RE: How to reset a form
You can try to tell the container not to cache the pages. This way each time a page is requested the browser it's (should be) asking the container for it, so you might get the new values. It has some drawbacks (a Refresh page) so you should test it to see if it's fit. If you use the ActionServlet it should look something like this: action org.apache.struts.action.ActionServlet nocache true HTH Cezar -Original Message- From: Koni [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2003 11:01 AM To: [EMAIL PROTECTED] Subject: How to reset a form I have a form with two select boxes. When I change something in selectbox_1 the selectbox_2 changes also (by javascript). After successful saving the stuff I return to the same page. Unfortunately this page shows still the old values!? After pressing reload in the browser, the correct values show up. How can I reset a form in my Action? I tryed the method form.reset() but it still shows the old values. Any Ideas to show the new values? Has someone similar problems? Thanks Koni - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: login test in a jsp page - any suggestions
Hi Dave, You have more choices to do user authentication, depending on your application's need, your experience and determination :) 1. you can put it in every jsp but just think at the maintenance. Having to modify all those jsp for one little change is not that fun. 2. If you use struts you can check for user in every Action and depending on the result forward him to the proper page. This again is difficult to maintain if you have many Actions but it easy to do and understand 3. Extend RequestProcessor class so you can write your code in just one place. RequestProcessor is called before any Action. I don't have any link to example but I think someone here will help you with this ;) 4. Security constraints / container authentication, related to Tomcat as I understand is well documented on http://jakarta.apache.com/tomcat/ The advantage of this method, less code and centralized authentication. It seems to be the most used method around here 5. Filter authentication, similar in a way to container, the same advantages. Basic you create a class that does the authentication against database etc, and you modify web.xml file to direct all the requests by the filter. 6. A method I didn't try yet and don't know much about, use of a tag-lib on every jsp to do the authentication. These are the methods I found reading posts going back to 2001 in this mailing list. I use this link to search the mailing list: http://marc.theaimsgroup.com/?l=struts-user&r;=1&w;=2 HTH, Cezar > -Original Message- > From: David Thielen [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 26, 2003 4:16 PM > To: Struts-Users > Subject: login test in a jsp page - any suggestions > > Hi; > > I want to put a test in every jsp page to see if the user is logged in. And > if not, to forward them to login.jsp. Is there any way to do this other than > putting java code in my jsp? I'm hoping there is some struts system like > . > > > (Yes, I can have everything be an action that does this test and then goes > to the jsp page - but in that case what if they type the path for the jsp > page directly?) > > thanks - dave > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Validator JavaScript and html:radio buttons
Hi Matt, As the other said I would suggest to have one button already selected unless your business logic says not to suggest something to the user. I think your generated Javascript doesn't check to see if at least one button is selected. Can you post the JS code and the code for the submit button? >From the top of my head, you should have something like this in your Javascript code: function Validation() { - if (document.FormName.outcome.value == "") { alert("Please choose one outcome !") document.FormName.outcome.focus() return } - document.FormName.submit() } I'm not sure if you should check for "" or null. HTH, Cezar -Original Message- From: Matt E [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 12:31 PM To: [EMAIL PROTECTED] Subject: Validator JavaScript and html:radio buttons Hi all. I have two radio buttons on a page, one both named "outcome" one with the value of "Accepted" and one with the value of "Rejected". In my validation.xml file, I say that outcome is required. The Javascript checking generated by the Validator framework doesn't give an error if neither on is selected, however the backend will, and produce an error I can see with the tag. How do I get the javascript to check the radio buttons to make sure one is selected? __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: html in ActionMessage resource keys?
Hi, I used HTML code to customize the way errors are displayed e.g.: errors.header=Error error.username.required=Please enter your username error.password.required=Please enter your password error.login.invalid=Invalid login error.noValues.invalid=You didn't enter any value ! errors.footer= and everything worked fine. The way I call for errors in the jsp is : I also used: for displaying a message from Application.properties where the message contained HTML tags: someAction.updatefailed=Update failed ! You don't have the proper permissions ! and everything worked fine. HTH, Cezar -Original Message- From: Mikael Eriksson - Swedish Connection [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 4:53 PM To: Struts Users Mailing List Subject: Re: html in ActionMessage resource keys? Hi! Try to do the bean:write like this The filter="false" tells it to not replace special characters to entities. Regards Mikael At 17:04 2003-08-25 -0400, you wrote: >Hi, > >I am wondering if html tags, such as , be used in the message >resource bundle keys? I want to have some formatting for an >ActionMessage, similar to what one gets using the ActionErrors and the >errors.prefix, errors.header and errors.footer keys (by default = , >, respectively). > >When I create a message key in my resource bundle, such as >messages.warning.general=Warning,the following problem occurred {0} > >and use the following type of tag to display the message: > > > > > >I get the following in the html source: >Warning,the following problem occurred:
access problem > >What I want is the following: >Warning,the following problem occurred: access problem > >Thanks, >Nancy > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Authentication Filter not working
Hi Jing, >Using container security or servlet filter are equivalent when protecting >web applications. We have a topic with sample security constraints at >http://www.netspread.com/tips2.html#mvc >in which you could put 'nobody' role to deny any direct access to your >JSP pages in web applications. No codes here. I followed the link and I think this can be a nice solution for not having to place the jsp files under WEB-INF but I didn't see (I must confess I didn't have the time to look any further than the link you gave me) how one can do authentication against database for checking username / password. I'll look more into the subject this week. >I would say you might want to check if you have removed the "LoggedIn" >object from the session from the logout action class... I removed the object before doing a session.invalidate() >Even I set "nocache" to true, the end users could get Page has Expired >warning message. The the users could do a hard Retry, they get the pages >again. Have you tried this before? I tried it, and it's true what you say, but once the session is invalidated with the authentication I have in place right now they are redirected to the logon page. What I'm looking now for, with the filter, container authentication, security contraints, etc, is an easiest way (less redundant code, centralized method) to do the user's authentication. >Jing Thanks a lot ;) Cezar > On Fri, 2003-08-22 at 18:12, Jing Zhou wrote: > > I would prefer to use the security constraints to protect > > sensitive area. And in the logout action class, invalidate > > the user's session and then forward to /logout.html. > > > > In the logout.html page, you could add JavaScript > > statement on top of it: > > > > location.replace('/thank_you.html'); > > > > Once the thank_you.html is shown, the Back button > > is disabled. The user will have no chance to back. > > Make sure the thank_you.html is outside the security > > constraints. > > > > Jing > > Netspread Carrier > > http://www.netspread.com > > > > > > - Original Message - > > From: "Cezar Nasui" <[EMAIL PROTECTED]> > > To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > > Sent: Friday, August 22, 2003 2:15 PM > > Subject: Authentication Filter not working > > > > > > > Hi all, > > > > > > I try to use a filter for the authentication so I created a class which > > > implements filter with the following doFilter method (I found this in a > > > post) > > > > > > > > > public void doFilter(ServletRequest _request, ServletResponse _response, > > > FilterChain _chain) > > > throws IOException, ServletException > > > { > > > String redirectFailure = "/logon.jsp"; > > > > > > HttpSession session = > > ((HttpServletRequest)_request).getSession(false); > > > if ((session == null) || (session.getAttribute("loggedIn")== null) ) > > > { > > > context.getRequestDispatcher(redirectFailure) > > >.forward(_request,_response); > > > } > > > else { > > > _chain.doFilter(_request, _response); > > > } > > > } > > > > > > > > > I added this in the web.xml file: > > > > > > > > > SessionFilter > > > dbmanager.SessionFilter > > > > > > > > > SessionFilter > > > /DBManager/* > > > > > > > > > > > > and I also : > > > - setted nocache to true for the Action servlet > > > - in lofgoff I invalide the session I create in login along with the > > > loggedIn variable > > > > > > The problem : when I log out and then do a back to the last page > > everything > > > is working !!! > > > > > > I overlooked something, any ideas? > > > > > > Thanks, > > > Cezar > > > --- > > --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
User authentication methods (or ways to login a user)
Hi, I'm new to Struts and to getr used to it I developped an application which has to log in a user by checking records in a database. After reading more posts about user authentication I've got puzzled and now I try to clarify this thing. I identified the following ways to do the authentication: 1. session variable on user login, check the variable on each action 2. filter authentication 3. security contraints = container authentication (?) 4. using a tag in each jsp for the validation Are there any other methods? As for what method should one use I think depends on many factors like the complexity of the application, habits, etc but the first method is not for use in applications with many Actions as you'll need to add session validation code in each action = more difficult to develop and maintain. Any other things one should know before considering one of this methods? Thanks, Cezar --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Authentication Filter not working
Hi all, I try to use a filter for the authentication so I created a class which implements filter with the following doFilter method (I found this in a post) public void doFilter(ServletRequest _request, ServletResponse _response, FilterChain _chain) throws IOException, ServletException { String redirectFailure = "/logon.jsp"; HttpSession session = ((HttpServletRequest)_request).getSession(false); if ((session == null) || (session.getAttribute("loggedIn")== null) ) { context.getRequestDispatcher(redirectFailure) .forward(_request,_response); } else { _chain.doFilter(_request, _response); } } I added this in the web.xml file: SessionFilter dbmanager.SessionFilter SessionFilter /DBManager/* and I also : - setted nocache to true for the Action servlet - in lofgoff I invalide the session I create in login along with the loggedIn variable The problem : when I log out and then do a back to the last page everything is working !!! I overlooked something, any ideas? Thanks, Cezar --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Whats the security trick for not permiting the browser back button on SignOut?
Hi Edgar, this is what I do but it will never diable the Back button. By any chance did you tried to : - do the log out then - click browser's Back right to the first page after signup, - do a Refresh and then - try your links from this page. Could you tell me the result please? I looked at many post, I saw the "token" example used for not submiting twice the data to the database on refresh but I could make it work on Login. The token example suggest that you can control the form (you arrive to it from an action so you can add the save(token) line) but it doesn't work for the Login case where the form is on the first page of the app. Brad adding the line for replacing the browser history implies that you have to add this line to every page that can be called from the page you want to "hide". Is it true? And again where do you add the line? In the of your jsp page? Cezar -Original Message- From: Edgar Dollin [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 8:49 AM To: 'Struts Users Mailing List' Subject: RE: Whats the security trick for not permiting the browser back button on SignOut? Just invalidate the session when the user logs out. Edgar > -----Original Message- > From: Cezar Nasui [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 21, 2003 5:30 PM > To: 'Struts Users Mailing List' > Subject: RE: Whats the security trick for not permiting the > browser back button on SignOut? > > > Hi Brad, > > Isn't suggested not to use with Struts direct links to the jsp pages? > >> > I don't recall exactly if this is the code needed to > "erase"/change the location but it looks just like simple > html link and still I think this doesn't solve my refresh > problem I mentioned before > > Cezar --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Page After Login - Refresh problem
Hello, I used Struts to develop a web app which has a login form to permit access to different functionnalities via a menu page. I use a session var I set at login to check if the user has not logged out. The problem that I have is, once I do the logoff, if I use the Back button of the browser to the menu page and do a refresh a new session gets created and I'm able to use the app. I have a filter to do the verification but I tried before doing it in each Action and I have the same problem. I don't access .jsp pages directly, I have an Action for each of them. I read some posts but none seems to talk about my specific problem. It sounds like a begginer caveat but I have no idea what should I do or what am I doing wrong. Any help appreciated, Cezar --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Whats the security trick for not permiting the browser back button on SignOut?
Hi Brad, Isn't suggested not to use with Struts direct links to the jsp pages? >> I don't recall exactly if this is the code needed to "erase"/change the location but it looks just like simple html link and still I think this doesn't solve my refresh problem I mentioned before Cezar -Original Message- From: Brad Balmer [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 8:07 AM To: Struts Users Mailing List Subject: Re: Whats the security trick for not permiting the browser back button on SignOut? I ran into a similar problem with my login application. What I did was simply replace the page name that is put in the history with a page that I wanted. Cezar Nasui wrote: >Hi Henry, > >The problem I noticed is if you go Back to the first page after login and >make a refresh on that page you will be able to navigate again in your app >as a new session is created 'cause refresh re-post the login data. >Your app does that? Do you know any solution for this one? >I think with some JavaScript you can erase the history of the Back button. I >don;t recall exaclty the code but I'll look for it. What I want to know is >if it's a good method as we know we shouldn't rely on user's settings (ex. >Javascript not enabled). > >Cezar > >-Original Message- >From: Henry Voyer [mailto:[EMAIL PROTECTED] >Sent: Wednesday, August 20, 2003 7:30 PM >To: [EMAIL PROTECTED] >Subject: Whats the security trick for not permiting the browser back >button on SignOut? > > >Hi fellow Strutser > >I have implemented securityFilter (http://securityFilter.org) in my struts >app. >But once i log off i can press the browsers back button and go back to the >users content page. >He cant do any action since the securityFilter dont let him but he can still >see the pages he already accessed. i would like to know how to implement >the redirection to signIn page for the browser back button once he SignOut. > >I have seen the examples of the Apache Admin site and the security app >examples but i cant find how they do this. > >So guys whats the trick? > >Regards and thanks for all those who worked on the securityFilter and struts >examples. > >_ >Add photos to your e-mail with MSN 8. Get 2 months FREE*. >http://join.msn.com/?page=features/featuredemail > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > >--- >Incoming mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/2003 > >--- >Outgoing mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/2003 > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: changes in application.properties does not vent itself ...
Hi Usualy restarting Tomcat or reloading the app from Tomcat Maanger should do the trick, Maybe try clearing the cache of the browser, HTH, Cezar Hallo, i want to try to change some value in application.properties file : welcome.title=myTest Application but browser shows still the old value. I was tied to restart application (unzipped war), application server (JBoss) and all computer too, but there is stil old value. Where can be mistake? my konfiguration: Struts 1.1, JBoss 3.2.1 with Tomcat container, JDK SUN 1.4.2, OS Linux and Win too Thanks, Jiri --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Whats the security trick for not permiting the browser back button on SignOut?
Hi Henry, The problem I noticed is if you go Back to the first page after login and make a refresh on that page you will be able to navigate again in your app as a new session is created 'cause refresh re-post the login data. Your app does that? Do you know any solution for this one? I think with some JavaScript you can erase the history of the Back button. I don;t recall exaclty the code but I'll look for it. What I want to know is if it's a good method as we know we shouldn't rely on user's settings (ex. Javascript not enabled). Cezar -Original Message- From: Henry Voyer [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 7:30 PM To: [EMAIL PROTECTED] Subject: Whats the security trick for not permiting the browser back button on SignOut? Hi fellow Strutser I have implemented securityFilter (http://securityFilter.org) in my struts app. But once i log off i can press the browsers back button and go back to the users content page. He cant do any action since the securityFilter dont let him but he can still see the pages he already accessed. i would like to know how to implement the redirection to signIn page for the browser back button once he SignOut. I have seen the examples of the Apache Admin site and the security app examples but i cant find how they do this. So guys whats the trick? Regards and thanks for all those who worked on the securityFilter and struts examples. _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]