RE: welcome file in web.xml
No ... this is not a proper way to do it. (because welcome-file list will be used for all the directories under the root directory of your context to locate startup file.) rather you can use index.jsp as your welcome-file and in that jsp file you can redirect your request to the URL given by you. for example: WEB.XML welcome-file-list welcome-fileindex.jsp/welcome-file /welcome-file-list index.jsp % response.sendRedirect(jsp/login.do?action=initMethodamp;targetAction=direc tLogin); % regards, Hitesh Dave -Original Message- From: Nagendra Kumar O V S [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 10:32 AM To: [EMAIL PROTECTED] Subject: welcome file in web.xml hi, can i use this in web.xml welcome-file-list welcome-filejsp/login.do?action=initMethodamp;targetAction=directLogin/w elcome-file /welcome-file-list TIA --nagi Nagendra Kumar O V S Member Technical Staff Ikigo India Private Ltd. 470-B, Road No. 36, Jubilee Hills, Hyderabad 500033 Contact(O): 23544671 Cell: 98482-41789 IncrediMail - Email has finally evolved - Click Here
Re: Struts and encryption
Hi Tim,
We were faced with a similar dilemma in our app. This is finally what we did :
1. We used MD5 hash to encrypt the password and insert it into the DB.
2. On login user entered password is hashed and matched with the password in the
DB.
3. If user forgets his/her password and performs a Change Password then his/her
password is reset.
This is what we do to reset password :
1. On performing Change Password a 32 byte hash key is generated using the user's
UserID and the current timestamp. The first 8 characters is sent to the user in a
mail as his new password and those 8 characters are re-hashed into a 32 byte hash
key and the user's password in the DB is updated with that value.
Hope this helps.
Regards,
Hitesh
Tim Strong wrote:
I did some quick research on this recently.
I struggled between choosing any of the following:
1. encode/decode password using Java
2. encode/decode password using database specific methods
3. hashing the password
After doing quite a bit of research on the 'net (java.sun.com mostly), I
decided to use #3, using a message digest and MD5 hashing. This is a
one-way hash, almost impossible to decode. To authenticate the user, I
hash the password entered from the login form using this same method and
compare that with the password hash stored in the database.
Regarding decrypting the password, based on what I have read, I decided
that no one, not even the database administrator, should be able to
decrypt the user's password.
The following is the method that I use to hash the password.
public static byte[] encodePassword(byte[] unencodedPassword) {
log.trace(encodePassword() - Entering);
MessageDigest md = null;
try {
// first create an instance, given the provider
md = MessageDigest.getInstance(MD5);
} catch (Exception e) {
log.error(Exception: , e);
}
md.reset();
// call the update method one or more times
// (useful when you don't know the size of your data, eg.
stream)
md.update(unencodedPassword);
// now calculate the hash
byte[] encodedPassword = md.digest();
StringBuffer buf = new StringBuffer();
for (int i=0; i encodedPassword.length; i++) {
if (((int) encodedPassword[i] 0xff) 0x10) {
buf.append(0);
}
buf.append(Long.toString((int) encodedPassword[i]
0xff, 16));
}
log.debug(encodePassword() - Encoded Password:\t + buf);
log.trace(encodePassword() - Exiting);
return(encodedPassword);
}
If the user forgets the password, I am still struggling with what to do,
probably one of the following or both:
1. reset the password and mail the new password to the user
2. reset the password and present it to them within the browser
Both methods I will force the user to change their password the next
time they login
I'm not an expert in Java security, so I would be interested in any
comments.
-Tim
-Original Message-
From: Andrew H. Peterson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 9:36 PM
To: Struts User Forum (E-mail)
Subject: Struts and encryption
Is there a struts preferred method of handling encryption/decryption?
I am
authenticating users via a database lookup. I want to store the
encrypted password in the database.
If struts doesn't have a preferred method of encryption/decryption, can
someone point me to a good Java API for encryption/decryption?
Thanks.
ahp
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Design consideration: Client side validation
Hi: Struts puts emaphasis on server-side validations. However, lotsa times it makes sense to do some validations before we hit the server. How the client side validations should be done while keeping the sanctity of the design principles for struts? Is it a good practice to use use JavaScript to do this? What are the possible ways to do this? TIA, Hitesh. __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com
Struts Sample Code Repository!!!
Hi Guys: Is there a place where I can get the exhaustive list of struts sample code? In particular, I am looking for following set of sample code / tutorial / How-TOs / user-guides: (1) Model involving entity EJB (CMP) and talking to Oracle database. (2) View involving table of dynamically generated result set obtained from the EJB based model. (3) View involving dynamically generated forms based on the resultset. (4) Login/authentication/authorization using LDAP server (We are using IBM SecureWay implementation). (5) View involving more glizy stuff than normal HTML buttons. The buttons can be images / Macromedia flash components. (6) Forms which can be more than the normal HTML forms (involving the sleek looking Flash forms). TIA, Hitesh. __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com
Flash button and forms with struts
Hi All: How can we use Macromedia flash buttons and forms with struts? It is really important for us at the moment because we want to use struts and we also want to leverage the Flash forms/buttons already present with us. The decision of whether to use struts or not hinges on the fact how easily can we integrate Flash components in struts. TIA, Hitesh. __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com
Re: IBM VisualAge WTE and struts
Thanks Stephen/Eric/Alan/David: Stephen: Could you please send the .war file to me. Also, could you please tell us in this thread, what are the specific changes that you made for this sample to work with WTE / WAS? Eric: It is really a great idea to separate the VAJ projects along the product/API lines. This is a clean approach. It is really a good idea to have a base project built for general stuff used by multiple projects e.g. the XML parser. Thanks, Hitesh. --- Eric Rizzo [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Hitesh, Included are the instructions for getting the struts-example (under Struts v1.0) running in both VAJ 4.0/WTE and WAS 4.0 that I posted a while ago... Cool, I think it's good idea to write this stuff up. But I would make one suggestion: instead of just opening the current edition of the IBM XML Parser project and letting it be updated when you import Xerces/JAXP, I recommend separating out the various XML API's as I have described in a message in this thread a few minutes ago. HTH, Eric -- Eric Rizzo VAJ Frequently Asked Questions at http://www.jguru.com/faq/VAJ __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com
Re: IBM VisualAge WTE and struts
Hi Stephen:
Did you miss some steps in this for conversion of
web.xml file to strutsexample.webapp file using the
XSL provided with WTE (webapp.xsl)?
Thanks,
Hitesh.
--- [EMAIL PROTECTED] wrote:
Hitesh,
Included are the instructions for getting the
struts-example (under Struts
v1.0) running in both VAJ 4.0/WTE and WAS 4.0 that I
posted a while ago...
(Note: The WAS instructions make reference to a .war
file that is too big to
upload to this group but I will send it directly to
anyone who needs it.)
Here to help,
Stephen :-{)
Stephen Brand
Software Architect
[EMAIL PROTECTED]
ATTACHMENT part 2 application/zip name=Installing
Struts.zip
__
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com
IBM VisualAge and struts
Hi: Did anybody try to setup VisualAge for struts? If anybody can give some pointers, it would be of great help. Thanks, Hitesh. __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com
IBM VisualAge WTE and struts
Hi: I am having tough time establishing peace between VAJ 4.0 WTE and struts. I am following the WebSphere Version 4 Application Development Handbook. WTE requires IBM XML Parser for Java and struts requires me to use Xerces. The following packages are conflicting between the two - org.w3c.dom - org.xml.sax - org.xml.sax.helpers I created open editions of org.w3c.dom, org.xml.sax, and org.xml.sax.helpers in the IBM XML Parser for Java project and then created a new Xerces project and imported all the source from the Xerces. I get warnings on doing this. Can I live with these warnings? Any suggestion how should I go about importing struts in VisualAge 4.0? Thanks, Hitesh. __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com
Invalid attribute Prefix error
Hi: I am trying to run a struts sample with VisualAge 4.0 WTE. I get an error as follows: Message: Directive: Invalid attribute, prefix My JSP file is: %@taglib uri=/WEB-INF/struts-html.tld prefix=html% html:html locale=false html:errors/ html:form action=processNewEmployee.do *First Name: html:text property=firstName/BR *Last Name: html:text property=lastName/BR *Phone Number: html:text property=phoneNumber/BR Office Number: html:text property=officeNumber/BR Backup: html:text property=backup/BR Backup Phone Number: html:text property=backupPhoneNumber/BR html:submit / /html:form /html:html Any idea, what might be going wrong. Thanks, Hitesh. The detailed error message is: Error 500 An error has occured while processing request:http://localhost:8080/jsp/employeesearch.jsp Message: Directive: Invalid attribute, prefix Target Servlet: jsp StackTrace: Root Error-1: Directive: Invalid attribute, prefix com.ibm.servlet.engine.webapp.WebAppErrorReport: Directive: Invalid attribute, prefix java.lang.Throwable(java.lang.String) java.lang.Exception(java.lang.String) javax.servlet.ServletException(java.lang.String) com.ibm.websphere.servlet.error.ServletErrorReport(java.lang.String) com.ibm.servlet.engine.webapp.WebAppErrorReport(java.lang.String) void com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(int, java.lang.String) void com.sun.jsp.runtime.JspServlet.unknownException(javax.servlet.http.HttpServletResponse, java.lang.Throwable) void com.sun.jsp.runtime.JspServlet.service(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) void javax.servlet.http.HttpServlet.service(javax.servlet.ServletRequest, javax.servlet.ServletResponse) void com.ibm.servlet.engine.webapp.StrictServletInstance.doService(javax.servlet.ServletRequest, javax.servlet.ServletResponse) void com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(javax.servlet.ServletRequest, javax.servlet.ServletResponse) void com.ibm.servlet.engine.webapp.IdleServletState.service(com.ibm.servlet.engine.webapp.StrictLifecycleServlet, javax.servlet.ServletRequest, javax.servlet.ServletResponse) void com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(javax.servlet.ServletRequest, javax.servlet.ServletResponse) void com.ibm.servlet.engine.webapp.ServletInstance.service(javax.servlet.ServletRequest, javax.servlet.ServletResponse, com.ibm.servlet.engine.webapp.WebAppServletInvocationEvent) void com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(com.ibm.servlet.engine.webapp.ServletInstanceReference, javax.servlet.ServletRequest, javax.servlet.ServletResponse, com.ibm.servlet.engine.webapp.WebAppServletInvocationEvent) void com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(javax.servlet.ServletRequest, javax.servlet.ServletResponse, com.ibm.servlet.engine.webapp.WebAppServletInvocationEvent) void com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(com.ibm.servlet.engine.webapp.WebAppRequest, javax.servlet.http.HttpServletResponse, boolean) void com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(javax.servlet.ServletRequest, javax.servlet.ServletResponse, boolean) void com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(javax.servlet.ServletRequest, javax.servlet.ServletResponse) void com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(java.lang.Object) void com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(java.lang.Object) void com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(java.lang.String, com.ibm.servlet.engine.srp.ISRPConnection) void com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(com.ibm.servlet.engine.oselistener.api.IOSEConnection) void com.ibm.servlet.engine.http_transport.HttpTransportHandler.handleConnection(java.net.Socket) void com.ibm.servlet.engine.http_transport.HttpTransportHandler.run() void java.lang.Thread.run() __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com
