Referer pages and structs
Title: Referer pages and structs Hi, I'm wondering whether Structs can be used to solve the following problem elegantly. I have a page, say contact.jsp that has two standard actions associated to it: EditContactAction, SaveContactAction. This page can be linked from many other pages. What I'd like is to go back to the page that called contact.jsp. For example, if page1 has a link to contact.jsp, after the user clicked the link, then press the save button on the contact.jsp, I'd like the next page to be page1. Similarly for all other pages linking to contact.jsp. Is there a way to code contact.jsp to automatically have this behavior? Thanks. Shunhui
Menu tag
Title: Menu tag This is not related to struts, but, does anyone know a menu jsp tag? that is, to configure major/minor navigation menus? Thanks. Shunhui
RE: Potential Security Flaw in Struts MVC
I want to second Martin's opinion. Secrurity (e.g, authentication and authorization) should be outside of the application, if possible. In our company, we are using Entrust's getAccess in combination with Apache. It can easily protect resources (most likely defined by URL) after the application is developed. That being said, to protect on a more granular level (e.g., certain fields should be read only, or certain memus should not show up) still seems to be part of the application. But I do think it is the right direction. Shunhui -Original Message-From: Martin Duffy [mailto:[EMAIL PROTECTED]]Sent: Monday, May 07, 2001 5:27 AMTo: [EMAIL PROTECTED]Subject: Re: Potential Security Flaw in Struts MVC A basic problem with most web development is that people arebuilding security into their applications. It should be handled outside of the application. You can have your application work in conjunction with an external security mechanism for more granular control but I the security mechanism should be external to the application for the most part. You could usefor example one of the authorization and access modules for apache. Then when you create your applicationyou can create specific *protected* URLs for say an admin area. Then only the person that is logged into the security mechanism with the proper *authorization* can access that URL (or one that contains that URL and parameters being passed to it in the URL). Security needs to be considered when building the applications but trying to build it into the application is a big mistake. A big reason to not build it into the app is that as your security requirements change you invariably have to make code changes to your application. By using an external mechanism you just change the rules governing the authorization and access control usually without any code changes to your app. - Original Message - From: Jeff Trent To: [EMAIL PROTECTED] Sent: Monday, May 07, 2001 6:37 PM Subject: Potential Security Flaw in Struts MVC I may be wrong about this (only been working w/ Struts for a week now). But I do see a potential security flaw in struts that I would like to hear from others regarding. Consider a simple set of struts classes that represent a user in a system. You would probably have classes that look something like this: User (the model representing the user) UserForm (an enrollment form for a new user) UserAction (Saves the UserForm information to db, etc) The User class would have accessors and modifiers like getFirstName(), setFirstName(), getAdministrativeUserFlag(), setAdministrativeUserFlag(), etc. The basic implementation of the UserForm is to take the UI form data, introspect the beans, and call the correct modifier of the UserForm bean based on the fields contained within the UI submission/form. A developer of course would not expose the "Administrative User Flag" option on the UI for enrollment (that would be found possibly in some other administrative-level module). However, if someone is familiar with the db schema and the naming convention the developer used, that user could subvert the application by writing his own version of the UI which contains an "Administrative User Flag" field (or any other field for that matter) and the basic form processing in Struts will kindly honor the request and set the "Administrative Flag" on the user. Unless, of course, the developer makes special provisions to prevent this behavior. However, its not entirely obvious to the struts user (in my opinion) that this is even a concern. Am I making sense here? - jeff
RE: Struts forms and JSP components/templates
Title: RE: Struts forms and JSP components/templates I think the scope of the form is specified in struts-config.xml, you can put it in session scope. Shunhui -Original Message- From: Tim Moore [mailto:[EMAIL PROTECTED]] Sent: Monday, May 07, 2001 2:40 PM To: '[EMAIL PROTECTED]' Subject: Struts forms and JSP components/templates I'm working on a very complex webapp with hundreds of form pages. Frequently there are chunks of a form that are shared across several pages. I was hoping to use the components library to separate these common form chunks into reusable pages, but I'm not having much luck with this. The problem is that the struts html:form tag stores data in the PageContext of the enclosing page, where individual input tags that appear in the the included components are unable to access them. I don't know if there's anything I can do about this from my application's end. Does anyone have any suggestions...hopefully something other than don't do that! ;-) Would it make any sense to change html:form to use the request context rather than the page context? TIA, -- Tim Moore / Blackboard Inc. / Software Engineer 1899 L Street, NW/ 5th Floor / Washington, DC 20036 Phone 202-463-4860 ext. 258 / Fax 202-463-4863
RE: Struts and DAO pattern. Expensive?
Title: RE: Struts and DAO pattern. Expensive? That opens up lots of questions I also have, I'm sure many of you have some solutions to these: (1)I went through a similar exercise, I first followed the Petstore example, to have a getConnection() method in my DAOs (well, I have BaseDAO, so at least the code is not duplicated). The good thing, as pointed out, is that the business object plus the DAO become self-contained. The bad thing is there are too many connections open. At first I thought that since I'm using connection pool, getting a connection is not too expensive. But I quickly found out there are a huge number of connections open at anytime for a not so complicated object hierarchy. So now all my save, delete methods now take a connection parameter (which is also for transaction purposes). But this leads to another problem (2) I follow the convention that all my business objects have: Foo, FooDAO, FooManager (and even FooFactory). FooManager contains the finder methods (getByID, getAll, etc.), now these also take a connection as a parameter. But I also made a decision to hold id references rather than object reference in my business objects (to avoid huge object hierarchy loading), and only lazily load a dependent object when getFooChild() is called (which has no parameter, as usual), which calls the manager classes, but now there doesn't seem to be a good place to get the connection to pass to getByID. What is a better way? anything should be done differently with or without entity EJBs? Any comments are appreciated. Thanks. Shunhui -Original Message- From: Vanderlei Silva [mailto:[EMAIL PROTECTED]] Sent: Monday, May 07, 2001 6:00 PM To: [EMAIL PROTECTED] Subject: Struts and DAO pattern. Expensive? Hi all, I'm right now having to deal with some tough design decisions concerning Data Access Objects (DAOs). I know this is really not a direct related Struts question, but I also understand that everybody in this list already faced this issue while integrating Struts in their model. I'm not using EJBs but this should really not be an issue, as the DAOs are supposed to be reusable in non-EJBs designs as well. What I have is struts dealing with controllers, and these controllers dealing with business ojects and DAOs. Let's see what I found/have: - J2EE Pet Store, in their DAO objects, for every new business method, they get a new connection from the pool and later release it. This makes the code cleaner at the controller side, but VERY repetitive at the DAO side (note that they replicate the getConnection,closeConnection, closeResultSet, etc... all over the DAOs. It's kind of amazing to see such a replication in a reference implementation. It also sounds very, very expensive to get a new connection every time. In some cases, a business method makes a call to another business method, and they are getting the connection twice for this. Imagine a call where the controller needs to talk to 3 DAOs and perform about 10 business method calls. They will get and close the connection 10 times. The connection pool, managed by the application server, will more than likely create a bottle neck in this whole thing. - in my approach, while testing, the controller is responsible for getting a new connection and forwarding it (through parameters) to the DAOs. The problems with this approach are: the DAOs are not a member of the Business objects, but work in parallel with them. Thus, the controller deals with both the business objects and the DAOs, and makes all the control, serving also as a bridge, or facade. The advantage of this approach is that basically, for every user request, you will have only one connection lookup, doesn't matter how many DAOs methods you call from different objects in order to full fill the request. I need to confess I'm lost. The PetStore approach sounds cleaner in some sence, but also sounds too repetite in other, and mostly, sounds way to expensive (or it isn't?). How do you see all this? Regards, Vanderlei _ Get your FREE download of MSN Explorer at http://explorer.msn.com
RE: Iterate certain number of times?
Hi, I have a similar problem. I'd like to use the iterate tag to present a list of objects in a tabular form, but I'd like to specify how many per row. Is there an easy way to do that using only the tags? Thanks. Shunhui --- [EMAIL PROTECTED] wrote: Does anyone know if any of the other taglibs provides a for loop? Dave [EMAIL PROTECTED] on 04/30/2001 01:27:07 PM Please respond to [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc:(bcc: David Hay/Lex/Lexmark) Subject: RE: Iterate certain number of times? Hey that's pretty cool. I got it working in about 10 minutes. One question though. I had to move my iterate bean from Request to Session scope. Is there any way to keep it at the request level? Thanks, Donnie Hall |+-- || kbasel@freemail.| || absa.co.za | || | || 04/27/2001 03:21| || PM | || Please respond | || to struts-user | || | |+-- | | | | To: [EMAIL PROTECTED] | | cc: (bcc: Donnie Hall/Enron Communications) | | Subject: RE: Iterate certain number of times?| | Hi, There's a good pager taglib at jsptags.com. I've used it in a struts app and does the job quite well when embedded in the iterate tags. logic:iterate pg:item Item Details /pg:item /logic:iterate Hope it helps, karl -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 27 April 2001 09:29 To: [EMAIL PROTECTED] Subject: Iterate certain number of times? Hi. Am wanting to iterate a certain number of times, based on a value in my form bean, to create a set of page links for the number of pages the user can view (similar to at the bottom of most search engine results). How do I do this with Struts? Obviously I am not iterating over a collection. But surely it is possible - what am I missing? Many thanks, Dave __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
Re: Can not read i18n properties file
Pau, I did a similar test for a chinese version with resource_zh.properties. If I change my browser language preferences (in IE), I do get the chinese version, although to display it correctly, I needed to select chinese encoding in IE's view menu. My guess is that the response header is not setting the Content-language header or the charset header, but I haven't looked into it. Shunhui --- Sean Pau [EMAIL PROTECTED] wrote: I test creating resource properties file for Japanese language. I use Windows Notepad and edit resources_ja.properties and save it under UTF-8 and Unicode format. Struts could display when the file is in UTF-8 format but the text came out rubbish. When the file is in Unicode format, Struts is not reading it, instead it reads the default resources.properties file. Both UTF-8 and Unicode format resources_ja.properties files display the Japanese text OK when I drag it into IE and also WordPad. Pls help. Thanks _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
Re: Help on struts on Unix.
It seems you have another copy of Tomcat running, you
may want to type ps to see the processes, and kill
the old one. Or type shutdown.sh to shutdown the old
Tomcat.
Shunhui
--- Michael Wang [EMAIL PROTECTED] wrote:
On Unix, when I started tomcat by typing startup.sh,
I got following errors:
What I did were
1. install tomcat
2. start tomcat, test tomcat example, work fine.
3. install struts.
4. export struts-example.war, start tomcat, got
error.
The same procedure is working fine with WinNT. I do
not know whether I need
to set up something else on UNIX.
Thanks for any help.
-Michael
Pop org.apache.struts.action.ActionMapping
register('-//Apache Software Foundation//DTD Struts
Configuration 1.0//EN',
'jar:file:/devel/slinky/mwang/java/tomcat/lib/struts.jar!/org/apache/struts/
resources/struts-config_1_0.dtd'
register('-//Sun Microsystems, Inc.//DTD Web
Application 2.2//EN',
'jar:file:/devel/slinky/mwang/java/tomcat/lib/struts.jar!/org/apache/struts/
resources/web-app_2_2.dtd'
register('-//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN',
'jar:file:/devel/slinky/mwang/java/tomcat/lib/struts.jar!/org/apache/struts/
resources/web-app_2_3.dtd'
resolveEntity('-//Sun Microsystems, Inc.//DTD Web
Application 2.2//EN',
'http://java.sun.com/j2ee/dtds/web-app_2_2.dtd')
Resolving to alternate DTD
'jar:file:/devel/slinky/mwang/java/tomcat/lib/struts.jar!/org/apache/struts/
resources/web-app_2_2.dtd'
Call
org.apache.struts.action.ActionServlet.addServletMapping(action/java.lang.St
ring,*.do/java.lang.String)
FATAL:java.net.BindException: Address already in use
java.net.BindException: Address already in use
at
java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(Unknown
Source)
at java.net.ServerSocket.init(Unknown
Source)
at java.net.ServerSocket.init(Unknown
Source)
at
org.apache.tomcat.net.DefaultServerSocketFactory.createSocket(DefaultServerS
ocketFactory.java:97)
at
org.apache.tomcat.service.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java
:239)
at
org.apache.tomcat.service.PoolTcpConnector.start(PoolTcpConnector.java:188)
at
org.apache.tomcat.core.ContextManager.start(ContextManager.java:527)
at
org.apache.tomcat.startup.Tomcat.execute(Tomcat.java:202)
at
org.apache.tomcat.startup.Tomcat.main(Tomcat.java:235)
__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
Re: html:message tag
My guess: A reference to the message property file is obtained in the ActionServlet.initApp() method. If ActionServlet is not loaded at startup, then this method is not called. So when you call html:message, it's probably still not called (unless the ActionServlet is instantiated before displaying the page). Shunhui --- Sue Deng [EMAIL PROTECTED] wrote: I would like to share what I did wrong before: I forgot to put the line load-on-startup2/load-on-startup in web.xml file. After I add this line, my jsp works. So, why is this line so important for using bean:message lag? Thanks, -Sue Jason Chaffee wrote: I find the following configuration easier: Simply put the the resouce file in /WEB-INF/classes directory. Then change the deployment descriptor as follows: servlet servlet-nameaction/servlet-name servlet-classorg.apache.struts.action.ActionServlet/servlet-class init-param param-nameapplication/param-name param-valueApplicationResources/param-value Also, make sure there isn't a typo in your resource file or your jsp page. -Original Message- From: Sue Deng [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 01, 2001 11:51 AM To: [EMAIL PROTECTED] Subject: Re: html:message tag I put my ApplicationResources.properties file in /usr/local/tomcat/classes/net/covalent directory before. Now i moved it to my applications /WEB-INF/classes/net/covalent directory. And I got Missing message for key logon.title error, but the logon.title key is in the file. Thanks, -Sue Ratnadeep Bhattacharjee wrote: Chances are the location of your ApplicationResource file is not where ActionServlet is looking for it. For example, if your web.xml looks as follows: servlet servlet-nameaction/servlet-name servlet-classorg.apache.struts.action.ActionServlet/servlet-class init-param param-nameapplication/param-name param-valuenet.covalent.ApplicationResources/param-value then the ApplicationResources.properties file should be in the WEB-INF/classes/net/covalent/ directory. Hope this helps. -Deep. I did not make any changes on the code. What do you mean the app server? I am using jakarta-struts-1.0-b1 under Tomcat. What should I do now? Thanks, -Sue Jason Chaffee wrote: Have you made any changes to the code? The ActionServlet should be creating the resource bundle and storing in the servlet context using this key. What app server are you using? There could be a bug in how it stores objects in the servlet context, thus the ActionServlet can't find anything that has previously been stored there. -Original Message- From: Sue Deng [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 01, 2001 9:39 AM To: [EMAIL PROTECTED] Subject: Re: html:message tag Thanks, Jason. But when I use bean:message, I got Cannot find message resources under key org.apache.struts.action.MESSAGE error. Thanks, -Sue Jason Chaffee wrote: it should be bean:message -Original Message- From: Sue Deng [mailto:[EMAIL PROTECTED]] Sent: Monday, April 30, 2001 5:26 PM To: [EMAIL PROTECTED] Subject: html:message tag Hi, I am trying to build form using struts taglib. But I get no such tag message ...error when I use html:message tag. I found that struts-html.tld and struts-bean.tld files do not have a tag named message, but the struts example uses that tag. Why? Thanks, -Sue __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
Re: html form widgets not appearing
Just another thing to look at. The message resource is loaded at startup, in ActionServlet.initApplication(), and stored in the ServletContext with the key Action.MESSAGES_KEY (which is really the String org.apache.struts.action.MESSAGE). The message tag simply gets the resource from there. You can try to put a break point in initApplication(), and see whether the resource is read correctly there, if yes, you may want to check whether any of your Actions overwrites that key. Shunhui --- G.L. Grobe [EMAIL PROTECTED] wrote: RE: html form widgets not appearingThe entire index.jsp file is included in this message so you can see the html source at the end. I havn't actually re-compiled the struts.jar file to see what was happening (because it wasn't easy to get working w/ orion server) but just by looking at MessageTag.java, I could see where in doStart() the message var came back as null and threw the exception when trying to read the key. I saw the file it was trying to read was correct by doing a println(getClass().getResource(my.properties)... in my jsp file. I'll look at this loadLocale to see how and where to use it. Thnxs. - Original Message - From: Jason Chaffee To: '[EMAIL PROTECTED]' Sent: Friday, April 27, 2001 7:09 PM Subject: RE: html form widgets not appearing What does the html source look like? You also might want to check the method loadLocale() and make sure the message strings are being loaded from the file. -Original Message- From: G.L. Grobe [mailto:[EMAIL PROTECTED]] Sent: Friday, April 27, 2001 5:11 PM To: [EMAIL PROTECTED] Subject: Re: html form widgets not appearing Heh, I've been on this prob for almost two weeks and I'm loosing motivation in this project because of this bug. My servlet config I believe is correct. I made it as simple as possible by putting the cais.properties file in the ~/WEB-INF/classes dir (no package path) and saying: !-- Action Servlet Configuration -- servlet servlet-nameaction/servlet-name servlet-classorg.apache.struts.action.ActionServlet/servlet-class init-param param-nameapplication/param-name param-valuecais/param-value /init-param Other keys are not being found as well. I know the correct file is being found as I println the ...getClass().getResources(cais.properties) and it shows it's got the correct path and according to the struts code, it's finding the file, but not the key. I'm pretty sure I'm referencing the key correclty: %@ page language=java % %@ taglib uri=/WEB-INF/struts-bean.tld prefix=bean % %@ taglib uri=/WEB-INF/struts-html.tld prefix=html % html:html head title bean:message key=main.title / /title - Original Message - From: Scott Cressler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 27, 2001 6:58 PM Subject: RE: html form widgets not appearing Well, at least now you know you're invoking the bean:message tag. ;-) That's a problem I've found with debugging custom tags: if you forget the taglib directive or screw it up, you get no complaints. It seems to be saying it can't find your message by that key. Can you find any messages? Do you have the correct reference to the properties file in your web.xml file, e.g.: !-- Action Servlet Configuration -- servlet servlet-nameaction/servlet-name servlet-classorg.apache.struts.action.ActionServlet/servlet-class init-param param-nameapplication/param-name param-valuecom.propel.webapp.Resources/param-value /init-param In my case, that means the file is at webapproot/classes/com/propel/webapp/Resources.properties . I don't think it necessarily has to be there (isn't there some search path for finding it?), but that has worked for me (using resin). Make sure you can find any message and then make sure your tag is referencing the message key correctly, e.g., I would expect given what you've said it would be: bean:message key=main.title/ Scott -Original Message- From: G.L. Grobe [mailto:[EMAIL PROTECTED]] Sent: Friday, April 27, 2001 4:51 PM To: [EMAIL PROTECTED] Subject: Re: html form widgets not appearing I don't get it, if I match prefix=struts-bean w/ a tag of bean:message key ... it can't find the keys in the properties file, which I'd say is to be expected. But if I change the prefix=bean w/ tags of bean:message ... making the prefix and tag the same like it should be, then I get the following error. 500 Internal Server Error javax.servlet.jsp.JspException: Missing message for
