AW: form:text has no attribute readonly
Sorry if my last mail sound rude. It wasn't meant so, sorry If somebody knows why form:text / has no attribute "readonly" please let me know. Thanks Andre -Ursprüngliche Nachricht- Von: Andre Wittenburg [SMTP:[EMAIL PROTECTED]] Gesendet am: Donnerstag, 21. Dezember 2000 10:17 An: [EMAIL PROTECTED] Betreff: form:text has no attribute readonly Hi! Why does the form:text.../ tag has no attribute "readonly". In HTML 4.01 a attribute "readonly" is specified for input fields of the types "text" and "password". Andre bta: form:password.../ should also be extended
List web site - was RE: A great Shockwave flash movie
Yep, this should be done somehow. There are obviously a bunch of us writing extra functionality for struts which would probably be useful to others, but is not appearing in the struts source. I suggest we have some kind of per person logon, and that person can control only the files they upload. Some decent categorization and a dependancy list would be needed. Sound like an idea structure to use broadvision, sorry, struts :-) This is not to compete with the struts development, but give a space for useful stuff that we are otherwise posting to the list. In many ways it could be thought of a staging ground for new code before it gets snaffled into the struts source. (BTW, sorry about my 0 byte post everybody, we had firewall problems here yesterday. I didn't even know that either of the messages had made it) Regards Ned From: Dan Cancro [EMAIL PROTECTED] What if you don't have a public web or ftp site? What about archived messages? A lot of attachments are source code for things that you don't need at the moment, but will sometime later. Will posters need to keep their attachments and ftp/web sites available forever? _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Re: A great Shockwave flash movie
Sounds like something that should be in a list FAQ. Kind of like the archive address... hmmm --Angus Michael Westbay wrote: Reddin-san wrote: I agree. Just filter for viruses or certain types of attachments. Like annoying HTML repeats of what is in the text messages, usually 2 to 3 times as large (one message was 35 times as large as the plain text version - lots of "nbsp;"s for a table). But then, if one person sends mail in HTML format, all Outlook users who reply, even with HTML turned off, send in HTML format. I'd better stop here before starting a flame war. -- Michael Westbay Work: Beacon-IT http://www.beacon-it.co.jp/ Home: http://www.seaple.icc.ne.jp/~westbay Commentary: http://www.japanesebaseball.com/
Re: struts-user list spammed - RE: Improve your stepfamily life
It usually works to not allow posts from people who aren't subscribed. --Angus Somdeth Souvanlasy wrote: Looks like the some bastard added the struts-user mail list address to a spam database. If you look at the internet mail headers, it hit the struts-user list from the following computer ... Received: from zqn43X17V (1Cust124.tnt21.lax3.da.uu.net [63.28.123.124]) by sem_mail.smkb.ac.il with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0) ... Is there a way to remove the [EMAIL PROTECTED] address from this list ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, 21 December 2000 2:30 PM Subject: Improve your stepfamily life Does your stepfamily life resemble a soap opera more than it does the Brady Bunch? The Stepfamily Association of America invites you to participate in THE NATIONAL CONFERENCE FOR STEPFAMILIES, Feb. 23-24, 2001, at the New Orleans Marriott Hotel. This is an opportunity, designed by knowledgeable professionals, in stepfamilies themselves, to help you: * Make your remarriage a success * Create bonds with your stepchildren * Help your children adjust emotionally * Manage money matters unique to your family * Get more help from legal, financial, psychological advisors * Overcome stepfather and stepmother stereotypes * Elicit cooperation from your children's schools * Bring more harmony into family life Complete conference details at http://www.edupr.com REGISTER ONLINE! Attend, and also enjoy Mardi Gras week in New Orleans! Special discounts for couples, students, groups. HOTEL IS BOOKING UP FAST. ACT NOW BEFORE ROOM BLOCK AND AIRLINE SEATS FILL Special rates for conference attendees. Visit http://www.edupr.com for discounts. Childcare available through a bonded local service. Up to 17 professional development credits available if you are an educator, clinician, financial planner, social worker. Questions? Email [EMAIL PROTECTED] If you would like to be removed, please email us back with the word "Remove" in the subject line. We apologize for any inconvenience.
Re: A great Shockwave flash movie
On 12/22/2000 at 9:17 AM Angus Mezick wrote: Sounds like something that should be in a list FAQ. Kind of like the archive address... hmmm It would be nice to have a FAQ ;-) ... or a mailing list page that cited an archive ... I'm ready to post to a FAQ if it shows up on Jakarta (and someone fixed the FAQ-o-matic so you could actually logon; several messages to root pending about this). -- Ted Husted, Husted dot Com, Fairport NY USA. -- Custom Software ~ Technical Services. -- Tel 716 425-0252; Fax 716 223-2506. -- http://www.husted.com/
if/elseif tag?
Title: if/elseif tag? Are there any tags in the struts library (or do you know of any anywhere) which allow an if elseif elseif . . . end if type of construct? - Mike Campbell email: [EMAIL PROTECTED] S1 Corporation voice: 678-421-4641 Software Engineer fax: 678-421-4865 RD Department web: www.s1.com -
Proposal: Tokens and Events Guard Against Form Resubmission
ABSTRACT
It's easy for Web application users to inadvertently resubmit forms
with bookmarks or the reload and back buttons. Because of this potential
for mischief, web applications must guard against resubmission of sensitive
forms. This document proposes using the delegation event model and tokens
to restrict access to sensitive pages.
Note: This proposal depends on action events as proposed in 'Proposal:
Retrofit Struts with the Delegation Event Model'.
CREDITS
'Command Token Implementation', posted to struts-dev by
Robert Leland
Struts Web Application Safety' on struts-dev, by Craig
McClanahan
'What about This Model?', posted to struts-user by Dan
Cancro
Web Development with JavaServer Pages, by Kolb and Fields,
p 270
INTRODUCTION
Web browsers were designed for browsing the Web, not for applications.
Some browser features, such as the back button, reload button, and bookmarks,
are difficult for web applications to deal with because they disrupt the
normal flow of an application. This proposal shows how to trap those browser
features in Struts using the delegation event model and tokens.
THE PROBLEM
Consider the following sequence of actions, as Timothy creates a new
account. First, Timothy tries to login, but since he does not have an account,
he's forwarded to the Login Failed page:
Figure 1. The Login Failed Page
Timothy clicks on the open new account link and is forwarded to this
page:
Figure 2. The Open New Account Page
Timothy fills in the form shown in Figure 2, clicks the create
account button, and is forwarded to the login page:
Figure 3. The Login Page
At this point, Timothy's account has been created and he can login,
but what if he reloads the page instead? Or what if he hits the back button,
and then clicks on the create account button without changing the form's
data? In both cases, a duplicate request will be sent to the new-account-action.
That action might detect the duplicate, but it's a lot to ask all actions
to test for duplicate submissions. Let's see how Struts can trap such illicit
access at a higher level.
TRAPPING ILLICIT ACCESS WITH STRUTS
WHAT IT DOES
Guard against sensitive form resubmission. If a sensitive form is resubmitted,
Struts throws an exception.
HOW IT'S IMPLEMENTED
Trapping illicit access is implemented in this proposal with tokens,
as described by Fields and Kolb (see credits). Here's how it works:
From the discussion above, it's apparent that some actions, such as
new-account-action.do, are sensitive to access by the back button, the
reload button, or bookmarks. In addition to sensitive actions, we will
also speak of sensitive forms, which are forms that forward to sensitive
actions; for example, the form shown in Figure 2 is a sensitive form.
When Struts performs an action with a sensitive form, the following
sequence of events takes place:
1. The action's perform method is invoked.
2. A token (a unique string) is stored in the session, and a copy of
that token is stored in request scope.
3. When the sensitive form is submitted, the token in request scope
stows away in the form as a hidden form variable.*
Before the corresponding sensitive action is performed by Struts:
1. The token, stored as a hidden form parameter, is compared to the
token in the session.
2. Iff the tokens match, the sensitive action is performed; otherwise,
an exception is thrown.
* The original token stored in request scope in step #2 is lost when
the sensitive form is submitted, because that submission results in a new
request. That's why the token is stored in a hidden form parameter.
HOW YOU USE IT
Protecting pages with sensitive actions is a three-step process:
1. Specify sensitive='true' in struts-config.xml for sensitive actions;
for example, for the new-account-action:
action path='/new-account-action' ... sensitive='true'
...> ... /action>
2. Specify hasSensitiveForms='true' in struts-config.xml for actions
that have sensitive forms; for example, for the query-account-action:
action path='/query-account-action' ... hasSensitiveForms='true'
...> ... /action>
3. Add a hidden field to each sensitive form. That field's value is
obtained from the "token" request attribute, like this:
%@ taglib uri='/WEB-INF/struts-bean.tld' prefix='bean'
%>
...
bean:token/>
Or, alternatively:
input type='hidden' value='%= request.getAttribute("token")
%>'/>
THE CODE
Two new classes--Token and SensitiveActionListener--and a custom tag,
bean:token>, are added to Struts and minor modifications are made to
Action.java and ActionServlet.java. The Token class, which maintains a
unique, ecrypted string, is listed below:
public class Token {
private String token;
public Token(HttpServletRequest req) throws ServletException
{
HttpSession session = req.getSession(true);
long systime = System.currentTimeMillis();
byte[] time = new Long(systime).toString().getBytes();
byte[] id = session.getId().getBytes();
try {
MessageDigest md5
= MessageDigest.getInstance("MD5");
md5.update(id);
logic:iterate -
Hi,
I'm trying to use the logic:iterate tag within my struts-based
application. I'm not having any luck getting it to work. Its probably due
to pilot error, but I'm now so confused that I need help from the list.
Here's the code:
logic:iterate id="firms"
collection="%=((AdminUser)session.getAttribute("AdminUser")).getFirms()%"
type="cofiniti.base.firm.BrokerageSummary"
libean:write name="firms" property="name" filter="true"//h4
/logic:iterate
My problem seems to be with the "id" value. I keep getting errors like
this:
javax.servlet.jsp.JspException: No bean found for attribute key firms
I've tried using BrokerageSummary as the id (I've page imported the class
into the jsp) and get a similar error. Where does my stupidity lie? I'm
just not "getting it".
As an aside, I did get the orion iterate tag to work using this code:
util:iterate id="firmx" type="cofiniti.base.firm.BrokerageSummary"
collection="%=((AdminUser)session.getAttribute("AdminUser")).getFirms()%"
lijsp:getProperty name="firmx" property="name"/
/util:iterate
I'm using the struts binary from 12/15.
Thanks,
Denis Hanson
Re: if/elseif tag?
On 12/22/2000 at 4:22 PM Mike Campbell wrote: As luck would have it, that book arrived at my door just last night, so I'll be checking that out over the holidays. It's a good read, you'll enjoy it. I just finished a quick skim of Core JSP (1st edition), but haven't quite decided about it. There's a healthy amount of hard information, but the writing is choppy. But I guess that comes with being a 1st edition. No question about Marty Hall's though. A definite keeper. *** REPLY SEPARATOR *** "TH" == Ted Husted [EMAIL PROTECTED] writes: TH See http://archive.coreservlets.com , Chapter 14, Using Nested Tags. TH This is the source code from Marty Hall's Core Servlets and JavaServer TH Pages. Excellent. Thanks again Ted!
Re: logic:iterate -
I'm using a recent build, and you may be on 0.5 so some details may
differ. (If you don't need to run under Java 1.1, you may want to move
over to a current build.)
The iterate tag in registeration.jsp of the Example application uses
these three paramaters
id - The name of the scripting variable to be exposed.
name - The name of the collection or owning bean.
property - The property name containing the collectio
user is a bean that had been stored in the session context.
subscriptions is a hashtable property of User. subscription is the name
the name that will be used within the iterate tag for each member of
subscriptions.
logic:iterate id="subscription" name="user" property="subscriptions"
tr
td align="left"
bean:write name="subscription" property="host" filter="true"/
/td
td align="left"
bean:write name="subscription" property="username"
filter="true"/
/td
!-- snip --
/tr
/logic:iterate
If the firms collection were stored in the session context,
session.setAttribute("firms", getFirms()); // or whatever
I think you would just need to do something like this
logic:iterate id="firm" name="firms"
bean:write name="firms" property="name" filter="true"/
/logic:iterate
Hope this helps ...
-- Ted Husted, Husted dot Com, Fairport NY USA.
-- Custom Software ~ Technical Services.
-- Tel 716 425-0252; Fax 716 223-2506.
-- http://www.husted.com/
