from:"Phil Steitz"

Re: Problem in deploying struts app in production environment. Pls help

2003-11-22 Thread Phil Steitz

Samanth Athrey wrote:
Hello,
Am using struts1.1, tomcat 4.1.27. During development there was no
problem. But when the same was deployed on th production server, not a
single page was displayed correctly. Struts code is displayed as it is.
When I click on a link, the .do page it says cannot be displayed.
All the jar files are in place and the production environment is a
replica of my development envi. Is there something that am missing here?
Pls help.
Regards,
Samanth Athrey
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Recheck all of the steps described here:

http://jakarta.apache.org/struts/userGuide/installation.html

especially setting up the struts controller servlet in web.xml:

"Modify the WEB-INF/web.xml file for your web application to include a 
 element to define the controller servlet, and a 
 element to establish which request URIs are mapped to 
this servlet. Use the WEB-INF/web.xml file from the Struts example 
application for a detailed example of the required syntax."

Phil

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Web Page acess to struts-user archive?

2003-06-03 Thread Phil Steitz

Leander Jedamus wrote:
Hi!

Try http://marc.theaimsgroup.com/?l=apache-httpd-users&r=1&w=2
I think you meant

http://marc.theaimsgroup.com/?l=struts-user&r=1&w=2

This archive seems to get updated very quickly.

Am Montag, 2. Juni 2003 16:47 schrieb José Fortunato H. Tomás:

Hi!

Is there any Web Page to query and access to the history or archive for
this mailling list?
Tnx!






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: LDAP client API?

2003-04-02 Thread Phil Steitz

Adolfo Miguelez wrote:
Hi All,

quick question. Is there any LDAP client project in the Jakarta/Apache 
set of projects.

Otherwise, is there any open source outside?

TIA,

Adolfo


Adolfo,

I agree with Jose, you should first look at JNDI.

If you really need an LDAP client SDK, I would suggest the Netscape LDAP 
Java SDK which is freely available (with source) at

http://www.mozilla.org/directory/

Novell has also contributed an SDK to OpenLDAP, which you can find at

http://www.openldap.org/

hth,

Phil







_
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Does a degree matter?

2003-03-29 Thread Phil Steitz

Craig R. McClanahan wrote:
On Sat, 29 Mar 2003, Arron Bates wrote:

Date: Sat, 29 Mar 2003 20:36:21 -0600
From: Arron Bates <[EMAIL PROTECTED]>
Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
To: Struts Users Mailing List <[EMAIL PROTECTED]>
Subject: Re: Does a degree matter?
Brandon,

If you can do the deed (which it sounds like you can), I would hazard offering
my opinion in thinking that it wouldn't be the best use of your time. By
education I'm a graphic designer, not a computer scientist. First job was web
design, programmer ever since. Results... I've only had two places not take me
on because it's not a computer degree. Two interviews of hundreds.

My personal experience (both for myself and for folks I have hired over
the years) mirrors this -- indeed, my personal opinion is that a Comp Sci
degree is worth less (to me as an employer) than a degree in some field
that is more closely associated with the general needs of potential
employers.
Why?  A couple of reasons:

* Many folks who go for Comp Sci degrees obsess over learning the
  particular technologies being taught in their classes, at the expense
  of courses to improve your general thinking skills.  Any specific
  technology you learn in your first year is going to be totally
  obsolete by the time you graduate from the program anyway, so why
  bother?  The important skill to employers (at least from my viewpoint)
  is that you've learned how to quickly adapt your existing skills to
  new technologies as they become available.  Also, the fundamentals
  of good architecture and design practices tend to change much more
  slowly than the favorite language de jour -- so if you decide to go
  for Comp Sci, focus on fundamentals like O-O, design patterns,
  and so on.
* Many folks who go for Comp Sci degrees are so focused on the technical
  things, and don't accumulate any domain knowledge along the way that
  would make you *more* valuable to potential employers than another
  Comp Sci graduate with similar skills.  If you're building e-commerce
  systems, do you know anything about the fundamental accounting
  principles involved in tracking purchases?  If you're building
  systems to introduce novices to the world of online information,
  have you ever studied any human factors engineering?  If you're
  building trading systems for a Wall Street broker, do you have the
  slightest idea how stock and commodity exchanges work?
It may surprise some of you to find out that I don't have a Comp Sci
degree at all -- instead, I got a BA in Business with a focus on
Accounting.  This was ***tremendously*** helpful in setting me apart from
everyone else who was learning programming and systems analysis in those
days -- I could immediately communicate with the end users responsible for
the systems we were building, using their vocabulary, without having to be
trained -- in addition to the fact that I was a fair-to-middlin'
programmer :-).
If you are looking at going to college today (either because it's that
time in your life, or because the job market sucks right now), I would
suggest thinking about a primary major other than Comp Sci (with a Comp
Sci minor to keep your hand in on all the technical stuff).  The name of
the game is making yourself more valuable, relative to everyone else out
there -- and, quite frankly, there are more interesting things in the
world than just computers and web apps :-).
Craig

As someone who has hired and been hired many times over the years, I 
have to agree with the main point above in terms of market value for a 
CS degree per se -- not a big differentiator.  The most important 
question to ask, in my mind, is are you *interested* in computer science 
and will the programs that you are considering add value to you 
personally. If you really have an interest in CS, it can be an excellent 
field of study for developing the cognitive skills and discipline that 
really can make a difference in solving hard technical problems and 
learning new technologies quickly.   So can math, engineering, business 
or virtually any academic discipline with an exacting technical 
component. In my experience, people who have mastered a technical 
discipline of some sort tend to be better at technical learning. Given 
the pace of technology change, technical learning ability is the most 
important quality in a technologist of any kind today, IMHO. This is 
what I look for when I hire people.

So...bottom line is that I would recommend pursuing a CS degree if a) 
you have a genuine interest in CS and b) you find a program that focuses 
on the foundations/fundamentals to avoid the pitfalls that Craig 
mentions above.

-Phil

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Use messages from ApplicationResource.properties for an e-mail

2003-03-25 Thread Phil Steitz

[EMAIL PROTECTED] wrote:
Is there a way to force the Locale?
I have a requirement, for  user, say in en_US locale, to send an email that will have 
standard notes to a user that is in, say Germany (de or de_CH).

So I need to se the locale only when I try to get the message, not 
change it fr the user.

See 
http://jakarta.apache.org/struts/api/org/apache/struts/util/MessageResources.html 
getMessage can take a locale as its first argument, if this is what you 
mean.

 
  _  

Thank You
 
Mick Knutson
 
Sr. Designer - Project Trust
aUBS AG, Financial - Zürich
Office: +41 (0)1/234.42.75
Internal: 48194
Mobile: 079.726.14.26
  _  



-Original Message-
From: Phil Steitz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003 6:05 AM
To: Struts Users Mailing List
Subject: Re: Use messages from ApplicationResource.properties for an
e-mail
Raible, Matt wrote:

I have a requirement to send a notification e-mail when an item in my app is
deleted.  I was hoping to use a string (post-substitution) from
ApplicationResource.properties to do this, but alas, it does not work like I
hoped.  Is this possible without loading it as a ResourceBundle and calling
getString()?


The struts MessageResources class encapsulates the ResourceBundle and 
will perform the substitution.  Use:

MessageResources messages =
MessageResources.getMessageResources("ApplicationResources");
String msgText =
messages.getMessage("cr.deleted.msg", deletedBy, appURL);


// deletedBy and appURL are set previously as String variables

new ActionMessage("cr.deleted.msg", deletedBy, appURL).toString()


results in...

[EMAIL PROTECTED]

Thanks,

Matt



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Use messages from ApplicationResource.properties for an e-mail

2003-03-25 Thread Phil Steitz

Raible, Matt wrote:
I have a requirement to send a notification e-mail when an item in my app is
deleted.  I was hoping to use a string (post-substitution) from
ApplicationResource.properties to do this, but alas, it does not work like I
hoped.  Is this possible without loading it as a ResourceBundle and calling
getString()?
The struts MessageResources class encapsulates the ResourceBundle and 
will perform the substitution.  Use:

MessageResources messages =
MessageResources.getMessageResources("ApplicationResources");
String msgText =
messages.getMessage("cr.deleted.msg", deletedBy, appURL);

// deletedBy and appURL are set previously as String variables

new ActionMessage("cr.deleted.msg", deletedBy, appURL).toString()

results in...

[EMAIL PROTECTED]

Thanks,

Matt



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: case study with security

2003-03-23 Thread Phil Steitz

Dan Allen wrote:
After reading the suggestions, I am going to go with two different
actions for setting up the form.  In order to use container managed
security most effectively, I am going to prefix paths with admin
restrictions with admin/ for ease of filter matching.
So 

/EditAccount

/admin/EditAccount?user=username

Then I will make a common abstract Action class for editing an
account which both actions will extend to make use of the common
routines.  The /EditAccount will not listen to any query params but
rather use the current session data as the data to populate the form
with, whereas the /admin/EditAccount will use the user parameter to
lookup the user using the DeskPhone as suggested.  This way, all the
security is controlled by the container, but the logic is left in
the action for simply setting it up as instructed (with no checks
for security).
Thanks for the input and append anywhere I have deviated from the
suggestion.
Dan

Looks like a good solution to me.  I agree that it is best to keep all 
of the security policies declaratively defined. I also like to keep the 
link between the logged in user and his/her account "automatic" (i.e., 
determined by the system and looked up as close as possible to the model 
updates) whenever possible.  Your solution does both of these things.

Note, btw, that I did not mean to recommend "desk phone" as a generic 
identifier.  Obviously, a) the "lookup" key best for your admins to use 
depends on your application and b) whatever you use, it has to be 
unique. The app that I took the example from enforces this.

Phil

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: case study with security

2003-03-23 Thread Phil Steitz

Dan Allen wrote:
There have been several discussions on this list about how security
should be loosely coupled with the ActionServlet itself (a filter on
top of the application), but I am curious to know the best
practicing for handling the following type of case.
Assume I have an action with a path of /EditAccount.  Naturally if a
user is not logged in, this path should be protected via filtering.
However, /EditAccount has two purposes, one for the regular user to
edit his/her own account, but also for the administrator to edit any
user account via the query string ?user=username.  In this case, I
have to check in the action class if the user is allowed to take on
the role of another user in which case the form is populated with
that user's data or, if not, the form should populate with the
user's own data.
Is this something that is reasonable to do in the action, or should
I create another action path /EditUserAccount?user=username and
filter that to only admins and then forward to the /EditAccount once
the proper credientials have been established, hence relieving the
action behind /EditAccount from looking at any roles?
Assuming that you are using container-managed security and roles, you 
can do it with one action by having the action ignore the user parameter 
unless the user is an administrator. You can check if the user is an 
administrator using
if (request.isUserInRole("whatever-you-named-the-admin-role")).
If the user is not an administrator, you can use request.getRemoteUser() 
to get the user id and then populate the form based on the user's own 
data.  Here is a similar example:

if ((frm.getDeskPhone() != null) &&
   (request.isUserInRole(Constants.ADMINISTRATOR))) {
rd.setDeskPhone(frm.getDeskPhone());
rd.retrieveByPhone();
} else {
rd.setUid(request.getRemoteUser());
rd.retrieveByUid();
}
...use rd to populate current profile data onto frm...

In this example, the "deskPhone" parameter is what the admin uses to 
loookup a user.  The rd object is an entity-like bean that represents a 
user.

If you decide to use separate Actions for admins and users -- 
eliminating the need for the conditional logic above -- you should make 
sure NOT to leave the user parameter in the queryString for the 
non-administrators or to add a check in the non-admin action to make 
sure that the user is editing his/her own profile.  In this case, you 
should also encapsulate the common elements that both "editAccount" 
actions will share.

Which approach is best depends on the complexity of the application and 
how you expect it to evolve over time. The second approach -- different 
actions for admins -- is more flexible but a little more work to implement.

hth,

Phil



Dan





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Data driven struts application

2003-03-14 Thread Phil Steitz

Thanks, Craig.

I understand a lot better now, but I am still struggling a bit.

What you seem to be saying is that for read-only access we can safely 
"skip" the value/business object encapsulation; but for updates, we 
should use real BOs.  This asymmetry troubles me; though I see the 
appeal in terms of developer productivity.  I still see the risk of 
becoming persistence-implementation dependent, however, even with 
"externalized SQL" and field name normalization using AS. I see how the 
"Dynamic" model easily accomodates adding new fields to views, etc; but 
what happens when you decide to re-engineer the data model or to bring 
in a new datasource altogether?  Or when you need to add "derived fields"?

Consider the following example.  Suppose that I am developing an online 
 banking site, enabling customers to do both inquiries and updates on 
their accounts. The account info is stored in an RDBMS and I use 
Dyna-stuff to hit the store directly (using a "model-free" BO) with SQL 
queries, quickly generating a flexible infrastructure for account data 
retrieval.  For updates (only?) I develop a traditional middle tier, 
with BOs and VOs modelling the domain and encapsulating the business 
logic.  All is well and good until my company acquires another bank that 
has a "legacy" back end.  If my "update" BOs and VOs are cleanly 
defined, I will not have much of a problem engineering "connectors" to 
the new system so that the new accounts can look no different from the 
others; but I will be SOL for account retrieval (unless, once again, I 
am missing something). This example may seem contrived; but this kind of 
thing does happen.

One more point on the "adding fields" topic.  I understand and agree 
with the basic point that if you use VOs, you need to keep them in synch 
with the model and you also need to keep the view in synch with them and 
that takes time.  It also forces some analysis to be done, adds 
compile-time type checking, enhances readability of code and makes it 
easier to keep track of what data elements are being used in what way by 
what functions (so that implications of changes to the underlying data 
can be understood and fully tested). Call me a geezer; but somehow I 
prefer UML to SQL for design documentation. If the only artifacts 
expressing the design of the "read-only view" are SQL properties files, 
how do you keep these consistent with the model expressed in the BOs/VOs 
for updates?

I guess the best strategy depends on the expected lifetime and required 
extensibility of the application.

Thanks again for the explanation.

-Phil



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Q] Use of DispatchAction with security concerns

2003-03-14 Thread Phil Steitz

Rick Reumann wrote:
Someone e-mailed me privately the following question about security and
the use of DispatchAction and a hidden variable. I'd appreciate any
comments

  
When using the dispatch action, you make use of a hidden variable to
determine which method with be called.  What happens if this hidden
variable is changed to a method which does not exist?  Is an error
thrown (the user can change hidden variables to be malicious).
According to the docs for DispatchAction, this should result in either 
dispatch to the overridden "unspecified" method, or an HTTP "Bad 
Request" response sent if this has not been overridden.

Also, if the user changes the hidden variable from update to insert,
will it duplicate the entry of the employee or would you check that
the employee already existed.  I know for the sake of the tutorial
you probably left this out, but this is a common assumption that
people make which leads to security holes.
Using hidden fields for control information can open security holes. 
Here are a couple of ways to deal with this exposure:

1. Authorize all actions that can affect the model: i.e., use some form 
of "Action Protection" either what struts + Container-Managed Security 
provides or application-based security to verify that the user is 
authorized to perform the requested action *with the posted data* (i.e., 
at the account or "row" level).

2. If the hidden fields contain sensitive data or you want to be *extra* 
paranoid about manipulation, you can encrypt the hidden fields.

 

 
Would the following help?

Keep JSP's under WEB-INF
Use LookupDispatchAction instead of DispatchAction
Make sure to use token to avoid duplicate inserts
Thanks for any Struts user comments on the issue.
 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Data driven struts application

2003-03-14 Thread Phil Steitz

I apologize if this has already been beaten to death, but I am still 
struggling with the implications of "dyna-stuff" on traditional OOD in 
struts applications. See interspersed.

Craig R. McClanahan wrote:




This is pretty much what RowSetDynaClass does for you, without the need to
create classes for your value objects.
Yes, but then you no longer have encapsulation at the business object 
level.  If you "short-circuit" the persistence => business objects => 
view path, then either the view or the persistence layer is going to 
have to absorb both data abstraction and business logic.

Unless what you mean is to use the RowSetDynaClass to populate your BOs...?

Or...maybe there is a class of applications where "persistence" really 
can effectively absorb both data abstraction and business logic?



* For read only data access i used an optimised SQL statement (plse see
below) which returns only enough data to render the current screen to the
client.


This is almost always a really smart strategy -- not only should you limit
which columns are retrieved to only those that meet the requirements, you
should (more importantly) limit the number of rows that is retrieved, as
Pat points out below.
Two possible concerns are that you'll be tying the persistence tier and
the view tier together, because (for example) the page author has to know
about the column names in the database, and the business logic has to be
tweaked every time the page author needs a new column added.  To mitigate
these problems, I suggest using two strategies:
* Store the actual SQL query sources into properties files, so that
  it can be modified easily without touching the business logic
  classes.  (This can also be a lifesaver if you have to support
  more than one database, where the SQL query syntax has to change
  slightly.)
* Use the column aliasing capability of SQL (the "as" modifier) to
  convert the database column names into simple names that the
  page author can expect, and document (for him or her) only those
  names.  For example, a query might say something like:
select customer-account-number as account,
   external-display-name as name
  from customers
 where ...;
  and the page author will see properties named "account" and "name",
  no matter what the database actually uses.
But isn't this effectively still binding the view tier to the 
persistence tier?  How do you handle "derived fields"? Using SQL to 
encapsulate business logic can lead to a maintenance nightmare. First 
come views, then stored procedures, then more database dependency than 
you ever wanted

I can see how simple CRUD apps can be assembled VERY quickly using 
dyna-stuff tied directly to a SQL data model, with the "model" really 
just being the data model (with techniques like the above used to loosen 
the coupling a bit); but this brings back some *BAD* memories for me -- 
"instant" 2-tier applications using "advanced data binding" technologies 
having to be rewritten entirely when they needed to scale (either in 
terms of load or complexity).

Am I just "once bitten, twice shy" here?  Am I missing the point?

Craig McClanahan

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [XEN] Simple question: forward and redirect

2003-03-14 Thread Phil Steitz

Fabio Mancinelli wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 13 Mar 2003, Ian Hunter wrote:


Are you redirecting or forwarding to your JSP from that Action?


What is the exact difference between forwarding and redirecting? What are 
their implications?

I searched the Servlet and JSP specs but I haven't found nothing about 
that.
Forward <=> RequestDispatcher.forward()
(http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/RequestDispatcher.html)
Redirect <=> HttpServletResponse.sendRedirect()
(http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/http/HttpServletResponse.html)
Big difference is that redirect sends an HTTP Response back the browser 
with a redirect header, generating a new request from the browser.  This 
 makes it in general slower and less efficient.  Also, the Request 
object (and anything that you have shoved into it) is not preserved.  On 
the other hand, redirect gives you control over the destination URL. 
Search the archives for full discussion.

hth,

Phil



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [THURSDAY] struts questions

2003-03-13 Thread Phil Steitz

Bueno Carlos M wrote:
Hi, all -- I'm new to struts and I have a few questions. Since you are the
experts I'm sure you will be able to help me.
My boss wants to know how many people are using struts and how long it will
take to build our application using struts as opposed to our current
development process. We currently have a thousand monkeys sitting at a
thousand emacs editors. The application isn't completely designed yet, and
of course I can't release confidential information about our application but
if you could give me an estimate of monkey-hours saved, that would be great.
Time saving will depend on the nature of the application and its 
expected lifetime.  Obvioulsly, it also depends on what "your current 
development process" is.

I was able to download the struts-blank.war file but I am having trouble
setting it up. The first stumbling block was that it is misnamed. It should
be called 'struts-blank.zip' because it is in zip format. I had to open the
file in hexedit to figure that one out. Hopefully the next version will have
the right name???
It is a war file, which is a compressed archive used to package J2EE web 
applications for deployment.  To understand better how to use war files 
(and to answer your "feline" questions below) and more generally how to 
deploy J2EE web applications, see 
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/appdev/index.html. If 
you have not already done so, you should also read the Servlet spec:
http://java.sun.com/products/servlet/download.html


The other problem I have is that I can't get my application to behave
properly. If the user types in their email address I want to be able to
check that it is a correct one and show the field red while they are typing
if it is not. I have a javascript that checks for the '@' sign but many
people are typing in '[EMAIL PROTECTED]'. Since I don't think so many people would have
the same email address we are losing valuable data. How can struts help me
with this? Will it take many monkey-hours to implement?
The Struts Validator can help here:
http://jakarta.apache.org/struts/userGuide/dev_validator.html

Once I unzipped the file I could not find any README or INSTALL file. I
tried the usual 'make; make install' but that did not work. I went out on
the net to find some install instructions and I read one place that said I
just had to stick the zip file inside my tom cat. I do have a cat, but she's
female. Will that make a difference, or does struts only run on male cats?
Does it matter if they are neutered? Does each client need to have a male
cat or just the server?
See above comment. If you use a standard web container (e.g Tomcat) and 
conform to the directory structure described in the links above, you can 
just put the .war file in the /webapps directory and the container will 
automatically expand it when it (the container) starts.

You should also read
http://jakarta.apache.org/struts/faqs/kickstart.html
http://jakarta.apache.org/struts/userGuide/index.html
http://jakarta.apache.org/struts/installation.html#Containers


Thank you for your time,
  Carlos






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [ANN] Struttin' With Struts beta (newbies esp. welcome)

2003-03-11 Thread Phil Steitz

Mark Zeltser wrote:
Rick,

Good job, somehow I can't unzip war files, I am getting corrupt zip file
exception.
Mark.


Use jar -xf 

War files are jar files, not zips.  Your JDK should include the jar 
utility in its /bin directory.


Rick Reumann wrote:


I created a web site that walks new Struts users step by step
through the development of three VERY simple web applications in three
lessons. Each lesson adds a few more features so that they build upon
each other yet each stands alone such that if you follow the steps in
any lesson you'll have built a very basic application regardless of
which lesson you start with.
I created these because there seemed to be lacking some more recent
"walk through" Struts tutorials geared toward the very new Struts
developer. I think real newbies will find them especially useful, but
then again I could be way wrong:)
I'm considering the site a "beta" because I'm sure there will be some
mistakes. If anyone sees something I'm doing in a lesson that is way
off (or a very bad practice) please let me know. Some of the stuff I
know could be done in a more "best practice" way, but for the sake of
trying to also keep the lessons small and simple some ideas weren't
included (ie- I didn't use a constants interface for my forward
definitions).
If anyone wants to contribute, reword, or add anything please let me
know. The site is there to help others. I got really lazy in a lot of
places and didn't say much about certain things that I would have liked
to. Hopefully over time the site will improve.
Struttin' with Struts:

http://www.reumann.net/do/struts/main

--
Rick
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


--
NOTICE: If received in error, please destroy and notify sender.  Sender
does not waive confidentiality or privilege, and use is prohibited.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Session Management

2003-01-10 Thread Phil Steitz

Puneet Agarwal wrote:

Session Management is required to achieve persistence. there are two manner
in which persistence can be achieved.

1. storing the information in HTTP session (possibly in session scope)
2. Storing the information using stateful session beans.


You can also use hidden fields (basically client-side state management), 
or application-managed durable storage (e.g RDBMS).


You have to take the decision based on your application's performance
expectations.

The cleaner approach is to define the scope of form as "session" and storing
everything in formbeans, nowhere else.
some readonly information can be stored in application context also.

Well you may choose to store some information in stateful session beans and
some in formbeans (HTTP session) but I would not suggest to keep the scope
of formbeans as "request" unless the screen is totally stateless.


Or unless the application has to scale to very large volumes, in which 
case you want to be very careful about creating too many session-scoped 
objects.


Regards
Puneet

- Original Message -
From: "JONATHAN PHILIP HOLLOWAY" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Friday, January 10, 2003 4:10 PM
Subject: Session Management


Hi everyone,

I'm wondering about the ways of managing sessions in Struts and wanted
to know out of these two ways which was the better way of doing things:

1. Storing things within the standard servlet session

2. Using a UserWrapper object and storing that within the session.

Is the second way more preformance intensive or not and which is best
practice?

Many thanks,
Jon Holloway.

*-*
 Jonathan Holloway,
 Dept. Of Computer Science,
 Aberystwyth University,
 Ceredigion,
 West Wales,
 SY23 3DV.

 07968 902140
 http://users.aber.ac.uk/jph8
*-*



--
To unsubscribe, e-mail:   
For additional commands, e-mail: 






--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Struts application & infrastructure choices

2002-12-14 Thread Phil Steitz

Craig R. McClanahan wrote:

On Sat, 14 Dec 2002, David Graham wrote:

Date: Sat, 14 Dec 2002 13:23:40 -0700
From: David Graham <[EMAIL PROTECTED]>
Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Struts application & infrastructure choices

It should be fairly easy to implement this and do some performance testing.
Your DAOs will be the only piece that changes to use RMI.  You might try
just using straight sockets because RMI is another layer on top of sockets
which may slow you down.

A completely different approach to consider would be running something
like Apache in the DMZ, and put Tomcat behind the firewall as well.  Then,
you could continue to use your existing DAOs without exposing them on the
DMZ machine.

That's what I meant by my option 1. After skimming 
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/jk.html, I now 
see that Apache->Tomcat does in fact work remotely. Right?  Are there 
problems pushing JK through firewalls?

If this works, it is probably the easiest way to go, requiring the least 
application change, most likely the best performance and also the best 
security, since there's not much "exposed" on the Apache server.

David

Craig

From: "Aymeric Alibert" <[EMAIL PROTECTED]>
Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
To: "<\"Struts Users Mailing List\"" <[EMAIL PROTECTED]>
Subject: Struts application & infrastructure choices
Date: Sat, 14 Dec 2002 10:38:19 -0600

Hello,

We are successfully running a large struts application. We designed it
using a 'classic' architecture:
- A Tomcat server running the application in our DMZ.
- Use of Struts for our front-end and implementation of the DAO pattern to
isolate our Data Access layer. Even if everything runs on the same server.
- Use of DBCP pooling from Tomcat to access our Oracle database.

Looking ahead, I can see needs for JMS connectivity or connection to
various type of data sources within our company and to communicate with our
partners.
Also, our security team does not like having a Tomcat server in the DMZ
accessing more and more internal information systems. We would like to take
our infrastructure to the next level.

I was thinking of introducing an Application Server within our firewall. It
will implement our Data Access connectivity and the DAO on the Web Server
will use RMI to access it.
I am a little afraid of performance degradation by introducing RMI between
the Web Server and Application Server. Also deployment will probably be
more complex.
Another solution would be to have both Web Server and App Server running on
the same box in the DMZ. But that
does not solve my security concerns.

I don't have much experience with application servers and would not need
the full features of a J2EE app server (at least not right now). Am I on
the right path?
Does someone have advices or best practices to follow?

Aymeric.

_
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail

--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Struts application & infrastructure choices

2002-12-14 Thread Phil Steitz

David Graham wrote:


It should be fairly easy to implement this and do some performance 
testing.  Your DAOs will be the only piece that changes to use RMI.  You 
might try just using straight sockets because RMI is another layer on 
top of sockets which may slow you down.

David



I would be surprised if RMI per se really turned out to be a significant 
performance bottleneck -- especially compared to a custom sockets 
implementation (which essentially amounts to rewriting application 
server functionality).  The real issue is do you want to introduce EJBs, 
if the application does not already use them.

If you don't want to use EJBs and you do want a physically three-tier 
setup, then you have a basic deployment/integration problem which some 
of us would argue is a strong argument to just use EJBs and RMI and rely 
on the infrastructure provided by J2EE.  Here are a couple of other ways 
to solve this problem that I have seen successfully deployed in 
large-scale applications:

1. Remote HTTP Server
Physically split the HTTP server from the servlet engine, putting the 
combined servlet engine/business object (EJB container, if the business 
objects are EJBs) into a more protected location and leaving only the 
HTTP server exposed.  This configuration is supported by most commerncal 
application servers.  I don't know if you can do this using Apache and 
Tomcat or JBOSS.

The IBM site below is a bit cumbersome to navigate, but it includes a 
fairly comprehensive treatment of the deployment topology alternatives, 
nost of which can be deployed on non-WebSphere app servers:

http://www-106.ibm.com/developerworks/patterns/

More specifically, see

http://www-106.ibm.com/developerworks/patterns/u2b/at2-runtime.html

2. Dual servlet engines
Deploy a "front" servlet engine that includes the view and controller 
elements (struts would run here) and handle remote communication to a 
"model" servlet engine via HTTP.  The "model" engine can run in a more 
secure location. A framework implementing the Command pattern can 
relatively easily be developed using URL objects to make the remoting of 
model elements transparent to the controller.  The advantage of this 
over a custom sockets implementation is that you don't have to worry 
about managing the connections, threads, etc. for the "model" container. 
 The disadvantage is that you have to develop the marshalling framework.

3. Standalone RMI servers on tier 2
Use standalone RMI servers for the "model" implementation.  The 
advantage of this is that you don't have to develop any custom 
marshalling machinery.  The disadvantage is that you don't have the 
resource and systems management infrastructure of an application 
server/servlet engine to rely on.

4. Web Services
Like 2., except use web services in place of the custom HTTP-based 
Command framework.  If I were to start a new project with the 
requirements no EJBs+physical 3-tier, I would probably host the model 
components in a remote web container and expose them as web services, 
using Axis.  See
http://xml.apache.org/axis/index.html

Of course, as David suggests, the important thing is to rapidly develop 
marshalling prototypes and benchmark.  My experience has been that all 
of the remote marshalling methods described above can deliver very fast 
performance, as long as your service interfaces are not ridiculous. 
Performance problems almost always trace back to model component 
implementation or back end resource (e.g. RDBMS) response time issues.

-Phil





From: "Aymeric Alibert" <[EMAIL PROTECTED]>
Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
To: "<\"Struts Users Mailing List\"" <[EMAIL PROTECTED]>
Subject: Struts application & infrastructure choices
Date: Sat, 14 Dec 2002 10:38:19 -0600

Hello,

We are successfully running a large struts application. We designed it 
using a 'classic' architecture:
- A Tomcat server running the application in our DMZ.
- Use of Struts for our front-end and implementation of the DAO 
pattern to isolate our Data Access layer. Even if everything runs on 
the same server.
- Use of DBCP pooling from Tomcat to access our Oracle database.

Looking ahead, I can see needs for JMS connectivity or connection to 
various type of data sources within our company and to communicate 
with our partners.
Also, our security team does not like having a Tomcat server in the 
DMZ accessing more and more internal information systems. We would 
like to take our infrastructure to the next level.

I was thinking of introducing an Application Server within our 
firewall. It will implement our Data Access connectivity and the DAO 
on the Web Server will use RMI to access it.
I am a little afraid of performance degradation by introducing RMI 
between the Web Server and Application Server. Also deployment will 
probably be more complex.
Another solution would be to have both Web Server and App Server 
running on the same box in the DMZ. But that
does not solve my security concerns.

Re: WebLogic/Struts/JSP performance woes...

2002-11-02 Thread Phil Steitz

David,

Have you considered running some tests with Jmeter or some other testing 
tool that can tell you exactly how long it takes to deliver the HTML? 
This would enable you to determine whether the problem is on the server 
side or in the browser rendering.

Regards,

Phil





--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: [OT] Memory Footprint of DynaX vs. BO

2002-11-02 Thread Phil Steitz

Craig R. McClanahan wrote:

On Thu, 31 Oct 2002, Jacob Hookom wrote:

Date: Thu, 31 Oct 2002 22:51:32 -0600
From: Jacob Hookom <[EMAIL PROTECTED]>
Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
To: Struts Users Mailing List <[EMAIL PROTECTED]>
Subject: [OT] Memory Footprint of DynaX vs. BO

By implementation, I'm assuming that DynaX uses an underlying Map to
store properties.  I'm wondering how using a Map to store attribute data
differs from storing the same data in BO's along the lines of memory
consumption?

In Struts, DynaActionForm does indeed store its property values in a Map,
which makes the memory occupancy pretty similar to using Maps directly,
and are a little larger than using JavaBeans with properties (though not a
lot, because there's a few bytes of overhead per bean instance as well).

My personal advice, though, is to not stress over this kind of detail
unless you're building an incredibly high-transaction-rate app.  Use the
development technique that takes you the least amount of time -- and use
the time you save to tune your database queries instead.  You'll get
orders of magnitude more impact on improving response time doing this than
you would saving a few bytes of temporary memory occupancy here and there.

Yes, I agree strongly with Craig -- and even in high-transaction-rate 
apps, while reducing memory footprint can "help" you, not spending 
enough time ensuring throughput can "kill" you.

Think of the front end of your web app as a "request parking lot".  If 
you can get the customers in and out of your store more or less as fast 
as they arrive, it doesn't matter all that much whether they are driving 
SUVs or compact cars -- they will be able to find parking.  Once things 
start to back up, however, you are going to start losing customers, 
regardless of what they're driving or how large a parking lot you have. 
 You certainly want to avoid ridiculous situations where each customer 
brings in a line of mobile homes; but assuming that you have done that, 
you're better off making sure that you have enough cashiers and they 
move fast enough than trying to get all your customers to drive 
compacts. :-)

I don't mean to suggest that optimizing memory management is not an 
important element in performance tuning high-volume applications.  It 
certainly is. The point is that assuming best practices (e.g. efficient 
use of the framework and container, minimal server-side state, etc.) 
have been followed in design, it is generally best to focus first on 
optimizing throughput, IMHO.

Regards,

Phil Steitz

You can always go back later and tune things up if this does turn out to
matter.  (Or just spend a couple hundred bucks on some more memory ...).

Regards,
Jacob Hookom

Craig

--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org>

Re: How to add a pre-action

2002-10-21 Thread Phil Steitz

Mohan Radhakrishnan wrote:

Hi,
I am doing something similar but I have a doubt.

I show selection parameters with the following action mapping. The html:form
action for that is mainscreen.action.

type="com.hcl.smartmanage.web.action.ReportParameterAction"
name="reportParameterForm"
validate="false"
scope="session"
input="/mainscreen.jsp">

In our case the same jsp (mainscreen.jsp) is shown after getting the
results based on the selected parameters.
But the action should be different to retrieve the results - report.action.

So initially it should be mainscreen.action and later it should be
report.action. How can this be done if the the same jsp and same html:form
(mainscreen.action) value is used.

Am I clear ?

I don't understand exactly what you are trying to do. Describe the user
flow for each of the use cases. Where does the action above forward to?
What is "mainscreen.action"? What is "report.action"?

bye,
mohan

Here is a simple example showing one way to deal with this type of
thing. There are no doubt lots of other ways to handle this.

Use case: library search. User page flow: main menu -> search input
page (bookSearch.jsp) -> search results page (listBook.jsp). The search
input page needs to be pre-populated with a list of currently defined
subjects.

Struts processing flow: main menu -> search input pre-populate action
(PrepareListBookAction) -> search input page (bookSearch.jsp) -> search
processing action (ListBookAction) -> search results page (booklist.jsp).

In struts-config:

In the main menu:

(here "index.find" = "Find a Book".)

PrepareListBookAction retrieves the list of currently defined subjects
and sets a property of the (automatically created) BookSearchForm for
the book search input form (bookSearch.jsp) to use.

The key concept is that instead of linking/forwarding to the input jsp
directly, you link/forward to the pre-population action and then have
the pre-population action set up the form bean and then forward to the
input jsp.

Hope this helps,

Phil

--
To unsubscribe, e-mail:

For additional commands, e-mail:

This message and any attachments have been scanned for viruses during transmission from HCL Comnet.

--
To unsubscribe, e-mail:
For additional commands, e-mail:

Re: How to add a pre-action

2002-10-21 Thread Phil Steitz

Mohan Radhakrishnan wrote:

Hi,

 Flow :
 login.jsp -> mainscreen.jsp[ jsp:includes a left panel showing report
parameters]
 
 The parameters are chosen by the user. Forward to the same
mainscreen.jsp which is shown again with the left panel hidden (uses layers)
and the report shown in the center of the screen.

 1. Pre-population of the left panel with report parameters.
 
 Action mapping used is.

		
type="com.hcl.smartmanage.web.action.ReportParameterAction"
--> Doesn't do anything right now.
name="reportParameterForm"
validate="false"
scope="session"
input="/mainscreen.jsp">
	 
If I understand your setup, this action should forward to the mainscreen 
page.  Do you have a global "success" forward to that page?  If not, you 
should include a local forward in the action definition above.  Also, 
since form validation is turned off, there is no point in including the 
input attribute.


 Form tag used is 

The action attributes of your html form elements should correspond to 
path attributes in your action definitions. See the Struts User's Guide 
and sample apps.  If I understand the setup, the form above should post 
to the /report action defined below -- i.e., the form in mainscreen.jsp 
that posts the report parameters should have action="/report", not 
"mainscreen.action" (whatever that means).

In the example that I posted earlier, the "search parameters page", 
bookSearch.jsp, posts to "/a/listBook".

While you can certainly use the same jsp for all of these things, I 
would not do this personally.  If the reason that you are doing this is 
to reuse common elements, you should consider using tiles.

If you are having trouble understanding how struts dispatches actions, 
here is a good reference:

http://www-106.ibm.com/developerworks/library/j-struts/?n-j-2151

To solidify your understanding, if you are comfortable with UML and have 
tools available, I would recommend documenting your use cases and 
creating interaction diagrams similar to the ones in the article above. 
 That way you will get a nice design and also a better understanding of 
the framework :-)

hth,

Phil




		
type="com.hcl.smartmanage.web.action.ReportSelectionAction"
name="reportParameterForm"
validate="false"
    scope="session"
input="/mainscreen.jsp">
	 

 

bye,
Mohan
 
 
 

-Original Message-
From: Phil Steitz [mailto:phil@;steitz.com]
Sent: Monday, October 21, 2002 10:45 AM
To: Struts Users Mailing List
Subject: Re: How to add a pre-action


Mohan Radhakrishnan wrote:

Hi,
   I am doing something similar but I have a doubt.


I show selection parameters with the following action mapping. The


html:form


action for that is mainscreen.action.


   

In our case the same jsp (mainscreen.jsp) is shown after getting the
results based on the selected parameters.
But the action should be different to retrieve the results -


report.action.


So initially it should be mainscreen.action and later it should be
report.action. How can this be done if the the same jsp and same html:form
(mainscreen.action) value is used. 

Am I clear ?


I don't understand exactly what you are trying to do. Describe the user 
flow for each of the use cases.  Where does the action above forward to? 
  What is "mainscreen.action"?  What is "report.action"?


bye,
mohan




This message and any attachments have been scanned for viruses during transmission from HCL Comnet.





--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org>







--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org>

Re: How to add a pre-action

2002-10-20 Thread Phil Steitz

Howard Miller wrote:

That helps a lot... just one question if you don't mind... can I check how you would 
forward from the prepareListBookAction to the bookSearch.jsp. I assume you are just 
using mapping.findForward( "success" ). That didn't work for me... which is really why 
I started thinking that I was doing totally the wrong thing. Could (of course) be some 
stupid error!

Yes, on successful completion,  PrepareListBookAction.perform() ends with

return (mapping.findForward("success"));

If you are getting a blank page, there is most likely something wrong 
with your jsp.  Check your container logs.

I'm off to try harder... thanks!

HM

On 20 Oct 2002 at 10:10, Phil Steitz wrote:



Howard Miller wrote:


I think I'm seriously missing the point here! I have looked at the example application 
in some detail and it appears to add a parameter (eg, ?action=new) to tell the action 
for a form to perform an initialising action. I don't see it using a "pre-" action.

I am incredibly stuck with the concept of how to code an action that is not 
encumbered with *special* parameters to pre-load the bean data. My particular 
problem is that I have pages where the previous page cannot be predicted, so the jsp 
must have a means of loading its own data.

I would really appreciated some pointers as to how to set this up. *** I particularly 
don't understand how to get the action to call the following JSP *** (ie, I would really 
appreciate some specific - example - help on this!! ). At least every method I have 
tried doesn't work.

Here is a simple example showing one way to deal with this type of 
thing. There are no doubt lots of other ways to handle this.

Use case: library search.  User page flow: main menu -> search input 
page (bookSearch.jsp) -> search results page (listBook.jsp).  The search 
input page needs to be pre-populated with a list of currently defined 
subjects.

Struts processing flow: main menu -> search input pre-populate action 
(PrepareListBookAction) -> search input page (bookSearch.jsp) -> search 
processing action (ListBookAction) -> search results page (booklist.jsp).

In struts-config:



	name="bookSearchForm"
	type="com.steitz.library.PrepareListBookAction"
validate="false"
	scope="request">
	




	name="bookSearchForm"
	type="com.steitz.library.ListBookAction"
scope="request"
	input="/a/bookSearch.jsp"
	validate="true">
	


In the main menu:



(here "index.find" = "Find a Book".)

PrepareListBookAction retrieves the list of currently defined subjects 
and sets a property of the (automatically created) BookSearchForm for 
the book search input form (bookSearch.jsp) to use.

The key concept is that instead of linking/forwarding to the input jsp 
directly, you link/forward to the pre-population action and then have 
the pre-population action set up the form bean and then forward to the 
input jsp.

Hope this helps,

Phil








I do understand how to actually create a bean manually and put in in the scope. I 
don't understand how to set up a generic preload action for a given JSP/ActionForm, 
and what the config should look like.

Again, any help much appreciated.

HM

On 20 Oct 2002 at 8:43, David M. Karr wrote:



"Howard" == Howard Miller <[EMAIL PROTECTED]> writes:



  Howard> Hi,
  Howard> Can somebody kindly help me with the following...

  Howard> I want to add a path and an Action class. The action class will then preload data into 
  Howard> a bean and then forward (do I mean forward) to the jsp that displays the bean. That's 
  Howard> it. I want this action to be in *addition* to the *normal* jsp/formbean/action setup.

  Howard> I can't see how to do it in particular

  Howard> 1. I don't think I fully understand how/why an action is associated with a bean in 
  Howard> struts-config. What does the action servlet do with this information.

  Howard> 2. How do I properly forward from an action to a jsp with the bean information intact. 
  Howard> It seems to be very similar to an action returning its "input form" to display errors, but 
  Howard> doing this doesn't work.  Whatever I do I seem to get a blank page.

In fact, the best practice is to always preface a page with an action.  You end
up with actions that prepare information for a page, and actions which process
information for a page.  The actions which process the page information will
always have had the form bean created before you get to the action.  However,
the actions which prepare the page information may have to manually create the
form bean and put it into the appropriate scope.

Note that the welcome page for an application would nor

Re: How to add a pre-action

2002-10-20 Thread Phil Steitz

Howard Miller wrote:

I think I'm seriously missing the point here! I have looked at the example application
in some detail and it appears to add a parameter (eg, ?action=new) to tell the action
for a form to perform an initialising action. I don't see it using a "pre-" action.

I am incredibly stuck with the concept of how to code an action that is not
encumbered with *special* parameters to pre-load the bean data. My particular
problem is that I have pages where the previous page cannot be predicted, so the jsp
must have a means of loading its own data.

I would really appreciated some pointers as to how to set this up. *** I particularly
don't understand how to get the action to call the following JSP *** (ie, I would really
appreciate some specific - example - help on this!! ). At least every method I have
tried doesn't work.

Here is a simple example showing one way to deal with this type of
thing. There are no doubt lots of other ways to handle this.

In struts-config:

name="bookSearchForm"
type="com.steitz.library.PrepareListBookAction"
validate="false"
scope="request">

name="bookSearchForm"
type="com.steitz.library.ListBookAction"
scope="request"
input="/a/bookSearch.jsp"
validate="true">

In the main menu:

(here "index.find" = "Find a Book".)

PrepareListBookAction retrieves the list of currently defined subjects
and sets a property of the (automatically created) BookSearchForm for
the book search input form (bookSearch.jsp) to use.

Hope this helps,

Phil

I do understand how to actually create a bean manually and put in in the scope. I
don't understand how to set up a generic preload action for a given JSP/ActionForm,
and what the config should look like.

Again, any help much appreciated.

On 20 Oct 2002 at 8:43, David M. Karr wrote:

"Howard" == Howard Miller <[EMAIL PROTECTED]> writes:

Howard> Hi,
Howard> Can somebody kindly help me with the following...

Howard> I want to add a path and an Action class. The action class will then preload data into
Howard> a bean and then forward (do I mean forward) to the jsp that displays the bean. That's
Howard> it. I want this action to be in *addition* to the *normal* jsp/formbean/action setup.

Howard> I can't see how to do it in particular

Howard> 1. I don't think I fully understand how/why an action is associated with a bean in
Howard> struts-config. What does the action servlet do with this information.

Howard> 2. How do I properly forward from an action to a jsp with the bean information intact.
Howard> It seems to be very similar to an action returning its "input form" to display errors, but
Howard> doing this doesn't work. Whatever I do I seem to get a blank page.

In fact, the best practice is to always preface a page with an action. You end
up with actions that prepare information for a page, and actions which process
information for a page. The actions which process the page information will
always have had the form bean created before you get to the action. However,
the actions which prepare the page information may have to manually create the
form bean and put it into the appropriate scope.

Note that the welcome page for an application would normally be something like
"index.jsp", which does nothing but forward to an action to start the
application. You can't preface the welcome page with an action, but you can
make it do nothing but go to an action to prepare the real first page.

Look at the source code for the "example" application for some examples of
using the form bean. The user guide also talks about the control flow with
respect to form beans.

--
===
David M. Karr ; Java/J2EE/XML/Unix/C++
[EMAIL PROTECTED]

--
To unsubscribe, e-mail:
For additional commands, e-mail:

--
To unsubscribe, e-mail:
For ad

Re: Struts Tag Request

2002-10-12 Thread Phil Steitz


Craig R. McClanahan wrote:
 >
 > On Fri, 11 Oct 2002, David Graham wrote:
 >
 >
 >>Date: Fri, 11 Oct 2002 11:15:06 -0600
 >>From: David Graham <[EMAIL PROTECTED]>
 >>Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
 >>To: [EMAIL PROTECTED]
 >>Subject: RE: Struts Tag Request
 >>
 >>I'm not sure I agree with training users that the url is meaningless. 
  This
 >>goes against everything people know about browsing.  They use urls for
 >>bookmarks, look at the list in there address bar for one they recognize,
 >>etc.  You could train internal people but for internet sites this seems
 >>unreasonable.
 >>
 >
 >
 > A web application is *not* the same as a web site.  The problem with
 > browsers as the delivery vehicle for both is that users get confused on
 > this issue.  And developers who are confused on this issue don't help
 > matters any :-).
 >
 > Interactive applications in general (both web-based and rich client 
based,
 > as well as those built into hardware like the controls on your microwave
 > or VCR)  should be modelled as a set of reactions to user gestures 
(button
 > clicks and so on).  The set of possible gestures that are recognized at
 > any point in time *should* be limited to the set built in to the UI,
 > because the developer has provided reactors for those events, and only
 > those events.

I agree with your basic point -- a web app is an app and the UI should
be self-contained -- but for browser-based apps targeting the public at
large, you have to expect that users are going to use the
back button and users are going to attempt to bookmark things.  They
have been *trained* to do so by their experience on the web.  If my VCR
works differently from others on the market, I need to anticipate that
my "users" are going to do what they have done with other machines -- I
better not, for example, chew tapes when users elect to use "eject"
before "stop," regardless of how clearly my UI steers them toward the
"correct" sequence.  I need to either "disable" the eject button until
stop has been hit or to handle the "exceptional" event.  (see below)

 >
 > Imagine writing a Swing-based app where the user had some external
 > mechanism to cause *any* arbitrary event to happen, whenever they want.
 > That's essentially what the back button and bookmarks do to you.
 >
This is not a good analogy, since we are not talking about "any" event
here -- just a couple of events with high probability of ocurring.  From
my perspective, this is similar to exception management: the developer
has a responsibility to identify and handle all exceptional conditions
likely to interfere with the normal processing of an application.  The
tricky bit is defining the scope of these "exceptional conditions".
I would consider use of the back button or bookmarking in a web app as 
within scope. (as would millions of web users :-)


 >
 >>I don't like the frames approach because then you can't bookmark any 
pages.
 >>This is really frustrating for people.
 >>
 >>Also, redirects aren't much slower than forwards so I use them when I 
want
 >>to make sure the user doesn't get confused and repost form data. 
This seems
 >>easier to me than training millions of people :-).
 >>
 >
 >
 > IMHO, if your users find that they can't use your webapp effectively 
based
 > on the UI controls you've built in to the user interface, without using
 > the browser facilities, that's a pretty good clue that your UI needs some
 > additional navigation controls and other similar features added to it.
 >
 > Sorry to sound so absolutist ... but this issue is critically 
important in
 > good user interface design for web-based applications.  It's nearly
 > impossible to prevent users from using all the built-in functionality of
 > the browser (even if you don't show the back button, you still have to
 > worry abou the keyboard equivalents).  Our mission needs to include
 > minimizing their desires to do so.
 >
 >
 >>Dave
 >>
 >
 >
 > Craig
 >
 >
 > --
 > To unsubscribe, e-mail: 

 > For additional commands, e-mail: 

 >





--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Alternative Datsource Hot-potatoing...

2002-09-06 Thread Phil Steitz


Starting to look a lot like JNDI...(pronounced "Gin-dy", sung to a 
familiar tune)

Seriously, look again at Craig M's option 3 -- if your container 
supports it, the lookup and implementation abstraction can be handled 
for you.

Craig Tataryn wrote:
> 
> 
>> From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
>> Isn't that basically option 2?
>>
>> The only disadvantage is that, unless you're careful, your DataAdaptor
>> class will be dependent on Struts unless you make it have a static
>> setDataSource() method or something.  But you're still tying your 
>> business
>> logic classes to the presence of DataAdaptor in every program that uses
>> this approach (which may or may not be a big deal).
>>
>> > Craig.
>>
> Number 2 was:
> * Static methods ... Most DB connection pool implementations offer a way
> to retrieve a DataSource or Connection via a static method.  Advantage:
> no handing around extra method parameters.  Disadvantage:  ties you to
> that connection pool's APIs.
> 
> I read this as I should use the static methods provided by the specific 
> connection pool.  What I meant was, I would create a generic 
> DataAdaptorFactory class and a DataAdaptor interface which could be be 
> configured off of a properties file to determine which data adaptor to 
> use. This way I can abstract myself from implementation details.
> 
> I don't think my business layer would even know about the DataAdaptor, 
> they would be communicating with my Data layer objects, which would take 
> care of data issues.
> 
> Something like:
> 
> public interface DataAdaptor {
> 
>   public java.sql.Connection getConnection();
> 
> }
> 
> public class DataAdaptorFactory {
> 
>   public static DataAdaptor getDataAdaptor() {
>   //lookup data adaptor implementation class
>   //in DataAdaptor.properties file
>   //do a class for name on that implemenation class
>   //return that class.
>   }
> }
> 
> DataAdaptor.properties:
> dataAdaptor=mypackage.MySqlDataAdaptor
> 
> public class MySqlDataAdaptor implements DataAdaptor {
> 
>public java.sql.Connection getConnection() {
>   //mysql specific stuff to get a connection
>}
> }
> 
> public class EmployeeDataObject {
>   public EmployeeList retrieve(String fields, String filters) {
>  DataAdaptor data = DataAdaptorFactory.getDataAdaptor();
>  Connection conn = data.getConnection();
>  //execute a query based on the fields and filters passed in
>  //transform the results to an 'EmployeeList' collection
>   }
> }
> 
> 
> Craig.
> 
>> Craig
>>
>> >
>> > >From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
>> > >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
>> > >To: Struts Users Mailing List <[EMAIL PROTECTED]>
>> > >Subject: Re: Alternative Datsource Hot-potatoing...
>> > >Date: Fri, 6 Sep 2002 11:40:48 -0700 (PDT)
>> > >
>> > >
>> > >
>> > >On Fri, 6 Sep 2002, Craig Tataryn wrote:
>> > >
>> > > > Date: Fri, 06 Sep 2002 12:41:26 -0500
>> > > > From: Craig Tataryn <[EMAIL PROTECTED]>
>> > > > Reply-To: Struts Users Mailing List 
>> <[EMAIL PROTECTED]>
>> > > > To: [EMAIL PROTECTED]
>> > > > Subject: Alternative Datsource Hot-potatoing...
>> > > >
>> > > > I was wondering if someone could give me a heads up on some 
>> alternative
>> > > > means for which to give my data access layer access to my 
>> datasource.
>> > > >
>> > > > I don't really like the idea of my controller grabbing the 
>> Datasource,
>> > > > passing it off to my business layer, who in turn passes it along 
>> to my
>> > >data
>> > > > layer.  I guess I'm sort of a purest, but I don't think the 
>> Business
>> > >layer
>> > > > should know anything about the database, and that means it 
>> shouldn't
>> > >even
>> > > > have methods that take connections or datasourses as parameters.
>> > > >
>> > > > I think the only thing I like about the Controller passing along a
>> > > > connection to my business/data layer is the fact that I can 
>> first open a
>> > > > transaction before passing the connection along, and then I can 
>> commit
>> > >the
>> > > > transaction when everything is done.  Thus my transactions are 
>> at the
>> > > > controller level, and can be managed there.
>> > > >
>> > > > Back in my old VB/COM days, we had a sort of DB Utilities class 
>> which
>> > >could
>> > > > be accessed from the datalayer.  You would ask it to give you a
>> > >connection,
>> > > > and it would get it for you.  Should I make my own class for 
>> datasource
>> > > > access which is intitalized upon application start with the 
>> Datasource
>> > > > object found by struts?  Then the rest of my datalayer can 
>> simply use
>> > >it?
>> > > >
>> > >
>> > >Three basic options exist:
>> > >
>> > >* Hand a DataSource (I normally prefer to send a Connection 
>> instead, but
>> > >   either works) to your business logic method as a parameter to 
>> each call
>> > >   that needs it.  Advantage:  no binding to anything.  
>> Disadvantage:  can
>> > >   be a pain to hand it around.
>> > >

Re: [OT] Request Certificates/Security

2002-09-06 Thread Phil Steitz


Jacob Hookom wrote:
> The basic goal is to keep people from walking through id's of objects
> passed as params.

The id's should also be POSTed or pushed along in form beans or hidden 
fields, not visible in querystrings.
Also, if your authorization machinery is good enough, this should be 
harmless -- i.e., id=25 data should be accessible only to user 
authorized to access id=25.

>The realm is built to handle all of the
> authorization, I just would like to keep as little as possible in the
> session and prevent redundant checking against the persistent source.

There is sort of a basic tradeoff that you face here. The most secure 
setup is to encode only the user's identity in the session token, but 
this forces the security system to look up the auth profile for each 
request.  Most commercial products and large-scale sites (and, I think 
Tomcat, as well -- someone can correct me if I am wrong) do some caching 
in their authorization management infrastructure to limit database hits. 
  If what you are concerned about is limiting database I/O, you should 
consider implementing profile caching in the authorization service. 
This way, you can still just push identity info to the browser.



> 
> | -Original Message-
> | From: Phil Steitz [mailto:[EMAIL PROTECTED]]
> | Sent: Friday, September 06, 2002 2:41 PM
> | To: Struts Users Mailing List
> | Subject: Re: [OT] Request Certificates/Security
> | 
> | Jacob,
> | 
> | Assuming that you have exhausted *all* means to solve your
> authorization
> | problems using container-managed security, which would eliminate the
> | need to muck with security tokens, here are some comments on your
> setup:
> | 
> | 1. Use a secure session cookie to carry the security token.  You
> should
> | keep this stuff out of the queryString.
> | 2. You need to encrypt, not hash the authorization profile info in the
> | cookie, otherwise your authorization manager will not be able to get
> it
> | back. Have fun managing the keys!
> | 3. I would consider keeping the authorization info in a security store
> | and encoding only the id in the security token. But then again, this
> is
> | really what container-managed security does :-)
> | 4. I would recommend keeping the authorization timeouts short --
> hitting
> | the DB to refresh auth profiles.  This is more secure and also allows
> | you to cut off access more quickly.  If your tokens are valid for an
> | hour, then privilege revocation can take up to an hour to become
> | effective.
> | 
> | 
> | hth,
> | 
> | Phil
> | 
> | Jacob Hookom wrote:
> | > I know I beat security like a dead horse, but
> | >
> | > If my app generates a menu specific to the user, i.e., a project
> list
> | > that they belong to, then instead of creating a link to the
> | > project.do?id=25, do you think it would be secure enough if I passed
> a
> | > huge "certificate" instead that had an hour time limit on it?  The
> link
> | > would instead be:
> | >
> | > project.do?id=AJEIKL46642K32343OIN4
> | >
> | > (Where the project uid is hashed with a timestamp and their role as
> the
> | > param)
> | >
> | > I know some developers use it when they are securing sites that span
> | > multiple servers, but for this, it would prevent redundant db access
> at
> | > best.
> | >
> | > Does anyone else use this method?
> | >
> | > Jacob Hookom
> | > Comprehensive Computer Science
> | > University of Wisconsin, Eau Claire
> | >
> | >
> | >
> | > ---
> | > Outgoing mail is certified Virus Free.
> | > Checked by AVG anti-virus system (http://www.grisoft.com).
> | > Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002
> | >
> | >
> | >
> | > --
> | > To unsubscribe, e-mail:   <mailto:struts-user-
> | [EMAIL PROTECTED]>
> | > For additional commands, e-mail: <mailto:struts-user-
> | [EMAIL PROTECTED]>
> | >
> | 
> | 
> | 
> | 
> | --
> | To unsubscribe, e-mail:   <mailto:struts-user-
> | [EMAIL PROTECTED]>
> | For additional commands, e-mail: <mailto:struts-user-
> | [EMAIL PROTECTED]>
> | 
> | ---
> | Incoming mail is certified Virus Free.
> | Checked by AVG anti-virus system (http://www.grisoft.com).
> | Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002
> | 
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002
>  
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
> 




--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: [OT] Request Certificates/Security

2002-09-06 Thread Phil Steitz

Jacob,

Assuming that you have exhausted *all* means to solve your authorization 
problems using container-managed security, which would eliminate the 
need to muck with security tokens, here are some comments on your setup:

1. Use a secure session cookie to carry the security token.  You should 
keep this stuff out of the queryString.
2. You need to encrypt, not hash the authorization profile info in the 
cookie, otherwise your authorization manager will not be able to get it 
back. Have fun managing the keys!
3. I would consider keeping the authorization info in a security store 
and encoding only the id in the security token. But then again, this is 
really what container-managed security does :-)
4. I would recommend keeping the authorization timeouts short -- hitting 
the DB to refresh auth profiles.  This is more secure and also allows 
you to cut off access more quickly.  If your tokens are valid for an 
hour, then privilege revocation can take up to an hour to become effective.

hth,

Phil

Jacob Hookom wrote:
> I know I beat security like a dead horse, but
> 
> If my app generates a menu specific to the user, i.e., a project list
> that they belong to, then instead of creating a link to the
> project.do?id=25, do you think it would be secure enough if I passed a
> huge "certificate" instead that had an hour time limit on it?  The link
> would instead be: 
> 
> project.do?id=AJEIKL46642K32343OIN4
> 
> (Where the project uid is hashed with a timestamp and their role as the
> param)
> 
> I know some developers use it when they are securing sites that span
> multiple servers, but for this, it would prevent redundant db access at
> best.
> 
> Does anyone else use this method?
> 
> Jacob Hookom 
> Comprehensive Computer Science 
> University of Wisconsin, Eau Claire 
> 
> 
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002
>  
> 
> 
> --
> To unsubscribe, e-mail:   
> For additional commands, e-mail: 
> 

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: how do I integrate struts with container managed security?

2002-09-05 Thread Phil Steitz

Ho-Ki Au wrote:
> I read in the mail archive that it was possible to apply container managed
> security on struts action.  Can someone give me an example on how this can
> be done?
> I have a servlet-mapping like this:
> 
>   action
>   *.do
> 
> 
> and I would like to trigger a container-managed login whenever an action is
> done.  Please help.
> -hoki
> 

Hoki,

The key thing to understand is that struts actions invoked by URL's can
be protected like any other URL resource using container-managed
security.  Check out
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/realm-howto.html for a
nice description of how to set up container-managed security using
Tomcat 4.0.

Here is a very simple example using struts 1.02.  In this example,
actions requiring authentication have /a/ at the start of their paths,
others do not. The URL request to the protected resource forces a login.
The constraint below forces *everything* (including HTML pages, jsps)
down the /a/ path to be authenticated.  If you want to protect just the
actions, you need to modify the security constraint.

In web.xml:

 Secure Area
 /a/*

 administrator
 reader

In struts-config:

  ls

hth,

Phil

 >
 > -- To unsubscribe, e-mail:

 > For additional commands, e-mail:

 >

> --
> To unsubscribe, e-mail:   
> For additional commands, e-mail: 
> 

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: How to Build error messages dynamically??

2002-08-25 Thread Phil Steitz

Vivek Sundararaman wrote:

>Hello all
>
>I would appreciate any/ all help for my problem.
>
>We are storing all the errors & messages displayed to the users in a
>database.
>We are having a controller making the calls to the database and
>returning the presentation layer asset of errors or messages to be
>displayed.
>
>In my actionclass, after I make the call to the controller, based on the
>success or failure of the call, I build the actionerrors with the
>message sent back from controller call. These messages are not
>maintained in the appresources.properties 
>The code in my actionclass looks like:
>
>ActionErrors errors = new ActionErrors();
>errors.add(ActionErrors.GLOBAL_ERROR,
>   new ActionError("error.tablemessage", "Pass
>My message"));
>saveErrors(request, errors);
>
>In my appresources.properties
>error.tablemessage={0}
>
>In my jsp
>
>
>This does not print the error message"Pass My message" on the page.
>
>How to make a dynamic error or message appear in the page?
>
>(I tried to look in the archives for answers, but couldn't find one. May
>be I missed it too.)
>
>Thank you
>Vivek
>
>
>
>
>--
>To unsubscribe, e-mail:   
>For additional commands, e-mail: 
>
Vivek,

I have used syntax nearly identical to yours successfully in Struts 
1.02.   Could be a problem with your jsp or control flow.   Do you see 
the errors header and footer displayed or are you getting a blank page?

I would suggest the following:

0.  Inspect your container logs
1.  Verify that you have the struts bean and html tag libs referenced in 
your jsp and there are no other problems in the jsp
2.  Add some logging to verify that the ActionErrors constructor is 
getting the actual parameters that you think it is getting
3.  Add logging to verify that the saveErrors is getting executed

hth,

Phil

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: forms, security,read only fields,autopopulation

2002-08-03 Thread Phil Steitz

John Rothfield wrote:

>I have an account information screen that lets the user change their
>address. The screen displays account # also, but account # is a read only
>field.
>Question: should account # be in the form bean? I need to populate account
>#, but
>I'm afraid the user will hack the form and add an accountNo input field
>which would then
>automatically set the accountNo field. 
>
>One approach is to have the form object contain the model as a variable,
>and to have a
>"get" method but no "set" method.
>
>The example that came with struts uses the following:
>
>
>
>where user is the formname.
>
>Any comments?
>
>Thanks, John
>
First, you should ask yourself whether the user needs to see the full account
number.  You might want to consider displaying a masked version, showing
only enough to distinguish between multiple accounts that a user may have
(e.g. xxx--1234).

Second, and most importantly, you need to maintain the separation of the
model and the view.  Security is one of the primary motivators for Model
II/MVC. Updates to the model should be handled by business objects, not form
beans or even action classes. 

Finally, the mapping between accounts and logged in users should if possible
be maintained by the security system.  If you are using container-managed
security, you can get the identity of the logged-on user using J2EE APIs
in either the web container or the EJB container.  Before making any model
updates, you should verify that the logged in user actually owns the associated
account, using the J2EE (or application) APIs to get the identity of the
user and either your durable security store or a session object that is not
bound to the view, loaded at login, read-only thereafter, to do the check.
The closer you do the account authorization check to the actual model update,
the better.  

If you choose not to implement account-level authorization control in your
business objects, you should certainly avoid exposing the "session account
data of record" in your form beans.  You can still present the data; but
the form bean getter() should just access the *real* session data and the
setter() should be limited to setting an index into the *real* list of accounts
for the user stored elsewhere in the session. This is the main point -- the
set of accounts associated with a logged in user should in no case (other
than account enrollment) be modifiable by the user.

Just my -- admitedly conservative -- opinion.

Phil Steitz

>
>
>
>--
>To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: architecture question

2002-08-02 Thread Phil Steitz


Craig R. McClanahan wrote:

>My personal feeling (as primary author of Struts) is that I only care
>about supporting Struts on J2EE-compatible platforms (currently J2EE 1.3),
>or on a web container supporting Servlet 2.2 and JSP 1.1 if you don't need
>EJBs directly.  I'm not at all interested in supporting bastardized
>versions -- although BroadVision (or anyone else) is of course free to
>fork it and maintain their own copy.
>
>If BroadVision doesn't support the standard capabilities of Servlet 2.2
>and JSP 1.1 so that standard Struts runs on it, I wouldn't ever willingly
>use it for anything.  It's not just Struts and all of the innovation there
>that you give up -- you also give up the ability to utilize any other
>technology based on standard servlet and JSP APIs.  You're basically stuck
>with a proprietary infrastructure that is going to get increasingly
>farther from the future standards of J2EE.
>
>If unmodified Struts will run on BroadVision and they still prefer a "roll
>your own" MVC framework -- well, everyone likes to recommend what they are
>familiar with.  You might find yourself though, being one of the many
>people who started down the road of building their own framework and
>coming back to Struts because it was costing too much effort that was
>spent on the framework instead of the application :-).
>
>Craig McClanahan
>
I agree that proprietary infrastructure should be avoided as much as 
possible -- it's just that these products (BroadVision, Vignette, etc.) 
offer some business functionality that is very appealing to business 
partners (e.g. business user management of content, 1-1 marketing 
support) and very well-marketed (slick GUIs, nice slideware, etc...). 
 For obvious reasons, the vendors are not rushing to abandon their 
proprietary infrastructure ;-)

The best practical approach, therfore, IMHO, is to limit deployment of 
the proprietary stuff and to engineer interoperability.  For example, 
the marketing pages could be hosted on BroadVision (so the business 
users can manage the content) with links,  POSTs  or XML messaging 
interfaces into transactional pages/ business services hosted by a real 
J2EE container.  Session management can be tricky in this case, but the 
problems are not insurmountable.  

Regarding the value of frameworks in a large multi-team environment, 
 this is something that I have seen first hand pay off big time.  To be 
successful, however, you need to invest significantly in training, 
evangelism, operational readiness and support.  As struts continues to 
gain steam, the training and evangelism aspect will get easier and 
easier (like J2EE already has), since so many developers and architects 
will already be familiar with the framework when they start projects. 
 This represents a HUGE potential development and maintenance cost 
save.  In terms of training and support, you can either cultivate the 
necessary resources in-house or get outside help.  Check out 
http://jakarta.apache.org/struts/resources/consultants.html.

hth,

Phil Steitz  

>
>
>On Sat, 10 Nov 2001, Sandeep Takhar wrote:
>
>>Date: Sat, 10 Nov 2001 07:36:36 -0800 (PST)
>>From: Sandeep Takhar <[EMAIL PROTECTED]>
>>Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
>>To: Struts Mailing List <[EMAIL PROTECTED]>
>>Subject: architecture question
>>
>>hello!  need your help again...
>>
>>The bank I work at has semi-finalized it's plans for
>>employee facing and customer facing applications.  The
>>problem I am having is for customer facing
>>applications.  The application is the banks main
>>customer web site.  This web site will be maintained
>>by many different groups, each group having a link
>>from the home page.  Also note that since this web
>>site will go a long way towards promising what our
>>current CEO wants -- there are a lot of groups and a
>>lot of "important" people affected by any
>>architectural decision, which means that any change to
>>a recommendation will have to be clearly justified and
>>better work properly.
>>
>>The problem stems from the architecture to use when
>>there are all these different groups.
>>
>>We hired some expensive consultants and what they
>>recommended was as follows:
>>
>>The bank is already decided to use Broadvision so they
>>have not told us to use anything different than this
>>for the servlet container and the 1:1
>>publishing/content management.  WebLogic will be used
>>for EJB's.  Because of the many different groups and
>>because they are rolling out with 5.5 of broadvision
>>(which does not contain any J2EE services yet) and
>>also because of the "up

Re: problem

2002-06-20 Thread Phil Steitz


Look at your servlet engine log (servlet.log if you are using Tomcat with
the default setup).  Most likely the ActionServlet associated with your web
app is not loading because the data source initialization is failing.  The
mappings aren't there because the initialization failed.  The error message
will (hopefully) tell you why.  Make sure that you have the Oracle JDBC
driver jar in your application's WEB-INF/lib.

slickdev wrote:


I have a problem with the data-source properties in struts-config.xml
This is for the sample email portal application.

I configured the properties to use my localhost oracle installation, which
does work with jdbc from command-line java apps as well as with sql*plus.

Here is the suspect layout:

 

  
  
  
  
  
  
  
  

  

PROBLEM
When clicking the initial logon link to invoke logon.jsp, an exception
occurs:

javax.servlet.ServletException: Cannot find ActionMappings orActionFormBeans
collection
at
org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImp
l.java:460)
at logon_1._jspService(logon_1.java:691)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
at javax.servlet.http.HttpServlet.service(HttpServlet.java)
---
---
---

The exception does not occur if the stuff between  ---
 is commented out.



--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Problem in deploying struts app in production environment. Pls help

Re: Web Page acess to struts-user archive?

Re: LDAP client API?

Re: Does a degree matter?

Re: Use messages from ApplicationResource.properties for an e-mail

Re: Use messages from ApplicationResource.properties for an e-mail

Re: case study with security

Re: case study with security

Re: Data driven struts application

Re: [Q] Use of DispatchAction with security concerns

Re: Data driven struts application

Re: [XEN] Simple question: forward and redirect

Re: [THURSDAY] struts questions

Re: [ANN] Struttin' With Struts beta (newbies esp. welcome)

Re: Session Management

Re: Struts application & infrastructure choices

Re: Struts application & infrastructure choices

Re: WebLogic/Struts/JSP performance woes...

Re: [OT] Memory Footprint of DynaX vs. BO

Re: How to add a pre-action

Re: How to add a pre-action

Re: How to add a pre-action

Re: How to add a pre-action

Re: Struts Tag Request

Re: Alternative Datsource Hot-potatoing...

Re: [OT] Request Certificates/Security

Re: [OT] Request Certificates/Security

Re: how do I integrate struts with container managed security?

Re: How to Build error messages dynamically??

Re: forms, security,read only fields,autopopulation

Re: architecture question

Re: problem

32 matches

Site Navigation

Mail list logo

Footer information