Re: [Stripes-users] Accessing annotations directly from JSP/EL
On 21-12-2010 at 12:32, Ross Sargant wrote:
> I think I'm running in to problems because instances of annotations are not
> actually java beans.
> As an example if the annotation is defined as
> *
> @Retention(RetentionPolicy.RUNTIME)
> @Target(ElementType.FIELD)
> public @interface SearchText{
> String name();
> String description();
> }*
>
> I can't access the "name" value from EL using "${.name}".
>
> Any suggestions for work arounds? Is it really necessary to write bean
> style wrapper classes just to get this to work? I had a thought of dumping
> out all the annotation data into a map so I could at least
> get to it from EL however that requires reflecting on the annotation class
> itself to get the map keys and just seems to crazy.
While it's not needed to write a wrapper class, you do need a java snippet.
Something along the lines of this:
<%
Object object = pageContext.findAttribute("annot instance name");
SearchText searchText =
object.getClass().getAnnotation(SearchText.class);
String name = searchText == null ? null : searchText.name();
%>
Oscar
--
,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( Simplicity is prerequisite for reliability.
=/ () -- Edsger Dijkstra, EWD498
--
Forrester recently released a report on the Return on Investment (ROI) of
Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even
within 7 months. Over 3 million businesses have gone Google with Google Apps:
an online email calendar, and document program that's accessible from your
browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Preventing multiple form submission
On 16-11-2010 at 19:43, Newman, John W wrote:
> Is the token universally good for any http based application or am I
> missing something? Any reason you would NOT want this feature in your app?
> Obviously it could be flagged disabled, possibly even by default.
In general, I don't think it would take much, except that it adds at least
one error you'll need to handle ("form already submitted"). This needs to be
thought out well.
Then, another tricky part is whether the token is per application, page
(form), or per form/record combination. But I guess that's easily enough made
pluggable.
Oscar
--
,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( No trees were killed in the creation of this message. However,
=/ () many electrons were terribly inconvenienced.
signature.asc
Description: Digital signature
--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Preventing multiple form submission
On 16-11-2010 at 10:17, Nikolaos Giannopoulos wrote: > Just wondering how others elegantly solve this situation: > > 1) User is editing a form and fills it out and clicks submit button > 2) Form gets successfully processed on the server however before a > response is returned the user hits the stop button, their internet > connection drops, etc... > 4) User clicks on submit again and tries to re-submit the same > information(*) > > Now, this would be trivial if there was a unique piece of information in > the content being posted however lets assume someone posting some blog / > news content wherein there is really no unique info (e.g. although it > may be rare there is nothing wrong with 2 people say posting the same > content with the same title). > > I was thinking to tag the users session with the last successfully > submitted Stripes "_sourcePage" field and direct the user to the "view" > handler if they are trying to do an "edit" and the "_sourcePage"matches. > > Thoughts??? It is always possible to render a hidden field "nonce" with a bit of opaque information (like a random long, hex-encoded), that is also stored in the session. Generally, you get a flow like this: - A form is prepared - Generate a few random bytes (e.g. a long, anf hex-encode it) - Store the value in the session - Display the form, including a hidden field "nonce" with the generated value ... - When receiving a request that's not intended for a default handler, check the field "nonce": - If it isn't present, give an error - If it is present but doesn't match the value in the session, present an error message "this form has already been submitted", and re-display the form or the detail page - Otherwise the nonce is present and matches the stored value: perfect - Unless there is an error (see above), proceed as usual As a variation you may generate a nonce per form or form/record combination to explicitly allow people to edit multiple things at once. Also, given that I match on "default handler or not", it is perfectly possible to handle this using an interceptor and custom form tag. The first check upon submit forced the use of the custom tag, so there will be no omissions there. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Inequality is the inevitable consequence of liberty. =/ () -- Salvador De Madariaga - "Anarchy or Hierarchy" (1937) signature.asc Description: Digital signature -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] maven 2 archetype for stripes
On 13-11-2010 at 22:46, Rusty Wright wrote: > On the web page > > > http://www.stripesframework.org/display/stripes/Maven2+Archetype+for+Stripes > > it says you need to download and install the archteype. You don't need to > download and install the archetype; you can generate a project from it with > >mvn archetype:generate \ > -DarchetypeArtifactId=stripes-archetype-quickstart \ > -DarchetypeGroupId=net.sourceforge \ > -DarchetypeVersion=1.0 \ > -DgroupId=myGroup \ > -DartifactId=stripesTest \ > > -DarchetypeRepository=http://sourceforge.net/projects/mvnstripes/files/stripes-quickstart-1.0/1.0 Thank you. I've just checked the URL's origin and tested it (works perfectly), so I adjusted the web page. Regards, Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Even if you win the rat race, you are still a rat... signature.asc Description: Digital signature -- Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Maven convention
On 12-11-2010 at 14:44, Samuel Santos wrote: > Also, I do not understand why you should have to override the Java EE > authentication mechanism in order to have it propagated to the EJB tier. Can > you explain further? Actually, it's the other way around: if you want/need to override the JavaEE authentication mechanism, you'll run into problems because your custom authentication won't easily propagate to the EJB tier. Regards, Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://oscar.westravanholthe.nl/ (__ ( =/ () DRM "manages access" in the same way that a jail "manages freedom". signature.asc Description: Digital signature -- Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Maven convention
On 11-11-2010 at 20:57, Will Hartung wrote: [...] > Unfortunately, this is easier said than done, especially before Servlet > 3.0. It gets very container specific, especially if you want to propagate > the credentials back to the EJB tier in a JEE server. Here you touch the heart of many problems: AFAIK, overriding the JavaEE authentication mechanism and then propagating it to the EJB tier so it can be used by the standard mechanisms is container specific. It's probably easier (for local EJB's at least) to create an entire framework using a session variable, and ditch the standard mechanism altogether. > However, there's nothing stopping Stripes from leveraging the existing > infrastructure even if it doesn't provide a way to programmatically set the > role and principle. If someone uses out of the box Form or BASIC security, > the @Role or whatever annotations will do the trick. IMHO, this is the best course of action for any framework (if you need it): only add to the authorization mechanism, and let the container handle authentication and propagate the principal. > I know we have our own custom login handler and our own realm for > GlassFish, using its programmatic login so it all works within the > framework of the JEE server. But its also GF specific, we'd have to port > that were we to go to another server. > > As far as implementing those modules and such in Stripes, that's not its > role, frankly. We use Stripes for login forms, and feed those inputs in to > our security mechanism. We use a Filter like every one else, but rely on > the Principals and Roles back on the EJB tier. Indeed: a filter at least allows you to override the roles and principles in the request. Given that Stripes (and many other frameworks as well) work more or less in the context of a servlet, overriding the principal and roles isn't even feasible. Regards, Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( No trees were killed in the creation of this message. However, =/ () many electrons were terribly inconvenienced. signature.asc Description: Digital signature -- Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Maven convention
On 09-11-2010 at 12:17, Samuel Santos wrote: > I do agree that we should at least add the support for Java Authentication > and Authorization Service (JAAS) to Stripes core. Maybe I'm being silly here, but why? I mean, every servlet container and application server supports JAAS (the authentication part at least). I already can add authentication using web.xml, and the only tricky part here is that often my server needs to use my DB queries (which JBoss already had an excellent solution for years ago, IMHO). And honestly, I've not yet encountered a situation where JAAS authorization was used. I know that JAAS authorization can be used for user authorization, but specifying the permissions for users and objects in a dynamic way using JAAS is just too complicated. There are many frameworks offering an easier solution for this. There are only two reasons why I'd implement authentication using a filter: 1. When I want the HttpServletRequest.getUserPrincipal() to return a (proxy to a) domain object, or 2. When I want to use the JAAS LoginModule to it's full extend (i.e. create a login wizard using multiple calls to CallbackHandler.handle(Callback[]), like com.sun.security.auth.callback.TextCallbackHandler implicitly does). Please don't get me wrong: I think it is good to raise the security issue. It simply is that important. Maybe what I'm missing is consensus on what security means. I've seen it used as any combination of the following: - authentication (a user is who he says he is) - authorization (a user is allowed to do X, Y and Z, byt not F) - accountability (on this date & time, user X did Y) - extra confirmations (authenticating individual transactions, displaying extra information, etc. to combat cross-site scripting and other hacks) - data satefy(the C&D from ACID, and backups; a stretch, but ok) - SLA & uptime guarantees (this one surprised me) Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Progress is made by lazy men looking for easier ways to do things. =/ () -- Robert Heinlein signature.asc Description: Digital signature -- Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Dual Form... Log-in and Sign-up
On 29-10-2010 at 15:42, Nikolaos Giannopoulos wrote: > Can you elaborate a little more though on the overriding of > getSourcePageResolution() and what is involved there? Basically you'll need a subclass of ActionBeanContext with a Resolution field. If not null, your getSourcePageResolution() returns the value. If null, it returns super.getSourcePageResolution() instead. The result is that you can optionally override the value, but by default you won't. The method setContext(ActionBeanContext) of your ActionBean will use a setSourcePageResolution(Resolution) method on your ActionBeanContext to supply a ForwardResolution to redirect the user back to the appropriate form. Lastly, have a look at the following URL. It tells you how to use your class instead of the default ActionBeanContext: http://www.stripesframework.org/display/stripes/State+Management Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Simplicity is prerequisite for reliability. =/ () -- Edsger Dijkstra, EWD498 signature.asc Description: Digital signature -- Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Source forge description: It's stripey and itdoesn't suck
On 29-10-2010 at 18:51, VANKEISBELCK Remi wrote: > "Stripes: what else ?" Nescafe? Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Inequality is the inevitable consequence of liberty. =/ () -- Salvador De Madariaga - "Anarchy or Hierarchy" (1937) signature.asc Description: Digital signature -- Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Source forge description: It's stripey and itdoesn't suck
On 29-10-2010 at 16:37, jfonta...@codegap.com wrote: > > "Stripes: the missing link"? ;) Better. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( I disapprove of what you say, but I will defend to the death your =/ () right to say it. -- Voltaire signature.asc Description: Digital signature -- Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Source forge description: It's stripey and it doesn't suck
On 29-10-2010 at 09:11, Rick Grashel wrote: > When I used Stripes for the first time, my initial thought was... "This is > the missing thing I've been looking for." Every Java-based web framework I > looked at either had a piece missing or had too much things that I didn't > need. > > I'm not the best tag-line person, but I propose something that indicates > that Stripes is the missing piece... or perhaps that Stripes is exactly what > someone needs... or something along those lines. You mean: "Stripes: this missing piece in any webapp." Or maybe: "Stripes: the piece to connect it all together." Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () A half truth is a whole lie. -- Yiddish Proverb signature.asc Description: Digital signature -- Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Dual Form... Log-in and Sign-up
On 27-10-2010 at 17:38, Nikolaos Giannopoulos wrote: > Just about to build a horizontally split Log-in / Sign-up form and I was > thinking... > > The Log-in form entails a simple user name and password > The Sign-up form entails a wizard like interface for a multi-page set of > forms > > I am considering 2 options: > 1) 2 ActionBeans... [...] > 2) 3 ActionBeans [...] > > I know that splitting the forms into 2 separate pages is obviously the > simple solution but alas requirements are otherwise... . > > Any pointers on how others have tackled or would tackle such a problem? Your second option is best. Both have each form submit to a different ActionBean, which is exactly what you want. The second option though, allows each of the three beans to have it's own page. Combined with a custom ActionBeanContext, in which you can override the value of getSourcePageResolution(), you can do this: ActionBean 1 displays the page with both forms. ActionBean 2 handles login, but upon input errors it forwards the user to a page with only the login form (this form will need to be identical to the one on the first page, so you may want to use an include here). ActionBean 3 does something similar, but for the first (second, ...) page of the sign-up wizard. The same caveat applies to the form. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( It takes less time to do a thing right, than it does to explain why =/ () you did it wrong. -- Henry Wadsworth Longfellow signature.asc Description: Digital signature -- Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Odd Clean URL Binding??? (1.5.4 Snapshot)
On 28-10-2010 at 14:50, Nikolaos Giannopoulos wrote:
> We have the following:
> @UrlBinding("/share/{id}/{titleUrlified}/${event}")
>
> Where "id" is a Long and "titleUrlified" is a String
>
> When we test the following url:
> /share/0/anything/edit
>
> We get the following binding:
> id=0
> titleUrlified=anything/edit
>
> and the @DefaultHandler view() method gets invoked vs. the edit() method
>
> Why is titleUrlified NOT set to "anything"? Why is the binding so
> aggressive?
> Hopefully I am doing something silly. Anyone
This looks like the same difference as regular expressions have in greedy vs.
reluctant operators. Since the event is optional and a String may contain a
"/", it's possible for the String to bind everything.
Several choices can be made here:
- there can be at most one String parameter, and it must be the last (the
current greedy binding then works as expected)
- all parameters are required (AFAIK this is not the case now)
- new syntax is added to allow reluctant binding (as opposed to greedy)
- any combination of these (and others)
I'm not sure what choice is the best, but in my experience using the first
one is a workaround for the problem you're having now (although it may not be
an option given your requirements).
Oscar
--
,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( The haves and the have-nots can often be traced back to the
=/ () dids and the did-nots.
signature.asc
Description: Digital signature
--
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Thorough XSS Solution...
On 27-10-2010 at 20:13, Rick Grashel wrote: > I would recommend reading OWASP.org regarding this stuff. Their best > practices on XSS as well as SQL injection are very good. > > http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet > > -- Rick A very good point. One thing I'm missing in this thread though is that, AFAIK, cross site scripting attacks can also take the form of fully correct, sane user input! The important part here is that the user has not performed the action, but a script does it for them. As always, it's a matter of balancing risk and damage. For administrative applications it's usually enough that the data can be altered later. This then undoes the attack. For financial transactions, like internet banking and e-commerce, each transaction is usually authenticated separately. Combined with feedback on the actual transaction, this mitigates the risk of scripts spending your money quite well (it makes any attack visible). Oscar -- ,-_ Oscar Westra van Holthe - Kind http://oscar.westravanholthe.nl/ /() ) (__ ( Simplicity is prerequisite for reliability. =/ () -- Edsger Dijkstra, EWD498 signature.asc Description: Digital signature -- Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Source forge description: It's stripey and it doesn't suck
On 27-10-2010 at 21:27, Freddy Daoud wrote: > So, after all the brou-ha-ha-ha-ha of getting Stripes back > into action, let's hear suggestions for a new, catchy, witty, > smart, attractive tagline. > > Don't ask for mine, I've already used it for a book title ;) One option: Stripes... the skidmarks I leave because this framework isn't a straitjacket. (IMHO not really 'mature' though) Another option: Stripes: the best way to visualize rapid development. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Progress is made by lazy men looking for easier ways to do things. =/ () -- Robert Heinlein signature.asc Description: Digital signature -- Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and GWT
On 25-10-2010 at 12:01, farouk alhassan wrote: > Can the DynamicMappingFilter not be mapped to the DispatcherServlet like this? > > > DynamicMappingFilter > DispatcherServlet > REQUEST > It can, but this is really just a no-op. The DynamicMappingFilter only does something when the unfiltered request returns a 404 error. And when that happens, it already lets the DispatcherServlet handle the request. So in this setup, you can just as well leave it out. > > GWTServlet > /gwt > > > > DispatcherServlet > /* > > > Am not an expert in Servlet API so this may not be correct Although correct, this does have the effect of mapping everything except /gwt to Stripes. If that is intended, setup the DynamicMappingFilter to filter /* and remove the DispatcherServlet as it's already used implicitly. If you want the two separate URL spaces, remove the DynamicMappingFilter and map the DispatcherServlet to /stripes instead. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( If we don't believe in freedom of expression for people we despise, =/ () we don't believe in it at all. -- Noam Chomsky signature.asc Description: Digital signature -- Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and GWT
On 25-10-2010 at 10:26, farouk alhassan wrote: > > Thank you guys for sharing your experiences using these two frameworks. Will > go ahead and try to implement this in my project. > > @Oscar > I'm using the DynamicMappingFilter as described in Freddy's book. What is the > easiest way of making it ignore the servlet path of the GWT servlet? First, check/test if there is any overlap (i.e. a Stripes URL that is also handled by GWT). If there isn't, you're already good to go. If not, you could adjust all URL's (if using clean URL's). If this is too cumbersome or you have other reasons to enforce such a split in a generic way, you can: - remove the DynamicMappingFilter - use the DispatcherServlet mapped to a unique prefix The downside is that you can no longer bind to, say, '/'. The upside is that you can force all URL's that start with '/gwt' to be handled by GWT, and all URL's that start with '/stripes' by Stripes. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Inequality is the inevitable consequence of liberty. =/ () -- Salvador De Madariaga - "Anarchy or Hierarchy" (1937) signature.asc Description: Digital signature -- Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and GWT
On 24-10-2010 at 21:54, farouk alhassan wrote: > Is it possible to use Stripes with GWT smoothly in the same project. If so > what are some of the gothas and work arounds one should anticipate in this > aproach. > > If its not possible, what is the recommended approach to using a native > component framework with stripes? It's possible. But as always with using two web application frameworks at the same time, you'll need to manage the URL namespace (each framework assumes complete control over their namespace). This is easiest accomplished using a different prefix for each. The Stripes DispatcherServlet for example, is commonly bound to "/action" when not used implicitly by the DynamicMappingFilter. Also, when you can achieve the communication between the frameworks either though the session or by forwarding/redirecting the request, you'll have a robust design. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( No trees were killed in the creation of this message. However, =/ () many electrons were terribly inconvenienced. signature.asc Description: Digital signature -- Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and Portlets
On 18-10-2010 at 18:50, Søren Pedersen wrote: > Wouldn't it "just" be a question of writing a bridge from Jsr286 to stripes? > I am doing domething like that at the moment with a propritary CMS which > acts like a portalserver. I have written a bridge that handles URLs and > other stuff like state, security etc. > Planning on going to make it a Jsr286 later on, if I get the chance. > A bridge could be used as a pluggable component. Hi Søren, Once you have a semi-working version for JSR 286 and WSRP 2, I'd be more than a little interested in the design of it. Especially as I've seen customers struggling to grasp what's needed to make it work. So far, all "just a simple port" projects I've seen have ended up as at least a partial rewrite, up toa complete redesign of the view layer. Regards, Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Progress is made by lazy men looking for easier ways to do things. =/ () -- Robert Heinlein signature.asc Description: Digital signature -- Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and Portlets
On 18-10-2010 at 16:40, Grzegorz Krugły wrote: > iframe is the worst solution one could think of ;-) > It's not even proper HTML 4. For some, the same thing can be said about portlets. And certainly the first portlet specification (JSR 168) qualifies, as it doesn't support portlet specific non-inline CSS, dynamic images, file downloads, etc. (you'd need to setup a separate servlet, which defeats the point of a portlet). It's not until the second specification (JSR 286) that portlets can be considered seriously, IMNSHO. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () A half truth is a whole lie. -- Yiddish Proverb signature.asc Description: Digital signature -- Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and Portlets
On 18-10-2010 at 15:28, Oscar Westra van Holthe - Kind wrote: > To make Stripes work with portlets would require these steps: > 1. Convert the StripesFilter to a portlet filter. > 2. Convert the StripesDispatcher servlet to a portlet (it mainly handles the >lifecycle and lets other classes to the work, so this should be doable). > 3. In the dispatcher portlet, store the Resolution obtained from the event >handling, so it can be used during the rendering phase. > > As an added bonus, you'll need to: > - resolve redirects (impossible for portlets), > - ensure that the Resolution instance can be infinitely reused, > - be aware that rendering properties can and will be stored (and thus reused) > by the portal server, making selecting the default handler trickier Oh, and Resolutions require a HttpServlet and HttpServletResponse, so you'll need to create versions that wrap the corresponding portlet classes -- all three pairs of them: - ActionRequest/ActionResponse - RenderRequest/RenderResponse - ResourceRequest/ResourceResponse To add complexity, you'll need to detect when a Resolution actually provides a page or another resource (download, AJAX response, ...). The reason is that pages are rendered, while all other Resolution results are handled similarly to a dymanic image using a ResourceServingPortlet. You'll also need to provide a different tag to generate such resource URL's. All in all, I think it's easier to reuse Stripes' strengths such as the validators, population strategy, etc. and create a new lifecycle plus PortletBean and Resolution interfaces for it. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () A half truth is a whole lie. -- Yiddish Proverb signature.asc Description: Digital signature -- Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and Portlets
On 18-10-2010 at 13:40, andres wrote: > I want to ask, if anyone has used Stripes for portlets (JSR 168, JSR 286) > and if there is a way to use it with portal server (websphere). > We have one web application done with Stripes and we want run it like a > portlet on websphere portal server. > if anyone knows the subject or may give clues would greatly appreciate it. > Thanks, greetings I doubt if anyone has used Stripes for portlets, as servlets and portlets have an entirely different ecosystem around them (servlet container vs. portal). Also note that the portlet request cycle is different: action processing and rendering is separated. Also, much depends on the portlet version being used. The first specification doesn't allow extra resources such as CSS files, images, etc. and should be avoided (although I realize this choice is not always available). The portlets 2 and WSRP 2 specifications do allow these things, and thus can support Stripes. To make Stripes work with portlets would require these steps: 1. Convert the StripesFilter to a portlet filter. 2. Convert the StripesDispatcher servlet to a portlet (it mainly handles the lifecycle and lets other classes to the work, so this should be doable). 3. In the dispatcher portlet, store the Resolution obtained from the event handling, so it can be used during the rendering phase. As an added bonus, you'll need to: - resolve redirects (impossible for portlets), - ensure that the Resolution instance can be infinitely reused, - be aware that rendering properties can and will be stored (and thus reused) by the portal server, making selecting the default handler trickier Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( The haves and the have-nots can often be traced back to the =/ () dids and the did-nots. signature.asc Description: Digital signature -- Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] strange bug in select and options-collection tags
On 13-10-2010 at 11:20, Daniil Sosonkin wrote: > PS: Funny how you picked that up, hope you're not one of our > clients or that would be embarrassing The past 6 years I've intermittendly worked on financial simulations. As you know, a certain amount of statistical and econometric knowledge comes along with the territory, as well as knowing some financial products. Besides, living in the Netherlands, I doubt I could be working for one of your clients. Any organizations that might become clients are more likely to find a local software company. Ocar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( The unexpected happens. You had better prepare for it. =/ () -- Thatcher's law -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] strange bug in select and options-collection tags
On 12-10-2010 at 17:27, Daniil Sosonkin wrote:
>
> To all, not even sure this is a
> bug or am I doing something wrong, but I just can get the value
> selected properly. The code fragment is as follows:
>
> <s:select class="fields" name="strike" value="${strike}">
> <s:options-collection collection="${strikes}"/>
> </s:select>
>
> The form submits to an action bean that has getters and setters
> for the "private double strike".
Not sure if it helps, but doubles and floats are infamous for this kind of
thing. The select tag does an equality comparison, and floats and especially
doubles are a little imprecise so that fails. This is also why an equality
test on a float/double is taught as "Math.abd(d1-d2) < 0.001" or
similar instead of "d1 == d2" / "d1.equals(d2)".
In your situation, I'd convert the monetary value of the option's strike
price to a fixed point number (using a BigDecimal with a scale of 2, 3 or
maybe 5) or even an integer number (the BigDecimal multiplied by 100, 1000 or
10).
Oscar
--
,-_ Oscar Westra van Holthe - Kind http://oscar.westravanholthe.nl/
/() )
(__ ( Simplicity is prerequisite for reliability.
=/ () -- Edsger Dijkstra, EWD498
--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Need help: problem with SecurityManager and persistence
On 07-10-2010 at 14:27, John Berninger wrote: > I'm getting a LazyInitializationException when I attempt to log in > to a webapp I'm writing / testing, and I'm not sure what I'm doing > wrong. In about all cases I see this, it is caused in code that runs in a view layer. More specifically, outside the transaction for which a JPA EntityManager, Hibernate Session, JDO PersistenceManager, ... is defined. The design pattern "Open session in view" is your friend here. It ensures that even after the transaction ends, you can still query the database for the information you need on screen (read-only IIRC, but that's what you want anyway). Decisions on eagerly/lazily fetching of relationships can then be deferred to optimization time. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Simplicity is prerequisite for reliability. =/ () -- Edsger Dijkstra, EWD498 signature.asc Description: Digital signature -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Best way to handle hierarchy of objects?
On 07-10-2010 at 01:45, Aurangzeb Agha wrote:
> I have a tiered set of model objects:
>
> Restaurants have one ore more Menus that have one or more Items.
>
> I've expressed the Restaurant to Menu relationship as follows:
[snip: bidirectional 1-n relationship]
> I'm curious about a couple of issues:
>
> 1. I want to make sure that when a menu is created *for a restaurant*, not
> more than one menu *with the same name *can be created for that restaurant.
> Is controlling this with the UniqueContraint the right way to go?
Yes, especially at the start. Having the database restrict your data to your
own constraints helps you to keep your code correct: if it isn't the database
will return an error.
The second step (sadly often done as step one) is to make your code behave as
you want it. Wedged between the database constraints and your unit tests,
your code can only be good.
> 2. Do I need to create a Restaurant object *in* the Menu? What I want to
> ensure is that when a menu is created for a restaurant, I have a way of
> knowing which menu was created for which restaurant. Should I just have an
> "int restaurantId" parameter in place of the Restaurant object? If so, how
> do I ensure the constraint in point #1 holds true?
Use a Restaurant object instead of the id (you can always ask the object for
its id if you need to).
As for the first part, that is a matter of preference. Keeping it simple, you
have two options:
1. Menu menu = new Menu(restaurant, "name");
2. Menu menu = restaurant.newMenu("name");
Assuming that a Menu cannot exist on its own (it must be created for a
Restaurant), I'd choose option 2. As a bonus, it's easier to verify the name
is unique within the restaurant.
On the other hand, if a Menu _can_ exist without a Restaurant (not the case
as you marked the restaurant field non-optional), option 1 is better.
Oscar
--
,-_
/() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
(__ (
=/ () QED - Quite Easily Done
signature.asc
Description: Digital signature
--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Finally, 1.5.3 available from maven central !
On 03-10-2010 at 14:42, amagha wrote: > > I've never used Maven and would love a link to a good primer on why and how > to use it. Anyone have any suggestions? In the mean time, I'll check out > the Apache Maven page. Something I've not seen on any website (not even on the Apache Maven page), is the most compelling reason a developer wants to use maven. After all, why bother, if you have a working ant build? If it ain't broke, don't fix it, right? Despite that, I'm very happy to have switched to Maven. Not because a pom.xml file is easier to read or write than an ant script (it's a different angle, not easier or more difficult IMHO). For me, the main reason to use Maven is its dependency mechanism. Yes, the plugins are nice, but ant tasks get the job done too. Having an online repository is a help, but a share with most used libraries works too. Maven's dependency mechanism is something else though. The main advantages: - Transitive dependencies (i.e. the dependencies of dependencies) are included automatically. - You can have different dependencies for compilation, testing and running the application. This to accommodate differences like jars available in the application server, jars needed for unit tests and jars needed to run the application. - Maven handles all dependencies, in that it collects them and places them in the correct locations, adds them to the classpath during compilation and testing, etc. - That Maven can handle any build as dependency (i.e. also .war, .ear, .rar, .sar files) is just icing on the cake. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Even if you win the rat race, you are still a rat... signature.asc Description: Digital signature -- Virtualization is moving to the mainstream and overtaking non-virtualized environment for deploying applications. Does it make network security easier or more difficult to achieve? Read this whitepaper to separate the two and get a better understanding. http://p.sf.net/sfu/hp-phase2-d2d___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Security and Authentication
On 18-09-2010 at 18:17, Thomas Menke wrote: > I am currently trying to implement an authentication system for a small > web application. The article "Security Interceptor for custom > authorization" sounds promising to me but unfortunately it says "On how > to setup security authorization/authentication for > org.stripesstuff.plugin.security.J2EESecurityManager, see the Servlet > spec 2.4 and your servlet container documentation." > > I searched the web for the specs and started to read read trough the > section that I thought is relevant for this. I found a lot of documents > that state that everything that I want to do is possible, but I never > figured out how to actually implement the authentication. Hi Thomas, The reference to the servlet spec. is intended for the J2EESecurityManager only. If you already understand the workings of @DenyAll, @PermitAll and @RolesAllowed, you can ignore it. This assumes you already have the plugin working. Both the article on the website as the javadoc of the package org.stripesstuff.plugin.security describe how. Is this working? If in doubt, enable debug logging for the package org.stripesstuff.plugin.security (the plugin uses the same logging system as Stripes). Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( The haves and the have-nots can often be traced back to the =/ () dids and the did-nots. signature.asc Description: Digital signature -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] The best way to separate variabls in a larger form from the action.
On 10-09-2010 at 12:03, andres wrote: > Could you explain more detail how [binding into the domain model, using > Stripersist] work, and how to implement? Stripersist is hosted at the StripesStuff project, and contains an example as well: StipesStuff: http://sourceforge.net/projects/stripes-stuff/ Stripersist 1.0: http://sourceforge.net/projects/stripes-stuff/files/Stripersist/1.0/ The Stripersist example contains three files of interest: - /WEB-INF/web.xml (note the the extension packages) - /WEB-INF/src/ExampleActionBean.java (the magic is here :) ) - /WEB-INF/src/SimpleEntity.java (because ExampleActionBean needs it) Note that this example is also an example of binding into your domain model. For more on that, see: http://www.stripesframework.org/display/stripes/Binding+Into+Domain+Models The only thing not covered by the Stripersist example is @StrictBinding. It's javadoc is pretty straightforward, and can be found here: http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/action/StrictBinding.html Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Simplicity is prerequisite for reliability. =/ () -- Edsger Dijkstra, EWD498 signature.asc Description: Digital signature -- Automate Storage Tiering Simply Optimize IT performance and efficiency through flexible, powerful, automated storage tiering capabilities. View this brief to learn how you can reduce costs and improve performance. http://p.sf.net/sfu/dell-sfdev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] The best way to separate variabls in a larger form from the action.
On 10-09-2010 at 10:52, andres wrote: > What is the best way to separate variabls in a larger form the action? In > Struts 1 you have a separate action (for the logic) and form (to use for > fields). In Stripes have all this in action. Hope I explained well. > > I thought to create a class NameModel with a variabls for a form and extend > it of BaseActionBean and then extend my NombreActionBean class of > NameModel to separate variables (form fields) from ActionBean and can > access to them. And use only for the logic NombreActionBean. > > Do you know the better way to do it? After picking up the form fields > NameModel would have to pass them to DAO object to store in DB. Personally, I let Stripes bind directly into my domain model. By using the Stripersist extension and the @StrictBinding annotation. This way, I have several advantages: 1. The action bean doesn't become cluttered with properties. 2. I do not have to maintain an extra class (which can outdated). 3. I do not have to manually load the object being changed (Stripersist handles this). 4. Anything I don't specify/validate remains untouched (even if specified in the request parameters), thanks to @StrictBinding Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( I disapprove of what you say, but I will defend to the death your =/ () right to say it. -- Voltaire signature.asc Description: Digital signature -- Automate Storage Tiering Simply Optimize IT performance and efficiency through flexible, powerful, automated storage tiering capabilities. View this brief to learn how you can reduce costs and improve performance. http://p.sf.net/sfu/dell-sfdev2dev___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] New Stripes Website Google Group (Repost)
On 02-09-2010 at 17:32, Edward Smith wrote: > While I appreciate the enthusiasm and effort, right now my concern is not > with hashing out details to a new web site for Stripes. I was > disappointed, though not surprised, to learn that Tim is no longer involved > and that is a much bigger issue. Basically we're all on a ship without a > captain and thus have no idea where we're going. > > Many successful Open Source projects have a name behind it: Spring - Rod > Johnson, Grails - Graeme Rocher, JBoss - Marc Fleury, Hibernate - Gavin > King, etc. Tim is/was the name behind Stripes. As far as I'm concerned, Ben is the man behind Stripes. Tim had a fantastic idea, and build Stripes to realize it. But since it did what he needed, he had no interest in further development (and with time being precious, I won't blame him). Since then, Ben has continued development, made decisions, etc. Stripes is every much Ben's accomplishment as Tim's now. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( The unexpected happens. You had better prepare for it. =/ () -- Thatcher's law signature.asc Description: Digital signature -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes Development and its Future... (long)
On 01-09-2010 at 21:20, Morten Matras wrote: > Yes - Stripes is in danger - A danger that comes from the fact that this > framework is so good that it is difficult to improve (at least the core). A good point, and extremely accurate. > To make the brand (and thereby the framework) stronger I think it could be a > good idea to "allow" sub-frameworks to emerge. This will engage developers > and add value to the core. I think sub-framework is not a good term here; extension is better. Regardless of what name is best, there is an insufficiently (at least IMHO) advertised project to accommodate just that: Stripes-Stuff http://sourceforge.net/projects/stripes-stuff/ It is also the home of Stripersist, and the StackOfStripes suggestion would be an excellent addition. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Progress is made by lazy men looking for easier ways to do things. =/ () -- Robert Heinlein signature.asc Description: Digital signature -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Nested Layout Grief and 1.5.4 Snapshot
Hi Nikolaos, What I see in short, is this: 1. forwards are to design_site.jsp 2. design_site.jsp renders layout 3c.jsp (with the components col_center, col_left and col_right replaced) 3. 3c.jsp defines a layout, which renders layout html_template.jsp (with the component block_body replaced) 4. html_template.jsp does not define a template, but only contains a component. Is this correct? If so, enclose the entire HTML template in a s:layout-definition tag and behold the result. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( If we don't believe in freedom of expression for people we despise, =/ () we don't believe in it at all. -- Noam Chomsky -- Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Validation errors
On 13-08-2010 at 09:29, Aaron Stromas wrote: > > It worked! So, with RedirectResolution the ValidationErrors are not > considered? Not quite. They don't exist anymore. A little background: - A redirect is a small response, that redirects the browser to another page. The page is retrieved in a new (!) request, and the URL in the browser changes. - A forward is not a response per se, but directs your server/Stripes to forward the request to another URL to handle the response. The code generating the forward will have done some preprocessing. The URL in the browser doesn't change, as it's still the same request. The validation errors are stored as a request attribute. When you return a ForwardResolution, the JSP page can retrieve and use them. If you return a RedirectResolution instead, the browser sends a new request, which doesn't have any errors stored. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( The unexpected happens. You had better prepare for it. =/ () -- Thatcher's law signature.asc Description: Digital signature -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] JSR 303 integration and addition to stripes around?the web
On 08-08-2010 at 04:49, Alamgir Kahn wrote: > You could make it a Google Project: http://code.google.com/projecthosting/ > > writes: > > ... > > If anyone is interested I'll also post my JSR 303 integration that I > > developed for my site since no one else seems to have done it yet. Or add it to Stripes-Stuff (http://sourceforge.net/projects/stripes-stuff/). I don't remember who I mailed for commit access, but one of the three listed developers should be able to help you. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( No trees were killed in the creation of this message. However, =/ () many electrons were terribly inconvenienced. signature.asc Description: Digital signature -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] stripes layout
On 29-07-2010 at 06:26, spliffy wrote:
> I'm using the stripes layout manager. included in my 'header.jsp' is a nav
> bar. I'm looking for an elegant way to highlight the currently selected page
> in the nav bar. The best I 've come up with so far is to pass a
> 'pageSelected' parameter in my pages, like so:
>
>
>
> and then have lots of to check the value in my header.jsp and
> apply styles where appropriate. However, it seems so clunky and is not easy
> to maintain - is there a more elegant solution that i've missed?
You could use CSS, and name your tabs:
ol.menu { /* normal, unselected style */ }
ol.menu li { /* usual style */ }
ol.tab1selected li#tab1,
ol.tab2selected li#tab2,
ol.tab3selected li#tab3 { /* selected style */ }
With a JSP snippet like this:
Tab 1>
Tab 1>
Tab 1>
--
,-_
/() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
(__ (
=/ () A half truth is a whole lie. -- Yiddish Proverb
signature.asc
Description: Digital signature
--
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] File Download
On 26-07-2010 at 19:12, Radim wrote: > I have a problem with file download. I'm trying to do file upload and > download to/from server. File upload works just fine. But I have a probelm > with download. I used StreamingResolution with InputStream. [...] > But if the file is larger than something around 70 or 90 MB, java throws > "java.lang.OutOfMemoryError: Java heap space". It seems like Java is trying > to load whole file to RAM and then send it to browser. But I would like to > work with large files - 2 GB. > > Is there any way to send large file to browser? Actually, the code you're using seems fine to me. StreamingResolution doesn't load the whole file in memory (at least 1.5.3 doesn't, I just checked the source). Which version of Stripes are you using? Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( If we don't believe in freedom of expression for people we despise, =/ () we don't believe in it at all. -- Noam Chomsky signature.asc Description: Digital signature -- The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://ad.doubleclick.net/clk;226879339;13503038;l? http://clk.atdmt.com/CRS/go/247765532/direct/01/___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] stripersist: recreating (drop/create) a database
On 20-07-2010 at 17:48, Lev wrote: > from the previous emails, i understand that i can employ > the import.sql approach to create a database and can drop > a database by executing SQL commands. Creating the tables of the database is done by Hibernate. The statements in import.sql are executed after that. In essence, import.sql is for test and/or initial data. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://oscar.westravanholthe.nl/ (__ ( =/ () DRM "manages access" in the same way that a jail "manages freedom". signature.asc Description: Digital signature -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] stripersist: recreating (drop/create) a database
On 13-07-2010 at 12:01, Thomas Menke wrote: > On 07/13/2010 08:22 AM, Lev wrote: > > would anybody happen to know how to recreate (drop, then > > create) a database with stripersist? > > > > further, do you know how to drop/create a specific table > > within a database? > > > > i'm using hibernate with stripersist. > > Do you want to change the structure of the table at runtime? If you do > not want to change the structure you could use a simple truncate query. > > I use this property in my persistance.xml to update tables when I deploy > my application: > > > And in addition to this, if Hibernate creates your database (e.g. when you set the property to create or create-drop), it'll try to read the file "import.sql" from the root of your classpath. If the file exists, Hibernate executes the SQL statements after creating your database. You can use this to insert initial data. Personally, I use this with a HSQLDB in-memory database to test my code. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( The haves and the have-nots can often be traced back to the =/ () dids and the did-nots. signature.asc Description: Digital signature -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Model Initialization: Action Bean Populate vs. JPA Load
On 06-07-2010 at 23:40, Nikolaos Giannopoulos wrote: > It's unfortunate though that the initialization has to be > considered in 2 places i.e. for each attribute to initialize... once > in the getter... and then again to ensure the getter is called in > the @PrePersist and @PreUpdate method. Also if you have a subclass > heirarchy you will need to ensure that the @PrePersist and > @PreUpdate methods also call super.preSave() (or whatever the method > was called) as JPA at least when implemented with Hibernate appears > to not call the same method annotated with @PrePersist and > @PreUpdate in a super class (haven't tested if naming the methods > differently would make them all get called in the heirarchy). This is unfortunate, as (IIRC) the spec says _all_ event handlers must be called: there may be more than one. But then again, I may be confused with JPA2, as that is what I'm working with lately. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Simplicity is prerequisite for reliability. =/ () -- Edsger Dijkstra, EWD498 signature.asc Description: Digital signature -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Model Initialization: Action Bean Populate vs. JPA Load
On 06-07-2010 at 12:29, Nikolaos Giannopoulos wrote: > Unfortunately it won't work. I didn't know this previously but > discovered that JPA by default obtains the data from the Entity > objects via reflection NOT via its getters. What this means is that > when the object is being persisted the getters are never called. > Apparently the access type can be controlled in hibernate / JPA to > use field or property access but the default is field and it is > recommended for a number of reasons. The way I see it, there are two possibilities: 1. The object is not persisted, meaning the property is initialized to null and the getter can lazily initialize it. A @PrePersist and a @PreUpdate event handler simply call the getter to ensure there is a value prior to persisting/updating it (the latter only if it can be set to null). 2. The object is persisted, meaning the property has a value (due to the @PrePersist event handler). In that case the field will be initialized correctly by the JPA provider, and the getter will recognize it only needs to return the value. Am I missing something here, why such a solution cannot work? Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () A half truth is a whole lie. -- Yiddish Proverb signature.asc Description: Digital signature -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Database backed ResourceBundle
On 09-06-2010 at 04:08, Daniel Cane wrote: > Please point me in the right direction on how to create a db backed resource > bundle and us it with stripes. I found a few links to the stripes book's > (which > I own -- good book) blog, but those have been removed. I have extended > runtimeConfiguration and impl my own localizationBundleFactory, now I just > need > a pointer or two on how to create a DB backed system which returns > ResourceBundles. Your best bet is to ignore the static methods in ResourceBundle, and to create a subclass that: - Retrieves the data from the database - Implements the abstract methods getKeys() and getObject(String) Note that the methods getString(String) and getStringArray(String) use getObject(String) and perform a cast. Personally I prefer to initialize such a ResourceBundle in the constructor, but your application design is the only requirement here. As for the database, I usually ensure that all records have the fields matching the Locale class (language, country, and sometimes also variant), a label and the actual text. Furthermore, I ensure all fields are set for all records. This makes potential queries a _lot_ easier. Any search has it's requested Locale augmented with defaults (e.g. "en" becomes "en_US", "nl" becomes "nl_NL", "nl_BE" remains "nl_BE" and "" becomes "en_US"). At this point I also check if the Locale is supported. After that, the actual query is plain, and its result easily cachable: SELECT t.text FROM Translation t WHERE t.label=:label AND t.language=:language AND t.country = :country AND t.variant = :variant; > BTW - my requirement is to be able to programatically append to the bundle and > messing around with the .properties file triggers all sorts of nasty things > like > spontaneous reloads.. If there is an alt solution, I'm all ears. For performance, you'll find you do need to cache the texts your ResourceBundle provides. By invalidating the cache, say, each half hour if there are changes to the translations in the database. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( It takes less time to do a thing right, than it does to explain why =/ () you did it wrong. -- Henry Wadsworth Longfellow signature.asc Description: Digital signature -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Autopopulating forms with values from... where?
On 06-06-2010 at 10:36, Thomas Menke wrote:
> Think of the following scenario: There is a form for editing a certain
> entity stored in a database. The form contains a check box "delete this
> entity" with the name delete. If the check box is checked, the entity
> will be deleted when the user hits the save button.
> Now a malicious user sends a link to a well meaning user to the form
> "Could you have a look at this entity and change property x, it contains
> a spelling mistake: http://example.com/edit.action?delete=1. Now when
> the well meaning user clicks that link the delete check box will be
> checked by default and if the user does not pay that much attention, the
> entity will be gone forever and everyone will be very very startled who
> deleted it... Nobody knows, maybe not even the well intentioned user.
> The simplest fix to this problem that I can think of is to only use http
> parameters if the request was an http POST instead of a GET. This would
> not do any harm to the validation systems, because forms are usually
> send by POST anyway and it is wy harder to trick well intentioned
> users into making a certain POST request.
> Or what is your opinion on that?
Even for such requests, I'd interpret the parameters in the URL in addition
to the POST parameters. My main reason is that is allows clean URL's, but
even without it still gives you more flexibility (I need that much
flexibility in about one in every 5 programs).
Having your ActionBean verify that destructive operations are only allowed
via a POST request are still a good idea though.
> I do like the "Action first" model and I placed all my JSP files in the
> WEB-INF directory to make them unavailable for direct calls. But I do
> have more than one action bean. In this case there are two action beans
> involved: The FormActionBean and the SaveActionBean. The FormActionBean
> loads an entity from the database if an id has been supplied (to
> prepopulate the form) and just displays the form. But the form does not
> submit to the FormActionBean. Instead the data is send to the
> SaveActionBean (...).
> I did this because at some point I got a little confused within my own
> code with all the @Validate(on={"foo","bar","foobar"}). To get rid of
> all the variable declarations that I don't need in certain methods I
> started putting every method in a separate action bean. Unfortunately I
> discovered that this breaks the automatic population of the form.
> Would you consider that bad practice what I am doing and advise me to
> always put the method that displays the form into the same ActionBean as
> the method that is executed on submit?
Instead of using different ActionBean's for one form, I prefer to use a
composite structure for both the JSP forms and the ActionBean classes (the
common parts go into a superclass / parent layout). This way I still have the
field separation, while also adhering to the "one JSP, one ActionBean"
design. In fact, my ActionBean classes and JSP pages always have the same
directory/package and 'inheritance' structure. Keeps things simpler.
Oscar
--
,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( If we don't believe in freedom of expression for people we despise,
=/ () we don't believe in it at all. -- Noam Chomsky
signature.asc
Description: Digital signature
--
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] SecurityManager.Class not called on @ValidationMethod(on = ...) method, is it a bug ?
On 03-06-2010 at 09:39, Poitras Christian wrote: > Hi Laurent, > > I've looked at the source code of SecurityInterceptor. > As long as binding does not generate an error, CustomValidation step is > executed prior to checking access. > After validation, access is checked only if CustomValidation step generates > an error. > > On EventHandling step, access is checked prior to executing event. > > I don't know if this can be considered as a "bug" or a "feature", so it would > be better to ask Oscar Westra van Holthe - Kind or Fred Daoud. This is a feature: - after validation, the user may see the screen again (errors) If access will be denied on the basis of this information, better do it now. Otherwise the user will go through all the trouble of correcting the input, only to be denied access. - before the event is the last moment access can be checked, and the information will be as complete as possible. So unless allowed, access is denied. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( It takes less time to do a thing right, than it does to explain why =/ () you did it wrong. -- Henry Wadsworth Longfellow signature.asc Description: Digital signature -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and Spring - Exception if doing INIT in Constructor
On 26-05-2010 at 19:53, Nikolaos Giannopoulos wrote: > Oscar, > [...] > The problem here appears to be that Spring beans get initialized > BEFORE Stripersist initializes itself... or at least that is how it > appears... and as such invocations to Stripersist after bean > creation / DI will throw errors regardless of whether I am doing > Constructor vs. Setter based injection... unless I am missing > something? > > If I did miss your point what do you propose as a solution? I may have missed the point too, given your description. The NPE tells me that the class is in an invalid state. Some of the reasons may be that Spring isn't injecting that state (at all or yet), another that the interceptors are called in the wrong order. Due to the annotations, I do not believe the latter. As a result, I try to structure the code to force it to initialize the autowired dependencies first. Constructor injection does that, though I do not know if there is another way. Failing that, I'd hazard a guess that Spring isn't managing the instance that throws a NPE. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Even if you win the rat race, you are still a rat... signature.asc Description: Digital signature -- ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and Spring - Exception if doing INIT in Constructor
On 26-05-2010 at 03:16, Nikolaos Giannopoulos wrote:
> So we have the following code excerpt:
>
> @Service
> public class ModalityServiceImpl implements ModalityService {
>
> @Autowired
> private ModalityDao modalityDaoImpl;
>
> public ModalityServiceImpl() {
> this.initService();
> }
>
> private void initAfter() {
> List modalityList = this.modalityDaoImpl.findAll();
> // ** NPE ** - this.modalityDaoImpl ** IS NULL **
> this.modalityCache = new ModalityCache();
> this.modalityCache.init(modalityList);
> }
>
> However, the above results in a NullPointerException at the line marked
> with ** NPE ** because this.modalityDaoImpl is NULL which clearly
> indicates that Spring has not completed the Autowiring and we are trying
> to invoke a method on.
I may be going against dogma here, but I prefer all classes to be in a valid
state all the time. So no Spring injection into fields: after construction
the object is in an invalid state until Spring completes the injection.
Instead, I let Spring do Constructor injection.
CON: I need to set the field myself (but I can make it final)
PRO: The constructor can do the initialization
Oscar
--
,-_
/() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
(__ (
=/ () QED - Quite Easily Done
signature.asc
Description: Digital signature
--
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] I Picked Templating Engine X... Over JSPs and Stripes TLDs... and This is WHY???
On 26-05-2010 at 13:22, Nikolaos Giannopoulos wrote: > --> At least 3 "specific" "key" reasons why "their choice" of > templating engine was selected over JSPs and built-in TLDs? At my work, the choice is usually made due to a simple criterion: "Will it be used outside screen rendering?" If no, only the choice of web framework (e.g. Tapestry for a large leasure company) can dissuade us from using JSP's and tag files. If yes, it's usually easier to use another templating engine for the things we build. The criteria: - it must do EL path expressions (or similar) - it must be able to (re)use tag libraries - it should do custom tags, snippets or whatever they're called Freemarker fits this list well enough. Just my 0.02... Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () DRM "manages access" in the same way that a jail "manages freedom". signature.asc Description: Digital signature -- ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and Java Scopes?
On 29-04-2010 at 17:16, Nikolaos Giannopoulos wrote: > In Java there are 4 types of session scopes below. > > Clearly JSPs use "page" scope and a framework most likely will > utilize "application scope" but does: > > 1) Stripes utilize "request" scope at all and if so where? > > 2) Stripes utilize "session" scope outside of ActionBeanContext and > Flash Scope? IIRC, Stripes does not use the application scope, but instead uses a Filter to scope a configuration to a specific set of URL's. This means you _can_ use Stripes with multiple configurations (whether you should is another matter). Stripes uses the session scope to implement it's flash scope only. You can use it to store ActionBean instances in the session as well, as illustrated by the @Session annotation in StripesStuff: http://www.stripesframework.org/display/stripes/Save+ActionBean+fields+in+session Stripes uses the request scope to store the action bean for the JSP's it forwards to. This allows the Stripes tags to access the properties and public fields of the ActionBean -- Stripes treats public fields as properties, as a convenience to not need to write boilerplate getters & setters. Stripes does not use the page scope for its core functionality; it may do so for its layout tags, but I'm not sure about that. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () DRM "manages access" in the same way that a jail "manages freedom". -- ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Why does Flash Scope use "session" scope?
On 29-04-2010 at 17:15, Nikolaos Giannopoulos wrote: > From the docs it appears that Flash Scope uses "session" but not > "request" scope and that it does some prefixing to avoid conflicts if > the Flash Scope was used more than once for the same named attribute. > It also appears to timeout objects after 2 minutes so it has some cleanup. [...] > I'm sure there are some pretty simple and very valid reasons as to why > it wouldn't simply use "request" scope. > > Anyone know why? > ( I suspect it has something to do with forwarding or redirecting requests ) When forwarding a request, a framework can simply put the action bean in the request scope, and the JSP page can access it. For a redirect this is not possible, because the page is rendered in a different request. The flash scope is designed to fix this 'problem', and to implement it we need to use the first scope above request, the session scope. This is then artificially limited to respond only to specific redirects (magic I cannot explain), and cleaned up after 2 minutes if not used. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( No trees were killed in the creation of this message. However, =/ () many electrons were terribly inconvenienced. -- ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] NumberFormatException for array length???
On 26-04-2010 at 14:59, Aaron Stromas wrote:
> My action bean has a String[] valued property with getter and setter, say,
> x. The JSP is happy with using the array in collection="x"/> but referring to ${actionBean.x.length} generates
> NumberFormatException. Does it make sense? Thanks,
Sadly, yes: length is not a JavaBeans property (the method name is length(),
not getLength()). Using a Collection won't help either, as the method name is
then size() (not getSize()).
But there is also good news: you rarely need the length on its own. Usually,
the entire array is important:
- when building the page you can iterate the elements (and using the
attribute varStatus you can name a variable of the type
javax.servlet.jsp.jstl.core.LoopTagStatus which has a convenient getIndex()
method)
- when parsing the resulting request parameters, Stripes will happily bind to
an array or List. See here for more details:
http://www.stripesframework.org/display/stripes/Indexed+Properties
Oscar
--
,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( The haves and the have-nots can often be traced back to the
=/ () dids and the did-nots.
signature.asc
Description: Digital signature
--
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] modifying the response in an Interceptor
On 23-04-2010 at 02:45, Yves Senn wrote: > We have an Intercepter, which needs to modify the response (set Headers), > what is the prefered way to do this? Does this have an impact on the > LifeCycleStage the Intercepter can be used? An interceptor is essentially a filter. It can choose to let the event life cycle continue, or step in and provide it's own Resolution. But it can also do both: let the execution proceed() first, and then wrap the Resolution. In the Resolution, you can: - Set the response headers, and then let the wrapped Resolution do it's thing (note that it may override the headers you've just set). - Wrap the Response as well, thus doing the same as above while ignoring any/some headers the wrapped Resolution sets. Your implementation consists of: 1. an Interceptor 2. a wrapping Resolution or an entirely different Resolution 3. Optionally a wrapping HttpServletResponse Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () QED - Quite Easily Done -- ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Seeking advice on StreamingResolution
On 22-04-2010 at 10:13, Aaron Stromas wrote: > I am using the StreamingResolution to fetch a PDF. Unfortunately, the PDF is > generated on the fly and can take seriously long time. I'd like to pop up > one of those javascript busy-wait windows, which would be taken down by the > page that loads if I were able to hook the onload event on that page. > Unfortunately, with the StreamingResolution I can't do that. The problem > needs to be tackled differently. Any suggestions? TIA The first thing that popped into my mind was this: http://www.stripesframework.org/display/stripes/Wait+Page+for+Long+Events In short, it's a wait page (with and without AJAX updater), what automagically inserts a wait page between the initial request and the completion of the slow event (i.e. generating the PDF). Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Even if you win the rat race, you are still a rat... signature.asc Description: Digital signature -- ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Implementing a call stack in the FlashScope
On 16-04-2010 at 16:27, Pascal wrote: > I am trying to implement a call stack with stripes so that I can return > the user to the page he came from, e.g. after processing a POST. [...] > Now, where I'm stuck atm: > > I am storing the pages in a java.util.Stack that is stored in the > FlashScope. The problem here is that when I'm forwarding to a JSP the > FlashScope is lost (I'm using the Preaction Pattern). If you need a stack, i.e. if you also want to be able to create breadcrumbs, you'll need to store it in the session. The flash scope is only designed for giving values to a designated bean after a redirect -- it expires too quickly for what you're trying to do I think. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Even if you win the rat race, you are still a rat... -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Problem with ActionResolver.Packages configuration
On 08-02-2010 at 04:30, Sindu R wrote:
> Sindu R writes:
> >
> > I have just started evaluating Stripes for a project and started with the
> > Calculator example in the Quick start guide.
> > I am facing an issue though.
> >
> > When the param-value for ActionResolver.Packages is set to
> > net.sourceforge.stripes.examples, I see logs such as
> >
> > Wiring path /examples/quickstart/Calclator.action to
> > net.sourceforge.stripes.examples.quickstart.CalculatorActionBea
> > @ /examples/quickstart/Calculator.action
> >
> > in the log. However, once the param-value is changed to something else such
> as
> > com.sourceforge.stripes.examples with corresponding changes in the jsp and
> > ActionBean, I get an ActionBeanNotFoundException exception when the jsp is
> > submitted.
Yes: the package name is used to resolve the classes that can handle
requests. They are translated into the URL's that will be handled by Stripes.
How can be found on the website and in the book "Stripes... and web
development is fun again" by Freddy Daoud.
Your change modified the package where these classes are into something else.
As a result, no URL is mapped, and Stripes no longer can find the code. Hence
the exception. This is visible from the absence of a log line like:
> > Wiring path /examples/quickstart/Calclator.action to
> > net.sourceforge.stripes.examples.quickstart.CalculatorActionBea
> > @ /examples/quickstart/Calculator.action
This actually says there is a class name
net.sourceforge.stripes.examples.quickstart.CalculatorActionBean.
So if you change the prefix "net" into "com", this class can no longer be
found.
But as you may have noticed, the name "ActionResolver.Packages" is plural.
You can make it a comma separated list (even with extra whitespace for
readability:
ActionResolver.Packages
net.sourceforge.stripes.examples,
com.sourceforge.stripes.examples
Oscar
--
,-_
/() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
(__ (
=/ () QED - Quite Easily Done
--
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and Components
On 04-02-2010 at 12:25, farouk alhassan wrote: > However, I am increasingly duplicating my form fields in a lot of places > and just changing the name and id attributes. > I therefore need to define my form feilds in some way that I can reuse > them. I was thinking there is a framework somehere that I can use. For this problem I usually resort to JSP 2.0 tag files: I put snippets of a JSP file (e.g. two table cells, one with a label and the other with an input field) in a .tag file. This I can then reuse all over my app. Maybe I misread your intent: when seeing a term like "component rendering framework", I think of something heavier. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( The haves and the have-nots can often be traced back to the =/ () dids and the did-nots. signature.asc Description: Digital signature -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and Components
On 04-02-2010 at 11:47, farouk alhassan wrote: > Is it possible to use a component rendering framework with stripes so I > can reuse predefined components? In short: yes. Longer answer: You're combining an action based framework (Stripes) with a component rendering framework. This means you should know what request attributes the component framework requires to render the components, and what the resulting input form fields (and resulting request parameters) will be. Knowing this, you can let it play nice with Stripes. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Inequality is the inevitable consequence of liberty. =/ () -- Salvador De Madariaga - "Anarchy or Hierarchy" (1937) signature.asc Description: Digital signature -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] how to get the current locale
On 02-02-2010 at 20:31, John wrote:
> I want to ask whether it is possible to get the current locale in stripes
> in an actionbean and in a jsp. My locale picker in the stripes extension
> package only allows a choice between two locales which are both mentioned
> in web.xml and they are "en" and "fr". I want to know if I can get the
> selected locale from an actionbean and a jsp page.
The selected Locale is set on the response and in the ActionBeanContext.
You get get at it like this:
- ActionBean: getContext().getLocale()
- JSP: ${response.locale}
Oscar
--
,-_
/() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
(__ (
=/ () Don't let your boss fuck you; that's anti-capitalist.
--
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes Request Lifecycle
On 02-02-2010 at 10:50, Freddy Daoud wrote: > Hi Arnab, > > > I my application I have created a Class called BaseAction which extends > > ActionBean. All my Action classes extends this BaseAction. So will the > > BaseAction will also get instantiated with every request? > > Yes, that is correct. To extend on this, BaseAction will be instantiated as part of the instances of your subclasses. This is because of inheritance. Only if you specify this BaseAction as ActionBean for a URL will it be instantiated directly. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( A: Because people normally read from top to bottom. =/ () Q: Why is top-posting such a bad thing? -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Thread Safe Action Beans
On 01-02-2010 at 09:41, jeffrey.d.k...@wellsfargo.com wrote: > Sorry if this is covered elsewhere, I tried searching around without much > luck so... > > Since Stripes ActionBeans have getters/setters for the request params, and > if we want to get at the resulting DAO object in the ForwardResolution JSP, > we also need getter/setter for that object in the Action as well, then > there cannot be thread safety it seems, under load. ActionBean instances are not threadsafe. You've already identified the cause: the request parameters are bound to the ActionBean instances. The result is that each ActionBean instane is tied to the request it handles. Currently, Stripes instantiates an ActionBean for each request. Note that it is possible to pool ActionBean instances; this is just not the current implementation. > Using JMeter I get multiple threads(users) calling common Stripes Action > Beans with different values in the request parameters. Inspecting the XML > responses, which are created by the ForwardResolution JSP, it appears that > the data referenced with EL in the JSP, shows that the data belongs to > another thread and not the one that issued the request I am inspecting. [...] > I'm expecting I'm missing something obvious, but would like a little help > finding what that is. One of the mistakes I used to make is that I didn't log enough information to uniquely identify the context where my code was running. In your case, I'd ensure that each bit of information you collect is associated with the HTTP request and thread handling that request. It may provide more information than you have now. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Even if you win the rat race, you are still a rat... -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Validate Annotation and default value for maxlength
On 05-01-2010 at 10:40, Richard Hauswald wrote: > Hello list, > would it be better to default this value to 255 ? This is what most > databases are doing. I'm asking this question cause this might be a > entry point for DoS attacks in most applications. To avoid this, every > Validate annotation must be provided with the maxlength value 255 > which is not convention over configuration and will cost a lot of time > in a big project. For fields which needs to be longer the maxlength > value can be defined so this change would not limit the maxlength > generally. Well actually, in JBoss I actually see a default of 250: String properties are modeled as varchar(250) by default. Also, it is a good practice to have no default at all: it forces you to think about your data. Especially if it's going into a database, this is actually a good thing IMHO. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () DRM "manages access" in the same way that a jail "manages freedom". -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Proposal: @UrlBinding annotation that includes(sub)domain names
On 25-12-2009 at 10:52, KR wrote: > Currently the only way to implement sub domain URL's in Stripes seems to be > to use mod_rewrite to translate the incoming URL's. Problem with that > approach is that you loose the ability to let Stripes generate any links to > these actionbeans. Making you're coding more complex and error prone. It's > less elegant and less agile. You can indeed use mod_rewrite for that. But what I think you really want is a reverse proxy: the proxy acts as if it is the webapp host, but forwards the requests to the real server behind the scenes. So if the proxy server receives a request for http://customer1.mydomain.com/... It forwards it to the application server as: http://localhost:8080/customer1/... The proxy server must also rewrite any URL's in the response (also the HTML body) as were they generated for the proxy server. I use this virtual host setup for this: NameVirtualHost *:80 ServerName customer1.mydomain.com ProxyRequests off ProxyPass http://localhost:8080/customer1 ProxyPassReverse http://localhost:8080/customer1 # Use these if the context root also changes (needs mod_proxy_html) SetOutputFilter proxy-html # For versions prior to 3.1 #ProxyHTMLEnable On # For version 3.1 and later ProxyHTMLURLMap / /customer1/ You can find more information here: http://www.apachetutor.org/admin/reverseproxies Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( A: Because people normally read from top to bottom. =/ () Q: Why is top-posting such a bad thing? -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Size limit on file uploads
On 27-11-2009 at 18:52, Freddy Daoud wrote: > Indeed, it is the total size of the request data, including all > uploaded files, request parameters, request headers. This is a > limitation of the HTTP specification. Before processing a request, the > only information that’s available is the total size of the request > data. From a network transfer point of view, this makes most sense, as the upload limit is not meant as a validation (i.e. no file should be more than 10MB). It's to prevent a DoS, abuse of memory, ... . Unfortunately we have to translate this to terms a user understands. As a result, I usually report a megabyte less than the actual memory. I say the limit is 30MB while I configure 31MB. Enforcing a strict limit of 30MB can always be added as a validation. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( The haves and the have-nots can often be traced back to the =/ () dids and the did-nots. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes configuration: (internal/external) context name
On 16-11-2009 at 10:13, Stefanie Poeschl wrote: > I've got the following problem with a stripes application: > The application is running on a JBoss 5 under the context name "myApp". Its > working fine when calling the jboss directly like that: > http://localhost:8080/myApp/MyAction.action > Now I've installed an Apache Webserver and configured it like that: > ProxyPass /myApp ajp://localhost:8009/myApp/ > This is also working like a charm. > > But now my problem: > I want to install "myApp" on the Production-Server and run it under a > domain e.g. www.myApp.com (NOT www.myApp.com/myApp) The problem here is not Stripes, but your proxy. If you're using Apache (and from your syntax I'm assuming you do), you can make it work correctly like this: ProxyPass http://localhost:8080/myApp ProxyPassReverse http://localhost:8080/myApp SetOutputFilter proxy-html ProxyHTMLURLMap / /myApp/ At least this is how I set it up in a virtual host. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () DRM "manages access" in the same way that a jail "manages freedom". -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Form action on context root
On 30-10-2009 at 01:05, Annie Lane wrote:
> I'm currently working on my first stripes app. This is what I want:
>
> When a user goes to my site e.g. http://mysite.com/ I want there to be a
> form on that page where they can enter some information and press 'submit'.
[...]
> I'n my web.xml I'm using the DynamicMappingFilter, configured like this:
[...]
> and the action that the page will execute on form submission is below. My
> problem is that my shorten() method doesn't seem to be gettting called. If I
> change the @UrlBinding("/") to (for example) @UrlBinding("/moo") it works
> fine. I don't want moo to be in my URL though... Can anyone help me out
> here? I feel like I'm missing something important and obvious but I've been
> staring at this too long to figure it out. Thanks for any help.
>
> @UrlBinding("/")
> public class CreateTinyURLActionBean implements ActionBean {
[...]
The problem here is that:
a) a binding must start with a '/'
b) any binding ending in '/' is mapped as prefix
So the binding @UrlBinding("/") ensures that any request that cannot be
mapped elsewhere is mapped to CreateTinyURLActionBean. Not what you want.
Incidentally, this exact situation is what prompted me to report this:
http://www.stripesframework.org/jira/browse/STS-688
A solution has not been decided upon yet.
Oscar
--
,-_
/() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
(__ (
=/ () Even if you win the rat race, you are still a rat...
--
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Mapping to the context root
On 19-10-2009 at 10:00, Stephen Nelson wrote: > > That's not ideal as I would like to capture 404s. Maybe I should just > have an index.jsp to redirect to /home or something like that? My personal preference is to use /home as a welcome file (Tomcat supports this; I don't know about other application servers). Others have mentioned alternatives, as you'll have read. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Don't let your boss fuck you; that's anti-capitalist. -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Mapping to the context root
On 18-10-2009 at 17:39, Freddy Daoud wrote:
> Hi Stephen,
>
> You can do this:
>
> @UrlBinding("/")
> public class YourActionBean implements ActionBean {
> @DefaultHandler
> public Resolution something() {
> ...
> }
> }
>
> Hope that helps. Sorry for the quick minimal answer but I'm short on
> time, let me know if you need more details.
Alas, that surfaces a feature/bug in Stripes in that if you have these
mappings:
/
/search
/profile
In this case, /searchfoo will also yield the page for /.
This is an undecided point, and listed in issue
http://www.stripesframework.org/jira/browse/STS-688
Oscar
--
,-_
/() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
(__ (
=/ () DRM "manages access" in the same way that a jail "manages freedom".
--
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Improving startup time
On 16-10-2009 at 22:04, nclemeur wrote: > > Currently, my startup time is around 5-6 secs. > So anyone would know of any tricks to try to reduce that startup time? One idea is to reduce classpath scanning as much as possible. So instead of automatically discovering your extensions, you can explicitly name them in the configuration of your StripesFilter. Then, set ActionResolver.Packages to the package containing your action beans, and ensure that there is only one location for this package. Assuming you've already tweaked your initialization code for lazy initialization and caching, I don't think there's much more to do. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Inequality is the inevitable consequence of liberty. =/ () -- Salvador De Madariaga - "Anarchy or Hierarchy" (1937) -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Rewrite using Stripes
On 08-10-2009 at 15:53, Steve Miller wrote:
> We currently have a bunch of code that uses plain old servlets that
> forward to JSPs. The JSPs use JSTL to access a lot of variables. For
> the view only jsps, would you recommend adding setters in the
> subclassed ActionBeanContext (such as setRequestAttribute()) so I can
> set these variables. Or is it better to create getters on the
> ActionBean for each variable and change all the jstl to
> ${actionBean.myvar1} from ${myvar1}.
The first option is best for values that need to be available on all pages.
The second option is best for values that need to be available on that page
only.
Oscar
--
,-_
/() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
(__ (
=/ () Don't let your boss fuck you; that's anti-capitalist.
--
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Locale Picker and request interceptor
On 24-09-2009 at 16:45, Lionel wrote: > Hi all ! > > I would like to set the user locale as a thread local variable from an > interceptor (based on the user account) and get this value from a custom > LocalePicker. > But it seems that the LocalePicker.getLocale() is called before > interceptors. > Is there some way to configurer the execution order to have muy interceptor > called before the LocalePicker ? No. But you can do the following: 1. Create a custom ActionBeanContext that retreives the user account information based on either request.getUserPrincipal(), other request data, or the session. Put your variable in a request attribute. Configure the StripesFilter to use this class directly or put it in an extension package. 2. Create a custom LocalePicker (subclass the DefaultLocalePicker for example). It get's the request, so you can access your variable to determine the locale to use. Configuration is analogous to point 1. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () DRM "manages access" in the same way that a jail "manages freedom". -- Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] why use @Before ?
On 23-09-2009 at 09:03, Brandon Atkinson wrote: > [...], I would suggest using @Before when > you need to initialize data for an operation. Use @After when you need to > do some clean up following an operation. > > There are, of course, exceptions. This is a good and general rule of thumb when dealing with "before" and "after". Exceptions are (in my experience) rare. If you do encounter such an exception, you'll find "odd" misbehavior. You can then read up on the life cycle and/or ask on a forum. Oscar -- ,-_ /() ) Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Freedom is a willingness to accept consequences. -- Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Trying to do UrlBinding("/")... somehow :-)
On 10-09-2009 at 21:47, Grzegorz Krugły wrote:
> Newman, John W pisze:
> > We have this working in jboss using the DynamicMappingFilter. See
> > http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/controller/DynamicMappingFilter.html
> >
>
> I'm already using DynamicMappingFilter. My web.xml is virtually the same
> as You've mentioned.
>
> If I bind to /home and go to http://mydomain.tld/home - it works. If I
> bind to / and go to http://mydomain.tld/ - all I get is a directory
> listing from Glassfish.
>
> Should following action just work at / URL? Could it be the problem with
> Glassfish or maybe I should put something to application.xml (I deploy
> inside an EAR)? I already deploy my webapp to /
It should. At least, I have it working that way.
There is one thing to take into account though: when you bind an ActionBean
to "/", any non-existing url/binding will be redirected there as well. You
can get the non-existing part of the URL by binding the ActionBean to
e.g. "/{text}" instead though.
Also see http://www.stripesframework.org/jira/browse/STS-688
Oscar
--
,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( Progress is made by lazy men looking for easier ways to do things.
=/ () -- Robert Heinlein
signature.asc
Description: Digital signature
--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] ForwardResolution does not go to right target
On 19-08-2009 at 03:43, Gerardo Corro wrote: > > Thnaks for your email, however in Tomcat you can do this: > > server-side redirects on Tomcat: > > in META-INF/context.xml > > > then: > > ServletContext newContext = > getServletContext().getContext(fooContext); > RequestDispatcher requestDispatcher = > newContext.getRequestDispatcher(fooResource); > requestDispatcher.forward(req, res); > > > Is there a way to trick Stripes with something like the lines above? Yes, by implementing a subclass of ForwardResolution that does exactly this. You'll want to override the method execute(HttpServletRequest, HttpServletResponse) to use three lines above. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( A: Because people normally read from top to bottom. =/ () Q: Why is top-posting such a bad thing? signature.asc Description: Digital signature -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] include a JSP template based on locale
On 07-08-2009 at 17:36, Mike McNally wrote:
> One could write an action that'd find the right .jsp file. This is
> something I'll be needing to do some time soon, but I'm not 100% sure
> how to approach it yet. One thing I've thought of is to (somehow; may
> or may not be possible) have the top of the .jsp tree in the CLASSPATH
> for the web app code. Then the "help" action (or any other
> locale-finding action) can poke around using "getResource" to see what
> .jsp files are actually available. When it finds one, it can return an
> appropriate forward resolution.
When you need to build for and support multiple locales, you'll certainly
have a requirement that states that all translations must be complete.
Use this to your advantage: it also means you may safely assume the
localized JSP page will be there as well.
As a result, you can do this:
Locale locale = getContext().getResponse().getLocale();
return new ForwardResolution("/WEB-INF/jsp/" + locale.getLanguage() +
"/help.jsp");
Having JSP pages in the classpath is not needed. In fact, I've come across a
situation where I wanted to have a JSP page available via the ServiceLoader
mechanism (i.e. via the classpath). But since there is no possibility to
execute the JSP page in code (not in a app.server independent way at least),
I've had to abanbon that approach in favor of a series of taglibs with an
informally required (but ѕadly not fixed) API..
Oscar
--
,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( I love deadlines. I like the whooshing sound they make as they fly
=/ () by. -- Douglas Adams
signature.asc
Description: Digital signature
--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Implementing a 'keep me logged in' feature
On 09-06-2009 at 10:53, Joao Azevedo wrote: > How can I define the session expiration time? In web.xml: 30 The 30 here means 30 minutes. -1 means "no timeout". Oscar -- ,-_ /() ) Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Don't let your boss fuck you; that's anti-capitalist. -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Implementing a 'keep me logged in' feature
On 09-06-2009 at 09:15, DaveMark wrote: > > Hi Joao, > > Re: > > > I'm looking for ways to implement a keep me > > logged in feature on a Stripes application > > Why not just stick the user in the session? You can have the user login > however you like, and get the user from the database for eg. If the user in > the session is null, you redirect to the login page. Combine that with a session that never expires, and I think you have what you want. Oscar -- ,-_ /() ) Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Don't let your boss fuck you; that's anti-capitalist. -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Multiple Resource Bundles - User Additions
Hi Dave, A few remarks on your implementation for multiple resource bundles. First though, it looks like a complete solution to access multiple resource bundles. Well done. Still, I think there is room for two improvements: 1. Why use a custom Confoguration, when your LocalizationBundleFactory can also implement ConfigurableComponent? This also allows you to initialize the resource bundles. 2. Have a look at StripesStuff (http://www.stripes-stuff.org/): it has a localization plugin that allows you to make all resource bundles available via your LocalizationBundleFactory class, instead of just the resource bundles for fields and errors. Oscar -- ,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( The haves and the have-nots can often be traced back to the =/ () dids and the did-nots. -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] stripes:link event param
On 06-06-2009 at 21:07, AKahn wrote:
[...]
> AddItemFormActionBean.java (Alternate)
> ==
> public Resolution view() {
> // common biz logic here...
> return new ForwardResolution(ITEM_FORM);
> }
>
> public void itemFound() {
> // minor, un-common biz logic here...
> this.view();
> }
>
> public void itemLost() {
> // minor, un-common biz logic here...
> this.view();
> }
> Is this by design, and if so, why?
Yes, because it's the Resolution object that tells Stripes what page to
display next.
> Also, is there an alternate method I should be considering to achieve the
> functionality in the 2nd, alternative approach?
Yes: in order to have the methods itemFound and itemLost work like an event
handler, you don't want to throw away the result of view(). Hence, do
something like this:
AddItemFormActionBean.java (Alternate)
==
public Resolution view() {
// common biz logic here...
return new ForwardResolution(ITEM_FORM);
}
public Resolution itemFound() {
// minor, un-common biz logic here...
return this.view();
}
public Resolution itemLost() {
// minor, un-common biz logic here...
return this.view();
}
Oscar
--
,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( Progress is made by lazy men looking for easier ways to do things.
=/ () -- Robert Heinlein
--
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] File download Blocked in IE
On 27-05-2009 at 01:58, arnab_ghosh wrote: > In firefox the disposition window is generated with no problems. In IE the > file-download is blocked by IE security setting. A yellow bar drops down, > saying "To help protect your security, IE blocked this site from downloading > files to your computer. click here for options" > > Now if I click on the bar and select option "download file" the page > refreshes but the content disposition window is not generated. > > To download again I have to again click on the button second time. This > times it generates the disposition window. In my experience, this is a bug in IE which the vendor (Microsoft) won't fix. The cause: selecting the action in the yellow bar refreshesthe page with the new security settings, but does not refresh the actual (download) link that triggered it. Your best bet is to work around it by displaying a download page, with a message like "Thank you for downloading. The download should start automatically. If not, you can [start it manually here]". The bit between square brackets is then the download link, which is also added to the page header in a meta tag like this: Oscar -- ,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Progress is made by lazy men looking for easier ways to do things. =/ () -- Robert Heinlein -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Killing old Sessions on 2nd log-in
On 26-05-2009 at 16:48, Jamie wrote: > I'm trying to figure out a way kill a user's first active session when > they log in a second time from another computer. Has anyone done > anything like this in the past? Is it possible to kill a session given a > session id? Maybe I'm looking in the wrong place; is this problem > outside the scope of what Stripes is meant to do? This is outside the scope of Stripes, but can be solved inѕide. What you need is to store the user's last session id somewhere upon login. For each request, you check the session id against that. If it differs, you invalidate the session (this logs the user out for all but Websphere's application server). Then, you can forward the user to an explanatory page. For the login part, you'll probably need to write a JAAS LoginModule. The second part can be done in a filter or in an Interceptor. Oscar -- ,-_ /() ) Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Don't let your boss fuck you; that's anti-capitalist. -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] synchronizing on the session
On 25-05-2009 at 15:18, Michael Day wrote: > On May 25, 2009, at 3:07 PM, Oscar Westra van Holthe - Kind wrote: > > >> I'm already doing exactly as you said (skip processing and redirect > >> to > >> result page immediately) in my submit handler by looking at the > >> status > >> of the order. If the status is Submitted, I'm just showing the > >> result > >> page. But for this to work properly, I have to obtain a pessimistic > >> lock on the order at the beginning of the request. > > > > Or, update the order status in a transaction first, and then process > > the > > order in a second transaction afterwards. Especially with a > > transaction > > isolation of "serializable", this will ensure a second request can > > only read > > the updated order status. > > Hmmm. I think this is still problematic. The second request would > see the "submitted" status on the order, so it would bypass the > processing and show the result page. This could happen before the > first request finished all of its work. The result page wouldn't have > the correct information. True. That's why I suggested earlier to use the flash scope: set a flag or something to trigger the inclusion of a tag: Since the flash scope is short lived, it would temporarily cause the page to refresh after a short delay (3 seconds in this example). This automatically updates the view to the then current situation. So far I've encountered only one situation yet where this is not sufficient: streaming price data on stock/bonds/options (this was a financial training simulation). Oscar -- ,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Clearly the Bush Presidency was divine punishment for the sinful =/ () ways of the USA and the West that tagged along. -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] synchronizing on the session
On 25-05-2009 at 14:41, Michael Day wrote: > One of my use cases is order checkout. The last thing I want to do is > show an error page to the user, even if they are dumb enough to submit > twice. I can sympathise with that: even an application message (not an error) can be imtimidatng here. > How do you recognize the second submission? Are you using a hidden > token in the form? Just checking whether the same action is called > twice in a certain period of time isn't robust enough. Sometimes > ActionBean execution could take longer than a few seconds. One way is to always show a details page before an action. Then, displaying the details page would add a token to the session and in a hidden field. Upon submit, you check if the token is available in the session. If so, remove it and process the request. If not, the request is already (being) processed. > I'm already doing exactly as you said (skip processing and redirect to > result page immediately) in my submit handler by looking at the status > of the order. If the status is Submitted, I'm just showing the result > page. But for this to work properly, I have to obtain a pessimistic > lock on the order at the beginning of the request. Or, update the order status in a transaction first, and then process the order in a second transaction afterwards. Especially with a transaction isolation of "serializable", this will ensure a second request can only read the updated order status. > I'm curious how amazon handles this. I tried double-submitting some > forms on their site, but it seems like they either somehow abort all > but the last request or have a filter that caches the first submission > and shows it on subsequent requests. I'm not sure how they would have > a filter, though, because there is no hidden token in the form. Instead of a token, you can also hash the request. This would eliminate the need to send a token to the browser. Add to that that the hash would also include the session (with data like the last page view for an ActionBean), and duplicate requests will have identical hashes. Oscar -- ,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Clearly the Bush Presidency was divine punishment for the sinful =/ () ways of the USA and the West that tagged along. -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] synchronizing on the session
On 25-05-2009 at 19:09, Richard Hauswald wrote: > You could track the calls to site with an interceptor, storing the > last requested page and access time in the session. If the same action > bean is called twice within 1 second, return a ForwardResolution to a > page explaing that the user should not double klick. I would not > synchronize access to the session before I have fully understood the > the issue und can think of all possible problems... Multithreading is > a very complex topic and relating to web apps most people try to avoid > synchronized access to a resource. Personally I would discard users > who disabled java script and solve the problem using js. I second that. Your best bet is to recognize a second call. You may then abort the request and explain the situation (as described by Richard). Personally, I prefer to extend the post-redirect-get pattern by skipping the action and redirecting to the result page immediately. You can then also use the flash scope to display a message, or even add a (temporary) meta tag to reload the page after a few seconds (the reloaded page doesn't contain that meta tag). Oscar -- ,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Inequality is the inevitable consequence of liberty. =/ () -- Salvador De Madariaga - "Anarchy or Hierarchy" (1937) -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] [stripes-users] synchronized Resolution ?
On 25-05-2009 at 15:13, Laurent Perez wrote: > Hi > > I'm trying to figure out an error "randomly" repeating itself on a > production system, which I can't reproduce locally. Stripes version is > 1.5. > > I believe this may be linked to concurrency issues, however, I'm not > sure if this could happen : are ActionBean expected to be thread-safe > ? By thread-safe, I mean can I run into unexpected problems whenever > two different browsers hit the same method of an ActionBean ? Is the > ActionBeanContext safe, too ? I'm not certain about the ActionBeanContext, but ActionBean instances are created per request and hence are thread-safe to the moment. There is not specific design for this though, so if I have any choice at all I'd design my ActionBean classes to be thread-safe. Oscar -- ,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Trying to child-proof the world makes us neglect the more important =/ () task of world-proofing the child. -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] synchronizing on the session
On 25-05-2009 at 12:13, Michael Day wrote:
> I would like to prevent optimistic locking exceptions when a user
> double-clicks a link or double-submits a form. Is there anything
> wrong with accomplishing this by synchronizing the HTTP session in my
> ActionBean as shown below?
>
> public Resolution execute() {
> synchronized (getContext().getRequest().getSession()) {
> ...
> }
> }
Double-clicking would not cause a problem, as it's still a single action.
However, it is possible that a users is just a tad too slow to double-click:
the browser then sees it as two single-clicks, and submits the form twice.
Personally, I've solved this with a bit of javascript in the onsubmit
attribute of the form, and a bit of page-wide javascript (it can be made
form-specific):
var alreadySybmitted = false;
function maySubmit()
{
var result = !alreadySybmitted;
alreadySybmitted = true;
return result;
}
...
>
>
> --
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals. Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://www.creativitycat.com
> ___
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
--
,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( A: Because people normally read from top to bottom.
=/ () Q: Why is top-posting such a bad thing?
--
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] init on app startup (ibatis) (equivalent of struts1 plugin)
On 21-05-2009 at 12:48, Freddy Daoud wrote: > > If you're missing something "Stripesy" then that makes two of us. > > > > I would simply do this either with a ServletContextListener, or a > > simply a Servlets init method that has its Load On Startup parameter > > set. > > I agree that doing some initialization of iBATIS has little to do > with Stripes and putting that piece of code in a Servlet* init method > works and isn't difficult. > > Nevertheless, I think it would be nice to have a Stripes component > that is discovered by the extension packages mechanism and initialized > at startup. If you are already all set up for extension autodiscovery, > all you need to do is create one class with the init code inside it > and you're done, instead of having to do the ceremony of configuring > a servlet* artifact (and perhaps having to dust off the servlet spec > to remember exactly what you need to do). Just remember to implement the ConfigurableComponent interface as well; in addition to telling Stripes to have it initialize, it also serves to give you access to Stripes' functionality to help you. Especially if you also want to explicitly tell iBATIS how to handle transactions, it's a good idea to create a class that implements both Interceptor and ConfigurableComponent: the latter to initialize, and the former to handle the transactions. Oscar -- ,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( I love deadlines. I like the whooshing sound they make as they fly =/ () by. -- Douglas Adams -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Suggestions for leveraging enum through options-(collection|map)
On 19-05-2009 at 09:56, Stone, Timothy wrote: > Imagine the following enum... [...] > > Existing systems will process "resident status" based on the values of > [O,R,X] *not* [OWN,RENT,OTHER]. > > In looking at the J2SE options, using an EnumSet or EnumMap could allow > us to then use options-collection or options-map in the JSP. > > Is this acceptable, or is there something about options-enumeration that > could allow me to get at the value and label in the output? Using code from J2SE in favor of something else is, in by book, not only acceptable but even preferred. In my experience, the J2SE classes are both written well and perform well. On top of that, they are of a better quality than what I'm used to finding "in the field" when dealing with administrative systems. Oscar -- ,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Trying to child-proof the world makes us neglect the more important =/ () task of world-proofing the child. -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Securing Stripes With ACLs. Complied Jar file.
On 19-05-2009 at 12:04, phil darley wrote: > > I'm currently adding security to my stripes app using your solution > (http://www.stripesframework.org/display/stripes/Security+Interceptor+for+custom+authorization). > Is it possible to get a jar file conataining the complied classes, > only the source is available and there are some missing libraries > making the build fail. I've just updated the page as I've been meaning to; the version hosted separately is outdated. You should use the plugin as available in the StripesStuff library. To the best of my knowledge, that one is a correct build. > If a user tries to access an authorised actionbean and they are not in > the correct role, would it be possible to return them to the source > resolution with authorisation failed message as opposed to redirecting > them to a UnauthorizedResolutionURL? Yes. If you implement the interface SecurityHandler, you can decide what to do when authorization fails. Oscar -- ,-_ /() ) Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () QED - Quite Easily Done -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes ecncryption and one key per session
On 13-05-2009 at 17:26, Richard Hauswald wrote: > Hey Marcus, > You are definitely right. I took the wrong example. Here's a better one: > User A has the right to see the details of a customer named Harry with > the database id 5. Typically he clicks a link to the details page > which contains the encryped id value as paramter. The details page > takes an id as parameter, queries the database for the customer with > the given id and renders its details to html. The user details are > cached in the session for faster response time if user A requests this > customer again. Stripes encrypts the id 5 of customer Harry to > tqFUzKpKj6g=. User A copies this id into his clipboard because he is > very l33t :-). > Then the admin revokes his right to view the details of customer Harry > and forces User to relogin(so the cache gets cleared). User A won't > see the link to the details of customer Harry anymore. So the server > does not write out the id 5 anymore. Now the l33t User A takes another > details link and replaces the encrypted id with the one from his > clipboard. And he will see the details of customer Harry. No he won't, because the server checks if the id specified belongs to a customer he's allowed to see. Or at least I hope it does: security by obscurity never works reliably. The safest solution is not to encrypt anything going to the browser, but to verify everything coming from the browser. After all, never trust user input. And that includes normally hidden data. Encryption is still a good solution to prevent evesdropping and to prevent session hijacking. Oscar -- ,-_ /() ) Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () DRM "manages access" in the same way that a jail "manages freedom". -- The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes form in templates?
On 04-05-2009 at 18:45, Brown, Alex wrote: > Is this simply a limitation of the framework? Perhaps I will dig through the > code to see what is going on. It is a limitation of object-oriented programming combined with JSP's: tags are stand-alone components, and encapsulate whatever is inside. You cannot use it's internals, unless it explicitly exposes them. And even then, a tag can only expose (named) beans, not tags. Oscar -- ,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( Clearly the Bush Presidency was divine punishment for the sinful =/ () ways of the USA and the West that tagged along. -- The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] something that might be nice
On 30-04-2009 at 17:29, Mike McNally wrote: > It'd be kind-of neat if there were a utility that'd take an action > bean, possibly populated with parameter values, and produce a URL > string that would be interpreted by the action resolver such that it'd > populate the action bean the same way. [...] > > There's nothing that does that, right? I know I can get the binding > for a bean class from the resolver, but it's based on the bean class > and not a bean instance, right? The first place I'd look is the stripes:url tag. IIRC it handles parameters, which means it would do what you describe. > > > -- > Turtle, turtle, on the ground, > Pink and shiny, turn around. > > -- > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O'Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > ___ > Stripes-users mailing list > Stripes-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/stripes-users > -- ,-_ /() ) Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () QED - Quite Easily Done -- Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Re ading ErrorResolution message in jsp
On 24-04-2009 at 15:00, esemba wrote: > > Thanks Aaron, > sou you are suggesting to implement custom error resolution, which will add > an error message as request parameter? Note that in case of exceptions causing a 500 error page, there is a standard JSP variable called "exception" that has the exception. If handled by the container, it's also accessible as PageContext.getException() -- maybe it's accessible too when you add a resuest attribute "exception" yourself, but I really don't know. So you can add your own attribute. In that case a custom error resolution is best IMHO, because the message is consistently added to the same request attribute (people tend to forget sometimes). You can also force your message to go through the standard mechanism, by throwing an (uncaught) exception. The error page then displays the exception's message. Your choice will be between speed and convenience: - the custom error resolution is likely faster - if all uncaught exceptions have their message shown, you don't have to catch them all Oscar -- ,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( The haves and the have-nots can often be traced back to the =/ () dids and the did-nots. -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes 1.6 and Security questions
On 13-04-2009 at 02:34, Samuel Santos wrote:
> I use StripesSecurityFilter [2] since Stripes 1.4.2, but lately all I see
> about Stripes security is related to the SecurityInterceptor from
> Stripes-Stuff. By only looking at its page [3] it's not clear to me what the
> real advantages over the ACL solution are. Can someone enlighten me please?
When you're using role based security, there's no reason to switch.
The real advantage starts when you have instance based security, and you
don't want to create roles like "readAllDossiers", "readMyDossiers",
"readOrganizationDossiers", etc.
In the latter case, the security interceptor from Stripes-Stuff allows you to
implement any access control check you like, or use a spinoff from the J2EE
EJB security annotations, like this:
@RolesAllowed("manager", "employee if dossier.manager==currentUser")
Oscar
--
,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( No trees were killed in the creation of this message. However,
=/ () many electrons were terribly inconvenienced.
--
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Password Logging as plain text
On 15-04-2009 at 10:09, Stone, Timothy wrote:
> While I do not have a solution to pass along, I have suggestion based on
> what we use here: a field annotation.
>
> @Secure for example prints on the object's toString method the last four
> digits of an SSN.
>
> Conceivably, one could have a @PasswordSecure annotation on the field
> that simply masks the whole field with "*" in the log.
I see several problems with this. And it's not just from Richard's collected
wisdom ("I don't want to get in the business of trying to stop folks from
failing. It is way too much work and never pays off :D").
My gripeѕ:
1. Don't be patronizing to your users.
Example: a kitchen knife is used by far the most for benign purposes, i.e.
making food. Only in very few cases is it used to murder someone. Thus,
kitchen knives are not forbidden.
In the same spirit, trust your customers to handle their own
responsibilities. I.e., trust them to set the log level on production servers
to INFO or higher.
2. A secure application is auditable.
Not logging passwords is only the beginning. There is a lot of privacy
sensitive data that you may want to exclude from the log as well, such as
SSN's, medical information, financial information, etc.
But beware: due to legal requirements, many large systems absolutely MUST
be auditable. Especially for large organizations, and even more so for
banks and (semi) government organizations. Suppressing such log info with no
way to unsuppress it can cost you your job faster than you can say "sorry".
3. @Secure is a VERY bad name (minor/trivial issue).
Over time, I've seen an @Secure annotation used for:
- Encryption
- Access Controls
- Authentication
- Really, really ensuring information is kept, using redundancy
- Hiding log info, i.e. ensuring information is lost to all but one place
Obviously, the term "secure" has too many meanings.
Oscar
--
,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( I love deadlines. I like the whooshing sound they make as they fly
=/ () by. -- Douglas Adams
--
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes and Google App Engine
On 08-04-2009 at 13:30, Jakub Zverina wrote: > For some reason (I guess file uploads?) Stripes need a temporary directory > on the filesystem. That is a problem if the app is deployed to Google App > Engine, which does not support (RW) filesystem access. When application is > starting following exception is risen: [...] > Is there a way how to solve this? Somehow > replace DefaultMultipartWrapperFactory? Or maybe use ServletContext which > for javax.servlet.context.tempdir returns some directory which exists in the > environment? Thank you for any tips. I'm OK with application not being able > to upload files :) The solution is to create your own MultipartWrapper class, and configure it as per http://www.stripesframework.org/display/stripes/File+Uploads In your implementation, you can use Commons File Upload (link is on the page), with your own implementation of FileItemFactory. The default provided implementations all use the file system for all/large files, so you need to roll your own. Oscar -- ,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( I love deadlines. I like the whooshing sound they make as they fly =/ () by. -- Douglas Adams -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] java.lang.IllegalStateException: Cannot create a session after the response has been committed at org.apache.catalina.connector.Request.doGetSession(Request.java:2214 )
Hi Leonard, It seems to me the response object is used before you create a session. So some things to check are: - Where in the request handling is your security filter located? - When is the session accessed? After the call to doFilter()? To prevent this exception, ensure the session is created & added to the response before anything is written to the response. Preferably in the first filter, before the call to doFilter(). This way the cookie header with the JSESSIONID cookie is added before the response is written to, as writing to the response commits the response. Oscar -- ,-_ /() ) Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () QED - Quite Easily Done -- ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Reading a properties file
On 01-04-2009 at 01:09, AK wrote:
> On IRC I got the following suggestion for reading a properties file:
>
> URL aURL = getClass().getClassLoader().getResource("myApp.properties")
>
> The other suggestion I found online was:
>
> InputStream inStream = this.getClass().getClassLoader().getResourceAsStream
> ("myApp.properties");
>
> Is there a preference or advantage of one way over the other?
Assuming that you're reading a properties file (as opposed to a resource
bundle stored in properties files), I'd use the second option.
My reason: I can instantiate the Properties object, and call it's load(...)
method with the InputStream.
Oscar
--
,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( A: Because people normally read from top to bottom.
=/ () Q: Why is top-posting such a bad thing?
--
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] stripes:link tag and jsessionId
On 31-03-2009 at 20:29, marc wrote: > I am using a tag to create links to different actionBeans and > have a question. I want to get rid of the jsessionId param that gets put into > the url. AFAIK, this is not possible: every exisyting servlet container will add this parameter (as well as a Set-Cookie header) when the client doesn't send the JSESSIONID cookie along. This is specified in the servlet specification. The best you can do is write a filter that checks if the cookie is present. If not, you don't serve the requested page but one that asks the browser to go to the same URL. This page will have the JSESSIONID parameter attached, but when the browser goes to the same (clean) URL again, it also sends the cookie and you allow it to proceed as normal. So after the reload from the browser, there will not be a JSESSIONID in the URL. The downside of course is an endless loop when the browser doesn't support cookies -- whether it's an old browser or cookies are disabled is irrelevant. Oscar -- ,-_ /() ) Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () DRM "manages access" in the same way that a jail "manages freedom". -- ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Plus in Links
On 02-04-2009 at 09:36, Héctor López wrote: > This RFC says the opposite: > > http://www.rfc-editor.org/rfc/rfc1738.txt > > Although, truth to be told, later RFCs are a bit obscure about when to use > which encoding. Is there any RFC that specifically supersedes this one? I know that this RFC is updated by this one: http://www.ietf.org/rfc/rfc2396.txt Note however, that RFC 1738 is still valid. > Under my point of view, a link is not a form, and so, > "x-www-form-urlencoded" is not the proper way to encode a URL *in a link*. > > What do you think? A link in itself is not a form. However, a link can contain a query part, which can be constructed from form data. This is the way form submission works when the action is "GET" instead of "POST". As a reference, I use the HTML 4.01 specification at: http://www.w3.org/TR/REC-html40/interact/forms.html#h-17.13 In ѕection 17.13.3, processing form data, it says in step four: If the method is "get" and the action is an HTTP URI, the user agent takes the value of action, appends a `?' to it, then appends the form data set, encoded using the "application/x-www-form-urlencoded" content type. The user agent then traverses the link to this URI. In this scenario, form data are restricted to ASCII codes. And below that (17.13.4, form content types) says this about x-www-form-urlencoded: Control names and values are escaped. Space characters are replaced by `+', and then reserved characters are escaped as described in [RFC1738], section 2.2: Non-alphanumeric characters are replaced by `%HH', a percent sign and two hexadecimal digits representing the ASCII code of the character. Line breaks are represented as "CR LF" pairs (i.e., `%0D%0A'). Oscar -- ,-_ /() ) Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Don't let your boss fuck you; that's anti-capitalist. -- ___ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Plus in Links
On 30-03-2009 at 19:25, samyem wrote:
>
> if ${var} returns a string with space, it adds a + for the strings. Is there a
> way not to add those +? I would rather want it to replace the space with %20
> instead of a plus sign, which is breaking my application logic.
Altough you may not like it, the plus sign instead of %20 in a URL is the
correct way to encode it. I suggest you change your application logic to use
the URLDecoder others have mentioned, which will decode it correctly.
Oscar
--
,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( Progress is made by lazy men looking for easier ways to do things.
=/ () -- Robert Heinlein
--
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
Re: [Stripes-users] Stripes Security "now what" question
On 30-03-2009 at 21:08, Danny C wrote:
> Looking for a few quick pointers here :
>
> I've added the "stripe stuff" security package to my app without a problem and
> set the SecurityManager to
> org.stripesstuff.plugin.security.J2EESecurityManager.
> The thing bootstraps without a problem.
>
> So - "now what" :)
>
> Searching for servlet 2.4 J2EE security in google yields thousands of results.
> not that im lazy, but i'd love a few pointers here.
>
> My need to be able to secure my app through context authorization. How do i
> declare my "roles" for the container and where do i put them? I get (me
> thinks)
> how to use the @permitAll, etc annotations, but I'm missing something on the
> role part.
You need to ensure two things:
- authentication
- access controls
The Stripes security package handles the seconds part. You can annotate an
event handling method or class (i.e. "all" events in that class) with e.g.
@RolesAllowed({"user","manager"}) grant access to that/those event to users
that either have the role "user" or the role "manager".
The other half, authentication, you need to get right first though. These
links may prove helpful:
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
http://www.jboss.org/community/docs/DOC-12186
Oscar
--
,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( A: Because people normally read from top to bottom.
=/ () Q: Why is top-posting such a bad thing?
--
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
