Regular use of the login page in the application uses a DynaValidatorForm that upon clicking 'submit' makes a POST request containing the username and password for the user. It is then validated and dealt with in the associated action class.
Server code:
protected ActionForward performAction(ActionMapping mapping,
ActionForm form, HttpServletRequest request,
HttpServletResponse response) throws Exception {
DynaValidatorForm dynaForm = (DynaValidatorForm) form;
//validation here
//...
//
Login login = new Login();
PropertyUtils.copyProperties(login, dynaForm);
//login object is used from here on out
However, it is possible to log in by making a GET request with parameters in the URL i.e. www.my-site.com/LoginPage.do?loginName=username&password=password
Is there some way to disable Struts from using URL parameters in the form?
My current workaround is to use a filter that checks the query string and redirects if it contains a parameter that should be in the POST body, but I am looking for a more elegant solution. I cannot just disable GET as some other pages that need a similar solution need to be accessible by GET.
Any help is greatly appreciated!
You can check the requests' method and return from the action if it's GET
if(request.getMethod().equalsIgnoreCase("GET")
return mapping.findForward("error");