent,
> rather than just allowing an error page to show up. Is there a way to do
> this?

By "error page" do you mean a page that shows the call stack you just 
showed us, or a more generic "something bad happened" page?  The former 
should only happen if you have devMode turned on.

In general I think the answer you're looking for is

<global-results>
   <result name="404">/404.jsp</result>
</global-results>

<global-exception-mappings>
   <exception-mapping exception="java.lang.Exception" result="404"/>
</global-exception-mappings>

-Dale

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message