struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Newfield <>
Subject Re: Catch all method for actions?
Date Tue, 11 May 2010 15:57:09 GMT
On 5/11/10 11:34 AM, Mitch Claborn wrote:
> A security scan on our site is sending a request like
> /emailalink!"Xx<XaXaXXaXaX>xX.html

I'd advise setting struts.enable.DynamicMethodInvocation=false as a 
first step.

> I'd like to be able to somehow capture those requests into a catch-all
> or default method on the action so that I can do something intelligent,
> rather than just allowing an error page to show up. Is there a way to do
> this?

By "error page" do you mean a page that shows the call stack you just 
showed us, or a more generic "something bad happened" page?  The former 
should only happen if you have devMode turned on.

In general I think the answer you're looking for is

   <result name="404">/404.jsp</result>

   <exception-mapping exception="java.lang.Exception" result="404"/>


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message