svn commit: r383043 - in /struts/shale/trunk/clay-plugin/src: conf/clay-config.xml java/org/apache/shale/clay/component/Clay.java

2006-03-03 Thread gvanmatre 
Author: gvanmatre
Date: Fri Mar  3 21:43:27 2006
New Revision: 383043

URL: http://svn.apache.org/viewcvs?rev=383043&view=rev
Log:
Changed the "bindingType" of the clay component's XML config for the attribute 
"clayJsfid" from "VB" to "Early".  This fixes a bug reported by Ryan Wynn that 
prevented the "clayJsfid" attribute from being a binding expression.

Modified:
struts/shale/trunk/clay-plugin/src/conf/clay-config.xml

struts/shale/trunk/clay-plugin/src/java/org/apache/shale/clay/component/Clay.java

Modified: struts/shale/trunk/clay-plugin/src/conf/clay-config.xml
URL: 
http://svn.apache.org/viewcvs/struts/shale/trunk/clay-plugin/src/conf/clay-config.xml?rev=383043&r1=383042&r2=383043&view=diff
==
--- struts/shale/trunk/clay-plugin/src/conf/clay-config.xml (original)
+++ struts/shale/trunk/clay-plugin/src/conf/clay-config.xml Fri Mar  3 21:43:27 
2006
@@ -626,7 +626,7 @@
 allowBody="false">
 
   
-  
+  
   

 

Modified: 
struts/shale/trunk/clay-plugin/src/java/org/apache/shale/clay/component/Clay.java
URL: 
http://svn.apache.org/viewcvs/struts/shale/trunk/clay-plugin/src/java/org/apache/shale/clay/component/Clay.java?rev=383043&r1=383042&r2=383043&view=diff
==
--- 
struts/shale/trunk/clay-plugin/src/java/org/apache/shale/clay/component/Clay.java
 (original)
+++ 
struts/shale/trunk/clay-plugin/src/java/org/apache/shale/clay/component/Clay.java
 Fri Mar  3 21:43:27 2006
@@ -181,15 +181,7 @@
  * 
  */
 public String getClayJsfid() {
-
-if(jsfid != null)
-return jsfid;
-ValueBinding valuebinding = getValueBinding("clayJsfid");
-if(valuebinding != null)
-return (String)valuebinding.getValue(getFacesContext());
-else
-return null;
- 
+   return jsfid;
 }
 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 38849] - [Shale] Support for fine grained security on navigation

2006-03-03 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38849





--- Additional Comments From [EMAIL PROTECTED]  2006-03-04 05:31 ---
This sounds similar to something I've seen in a financial record keeping 
system.  They defined a hierarchy of permissions on resources that were data 
centric.

This was an interesting design because it was difference than your standard 
groups, users and roles.  It added a OO spin that was also relational.  

You created a generalization template defining the order of evaluation of 
rules assigned to context state.  In the snippet below (stylized for JSF and 
XML), the individual would override the group, group override the profile and 
the providing company would be the most general.
 

  
  
  
  


Define arbitrary resources associated with visual widgets, transactions or 
operations.




Define rules that associate a resource with a relationship used in its 
evaluation based on a know data state.


 
 

 


Pseudo code:

//find the relationship used to evaluation the status of a resource
Generalization gen = Factory.getGeneralization("TOP_MENU");

//populate the relationship with context state data   
GenContext genContext =  new GenContext(gen, facesContext);

//find all rules for a resource ordered by the relationship
ResourceRules rules = Factory.getResourceRules("view_balance", gen);

// evaluation the status of a resource based on the current state and the 
relationships
rules.evaluate(genContext) 


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[Struts Wiki] Update of "StrutsExtrasRelease131" by WendySmoak

2006-03-03 Thread Apache Wiki 
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Struts Wiki" for change 
notification.

The following page has been changed by WendySmoak:
http://wiki.apache.org/struts/StrutsExtrasRelease131

--
  
  || '''ID''' || '''Summary''' || '''Status''' ||
  || [http://issues.apache.org/bugzilla/show_bug.cgi?id=30292 30292] || 
Replacement of LookupDispatchAction || Patch Available ||
+ || [http://issues.apache.org/bugzilla/show_bug.cgi?id=38343 38343] || 
ParameterListActionDispatcher || Patch Available.  May supercede 30292. ||
  || [http://issues.apache.org/bugzilla/show_bug.cgi?id=38749 38749] || XSS 
vulnerability in LookupDispatchAction || ||
  
  == Preparation Checklist ==

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[Struts Wiki] Update of "StrutsActionRelease131" by WendySmoak

2006-03-03 Thread Apache Wiki 
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Struts Wiki" for change 
notification.

The following page has been changed by WendySmoak:
http://wiki.apache.org/struts/StrutsActionRelease131

--
  || [http://issues.apache.org/bugzilla/show_bug.cgi?id=35127 35127] || 
[taglib] All Javascript validation fails when http://issues.apache.org/bugzilla/show_bug.cgi?id=35155 35155] || 
PropertyMessageResources.loadLocale(String localeKey) has...  || Utilities  || 
Patch Available ||
  || [http://issues.apache.org/bugzilla/show_bug.cgi?id=35604 35604] || 
[FEATURE] Allow use of native languages in resource bundle  || Utilities  || 
Patch Available ||
- || [http://issues.apache.org/bugzilla/show_bug.cgi?id=38534 38534] || DOS 
attack, application hack || Action||  ||
+ || [http://issues.apache.org/bugzilla/show_bug.cgi?id=38534 38534] || DOS 
attack, application hack || Action|| Fixed ||
- || [http://issues.apache.org/bugzilla/show_bug.cgi?id=38374 38374] || 
Validation always skipped with Globals.CANCEL_KEY || Action || ||
+ || [http://issues.apache.org/bugzilla/show_bug.cgi?id=38374 38374] || 
Validation always skipped with Globals.CANCEL_KEY || Action || Fixed ||
  
  == TO DO ==
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [shale] Wiki pages / organisation

2006-03-03 Thread Niall Pemberton 
On 3/3/06, Craig McClanahan <[EMAIL PROTECTED]> wrote:
> On 3/3/06, Wendy Smoak <[EMAIL PROTECTED]> wrote:
> >
> > On 3/3/06, Niall Pemberton <[EMAIL PROTECTED]> wrote:
> >
> > Does anyone object if I break this page up and create more of a structure
> > on
> > >
> > > the wiki for Shale.
> >
> >
> > Please do. :)  I just keep adding to the bottom of the page, but it could
> > really use some organization.
>
>
> +1.

OK, thanks for the feedback Wendy/Criag I'll try and do this in the
next day or so (off on a "booze cruise" to France/Belgium in 5 hours
and must get some sleep).

Niall

> In particular I would like the proposal moved off the main page.  Right now
> > the JavaServer Faces FAQ links to the StrutsShale wiki page, which starts
> > out, "Shale is a proposal..." and gives the wrong impression.  (Shale is
> > also listed under 'Future Ideas and Extensions' on the front page.)
>
>
> Yah, the proposal part is now a historical footnote, and should be moved off
> the main page.
>
> Thanks,
> > --
> > Wendy
> >
> >
> Craig

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY

2006-03-03 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38374


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED




--- Additional Comments From [EMAIL PROTECTED]  2006-03-04 03:21 ---
AFAIK this is all done. Closing as FIXED.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 38849] - [Shale] Support for fine grained security on navigation

2006-03-03 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38849





--- Additional Comments From [EMAIL PROTECTED]  2006-03-04 03:08 ---
For reference, the user thread is here:
http://www.nabble.com/Shale-Container-Managed-Security-t1221102.html

+1 to plugability and something that isn't necessarily tied to container 
managed security. In our organization we not only protect actions/pages but 
data as well. Below are examples of the types of requirements we have - not so 
that any solution to this caters for them, just that it doesn't limit/prevent 
custom implementations that do being plugged in.

For example we have a structure that comprises: Group, Companies, region, sub 
region, portfolio and investment. Access can be controlled at any level 
(portfolio and above). So for example a user might be given access 
to "Northern Region's data".

We also have other data structures that cut accross the "corporation 
structure" - e.g. banks, partners, solicitors and agents that can also be used 
to control access (e.g. a user might be given access to Bank "XYZ"'s data).

The same user in the application can have different "data level" access for 
different functions - so for example they might be able to see certian pages 
for "Northern region", but for other pages be restricted to the "North West 
sub region".

As well as the above we also have the ability to "disable" access at various 
levels - individual action/pages, users, roles or any of the above "data" 
levels (e.g. we can enable/disable "Northern Region").

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 38849] New: - [Shale] Support for fine grained security on navigation

2006-03-03 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38849

   Summary: [Shale] Support for fine grained security on navigation
   Product: Struts
   Version: Nightly Build
  Platform: Other
OS/Version: other
Status: NEW
  Severity: enhancement
  Priority: P2
 Component: Shale
AssignedTo: dev@struts.apache.org
ReportedBy: [EMAIL PROTECTED]


Conversations on the Struts user mailing list today highlight the potential for
a Shale value add with regards to authorization.  It was noted that container
managed security can protect the incoming form submits, but does not protect
navigation to an arbitrary page (because constraints are only applied on the
initial submit, not on RequestDispatcher.forward() calls used to implement the
navigation).  It would be interesting for Shale to offer a customized navigation
handler that would allow limitation of navigation to specified view identifiers
based on request.isUserInRole().

As a further generalization, it would be useful to present this capability as a
general purpose plugin architecture, where the application could provide any
sort of fine grained access control it wanted ("only managers can navigate to
the salary details page, and only for their own employees").  A built in plugin
that supported container managed security could be a "reference implementation"
of this featue.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [shale] Wiki pages / organisation

2006-03-03 Thread Craig McClanahan 
On 3/3/06, Wendy Smoak <[EMAIL PROTECTED]> wrote:
>
> On 3/3/06, Niall Pemberton <[EMAIL PROTECTED]> wrote:
>
> Does anyone object if I break this page up and create more of a structure
> on
> >
> > the wiki for Shale.
>
>
> Please do. :)  I just keep adding to the bottom of the page, but it could
> really use some organization.


+1.


In particular I would like the proposal moved off the main page.  Right now
> the JavaServer Faces FAQ links to the StrutsShale wiki page, which starts
> out, "Shale is a proposal..." and gives the wrong impression.  (Shale is
> also listed under 'Future Ideas and Extensions' on the front page.)


Yah, the proposal part is now a historical footnote, and should be moved off
the main page.

Thanks,
> --
> Wendy
>
>
Craig

Re: [shale] Wiki pages / organisation

2006-03-03 Thread Wendy Smoak 
On 3/3/06, Niall Pemberton <[EMAIL PROTECTED]> wrote:

Does anyone object if I break this page up and create more of a structure on
>
> the wiki for Shale.


Please do. :)  I just keep adding to the bottom of the page, but it could
really use some organization.

In particular I would like the proposal moved off the main page.  Right now
the JavaServer Faces FAQ links to the StrutsShale wiki page, which starts
out, "Shale is a proposal..." and gives the wrong impression.  (Shale is
also listed under 'Future Ideas and Extensions' on the front page.)

Thanks,
--
Wendy

[shale] Wiki pages / organisation

2006-03-03 Thread Niall Pemberton 
>From what I can see Shale currently only has one wiki page:

   http://wiki.apache.org/struts/StrutsShale

Does anyone object if I break this page up and create more of a structure on
the wiki for Shale. I think it would be good if all the shale pages were
under

   http://wiki.apache.org/struts/shale

and maybe create pages along the following lines:

   http://wiki.apache.org/struts/shale/proposal
   http://wiki.apache.org/struts/shale/articles
   http://wiki.apache.org/struts/shale/roadmap
   http://wiki.apache.org/struts/shale/faq
   etc...

For wiki subpages see:
   http://wiki.apache.org/struts/HelpOnEditing/SubPages

So that nothing breaks we could continue to use StrutsShale as the "wiki
home page" for shale - but move the content out to sub pages and turn it
into an "index" page?

Any objections to me doing this?

Niall



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[Struts Wiki] Update of "StrutsShale" by WendySmoak

2006-03-03 Thread Apache Wiki 
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Struts Wiki" for change 
notification.

The following page has been changed by WendySmoak:
http://wiki.apache.org/struts/StrutsShale

--
  
   * ShaleRemoting
  
+  * 
[http://www-128.ibm.com/developerworks/library/j-shale0228/?ca=dgr-lnxw07Shale 
All Hail Shale: Shale isn't Struts]
+ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r382882 - in /struts/action/branches/STRUTS_1_2_BRANCH: src/examples/org/apache/struts/webapp/validator/ web/examples/WEB-INF/validator/ web/examples/validator/

2006-03-03 Thread niallp 
Author: niallp
Date: Fri Mar  3 08:31:45 2006
New Revision: 382882

URL: http://svn.apache.org/viewcvs?rev=382882&view=rev
Log:
Add email, url and mask validation to the type form

Modified:

struts/action/branches/STRUTS_1_2_BRANCH/src/examples/org/apache/struts/webapp/validator/MessageResources.properties

struts/action/branches/STRUTS_1_2_BRANCH/src/examples/org/apache/struts/webapp/validator/TypeForm.java

struts/action/branches/STRUTS_1_2_BRANCH/web/examples/WEB-INF/validator/validation.xml
struts/action/branches/STRUTS_1_2_BRANCH/web/examples/validator/type.jsp

Modified: 
struts/action/branches/STRUTS_1_2_BRANCH/src/examples/org/apache/struts/webapp/validator/MessageResources.properties
URL: 
http://svn.apache.org/viewcvs/struts/action/branches/STRUTS_1_2_BRANCH/src/examples/org/apache/struts/webapp/validator/MessageResources.properties?rev=382882&r1=382881&r2=382882&view=diff
==
--- 
struts/action/branches/STRUTS_1_2_BRANCH/src/examples/org/apache/struts/webapp/validator/MessageResources.properties
 (original)
+++ 
struts/action/branches/STRUTS_1_2_BRANCH/src/examples/org/apache/struts/webapp/validator/MessageResources.properties
 Fri Mar  3 08:31:45 2006
@@ -31,6 +31,7 @@
 errors.creditcard={0} is not a valid credit card number.
 
 errors.email={0} is an invalid e-mail address.
+errors.url={0} is an invalid url.
 
 # Index Page
 index.title=Struts Validator
@@ -70,6 +71,9 @@
 typeForm.float.displayname=Float Field
 typeForm.floatRange.displayname=Float Range Field
 typeForm.integer.displayname=Integer Field
+typeForm.mask.displayname=Mask Field
+typeForm.email.displayname=Email Field
+typeForm.url.displayname=URL Field
 typeForm.long.displayname=Long Field
 typeForm.nested.name.displayname=Name
 typeForm.nested=Nested Text
@@ -81,6 +85,7 @@
 typeForm.short.displayname=Short Field
 typeForm.title.create=Type Form
 typeForm.title=Type Form
+typeForm.mask.error={0} Must only contain upper case alpahabetic letters (i.e. 
A-Z)
 
 # JavaScript Type Form
 jsTypeForm.title=JavaScript Type Form

Modified: 
struts/action/branches/STRUTS_1_2_BRANCH/src/examples/org/apache/struts/webapp/validator/TypeForm.java
URL: 
http://svn.apache.org/viewcvs/struts/action/branches/STRUTS_1_2_BRANCH/src/examples/org/apache/struts/webapp/validator/TypeForm.java?rev=382882&r1=382881&r2=382882&view=diff
==
--- 
struts/action/branches/STRUTS_1_2_BRANCH/src/examples/org/apache/struts/webapp/validator/TypeForm.java
 (original)
+++ 
struts/action/branches/STRUTS_1_2_BRANCH/src/examples/org/apache/struts/webapp/validator/TypeForm.java
 Fri Mar  3 08:31:45 2006
@@ -49,6 +49,9 @@
 private String sOverallSatisfaction = null;
 private String sWouldRecommend = null;
 private String[] sUsedLanguages = null;
+private String mask = null;
+private String email = null;
+private String url = null;
 
 private List lNames = initNames();
 
@@ -146,6 +149,30 @@
 
 public void setCreditCard(String sCreditCard) {
this.sCreditCard = sCreditCard;
+}
+
+public String getMask() {
+   return mask;
+}
+
+public void setMask(String mask) {
+   this.mask = mask;
+}
+
+public String getEmail() {
+   return email;
+}
+
+public void setEmail(String email) {
+   this.email = email;
+}
+
+public String getUrl() {
+   return url;
+}
+
+public void setUrl(String url) {
+   this.url = url;
 }
 
 public String getSatisfaction() {

Modified: 
struts/action/branches/STRUTS_1_2_BRANCH/web/examples/WEB-INF/validator/validation.xml
URL: 
http://svn.apache.org/viewcvs/struts/action/branches/STRUTS_1_2_BRANCH/web/examples/WEB-INF/validator/validation.xml?rev=382882&r1=382881&r2=382882&view=diff
==
--- 
struts/action/branches/STRUTS_1_2_BRANCH/web/examples/WEB-INF/validator/validation.xml
 (original)
+++ 
struts/action/branches/STRUTS_1_2_BRANCH/web/examples/WEB-INF/validator/validation.xml
 Fri Mar  3 08:31:45 2006
@@ -187,6 +187,20 @@
   
 
   
+  
+
+  
+  
+
+  
+  
+
+ 
+
+  mask
+  ^[A-Z]*$
+
+  
   
 
   

Modified: 
struts/action/branches/STRUTS_1_2_BRANCH/web/examples/validator/type.jsp
URL: 
http://svn.apache.org/viewcvs/struts/action/branches/STRUTS_1_2_BRANCH/web/examples/validator/type.jsp?rev=382882&r1=382881&r2=382882&view=diff
==
--- struts/action/branches/STRUTS_1_2_BRANCH/web/examples/validator/type.jsp 
(original)
+++ struts/action/branches/STRUTS_1_2_BRANCH/web/examples/validator/type.jsp 
Fri Mar  3 08:31:45 2006
@@ -55,6 +55,21 @@
 
   
 
+