Re: Users, Roles Access Control in Struts Applications - Where to get information?
This might come through twice - if so, sorry. On 03/25/2004 11:28 AM Tom Bednarz wrote: 1) How are Roles defined? Where are they stored? I don't want these things stored in a XML file. Is there a way to store these things in a database? Is there any documentation about a datamodel (Fields, datatypes etc) Hi Tom, for this you should check the different Realm implementations available, see the docs on jakarta's tomcat website. There is a JDBC realm that sounds right for your purposes. 2) How are roles assigned to users or groups of users? Where are these assignments stored? Basically roles should be assigned to groups. Users will then join or leave groups with specific privileges. This is done at login by tomcat, but such mechanisms should be available on all containers. The user name is stored in the session (although not available to you by session.getAttribute(), only request.getUserPrincipal() or getRemoteUser() ) plus the roles are stored as an array of strings, e.g. user, admin, super, available again via the request.isUserInRole() boolean method. Should be container-independent. 3) What do I need to do in Struts to configure all this? I read that since 1.1 I can define a role property in ActionMappings. How and against what is that definition verified? Are there any standard/basic mechanisms that can be extended ? Struts checks against request.isUserInRole(). I don't think it's standard or basic to extend this. However it's open-source, so you could do whatever you wanted. The same applies to tomcat. 4) Is there any menu system available, that supports roles and can be integrated in a Struts based application? Have you checked out struts-menu? I think it's on source-forge, if not check for the link on the struts website. 5) Are there any special considerations when moving from Struts 1.0 to 1.1? With other words, is the code backward compatible or will my working code for 1.0 not work anymore on 1.1? There's an upgrade doc on the struts website. It is /mostly/ backwards compatible. I've heard of many people just dropping in the new struts jar to their project and having no problems. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: form based auth and session timeout and post data
That's one mean filter. It's not part of struts but judging merely from its name, it's obviously built into the app security. What does xpetstore say it's meant to do? Have you checked the filter's javadoc? Adam On 03/25/2004 10:07 PM Martin Alley wrote: Hi, I've got a struts based app using form based authentication (started out as xpetstore). I have a situation where if I'm on a web form protected by role based security, and the session times out, and then I submit the form, I get to the login page, login, but then the original form data is lost. According to the log data, it's looking for an ActionForm of a different name according to whether the session has timed out or not!!! I thought this stuff was statically configured. When there is no time out, the log looks like this: 2004-03-25 19:40:19,350 INFO [xpetstore.web.filter.SignOnFilter] doFilter() 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] user=bug1b 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] isSignedIn=true 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] uri=/MotoringMemorabilia/updateCustomer.jspa 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] _login=/login.jspa 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /updateCustomer.jspa 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Processing a 'POST' for path '/updateCustomer' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'existingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.customer.ExistingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] -- [EMAIL PROTECTED] 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Storing ActionForm bean instance in scope 'request' under attribute key 'existingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Populating bean properties from this request 2004-03-25 19:40:19,360 DEBUG [org.apache.struts.action.RequestProcessor] Validating input form properties 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] No errors detected, accepting input 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] Looking for Action instance for class xpetstore.web.struts.action.customer.UpdateCustomerAction 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] Creating new Action instance 2004-03-25 19:40:19,370 INFO [xpetstore.web.struts.action.customer.UpdateCustomerAction] execute() When there is a timeout the log goes like this: 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'newCustomerForm' 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.customer.NewCustomerForm' 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] -- [EMAIL PROTECTED] 2004-03-25 20:10:56,918 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /index.jsp 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /cart.jspa 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /signon.jspa 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /search.jspa 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'searchForm' 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.product.SearchForm' 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] -- [EMAIL PROTECTED] 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /index.jsp 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /category.jspa?categoryId=SIGNS The relevant action configuration looks like this: action path=/updateCustomer
Re: dynamic widgets
Give us an example. What is the form editing? The iterate tag is probably what you want, if it's simple. Or you could use NestedBeans. If the form edits the actual object, you can get a bunch of beans, each representing x pieces of info, and store them inside the main object. Just throwing out ideas. Adam On 03/25/2004 04:37 PM Dean A. Hoover wrote: Scenario: An HTML form is contructed using JSP where most of the widgets are statically created (except for labels). However, there is a group of check boxes which are created based on information contained in a database. There may be one checkbox or many. How would you express this in the form-bean in struts-config.xml. I am using DynaValidatorForm but will actually be doing validation for this group of checkboxes in the Action. Any ideas? Dean Hoover - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: form based auth and session timeout and post data
Martin, I'm not familiar with xpetstore, so I didn't say anything when I read that you had container-managed security and a sign-on filter redirecting unauthenticated users. Basically you have made the sign-on filter redundant by implementing container-managed security. However that's not to say that the sign-on filter doesn't do other stuff as well - I don't know. One thing for instance could be that it puts user information into the session so you don't need to repeatedly fetch the info with each request. The filter won't be by-passed - it's not affected by the app you're running, only by tomcat 'filtering' on the URL and passing it the requests it's been configured to see in the web.xml. Adam On 03/25/2004 10:35 PM Martin Alley wrote: Hi Adam, I modified the filter from xpetstore when I introduced container based security. It should now redirect the user to the signonAction to synchronise container based auth with session based (legacy) record of the logged in user. Thinking about it there could be some problems in there, but in the session timeout scenario, the SignonFilter doesn't get hit straight away (unlike the non-timeout scenario). I guess the order of play is: Container based security Filter ActionServlet Can't work out why the filter would appear to be bypassed. Any ideas? Thanks for helping. Martin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 25 March 2004 21:18 To: Struts Users Mailing List Subject: Re: form based auth and session timeout and post data That's one mean filter. It's not part of struts but judging merely from its name, it's obviously built into the app security. What does xpetstore say it's meant to do? Have you checked the filter's javadoc? Adam On 03/25/2004 10:07 PM Martin Alley wrote: Hi, I've got a struts based app using form based authentication (started out as xpetstore). I have a situation where if I'm on a web form protected by role based security, and the session times out, and then I submit the form, I get to the login page, login, but then the original form data is lost. According to the log data, it's looking for an ActionForm of a different name according to whether the session has timed out or not!!! I thought this stuff was statically configured. When there is no time out, the log looks like this: 2004-03-25 19:40:19,350 INFO [xpetstore.web.filter.SignOnFilter] doFilter() 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] user=bug1b 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] isSignedIn=true 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] uri=/MotoringMemorabilia/updateCustomer.jspa 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] _login=/login.jspa 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /updateCustomer.jspa 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Processing a 'POST' for path '/updateCustomer' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'existingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.customer.ExistingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] -- [EMAIL PROTECTED] 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Storing ActionForm bean instance in scope 'request' under attribute key 'existingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Populating bean properties from this request 2004-03-25 19:40:19,360 DEBUG [org.apache.struts.action.RequestProcessor] Validating input form properties 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] No errors detected, accepting input 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] Looking for Action instance for class xpetstore.web.struts.action.customer.UpdateCustomerAction 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] Creating new Action instance 2004-03-25 19:40:19,370 INFO [xpetstore.web.struts.action.customer.UpdateCustomerAction] execute() When there is a timeout the log goes like this: 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'newCustomerForm' 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.customer.NewCustomerForm' 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] -- [EMAIL PROTECTED] 2004-03-25 20:10:56,918 DEBUG [org.apache.struts.util.RequestUtils] Get module name
Re: portal concepts [was: what would it take to build site navigation into struts?]
Are you aiming to put Broadvision out of business? ;) It sounds like quite a task. The admin tool that you use to build page heirarchies - how does it store the info? XML presumably? And the XML is read by the application at run-time. And so your plug-in would do the same - read its config from an XML file to establish the heirarchy and relationships. The dynamic part sounds like a major piece of work - but you wouldn't necessarily need that - or is it integral? I suppose it depends on how much static content you have. Obviously with lots of static content, then it would seem churlish not to allow dynamic rearrangement of the site map. But it depends on how you do it - most of the URLs in a struts-tiles app are based in files that can only be reloaded by reloading the whole app. I think that's your first worry. Adam On 03/19/2004 09:45 AM Andrew Freeman wrote: After taking a BroadVision One-To-One Portal Developer Workshop this week and seeing how BroadVision uses Struts, I have come to realize that some of the functionality that their product provides could be built directly into Struts itself. Let's start with a simple site map: 0. Root 1. Home 1. Products 1. Product Line 1 1. Product A 2. Product B 3. Product C 2. Product Line 2 1. Product D 2. Product E 2. Personal Home Page 1. Personal Weather Portlet 2. Personal Stock Portlet First, BroadVision Portal provides an admin tool and an API to build page hierarchies like what is shown above. Every page within the page hierarchy knows itself, its parent, its siblings, and its children. Having an API like this prevents a page from ever becoming an orphan. It also allows sitemaps to be dynamically created and for each page to know how to build its own breadcrumb navigation like this: Home Products Product Line 1 Product B Second, each of the above pages can contain zero or more pieces of content. Broadvision is designed so that multiple pages can point to the same content. This is the same way multiple Struts Actions can point to the same JSP. Third, they provide a way to create a user profile. Fourth, BroadVision provides a way to define what they refer to as qualifiers. For instance: Department: IT, HR, Finance, Marketing, Sales, etc. User Type: Customer, Employee, Supplier, Distributor Role: Admin, Power User, User, Guest Language: English, French, German These qualifiers can be assigned to each page within the page hierarchy, each page's content items, and each user profile. This allows the portal to dynamically determine what content to display to a user based on what qualifiers have been assigned to the user. If no qualifiers have been assigned to a page, the page is publicly visible. Otherwise, unless the user profile has the same qualifiers assigned to it as the page, the page will not be visible. The same rules apply to the content items on the page. The cool part about this is that the user only sees the content relevant to them. Thus you are able to create truly dynamic content. There are, of course, a lot more features associated with BroadVision Portal than what I have listed above. I am mainly looking to have some type of Page Hierarchy concept built into Struts as a Plugin as tightly as Tiles is. The rest of the features could be added onto that concept over time. What do others think? -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Map-backed Forms and Struts Validator
Hi Derek, from the ppt doc, it looks like validWhen is using a syntax that is designed for checking indexed properties. I haven't used it though. I assume that it would handle nested beans as well, in accordance with the rest of the action form functionality. But again, I don't know. Also it says you can't use validWhen until you upgrade to struts 1.2 or a nightly build. I admit, it doesn't look hopeful. Have you tried a simple test case using the syntax like in the ppt doc? Adam On 03/18/2004 12:56 AM Derek Richardson wrote: Read through the various Struts validator docs and the map-backed form faq but didn't see this. James Turner's Indexed Properties and Validation presentation (http://www.strutskickstart.com/IndexedPropertiesandValidation.ppt) came close, but still not explicit enough for me to figure out. :( Struts 1.1. Uses Commons Validator 1.0.2. Is it possible to use the Struts validator to validate beans stored in a map-backed form? If so, does anyone have an example at-hand to send me? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [FRIDAY]:RE: calling ASP inside a JSP
The ugly bit is when you try to incorporate an ASP page with a JSP page, M$ will sue you for stealing their code. ;) On 03/18/2004 03:21 AM Andrew Hill wrote: Whats the Ugly? PHP? hmmm. Friday seems to come very early in your part of the world ;-) -Original Message- From: Wiebe de Jong [mailto:[EMAIL PROTECTED] Sent: Thursday, 18 March 2004 08:17 To: 'Struts Users Mailing List' Subject: [FRIDAY]:RE: calling ASP inside a JSP You have JSP, and ASP, and you want to mix them together?!? Reminds me of that Clint Eastwood movie: The Good, the Bad, and the Ugly ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: calling ASP inside a JSP Hi All I have a webpage in which i have two Frames. In my left frame i want to display an ASP page. In the main frame i have a JSP page. Can i do this at all. I have a link to the ASP page, but i do not want to provide a link but only want to display the content of the ASP page. Please let me know if i can do this. Thanks --Mohan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: action - delegate - facade
Downside is though, trying to cram string request parameters into your DTO in your form before you validate them. Causes ugly exception messages on the browser. On 03/18/2004 02:25 AM Robert Taylor wrote: Well, I would say it depends. If I had a DTO ( a domain object) which had all the fields I needed to display...including types like int, Date, boolean, etc... I would probably just pass that along to the form bean and let view helpers like the Struts tags or JSTL render the contents. With JSTL you can format Dates and numbers. I believe those tags leverage the java.text.* package for formatting data. If I needed to perform some specialized formatting which could not be done by view helpers then I may just convert the necessary fields to Strings (maybe using BeanUtils) format them, and populate my ActionForm. If the view I needed of the data was not encapsulated in a single DTO, then you could retrieve multiple DTO objects and rendered them as described above or use a pattern described as Transfer Object Assembler which builds a custom DTO or a collection of customer DTO objects which you could pass along to the ActionForm. You can read more about Transfer Object Assembler here: http://java.sun.com/blueprints/corej2eepatterns/Patterns/TransferObjectAssembler.html robert -Original Message- From: Nick Wesselman [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 6:28 PM To: Struts Users Mailing List Subject: Re: action - delegate - facade What about when simply displaying data on a page? Do developers typically copy data out of the domain object just to display it? (As opposed to using it w/ a form.) The only issue I see is that you may end up introducing view helper methods to your model beans. Nick Robert Taylor wrote: Adam, its frowned upon to pass a web tier object (ActionForm) into the business tier. I believe a widely used technique is to use BeanUtils to copy the properties from the ActionForm to a DTO (a Domain Object) which can be passed to the business tier. robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: security framework!!!
, With my structure, I might have to become a particular reseller, then flip into a customer of his/hers, then become one of their client accounts to look into a reported problem. I worry about login identities for the following reasons: Using a JAAS login, my principal would be fixed (set in stone) for my session. Then, I couldn't be able to use the 'roles' settings inside Struts, Tiles, and JSPs to control content. Without using a JAAS login, I also become unable to use 'roles' in Tiles and JSPs to control content. Without having any theories on how to successfully (and without much alteration to the package[s]) use roles for Struts, Tiles, and JSPs, I'm at a loss how to change my identity/roles If I made a filter to wrapper the Request with a HTTPServletRequestWrapper object then added my own push/pop/depth methods, I see how I could use roles in all of those places. Knowing all of the above gory details, do you (or anyone) have any suggestions on how to make things cleaner while using roles in all of those places with the various levels of control I need to exert (albeit probably rarely switching roles) ? Thanks (to all) for any constructive suggestions, David -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 6:51 PM To: Struts Users Mailing List Subject: Re: security framework!!! I don't see your requirement for replacing the principal when the admin wants to 'become' someone else. What are you envisaging that such a technique would bring? How are you planning for the administrator to get his/her original user back? I'm pretty confident you can accomplish this through the judicious use of roles. OK, you'll need quite a few admittedly. Unless I've missed a point somewhere. On 03/17/2004 11:54 PM David Friedman wrote: Andy, My personal project will have 5 distinct levels (a business of my own, someday). The lowest level has individual powers, nothing shared. It makes that particular level analogous to a shopping cart user: his/her 'stuff' only. The groups/levels are in order from highest ability to lowest (the individual user). They can only become or manipulate the level below them directly, unless they assume the identity of an account they manage to review/fix/look into something. The descriptions of the levels follow: Senior Group level administrators. For all intent and purposes, that is me and my team. We can add/edit/remove/become/lock-down any reseller account (only upon request, of course). Junior Group level - reseller company. A reseller company has a group of accounts (one or more) who can add/edit/remove/become/lock-down any of their own customer accounts (hopefully only upon request). Sophomore Group level - customer company. A customer company is a business sold to by a reseller. This group can add add/edit/remove/become/lock-down any of their own clients (again, hopefully only upon request). Freshman Group level - client. A client is a corporate entity receiving services from their particular vendor, an above-mentioned customer company. This group of accounts can add/edit/remove their own list of employees (i.e. end users). They have some features specific to them as well as being able to enter information similar to their individual employees. (Lowest) User level - employee. An employee is an individual account under a corporate entity (in a client). They have individual duties and can enter data. Some of their activities may end up going to a manager (at the client level) for approval, depending on the activity. Essentially, all of the work they do can be seen by no one else (though a manager might need to approve certain types of request). Regards, David -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 10:28 AM To: Struts Users Mailing List Subject: Re: security framework!!! On 03/15/2004 03:00 PM David Friedman wrote: I should have explained this a bit better. Each level is like a company or organization. It has it's own group of parties to maintain but can be managed by one or more managers. The managers share group responsibility. Only the user at the very bottom rung has an interface which only that user can use. What do you mean by that last sentence? Why can't a manager use that interface too? Surely it depends on roles? Everyone above it is some sort of manager for maintaining there shared group (separate from other resellers, or separate from other). admin--- reseller1 (admin1, admin2, admin3) -- customer1 customer2 customer3 reseller2 (admin4) - customer4 customer5 reseller3 (admin5, admin6) - customer6 reseller7 (admin7, admin8, admin9) - customer7 customer8 In the above tree, the customer(s) have a group of their own admins plus individual employees (who have no shared responsibilities). I know this sounds like I should use pow2acl but it doesn't seem to have anything for replacing the Principal so I could become a user, nor does it appear
Re: Validator: Validation based on action path and not by form name
Kamakshya, if you use the ValidatorActionForm instead of the ValidatorForm, then you can do this. Adam On 03/18/2004 08:26 AM Prasad, Kamakshya wrote: Hi All, Is it possible for validation.xml to take action path attribute instead of form name for putting javascript validation rules for a page? I am having a page with lot of buttons, each mapping to a particular action path. I want to validate the screen elements based on these action paths and not as a whole form. Please let me know if there is any such facility provided by struts. Regards, Kamakshya -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: what would it take to build site navigation into struts?
You're talking about breadcrumbs as site navigation - just to be clear, because there is another implementation of breadcrumbs as history navigation. It is relatively simple to implement (and maintain) a navigation breadcrumb menu using Tiles, which shows the position of your page in the heirarchy. It is basic, so I'm not sure if it could fulfil what you describe as 'knowing its relationship to the rest of the pages' or an 'API to know the current page's parent siblings children'. Perhaps a couple of examples to show what you mean would help. Adam On 03/17/2004 04:45 AM Andrew Freeman wrote: I have been learning about a web portal tool called BroadVision Portal. One of the nice things that it provides out of the box are breadcrumbs. It allows you to define a hierarchical navigation system where each level of the hierarchy can have a sub-navigation element and/or one or more content items. You can compare this concept to a file system. Every webpage/link knows its relationship to the rest of the pages/links. This means that there is an API to know the current page's/link's parent, siblings, and children. Microsoft's Whidbey release of ASP.NET will provide an API for this. The bottom line is that having such a feature in Struts would make it easy to build things like breadcrumbs. Does anyone have any idea of what it would take to build a site navigation type concept into Struts? thanks, Andy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: action - delegate - facade
like the following: Properties props = // get initialization properties // to initialize factory to return EJB BD implementations BusinessDelegateFactory bdf = BusinessDelegateFactory.init(props); In your client, suppose AccountBD is your BusinessDelegate interface: BusinessDelegateFactory bdf = BusinessDelegateFactory.getInstance(); AccountBD accountBD = (AccountBD)bdf.createBusinessDelegate(AccountBD.BD_NAME); So you just end up plugging in new implementations as needed. Anyhow, that's my interpretation of the some of the forces behind the pattern and an idea on implementing it. Here's more information: http://java.sun.com/blueprints/corej2eepatterns/Patterns/BusinessDelegate.html http://www.developer.com/java/other/article.php/626001 robert -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 6:26 PM To: Struts Users Mailing List Subject: action - delegate - facade I've just been perusing the archive to check out what people have been saying about struts to EJB interfacing. One thing that occurs to me is that the only reason mentioned for having a business delegate layer between the Actions and the Session Facade is to allow for loose coupling of the struts-dependent code with the EJB dependent code. How necessary is that? If you choose to drop EJB and go with, say Hibernate, you would have to modify the interface, whether it is the Action - Facade interface or the Delegate - Facade interface. Or have I missed an important other reason for the existence of the Delegate layer? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: action - delegate - facade
Is it safe? I really don't know. You'd have to ask someone else or wait until I've got a couple of years experience with the service locator pattern, and I'll let you know ;) but regarding value objects - you use BeanUtils to copy the properties into the form beans? On 03/17/2004 12:34 PM HG wrote: ehh..Correction to third answer... Actually the plugin caches the reference to the EJB Facade and the Service Locator caches the home looked up from JNDI... Is this really safe..?? :-) - Original Message - From: HG [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 12:31 PM Subject: Re: action - delegate - facade Hi Adam. Your first question, regarding packaging I keep that part simple, so I place all value objects in a model package, say com.mycompany.myproduct.model. Both the ejb-jar and the web-jat contain these classes. Your second question, regarding generation value objects I use xDoclets facilities to generate value objects. If I need special services/attributes in the value objects I subclass the one generated by xDoclet and roll my changes. Your third question, regarding home lookups. I use the ServiceLocator pattern from my business delegates(plugins). The service locator is implemented as a Singleton and contains only Facades. I have antoher another singleton ServiceLocator for Entities. Each plugin caches the home of the Business Services it uses (ie. the Facades). Hope to help...otherwisefeel free to ask. Best regards Henrik - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 11:01 AM Subject: Re: action - delegate - facade I am surprised to see that the xpetstore @ sourceforge has a direct interface between Actions and the session beans. The delegate does make sense to me now and I'm going to implement it. One think I've been wondering is about packaging all the classes. Do you put the delegate classes and the transfer / value object classes in a seperate jar file from the action classes, and from the EJBs? While on the subject, what do you use for value objects? Form beans or something generated by xdoclet? I've been using an xml schema to generate my value objects so far (not with EJB) via JAXB, but this isn't going to work with EJB because the things aren't serializable. Another question (my last!): what is the best way to handle home interfaces in the delegate? Do you cache them? Do you treat them like a logger object or a singleton? Or do you just instantiate them fresh each call? Thanks! Adam On 03/17/2004 09:22 AM HG wrote: Hi Robert and Adam... Guess I am paranoid or prepared.. :-) I use nearly the approach Robert described, using a Factory for the delegatealthough the purpose is not the same.. I use the Delegate as the web tier view of the business logic/services in the system. That becomes important, when different business rules/logic applies to different modules/plugin. In my scenario I call the business delegates for business plugins because of the dynamic plugable nature. Plugins are hosted by a plugin manager (the factory), and access the plugin interfaces always goes through the plugin manager. You get an interface to a plugin (ie. web tier view of a business service), not an implementation...that's important as you state correctly Robert. The difference is that I don't care if it is a POJO, EJB, whatever I am talking to behing the scenes, I care about HOW the business service is implemented... Let me give you an example: Way through system is: Action-Plugin-Facade-Entity Pseudo code for action execute: AccountManagement plugin = pluginManager.getPlugin(core.account.management); What I get here is an interface (AccountManagement) of a business service plugin. Behind the interface, one specific implementation of it resides. WHAT implementation to use is decided by the plugin manager. I my scenario it is based on a customer, which have a certain business role. But it can be whatever logic to decide which implementation to use. Now I use the the plugin business service interface from my action plugin.createAccount(001, Hans Gruber); With this one call a specific implementation of the Management interface is called. What happens behind the scenes is not important from the actions point of view. Maybe different business rules/logic applies for different implementations of the AccountManagement. What actually happens is that the plugin service implementation calls a facade to fulfil the business action of creating an account. This approach is highly flexible...You have the possibility of hosting different customers (with different needs) under the same application constrcuted using business plugins building blocks. It also (like other business delegates as you stated Robert) promotes loosely coupling between the web tier and EJB or whatever tier is behind. With this clean
Re: action - delegate - facade
Thanks Matthias. The codecamp looks like just the right thing. Adam On 03/17/2004 02:17 PM Matthias Wessendorf wrote: Hi Adam there is a good book on it! http://www.corej2eepatterns.com/Patterns2ndEd/index.htm i use it very often... but more it's german version... :-) however that covers j2ee1.4 cheers, btw. under the sun, there is a code camps, or however they call it for strtus and j2ee_patterns: http://developers.sun.com/events/techdays/codecamps/index.html (third link ;-)) cheers! Matthias -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 2:08 PM To: Struts Users Mailing List Subject: Re: action - delegate - facade Is it safe? I really don't know. You'd have to ask someone else or wait until I've got a couple of years experience with the service locator pattern, and I'll let you know ;) but regarding value objects - you use BeanUtils to copy the properties into the form beans? On 03/17/2004 12:34 PM HG wrote: ehh..Correction to third answer... Actually the plugin caches the reference to the EJB Facade and the Service Locator caches the home looked up from JNDI... Is this really safe..?? :-) - Original Message - From: HG [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 12:31 PM Subject: Re: action - delegate - facade Hi Adam. Your first question, regarding packaging I keep that part simple, so I place all value objects in a model package, say com.mycompany.myproduct.model. Both the ejb-jar and the web-jat contain these classes. Your second question, regarding generation value objects I use xDoclets facilities to generate value objects. If I need special services/attributes in the value objects I subclass the one generated by xDoclet and roll my changes. Your third question, regarding home lookups. I use the ServiceLocator pattern from my business delegates(plugins). The service locator is implemented as a Singleton and contains only Facades. I have antoher another singleton ServiceLocator for Entities. Each plugin caches the home of the Business Services it uses (ie. the Facades). Hope to help...otherwisefeel free to ask. Best regards Henrik - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 11:01 AM Subject: Re: action - delegate - facade I am surprised to see that the xpetstore @ sourceforge has a direct interface between Actions and the session beans. The delegate does make sense to me now and I'm going to implement it. One think I've been wondering is about packaging all the classes. Do you put the delegate classes and the transfer / value object classes in a seperate jar file from the action classes, and from the EJBs? While on the subject, what do you use for value objects? Form beans or something generated by xdoclet? I've been using an xml schema to generate my value objects so far (not with EJB) via JAXB, but this isn't going to work with EJB because the things aren't serializable. Another question (my last!): what is the best way to handle home interfaces in the delegate? Do you cache them? Do you treat them like a logger object or a singleton? Or do you just instantiate them fresh each call? Thanks! Adam On 03/17/2004 09:22 AM HG wrote: Hi Robert and Adam... Guess I am paranoid or prepared.. :-) I use nearly the approach Robert described, using a Factory for the delegatealthough the purpose is not the same.. I use the Delegate as the web tier view of the business logic/services in the system. That becomes important, when different business rules/logic applies to different modules/plugin. In my scenario I call the business delegates for business plugins because of the dynamic plugable nature. Plugins are hosted by a plugin manager (the factory), and access the plugin interfaces always goes through the plugin manager. You get an interface to a plugin (ie. web tier view of a business service), not an implementation...that's important as you state correctly Robert. The difference is that I don't care if it is a POJO, EJB, whatever I am talking to behing the scenes, I care about HOW the business service is implemented... Let me give you an example: Way through system is: Action-Plugin-Facade-Entity Pseudo code for action execute: AccountManagement plugin = pluginManager.getPlugin(core.account.management); What I get here is an interface (AccountManagement) of a business service plugin. Behind the interface, one specific implementation of it resides. WHAT implementation to use is decided by the plugin manager. I my scenario it is based on a customer, which have a certain business role. But it can be whatever logic to decide which implementation to use. Now I use the the plugin business service interface from my action plugin.createAccount(001, Hans Gruber); With this one call a specific implementation
Re: action - delegate - facade
The advantage of this approach, the way I see it, is that it allows you to declare all your 'views' or 'transfer objects' in xml, and have them strongly typed (as opposed to formbeans) - and that it works well with BeanUtils.copyProperties. Are there any disadvantages at the back-end because of the map-backed nature? I mean in the EJB layer? I have been doing this but using a xml configuration file, using a Struts plugin. It falls on something like this: ?xml version='1.0' encoding='utf-8'? !DOCTYPE views PUBLIC -//04Web//DTD Horizon Configuration 1.0//EN http://www.04web.com/dtd/horizon-config_1_0.dtd; views view name=usersView dyna-property property=users type=java.util.Collection/ dyna-property property=flag type=java.lang.Boolean/ /view /views (similar to struts-config) I did this because I found it a bit confusing mixing bean attributes to retrieve html form data and attributes to deliver the intended presentation. I use a view factory to retrieve the bean definitions and then do something like: view.set(property, object); (I extended the DynaBean and implement the Map interface to achieve this - much simpler and JSTL friendly) ...you could also use BeanUtils for setting the properties. A simple module aware configuration: !-- HORIZON PLUGIN -- plug-in className=com.ohforweb.horizon.HorizonPlugin set-property property=config-files value=/WEB-INF/horizon-config.xml/ set-property property=parser-validate value=true/ set-property property=module-aware value=true/ /plug-in When I send the request I usually send a view. If aa prepopulated html form is to be presented I send a view and a form bean. Voila :) Pedro Salgado (http://www.04web.com/) - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 2:07 PM Subject: Re: action - delegate - facade Is it safe? I really don't know. You'd have to ask someone else or wait until I've got a couple of years experience with the service locator pattern, and I'll let you know ;) but regarding value objects - you use BeanUtils to copy the properties into the form beans? On 03/17/2004 12:34 PM HG wrote: ehh..Correction to third answer... Actually the plugin caches the reference to the EJB Facade and the Service Locator caches the home looked up from JNDI... Is this really safe..?? :-) - Original Message - From: HG [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 12:31 PM Subject: Re: action - delegate - facade Hi Adam. Your first question, regarding packaging I keep that part simple, so I place all value objects in a model package, say com.mycompany.myproduct.model. Both the ejb-jar and the web-jat contain these classes. Your second question, regarding generation value objects I use xDoclets facilities to generate value objects. If I need special services/attributes in the value objects I subclass the one generated by xDoclet and roll my changes. Your third question, regarding home lookups. I use the ServiceLocator pattern from my business delegates(plugins). The service locator is implemented as a Singleton and contains only Facades. I have antoher another singleton ServiceLocator for Entities. Each plugin caches the home of the Business Services it uses (ie. the Facades). Hope to help...otherwisefeel free to ask. Best regards Henrik - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 11:01 AM Subject: Re: action - delegate - facade I am surprised to see that the xpetstore @ sourceforge has a direct interface between Actions and the session beans. The delegate does make sense to me now and I'm going to implement it. One think I've been wondering is about packaging all the classes. Do you put the delegate classes and the transfer / value object classes in a seperate jar file from the action classes, and from the EJBs? While on the subject, what do you use for value objects? Form beans or something generated by xdoclet? I've been using an xml schema to generate my value objects so far (not with EJB) via JAXB, but this isn't going to work with EJB because the things aren't serializable. Another question (my last!): what is the best way to handle home interfaces in the delegate? Do you cache them? Do you treat them like a logger object or a singleton? Or do you just instantiate them fresh each call? Thanks! Adam On 03/17/2004 09:22 AM HG wrote: Hi Robert and Adam... Guess I am paranoid or prepared.. :-) I use nearly the approach Robert described, using a Factory for the delegatealthough the purpose is not the same.. I use the Delegate as the web tier view of the business logic/services in the system. That becomes important, when different business rules/logic applies to different
Re: action - delegate - facade
Great book. Thanks for the link. I think I need more knowledge of xdoclet before I make my mind up though. This offers alot to mull over. Plus I'm also quite keen to use faster, quicker patterns. I use dynaactionforms in struts almost exclusively and regarding this Data Transfer Hashmap, it irritates me that the data must be transferred out of one hashmap into another. In fact it would be ideal to be able to transfer the data in the dynaactionform right down the line to the entity bean. The data elements of each form are primarily defined in the struts-config.xml, so I can't see a clean way of telling the entity bean (or any other object) how to get the data out. On 03/17/2004 11:33 PM [EMAIL PROTECTED] wrote: Actually this is a pattern mentioned in EJB Design Patterns - Advanced Patterns Processes and Idioms called Data Transfer HashMap. You can download the pdf from TheServerSide.com. It's a pretty good read. The book goes into detail on the pros and cons of this pattern. Well... it wasn't my intention to implement a software pattern :) (I am kidding :) form-beans does the same job - I think - but mixes form input data with form build data - again, feel free to criticize, afterall I am still new with Struts). We already discussed this... but here goes for the rest of the mailing list: - It surely saved me some time (I dont have to define on one XML file the beans I need and after that execute something to automatically generate the java beans - you have to be more carefull though, since you may only encounter some bugs on runtime... unless you use strutstestcase/junit) - made a great work decoupling the presentation from business logic (just like with form-beans) - I dont get confused about what is the user input data and what is the data to help build the user form - it also had another side effect: much less lines for xml configuration file... but more files per application (I can live with this :) ) - it seems easier to reuse view-beans/form-beans when they are decoupled... but i will need more time/experience to support this Thank you for the document. I will read it very carefully and see if there is another challenge waiting outside this framework. Pedro Salgado http://www.theserverside.com/books/wiley/EJBDesignPatterns/downloads/ejbdesignpatterns.pdf robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: action - delegate - facade
OK, I was vaguely aware of that, presumably because it couples the EJB layer to Struts when you code against an ActionForm. However that could easily be remedied because the Action can call DynaActionForm.getMap() and pass on the hashmap heart of the DynaActionForm. It still leaves though the problem that the EJB knows nothing about what is in those hashmaps. Plus it must type-cast all the values. (Assuming as well that all the validation has been done if this was a DynaValidatorActionForm) It would be interesting challenge, if I didn't have the suspicion that the whole of the Struts community would still frown on it. Adam On 03/18/2004 12:20 AM Robert Taylor wrote: Adam, its frowned upon to pass a web tier object (ActionForm) into the business tier. I believe a widely used technique is to use BeanUtils to copy the properties from the ActionForm to a DTO (a Domain Object) which can be passed to the business tier. robert -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 5:57 PM To: Struts Users Mailing List Subject: Re: action - delegate - facade Great book. Thanks for the link. I think I need more knowledge of xdoclet before I make my mind up though. This offers alot to mull over. Plus I'm also quite keen to use faster, quicker patterns. I use dynaactionforms in struts almost exclusively and regarding this Data Transfer Hashmap, it irritates me that the data must be transferred out of one hashmap into another. In fact it would be ideal to be able to transfer the data in the dynaactionform right down the line to the entity bean. The data elements of each form are primarily defined in the struts-config.xml, so I can't see a clean way of telling the entity bean (or any other object) how to get the data out. On 03/17/2004 11:33 PM [EMAIL PROTECTED] wrote: Actually this is a pattern mentioned in EJB Design Patterns - Advanced Patterns Processes and Idioms called Data Transfer HashMap. You can download the pdf from TheServerSide.com. It's a pretty good read. The book goes into detail on the pros and cons of this pattern. Well... it wasn't my intention to implement a software pattern :) (I am kidding :) form-beans does the same job - I think - but mixes form input data with form build data - again, feel free to criticize, afterall I am still new with Struts). We already discussed this... but here goes for the rest of the mailing list: - It surely saved me some time (I dont have to define on one XML file the beans I need and after that execute something to automatically generate the java beans - you have to be more carefull though, since you may only encounter some bugs on runtime... unless you use strutstestcase/junit) - made a great work decoupling the presentation from business logic (just like with form-beans) - I dont get confused about what is the user input data and what is the data to help build the user form - it also had another side effect: much less lines for xml configuration file... but more files per application (I can live with this :) ) - it seems easier to reuse view-beans/form-beans when they are decoupled... but i will need more time/experience to support this Thank you for the document. I will read it very carefully and see if there is another challenge waiting outside this framework. Pedro Salgado http://www.theserverside.com/books/wiley/EJBDesignPatterns/downloads/ejbdesignpatterns.pdf robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: security framework!!!
I don't see your requirement for replacing the principal when the admin wants to 'become' someone else. What are you envisaging that such a technique would bring? How are you planning for the administrator to get his/her original user back? I'm pretty confident you can accomplish this through the judicious use of roles. OK, you'll need quite a few admittedly. Unless I've missed a point somewhere. On 03/17/2004 11:54 PM David Friedman wrote: Andy, My personal project will have 5 distinct levels (a business of my own, someday). The lowest level has individual powers, nothing shared. It makes that particular level analogous to a shopping cart user: his/her 'stuff' only. The groups/levels are in order from highest ability to lowest (the individual user). They can only become or manipulate the level below them directly, unless they assume the identity of an account they manage to review/fix/look into something. The descriptions of the levels follow: Senior Group level administrators. For all intent and purposes, that is me and my team. We can add/edit/remove/become/lock-down any reseller account (only upon request, of course). Junior Group level - reseller company. A reseller company has a group of accounts (one or more) who can add/edit/remove/become/lock-down any of their own customer accounts (hopefully only upon request). Sophomore Group level - customer company. A customer company is a business sold to by a reseller. This group can add add/edit/remove/become/lock-down any of their own clients (again, hopefully only upon request). Freshman Group level - client. A client is a corporate entity receiving services from their particular vendor, an above-mentioned customer company. This group of accounts can add/edit/remove their own list of employees (i.e. end users). They have some features specific to them as well as being able to enter information similar to their individual employees. (Lowest) User level - employee. An employee is an individual account under a corporate entity (in a client). They have individual duties and can enter data. Some of their activities may end up going to a manager (at the client level) for approval, depending on the activity. Essentially, all of the work they do can be seen by no one else (though a manager might need to approve certain types of request). Regards, David -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 10:28 AM To: Struts Users Mailing List Subject: Re: security framework!!! On 03/15/2004 03:00 PM David Friedman wrote: I should have explained this a bit better. Each level is like a company or organization. It has it's own group of parties to maintain but can be managed by one or more managers. The managers share group responsibility. Only the user at the very bottom rung has an interface which only that user can use. What do you mean by that last sentence? Why can't a manager use that interface too? Surely it depends on roles? Everyone above it is some sort of manager for maintaining there shared group (separate from other resellers, or separate from other). admin--- reseller1 (admin1, admin2, admin3) -- customer1 customer2 customer3 reseller2 (admin4) - customer4 customer5 reseller3 (admin5, admin6) - customer6 reseller7 (admin7, admin8, admin9) - customer7 customer8 In the above tree, the customer(s) have a group of their own admins plus individual employees (who have no shared responsibilities). I know this sounds like I should use pow2acl but it doesn't seem to have anything for replacing the Principal so I could become a user, nor does it appear to have anything to let me hook SSLext into it to ensure good http/https lock-downs. Do you have any hints/suggestions for a better methodology/way? Regards, David -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 4:25 AM To: Struts Users Mailing List Subject: Re: security framework!!! Right, I get it. So you not only want the higher level user to take on the lower level user's role, you want them to have their complete ID or username etc. Tricky! I think alot depends on what kind of use you have for the user info. Is it purely roles that are important here? Or is there ownership too? I mean, one user can see his / her stuff, which is not accessible to another user of equal level? On 03/15/2004 03:39 AM David Friedman wrote: Jason, They might need to go into the account underneath them to fix something (if they are asked) and won't know the password (encrypted). The admin might need to fix something for a reseller's client made us look into (admin - reseller - client - manager - employee). I've had a few projects where someone 2 levels under asks for help from the level immediately above them. Then it goes up one and up again back to me. Rather than make interfaces for everyone for everything, I prefer the idea
action - delegate - facade
I've just been perusing the archive to check out what people have been saying about struts to EJB interfacing. One thing that occurs to me is that the only reason mentioned for having a business delegate layer between the Actions and the Session Facade is to allow for loose coupling of the struts-dependent code with the EJB dependent code. How necessary is that? If you choose to drop EJB and go with, say Hibernate, you would have to modify the interface, whether it is the Action - Facade interface or the Delegate - Facade interface. Or have I missed an important other reason for the existence of the Delegate layer? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: dtd validation of tld's
On 03/15/2004 12:52 AM hanasaki wrote: I am using whatever is in tomcat 4.1.24. Not sure what version of xerces that is or how to find out. Neither am I, I'm afraid. Perhaps someone can jump in with the answer. Funny thing is it worked some time ago. The project just came out of 5mo mothballs. Adam Hardy wrote: On 03/14/2004 08:59 PM hanasaki wrote: Any thoughts on why Tomcat would be giving an error saying: Digester error... SEVERE Parse error Document is invalid: no grammar found This is happening on all TLD's. They are JSTL and Struts. I am thinking it has something to do with the DTD specified in the TLD as an http:... and having only intermittent Internet connectivity. The need is to find away around this issue while still using xml validation and not modifying the TLD's from the downloaded distribution. Are you using xerces 2.6.1? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: security framework!!!
Right, I get it. So you not only want the higher level user to take on the lower level user's role, you want them to have their complete ID or username etc. Tricky! I think alot depends on what kind of use you have for the user info. Is it purely roles that are important here? Or is there ownership too? I mean, one user can see his / her stuff, which is not accessible to another user of equal level? On 03/15/2004 03:39 AM David Friedman wrote: Jason, They might need to go into the account underneath them to fix something (if they are asked) and won't know the password (encrypted). The admin might need to fix something for a reseller's client made us look into (admin - reseller - client - manager - employee). I've had a few projects where someone 2 levels under asks for help from the level immediately above them. Then it goes up one and up again back to me. Rather than make interfaces for everyone for everything, I prefer the idea of su'ing into the account to fix something. So, I might have to 'become' the reseller (I'm the admin), then become a client, then become a manager then become an employee to look at or fix something for them. Regards, David -Original Message- From: Jason Lea [mailto:[EMAIL PROTECTED] Sent: Sunday, March 14, 2004 6:49 PM To: Struts Users Mailing List Subject: Re: security framework!!! David Friedman wrote: I've also been looking into security frameworks and the only solutions I've really found are: 1. Standard (container) JAAS 2. SecurityFilter http://securityfilter.sourceforge.net 3. Pow2ACL http://pow2acl.sourceforge.net/ I was hoping, at some point, to use an SSL switching feature such as SSLext. From my research, Pow2ACL and SecurityFilter won't work that way. SecurityFilter has a note that certain 'elements' could be used for it but the current code makes no use of them in that manner. As for Pow2ACL, I didn't find anything suggesting how to use it in that way either. My bigger problem is my scenario, which no one supports. I'd like to allow manager accounts to become one of if it's sub-accounts. My system would support at least 5 levels where 4 could 'drill down' and back up again: admin, reseller, client, manager, employee (bottom feeder, no managerial tools and no popping into their accounts). Since there is no easily way to Trying to figure out what you are asking here can you give an example? If you have the following: 1. User Manfred is a manager 2. User Emily is an Employee 3. Emily is an employee under Manfred Are you saying that Manfred can become Emily and perform certain tasks/actions? Then Manfred would return to be Manfred the manager? push/pop or even set (then I could use my own internal stack) a UserPrincipal object, I'm thinking of using something a bit like SecurityFilter: wrap the request object with a subclass of HttpServeletRequestWrapper and add my own push/pop/set/get/count UserPrincipal object(s). Then, I could hook the login procedure with container methods (JAAS, i.e. a web browser login/password pop-up) and still be able to (when I'm ready) use SSLext or something like it for the HTTP/HTTPS switching. Regards, David -Original Message- From: Mailing List [mailto:[EMAIL PROTECTED] Sent: Saturday, March 13, 2004 6:19 AM To: [EMAIL PROTECTED] Subject: security framework!!! I'm developing a web application with struts.I had a problem for support security at jsp pages level for different roles.I send an email and recived 2 response to solve my problem: 1. with HTML tags. 2. 2.with define role in tiles definition but I'm searching for a good framework that be compatibled with struts framework and support the security for different roles at page levels. I mean for example if I have a jsp page with tow textfields and a submit deponds on user's role at the system,one user just can see one of the textfield and submit buttom and another user can see both of the textfield and submit buttom. Can you suggest a good framework for me. regards - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jason Lea - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: security framework!!!
On 03/15/2004 03:00 PM David Friedman wrote: I should have explained this a bit better. Each level is like a company or organization. It has it's own group of parties to maintain but can be managed by one or more managers. The managers share group responsibility. Only the user at the very bottom rung has an interface which only that user can use. What do you mean by that last sentence? Why can't a manager use that interface too? Surely it depends on roles? Everyone above it is some sort of manager for maintaining there shared group (separate from other resellers, or separate from other). admin--- reseller1 (admin1, admin2, admin3) -- customer1 customer2 customer3 reseller2 (admin4) - customer4 customer5 reseller3 (admin5, admin6) - customer6 reseller7 (admin7, admin8, admin9) - customer7 customer8 In the above tree, the customer(s) have a group of their own admins plus individual employees (who have no shared responsibilities). I know this sounds like I should use pow2acl but it doesn't seem to have anything for replacing the Principal so I could become a user, nor does it appear to have anything to let me hook SSLext into it to ensure good http/https lock-downs. Do you have any hints/suggestions for a better methodology/way? Regards, David -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 4:25 AM To: Struts Users Mailing List Subject: Re: security framework!!! Right, I get it. So you not only want the higher level user to take on the lower level user's role, you want them to have their complete ID or username etc. Tricky! I think alot depends on what kind of use you have for the user info. Is it purely roles that are important here? Or is there ownership too? I mean, one user can see his / her stuff, which is not accessible to another user of equal level? On 03/15/2004 03:39 AM David Friedman wrote: Jason, They might need to go into the account underneath them to fix something (if they are asked) and won't know the password (encrypted). The admin might need to fix something for a reseller's client made us look into (admin - reseller - client - manager - employee). I've had a few projects where someone 2 levels under asks for help from the level immediately above them. Then it goes up one and up again back to me. Rather than make interfaces for everyone for everything, I prefer the idea of su'ing into the account to fix something. So, I might have to 'become' the reseller (I'm the admin), then become a client, then become a manager then become an employee to look at or fix something for them. Regards, David -Original Message- From: Jason Lea [mailto:[EMAIL PROTECTED] Sent: Sunday, March 14, 2004 6:49 PM To: Struts Users Mailing List Subject: Re: security framework!!! David Friedman wrote: I've also been looking into security frameworks and the only solutions I've really found are: 1. Standard (container) JAAS 2. SecurityFilter http://securityfilter.sourceforge.net 3. Pow2ACL http://pow2acl.sourceforge.net/ I was hoping, at some point, to use an SSL switching feature such as SSLext. From my research, Pow2ACL and SecurityFilter won't work that way. SecurityFilter has a note that certain 'elements' could be used for it but the current code makes no use of them in that manner. As for Pow2ACL, I didn't find anything suggesting how to use it in that way either. My bigger problem is my scenario, which no one supports. I'd like to allow manager accounts to become one of if it's sub-accounts. My system would support at least 5 levels where 4 could 'drill down' and back up again: admin, reseller, client, manager, employee (bottom feeder, no managerial tools and no popping into their accounts). Since there is no easily way to Trying to figure out what you are asking here can you give an example? If you have the following: 1. User Manfred is a manager 2. User Emily is an Employee 3. Emily is an employee under Manfred Are you saying that Manfred can become Emily and perform certain tasks/actions? Then Manfred would return to be Manfred the manager? push/pop or even set (then I could use my own internal stack) a UserPrincipal object, I'm thinking of using something a bit like SecurityFilter: wrap the request object with a subclass of HttpServeletRequestWrapper and add my own push/pop/set/get/count UserPrincipal object(s). Then, I could hook the login procedure with container methods (JAAS, i.e. a web browser login/password pop-up) and still be able to (when I'm ready) use SSLext or something like it for the HTTP/HTTPS switching. Regards, David -Original Message- From: Mailing List [mailto:[EMAIL PROTECTED] Sent: Saturday, March 13, 2004 6:19 AM To: [EMAIL PROTECTED] Subject: security framework!!! I'm developing a web
Re: Checking if user has a valida session
Struts is rock solid - if something's going wrong, you can bet your bottom dollar it's something you've done. Doing it in your jsps is, as someone else said earlier, way too late. If you're not going to use container-managed security, which is sufficient for most needs, then put it in a filter. It's easy, central and maintenance-free. Better than updating all your JSPs. As for tags, I'm not sure about logic tags, I use c tags in JSTL. Setting form properties in the Action classes is standard practice. Adam On 03/13/2004 11:43 PM Theodosios Paschalidis wrote: Struts seems to be erratic! It first worked then with no changes it didn't! Something is going terribly wrong with how the server updates the classes... I believe the safest bet is to do it my jsp. -Could somebody please give an example of using the logic tag, to check for the presence of an attribute checking it's boolean property and forwarding to a page? -Also is it ok to set a Form property in the Action class? Forgive my basic question but I could not get it to work with a boolean property! Thank you for your time, Theo - Original Message - From: Robert Nocera [EMAIL PROTECTED] To: 'Struts Users Mailing List' [EMAIL PROTECTED] Sent: Saturday, March 13, 2004 5:34 PM Subject: RE: Checking if user has a valida session How about this: public boolean isUserAdmin(HttpServletRequest request) { //Check if the Admin is logged on if (isLogged(request)) { HttpSession session = request.getSession(); LogonForm user = (LogonForm) session.getAttribute(Constants.USER_KEY); return (user.isAdmin()); } else { return false; } -Original Message- From: Theodosios Paschalidis [mailto:[EMAIL PROTECTED] Sent: Saturday, March 13, 2004 11:42 AM To: Struts Users Mailing List Subject: Re: Checking if user has a valida session Hi all, I was just trying to figure out how to do that. (newbie) I have an app that has some pages available for all, some for logged in users and some for administrators. I prevent access to logged-only pages by a tags that hide the relevant functionality. I have now written an abstract BaseAction with 3 methods: isSessionValid, isLogged and isUserAdmin in order to implement Action based security. My problem is that I can still go to my .do or .jsp pages directly by typing in the URL. If I try to submit something instead of being forwarded to, say, LogOff, I get this error java.lang.NullPointerException at app.AbstActionBase.isUserAdmin(Unknown Source) at app.InsertItemAction.execute(Unknown Source) since my code checks based on a request that is not there! Any way to prevent this? Thank you for your time, Theo public boolean isSessionValid(HttpServletRequest request) { if (request == null) return (false); HttpSession session = request.getSession(); if (session == null) return(false); return true; } public boolean isLogged(HttpServletRequest request) { // Checked for a currently logged on user HttpSession session = request.getSession(); LogonForm user = (LogonForm) session.getAttribute(Constants.USER_KEY); return ((user == null) ? false : true); } public boolean isUserAdmin(HttpServletRequest request) { //Check if the Admin is logged on HttpSession session = request.getSession(); LogonForm user = (LogonForm) session.getAttribute(Constants.USER_KEY); return (user.isAdmin()); } - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 12, 2004 8:50 PM Subject: RE: Checking if user has a valida session There are different ways of implementing a secure site, and many variables involved. When you say you want to see if the session is valid, are you talking about name/password authentication, or some other session attribute? If the former, you can implement a standard J2EE security model in the web app deployment descriptor (web.xml), specifying which user roles can access which pages (such *.do), and exempting specified other resources (e.g. login.do). This will automatically prevent users from accessing pages without being authenticated first, and also enable you to configure session timeouts easily. It's also an easy, central, and standard method of configuring security, and fits in neatly with the roles-based configuration in the Struts config file. Your options would work as well, but wouldn't be very flexible or easy to manage, especially if you expect the application to get big. -Original Message- From: Joao Batistella [mailto:[EMAIL PROTECTED] Sent: Friday, March 12, 2004 2:55 PM To: 'Struts Users Mailing List' Subject: Checking if user has a valida session Hello. I have to check in my application if the user has a valid session in every page and, if not, redirect him to the login page. What is the best way of doing this? I see 3 options: 1. Put an include or tag in every page that checks this 2. Check this in my struts
Re: security framework!!!
On 03/13/2004 05:48 PM David Friedman wrote: My bigger problem is my scenario, which no one supports. I'd like to allow manager accounts to become one of if it's sub-accounts. My system would support at least 5 levels where 4 could 'drill down' and back up again: admin, reseller, client, manager, employee (bottom feeder, no managerial tools and no popping into their accounts). Since there is no easily way to push/pop or even set (then I could use my own internal stack) a UserPrincipal object, I'm thinking of using something a bit like SecurityFilter: I'm not sure why the standard container-managed security roles don't meet your requirements. You want a manager to be able to set himself to another role? Sounds like a design issue. Obviously the manager is also going to need to set himself back to his normal role again? I would use extra roles to allow changing roles. The manager can assign himself whatever standard role he likes depending on his 'extra' roles. This would change the info in your realm and he would have to log out and back in again. Or have I got the wrong end of the stick? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: html:cancel doesn't perform as advertised
The javascript will be output by the html:form tag and it stops javascript validation. The cancel button should look like this: input type=submit name=org.apache.struts.taglib.html.CANCEL value=Cancel onclick=bCancel=true; / The JSP should look like this: html:cancelCancel or whatever/html:cancel Adam On 03/14/2004 12:56 AM Dean A. Hoover wrote: I have an html:form with a html:submit and an html:cancel. According to the documentation for html:cancel: Pressing of this submit button causes the action servlet to bypass calling the associated form bean validate() method. I tried it and it did validation anyway. Then I looked at the generated HTML and I see: input type=submit name=method value=Next input type=submit name=method value=Cancel onclick=bCancel=true; The only difference I see is the onclick attribute. How is that supposed to do anything, given that that there isn't any javascript in the file. What am I missing here? Dean Hoover - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: html:cancel doesn't perform as advertised
Server-side validation is skipped by struts when it sees the org.apache.struts.taglib.html.CANCEL request param. On 03/14/2004 12:20 PM Dean A. Hoover wrote: What about the non-Javascript validation?... that's what I want to avoid. The whole Javascript validation thing is optional anyway and doesn't seem like the best way to implement it (because its optional). Dean Adam Hardy wrote: The javascript will be output by the html:form tag and it stops javascript validation. The cancel button should look like this: input type=submit name=org.apache.struts.taglib.html.CANCEL value=Cancel onclick=bCancel=true; / The JSP should look like this: html:cancelCancel or whatever/html:cancel Adam On 03/14/2004 12:56 AM Dean A. Hoover wrote: I have an html:form with a html:submit and an html:cancel. According to the documentation for html:cancel: Pressing of this submit button causes the action servlet to bypass calling the associated form bean validate() method. I tried it and it did validation anyway. Then I looked at the generated HTML and I see: input type=submit name=method value=Next input type=submit name=method value=Cancel onclick=bCancel=true; The only difference I see is the onclick attribute. How is that supposed to do anything, given that that there isn't any javascript in the file. What am I missing here? Dean Hoover - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: a security framework!
Support the JAAS framework? Directly? Don't you mean the container-managed security? On 03/14/2004 01:21 PM Mailing List wrote: Hi, As I fond the logic:present and logic:notPresent tags does support the JAAS frame work. They have an attribute called role. I have not mentioned that before! Surprising no one mentioned it. Why?! Is there some thing wrong with using this tag! Thanks -Original Message- From: Daniel Lipofsky [mailto:[EMAIL PROTECTED] Sent: Friday, March 12, 2004 2:37 AM To: Struts Users Mailing List Subject: RE: a security framework! I did something similar. I extended each struts HTML tag to take a rule and evaluate it in doStartTag. It then returns SKIP_BODY to hide it or super.doStartTag() to show it. Similarly doEndTag() returns EVAL_PAGE to hide it or super.doEndTag() to show it. I actually have 3 security levels and I call setDisabled() to disable the field if it is visible but not editable. It's not hard. - Dan -Original Message- From: Mailing List [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 8:17 PM To: [EMAIL PROTECTED] Subject: a security framework! Hi, I'm developing a web application with struts framework.I want to design some jsp pages that support security at pages level.The security that I want to be supported is that some components of each page can be shown for certain user.I mean that for each user deponds on his access to the system we can show some components of each page and does'nt show other components.Each user deponds on his type and access at the system just can see his own pages.can you offer a good framework for this goal that be compatible with struts framework. Regards - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: html:cancel doesn't perform as advertised
Hi Dean, I'm not sure what you're doing in your LookupDispatchAction, so I can't really say. I'm not too hot on DispatchActions. Isn't there a default? Or some other way that DispatchAction handles cancels? Adam On 03/14/2004 03:34 PM Dean A. Hoover wrote: Adam, OK, I get that part now... I mistakenly changed html:submit property=methodbean:message key=button.cancel//html:submit to html:cancel property=methodbean:message key=button.cancel//html:cancel which turns into input type=submit name=method value=Cancel onclick=bCancel=true; instead of what you showed me: input type=submit name=org.apache.struts.taglib.html.CANCEL value=Cancel onclick=bCancel=true; / That breaks another part now... I created a subclass of LookupDispatchAction to handle the various button presses. If the user clicks on the Cancel button I just want to take my cancel forward. What do I need to do to my Action to accomplish that? Dean Hoover Adam Hardy wrote: Server-side validation is skipped by struts when it sees the org.apache.struts.taglib.html.CANCEL request param. On 03/14/2004 12:20 PM Dean A. Hoover wrote: What about the non-Javascript validation?... that's what I want to avoid. The whole Javascript validation thing is optional anyway and doesn't seem like the best way to implement it (because its optional). Dean Adam Hardy wrote: The javascript will be output by the html:form tag and it stops javascript validation. The cancel button should look like this: input type=submit name=org.apache.struts.taglib.html.CANCEL value=Cancel onclick=bCancel=true; / The JSP should look like this: html:cancelCancel or whatever/html:cancel Adam On 03/14/2004 12:56 AM Dean A. Hoover wrote: I have an html:form with a html:submit and an html:cancel. According to the documentation for html:cancel: Pressing of this submit button causes the action servlet to bypass calling the associated form bean validate() method. I tried it and it did validation anyway. Then I looked at the generated HTML and I see: input type=submit name=method value=Next input type=submit name=method value=Cancel onclick=bCancel=true; The only difference I see is the onclick attribute. How is that supposed to do anything, given that that there isn't any javascript in the file. What am I missing here? Dean Hoover - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: security framework!!!
You mean you don't want to force the user to log out and back in again? I would have thought that was a reasonable demand since they are effectively changing their identity. Your HttpServletRequest wrapper sounds OK as a solution though. Adam On 03/14/2004 03:51 PM David Friedman wrote: Adam, I want to integrate everything with roles (for using actions and jsp tags) so I'm stuck, after container authentication, having a non-changeable Principal object within Tomcat: their Coyote HttpServletRequest wrapping class prevents the use of setUserPrincipal. All of my research on Tomcat (4 or 5) suggests a filter-based wrapper for the HttpServletRequest object is the only way to go to be able to set the UserPrincipal from within my action so I could replace the Principal (as the admin becomes the reseller becomes the customer becomes the manager becomes the user account, etc. and possibly backs out each level one by one). Can you suggest any other avenues or theories for me to investigate since my research has resulted in only that one workable solution? Hints appreciated. :) Regards, David -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Sunday, March 14, 2004 5:21 AM To: Struts Users Mailing List Subject: Re: security framework!!! On 03/13/2004 05:48 PM David Friedman wrote: My bigger problem is my scenario, which no one supports. I'd like to allow manager accounts to become one of if it's sub-accounts. My system would support at least 5 levels where 4 could 'drill down' and back up again: admin, reseller, client, manager, employee (bottom feeder, no managerial tools and no popping into their accounts). Since there is no easily way to push/pop or even set (then I could use my own internal stack) a UserPrincipal object, I'm thinking of using something a bit like SecurityFilter: I'm not sure why the standard container-managed security roles don't meet your requirements. You want a manager to be able to set himself to another role? Sounds like a design issue. Obviously the manager is also going to need to set himself back to his normal role again? I would use extra roles to allow changing roles. The manager can assign himself whatever standard role he likes depending on his 'extra' roles. This would change the info in your realm and he would have to log out and back in again. Or have I got the wrong end of the stick? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Checking if user has a valida session
Theo I would check in struts-examples in the struts installation. Adam On 03/14/2004 04:03 PM Theodosios Paschalidis wrote: Adam thank you for your reply. It is most likely Tomcat (4.1.24) that does not refresh (supposedly peaks up the updated classes) and I have to delete its temporary working folder every time. In terms of security, things did work when Tomcat used the latest classes. My application is quite small and it is not expected to go beyond small/medium. I have already implemented the Action based security and I only need JSP security in a couple of welcome pages. Since I must be finishing this quickly there is no time to look into a security framework. The logic tag is requirement in my case! Could somebody please provide an example of using the logic tag, to check for the presence of an attribute checking it's boolean property and forwarding to a page? Thanks again, Theo - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Sunday, March 14, 2004 10:11 AM Subject: Re: Checking if user has a valida session Struts is rock solid - if something's going wrong, you can bet your bottom dollar it's something you've done. Doing it in your jsps is, as someone else said earlier, way too late. If you're not going to use container-managed security, which is sufficient for most needs, then put it in a filter. It's easy, central and maintenance-free. Better than updating all your JSPs. As for tags, I'm not sure about logic tags, I use c tags in JSTL. Setting form properties in the Action classes is standard practice. Adam On 03/13/2004 11:43 PM Theodosios Paschalidis wrote: Struts seems to be erratic! It first worked then with no changes it didn't! Something is going terribly wrong with how the server updates the classes... I believe the safest bet is to do it my jsp. -Could somebody please give an example of using the logic tag, to check for the presence of an attribute checking it's boolean property and forwarding to a page? -Also is it ok to set a Form property in the Action class? Forgive my basic question but I could not get it to work with a boolean property! Thank you for your time, Theo - Original Message - From: Robert Nocera [EMAIL PROTECTED] To: 'Struts Users Mailing List' [EMAIL PROTECTED] Sent: Saturday, March 13, 2004 5:34 PM Subject: RE: Checking if user has a valida session How about this: public boolean isUserAdmin(HttpServletRequest request) { //Check if the Admin is logged on if (isLogged(request)) { HttpSession session = request.getSession(); LogonForm user = (LogonForm) session.getAttribute(Constants.USER_KEY); return (user.isAdmin()); } else { return false; } -Original Message- From: Theodosios Paschalidis [mailto:[EMAIL PROTECTED] Sent: Saturday, March 13, 2004 11:42 AM To: Struts Users Mailing List Subject: Re: Checking if user has a valida session Hi all, I was just trying to figure out how to do that. (newbie) I have an app that has some pages available for all, some for logged in users and some for administrators. I prevent access to logged-only pages by a tags that hide the relevant functionality. I have now written an abstract BaseAction with 3 methods: isSessionValid, isLogged and isUserAdmin in order to implement Action based security. My problem is that I can still go to my .do or .jsp pages directly by typing in the URL. If I try to submit something instead of being forwarded to, say, LogOff, I get this error java.lang.NullPointerException at app.AbstActionBase.isUserAdmin(Unknown Source) at app.InsertItemAction.execute(Unknown Source) since my code checks based on a request that is not there! Any way to prevent this? Thank you for your time, Theo public boolean isSessionValid(HttpServletRequest request) { if (request == null) return (false); HttpSession session = request.getSession(); if (session == null) return(false); return true; } public boolean isLogged(HttpServletRequest request) { // Checked for a currently logged on user HttpSession session = request.getSession(); LogonForm user = (LogonForm) session.getAttribute(Constants.USER_KEY); return ((user == null) ? false : true); } public boolean isUserAdmin(HttpServletRequest request) { //Check if the Admin is logged on HttpSession session = request.getSession(); LogonForm user = (LogonForm) session.getAttribute(Constants.USER_KEY); return (user.isAdmin()); } - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 12, 2004 8:50 PM Subject: RE: Checking if user has a valida session There are different ways of implementing a secure site, and many variables involved. When you say you want to see if the session is valid, are you talking about name/password authentication, or some other session attribute? If the former, you can implement a standard J2EE security model
Re: dtd validation of tld's
On 03/14/2004 08:59 PM hanasaki wrote: Any thoughts on why Tomcat would be giving an error saying: Digester error... SEVERE Parse error Document is invalid: no grammar found This is happening on all TLD's. They are JSTL and Struts. I am thinking it has something to do with the DTD specified in the TLD as an http:... and having only intermittent Internet connectivity. The need is to find away around this issue while still using xml validation and not modifying the TLD's from the downloaded distribution. Are you using xerces 2.6.1? -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
sslext http/https switching taglib and tiles
Is anybody using Tiles and the sslext taglib form link tags? I am thinking of using them with Tiles. Has this been implemented yet? I was wondering because I think it must be a fairly complicated algorithm to check whether a link URL or a form submit action needs HTTPS or not. I was also wondering whether sslext is going to be absorbed by the struts project? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Switching from HTTPS to HTTP
sslext works brilliantly with struts and container-managed security. Definitely what you want. You put attributes in your action mappings to tell it whether you want the action mapping under SSL or not. It handles the redirection to / from SSL. Adam On 03/12/2004 03:39 PM Mark Lowe wrote: You could use a filter which without knowing anything about it i imagine what sslext does. Better than hardcoding redirects. jstl may have something to force the scheme also. IMO doing it with mod_rewrite is easier because you any have to worry about your live deployment, but if you're using catalina as your webserver then I guess that you're going to have to configure that. On 12 Mar 2004, at 14:36, Joao Batistella wrote: But, I would like to find a way in Java, not in the web server because, for now, I'm using Tomcat web server. Can I just use a send redirect to a HTTP address?? Ex: sendRedirect(http://myserver/myapp/main.jsp;); -Original Message- From: Mark Lowe [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 12 de março de 2004 13:30 To: Struts Users Mailing List Subject: Re: Switching from HTTPS to HTTP There's some java thingy you can use to do this, sslext or something.. If you are using apache for your webserver you can use mod_rewrite which means less hassle configuring development envionments and such like. Here's an example. NameVirtualHost machinedomain.net:80 VirtualHost www.sparrow.com:80 DocumentRoot /www/www.sparrow.com SSLEngine off RewriteEngine on RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^\/checkout https://%{SERVER_NAME}%{REQUEST_FILENAME} [R,L] RewriteRule ^\/admin https://%{SERVER_NAME}%{REQUEST_FILENAME} [R,L] /VirtualHost Listen *:443 NameVirtualHost [i used the ip here]:443 VirtualHost www.sparrow.com:443 DocumentRoot /www/www.sparrow.com SSLEngine on RewriteEngine on RewriteCond %{SERVER_PORT} ^443$ RewriteRule !^(\/checkout)|(\/admin) http://%{SERVER_NAME}%{REQUEST_FILE NAME} [R,L] SSLCertificateFile /[apache home]/conf/ssl.crt/server.crt SSLCertificateKeyFile /[apache home]/conf/ssl.key/server.key SSLCACertificateFile /[apache home]/conf/ssl.crt/intermediate.ca /VirtualHost and requests containing /admin or /checkout will have https scheme forced those that are not wont. On 12 Mar 2004, at 13:59, Joao Batistella wrote: Hello! In my application the login page uses HTTPS to send username and password to the server. But after that, if login operation succeed, I want to send the user to the main application page using HTTP protocol, not HTTPS. How can I switch? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Use MessageResource in taglib
On 03/08/2004 08:35 AM Billy Ng wrote: Hi folks, I need to get a value from the properties file. I can easily do it in action subclass with the getResource().getMessage() and in jsp with the bean:message tag. However, how I can it in a taglib? MessageResources resources = (MessageResources) context.getAttribute(Globals.MESSAGES_KEY); String msg = resources.getMessage(my.key); Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Validator classes and validator-rules.xml
On 03/08/2004 12:02 PM Chris Searle wrote: I'm getting an odd exception: 2004-03-08 11:19:41,405 ERROR [org.apache.commons.validator.Validator] reflection: org.apache.struts.validator.FieldChecks.validateRequired(java.lang.Object, org.apache.commons.validator.ValidatorAction, org.apache.commons.validator.Field, org.apache.struts.action.ActionErrors, javax.servlet.http.HttpServletRequest) java.lang.NoSuchMethodException: org.apache.struts.validator.FieldChecks.validateRequired(java.lang.Object, org.apache.commons.validator.ValidatorAction, org.apache.commons.validator.Field, org.apache.struts.action.ActionErrors, javax.servlet.http.HttpServletRequest) at java.lang.Class.getMethod(Class.java:978) at org.apache.commons.validator.Validator.executeValidationMethod(Validator.java:501) at org.apache.commons.validator.Validator.validateFieldForRule(Validator.java:424) at org.apache.commons.validator.Validator.validateField(Validator.java:669) at org.apache.commons.validator.Validator.validate(Validator.java:745) at org.apache.struts.validator.DynaValidatorForm.validate(DynaValidatorForm.java:150) The parameter list shown in the NoSuchMethodException appears to match the validator-rules.xml file: validator name=required classname=org.apache.struts.validator.FieldChecks method=validateRequired methodParams=java.lang.Object, org.apache.commons.validator.ValidatorAction, org.apache.commons.validator.Field, org.apache.struts.action.ActionMessages, javax.servlet.http.HttpServletRequest msg=errors.required/ apart from the fourth parameter (ActionMessages vs ActionErrors) but this is probably OK since ActionErrors is a subclass of ActionMessages. This parameter list also matches the javadoc. NB: This is the Nightly Build binary download !!! I can't recall why - just that I had a bug in the stable build that was fixed in the nightly's. However - I've just changed from the old nightly to 20040306 (20040307 seems to be 163 bytes long) to test - and the same problem with validation occurs. I think I might have had this and found that changing to ActionMessages did solve it, even though it seems unnecessary. This was one of last week's builds. I don't think that reflection process takes inheritance into account. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: can struts generate strict XHTML
On 03/08/2004 02:12 PM Ruud Steeghs wrote: hi, Can Struts actually generate compliant valid XHTML 1.0 strict markup using the html:xhtml/ tag? If so, which version of Struts to use? (http://www.junlu.com/msg/22026.html, but hey, technologies may change so fast) Yes, I'm doing it. Can't remember when I started, but it definitely works on struts 1.1. There are a couple of issues to look out for, such as with tiles, where you use the tag you mention. In your main pages, use html:html xhtml=true Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tiles attributes problem
David, it's a bit difficult to know what's going on without seeing your action mapping which calls that .default definition. On 03/05/2004 10:08 PM David Erickson wrote: First the sample code: XML defintion: definition name=.default path=/tiles/layouts/base.jsp put name=header value=/tiles/header.jsp/ put name=menu value=.menu.main/ put name=body value=${body}/ put name=footer value=/tiles/footer.jsp/ put name=logon value=/tiles/logon.jsp/ put name=title value=CMC/FLEX Sales Web/ put name=messages value=/tiles/messages.jsp/ put name=path value={path}/ /definition my editUsers.jsp %@ taglib uri=struts-tiles.tld prefix=tiles % tiles:insert definition=.default controllerUrl=/admin/editUsers.do flush=true tiles:put name=path value=/admin/userManagement/ tiles:put name=menu value=.menu.prospect/ tiles:put name=body value=/WEB-INF/apps/admin/editUsers.jsp/ /tiles:insert Now here's the problem, my controller action basically prepares its view by doing some logic and placing things in the request etc. My editUsers.jsp (the body content one) relies on the tiles attribute path for links to other webpages. This is the crazy thing, if i set my TilesAction (editUsers.do) to return null as its actionForward somehow the tiles context does not get passed to my editUsers.jsp!! However if I DO return an actionForward its fine! What the heck is up with that? Having to return an actionForward defeats the purpose OF the tile does it not?? Any ideas? (PS the way I found out it works if I specify a forward was in my struts-config i set success as the forward to /WEB-INF/apps/admin/editUsers.jsp... but that obviously messed up my whole definition by not using anything but that content page) Thank in advance, David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where Do I Put This properties File (internationalization)
On 03/05/2004 05:16 AM Caroline Jen wrote: And mvnplugin_mvnforum_MVNForumConfig is a properties file. Please advice regarding the directory in which this properties file is supposed to be. It goes in the same place as your *.java code files. As you have it, there is no directory for it, so it would go in the root directory of your source code. If it was called mvnplugin.mvnforum.MVNForumConfig, then you would put it in your source code under the mnvplugin/mvnforum/ directory. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ConfigHelper.getActionMapping
On 03/05/2004 12:09 AM Adam Hardy wrote: But I just upgraded from struts 1.1 to 1.2, and I'm getting null action mapping returned for my URLs when I call ConfigHelper.getActionMapping(url). Hmm. Just looked at the source code. The method has only one line in it: return null; - which would explain why it returns null ;) Just in case anyone was wondering. A bit of javadoc would have saved me a bit of time. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Validator doubt
On 03/05/2004 12:33 PM MOHAN RADHAKRISHNAN wrote: field property=cocNumber depends=integer msg name=integer key=error.coc.check/ arg0 key=label.coc.incident/ /field So if I input a value that is not a integer in this particular field I should see a message specified by msg name=integer key=error.coc.check/ Why are specifying a different msg key? There is a default one already 'errors.integer', if you have put it in your ApplicationResources. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
URL validation - anyone using it?
I'm looking at providing URL validation on a page which saves links for users. I put together the latest build of commons-validator (1.1.2) and struts (1.2) to see what the URL validation is like. The class for server-side validation is in place, but the javascript doesn't exist. It works very strictly, too strictly for me. Most users will want to save links such as http://www.google.com http://jakarta.apache.org/ http://marc.theaimsgroup.com/?l=struts-userm=105511005106573w=2 none of which pass the urlValidator test. Only this format works: http://authority.com/filename I can put UrlValidator.java in my source code and modify it for my purposes, but I would like to know if there is anyone else interested or even actively working on this? Perhaps I should post this to the struts-dev list. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSF RI Final is out!
How steep's the learning curve on JSF? Is it as big as it is for struts? On 03/04/2004 11:39 AM Christian Bollmeyer wrote: If 'less than 24hrs' counts as new, then it probably is. HTH, -- Chris. - Original Message - From: Jitender Kumar C [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 11:00 AM Subject: RE: JSF RI Final is out! Just a small doubt... Is this a new release? sorry if I put a wrong query... -Original Message- From: Christian Bollmeyer [mailto:[EMAIL PROTECTED] Sent: Thursday, March 04, 2004 3:15 PM To: Struts Users Mailing List Subject: JSF RI Final is out! http://java.sun.com/j2ee/javaserverfaces/download.html -- Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
validator-rules.xml
Where can I get the latest validator-rules.xml from? I looked for it on jakarta-struts website and jakarta-commons, but can't find it. Even checked the archives before coming here to make myself look foolish. Obviously I am assuming that this is a standard part of the code base - or is it? I need the latest javascript for the validate-url rule, that's why. But then it occurred to me that it might be the same as struts-config.xml, i.e. roll-your-own. Thanks Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: validator-rules.xml
OK, well I can't find the validator-rules.xml anywhere else, so I guess I'll have to download the struts 1.2 binary! I was looking through the validator's urlValidator class and it's pretty complicated with lots of perl-based pattern matching, so I'm not surprised there's no javascript equivalent (yet... hopefully) Thanks for the pointers. Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Form based authentication in tomcat with struts
On 03/04/2004 09:28 PM Edd Dawson wrote: Now what i want to be able to do is have my servlet automatically log them in as the register without the need for them to be redirected to the login-form and re-enter their username and password. I am presuming this is possible as i log my users out by invoking request.getSession().invalidate(); in my logoff servlet, so my question is how do i create their session without using the default login form? There's nothing built-in to allow this in the servlet spec or in tomcat. Sorry. I've heard of it being done, but not by any nice or easy methods. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ConfigHelper.getActionMapping
I'm creating an ActionForm for my request under certain circumstances in a filter, because if I do a redirect in the filter, I want to save the original request parameters in the correct actionform and stick it in the session for later. But I just upgraded from struts 1.1 to 1.2, and I'm getting null action mapping returned for my URLs when I call ConfigHelper.getActionMapping(url). Is what I'm doing for some reason now not struts compatible? I'm going to check out the source code, but if anyone knows immediately, you could save me some time. Thanks Adam PS Here's the way I'm doing it in the filter: HttpSession session = request.getSession(); ServletContext context = session.getServletContext(); ModuleUtils moduleUtils = ModuleUtils.getInstance(); ModuleConfig moduleConfig = moduleUtils.getModuleConfig(request, context); ActionConfig actionConfig = moduleConfig.findActionConfig(requestedUrl); ConfigHelper helper = new ConfigHelper(context, request, response); int posFileExt = requestedUrl.lastIndexOf(.); String strippedUrl = requestedUrl.substring(0, posFileExt); ActionMapping actionMapping = helper.getActionMapping(strippedUrl); ActionServlet actionServlet = (ActionServlet) context.getAttribute(Globals.ACTION_SERVLET_KEY); logger.info(getting form for ' + strippedUrl + ', + actionMapping== + actionMapping); ActionForm form = RequestUtils.createActionForm(request, actionMapping, moduleConfig, actionServlet); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tiles problem
Jim, sounds like you haven't realised that tiles attributes are not given global scope. You have to explicitly useAttribute each time. That includes when you nest a child tile - you must useAttribute on it first, and then have it put again in-between the inserts for the child. On 03/02/2004 10:15 PM Anderson, James H [IT] wrote: There's something I'm not understanding :-( I've got the following tiles definitions. definition name=.mainLayout path=/tiles/layouts/mainLayout1.jsp put name=header value=/tiles/header.jsp/ put name=footer value=/tiles/footer.jsp/ put name=content value=${content}/ variable for substitution /definition definition name=.portfolioLayout path=/tiles/layouts/portfolioLayout.jsp put name =marketdata value=.marketdata/ put name =userinput value=.userinput/ put name =dataview value=/tiles/dataview.jsp/ /definition definition name=.marketdata path=/tiles/layouts/marketdataLayout.jsp put name =quotes value=/tiles/quotes.jsp/ put name =smithbarneyresearch value=/tiles/research.jsp/ put name =marketwatch value=/tiles/marketwatch.jsp/ /definition definition name=.userinput path=/tiles/layouts/userinputLayout.jsp put name =accountview value=/tiles/accountview.jsp/ put name =app-specific value=${app-specific}/ variable for substitution /definition and I want to create a new tile, substituting values for both variable: definition name=.activity.detail extends=.mainLayout put name=content value=.portfolioLayout/ put name=app-specific value=/tiles/activityinfo.jsp/ /definition But this doesn't work! The content variable is replaced as expected, but the app-specific variable is ignored and doesn't show up at all. It looks like the only tile for which variable substitution is supported is the one that's specified in the extends attribute--not in any nested tile. Surely there must be a way to get around this... jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Life, the Universe and Everything (was: RE: [OT] RE: Memory usage)
I just found that mozilla had put this complete thread in my spam folder. Obviously mozilla's opinion on the content. I found it interesting though. Since we're talking about the quality of mailing lists, does anybody know which the best JBoss list is? The forum and associated mailing list at www.jboss.org is not up to the standard I'm used to at Jakarta. In fact, I'm wondering whether there is an alternative at all actually. Thanks Adam On 03/02/2004 04:46 AM Andrew Hill wrote: Ive found the best way to avoid those kind of morons is to work at small companies where any deadwood has nowhere to hide and is quickly pruned :-) Our tech leads really know their stuff here. -Original Message- From: Chappell, Simon P [mailto:[EMAIL PROTECTED] Sent: Tuesday, 2 March 2004 06:28 To: Struts Users Mailing List Subject: Life, the Universe and Everything (was: RE: [OT] RE: Memory usage) While the original flame war was less helpful, the question that has emerged from it's ashes is a good one. I don't claim to have all the answers, but I can offer some personal observations. Feel free to disagree. 1. You can do nothing about those who choose not to learn. I've tried changing them and it doesn't work. I consider this a basic fact. 2. You have a great deal of control over your ability to learn. If you aren't big time into learning, then I recommend catching some enthusiasm for it. 3. There will be always be good and bad tech leads. I am a tech lead; I try to be a good one. I can put a String to standard out or standard error! ;-) 4. I had the same frustrations that you have. I made the decision that the best way to restore the balance of good in the universe, was to try to become the kind of tech lead that I would have wanted when I was a newbie/humble grunt. I teach a class on learning Java one lunchtime a week and try to bestow a little wisdom and encouragement whenever I can. I am a Java mentor here and I lead a study group of us that are seeking our Java Certification. 5. No one reads documentation. This is a fact. Learn what is drop dead fired and escorted from the building important and then try to auto-generate it. :-) 6. Leadership is a rare commodity. There's a lot of management out there, but precious little leadership. Again, deal with it. Become a leader and just do what needs to be done. This is what I have tended to do. The ol' saying about it's easier to ask forgiveness than permission is very true (except I sometimes forget to ask for forgiveness! :-) 7. Black team? How 90's, Our team wears Hawaiian shirts! (Honest. :-) Simon -Original Message- From: P K [mailto:[EMAIL PROTECTED] Sent: Monday, March 01, 2004 3:58 PM To: [EMAIL PROTECTED] Subject: RE: [OT] RE: Memory usage Sorry to continue on this topic. I've learnt a great deal of non struts stuff on this list and this only adds to it. I've been bothered (mostly in my mind) with questions about peoples capabilities and desires when it comes to work. Viru, this original poster of the question on Memory Usage clearly has a desire to learn, but what about people who don't? How do you deal with them? I currently work with a Tech Lead who wouldn't be able to output a String to standard out if asked to write a program. I don't care about her taking credit for the work that we do. She doesn't provide any leadership whatsoever to the project except produce paper that no one bothers to read. Have you guys come across situations like this? What have you done about it? Don't get me wrong - I am not prone to complaining nor do I think I am a member of the elite 'Black Team'. Quoting Dhaliwal, Pritpal (HQP) [EMAIL PROTECTED]: +1 I agree with everyone who has responded. We should not clutter this very friendly mailing list with things that don't belong here, that includes not so nice responses. I haven't been on many, but this is by far my favorite list, even though I am mainly a spectator. I lashed out because this question clearly didn't belong here. If the person had followed anything in http://www.catb.org/~esr/faqs/smart-questions.html, it must that they were polite. They certainly didn't do much investigation outside on the internet. The little bit of unfriendliness, I dunno why it came out. Unprofessional, it shouldn't have came out. Even questions that don't belong here deserve to be treated with respect. That is the single most obvious characteristic of STRUTS-USER that is distinctive (even though it has lots of other good qualities). Unfortunately, you decided to unload on a poster in a manner that is decidedly out of the norm for STRUTS-USER. Your response is the kind of behavior that creates problems for the perception of open source projects as being friendly to users or not. If you think the topic is totally out of scope for STRUTS-USER, then you should either (a) answer the question anyway but point people to where they should really be asking; (b) *gently* encourage the user to
Re: How do I access Message Resources in an Action?
I could send you off to look at the Javadoc, but sometimes working stuff out painstaking. Here's what I do: MessageResources resources = (MessageResources) context.getAttribute(Globals.MESSAGES_KEY); String msg = resources.getMessage(my.key); Globals.MESSAGES_KEY is the default. If you set up other bundles, just change it appropriately. context is the page context - I took this from a taglib - you'd have to convert it to the servlet context I presume. Adam On 03/02/2004 01:37 PM [EMAIL PROTECTED] wrote: Hey everybody! Well the subject basically states my problem already. I'd like to create a dynamical Navigation Bar that holds some pages you visited last. Therefore I'd like to add Name, Link and Parameters to a Collection for later printing. Problem is that the Name needs to come from the Message Resources, and I don't know how to access those in an Action. Can somebody help me?! Thx! P.S.: Can you guys access http://java.sun.com http://java.sun.com ??! Either my company's net is broken or the page is really down. ___ Tim Adler, Abt. SDA1 Adress Management Solutions AZ | Direct Carl-Bertelsmann Straße 161s D-33311 Gütersloh Tel.: 05241/ 80 - 89574 [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Semi-OT: Saving state when using EJB Session Beans and Struts
It's difficult to know what scenario you are talking about here. I assume you mean to cache the EJBs in the user's servlet session, so you will have several remote EJBs in there depending on how many different actions the user has accessed. It sounds like you need to do this to allow transaction management across a group of data operations? I would not do it by caching the EJBs at all, or having stateful session beans. I would keep my actionformbean in the user's servlet session instead, accumulating the data over several http requests and then marshall the whole collection of data across to the EJB session in one. Struts is good at that. I expect you'd give yourself more headaches than it's worth, trying to collect the user's session data in the EJB layer. It sounds like you are writing a web interface for an already existing client-server app. On 03/02/2004 03:42 PM Smith, Darrin wrote: Thanks for the reply! That is kind of what is going on already. The Action's act as the local Java class talked about in the Business Delegate Pattern that create and cache the Stateful Session Bean (a different one per Action). They (the Actions) then use the Session Bean's business logic. This is done in a standard way though where each Session Bean will implement an interface that is common to all of the other Session Beans in the application. This way each action simply calls a factory and based on the way the factory is called, a Stateful Session Bean for that type of action is returned, then cached in the Action. All actions then can make the submit(...), inspect(...), etc. calls common to all types of Session Beans (but performed differently by each one). The question is though, for these actions, shouldn't they keep session state that will match the Stateful Session Beans? Typically, I know you want have your Model hold Session state while your client holds request state, but in this case, where the Action needs to remember the cached Session Bean, doesn't it seem to make sense to mark the Action as session scope in the struts config file as well? -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Monday, March 01, 2004 5:35 PM To: Struts Users Mailing List Subject: Re: Semi-OT: Saving state when using EJB Session Beans and Struts On 03/01/2004 05:47 PM Smith, Darrin wrote: In short, the Actions will be calling various Stateful Session Beans to do the actual work. These are used for various reasons with the main one being their built-in transaction support (online orders...need to be either done...or not done). How should state be handled and at what level (page...request...session...) in the upstream struts portion? Hmmm. Thought someone more knowledgeable would answer this, and was waiting with interest myself. Oh well. Without too much experience with EJBs myself, I can say a couple of things: the gurus say 'use the business delegate pattern with an EJB session facade'. Secondly, it depends heavily on what your stateful session beans are holding as state. Care to name something? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OT - java.sun.com is not accecsible
On 03/02/2004 10:08 PM Wendy Smoak wrote: Karuna wrote: Does anybody noticed and know why java.sun.com is not accessible today? http://java.sun.com works fine for me, however you might want to try http://192.18.97.175. Someone posted to cljp that the server changed IP addresses and the DNS change hasn't propagated all the way through yet. I was able to get 1.5.0 Beta 1 from there with no problems. read that they've just released the jdk 1.5 preview and the traffic is slowing everything down. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Semi-OT: Saving state when using EJB Session Beans and Struts
OK, go for it then. I think the only thing to be really concerned about is memory availability. If you're storing stuff in the user's session and maintaining SSBs, memory usage might build up quickly. Plus, depending on how critical your application is, you might have to worry about failure wiping out your SSBs before they're done. If you had stateless SBs, it wouldn't be a problem with fail-over support and a web farm :) On 03/02/2004 08:58 PM Smith, Darrin wrote: Currently the design is to cache the instances of the Stateful Session beans, and do that in the Actions themselves. One SSB per Action. The reason for the SSB is primarily for the transaction support (online ordering) but also because addition EJB use will be needed in the future anyway (interfacing with an existing system that will eventually use Message Driven Beans to communicate...using simply JDBC to populate a posting table now). You are correct in that the web interface is for an existing application (the one that will eventually talk through a message queue...but today only works with posting tables...another reason why transaction support is a good thing). I guess it might make sense to keep the intermediate information (the lists that can be ordered, the patients the items can be order for, etc.) in the servlet's session as you say. The SSB's though would still be used though to get the intermediate data to be passed back and held in the servlet. Example...the user needs to get a list of patients that the order will be applied to. The RetrievePatientsAction gets invoked, and it in turn creates a SSB (if one isn't already cached) to perform the actual business logic needed to do this step. Using that data, a JSP is created and the user selects a patient, and then requests a list of items applicable to that patient. Then the request to retrieve that information is passed in and a similar process occurs to the one above. Finally, all of the information is available, and an order is place that goes through a similar process. This is a semi-contrived example of course but it is an example of what the thinking is. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 12:21 PM To: Struts Users Mailing List Subject: Re: Semi-OT: Saving state when using EJB Session Beans and Struts It's difficult to know what scenario you are talking about here. I assume you mean to cache the EJBs in the user's servlet session, so you will have several remote EJBs in there depending on how many different actions the user has accessed. It sounds like you need to do this to allow transaction management across a group of data operations? I would not do it by caching the EJBs at all, or having stateful session beans. I would keep my actionformbean in the user's servlet session instead, accumulating the data over several http requests and then marshall the whole collection of data across to the EJB session in one. Struts is good at that. I expect you'd give yourself more headaches than it's worth, trying to collect the user's session data in the EJB layer. It sounds like you are writing a web interface for an already existing client-server app. On 03/02/2004 03:42 PM Smith, Darrin wrote: Thanks for the reply! That is kind of what is going on already. The Action's act as the local Java class talked about in the Business Delegate Pattern that create and cache the Stateful Session Bean (a different one per Action). They (the Actions) then use the Session Bean's business logic. This is done in a standard way though where each Session Bean will implement an interface that is common to all of the other Session Beans in the application. This way each action simply calls a factory and based on the way the factory is called, a Stateful Session Bean for that type of action is returned, then cached in the Action. All actions then can make the submit(...), inspect(...), etc. calls common to all types of Session Beans (but performed differently by each one). The question is though, for these actions, shouldn't they keep session state that will match the Stateful Session Beans? Typically, I know you want have your Model hold Session state while your client holds request state, but in this case, where the Action needs to remember the cached Session Bean, doesn't it seem to make sense to mark the Action as session scope in the struts config file as well? -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Monday, March 01, 2004 5:35 PM To: Struts Users Mailing List Subject: Re: Semi-OT: Saving state when using EJB Session Beans and Struts On 03/01/2004 05:47 PM Smith, Darrin wrote: In short, the Actions will be calling various Stateful Session Beans to do the actual work. These are used for various reasons with the main one being their built-in transaction support (online orders...need to be either done...or not done). How should state be handled and at what level (page
Re: Problems with UTF-8 and forms
On 03/01/2004 12:29 AM Jon Bohm wrote: BUT if I rewrite my custombean's getValue method it all works fine (except for swedish uppercase letters): public String getValue() { return new String( value.getBytes(), UTF-8); } Still shouldn't be necessary. Apache Tomcat/5.0.12 Java 1.4.2_01-b06 Struts 1.1 (I think - how do I check?) Windows XP (I know, I'm a Linuxdude gone bad) Open up struts.jar in winzip or something and view META-INF/MANIFEST.mf - check implementation-version. So what does the debugging say at the end of your JSPs? Is your response UTF-8 or iso- encoded? I bet it says the page content-type is still iso-8859. How are you setting your struts controller parameter (in struts-config.xml): set-property property=contentType value=text/html; charset=UTF-8/ Do you have any locale-encoding-mapping-list in your web.xml? You don't need it with UTF-8. You also don't need to specify it in any jsp-property-group since the struts controller will handle it. http://www.anassina.com/struts/i18n/i18n.html Good link, but getting a little out-of-date now. You have a better one? :) I wish! If you get this solved, we can condense this thread and post it in the struts wikki. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: multipart-request / file upload problem
I'm going to put this another way: what's the secret with file upload requests? I can't see my file parameter in the request parameters when I submit the form with the multipart-request. Adam On 02/29/2004 07:05 PM Adam Hardy wrote: I use the Commons multipart request handler stuff to set up a DynaActionForm properly for my file upload so: form-bean name=linklibImportForm type=org.apache.struts.validator.DynaValidatorActionForm form-property name=bookmarksFile type=org.apache.struts.upload.CommonsMultipartRequestHandler$CommonsFormFile/ /form-bean which works fine, but in some circumstances I want to manually create this form, grab the file and save the DynaActionForm (in a filter). Like so: ActionForm form = RequestUtils.createActionForm(request, actionMapping, moduleConfig, actionServlet); form.reset(actionMapping, request); BeanUtils.populate(form, request.getParameterMap()); But it isn't working. My file comes back as null. Anyone know why or have a solution? -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tiles - smth like addToList?
On 03/01/2004 02:37 PM Axel Gross wrote: I see the need for extending the entries of a putList without overriding the entries in the super definition. Example: definition name=.head.common path=htmlHead.jsp putList name=httpEquiv item value=pragma link=no-cache / item value=cache-control link=no-cache / item value=expires link=0 / /putList /definition definition name=.head.project extends=.head.common putList name=httpEquiv item value=expires link=1 / item value=description link=tiles definition extension example / /putList /definition so usually this would replace the list in .head.common with the one in .head.project desired behaviour would be to just add the new entries (description) and overwrite those which are already present (expires). Axel, this is the behaviour that I use already. I don't know how you manage to replace the list. My definitions inherit the list and its contents. (I am not sure about replacement). Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tiles - smth like addToList?
On 03/01/2004 06:12 PM Axel Groß wrote: On 2004-03-01 at 17:53:30 +0100, Adam Hardy wrote: I see the need for extending the entries of a putList without overriding the entries in the super definition. Example: definition name=.head.common path=htmlHead.jsp putList name=httpEquiv item value=pragma link=no-cache / item value=cache-control link=no-cache / item value=expires link=0 / /putList /definition definition name=.head.project extends=.head.common putList name=httpEquiv item value=expires link=1 / item value=description link=tiles definition extension example / /putList /definition so usually this would replace the list in .head.common with the one in .head.project desired behaviour would be to just add the new entries (description) and overwrite those which are already present (expires). this is the behaviour that I use already. I don't know how you manage to replace the list. so you would actually get for .head.project the pragma and cache-control values? I'd be really surprised.. (i don't get them) My definitions inherit the list and its contents. (I am not sure about replacement). mine do too. So for clarification: what happens if you do putList on a name you already did a putList in the superdefinition? Ah. I spoke too soon. Sorry. I do name the lists seperate names - that's why. I name blah1, blah2, blah3. So you're right, it would be good to be able to inherit and add to the same name. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: multipart-request / file upload problem
Thanks for the expos. :) So it's worse than I feared! Well, I shall just come up with a convincing error message in those situations where I would have needed it, rather than try to force a square peg somewhere it doesn't want to go. Adam On 03/01/2004 08:23 PM Martin Cooper wrote: I'm going to put this another way: what's the secret with file upload requests? I can't see my file parameter in the request parameters when I submit the form with the multipart-request. Ah, if I told you that, it wouldn't be a secret any more, now would it? ;-) The biggest difference with multipart requests is that the request is wrapped by Struts, so when you invoke a method on the request object, you are actually invoking a method on the MultipartRequestWrapper class. This is necessary so that calls to, for example, getParameter() go to Struts, which parsed your request, rather than the container, which didn't. In the code fragment below, I see you are invoking getParameterMap(). Note that this is a Servlet 2.3 method. Since Struts 1.x is built for Servlet 2.2, that method is not implemented, and simply returns null. Actually, there isn't a way to get the file items from the request itself, since it doesn't have them. They're stored in the multipart request handler itself. So, you would get the set of uploaded file items like this: Hashtable fileItems = formBean.getMultipartRequestHandler().getFileElements(); I'll be the first to admit that the current multipart implementation is a little, um, arcane (not that I invented it ;). The plan is to completely rewrite it for Struts 2.x, when we get there. Hope this helps. -- Martin Cooper Adam On 02/29/2004 07:05 PM Adam Hardy wrote: I use the Commons multipart request handler stuff to set up a DynaActionForm properly for my file upload so: form-bean name=linklibImportForm type=org.apache.struts.validator.DynaValidatorActionForm form-property name=bookmarksFile type=org.apache.struts.upload.CommonsMultipartRequestHandler$CommonsFormFil e/ /form-bean which works fine, but in some circumstances I want to manually create this form, grab the file and save the DynaActionForm (in a filter). Like so: ActionForm form = RequestUtils.createActionForm(request, actionMapping, moduleConfig, actionServlet); form.reset(actionMapping, request); BeanUtils.populate(form, request.getParameterMap()); But it isn't working. My file comes back as null. Anyone know why or have a solution? -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Semi-OT: Saving state when using EJB Session Beans and Struts
On 03/01/2004 05:47 PM Smith, Darrin wrote: In short, the Actions will be calling various Stateful Session Beans to do the actual work. These are used for various reasons with the main one being their built-in transaction support (online orders...need to be either done...or not done). How should state be handled and at what level (page...request...session...) in the upstream struts portion? Hmmm. Thought someone more knowledgeable would answer this, and was waiting with interest myself. Oh well. Without too much experience with EJBs myself, I can say a couple of things: the gurus say 'use the business delegate pattern with an EJB session facade'. Secondly, it depends heavily on what your stateful session beans are holding as state. Care to name something? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems with UTF-8 and forms
On 02/28/2004 11:37 PM Jon Bohm wrote: Hello, I'm using Aaron Rustads SetCharacterEncodingFilter-filter for Struts but with mixed results (see link below). * All my Resource-, JSP- and Java-files are saved in UTF-8 format. Hi Jon, do you mean you have to use a UTF-8 editor to edit the files? This doesnt sound right. I have not done this yet for my app, but it's on the list to do: for your Resource files, for UTF-8, you should write them in UTF-8 and then convert them to ascii using native2ascii, a Java app that comes with the Java SDK. I think your JSPs and Java files should be uncoded for the character set. First problem: Posted data from a web form is sent as UTF-8, which is great - the filter works! But if I want to print the form bean values in another JSP-page with the bean:write tag, the bean property must return 'new String(oldString.getBytes(), UTF-8)' for it to work. Am I doing something wrong here?` Probably related to the issue above. That conversion shouldn't be necessary when using the filter. Second problem: Swedish letters Auml; Ouml; and Aring; are not compatible with UTF-8? These characters A (with two dots), A (with a circle) and O (with two dots) never work, which is the opposite from their lowercase counterparts which works fine. You don't mention what version of tomcat you are using. It is also affected by JSTL if you use that. A good debugging help is to put something like this at the end of your JSP: out.print(divlocale: + session.getAttribute(org.apache.struts.Globals.LOCALE_KEY) + /div); out.print(divrequest character encoding= + request.getCharacterEncoding() + /div); out.print(divresponse character encoding= + response.getCharacterEncoding() + /div); http://www.anassina.com/struts/i18n/i18n.html Good link, but getting a little out-of-date now. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Breadcrumbs
Jason, it just occurred to me (must have had my eyes shut) after a couple of weeks that the last breadcrumb in the breadcrumb menu done with your tiles method is actually a link to the page that you are already on. Is this the way you have implemented it, or have I done it wrong? Adam On 02/23/2004 11:27 PM Jason Lea wrote: Andy Engle wrote: Hi all, Is there any slick way of putting breadcrumbs into a web app with Struts? If so, what's the preferred way? Thanks. Andy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I did this using tiles. I have my tiles extending a base layout, then each sub-menu item extends the parent tile definition eg (first level) definition name=.main.admin extends=.layout ... /definition (second level) definition name=.main.admin.workflow.list extends=.main.admin ... /definition Now, for breadcrumbs I would define breadcrumb0 in the first level. As the second level extends the first, breadcrumb0 will be included. In the second level I define breadcrumb1 eg definition name=.main.admin extends=.layout put name=title value=admin.title / put name=body value=/WEB-INF/jsp/tiles/admin/admin.jsp / putList name=breadcrumb0 item value=admin.menu link=admin tooltip=admin.title classtype=org.apache.struts.tiles.beans.SimpleMenuItem / /putList /definition definition name=.main.admin.workflow.list extends=.main.admin put name=title value=workflow.list.title / put name=body value=/WEB-INF/jsp/tiles/admin/workflow/list.jsp / putList name=breadcrumb1 item value=workflow.menu link=workflowlist tooltip=workflow.title classtype=org.apache.struts.tiles.beans.SimpleMenuItem / /putList /definition I had originally wanted to just to be able to add an item to the breadcrumb list, but that is not possible in xml. In my layout.jsp page I then use tiles:useAttribute name=breadcrumb0 ignore=true / tiles:useAttribute name=breadcrumb1 ignore=true / tiles:useAttribute name=breadcrumb2 ignore=true / !-- breadcrumbs -- div class=breadcrumbs span class=breadcrumb mainnavitemhtml:link forward=homepage titleKey=homepage.titlebean:message key=homepage.menu //html:link/span /c:forEach c:forEach items=${breadcrumb0} var=crumb span class=breadcrumb mainnavitembean:message key=breadcrumb.separator / html:link forward=${crumb.link} titleKey=${crumb.tooltip}bean:message key=${crumb.value} //html:link/span /c:forEach c:forEach items=${breadcrumb1} var=crumb span class=breadcrumb mainnavitembean:message key=breadcrumb.separator / html:link forward=${crumb.link} titleKey=${crumb.tooltip}bean:message key=${crumb.value} //html:link/span /c:forEach c:forEach items=${breadcrumb2} var=crumb span class=breadcrumb mainnavitembean:message key=breadcrumb.separator / html:link forward=${crumb.link} titleKey=${crumb.tooltip}bean:message key=${crumb.value} //html:link/span /c:forEach /div !-- end breadcrumbs -- Hope that make somes sort of sense. If not ask me a question and I will try to explain better. -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems with UTF-8 and forms
You can also set the struts controller to automatically set every response to UTF-8. On 02/29/2004 02:19 PM Adam Hardy wrote: On 02/28/2004 11:37 PM Jon Bohm wrote: Hello, I'm using Aaron Rustads SetCharacterEncodingFilter-filter for Struts but with mixed results (see link below). * All my Resource-, JSP- and Java-files are saved in UTF-8 format. Hi Jon, do you mean you have to use a UTF-8 editor to edit the files? This doesnt sound right. I have not done this yet for my app, but it's on the list to do: for your Resource files, for UTF-8, you should write them in UTF-8 and then convert them to ascii using native2ascii, a Java app that comes with the Java SDK. I think your JSPs and Java files should be uncoded for the character set. First problem: Posted data from a web form is sent as UTF-8, which is great - the filter works! But if I want to print the form bean values in another JSP-page with the bean:write tag, the bean property must return 'new String(oldString.getBytes(), UTF-8)' for it to work. Am I doing something wrong here?` Probably related to the issue above. That conversion shouldn't be necessary when using the filter. Second problem: Swedish letters Auml; Ouml; and Aring; are not compatible with UTF-8? These characters A (with two dots), A (with a circle) and O (with two dots) never work, which is the opposite from their lowercase counterparts which works fine. You don't mention what version of tomcat you are using. It is also affected by JSTL if you use that. A good debugging help is to put something like this at the end of your JSP: out.print(divlocale: + session.getAttribute(org.apache.struts.Globals.LOCALE_KEY) + /div); out.print(divrequest character encoding= + request.getCharacterEncoding() + /div); out.print(divresponse character encoding= + response.getCharacterEncoding() + /div); http://www.anassina.com/struts/i18n/i18n.html Good link, but getting a little out-of-date now. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
multipart-request / file upload problem
I use the Commons multipart request handler stuff to set up a DynaActionForm properly for my file upload so: form-bean name=linklibImportForm type=org.apache.struts.validator.DynaValidatorActionForm form-property name=bookmarksFile type=org.apache.struts.upload.CommonsMultipartRequestHandler$CommonsFormFile/ /form-bean which works fine, but in some circumstances I want to manually create this form, grab the file and save the DynaActionForm (in a filter). Like so: ActionForm form = RequestUtils.createActionForm(request, actionMapping, moduleConfig, actionServlet); form.reset(actionMapping, request); BeanUtils.populate(form, request.getParameterMap()); But it isn't working. My file comes back as null. Anyone know why or have a solution? -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: action errors and resource bundles
On 02/27/2004 05:04 PM David Adelson wrote: I have numerous property files for storing my resources (applicationresources.properties). Each one has a bundle name identified in struts-config. Is there a way for ActionError or ActionMessage to get data from a particular bundle? LOoking at the javadoc for ActionMessages, I would say no, it must be hard-coded to get it from the default bundle. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: action errors and resource bundles
Er, hold on a moment. If you use modules, then you can specify a different properties file in each struts-config. On 02/27/2004 05:21 PM David Adelson wrote: thanks for the reply. I was all excited about splitting up my properties files for common, module1, and module2. But now it appears that all the errors we use all have to be in one properties file. bummer. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Friday, February 27, 2004 11:15 AM To: Struts Users Mailing List Subject: Re: action errors and resource bundles On 02/27/2004 05:04 PM David Adelson wrote: I have numerous property files for storing my resources (applicationresources.properties). Each one has a bundle name identified in struts-config. Is there a way for ActionError or ActionMessage to get data from a particular bundle? LOoking at the javadoc for ActionMessages, I would say no, it must be hard-coded to get it from the default bundle. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: action errors and resource bundles
But surely you have name them in each struts-config.xml files differently? In which case there should be no need to specify the bundle in the bean:message taglib. That's the way I understood it - I don't actually use modules. On 02/27/2004 05:53 PM David Adelson wrote: Thanks. I am doing this. This is why I am having trouble. I have seperated my files and each is named in struts-config. If I want a property from the correct resource using bean:message I just do, bean:message bundle=BundleNameInStrutsConfig key=whatever BUT, actionerrors will not do it: ActionErrors errors = new ActionErrors(); errors.add(name, new ActionError(keyinpropertiesfile)); IE, there is no way to tell it which bundle (file) to use. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Friday, February 27, 2004 11:42 AM To: Struts Users Mailing List Subject: Re: action errors and resource bundles Er, hold on a moment. If you use modules, then you can specify a different properties file in each struts-config. On 02/27/2004 05:21 PM David Adelson wrote: thanks for the reply. I was all excited about splitting up my properties files for common, module1, and module2. But now it appears that all the errors we use all have to be in one properties file. bummer. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Friday, February 27, 2004 11:15 AM To: Struts Users Mailing List Subject: Re: action errors and resource bundles On 02/27/2004 05:04 PM David Adelson wrote: I have numerous property files for storing my resources (applicationresources.properties). Each one has a bundle name identified in struts-config. Is there a way for ActionError or ActionMessage to get data from a particular bundle? LOoking at the javadoc for ActionMessages, I would say no, it must be hard-coded to get it from the default bundle. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: EL - can't get access to my constants
How did you try to use it in your EL? It doesn't look very Javabean-specification-conformant. i.e. use myProperty for getMyProperty() and setMyProperty() On 02/25/2004 12:02 PM Axel Gro wrote: dear friends! i declared a getter method for a constant, but i can't use it using jsp2.0 Expression Language. public class Constants{ .. public static String getBEAN_PROP_SYSTEM() { return BEAN_PROP_SYSTEM; } .. } in the jsp: works fine: %= ((Constants)session.getAttribute(constants)).getBEAN_PROP_SYSTEM() % [DEBUG] InsertTag - -[ServletException in:/WEB-INF/contents/System.jsp] Unable to find a value for BEAN_PROP_SYSTEM in object of class at.ftw.struts.Constants using operator .' javax.servlet.jsp.el.ELException: Unable to find a value for BEAN_PROP_SYSTEM in object of class at.ftw.struts.Constants using operator .javax.servlet.jsp.el.ELException: Unable to find a value for BEAN_PROP_SYSTEM in object of class at.ftw.struts.Constants using operator . i attached the full stacktrace thanks in advance, Axel javax.servlet.jsp.el.ELException: Unable to find a value for BEAN_PROP_SYSTEM in object of class at.ftw.struts.Constants using operator . at org.apache.commons.el.Logger.logError(Logger.java:481) at org.apache.commons.el.Logger.logError(Logger.java:498) at org.apache.commons.el.Logger.logError(Logger.java:611) at org.apache.commons.el.ArraySuffix.evaluate(ArraySuffix.java:340) at org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:145) at org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:263) at org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:190) at org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:941) at org.apache.jsp.WEB_002dINF.contents.System_jsp._jspService(System_jsp.java:130) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:133) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:311) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:284) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:742) at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:630) at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:542) at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:1002) at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:626) at org.apache.struts.tiles.TilesUtilImpl.doInclude(TilesUtilImpl.java:137) at org.apache.struts.tiles.TilesUtil.doInclude(TilesUtil.java:177) at org.apache.struts.taglib.tiles.InsertTag.doInclude(InsertTag.java:756) at org.apache.struts.taglib.tiles.InsertTag$InsertHandler.doEndTag(InsertTag.java:881) at org.apache.struts.taglib.tiles.InsertTag.doEndTag(InsertTag.java:473) at org.apache.jsp.WEB_002dINF.contents.handleException_jsp._jspx_meth_tiles_insert_0(handleException_jsp.java:226) at org.apache.jsp.WEB_002dINF.contents.handleException_jsp._jspx_meth_c_catch_0(handleException_jsp.java:194) at org.apache.jsp.WEB_002dINF.contents.handleException_jsp._jspService(handleException_jsp.java:117) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:133) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:311) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:284) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:742) at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:630) at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:542) at
Re: Suppresing the generation of blank lines while using logic tags - Ver 1.0.2
On 02/25/2004 03:04 PM Pranay Parsatwar wrote: We are facing problem of jsp file size exceeding to more than 5 MB at runtime. The jsp file is full of struts tag with lot many logic:equal, notEqual in the code. The compiled html when generated takes a lot of time for browser rendering because of the file size. Looking at the html source generated it seems the tags generates lots of blank line were ever used. If the source is modified to remove all the blank lines, the size reduces to 2 mb. There is a Jasper servlet option which will remove the blank lines. Check for the trimSpaces attribute on the jasper servlet in the conf/web.xml config. However it is still going to take processing time to remove the white space, so it might not be the enhancement you are hoping for. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to create a No Action ActionForward
Jackie, auth-constraint lists the roles that are allowed access. If you have no roles, that means you need just one role for all. And you must enter it there. Having no roles listed means no-one has permission. Or you could try * for all roles (haven't tried it myself). Re: JAAS, how did you get hold of the user's session? I don't see any way of obtaining access to it from the LoginModule. Adam On 02/24/2004 02:00 AM Jacqueline Gomes wrote: That sounds like a good idea! However, I don't have any 'roles', they are just users that need to authenticate, and I wanted to secure blah/do/admin/*. I couldn't implement the web.xml security either - this didn't work: security-constraint web-resource-collection web-resource-nameBN_ONLINE Administration/web-resource-name descriptionSecurity constraint for resources in the admin directory/description url-pattern/do/admin/*/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint/ /security-constraint Can you please send me any links to OSUser API - I've not heard of it. -Original Message- From: Nick Faiz [mailto:[EMAIL PROTECTED] Sent: Tuesday, 24 February 2004 8:53 AM To: 'Struts Users Mailing List' Subject: RE: How to create a No Action ActionForward Guys, I'm at this point, myself, with an application sitting on the back-burner. I've thought about an approach, which is slightly different to yours. I agree that declarative security in J2EE, for Servlets and JSP.s, does not really seem to go far enough, at first glance. On the other hand, it has considerable benefits (the mappings of roles, relying upon app. server controlled ACLs, etc.). Why not allow declarative security to do its work, then build the user information in the session, based upon whether or not the user is in the correct role, etc.? This is what I plan to do - I'm using the OSUser API. I'll build its information, partly, by querying roles using the request, and relying upon WebLogic's internal LDAP server. Declarative security is passive; it actively doesn't `do' stuff but only waits for someone to pass through something it secures. Users make requests to post, which can be mapped to an Action class. I don't see how they are at odds. Nick Faiz. -Original Message- From: Jacqueline Gomes [mailto:[EMAIL PROTECTED] Sent: Tuesday, 24 February 2004 11:38 AM To: Struts Users Mailing List Subject: RE: How to create a No Action ActionForward Neither can I. There was no way with j_security_check that I could post to an Action class. So I implemented JAAS and in the module I interact with a Domain Facade that does the check with the database for a valid user. I then construct a User object and put that in the session. Each of my jsp's has a check (done using an include) for the user object and if it does not exist then it redirects to the login page. If anyone wants any code, let me know!! Jackie. -Original Message- From: Carl [mailto:[EMAIL PROTECTED] Sent: Monday, 23 February 2004 5:01 PM To: Struts Users Mailing List Subject: Re: How to create a No Action ActionForward By integarting with struts, I mean to have a loginAction witch fill the session with data about the logged user. I can't see how to manage that with classic j_security_check. regards, Carl Adam Hardy wrote: Not having any roles effectively means from the container managed security point of view that you have only one role. What problems did you have 'integrating' the container security? As far as your app is concerned, j_security_check is not something that is relevant. The whole login should be transparent to your app. As long as you map the security constraints correctly, the user will never see a protected page unless they login. Adam On 02/23/2004 08:54 AM Carl wrote: I've faced the same issue too. (using tomcat) To solve it I've found 2 options : - implement a filter witch intercept each request an redirect if needed to the struts login action. It allow a good interaction with struts but no securty by container. - use the container : I do that by adding a CUSTOM login scheme along BASIC FORM in org.apache.catalina.startup.Authenticators.properties. It's like the filter solution but use roles and the security is managed by the security constrains defined in web.xml. For now my CUSTUM login is similar to the FORM login, so it's not intergrated with struts, but I've planned to modify it soon. This second solution need too to define a Realm in Context : Realm className=org.apache.catalina.realm.JAASRealm appName=catalogue userClassNames=com.asserina.atypone.catalogue.impl.ClientImpl roleClassNames=com.asserina.atypone.catalogue.Role / (I'm using JAAS) To conclude I would say that the second option is far more powerfull and addaptable to specific needs however you have too look close to : JAAS, custom Realm, Authenticators.properties and is tide to your container (for me Tomcat) Let me know if you find quiker or simpler
Re: Session management
For the sake of a clean design, restrict your transaction management to your model layer (in MVC). That means, like Navjot says, keep it clear of your struts action classes. On 02/24/2004 10:19 AM Navjot Singh wrote: struts has nothing to do with managing sessions. we should better talk about servlet containers that handles sessions. btw, 100 sessions are nothing to worry about :-) leave the txn mgmt to db layer. use any of the persistence frameworks that can handles this for you. -Original Message- From: Parag [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 2:44 PM To: Struts Users Mailing List Subject: Session management Experts, We are planning to build an application, for which expected concurrent users are ~100. Total usrs being 2000. Does Struts provide any facilities to manage Sessions on such scale? Some of the functionality is very data intensive, and would need transaction management. What is the prefered way of doing so? Are there any facilities in Struts All your comments are highly appreciated. Regards Parag * Disclaimer This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. * Visit us at http://www.mahindrabt.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: A picture speaks a thousand words
On 02/24/2004 01:56 PM A.White wrote: Hi I'm new to struts and am having some difficulties understanding how it all links together. I was hoping that someone could post some links which give a visual representation of how struts work and link together There's a bunch of links to resources on the struts website. I remember some good diagrams there. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: using html:xhtml/
On 02/24/2004 06:38 PM Dean A. Hoover wrote: Newbie here wanting to generate xhtml. I am looking at http://www.w3.org/TR/xhtml1#normative I believe I need to output something like the following to be conforming. I can handle the xml and DOCTYPE tags just fine, but how do I generate the stuff in the html tag (which is apparently required) using html:html? ?xml version=1.0 encoding=UTF-8? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd; html xmlns=http://www.w3.org/1999/xhtml; xml:lang=en lang=en html:html xhtml=true /html:html html:xhtml/ is to place in tiles and jsp:includes which are not compiled in the main body's context. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to create a No Action ActionForward
Not having any roles effectively means from the container managed security point of view that you have only one role. What problems did you have 'integrating' the container security? As far as your app is concerned, j_security_check is not something that is relevant. The whole login should be transparent to your app. As long as you map the security constraints correctly, the user will never see a protected page unless they login. Adam On 02/23/2004 08:54 AM Carl wrote: I've faced the same issue too. (using tomcat) To solve it I've found 2 options : - implement a filter witch intercept each request an redirect if needed to the struts login action. It allow a good interaction with struts but no securty by container. - use the container : I do that by adding a CUSTOM login scheme along BASIC FORM in org.apache.catalina.startup.Authenticators.properties. It's like the filter solution but use roles and the security is managed by the security constrains defined in web.xml. For now my CUSTUM login is similar to the FORM login, so it's not intergrated with struts, but I've planned to modify it soon. This second solution need too to define a Realm in Context : Realm className=org.apache.catalina.realm.JAASRealm appName=catalogue userClassNames=com.asserina.atypone.catalogue.impl.ClientImpl roleClassNames=com.asserina.atypone.catalogue.Role / (I'm using JAAS) To conclude I would say that the second option is far more powerfull and addaptable to specific needs however you have too look close to : JAAS, custom Realm, Authenticators.properties and is tide to your container (for me Tomcat) Let me know if you find quiker or simpler solutions, Regards, Carl Jacqueline Gomes wrote: Hi James, I was also trying to do the same thing, however, we are using JRun and we don't have any user 'roles'. Specifically, I wanted the container to do the authorisation i.e if a user tried to access any pages after blah blah/admin/* then they would be redirected to the login page if they have not logged in. However, the application does not have any 'roles' as such. The user is authenticated by calling a stored procedure in the dbase. I tried to implement the j_security_check also but was having a tough time integrating it with the actionform etc. Do you have any ideas as to how I would do this given that I don't have any user roles in the application? I was going to add a 'user' object in the session and check on each page if it exists. If it doesn't then redirect the user back to the login page. I have set the session.setMaxInactiveInterval(72000); Any help would be appreciated. Thanks, Jackie. -Original Message- From: James Adams [mailto:[EMAIL PROTECTED] Sent: Monday, 23 February 2004 4:43 AM To: Struts Mailing List Subject: Re: How to create a No Action ActionForward I think Srikanth has hit the nail on the head, in that I am not fully utilizing what is already available with vanilla J2EE, namely security roles, authorization constraints, and error pages, all of which I can declare in the deployment descriptor of my web app. But I still want to use a Struts component for the authentication instead of a more traditional form-based authentication scheme. Let me outline below what is, I think, a much better approach and kindly ask for comments, as I'm not certain that this will work or if it's actually the smartest way to go. I would like to use a Struts Action class to handle my login form, instead of vanilla form-based authentication, i.e. j_security_check, for two reasons: 1) form-based authentication is not very secure since it passes the user name and password across the network in clear text, and 2) I want to use a LDAP server (within my login Action class) to do the authentication, and this would not be possible using plain form-based authentication. So the plan is to have a form in my Login.jsp with the form's action being the login Action class. The login Action class will connect to the LDAP server and try to authenticate using the username and password supplied as form inputs. If the authentication succeeds then the user's session is set with the user's role (also retrieved from the LDAP server), and then the control is forwarded to the first logged in welcome page. If the authentication fails then the appropriate error message (Login failed - try again) will be added to the ActionErrors and control is forwarded back to the login page, which will display the ActionError message via a html:errors tag, and allow the user to try again. In order to accomplish session authorization of a session for each *.jsp of the application I will declare a security constraint in the web.xml, like so: security-constraint web-resource-collection web-resource-name Restricted Pages /web-resource-name url-pattern*.jsp/url-pattern /web-resource-collection auth-constraint role-nameadmin/role-name
Re: How to create a No Action ActionForward
In your case you would have to write a filter that checks request.getRemoteUser() and session.getAttribute(myUserInfoBean). If remoteUser is not null but your UserInfoBean is, then you know you have just got a user after going thro the container login, and you can get the data and make the session bean. On 02/23/2004 10:00 AM Carl wrote: By integarting with struts, I mean to have a loginAction witch fill the session with data about the logged user. I can't see how to manage that with classic j_security_check. regards, Carl Adam Hardy wrote: Not having any roles effectively means from the container managed security point of view that you have only one role. What problems did you have 'integrating' the container security? As far as your app is concerned, j_security_check is not something that is relevant. The whole login should be transparent to your app. As long as you map the security constraints correctly, the user will never see a protected page unless they login. Adam On 02/23/2004 08:54 AM Carl wrote: I've faced the same issue too. (using tomcat) To solve it I've found 2 options : - implement a filter witch intercept each request an redirect if needed to the struts login action. It allow a good interaction with struts but no securty by container. - use the container : I do that by adding a CUSTOM login scheme along BASIC FORM in org.apache.catalina.startup.Authenticators.properties. It's like the filter solution but use roles and the security is managed by the security constrains defined in web.xml. For now my CUSTUM login is similar to the FORM login, so it's not intergrated with struts, but I've planned to modify it soon. This second solution need too to define a Realm in Context : Realm className=org.apache.catalina.realm.JAASRealm appName=catalogue userClassNames=com.asserina.atypone.catalogue.impl.ClientImpl roleClassNames=com.asserina.atypone.catalogue.Role / (I'm using JAAS) To conclude I would say that the second option is far more powerfull and addaptable to specific needs however you have too look close to : JAAS, custom Realm, Authenticators.properties and is tide to your container (for me Tomcat) Let me know if you find quiker or simpler solutions, Regards, Carl Jacqueline Gomes wrote: Hi James, I was also trying to do the same thing, however, we are using JRun and we don't have any user 'roles'. Specifically, I wanted the container to do the authorisation i.e if a user tried to access any pages after blah blah/admin/* then they would be redirected to the login page if they have not logged in. However, the application does not have any 'roles' as such. The user is authenticated by calling a stored procedure in the dbase. I tried to implement the j_security_check also but was having a tough time integrating it with the actionform etc. Do you have any ideas as to how I would do this given that I don't have any user roles in the application? I was going to add a 'user' object in the session and check on each page if it exists. If it doesn't then redirect the user back to the login page. I have set the session.setMaxInactiveInterval(72000); Any help would be appreciated. Thanks, Jackie. -Original Message- From: James Adams [mailto:[EMAIL PROTECTED] Sent: Monday, 23 February 2004 4:43 AM To: Struts Mailing List Subject: Re: How to create a No Action ActionForward I think Srikanth has hit the nail on the head, in that I am not fully utilizing what is already available with vanilla J2EE, namely security roles, authorization constraints, and error pages, all of which I can declare in the deployment descriptor of my web app. But I still want to use a Struts component for the authentication instead of a more traditional form-based authentication scheme. Let me outline below what is, I think, a much better approach and kindly ask for comments, as I'm not certain that this will work or if it's actually the smartest way to go. I would like to use a Struts Action class to handle my login form, instead of vanilla form-based authentication, i.e. j_security_check, for two reasons: 1) form-based authentication is not very secure since it passes the user name and password across the network in clear text, and 2) I want to use a LDAP server (within my login Action class) to do the authentication, and this would not be possible using plain form-based authentication. So the plan is to have a form in my Login.jsp with the form's action being the login Action class. The login Action class will connect to the LDAP server and try to authenticate using the username and password supplied as form inputs. If the authentication succeeds then the user's session is set with the user's role (also retrieved from the LDAP server), and then the control is forwarded to the first logged in welcome page. If the authentication fails then the appropriate error message (Login failed - try again) will be added to the ActionErrors
Re: Breadcrumbs
I need to implement breadcrumb menus too. I know of no such module available, except perhaps struts-menu. It depends on what the technical basis of the breadcrumb menu is meant to be. Do you configure the whole lot before hand in XML (in which case struts-menu would help) or do you want to do it dynamically? Is there any way it could be done dynamically? Just thinking aloud. Adam On 02/23/2004 10:41 PM Miller, Judd M,,DMDCWEST wrote: I have the same basic needs as Andy does for my application. I would add that I'm expecting there's an intelligent way of storing/calling breadcrumbs so that when you make changes to the breadcrumbs, you only have to change it in one place, and not on every page where they appear. Tiles? XML? Database? (These are random ideas on my part...I really have no idea, hence my desire for an answer to this question too.) Thanks. --Judd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: None To: Struts Users Mailing List Subject: Re: Breadcrumbs I just finished rolling my own last week. I've found that breadcrumb requirements end up being unique in some way to the application. What are your requirements? Rick DeBay On Mon, 23 Feb 2004 15:28 , Gregory F. March [EMAIL PROTECTED] sent: Not sure if there is any formal method, but we wound up building our own... /greg On Feb 23, 2004, Miller, Judd M,,DMDCWEST [EMAIL PROTECTED] wrote: |I hope someone responds to this, because I have the same question. | |--Judd Miller | |-Original Message- |From: Andy Engle |[EMAIL PROTECTED]','','','')[EMAIL PROTECTED] |Sent: Saturday, February 21, 2004 11:36 PM |To: [EMAIL PROTECTED] |Subject: Breadcrumbs | | |Hi all, | |Is there any slick way of putting breadcrumbs into a web app with |Struts? If so, what's the preferred way? | |Thanks. | | |Andy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Breadcrumbs
Are you guys talking about breadcrumb 'trail' as in showing history, or do you mean drilling down into a tree of subsections and subsubsections? On 02/23/2004 11:09 PM Carl wrote: Hi, We have similar needs, is it possible for you to send the code ? Thanks, Carl [EMAIL PROTECTED] wrote: I created five classes and an interface to do this, and manage the trail from an Action class. Since I load the content in the Action for display by a JSP, I can create the name and backlink for the crumb there. Rick DeBay On Mon, 23 Feb 2004 16:41 , Miller, Judd M,,DMDCWEST [EMAIL PROTECTED] sent: I have the same basic needs as Andy does for my application. I would add that I'm expecting there's an intelligent way of storing/calling breadcrumbs so that when you make changes to the breadcrumbs, you only have to change it in one place, and not on every page where they appear. Tiles? XML? Database? (These are random ideas on my part...I really have no idea, hence my desire for an answer to this question too.) Thanks. --Judd -Original Message- From: [EMAIL PROTECTED] [EMAIL PROTECTED]','','','')[EMAIL PROTECTED] Sent: None To: Struts Users Mailing List Subject: Re: Breadcrumbs I just finished rolling my own last week. I've found that breadcrumb requirements end up being unique in some way to the application. What are your requirements? Rick DeBay On Mon, 23 Feb 2004 15:28 , Gregory F. March [EMAIL PROTECTED] sent: Not sure if there is any formal method, but we wound up building our own... /greg On Feb 23, 2004, Miller, Judd M,,DMDCWEST [EMAIL PROTECTED] wrote: |I hope someone responds to this, because I have the same question. | |--Judd Miller | |-Original Message- |From: Andy Engle |[EMAIL PROTECTED]','','','')[EMAIL PROTECTED] |Sent: Saturday, February 21, 2004 11:36 PM |To: [EMAIL PROTECTED] |Subject: Breadcrumbs | | |Hi all, | |Is there any slick way of putting breadcrumbs into a web app with |Struts? If so, what's the preferred way? | |Thanks. | | |Andy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Breadcrumbs
Kudos, Jason. You not only thought outside the box, you left it crying and miserable in the old boxes home. On 02/23/2004 11:27 PM Jason Lea wrote: Is there any slick way of putting breadcrumbs into a web app with Struts? If so, what's the preferred way? I did this using tiles. I have my tiles extending a base layout, then each sub-menu item extends the parent tile definition eg (first level) definition name=.main.admin extends=.layout ... /definition (second level) definition name=.main.admin.workflow.list extends=.main.admin ... /definition Now, for breadcrumbs I would define breadcrumb0 in the first level. As the second level extends the first, breadcrumb0 will be included. In the second level I define breadcrumb1 eg definition name=.main.admin extends=.layout put name=title value=admin.title / put name=body value=/WEB-INF/jsp/tiles/admin/admin.jsp / putList name=breadcrumb0 item value=admin.menu link=admin tooltip=admin.title classtype=org.apache.struts.tiles.beans.SimpleMenuItem / /putList /definition definition name=.main.admin.workflow.list extends=.main.admin put name=title value=workflow.list.title / put name=body value=/WEB-INF/jsp/tiles/admin/workflow/list.jsp / putList name=breadcrumb1 item value=workflow.menu link=workflowlist tooltip=workflow.title classtype=org.apache.struts.tiles.beans.SimpleMenuItem / /putList /definition I had originally wanted to just to be able to add an item to the breadcrumb list, but that is not possible in xml. In my layout.jsp page I then use tiles:useAttribute name=breadcrumb0 ignore=true / tiles:useAttribute name=breadcrumb1 ignore=true / tiles:useAttribute name=breadcrumb2 ignore=true / !-- breadcrumbs -- div class=breadcrumbs span class=breadcrumb mainnavitemhtml:link forward=homepage titleKey=homepage.titlebean:message key=homepage.menu //html:link/span /c:forEach c:forEach items=${breadcrumb0} var=crumb span class=breadcrumb mainnavitembean:message key=breadcrumb.separator / html:link forward=${crumb.link} titleKey=${crumb.tooltip}bean:message key=${crumb.value} //html:link/span /c:forEach c:forEach items=${breadcrumb1} var=crumb span class=breadcrumb mainnavitembean:message key=breadcrumb.separator / html:link forward=${crumb.link} titleKey=${crumb.tooltip}bean:message key=${crumb.value} //html:link/span /c:forEach c:forEach items=${breadcrumb2} var=crumb span class=breadcrumb mainnavitembean:message key=breadcrumb.separator / html:link forward=${crumb.link} titleKey=${crumb.tooltip}bean:message key=${crumb.value} //html:link/span /c:forEach /div !-- end breadcrumbs -- Hope that make somes sort of sense. If not ask me a question and I will try to explain better. -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tile, Action and Form
On 02/21/2004 02:07 PM Esteban Forzani wrote: Hi, using Tiles and Struts I would like to know if is it possible have two tiles in the same page with two action and formbean. The tile1 asociatted with action1 and form1 and the tile2 asociatted with action2 and form2. How I can inicialize the formbean´s attributte?. You associate a tiles definition with a struts action. You can only have one definition per action. However you can reuse the tiles definition as many times as you like in as many different actions as you want. If you try to mix tiles with different form bean requirements in the same definition, then only one of them will succeed, because the originating action obviously provides only one form bean. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Newbie] Is it worth subclassing your own Action and ActionForm classes to attain code re-use?
On 02/22/2004 05:40 AM Mark Jones wrote: My application allows a user to make various different types of bookings for a (fictional!!!) hospital and logs them in a database. Each type of booking has a set of common properties but also different ones depending on the type of booking being made. I have divided my classes into a BookingAction and BookingActionForm superclass and subclasses (such as AmbulanceBookingAction and AmbulanceBookingActionForm) because I anticipate creating other subtypes of BookingAction that use the same properties in the BookingAction class but not in the AmbulanceBookingAction subclass. This initially seemed to me to be in keeping with programming for code re-use and extensibility. I have just one Action class for the whole app that all my Action subclasses inherit. It does all the common processing that I need. It is now after 2 years on the project fairly complex but it is really all common functionality. I can't see any need in my situation for having a different Action superclass for each module. My problem with this is, if a user submits a form which posts its data via the ActionServlet to the AmbulanceBookingAction subclass, how would I ensure the BookingAction class did its stuff? Would it be better / easier to use separate, non-derived (from my superclasses) Actions and ActionForms to handle each type of booking and not subclass BookingAction and BookingActionForm (even though I would be repeating the some of the same properties common to each different type of booking)? You make sure they do their stuff because they have the perform() or execute() method, and they call the actual AmbulanceBookingAction for example. I am concerned, though, not to lose points for not reusing code. It just seems to me, though, that trying to divvy the handling of the form data via inheritance is too complicated and / or unnecessary. I once had a ActionForm superclass with getter / setter methods for frequently occuring fields - but dropped it because the advantage was trivial. And I started using DynaActionForms. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Extra Lines in Compiled JSP
I think it's XHTML where the problem is. Check out this (resolved) bug report: http://issues.apache.org/bugzilla/show_bug.cgi?id=24506 I implemented the mentioned Jasper configuration option and lo! God removed unnecessary blank lines from my XHTML! Made a shiver go down my spine to look upon it in all its glory. Adam On 02/20/2004 10:47 PM Piper, James D CECOM SEC EPS wrote: Why do you have this problem with extra lines in your html generated by the %@ % section of your jsp and I do not - I use JBOSS and WebLogic both -- never saw this problem? - Jim -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 3:42 PM To: Struts Users Mailing List Subject: Re: Extra Lines in Compiled JSP Perhaps it was in the taglibs-user mailing list where I dreamt it? Maybe I'm searching for the wrong key-words - I've looked for 'white space' and 'blank lines' but not found anything. Perhaps it was even on this list? Check this link for a filter solution: http://www.mail-archive.com/[EMAIL PROTECTED]/msg03824.html On 02/20/2004 08:14 PM Gopalakrishnan, Jayesh wrote: I am talking abt generated output(HTML/csv/email/whatever). If the question was abt generated java code, nobody should care. The generated output contains newlines for every % % enclosure in the JSP. And if you are generating anything other than HTML output, thats likely to cause a problem. We did this for our export to exel feature... cheers -jayash -Original Message- From: Thad Humphries [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 11:05 AM To: Struts Users Mailing List Subject: Re: Extra Lines in Compiled JSP Why care about how generated code looks? This approach makes the code you maintain harder to read. On Friday 20 February 2004 14:01, Gopalakrishnan, Jayesh wrote: I must have had the same dream !! I remember that tomcat config thing..and not too long ago. I am surprised you couldn't find it. We had to do something like this though, for weblogic. %@ taglib uri=xxx prefix=bean %%@ taglib uri=/display prefix=display %%@ taglib uri=xxx prefix=html %%@ taglib uri=xxx prefix=nested %%@ taglib uri=xxx prefix=tiles %%@ page language=java %%@ page contentType=text/html; charset=UTF-8 %% your code continues.% ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Extra Lines in Compiled JSP
Maybe I just dreamt this but I thought I remember one of the tomcat committers saying here that they had added a config option to remove these blank lines around JSP taglib tags, and set the configuration option by default to false/off, because it violates the JSP spec. I just quickly searched the archives and found no reference to it. Sorry, must have been a dream after all. (nice dream though) On 02/20/2004 05:15 PM Guillermo Meyer wrote: I had this problem that produced me a CSV file with blank lines at top. I solved it by removing al enter in the file, I mean, JSP tags (including %@ tags, etc) are all concatenated without break lines. You will get the ugliest JSP page you have ever seen from developer perspective, but this solved my problem. Cheers. Guillermo. -Original Message- From: Jerry Jalenak [mailto:[EMAIL PROTECTED] Sent: Viernes, 20 de Febrero de 2004 01:07 p.m. To: '[EMAIL PROTECTED]' Subject: Extra Lines in Compiled JSP Hi All, I should know how to fix this, but am at a loss. At the top of my JSP I have the following lines: %@ taglib uri=http://jakarta.apache.org/struts/tags-bean; prefix=bean % %@ taglib uri=/display prefix=display % %@ taglib uri=http://jakarta.apache.org/struts/tags-html; prefix=html % %@ taglib uri=http://jakarta.apache.org/struts/tags-nested; prefix=nested % %@ taglib uri=http://jakarta.apache.org/struts/tags-tiles; prefix=tiles % %@ page language=java % %@ page contentType=text/html; charset=UTF-8 % When I look at the compiled JSP, there are seven blank lines (i.e. out.write(\r\n); ). Is there anyway to have the JSP compiler (were running Tomcat 5.0.18 Stable) NOT generate these lines? I guess they come from the % % sources lines, but it really screws up my generated HTML code Thanks! Jerry Jalenak Development Manager, Web Publishing LabOne, Inc. 10101 Renner Blvd. Lenexa, KS 66219 (913) 577-1496 [EMAIL PROTECTED] This transmission (and any information attached to it) may be confidential and is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient or the person responsible for delivering the transmission to the intended recipient, be advised that you have received this transmission in error and that any use, dissemination, forwarding, printing, or copying of this information is strictly prohibited. If you have received this transmission in error, please immediately notify LabOne at the following email address: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] NOTA DE CONFIDENCIALIDAD Este mensaje (y sus anexos) es confidencial, esta dirigido exclusivamente a las personas direccionadas en el mail y puede contener informacion (i)de propiedad exclusiva de Interbanking S.A. o (ii) amparada por el secreto profesional. Cualquier opinion en el contenido, es exclusiva de su autor y no representa necesariamente la opinion de Interbanking S.A. El acceso no autorizado, uso, reproduccion, o divulgacion esta prohibido. Interbanking S.A no asumira responsabilidad ni obligacion legal alguna por cualquier informacion incorrecta o alterada contenida en este mensaje. Si usted ha recibido este mensaje por error, le rogamos tenga la amabilidad de destruirlo inmediatamente junto con todas las copias del mismo, notificando al remitente. No debera utilizar, revelar, distribuir, imprimir o copiar este mensaje ni ninguna de sus partes si usted no es el destinatario. Muchas gracias. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Extra Lines in Compiled JSP
Perhaps it was in the taglibs-user mailing list where I dreamt it? Maybe I'm searching for the wrong key-words - I've looked for 'white space' and 'blank lines' but not found anything. Perhaps it was even on this list? Check this link for a filter solution: http://www.mail-archive.com/[EMAIL PROTECTED]/msg03824.html On 02/20/2004 08:14 PM Gopalakrishnan, Jayesh wrote: I am talking abt generated output(HTML/csv/email/whatever). If the question was abt generated java code, nobody should care. The generated output contains newlines for every % % enclosure in the JSP. And if you are generating anything other than HTML output, thats likely to cause a problem. We did this for our export to exel feature... cheers -jayash -Original Message- From: Thad Humphries [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 11:05 AM To: Struts Users Mailing List Subject: Re: Extra Lines in Compiled JSP Why care about how generated code looks? This approach makes the code you maintain harder to read. On Friday 20 February 2004 14:01, Gopalakrishnan, Jayesh wrote: I must have had the same dream !! I remember that tomcat config thing..and not too long ago. I am surprised you couldn't find it. We had to do something like this though, for weblogic. %@ taglib uri=xxx prefix=bean %%@ taglib uri=/display prefix=display %%@ taglib uri=xxx prefix=html %%@ taglib uri=xxx prefix=nested %%@ taglib uri=xxx prefix=tiles %%@ page language=java %%@ page contentType=text/html; charset=UTF-8 %% your code continues.% ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem Dynamically creating form properties
I wonder whether a module along these lines has been incorporated into JavaFaces? On 02/17/2004 09:44 PM Hubert Rabago wrote: Cool! I'll write something up tonight that'll provide more info and send it to you so you can see where it's at. --- Niall Pemberton [EMAIL PROTECTED] wrote: Your stuff sounds interesting and I'm up for a bit of collaboration. Niall - Original Message - From: Hubert Rabago [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 7:31 PM Subject: Re: Problem Dynamically creating form properties I meant to say I wonder if we can combine what we have. --- Hubert Rabago [EMAIL PROTECTED] wrote: Niall, I wonder if we can what we have. I wonder what that would look like. Could be interesting. Hubert --- Hubert Rabago [EMAIL PROTECTED] wrote: As long as we're sharing... =) I wrote a plug-in which defines my DynaActionForms based on my DTOs. So if I have an employee DTO, it will define a DynaActionForm for me with the fields from my employee DTO. It helps me cut down on the repetition when my DTO closely matches my form beans. The form bean definition can add onto the definition to allow it to hold non-DTO values such as submit buttons and other values. It also knows to convert between the fields of the DTO to and from the form bean, kinda like BeanUtils.copyProperties. It can also support formatting the data, so my users can enter dates or formatted numbers such as 123,456.00 instead of 123456.00 without me having to format the data in my action objects and parse it back upon submission. And to further cut down on the repetition, I've also moved all form-bean definitions and form validation rules into one XML, so all the form information is together instead of in separate config files. I'm looking to share this if anybody's interested. I'm finishing up unit tests and docs for it. - Hubert --- Niall Pemberton [EMAIL PROTECTED] wrote: I have a version of DynaBean based on the MutableDynaClass interface which allows properties to be added dynamically - which anyone would be free to use (I tried to attach here but struts-user rejected the mail saying we don't accept executable content ). We have also equivalent versions of the DynaValidatorForm and DynaValidatorActionForm based on this dynamic DynaBean. Advantages - no more ActionForm declarations, but it still the standard DynaBean and can plug into the Validator framework. LazyDynaBean - dynamic DynaBean LazyDynaClass - implements the MutableDynaClass interface LazyValidatorForm - etension of ValidatorForm which is backed by LazyDynaBean (equivalent to DynaValidatorForm) LazyValidatorActionForm - path based LazyValidatorForm (equivalent to DynaValidatorActionForm) I can email this directly to anyone who wants it - or even better if someone could offer/suggest a site to load it up to. Niall - Original Message - From: Guillermo Meyer [EMAIL PROTECTED] To: 'Struts Users Mailing List' [EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 2:07 PM Subject: RE: Problem Dynamically creating form properties Actually, not today, because this development we made is not Open Source, but who knows... may we remake it and open it for free use. Cheers. Guillermo -Original Message- From: Paul-J Woodward [mailto:[EMAIL PROTECTED] Sent: Martes, 17 de Febrero de 2004 10:41 a.m. To: Struts Users Mailing List Subject: RE: Problem Dynamically creating form properties That sounds excellent, is it available for use? Paul Global Equity Derivatives Technology Deutsche Bank [/] Guillermo Meyer [EMAIL PROTECTED] 17/02/2004 09:43 Please respond to Struts Users Mailing List To: 'Struts Users Mailing List' [EMAIL PROTECTED] cc: Subject:RE: Problem Dynamically creating form properties I previuosly posted a mail to this list asking why DynaForms are called Dynamic if you have to declare them statically in Struts-Config. But there was no answer :( We created in our project a DynamicBean (previous DynaBean release and when Struts 1.1 was no available) and extended ActionForm to be a holder of DynamicBean (somethind like this: ((DynamicForm)form).getModel() returns a DynamicBean with all properties.) So, we add html:text fields to the JSP and these are populated to this DynamicForm without the need of declaring this property anywhere. And we have optionall Contract asserter to verify properties in a DynamicBean when needed (usually when using DynamicBean as a DTO between Actions and Business delegates) Cheers. Guillermo. -Original Message- From: Bernard Gaughran [mailto:[EMAIL PROTECTED] Sent: Martes, 17 de Febrero de 2004 07:11 a.m. To: [EMAIL PROTECTED] Subject: Problem Dynamically creating form properties Can someone PLEASE help? I need to create a User Interface (in JSP)
Re: Securing Struts - Which is my best option
Joanne, struts can be used to implement security easily using the 'roles=' attribute on the action mappings in your struts-config. This allows you to specify which roles can access an action or not. This depends on use of container-managed security, but I think that the SecurityFilter plugin is able to emulate that. I don't have any experience with SecurityFilter. You can also use ssl-ext (or sslext?) to map your action urls to http or https. Container-managed security takes away alot of the development work too of course. Specifying in the web.xml which URLs should be protected is about all you need to do, along with setting up the login realm. HTH Adam On 02/12/2004 01:36 PM Joanne L Corless wrote: Hi, I know this topic has been discussed before but I've looked at all the previous posts and can't find anything to answer my problem I have a struts app that is designed to use a database user with very limited rights pre-login and then post login it is designed to use the users own view. I want to secure the app so that any erroneous requests are directed straight to the login page - I've looked at the Sourceforge SecurityFilter and it fits about 75% of my requirements. The main problem is that both pre and post login there are lots of environment variables to set up for presentation etc. Currently (in the unsecured app) the flow works as such index.jsp -forwards- /initialise.do -loads default settings- .login_layout_tiles -on submit - /loginaction.do (if successful login) -loads user specific settings- .user_layout_tile This works fine but is obviously not secure - How basically do I combine struts and the security filter so that I can get the best of both worlds I'm happy with the SecurityFilter implementation - I've got a basic version working with my backend db its adding in struts thats causing the head ache at the moment Regards Joanne Corless CSC Computer Sciences Limited ( Office +44 (0)1772 318025 ( Mobile +44 (0)7767 656588 * email [EMAIL PROTECTED] Based at: CSC, Alliance House, Library Road, Chorley, Lancs, PR6 7EN CSC Computer Sciences Limited: Registered in England, No. 963578. Registered office: Royal Pavilion, Wellesley Road, Aldershot, Hampshire, GU11 1PZ. This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts 1.1 on Tomcat 5.0.18?
Since no-one has said anything about an error in the struts-examples app here, then I assume it's something in your setup that you or your colleagues have done. Did you do anything during install apart from set JAVA_HOME, CATALINA_HOME, PATH? Do you have anything in JAVA_OPTS or JAVA_OPTIONS? Did you edit catalina.sh? (Are you windows or unix?) You should of course check the list archive and bugzilla to make sure that it's not a recognised problem, if it's happening with a clean install. Where did you find out about the Sun / tomcat issue? Which version of JDK and Tomcat does it affect? On 02/11/2004 12:55 AM Steve Hill wrote: Tomcat 5 comes with Jasper 2 enabled by default - it has jasper-compiler.jar and jasper-runtime.jar in the tomcat5\common\lib directory already. So, that can't be it. (There is not a jasper.jar that I could find.) - Original Message - From: Samyukta Akunuru [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 3:31 PM Subject: RE: Struts 1.1 on Tomcat 5.0.18? Did you add the jasper compiler jars (jasper.jar, jasper-compiler.jar,jasper-runtime.jar) -Original Message- From: Steve Hill [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 5:24 PM To: Struts Users Mailing List Subject: Re: Struts 1.1 on Tomcat 5.0.18? I had sent a previous message to this list with a complete error listing, but I'll clarify. I downloaded and installed a new installation of Tomcat 5.0.18. I then downloaded and installed a new installation of struts 1.1, copying the documentation and example application war files into Tomcat's Webapps directory, and restarting Tomcat. Running the http://localhost:808/struts-documentation works fine. Running http://localhost:808/struts-example gives the following error message. I followed the other instructions (XML parser, JDBC2, xalan-j) as specified in v1.16 of the Struts readme file. The exception report I get when running struts-example is: description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: Unable to compile class for JSP at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:5 58) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 91) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) root cause java.lang.IllegalStateException: zip file closed at java.util.zip.ZipFile.getEntry(ZipFile.java:141) at java.util.jar.JarFile.getEntry(JarFile.java:181) at sun.net.www.protocol.jar.URLJarFile.getEntry(URLJarFile.java:76) at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:96) at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.ja va:108) at java.net.URL.openStream(URL.java:798) at org.apache.catalina.loader.StandardClassLoader.getResourceAsStream(StandardC lassLoader.java:714) at org.apache.catalina.loader.StandardClassLoader.getResourceAsStream(StandardC lassLoader.java:696) at org.apache.catalina.loader.WebappClassLoader.getResourceAsStream(WebappClass Loader.java:1202) at javax.xml.parsers.SecuritySupport12$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.xml.parsers.SecuritySupport12.getResourceAsStream(Unknown Source) at javax.xml.parsers.FactoryFinder.findJarServiceProvider(Unknown Source) at javax.xml.parsers.FactoryFinder.find(Unknown Source) at javax.xml.parsers.DocumentBuilderFactory.newInstance(Unknown Source) at org.apache.jasper.xmlparser.ParserUtils.parseXMLDocument(ParserUtils.java:12 9) at org.apache.jasper.compiler.JspConfig.processWebDotXml(JspConfig.java:112) at org.apache.jasper.compiler.JspConfig.init(JspConfig.java:213) at org.apache.jasper.compiler.JspConfig.findJspProperty(JspConfig.java:229) at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:201) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:456) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:439) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:5 52) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 91) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) Specific suggestions welcome, else I will just start over if Struts 1.1 is normally known to work successfully on Tomcat 5.0.18. It looks like something is missing but if the Struts readme docs are correct it should work. This particular error is a known Sun issue in a previous Tomcat version. Thanks. - To unsubscribe,
Re: Dynamic generation of forms out of a config table in a database
Hi Tom, I saw a long thread last year on this mailing list discussing this subject. I can't remember the details but I do remember the person declared their success at the end. If you have a good search in the mail list archives on DynaActionForms and similar words, you are bound to find it. One restraint struts forces on you is that you can only have one form for an action, i.e. on form definition, one form in your action mapping and one form passed to your action as a parameter. But I think that you would only define the simplest dynaactionform in the struts-config and then add to it dynamically in the init or reset methods. You would have to write your own DynaActionForm child class that extends DynaActionForm to do that, and declare it as struts-config's form-bean... type. Hope that helps, Adam PS You must be the Thomas Stockhammer I worked with on APLA? How's it going? (plz mail me off-list at adam.hardy at cyberspaceroad.com) On 02/11/2004 12:48 PM Stockhammer Thomas wrote: Hi all, In my application i want to generate dynamic forms, that means the number of controls placed on the forms depends on the entries in a config-tabel of a database. That means I can add a textbox to a database by adding a record to the config-table. Additionally i can show different forms to different users by adding roles to the config-table. The generation of the forms should be done by a servlet that converts xml-strings to forms... Does struts give any support for validation of such forms (DynaActionForms) and handle parameters via getXXX and setXXX Or is the only way to do validation in such a form via javascript and to handle parameter via request.getParameter(... Tank you Regards Tom -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tiles Dynamic Menu: Design Question
Zach, did you miss http://sourceforge.net/projects/struts-menu/ ? I don't remember its details - it may do some of those things you don't like. I don't see why you are keeping menu urls in the ApplicationResources. At least you could make a new resource bundle and load it yourself with the same resource bundle package, e.g. ApplicationLinks. Alternatively you could code up a hashmap in your ApplicationScope, from a file, xml, a db etc. Or even just define all menu URLs as seperate actionforwards in struts-config. You could also seperate that off in a different file from the struts-config.xml by having a sub-app for the menu. The tile does not have to be pure JSP. You can define a tile to go through an action first. Adam On 02/10/2004 05:13 PM [EMAIL PROTECTED] wrote: Struts v1.1 We are currently using Struts and Tiles and have a dynamic navigation menu with 2-3 nested levels for each top-level menu item (over 100 total menu items). Currently, we are generating links with the action mapping and then appending menu parameters to the url to determine what level in the menu hierarchy the user is requesting. The parameters that are passed in the URL are then read in scriptlet code in the navigation menu tile to display the appropriate menu item. Struts Action mappings are pointed to Tiles definitions. The problems with this approach include: 1) All URLs are defined in the ApplicationResources.properties file (e.g., menu.itemA=actionMapping.do?top=topMenuItemsub1=subMenu1sub2=subMenu2). 2) 3-4 parameters passed in the URL for every request to determine navigational hierarchy. 3) A great deal of scriptlet code in the navigation menu tile. I have searched the archive list, Google, and looked at Struts Menu at sf.net and nothing seems to jump out at me. This is my first J2EE project and first Struts/Tiles project, so I may have missed (not comprehended) some things when searching. In my relative inexperience, it would seem that the menu items would be better defined in XML (instead of ApplicationResources), although the link label would need to still be in ApplicationResources for i18n, perhaps just a single key could be passed in the URL, and replace scriptlet code with a tag (custom?). Can any one offer me some insights or point me to some resources that can help me? Thanks much! Zach - The information contained in this communication (including any attachments hereto) is confidential and is intended solely for the personal and confidential use of the individual or entity to whom it is addressed. The information may also constitute a legally privileged confidential communication. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this communication in error and that any review, dissemination, copying, or unauthorized use of this information, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. Thank you -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts 1.1 on Tomcat 5.0.18?
On 02/10/2004 07:38 PM Steve Hill wrote: Is anyone here successfully using Struts 1.1 on Tomcat 5.0.18? I am getting java.lang.IllegalStateException: zip file closed errors with any struts-using code and am wondering if this is a bug and I should go back to an earlier version of one or the other. Thanks. Yes, probably hundreds of people. When do you get that error? Without more details it's impossible to say what you need to do. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need to modify the URL path of the forward dynamically
I do what Andrew does too. I don't see it as being too laborious, considering that I feel the ActionForward's original URL should be good enough as it is in most cases not to need appending to. Otherwise I think I would look at redesigning my approach in a more Struts-like manner. On 02/09/2004 11:12 AM Manjunath Bhat wrote: Hi, You may look into this URL, http://issues.apache.org/bugzilla/show_bug.cgi?id=866 , which addresses similar(same) issue. Also follow the thread redirect=true ActionErrors in this list. Manjunath -Original Message- From: Max Cooper [mailto:[EMAIL PROTECTED] Sent: Monday, February 09, 2004 2:54 PM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Re: Need to modify the URL path of the forward dynamically Andrew's procedure is what my team has done on one project, too. Originally, we tried getting the ActionForward and changing it directly, but it turns out that is a shared instance and changing the original was messing up other requests. After we discovered this problem, we switched to Andrew's scheme of creating a new ActionForward to return from the Action. I posted a message today with a note about dynamically adding a query string to an ActionForward in the URL does not change even after changing action thread. This thread has the details about how to do that. I am interested to hear from other folks if they have a novel way to do this (i.e. add a query string to an ActionForward). Anybody got a better way? -Max - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, February 09, 2004 12:36 AM Subject: RE: Need to modify the URL path of the forward dynamically Need to modify the URL path of the forward dynamicallyGet the Forward instance as usual. Obtain its url string using getPath(). Add your additional parameter to end of string and create a new ActionForward instance that uses the decorated path (and copies the redirect property from the original action forward), and return this new actionforward instance. -Original Message- From: Swaminathan Rajagopalan [mailto:[EMAIL PROTECTED] Sent: Monday, 9 February 2004 16:34 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: Kamal_Poddar Subject: Need to modify the URL path of the forward dynamically Hi, We have a URL in the path attribute of a forward for an action. We need to dynamically append some request variables to this URL in the action class, for they are available only at execution time. How can this be achieved? E.g actionpath=/additionalAccountInfoScreen type=xxx.yyy.zzz.web.control.action.AdditionalAccountInfoScreenAction name=additionalAccountInfoForm validate=false input=previousPage parameter=populateStmt scope=session forward name=url path=http://www.xyz.com/checks/; To the URL path here e.g http://www.xyz.com/checks we need to add accessId=xxx at run time in the action class(http://www.xyz.com/checks?accessId=xxx). Please let us know how this can be done? Regards, Swaminathan Rajagopalan, Ph : (8520261) Extn: 55955 Mail : [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts Tiles: Question Mark characters in page output
On 02/07/2004 10:53 PM eric scroger wrote: Can someone tell me why I'm getting question mark chacters in my output display instead of the actual page content? I'm using Tomcat 4.0.x with Struts 1.1. Question marks in the output can be the result of fmt:message taglibs not finding their given key in the resource bundle. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Examining Response Headers
here's my suggestion: Firebird or Mozilla browser with LiveHttpHeaders extension. On 02/07/2004 12:35 AM Mike Duffy wrote: Robert, DevProxy is a great program for monitoring the request and response headers: http://www.widgetbuilders.com/ I recently did some socket programming. DevProxy was an invaluable tool. You can see exactly what flows through the socket between browser and host. Very good GUI interface. Mike --- Robert Taylor [EMAIL PROTECTED] wrote: Sorry for the OT post, but Googling and searching the mailing list archives are not producing much. I may not be asking the right question though. Anyhow, I need a tool (free) to examine the request and response headers. Any suggestions? robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Examining Response Headers
Allow me to show off my neat request debugger method then, it's what I use for logging the stuff. I have it in my base action class and switch it on or off by the logger level. But you could put it in a JSP instead (with HTML). Specify if you want to see the request params, headers or attributes, and if you want plain text or HTML. /** * Extracts all request properties and values from request and puts * them in * an UL for display or in plain text * * @param request the HTTP Request * @param doParamsenumerate the request parameters or attributes * @param inHtml compile with HTML tags or not * @return a String containing each param name-value pair, in an gt;ULlt; */ public static synchronized String debugRequest(HttpServletRequest request, int doWhat, boolean inHtml) { StringBuffer temp = new StringBuffer(\n); String temp2, temp3 = , sepBegin, sepEnd; Enumeration enums = null; Object obj3 = null; int x; if (inHtml) { sepBegin = li; sepEnd = /li; } else { sepBegin = ; sepEnd = \n; } if (inHtml) temp.append(ul + sepBegin); switch (doWhat) { case SHOW_ATTRS: enums = request.getAttributeNames(); temp.append(REQUEST ATTRIBUTES); break; case SHOW_HDRS: enums = request.getHeaderNames(); temp.append(REQUEST HEADERS); break; case SHOW_PARAMS: default: enums = request.getParameterNames(); temp.append(REQUEST PARAMS); break; } if (inHtml) temp.append(sepEnd); for (x = 0; enums.hasMoreElements(); x++) { temp2 = (String) enums.nextElement(); switch (doWhat) { case SHOW_ATTRS: obj3 = request.getAttribute(temp2); break; case SHOW_HDRS: obj3 = request.getHeader(temp2); break; case SHOW_PARAMS: default: obj3 = request.getParameter(temp2); break; } if (obj3 != null) temp3 = obj3.toString(); else temp3 = + obj3; temp.append(sepBegin + temp2 + == + temp3 + sepEnd); } if (inHtml) temp.append(sepBegin); temp.append(\nTOTAL: + x); if (inHtml) temp.append(sepEnd + /ul); return temp.toString(); } /** * To specify to debugRequest() to display request * parameters. */ public static final int SHOW_PARAMS = 0; /** * To specify to debugRequest() to display request * attributes. */ public static final int SHOW_ATTRS = 1; /** * To specify to debugRequest() to display request * headers */ public static final int SHOW_HDRS = 2; On 02/07/2004 04:00 PM Robert Taylor wrote: Adam, thanks. I did that. The problem is that I need to see request and response headers from different browsers. robert -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Saturday, February 07, 2004 5:59 AM To: Struts Users Mailing List Subject: Re: [OT] Examining Response Headers here's my suggestion: Firebird or Mozilla browser with LiveHttpHeaders extension. On 02/07/2004 12:35 AM Mike Duffy wrote: Robert, DevProxy is a great program for monitoring the request and response headers: http://www.widgetbuilders.com/ I recently did some socket programming. DevProxy was an invaluable tool. You can see exactly what flows through the socket between browser and host. Very good GUI interface. Mike --- Robert Taylor [EMAIL PROTECTED] wrote: Sorry for the OT post, but Googling and searching the mailing list archives are not producing much. I may not be asking the right question though. Anyhow, I need a tool (free) to examine the request and response headers. Any suggestions? robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL
Re: [FRIDAY] YA Stuts In Action / JUnit in Action Trivia Quiz
Hi Ted, it's not gone stale, the questions are just getting hard! The best bit is waiting to see how long it will be before someone posts the answer to the list! And then seeing what their reaction is once they realise what they did! Actually Brian Higdon's answer (to try to 'recall' his mail) was a bit of a disappointment. Are you still out there Brian? Gotta have a grovelling apology! Actually I have more fun trying to find something that is a good Quiz but hard to google, because generally I don't have a clue what the answers to your quizzes are - at least for 15 minutes before someone posts the answer. :) Adam On 02/07/2004 05:04 PM Ted Husted wrote: Last time, we asked contestants to name for a popular science fiction series that featured a psi cop named after a science fiction author 1 The series (Babylon 5) 2 The character (Alfred Bester) 3 The actor who played the character (Walter Koenig) 4 The character this actor played in another famous science fiction series (Chekov) *OR* to list the twelve core practices of Extreme Programming. Turn out was low for this contest, so either the questions were hard, or this bit is getting stale :) Anyway, last week's winner is: * MELISSA L KELLEY (Melissa, please send your surface mail address to [EMAIL PROTECTED], and indicate whether you would like JUnit in Action or Struts in Action) NEXT: To play, correctly answer -- directly to me at [EMAIL PROTECTED] -- one or both of these questions. In The Demolished Man by Alfred Bester, a character used a jingle to help keep himself from being scanned. 1 The first word of the chant is Tenser. How does the rest of it go? In Dune by Frank Herbert, a character used a litany to help him through a time of stress. 2 The first word of the chant is Fear. How does the rest of it go? *OR* + Name your two favorite changes, improvements, or new additions to the Struts Nightly Build since 1.1 was released. Hint: http://jakarta.apache.org/struts/userGuide/release-notes.html. One more addition, currently in progress, is to add a module parameters to several tags to allow linking between modules. [Yes, 1.2.0 will be along shortly :)] Contestants sending -- directly to me at [EMAIL PROTECTED] -- correct answers to the to the bonus question *OR* the SF question to me will be eligible for the next drawing. (the correct answers being the ones I expect). Prior winners excluded (but feel free to play anyway). The contest will run until Thursday, January 15, 2004, 23:59:59, so everyone has a chance to participate. The lucky winner selected from the correct responses will receive their choice of either a signed copy of Struts in Action *OR* JUnit in Action. (Signed only by me, I'm afraid, my co-authors are scattered across the globe -- gotta love the Internet!) PLEASE be sure to reply to [EMAIL PROTECTED] If you have an interesting science fiction or computer science question that is hard, or at least fun, to google, please send it to me. The first to suggest a question that we use also wins! -Ted. PLEASE be sure to reply to [EMAIL PROTECTED] -- Ted Husted, Junit in Action - http://www.manning.com/massol/, Struts in Action - http://husted.com/struts/book.html, JSP Site Design - http://www.amazon.com/exec/obidos/ISBN=1861005512. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Friday] Java in Aus
Since it's Friday, I thought I'd ask you Aussie java guys what the deal is on this strange points system Australia has for its working visas. I thought for a few years I'd never meet the target, whenever I thought about moving to down under. I'm too old, too British, not enough relatives living there etc etc. But then I found the Australian visa site and answered several pages of questions, and then the last one was Do you have any experience with Java Security? - so I clicked the box and with that, it seems I'm eligible for a visa. I tried it all again, and without that Java Security experience, your lovely government wouldn't want me. What's that all about? Adam On 02/05/2004 03:09 AM [EMAIL PROTECTED] wrote: Okay, OT is okay as far as it goes but lets not turn the struts mailing list into a forum for the great Sydney/Melbourne rivalry. Please. Anyway, everyone knows that Canberra is best. :-) Heya Gosper CSC Australia 212 Northbourne Ave, Braddon ACT 2612 Ph: +61 (0) 2 6246 8155 Fax: +61 (0) 2 62468100 MOB: 0401 611779 This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ajay [EMAIL PROTECTED] 05/02/2004 12:53 PM Please respond to Struts Users Mailing List To: Struts Users Mailing List [EMAIL PROTECTED] cc: Subject:RE:[OT]Looking for junior Java/Struts developers hi! thanks for the suggestion. that is pretty much what i had decided to do ie write something and try and market it. however i'd beg to differ on the weather. i dont think cold, grey, wet, clammy, uncertain weather qualifies as good weather esp compared to the sunny predictable weather down here. Quoting [EMAIL PROTECTED]: ajay, The best way to demonstrate you skills is to look for an idea and write something and sell it, you end up as your own boss and you gain the experience. You seem to think the no-experience vs employeers want experience issue is new, but it was the same 15 years or so ago when I started out. You can sit around and frett about it or just get on with it yourself. If you want to work for someone else, that is fine, you just need to work hard and you'll do fine, there are so many lazy programmers out in the market these days that there is a shortage of dedicated professional graduates. Thirdly, move down to Melbourne, the weather is nicer down here:) Chris On Thu, 5 Feb 2004, ajay wrote: when: 2004 where: sydney citizenship: australian the problem though is that most people here thesedays want some level of experience before they are willing to hire you, the trend is a lot towards contract/temp jobs. the problem ofcourse is where to get that elusive experience, and uni project experience doesn't count for anything. so you have this cycle where you are looking to get some experience and most companies want only experienced personnel. and when it comes to tax i believe australia has one of the world's highest tax rate, and sydney is way too pricey. but what i would like to know is whats the scenario outside, like int he states, singapore, UK etc. is there a good demand for qualified but inexperienced IT graduates. would a move abroad be good? Quoting [EMAIL PROTECTED]: Jiin-Her hits the nail on the head I certainly wouldn't want to make 50K while living in Boston or New York City... Here's the cost of living for Herndon VA http://realestate.yahoo.com/re/neighborhood/search.html?sa=c=Herndons=VAz= Cost of living (taxes, expenses, insurance, etc...) can change from town to town even. As the add says you need to move to Herndon VA to live on that 50K. ;) -R^3 On Wed, 4 Feb 2004, Jiin-Her Lu wrote: Depends on when, where, and what is your citizenship. It can be up to $ 85000+ in US. Jiin-Her Lu (816) 926-2145 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- ajay --- Who Dares Wins - This mail sent through IMP: www-mail.usyd.edu.au - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian
Re: Request.getParameter()
On 02/06/2004 11:11 AM Kamal Gupta wrote: Can I set the request to null once I have got the value i required. I have a parameter which has to be set to null in the request object once it is been used as i dont want that request to go to the next page No, you're not allowed to edit the request parameters. You can set and remove request attributes though. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Looking for junior Java/Struts developers
oh come off it Andrew you don't need a car in Singapore. The public transport there is excellent - and anyway, where are you going to drive to? I guess I'm biased though. I hate cars. On 02/04/2004 05:49 PM Andrew Hill wrote: Least you can afford a car in Herdon VA. Over here even a simple Toyota Camry will set you back $110k (about $64k US). grumblemuttercurse sigh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, 5 February 2004 00:38 To: Jiin-Her Lu Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Looking for junior Java/Struts developers Jiin-Her hits the nail on the head I certainly wouldn't want to make 50K while living in Boston or New York City... Here's the cost of living for Herndon VA http://realestate.yahoo.com/re/neighborhood/search.html?sa=c=Herndons=VAz = Cost of living (taxes, expenses, insurance, etc...) can change from town to town even. As the add says you need to move to Herndon VA to live on that 50K. ;) -R^3 On Wed, 4 Feb 2004, Jiin-Her Lu wrote: Depends on when, where, and what is your citizenship. It can be up to $ 85000+ in US. Jiin-Her Lu (816) 926-2145 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why doesn't ActionForm's constructor have access to HttpServletRequest?
Have I missed something here? What is wrong with using the reset method instead of the constructor? That gives you the mapping and the request as parameters. On 02/03/2004 08:17 AM Michael McGrady wrote: I think you really want something other than an ActionForm if you want to do this. Why anyone would use an ActionForm to do this makes no sense to me. If you want the request object, then it is in the Action. That is where it should be. At 06:59 PM 2/2/2004, Martin Cooper wrote: I can't read Craig's mind ;-) , but I would say that the main reason an ActionForm's constructor doesn't get passed the request (or anything else) is because it is (intended to be) a form *bean*. One of the primary characteristics of a JavaBean is that is that it must have a no-args constructor. That allows it to be instantiated from anywhere. Passing a request instance to the constructor presupposes that an ActionForm is constructed only in the context of a request. A secondary reason, in my mind, is that passing a request to the constructor would encourage people to stash it away as member data, which would not be too cool if the bean was created in session scope... -- Martin Cooper Jeff Skubick [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Is the absence of a reference to the HttpServletRequest object that triggered the creation of a new ActionForm object in its constructor a historical artifact or oversight, or was it an intentional decision whose motivation and rationale remains 100% valid and relevant today? At the moment, I'm in a quandry. I see no way to usefully use nested form beans to encapsulate administrable users in my web app without somehow getting a hold of a list of objects representing those administrable users from the session context of the user who's administering them (the list's composition depends partially upon the user doing the administration) so I can prepopulate the list for its initial display. On the other hand, I'm worried that ActionForm's original creator was absolutely determined to keep ActionForm's constructor from ever knowing anything about the user or request that triggered its creation in the first place for some reason, like Struts casually re-using old ActionForm instances to satisfy new requests. On the other hand, I know it might just be a historical artifact that seemed like a good idea at the time, but doesn't really have any major implications either way. So... if I implement my own RequestProcessor class that overrides the default processActionForm method to call my own ActionForm-extending bean's constructor an explicitly pass it a reference to the HttpServletRequest object so it can fetch the HttpSession object and find the object that tells it everything else it needs to know to pre-populate the form bean prior to display, am I violating any sacred assumption made by other parts of Struts? Or am I OK? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Guidelines and steps for architecting a struts application
On 02/02/2004 11:20 PM Al Rathon wrote: Hi: I am developing a simple application (basically does CRUD operations on various entities in the application). I want to use the Tiles, Validator also. I would like to know what steps I need to follow to design the architecture. Check out 'MVC' architecture. model-view-controller. There must be a hundred good references on the struts site. As for tiles, it provides an excellent framework for seperating HTML (or whatever mark-up) for a page into modules, which works very well with modern CSS implementation to allow fast and easy design, building redesign of the website interface. Validator automates validation for you - it won't drastically influence your design - just make your development time faster. HTH Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Response not XHTML-comliant when using html:html xhtml='true'
On 02/03/2004 12:35 PM Andreas Amstutz wrote: Ok folks, thanks for the input on this topic. The quick and dirty solution for my problem was to download the struts source. Changing the xhtml class member's default value from 'false' to 'true' and buid it. Ohh, I really should have done that much earlier! Andreas, if I remember correctly, I didn't get the error you were getting and I suggested a solution but didn't see any feedback. Did you try it? The html:xhtml / in each tile? Did you log a bug? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Populating a DynaActionForm with a complex object graph
Hi Doug, your title threw me off the scent a little but I think what you are looking for is nested beans. HTH Adam On 02/03/2004 03:58 PM Doug Dixon wrote: OK, I've starting off down the Map-backed, manual indexing route, and it's grim... It forces me to have model logic in three places - the JSP (to create the keys into the map) and the two action classes (prepopulate, then handle submit). Is there a more elegant way of doing this stuff? (Or are there any plans to provide this functionality in future releases?) Thanks Doug -Original Message- From: Doug Dixon [mailto:[EMAIL PROTECTED] Sent: 31 January 2004 11:50 To: '[EMAIL PROTECTED]' Subject: Populating a DynaActionForm with a complex object graph Hi I'm trying to populate a DynaActionForm dynamically, using this how-to as a starting point: http://www.developer.com/java/other/article.php/2233591 Because the number of elements in my form can vary at runtime, I take the advice near the bottom of the article: You can even dynamically specify the size of the form (and prepopulate it) at run time [...] by using an Action instead of a forward to precreate the form-property value, and leaving the size parameter out. The actual can then create an array of the appropriate size and prepopulate values.. So my Action instantiates the right number of beans in the form and then hands off to the JSP, no problem. However, my model isn't a simple array (as in all the examples I can find) - it's a complex object graph: I have one or more Flights, each of which can contain one or more Passengers, each of which has multiple properties (name, etc.) This means I need another level of iteration, a bit like this (if it worked!): c:forEach var=flight items=${myBeanForm.map.flights} Flightbr/ c:forEach var=passenger items=${flight.passengers} Passengerbr/ Name: html:text indexed=true name=passenger property=name /br/ /c:forEach /c:forEach This doesn't work - I just get HTML like this: Flightbr/ Passengerbr/ Name: input type=text name=passenger[0].name value=Dougbr/ Flightbr/ Passengerbr/ Name: input type=text name=passenger[0].name value=Elvisbr/ Which obviously won't work I need to end up with something like Flightbr/ Passengerbr/ Name: input type=text name=flight[0].passenger[0].name value=Dougbr/ Flightbr/ Passengerbr/ Name: input type=text name=flight[1].passenger[0].name value=Elvisbr/ Does anyone know if there is some way of doing this with DynaActionForms? Or am I going to have to do nasty manual indexing with Map or List backed ActionForms? -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Response not XHTML-comliant when using html:html xhtml='true'
Use this instead in your tiles: html:xhtml / I validate my tiles xhtml the only error I ever get is one saying that I shouldn't be using the onclick event due to accessibility issues. Adam On 01/31/2004 10:46 PM Michael McGrady wrote: I have run into similar difficulties with Tiles and have just made do. I welcome all insights in this area. Glad this issue is getting air. At 07:59 AM 1/31/2004, you wrote: Thanks for the anwers so far. But it is not working for me, because I still have this extra html tags included. I have done the following xperiments: tiles:insert page=../includes/navigation.jsp / jsp:include page=../includes/navigation.jsp/ %@ include file=../includes/navigation.jsp % page:applyDecorator name=sidenav page=/WEB-INF/jsp/includes/navigation.jsp / All of them included extra html I simply do not get it! Maybe some of you can put some light on this mystery :-) Here is my code: --- main.jsp --- %@ taglib uri=struts-htmlprefix=html % %@ taglib uri=struts-tiles prefix=tiles % %@ taglib uri=sitemesh-page prefix=page % %@ taglib uri=sitemesh-decorator prefix=decorator % !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; %@ include file=../includes/navigation.jsp % (printable version) includes/navigation.jsp %@ taglib uri=struts-html prefix=html % [] Search --- And this is the output: --- Search div id='content' style=border: solid red 1px The current count is... big2/big p small (a href=?printable=trueprintable version/a) /small /p /div /body /html --- validation results: --- Document type does not permit element html in content of element body. Document type does not permit element div in content of element html. Value of attribute method for element form is invalid; Value must be one of {get,post}. Document type does not permit element input in content of element input. Close tag for element /input omitted but document type doesn't permit it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]