| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="UTF-8"/> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"/> |
| <meta name="Date-Revision-yyyymmdd" content="20140918"/> |
| <meta http-equiv="Content-Language" content="en"/> |
| <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> |
| |
| <title>Exclude parameters</title> |
| |
| <link href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic" rel="stylesheet" type="text/css"> |
| <link href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css" rel="stylesheet"> |
| <link href="/css/main.css" rel="stylesheet"> |
| <link href="/css/custom.css" rel="stylesheet"> |
| <link href="/highlighter/github-theme.css" rel="stylesheet"> |
| |
| <script src="//code.jquery.com/jquery-1.11.0.min.js"></script> |
| <script type="text/javascript" src="/bootstrap/js/bootstrap.js"></script> |
| <script type="text/javascript" src="/js/community.js"></script> |
| </head> |
| <body> |
| |
| <a href="http://github.com/apache/struts" class="github-ribbon"> |
| <img style="position: absolute; right: 0; border: 0;" src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png" alt="Fork me on GitHub"> |
| </a> |
| |
| <header> |
| <nav> |
| <div role="navigation" class="navbar navbar-default navbar-fixed-top"> |
| <div class="container"> |
| <div class="navbar-header"> |
| <button type="button" data-toggle="collapse" data-target="#struts-menu" class="navbar-toggle"> |
| Menu |
| <span class="sr-only">Toggle navigation</span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| </button> |
| <a href="/index.html" class="navbar-brand logo"><img src="/img/struts-logo.svg"></a> |
| </div> |
| <div id="struts-menu" class="navbar-collapse collapse"> |
| <ul class="nav navbar-nav"> |
| <li class="dropdown"> |
| <a data-toggle="dropdown" href="#" class="dropdown-toggle"> |
| Home<b class="caret"></b> |
| </a> |
| <ul class="dropdown-menu"> |
| <li><a href="/index.html">Welcome</a></li> |
| <li><a href="/download.cgi">Download</a></li> |
| <li><a href="/releases.html">Releases</a></li> |
| <li><a href="/announce-2021.html">Announcements</a></li> |
| <li><a href="http://www.apache.org/licenses/">License</a></li> |
| <li><a href="https://www.apache.org/foundation/thanks.html">Thanks!</a></li> |
| <li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a data-toggle="dropdown" href="#" class="dropdown-toggle"> |
| Support<b class="caret"></b> |
| </a> |
| <ul class="dropdown-menu"> |
| <li><a href="/mail.html">User Mailing List</a></li> |
| <li><a href="https://issues.apache.org/jira/browse/WW">Issue Tracker</a></li> |
| <li><a href="/security.html">Reporting Security Issues</a></li> |
| <li class="divider"></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/Migration+Guide">Version Notes</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/Security+Bulletins">Security Bulletins</a></li> |
| <li class="divider"></li> |
| <li><a href="/maven/project-info.html">Maven Project Info</a></li> |
| <li><a href="/maven/struts2-core/dependencies.html">Struts Core Dependencies</a></li> |
| <li><a href="/maven/struts2-plugins/modules.html">Plugin Dependencies</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a data-toggle="dropdown" href="#" class="dropdown-toggle"> |
| Documentation<b class="caret"></b> |
| </a> |
| <ul class="dropdown-menu"> |
| <li><a href="/birdseye.html">Birds Eye</a></li> |
| <li><a href="/primer.html">Key Technologies</a></li> |
| <li><a href="/kickstart.html">Kickstart FAQ</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/Home">Wiki</a></li> |
| <li class="divider"></li> |
| <li><a href="/getting-started/">Getting Started</a></li> |
| <li><a href="/security/">Security Guide</a></li> |
| <li><a href="/core-developers/">Core Developers Guide</a></li> |
| <li><a href="/tag-developers/">Tag Developers Guide</a></li> |
| <li><a href="/maven-archetypes/">Maven Archetypes</a></li> |
| <li><a href="/plugins/">Plugins</a></li> |
| <li><a href="/maven/struts2-core/apidocs/index.html">Struts Core API</a></li> |
| <li><a href="/tag-developers/tag-reference.html">Tag reference</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/FAQs">FAQs</a></li> |
| <li><a href="http://cwiki.apache.org/S2PLUGINS/home.html">Plugin registry</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a data-toggle="dropdown" href="#" class="dropdown-toggle"> |
| Contributing<b class="caret"></b> |
| </a> |
| <ul class="dropdown-menu"> |
| <li><a href="/youatstruts.html">You at Struts</a></li> |
| <li><a href="/helping.html">How to Help FAQ</a></li> |
| <li><a href="/dev-mail.html">Development Lists</a></li> |
| <li><a href="/contributors/">Contributors Guide</a></li> |
| <li class="divider"></li> |
| <li><a href="/submitting-patches.html">Submitting patches</a></li> |
| <li><a href="/builds.html">Source Code and Builds</a></li> |
| <li><a href="/coding-standards.html">Coding standards</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/Contributors+Guide">Contributors Guide</a></li> |
| <li class="divider"></li> |
| <li><a href="/release-guidelines.html">Release Guidelines</a></li> |
| <li><a href="/bylaws.html">PMC Charter</a></li> |
| <li><a href="/volunteers.html">Volunteers</a></li> |
| <li><a href="https://gitbox.apache.org/repos/asf?p=struts.git">Source Repository</a></li> |
| <li><a href="/updating-website.html">Updating the website</a></li> |
| </ul> |
| </li> |
| <li class="apache"><a href="http://www.apache.org/"><img src="/img/apache.png"></a></li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </nav> |
| </header> |
| |
| |
| <article class="container"> |
| <section class="col-md-12"> |
| <a class="edit-on-gh" href="https://github.com/apache/struts-site/edit/master/source/getting-started/exclude-parameters.md" title="Edit this page on GitHub">Edit on GitHub</a> |
| |
| <a href="index.html" title="back to Getting started"><< back to Getting started</a> |
| |
| <h1 class="no_toc" id="exclude-parameters">Exclude Parameters</h1> |
| |
| <ul id="markdown-toc"> |
| <li><a href="#introduction" id="markdown-toc-introduction">Introduction</a></li> |
| <li><a href="#processing-request-parameters" id="markdown-toc-processing-request-parameters">Processing Request Parameters</a></li> |
| <li><a href="#excluding-request-parameters-from-struts-2-processing" id="markdown-toc-excluding-request-parameters-from-struts-2-processing">Excluding Request Parameters From Struts 2 Processing</a></li> |
| <li><a href="#example-application" id="markdown-toc-example-application">Example Application</a></li> |
| <li><a href="#summary" id="markdown-toc-summary">Summary</a></li> |
| </ul> |
| |
| <p>The example code for this tutorial, <strong>exclude-parameters</strong>, is available at <a href="https://github.com/apache/struts-examples">struts-examples</a>.</p> |
| |
| <h2 id="introduction">Introduction</h2> |
| |
| <p>When <a href="../core-developers/struts-xml.html">Struts development mode is set to true</a> (also see <a href="debugging-struts.html">Debugging Struts</a>) |
| the framework writes many informative messages to the log file. These messages include ones that indicate whether |
| or not a specific parameter will be handled by the parameter interceptor and made available to the Action class. |
| These log messages can be helpful in clearly identifying parameters that you do not want the parameter interceptor |
| to process for security or other reasons. This article discusses how to exclude parameters from being handled by |
| the parameter interceptor.</p> |
| |
| <p>The <a href="http://struts.apache.org/mail.html">Struts 2 user mailing list</a> is an excellent place to get help. If you are having |
| a problem getting the tutorial example applications to work search the Struts 2 mailing list. If you don’t find an answer |
| to your problem, post a question on the mailing list.</p> |
| |
| <h2 id="processing-request-parameters">Processing Request Parameters</h2> |
| |
| <p>Most request parameters are by default processed by the parameter interceptor and Struts 2 will attempt to modify the state |
| of those Action class fields that match up to a parameter name by calling a corresponding public set method. For example |
| if the request includes a parameter of lastName with a value of Phillips, Struts 2 will try to call a public method with |
| a signature of setLastName(String lastName). However, there may be request parameters that you do not want Struts 2 |
| to try to set the value of in the Action class.</p> |
| |
| <p>Consider this code which creates a form:</p> |
| |
| <p><strong>Struts 2 Form Tags</strong></p> |
| |
| <div class="language-html highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nt"><s:form</span> <span class="na">action=</span><span class="s">"save"</span> <span class="na">method=</span><span class="s">"post"</span><span class="nt">></span> |
| <span class="nt"><s:textfield</span> <span class="na">key=</span><span class="s">"personBean.firstName"</span> <span class="nt">/></span> |
| <span class="nt"><s:textfield</span> <span class="na">key=</span><span class="s">"personBean.lastName"</span> <span class="nt">/></span> |
| <span class="nt"><s:textfield</span> <span class="na">key=</span><span class="s">"personBean.email"</span> <span class="nt">/></span> |
| <span class="nt"><s:textfield</span> <span class="na">key=</span><span class="s">"personBean.phoneNumber"</span> <span class="nt">/></span> |
| <span class="nt"><s:select</span> <span class="na">key=</span><span class="s">"personBean.sport"</span> <span class="na">list=</span><span class="s">"sports"</span> <span class="nt">/></span> |
| <span class="nt"><s:radio</span> <span class="na">key=</span><span class="s">"personBean.gender"</span> <span class="na">list=</span><span class="s">"genders"</span> <span class="nt">/></span> |
| <span class="nt"><s:select</span> <span class="na">key=</span><span class="s">"personBean.residency"</span> <span class="na">list=</span><span class="s">"states"</span> <span class="na">listKey=</span><span class="s">"stateAbbr"</span> <span class="na">listValue=</span><span class="s">"stateName"</span> <span class="nt">/></span> |
| <span class="nt"><s:checkbox</span> <span class="na">key=</span><span class="s">"personBean.over21"</span> <span class="nt">/></span> |
| <span class="nt"><s:checkboxlist</span> <span class="na">key=</span><span class="s">"personBean.carModels"</span> <span class="na">list=</span><span class="s">"carModelsAvailable"</span> <span class="nt">/></span> |
| <span class="nt"><s:submit</span> <span class="na">key=</span><span class="s">"submit"</span> <span class="nt">/></span> |
| <span class="nt"></s:form></span> |
| </code></pre></div></div> |
| |
| <p>The s:submit tag will create a submit button with a name of submit. Since the Action class probably doesn’t have |
| a <code class="highlighter-rouge">setSubmit(String name)</code> method you will see the following log messages (only if Struts development mode is set to true):</p> |
| |
| <p><strong>Log Messages</strong></p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Dec 31, 2012 3:43:53 PM |
| com.opensymphony.xwork2.util.logging.commons.CommonsLogger warn |
| WARNING: Parameter [submit] is not on the excludeParams list of patterns and will be appended to action! |
| |
| Dec 31, 2012 3:43:53 PM com.opensymphony.xwork2.util.logging.commons.CommonsLogger error |
| SEVERE: Developer Notification (set struts.devMode to false to disable this message): |
| Unexpected Exception caught setting 'submit' on 'class org.apache.struts.edit.action.EditAction: Error setting expression 'submit' with value ['Save Changes', ] |
| </code></pre></div></div> |
| |
| <h2 id="excluding-request-parameters-from-struts-2-processing">Excluding Request Parameters From Struts 2 Processing</h2> |
| |
| <p>If you’re not familiar with setting up a custom interceptor stack for your Struts 2 application review <a href="introducing-interceptors.html">Introducing Interceptors</a>.</p> |
| |
| <p>To exclude specific parameters from being processed by the Struts 2 framework you need to add those parameter names |
| to the list of excluded parameters. One way to do this is by adding those parameter names to the collection of <code class="highlighter-rouge">excludedParams</code> |
| for the Parameters interceptor. You can do this by modifying the Parameters interceptor in setting up the stack of interceptors |
| used by your Struts 2 application. For example:</p> |
| |
| <p><strong>Setup Interceptor Stack To Exclude submit Parameter</strong></p> |
| |
| <div class="language-xml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nt"><interceptors></span> |
| <span class="nt"><interceptor-stack</span> <span class="na">name=</span><span class="s">"appDefault"</span><span class="nt">></span> |
| <span class="nt"><interceptor-ref</span> <span class="na">name=</span><span class="s">"defaultStack"</span><span class="nt">></span> |
| <span class="nt"><param</span> <span class="na">name=</span><span class="s">"exception.logEnabled"</span><span class="nt">></span>true<span class="nt"></param></span> |
| <span class="nt"><param</span> <span class="na">name=</span><span class="s">"exception.logLevel"</span><span class="nt">></span>ERROR<span class="nt"></param></span> |
| <span class="nt"><param</span> <span class="na">name=</span><span class="s">"params.excludeParams"</span><span class="nt">></span>dojo..*,^struts..*,^session..*,^request..*,^application..*,^servlet(Request|Response)..*,parameters...*,submit<span class="nt"></param></span> |
| <span class="nt"></interceptor-ref></span> |
| <span class="nt"></interceptor-stack></span> |
| <span class="nt"></interceptors></span> |
| |
| <span class="nt"><default-interceptor-ref</span> <span class="na">name=</span><span class="s">"appDefault"</span> <span class="nt">/></span> |
| </code></pre></div></div> |
| |
| <p>The value of node <code class="highlighter-rouge"><param name="params.excludeParams"></code> is a comma-delimited list of regular expressions or simple |
| Strings that identify request parameters that should NOT be processed by the Parameters interceptor. To exclude |
| the <code class="highlighter-rouge">submit</code> parameter (which is the name of the submit button in the form code above), I just added <code class="highlighter-rouge">submit</code> to the list.</p> |
| |
| <p>See the <a href="../core-developers/struts-default-xml.html">Basic Stack of Interceptors described here</a> to view the initial |
| set of parameter names/regular expressions to exclude. Be sure to copy over the list of parameters already being excluded |
| and then add your own parameters to the end separated by commas.</p> |
| |
| <h2 id="example-application">Example Application</h2> |
| |
| <p>Download the example application, <a href="https://github.com/apache/struts-examples/tree/master/exclude-parameters">exclude-params</a> |
| that demonstrates excluding a request parameter. See the project’s README.txt file for how to build and run the application.</p> |
| |
| <p>To see the log messages written when not excluding the submit parameter remove the <code class="highlighter-rouge">,submit</code> from the list of excluded |
| parameter values in the struts.xml file. Then rebuild and redeploy the application and view the console when running the application.</p> |
| |
| <h2 id="summary">Summary</h2> |
| |
| <p>It’s a nice feature of the Struts 2 framework that it logs during development which request parameters will and will not |
| be processed. During development of a Struts 2 web application it’s a good practice to review these log messages to determine |
| if there are any parameters that the framework should not process. For those parameters the Struts 2 framework should |
| not process add the parameter name (or a regular expression that can be used to identify multiple parameter names) |
| to the comma-delimited list that is the value for the <code class="highlighter-rouge"><param name="params.excludeParams"></code> node.</p> |
| |
| <table> |
| <tbody> |
| <tr> |
| <td>Return to <a href="preperable-interface.html">Preparable Interface</a></td> |
| <td>or</td> |
| <td>back to <a href="index.html">Getting started</a></td> |
| </tr> |
| </tbody> |
| </table> |
| |
| </section> |
| </article> |
| |
| |
| <footer class="container"> |
| <div class="col-md-12"> |
| Copyright © 2000-2018 <a href="http://www.apache.org/">The Apache Software Foundation </a>. |
| All Rights Reserved. |
| </div> |
| <div class="col-md-12"> |
| Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts project logos are |
| trademarks of The Apache Software Foundation. |
| </div> |
| <div class="col-md-12">Logo and website design donated by <a href="https://softwaremill.com/">SoftwareMill</a>.</div> |
| </footer> |
| |
| <script>!function (d, s, id) { |
| var js, fjs = d.getElementsByTagName(s)[0]; |
| if (!d.getElementById(id)) { |
| js = d.createElement(s); |
| js.id = id; |
| js.src = "//platform.twitter.com/widgets.js"; |
| fjs.parentNode.insertBefore(js, fjs); |
| } |
| }(document, "script", "twitter-wjs");</script> |
| <script src="https://apis.google.com/js/platform.js" async="async" defer="defer"></script> |
| |
| <div id="fb-root"></div> |
| |
| <script>(function (d, s, id) { |
| var js, fjs = d.getElementsByTagName(s)[0]; |
| if (d.getElementById(id)) return; |
| js = d.createElement(s); |
| js.id = id; |
| js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1"; |
| fjs.parentNode.insertBefore(js, fjs); |
| }(document, 'script', 'facebook-jssdk'));</script> |
| |
| |
| </body> |
| </html> |