Re: [OS-webwork] WW and J2EE based security
On Fri, Mar 07, 2003 at 09:32:56PM -0800, Jason Carreira wrote: -Original Message- From: Anders Engström [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2003 4:38 PM To: [EMAIL PROTECTED] Subject: Re: [OS-webwork] WW and J2EE based security On Fri, Mar 07, 2003 at 10:10:48AM -0800, Jason Carreira wrote: I created a RoleActionFilter and RoleRestricted interface that our actions implement which returns a String[] of acceptable roles. The RoleActionFilter gets the Action using the ActionFactory and, if it implements RoleRestricted, it checks the role of the current user against the acceptable roles and either allows access or throws a ServletException. Interesting approach.. how is this implemented together with container managed security? It calls isUserInRole(roleName) so it's directly using J2EE security. You have to be logged in to access the Action. You need to apply security to paths to cause the server to force a log in. How are un-protected views/actions separated from protected views/actions? Since there is no way to bind an action to a specific path in 1.3 which is the recommended way to specify parts of a WW application as protected? All of this is MUCH cleaner in WW2 where namespaces make Actions pinned to certain paths (or not, your decision, but at least you CAN decide). Hehe - well... I'm eagerly awaiting the arrival of ww2 :) But (see my previous post) we will be using ww 1.3. How much work would it be to hack/substitute code in 1.3 to make it handle paths like ww2 is supposed to? Yeah, I understand. We're doing the same at work, which is why I've developed this hack. I don't know how hard it would be, but it shouldn't be done, since it would change 1.3 significantly. IMO there should be a Best practices for WW and J2EE web resource constraint (or similar) in the docs (Wiki?). It ought to be a pretty common scenario and to promote WW as a framework for web development it is crucial. I'd be happy to put together a draft, but I need a little more input from all you WebWork gurus ;) //Anders -- |===| |Anders Engström| |[EMAIL PROTECTED]| |http://www.gnejs.net | |===| |Your mind is like an umbrella. | |It doesn't work unless you open it.| | /Frank Zappa | |===| pgp0.pgp Description: PGP signature
RE: [OS-webwork] WW and J2EE based security
-Original Message- From: Anders Engström [mailto:[EMAIL PROTECTED] It calls isUserInRole(roleName) so it's directly using J2EE security. You have to be logged in to access the Action. You need to apply security to paths to cause the server to force a log in. How are un-protected views/actions separated from protected views/actions? Since there is no way to bind an action to a specific path in 1.3 which is the recommended way to specify parts of a WW application as protected? I have different base Action classes which implement RoleRestricted and return different arrays of Strings with the allowed Roles. All of this is MUCH cleaner in WW2 where namespaces make Actions pinned to certain paths (or not, your decision, but at least you CAN decide). Hehe - well... I'm eagerly awaiting the arrival of ww2 :) But (see my previous post) we will be using ww 1.3. How much work would it be to hack/substitute code in 1.3 to make it handle paths like ww2 is supposed to? Yeah, I understand. We're doing the same at work, which is why I've developed this hack. I don't know how hard it would be, but it shouldn't be done, since it would change 1.3 significantly. IMO there should be a Best practices for WW and J2EE web resource constraint (or similar) in the docs (Wiki?). It ought to be a pretty common scenario and to promote WW as a framework for web development it is crucial. I'd be happy to put together a draft, but I need a little more input from all you WebWork gurus ;) //Anders Go for it! Jason --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
[OS-webwork] best practices around forms with multiple submit buttons
What's the recommended way of handling a situation where you have multiple form buttons? i.e. Save and Cancel. There are probably many ways to approach this and I'd like to hear how people on this list handle it. One way might be to use javascript to change a hidden flag field, and submit to an action that redirects to the right place. Another might be to use javascript to actually change the action...I haven't tried that but my first impression is that might be the cleanest way. Any ideas/advice? Thanks, Steve --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
RE: [OS-webwork] best practices around forms with multiple submit buttons
Just add names to the form elements, i.e. input type=submit name=doSave / input type=submit name=doCancel / And then add setters in your action: setDoSave() and setDoCancel(). In the doExecute() method, branch logic depending on which value was set. Depending on JavaScript generally is a bad thing IMHO. Regards, Kirk Rasmussen Lucasfilm Ltd. -Original Message- From: Steve Conover [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 2:05 PM To: Webwork Subject: [OS-webwork] best practices around forms with multiple submit buttons What's the recommended way of handling a situation where you have multiple form buttons? i.e. Save and Cancel. There are probably many ways to approach this and I'd like to hear how people on this list handle it. One way might be to use javascript to change a hidden flag field, and submit to an action that redirects to the right place. Another might be to use javascript to actually change the action...I haven't tried that but my first impression is that might be the cleanest way. Any ideas/advice? Thanks, Steve --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
RE: [OS-webwork] 'best practices' around forms with multiple submit buttons
:-) I don't know if there's a blessed way, but this is one of the purposes of the CommandDriven interface, so it's probably a good place to start. -Original Message- From: Steve Conover [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 5:39 PM To: [EMAIL PROTECTED] Subject: RE: [OS-webwork] 'best practices' around forms with multiple submit buttons I see, this must be the blessed way, I'll try this first. Thanks, Steve Set the button names to all be command and set the value to the name of a command in your CommandDriven Action and have methods named doSave,doCancel, etc. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
RE: [OS-webwork] WW2: JSTL, JSF, and SaveProperty
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Lightbody I've added basic JSTL support to WebWork2. Actually, it's really not JSTL support at all but rather the third use of the ww:property tag in WebWork 1.3. This tag is called ww:save-property (better names welcome!). snip/ - How about ww:push name=foo/ ? Rachel --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
RE: [OS-webwork] WW2: JSTL, JSF, and SaveProperty
Or ww:store name=foo/? John. -Original Message- From: Rachel McConnell [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 4:52 PM To: [EMAIL PROTECTED] Subject: RE: [OS-webwork] WW2: JSTL, JSF, and SaveProperty -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Lightbody I've added basic JSTL support to WebWork2. Actually, it's really not JSTL support at all but rather the third use of the ww:property tag in WebWork 1.3. This tag is called ww:save-property (better names welcome!). snip/ - How about ww:push name=foo/ ? Rachel --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
Re: [OS-webwork] WW2: JSTL, JSF, and SaveProperty
or perhaps ww:define / ? - Original Message - From: Jason Carreira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 10, 2003 8:58 PM Subject: RE: [OS-webwork] WW2: JSTL, JSF, and SaveProperty ww:set -Original Message- From: Patrick Lightbody [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 8:53 PM To: [EMAIL PROTECTED] Subject: Re: [OS-webwork] WW2: JSTL, JSF, and SaveProperty Or ww:store name=foo/? John. I like store... anyone got any better ideas? -Pat --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
RE: [OS-webwork] WW2: JSTL, JSF, and SaveProperty
-Original Message- From: Patrick Lightbody [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 7:16 PM To: os-ww Subject: [OS-webwork] WW2: JSTL, JSF, and SaveProperty I've added basic JSTL support to WebWork2. Actually, it's really not JSTL support at all but rather the third use of the ww:property tag in WebWork 1.3. This tag is called ww:save-property (better names welcome!). It takes the following params and has no body: 1) name - this is required and is the new name of the property (like @foo in the old EL). 2) value - this is optional. If it is specified, this is an Ognl EL that is used to find a value to be paired with the name. If it is not specified, the top of the stack is used. 3) scope - this is optional and defaults to webwork. Other choices are application, session, request, and page. If the scope is set as webwork, then you can refer to the value for the request of the request as #name where name is whatever you set in the tag. This is part of Ognl and is just like @name in the old EL. If you set the scope to page, then the value is now usable by JSTL tags. For example: ww:save-property name=world scope=page/ Hello, c:out value=${world.name}/ Will result in Hello, world assuming that the top of the stack is an action with a getName() method that is returning world. This is an active way to do JSTL support and should get us started. I'm looking for ways to automatically put the action classes in to the pageContext scope using possibly their action aliases. This would pave the way, I hope, for JavaServer Faces support, which I think would be a great addition if we have the time. -Pat What do you see as valuable in JSF? Every time I read about it it makes me a little queasy... It seems like Sun continuing to delude themselves about the usefulness of JSP as a paradigm. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
RE: [OS-webwork] WW2: JSTL, JSF, and SaveProperty
store is a good name -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Lightbody Sent: Tuesday, 11 March 2003 11:53 AM To: [EMAIL PROTECTED] Subject: Re: [OS-webwork] WW2: JSTL, JSF, and SaveProperty Or ww:store name=foo/? John. I like store... anyone got any better ideas? -Pat --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
Re: [OS-webwork] best practices around forms with multiple submitbuttons
Jason Carreira wrote: Set the button names to all be command and set the value to the name of a command in your CommandDriven Action and have methods named doSave,doCancel, etc. This does not work well with an i18n'ized app, and also doesn't work if the button name has several words. It's a very tough issue, and I don't have any better answer though... /Rickard --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork