[ANN] May 20 - Writing JPA Applications by Patrick Linskey at Google in Silicon Valley
This is a free event open to the general public. So, please forward this announcement on to other interested parties. The full meeting announcement including directions to meeting site at Google in Silicon Valley is here: https://sv-web-jug.dev.java.net/servlets/NewsItemView?newsItemID=5601 Advanced Registration is required to be part of give-away drawing. You can register at: http://sv-web-jug-4.eventbrite.com/ Agenda: 18:30-19:00 Arrive & mingle -- Food & drinks provided by Google 19:00-20:30 Writing JPA Applications Presentation Description: In this talk, Patrick explores the Java Persistence API, and examines some common practices for how to write applications that use JPA. Patrick will focus more on API usage than on mapping configuration, and will look at the bootstrapping and runtime behavior of JPA applications. You will learn about JPA's optimistic locking semantics, including the benefits of optimistic read locks. Patrick looks at when it's appropriate to use the different facilities of the Java Persistence Query Language (JPQL), and also discusses common extensions to the spec, including performance caching, pessimistic locking, and fetch strategies. --- | Michael "Van" Riper | http://weblogs.java.net/blog/van_riper/ | http://www.linkedin.com/in/vanriper | Silicon Valley Web JUG | mailto:[EMAIL PROTECTED] | https://sv-web-jug.dev.java.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Vote for Java runtime for Google App Engine
If you have not heard about the recent launch of Google App Engine, I blogged about it here with links to more information and video recorded at the official launch event on April 7th: http://weblogs.java.net/blog/van_riper/archive/2008/04/google_app_engi_1.html It is a free (up to a fair amount of page views and bandwidth per month) scalable web application hosting environment. It sounds like a really nice setup except for one thing. The only supported runtime is Python initially. If you would like to voice your support for adding Java runtime support to GAE, you can do so by starring this issue: http://tinyurl.com/5svpmh Important Note: Please do *not* add a "+1" comment to this issue like many others have already done. All that is necessary is to star the issue. Comments are intended to provide more information about an issue and everyone that stars an issue sees these comments. So, it ends up generating essentially spam email for everyone that has starred the issue. I fully realize that more factors than simply the number of stars an issue receives will go into the decision process with respect to a major feature addition like this. Still, the Java runtime issue is the top vote getter so far and I would like to keep it that way. The Ruby runtime issue is not that far behind us. :-) Cheers, Van -- | Michael "Van" Riper | http://weblogs.java.net/blog/van_riper/ | http://www.linkedin.com/in/vanriper | Silicon Valley Web Developer JUG | mailto:[EMAIL PROTECTED] | https://sv-web-jug.dev.java.net | Silicon Valley Google Technology User Group | mailto:[EMAIL PROTECTED] | http://sv-gtug.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[ANN-OT] February 19 - Stateful Applications that Scale Like Stateless Ones by Orion Letizi at Googleplex in Silicon Valley
Advanced Registration is required to be part of give-away drawing. You can register at: http://sv-web-jug.eventbrite.com/ This is a free event open to the general public. So, please forward this announcement on to other interested parties. The online meeting announcement is here: https://sv-web-jug.dev.java.net/servlets/NewsItemView?newsItemID=5425 18:30-19:00 Arrive & mingle -- Food & drinks provided by Google 19:00-20:30 Stateful Applications that Scale Like Stateless Ones talk by Orion Letizi TALK DESCRIPTION Within every innocent web application lies a sleeping monster. There comes a time when every successful web application outgrows its single-machine architecture. Whether for high-availability, scalability, or both, the adult web application must grow to live on more than one application server. That's when the latent beast strikes: the State Monster. The most recent accepted wisdom about solving application state problems in a scaled-out production architecture is to make your web application "stateless"—i.e., externalize all application state out of the application tier so that any application server can serve any user request. Unfortunately for the owners of such applications, making it "stateless" is hard to do, corrupts the programming and data model of the application, and pushes the problem out to other pieces of infrastructure that are ill-equipped to handle it. Stateless programming is hard on the application developer, hard on the application infrastructure, and hard on the application. There must be a better way to write business applications. In this talk, we will discuss the current "stateless" application paradigm, its shortcomings, and a new alternative using Terracotta's open-source availability and scalability technology for the Java Virtual Machine. Please be sure to preregister at http://sv-web-jug.eventbrite.com/ so you will be eligible for our raffle. We will be Using Jim Weaver's JavaFX Spinning Wheel for our raffle. You can learn more about the project at: http://learnjavafx.typepad.com/weblog/2008/01/spinning-wheel.html Currently, the prizes include: * IntelliJ IDEA license from JetBrains * Ajax Security from Addison Wesley * Pro JSF and Ajax: Building Rich Internet Components from Apress * Filthy Rich Clients from Addison Wesley (2 copies) * Professional Hibernate from Wrox Press * Professional Java Development with the Spring Framework from Wrox Press * Professional Ajax 2nd Edition from Wrox Press This meeting was organized by the Silicon Valley Web Developer JUG and is being co-hosted by the Silicon Valley JUG. -- | Michael "Van" Riper | http://weblogs.java.net/blog/van_riper/ | http://www.linkedin.com/in/vanriper | Silicon Valley Web Developer JUG | mailto:[EMAIL PROTECTED] | https://sv-web-jug.dev.java.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Every action is getting called twice
On 2/11/08, Charbel Abdul-Massih <[EMAIL PROTECTED]> wrote: > What am I doing wrong? Every request to an action goes into the actions' > execute method twice... This is going to sound unrelated, but, do you use Firefox browser with Firebug enabled to test your code. I ran into one weird problem myself where I was seeing double executions when Firebug was enabled. That may not be the problem in your case, but, your symptoms are similar to my situation where this was indeed the culprit. If you normally test with Firebug enabled, disable it and try your test again to see whether that changes things at all. Good Luck, Van -- | Mike "Van" Riper | http://weblogs.java.net/blog/van_riper/ - | Silicon Valley Web Developer JUG | mailto:[EMAIL PROTECTED] | https://sv-web-jug.dev.java.net - | Silicon Valley Google Technology User Group | mailto:[EMAIL PROTECTED] | http://sv-gtug.org - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Silicon Valley Code Camp at Foothill College on Oct. 27-28
This is a free event by and for the developer community in Silicon Valley. I've been promoting this event within the local Java developer community. I'll also be leading one technical session at this Code Camp based on my experiences converting to S2 from WebWork2 and the ways we use S2 now in our consumer web site (krillion.com): Details of My Sessions http://tinyurl.com/35e4fo Code Camp is a new type of community event where developers learn from fellow developers. All are welcome to attend and speak.The Code Camp Manifesto consists of six points: (1) by and for the developer community; (2) always free; (3) community developed material; (4) no fluff – only code; (5) community ownership; (6) never occur during working hours. What can you expect at the Silicon Valley Code Camp? Two full days of talking about code with fellow developers. Sessions will range from informal "chalk talks" to presentations. There will be a mix of presenters, some experienced folks, for some it may be their first opportunity to speak in public. And we are expecting to see people from throughout the Northern California region and beyond. Attendance is free, but space is limited so you need to register in advance. Here is the home page for the event: http://www.siliconvalley-codecamp.com It is not too late to signup to lead your own technical session too. Session submission will remain open until about a week before the event. After that, they will be assigning time slots at meeting spaces to the submitted sessions based on the interest level expressed in each topic. Whether you to choose to present or just to participate, it would be great to meetup with other S1 and S2 developers in the area at this event. If you are interested, you can either respond to this thread or contact me directly off list. If there is enough interest, we can schedule an informal Struts BOF session during the weekend sometime too. Cheers, Van -- Mike "Van" Riper [EMAIL PROTECTED] http://weblogs.java.net/blog/van_riper/ Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net JUGs International MAP http://tinyurl.com/ynktb2 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts - open windows without javascript
On 9/27/07, Slattery, Tim - BLS <[EMAIL PROTECTED]> wrote: > > > You could use the "target" attribute of the tag, which > > > instructs the browser to open a new window for the result > > > of the form. That's as close as you're going to get. > > > > Same goes for the link tag. The attribute you add to > > make your form/link requests open a new browser window/tab is: > > > > target="_blank" > > > > Technically, this will open a new window without javascript. > > It is just adding an HTML attribute to your form or link tags > > in your generated HTML response. No javascript required. > > One caveat on the "target" attribute: it doesn't exist in xhtml 1.1. Wow! I did not know that. Google to the rescue. Found this related information online: JavaScript window object solution: Javascript provides a partial solution to the problem by passing the href attribute to the window object's open method, and returning a value of false. The false return from the event handler prevents the web browser from following the link specified in the href attribute. http://www.TexaStar.com"; onclick="window.open(this.href); return false;" onkeypress="window.open(this.href); return false;">TexaStar This previous example provides an onclick event handler for those using a pointing device, and an onkeypress event handler for those using a keyboard. However, when JavaScript isn't enabled, the link is processed as normal, providing a possibly adequate fallback mechanism, but failing to produce the designer's desired result. So, it does require a small amount of javascript to make it work in an XHTML 1.1 compliant manner. This snippet above comes from the following online source: http://www.texastar.com/tips/2004/target_blank.shtml - Van -- Mike "Van" Riper [EMAIL PROTECTED] http://weblogs.java.net/blog/van_riper/ Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net JUGs International MAP http://tinyurl.com/ynktb2 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts - open windows without javascript
On 9/27/07, Slattery, Tim - BLS <[EMAIL PROTECTED]> wrote: > > how to open a new browser windows in Struts without to use > > javascript code in jsp page? > > Opening a new page is a client-side function. Since Struts is a > server-side system, there's no way to do this. > > You could use the "target" attribute of the tag, which > instructs the browser to open a new window for the result of the form. > That's as close as you're going to get. Same goes for the link tag. The attribute you add to make your form/link requests open a new browser window/tab is: target="_blank" Technically, this will open a new window without javascript. It is just adding an HTML attribute to your form or link tags in your generated HTML response. No javascript required. -Van -- Mike "Van" Riper [EMAIL PROTECTED] http://weblogs.java.net/blog/van_riper/ Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net JUGs International MAP http://tinyurl.com/ynktb2 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [s2] Struts head tag KILLS (> 10s) page load time
On 9/20/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > I have the same problem. I'm using ajax and the response time of my pages > are > over 40s sometimes with the include. > Can someone tells me if this has been fixed in struts 2.1 ? > Is there a work around to this problem ? The best workaround that I have found is to "Just Say NO" to the built in support for Dojo and instead to use Prototype judiciously. All my ajax logic is done that way. I don't use the builtin ajax support in s2 at all. This has worked well for the level of ajax support I need in my own webapp development these days. YMMV. -Van -- Mike "Van" Riper [EMAIL PROTECTED] http://weblogs.java.net/blog/van_riper/ Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net JUGs International MAP http://tinyurl.com/ynktb2 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Ajax using XMLHttpRequest and Struts
On 9/11/07, aarthy <[EMAIL PROTECTED]> wrote:
>
> I am stuckup in this issue for a week.Please somebody help me on this please.
>
>
> Frank W. Zammetti wrote:
> >
> > Something is wrong in your JSP... looks like that stack trace was cut off,
> > but your beyond the AJAX parts at this point, you need to find the error
> > in your JSP.
As Frank said, you have issues with your JSP. If you literally
cut/pasted your JSP logic into the email, then I can see at least two
separate problems with this snippet that would fail at compile time of
the JSP when converting it into a servlet.
You have scriptlet logic to start the for-loop and no matching
scriptlet logic to close the for loop. Even worse, your for-loop
iteration logic is totally whack. I am not saying this will fix it,
but, the for-loop will at least be properly closed and reasonably
defined when this snippet is changed from this:
<%int i = 0;
ArrayList ch = (ArrayList)
request.getSession().getAttribute("characters");
String[] s = new String[ch.size()];
ch.toArray(s);
for (Iterator it = s.length; it.hasNext();) {
String name = (String)it.next();
%>
<%=name%>
To this:
<% ArrayList ch = (ArrayList)
request.getSession().getAttribute("characters");
String[] s = new String[ch.size()];
ch.toArray(s);
for (int i = 0; i < s.length; i++) {
String name = s[i];
%>
<%=name%>
<% }
%>
I don't recommend this kind of scriptlet logic in the JSPs. If you are
going to do this though, you could at least try compiling the
scriptlet code in a test Java file first or use an IDE like IntelliJ
IDEA that will detect obvious compile issues with your scriptlet logic
in JSP files.
Good Luck, Van
--
Mike "Van" Riper
[EMAIL PROTECTED]
http://weblogs.java.net/blog/van_riper/
Silicon Valley Web Developer JUG
https://sv-web-jug.dev.java.net
JUGs International MAP
http://tinyurl.com/ynktb2
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[S2] Successfully migrated my WW-2.2 app to Struts-2.0.9
I had one last hiccup with the Sitemesh integration on S2. Although I am using the default JSP approach and didn't need the template support for Freemarker or Velocity provided by the Sitemesh plugin for S2, I did need to add the ActionContextCleanUp filter to my web.xml as recommended as part of this documentation for the sitemesh plugin that supports templating: http://struts.apache.org/2.0.9/docs/sitemesh-plugin.html Until I added the ActionContextCleanUp filter, I was getting an NPE for the first S2 tag encountered in my Sitemesh decorator JSP. My final working web.xml filter settings/mappings (not using the struts2-sitemesh-plugin though) are: struts-cleanup org.apache.struts2.dispatcher.ActionContextCleanUp sitemesh com.opensymphony.module.sitemesh.filter.PageFilter struts org.apache.struts2.dispatcher.FilterDispatcher struts-cleanup /* sitemesh /* struts /* I'm not sure why, but, I didn't need the extra cleanup filter for the WW-2.2 app. I may still run into some other minor hiccups during a full regression test run, but, things are basically working now. This was done on a SVN branch, but, I should be able to make the same changes in a matter of hours (thanks to IntelliJ) on our main trunk later this week after completing my regression testing on the branch. Phew! -Van Mike "Van" Riper [EMAIL PROTECTED] Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ActiveMQ Problem migrating from WebWork 2.2.2 to Struts 2.0.9
Yup! I had updated build process to exclude the spring plugin, but, I never did a full rebuild that would have nuked it from my distribution. Doh! I'm not past this problem. I'm even see struts tags execute in the JSPs forwarded to from my actions. However, I am now hitting my head on a problem with the interaction of Sitemesh with Struts 2.0.9. The WW2.2 tags which have been converted to S2.0.9 tags which are working fine in the main JSPs being evaluated are failing with an NPE on the first struts tag encountered in my sitemesh decorator JSP file. I'll start a new thread with a more appropriate topic for my current problem. -Van P.S. I already found the Wiki docs about sitemesh integration, but, that was not enough in my case. :-( On 8/3/07, Don Brown <[EMAIL PROTECTED]> wrote: > Struts 2 behaves quite differently based on what plugins are > installed. Looks like you are using the Spring plugin, which it > sounds like you shouldn't be. Remove the > struts2-spring-plugin-VERSION.jar from your WEB-INF/lib. > > Don > > On 8/4/07, Van Riper <[EMAIL PROTECTED]> wrote: > > I'm running into trouble migrating my existing web application from > > WebWork 2.2.2 to Struts 2.0.9. We are using JSE6 (AKA JDK 1.6) and > > Tomcat 5.5.17. I did everything mentioned on the wiki plus a bunch > > more stuff: > > > > http://struts.apache.org/2.x/docs/webwork-2-migration-strategies.html > > > > If I ever get this working I promise to provide feedback to update > > this page based on my experiences migrating to Struts 2.0.9. To set > > things up, I was fairly quickly able to get to the point that I had a > > clean build of my webapp after swapping out WebWork and swapping in > > Struts 2.0.9. Hard as it may be to believe, we were not using Spring > > IoC. I had that turned off in my webwork.properties like so: > > > > ### Configuration for IoC Container > > ### webwork.objectFactory=spring > > > > However, it appears that S2 really wants some IoC container because I > > kept getting complaints with this commented out. So, I uncommented it > > in my renamed struts. properties file (added necessary listener in > > web.xml too) and included the latest Spring Framework jar file > > (2.0.6). This in turn gave me complaints about missing ActiveMQ > > classes and including the main jar file for latest ActiveMQ (4.1.1) > > didn't seem to help. That catches everyone up to my current situation. > > Here is the full console log output for my latest failed webapp > > startup: > > > > > > > > cmd /c C:\java\apache-tomcat-5.5.17\bin\catalina.bat run > > Using CATALINA_BASE: C:\Documents and > > Settings\van\.IntelliJIdea60\system\tomcat_Unnamed_7c1b22c1 > > Using CATALINA_HOME: C:\java\apache-tomcat-5.5.17 > > Using CATALINA_TMPDIR: > > C:\svn\head\dev\projects\krillion\dist\catalina_bases\browser\dev\temp > > Using JRE_HOME:C:\java\jdk1.6.0 > > Connected to the target VM, address: '127.0.0.1:1866', transport: 'socket' > > Aug 3, 2007 4:11:03 PM org.apache.coyote.http11.Http11AprProtocol init > > INFO: Initializing Coyote HTTP/1.1 on http-8000 > > Aug 3, 2007 4:11:03 PM org.apache.coyote.ajp.AjpAprProtocol init > > INFO: Initializing Coyote AJP/1.3 on ajp-8002 > > Aug 3, 2007 4:11:03 PM org.apache.catalina.startup.Catalina load > > INFO: Initialization processed in 640 ms > > Aug 3, 2007 4:11:03 PM org.apache.catalina.core.StandardService start > > INFO: Starting service Catalina > > Aug 3, 2007 4:11:03 PM org.apache.catalina.core.StandardEngine start > > INFO: Starting Servlet Engine: Apache Tomcat/5.5.17 > > Aug 3, 2007 4:11:03 PM org.apache.catalina.core.StandardHost start > > INFO: XML validation disabled > > 16:11:07,218 INFO [/]: Initializing Spring root WebApplicationContext > > 16:11:07,218 INFO ContextLoader: Root WebApplicationContext: > > initialization started > > 16:11:07,296 INFO XmlWebApplicationContext: Refreshing > > [EMAIL PROTECTED]: > > display name [Root WebApplicationContext]; startup date [Fri Aug 03 > > 16:11:07 PDT 2007]; root of context hierarchy > > 16:11:07,500 INFO XmlBeanDefinitionReader: Loading XML bean > > definitions from ServletContext resource > > [/WEB-INF/applicationContext.xml] > > 16:11:07,718 INFO XmlWebApplicationContext: Bean factory for > > application context > > [EMAIL PROTECTED]: > > [EMAIL PROTECTED] > > 16:11:07,812 INFO DefaultListableBeanFactory: Pre-instantiating > > singletons in [EMAIL PROTECTED]: > > defining beans > > [connectionFactory,messageworkDestination,jmsTemplate,m
ActiveMQ Problem migrating from WebWork 2.2.2 to Struts 2.0.9
a.core.ContainerBase.start(ContainerBase.java:1013) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442) at org.apache.catalina.core.StandardService.start(StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) Aug 3, 2007 4:11:07 PM org.apache.catalina.core.StandardContext start SEVERE: Error listenerStart Aug 3, 2007 4:11:07 PM org.apache.catalina.core.StandardContext start SEVERE: Context [] startup failed due to previous errors 16:11:07,859 INFO [/]: Closing Spring root WebApplicationContext Aug 3, 2007 4:11:08 PM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-8000 Aug 3, 2007 4:11:08 PM org.apache.coyote.ajp.AjpAprProtocol start INFO: Starting Coyote AJP/1.3 on ajp-8002 Aug 3, 2007 4:11:08 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 4969 ms The peculiar thing about this failure is that it is complaining about not being able to load this class: org.codehaus.activemq.ActiveMQConnectionFactory When I crack open the latest ActiveMQ jar from Apache site, there is an ActiveMQConnectionFactory class. However, it is packaged like so: org.apache.activemq.ActiveMQConnectionFactory I am beginning to spin my wheels on this. Any pointers or suggestions would be much appreciated. If I can't figure this out, I may have to admit defeat and switch to Rails development. ;-) -Van Mike Van Riper [EMAIL PROTECTED] Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: s2: Base url in jsp's
On 6/21/07, Max Pimm <[EMAIL PROTECTED]> wrote: I am used to defining a base element in my pages but can't find the way to define this with struts 2. All suggestions welcome. I don't think you need struts 2 support to do this. I'm using webwork 2.2 currently and starting to monitor this list again in preparation for migrating our webapp codebase to struts 2. We also use Sitemesh for response decoration. So, our Sitemesh decorator sets the base element for our response during the execution of sitemesh response filter. The way we do it in JSP land is: No webapp framework support required. We give the base element an "id" because we have some javascript functions that need to access the base document URL dynamically. This makes it easy to do the element lookup by id via Javascript elsewhere. Cheers, Van Mike Van Riper [EMAIL PROTECTED] Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[ANNOUNCE] Silicon Valley Web Developer JUG
FYI, After learning about JUG support as projects on java.net at JavaOne, I decided to migrate the Silicon Valley Struts User JUG to a new JUG project on java.net. The other significant change to the group is the shift to a more general focus on all J2EE web application development technologies. Of course, we will continue to have some meetings where Struts development is the focus. The new JUG project on java.net is: Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net Everyone on the old Yahoo list are already migrated to the new list. For anyone new though, it does require that you register with java.net in order to subscribe to the new list. If you would like to become a member of this JUG, you can subscribe to the mailing list here: https://sv-web-jug.dev.java.net/servlets/ProjectMailingListList When the group does have a Struts-related event coming up, I'll continue to post announcements here on the struts-user list. However, the frequency of those postings will be lower now with the broader focus of the group going forward. That's All Folks, Van Mike "Van" Riper mailto:[EMAIL PROTECTED] https://sv-web-jug.dev.java.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[ANNOUNCEMENT] 6/27 Struts User Gathering at JavaOne
Since there were no strong preferences stated in the initial responses, I made an executive decision and went with Sunday evening after the conference opening reception. We'll be gathering around 8:30pm at the Thirsty Bear less than a block from Moscone Center. The full announcement including directions can be found here: http://tinyurl.com/2mpsq RSVP requested to [EMAIL PROTECTED] with the subject "Struts User Gathering." Please RSVP by 5:00pm on Saturday, June 26th. Thanks, Mike Van Riper Silicon Valley Struts User Group http://www.baychi.org/bof/struts/ P.S. No need to RSVP again for those of you that have already done so. You are on my list for the reservation headcount. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] JavaOne Struts User Gathering
Hi Everyone, Depending upon the interest level, I'm willing to organize a social gathering at a bar or restaurant in San Francisco during the upcoming JavaOne conference. It would either be around 8:30pm on Sunday, June 27th, after the Welcome Reception ends. Or it would be around 8:00PM on Thursday, July 1st, at the very end of the conference. It would be separate from JavaOne, but, somewhere not too far from Moscone. That way, anyone attending the conference and local folks that aren't attending the conference could both participate. If this is something you would participate in, please email directly to me (no need to spam the struts-user list with count-me-in messages) at [EMAIL PROTECTED] with the subject "JavaOne Struts User Gathering." Whatever I decide upon, I'll announce it again here on the mailing list. However, your responses to me now will give me an indication of size of venue required for the gathering. I will choose between Sunday and Thursday evening based upon the preferences I get back from the people that contact me. Also, I am not that familiar with our options in the city. So, I would appreciate recommendations for local bars/restaurants that would be a good venue for this gathering. Besides being big enough for the expected number of people, I'm looking for a place with good *beer* and at least some decent food options too. Thanks, Van Mike "Van" Riper Silicon Valley Struts User Group http://www.baychi.org/bof/struts/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Enumerating sessions
I had to do something like this and I did use the HttpSessionListener interface (requires 2.3 servlet API support in your container) as part of the solution. However, it alone is not sufficient. The callbacks for the session creation and destruction events happen so early and so late respectively that you do not have access to any session data other than the sessionID. The solution I came up with was to record logins within the webapp to a tracking table *and* store the sessionID as a field in these records. Then, you can use the sessionDestroyed() callback to check to see if there is a login record that is still active that needs to be flagged as terminated. You have to go through all these hoops because you can't rely on the user explicitly logging out. So, to update the tracking table to reliably indicate who is currently logged in you have to do this. You will hit the sessionDestroyed() callback whether they explicitly log out and you expire the session, or the session simply times out on its own because of inactivity (or as a result of closing the client-side browser window without explicitly logging out). Hope this helps, Van Mike "Van" Riper Silicon Valley Struts User Group http://www.baychi.org/bof/struts/ mailto:[EMAIL PROTECTED] > -Original Message- > From: Nick Heudecker [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 15, 2004 1:43 PM > To: Struts Users Mailing List > Subject: Re: Enumerating sessions > > > Wouldn't this do it? > > http://jakarta.apache.org/tomcat/tomcat-5.0-doc/servletapi/jav > ax/servlet/http/HttpSessionListener.html > > Frank Zammetti wrote: > > > Hello all... is there any good way to enumerate all > sessions under a > > given webapp? I know there used to be the SessionContext, > but that has > > since been deprecated as of servlet spec 2.1 I believe... Is there > > anything in Struts that might help? > > > > Basically I'm just looking for an accurate way to display > all currently > > logged on users, and also have the ability to add a session > attribute to > > all of them (think broadcast messages and forced graceful > logoffs). I > > keep hearing the term "Session Listenter", but my research > is turning up > > server-specific (or third party-specific references), and I > need this to > > be server-nuetral. > > > > I could I guess create a wrapper class that is called to > create or kill > > a session, as well as to add of remove attributes, but I'd prefer > > something that won't require me to change a lot of code, or > any really! > > > > Thanks in advance for any ideas! > > > > Frank > > > > _ > > MSN 9 Dial-up Internet Access fights spam and pop-ups – now > 3 months > > FREE! http://join.msn.click-url.com/go/onm00200361ave/direct/01/ > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > -- > Nick Heudecker > System Mobile, Inc. > Email: [EMAIL PROTECTED] > Web: http://www.systemmobile.com > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Validator mask boundary matchers don't work
> > > > I'll try your suggestion. > > > I tried \w+\s\w+ (plus instead of * in order to require at > least one), > and it still accepts more than two strings, e.g. "xxx yyy zzz"... Are you including the special start of line "^" and end of line "$" characters in your regular expression. Unless you do, it will match the first occurrence of two words in the text rather than require that there be exactly two words in the text. In fact, I assume you don't mind if there is leading or trailing spaces (or even additional spaces between first and second word). So, I think you want: ^\s*\w+\s+\w+\s*$ This will require exactly two words with optional leading/trailing spaces and even allow for more than one space between the two required words. -Van - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Dealing with XSS in struts
> -Original Message- > From: Craig McClanahan [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 05, 2004 11:01 AM > To: Struts Users Mailing List > Subject: Re: Dealing with XSS in struts > > > Van Riper, Mike wrote: > > >>-Original Message- > >>From: Craig McClanahan [mailto:[EMAIL PROTECTED] > >>Sent: Wednesday, May 05, 2004 9:47 AM > >>To: Struts Users Mailing List > >>Subject: Re: Dealing with XSS in struts > >> > >> > >>jeff mutonho wrote: > >> > >> > >> > >>>Hi > >>>What are the recommendations to deal with cross-site > >>> > >>> > >>scripting in struts? > >> > >> > >>>I'm got an app that a use can access at a URL , let's call > >>> > >>> > >>it http://localhost/myapplication , now doing something like > >> > >> > >>>http://localhost/myapplication/applicationInit.do?mode= >>> > >>> > >>t>alert(document.cookie) > >> > >> > >>>reveals a pop-up box containing the currently set cookies. > >>> > >>>How can I block that from happening?Is there a way of > >>> > >>> > >>encoding a form bean?Please help as this is critical to the app. > >> > >> > >>> > >>> > >>> > >>> > >>One of the keys to avoiding the particular XSS attack you > are talking > >>about here is to be careful about how you render dynamic > content that > >>was originally entered by the user. For example, if your > >>string above > >>was read in to a bean property named "mode" and you wanted to > >>render it > >>as text in another page, you should use something like: > >> > >> > >> > >>instead of something like: > >> > >> <%= mybean.getMode() %> > >> > >>Struts protects you because (unless you explicitly ask it > not to), it > >>will render "<" as "<" so that the embedded script will > >>not actually > >>get executed. Using the runtime expression, or things like > >>that, simply > >>copy the bytes back out again with no filtering. > >> > >> > > > >However, this only protects you when you are diligent in all your JSP > >coding. My management was more comfortable with an approach > (see my other > >recent posting on this same topic) that didn't rely on that > being true. > > > > > Did you implement an escaping mechanism for cases where you > legitimately > needed a "<" character in the input data? If so, you might > still be at > risk even with a filter, unless you are diligent as well. We live with the limitation that input data can't contain special characters like "<". In the rare cases where we absolutely need it, we use our own convention for escaping the input data and then unescaping it server-side. > Side note -- using a servlet request wrapper on a 2.2 > container, in the > manner you did it, is playing with fire since the servlet > spec (2.2) had > explicit assumptions that the request and response objects > passed around > were the original ones on the request. That's why we had to play the > strange games on file uploads in a 2.2 world, ensuring that > we unwrapped > the request before trying to use a request dispatcher. Thanks for the warning. I do remember seeing a problem a long time ago in the first iteration of my solution on 2.2. At present, all our Struts webapps that use it are running in a container that supports 2.3. So, that is no longer an issue for us. > >Maybe that says something about what they think of me? :-) > > > > > > :-) > > Craig Van - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Dealing with XSS in struts
> -Original Message- > From: Craig McClanahan [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 05, 2004 9:47 AM > To: Struts Users Mailing List > Subject: Re: Dealing with XSS in struts > > > jeff mutonho wrote: > > >Hi > >What are the recommendations to deal with cross-site > scripting in struts? > >I'm got an app that a use can access at a URL , let's call > it http://localhost/myapplication , now doing something like > > > >http://localhost/myapplication/applicationInit.do?mode= t>alert(document.cookie) > >reveals a pop-up box containing the currently set cookies. > > > >How can I block that from happening?Is there a way of > encoding a form bean?Please help as this is critical to the app. > > > > > > > One of the keys to avoiding the particular XSS attack you are talking > about here is to be careful about how you render dynamic content that > was originally entered by the user. For example, if your > string above > was read in to a bean property named "mode" and you wanted to > render it > as text in another page, you should use something like: > > > > instead of something like: > > <%= mybean.getMode() %> > > Struts protects you because (unless you explicitly ask it not to), it > will render "<" as "<" so that the embedded script will > not actually > get executed. Using the runtime expression, or things like > that, simply > copy the bytes back out again with no filtering. However, this only protects you when you are diligent in all your JSP coding. My management was more comfortable with an approach (see my other recent posting on this same topic) that didn't rely on that being true. Maybe that says something about what they think of me? :-) > > > >jeff mutonho > > > > > > > Craig Van - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Dealing with XSS in struts
Jeff, The way that I solved this was to implement my own subclass of the TilesRequestProcessor (because we use Tiles) and then specify that request processor in the controller element of the struts config file. In this subclass, I override processValidate() and in my override I wrap the incoming request object with my own extension of HttpServletRequestWrapper (part of 2.3 Servlet API, but, you could just pull that class into your project to make this work with a servlet container that only supports the 2.2 version of the Servlet API). My extension of the request wrapper class has both a helper function to do validation of the request parameters for XSS *and* filtering on the parameter getter functions to prevent a round-trip back to the client of any nasty XSS stuff. This allows me to do the XSS check in one bottleneck and treat it as a form validation error when XSS request parameter data is detected. If the XSS validation check passes, then I call the super.processValidate() and let Struts take it form there. I suppose something similar could be done using a request filter, but, I like doing it inside the request processor where I have access to the associated Struts action mapping along with the request object. With the action mapping available to me, I can do logical forwarding using struts configuration settings in this context that I wouldn't be able to do with a separate request filter. I've used this technique successfully on several projects. In one project, the paradigm was to take the user back to the input page with an error message at the top and cleaned up data redisplayed in the form. In another project, they preferred to go to a separate error page specific to XSS errors. With this approach, I was able to implement the first way relying on the "input" setting of the associated action mapping. I was also able to implement the second approach using a global forward for the error page and doing a lookup (i.e., mapping.findForward()) to implement the error handling that way. Hope this helps, Van Mike "Van" Riper Silicon Valley Struts User Group http://www.baychi.org/bof/struts/ > -Original Message- > From: jeff mutonho [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 05, 2004 4:52 AM > To: [EMAIL PROTECTED] > Subject: Dealing with XSS in struts > > > Hi > What are the recommendations to deal with cross-site > scripting in struts? > I'm got an app that a use can access at a URL , let's call > it http://localhost/myapplication , now doing something like > > http://localhost/myapplication/applicationInit.do?mode= alert(document.cookie) > reveals a pop-up box containing the currently set cookies. > > How can I block that from happening?Is there a way of encoding a form bean? > Please help as this is critical to the app. > > jeff mutonho - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[ANNOUNCE] 5/5 Vic Cekvenich talk at Silicon Valley Struts User G roup Mtg
The next meeting of the Silicon Valley Struts User Group will be a presentation by Vic Cekvenich on BasicPortal and Rich User Interfaces for the Web. The meeting will be at VeriSign in Mountain View on the evening of May 5th, 2004. The full meeting announcement including directions can be found here: http://www.baychi.org/bof/struts/20040505/ If you plan on attending, an RSVP in advance is requested. Please send RSVPs to me no later than noon on the day of the meeting. Thanks, Van Mike "Van" Riper mailto:[EMAIL PROTECTED] Silicon Valley Struts User Group http://www.baychi.org/bof/struts/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
