Re: [S2] JasperReports plugin vs. Subreports
Hi Dave, Did you make any progress with this? The approach I've used is for the action to set up a JRDataSource instance in a public property. The DataSource is defined as a normal parameter in the Master Report. The Jasper Result passes this JRDataSource instance to the Master report through the parameter and the Master report passes the datasource to the subreport through a dataSourceExpression. Although it's possible for the action to setup a JRHibernateListDataSource/JRJpaDataSource/other JRDataSource instance, I instead created a subclass of JRAbstactBeanDataSource that performs an nested iteration over the nested collection(s). I'm not sure if that makes sense - it runs multiple iterators to unroll the nested collection as the master collection is iterated over. This basically means there's no additional code in the action other than to define the JRDataSources for the subreports. I'm interested to hear if you solved it another way. regards, Jeromy Evans Dave Newton wrote: This might be a JasperReports question; not sure yet. I'm trying to figure out if there's a way I can use sub-reports via the JasperReports plugin. I have a reasonably complicated data structure with multiple nested collections. At this point I might just write XML and use an XML datasource and use JR by hand, but I'd really like to avoid that if possible. Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Question on Application, Session, Request Awareness best practices ...
Hello, Since struts2 actions are not shared amongst requests and if these actions are Aware of one of the scopes they essentially have a copy of that scope's parameters in a map. Lets say the application has about 15 attributes and the session has about 7 attributes. Que1. When you add a new application attribute, does it automatically get added to all the present maps of that particular scope in all the instances of a particular action that are ApplicationAware? Que2. What are the performance implications of having such a map on each application instance that requires access to a particular application scoped attribute and not all? Que3. If an action needs just one application attribute, is it better to have an interceptor extract that from the application scope and set it on the action? Que4. Is it better to implement the "Awareness" of one or more of the scope in an interceptor ? (Since interceptor instances are shared across requests) If yes, would this map of attributes from the particular scope get updated when a new attribute is added to that particular scope? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: i want to use the source luke.
> However, i > did not see > the source for any of the "com.opensymphony.xwork2.*" classes. Is the > source > for these classes available? XWork is a seperate project at opensymphony. You can get the sources from https://svn.opensymphony.com/svn/xwork/ Piero - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: i want to use the source luke.
On Jan 15, 2008 5:24 PM, Darren James <[EMAIL PROTECTED]> wrote: > > I recently downloaded the 2.0.11 distribution, and was able to find the > sources to > all of the java classes under the "org.apache.struts2.*". However, i > did not see > the source for any of the "com.opensymphony.xwork2.*" classes. Is the > source > for these classes available? According to the struts2-core 2.0.11 pom, it depends on xwork 2.0.4. Try the -sources jar, here: http://repo1.maven.org/maven2/com/opensymphony/xwork/2.0.4/ -- Wendy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using and
GF wrote: It could be a solution, but: Greet simply works. Unfortunately simply HTML Escaping the href attribute isn't satisfactory. It would corrupt valid javascript. eg. Link A HTML escaped is not equivalent: Link B As Martin suggested, you could write code that parses the attribute to ensure it's not prematurely terminated by a quote. The complication is that it can't replace double quotes/single quotes with an html equivalent as it will need to be aware of quote nesting and escaping, and the tag implementation doesn't know whether the template uses a single quote or double quote to open the attribute. This problem has been solved plenty of times before though. Despite all that, the developer of the tag library did decide to html escape all the scripting-event attributes already (onclick etc) so maybe I'm making a pointless point. More importantly, the developer needs to ensure user-entered data is escaped, which brings us back to s:url's encode attribute and the use of variables generally. Perhaps it would be more useful if could easily escape variables before inserting them into the HTML: eg. as per freemarker notation: I've used this reliably before link or link Where encode is a function in the context. Similarly this will work: link The developer knows best whether a variable can be trusted in the current context and there are sufficient tools at his disposal to protect against this particular XSS vulnerability. I agree it may be useful if s:url encoded the entire query string through. cheers, Jeromy Evans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: i want to use the source luke.
--- Darren James <[EMAIL PROTECTED]> wrote: > I recently downloaded the 2.0.11 distribution, and was able to find the > sources to > all of the java classes under the "org.apache.struts2.*". However, i > did not see > the source for any of the "com.opensymphony.xwork2.*" classes. Is the > source > for these classes available? Sure, but not in the S2 source download. XWork is a separate project. I believe building using Maven does include the XWork source (or it's in the repository; I forget which), so that's another option. d. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
i want to use the source luke.
I recently downloaded the 2.0.11 distribution, and was able to find the sources to all of the java classes under the "org.apache.struts2.*". However, i did not see the source for any of the "com.opensymphony.xwork2.*" classes. Is the source for these classes available? thanks in advance, - darren. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts2 actions' extension
Filipe David Manana wrote: Yes, I use Tomcat 5.5. Where in tomcat do I configure directories not handled with mod_jk? He said 'apache+tomcat'; mod_jk is an Apache Httpd component, so it's not relevant if you aren't using Apache Httpd. See below for further comments. By the way, is there a Struts2 config only? thank you On Jan 12, 2008 6:56 PM, GF <[EMAIL PROTECTED]> wrote: If you are using apache+tomcat, you can place static file in a directory not handled with mod_jk On Jan 12, 2008 6:28 PM, Filipe David Manana <[EMAIL PROTECTED] > wrote: Hi, I have set the property struts.action.extension to the empty string. I can now invoke my actions with the default ".action" suffix, although I have a problem: You mean without the default .action suffix, right? css files (ending in .css) and javascript (.js) are no longer accessible to the client. How can I fix this? If you don't want to use a URL extension (e.g. .action) to identify which requests should be processed by Struts, you need to partition the URL namespace. For example, /struts/* gets handled by Struts and /static/* gets handled by Tomcat for serving CSS, JS, etc. L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: struts 2 and ognl
Otto, Frank wrote:
hi,
thanks for your answer.
how can I build a ognl variable dynamic? Example:
I have an iteration with different url-definitions, because
I need always another parameter (index):
...
action="test_myMethod.action">
href="%{myMethod%{#stat.index}}"/> <--- I need
here: %{myMethod0}, %{myMethod1}, ..., but it wasn't evaluated
Has someone an idea?
Firstly, it's not valid to nest OGNL expression
(%{...%{...}}) but you
can get the result you want something like this (untested):
href="%{'myMethod'+#stat.index}"
This may also work:
href="myMethod%{#stat.index}"
However, based on the code you posted, I suspect this isn't what you
want; aren't you trying to set the autocompleter's href to
the URL you
built with s:url above? In that case, just simplify:
In my opinion I need the indifier. I have 2 or more (dynamic) autocompleter,
and the first autocompleter refreshs the second, the second and so one. I have
the same action for the refresh, but I need the index of the autcompleter,
which sends the notfiyTopic. So I need a dynamic build url id, because there is
different parameter for it. f.e.:
I guess I just don't understand your question. You'd get the same result
from the above if each s:url tag used the same id value, as in:
There's still no need for the id attribute to have a dynamic value.
L.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts2 redirect action
Thank you so much for you help. Yes, we do want the other action to execute before reaching the jsp ... as i was refactoring the code, i read your next response, and yes, the "chain" result is exactly the fix for me. I think action chaining is in general frowned on, but for my initial login, i think it fits perfectly. Again, thanks for you time looking at it! On 1/15/08, Nils-Helge Garli Hegvik <[EMAIL PROTECTED]> wrote: > > I just realized that the proposed solution won't do what you want it > to do either, since you obviously want the other action to run before > the jsps are dispatched... So, you either have to re-structure your > code a bit and invoke the other actions directly (either manually or > by specifying it as the default action in portlet.xml), or you could > try playing with the "chain" result to see if that does the trick. > > Nils-H > > On Jan 15, 2008 11:32 PM, Nils-Helge Garli Hegvik <[EMAIL PROTECTED]> > wrote: > > I think I have figured out the problem. The problem is that > > "redirectAction" doesn't really do what you think it does, not when > > used in the render phase. I should probably implement a check for > > this, as you can't do a sendRedirect in a portlet. "redirectAction" in > > a portlet should only be used after executing an action in the action > > phase (I need to document this). So...with that in mind, you > > should change your configuration: > > > > struts.xml > > > > > class="com.cerner.healthe.health.management.vitals.action.IndexAction"> > > /WEB-INF/view/advisor.jsp > > /WEB-INF/view/consumer.jsp > > > > > > Then make sure you use the "redirectAction" result type only when your > > action has been executed in the action phase (form submit, or s:url > > created with the attribute 'portletUrlType' set to 'action'). > > > > Hope that made sense... > > > > Nils-H > > > > > > On Jan 15, 2008 8:45 PM, Brian Relph <[EMAIL PROTECTED]> wrote: > > > I have debugged through my own code, but not too deeply through the > struts2 > > > code. I did notice when running it with struts 2.0.11, that there was > a > > > warning that the actionMapper property of the > PortletActionRedirectResult > > > was not set b/c the bean could not be found. > > > > > > Would something in the web.xml affect it? I noticed in the portlet > > > archetype, that it is empty. I have included that as well. > > > > > > > > > portlet.xml > > > > > > > > > > > > > > http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd xmlns:xsi= > > > http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation=" > > > http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd > > > http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd"; > > > id="healthehealthmanagementvitals"> > > > > > > > > > > > > > > > Healthe Health Management Vitals Portlet > > > > > > > > > HealtheHealthManagementVitals > > > > > > xml:lang="EN">HealtheHealthManagementVitals > > > > > > > > > org.apache.struts2.portlet.dispatcher.Jsr168Dispatcher > > > > > > > > > > > > > > > viewNamespace > > > /view > > > > > > > > > > > > > > > defaultViewAction > > > index > > > > > > > > > 0 > > > > > > > > > text/html > > > view > > > > > > > > > en > > > > > > > > > Healthe Health Management Vitals Portlet > > > HealtheHealthManagementVitals > > > struts > 2,portlet,healthe,health,management,vitals > > > > > > > > > > > > Role_Consumers > > > > > > > > > > > > > > > > > > > > > > > > web.xml > > > > > > > > > > > > > > Application 2.3//EN" > > > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > > > > > > > > healthe-health-management-vitals-war > > > > > > > > > contextConfigLocation > > > /WEB-INF/applicationContext*.xml > > > > > > > > > > > > > > > org.springframework.web.context.ContextLoaderListener > > > > > > > > > > > > > > > index.html > > > index.htm > > > index.jsp > > > > > > > > > > > > > > > Healthe Health Management > Vitals > > > /HealtheHealthManagementVitals/* > > > > > > > > > Role_Consumers > > > > > > > > > > > > > > > Role_Consumers > > > > > > > > > > > > > > > > > > > > > On 1/15/08, Nils-Helge Garli Hegvik <[EMAIL PROTECTED]> wrote: > > > > > > > > Hm I usually experience this behaviour when the JSPs aren't > > > > found... Other than that, redirectAction runs just fine in my sample > > > > applications. Have you tried launching in debug mode and step > through > > > > the code? Can you show your portlet.xml file? > > > > > > > > Nils-H > > > > > > > > On Jan 15, 2008 7:58 PM, Brian Relph <[EMAIL PROTECTED]> wrote: > > > > > My WEB-INF/index.jsp is used so that i can use the same > installation as > > > > both > > > > > a portlet and a servlet. Websphere comes with an embedded portlet > > > > container > > > > > as well as a servlet that can serve portlets as servlets, so i can > > > > install > > > > > my webapp a single time and have it accessible both in and out of > my > > >
Re: question about interceptors
--- Darren James <[EMAIL PROTECTED]> wrote: > If your action does not define an interceptor does it get the default > one (i.e. "defaultStack")? Yep. > also, if your action *does* define an interceptor, does that augment the > default one or override it? Override. > > // do i get > defaultStack, or did i just override it? > /myAction.jsp > You need to include another element if you want the default stack in addition to the "myinterceptor" interceptor. (Or define an interceptor stack with your interceptor in it, etc.) d. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
question about interceptors
Hi all, I'm new to struts2 and have some questions about configuring Interceptors. If your action does not define an interceptor does it get the default one (i.e. "defaultStack")? e.g. // does this action get the struts2 default interceptor stack /myAction.jsjp also, if your action *does* define an interceptor, does that augment the default one or override it? e.g. // do i get defaultStack, or did i just override it? /myAction.jsp thanks, - darren. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts2 redirect action
I just realized that the proposed solution won't do what you want it to do either, since you obviously want the other action to run before the jsps are dispatched... So, you either have to re-structure your code a bit and invoke the other actions directly (either manually or by specifying it as the default action in portlet.xml), or you could try playing with the "chain" result to see if that does the trick. Nils-H On Jan 15, 2008 11:32 PM, Nils-Helge Garli Hegvik <[EMAIL PROTECTED]> wrote: > I think I have figured out the problem. The problem is that > "redirectAction" doesn't really do what you think it does, not when > used in the render phase. I should probably implement a check for > this, as you can't do a sendRedirect in a portlet. "redirectAction" in > a portlet should only be used after executing an action in the action > phase (I need to document this). So...with that in mind, you > should change your configuration: > > struts.xml > > class="com.cerner.healthe.health.management.vitals.action.IndexAction"> > /WEB-INF/view/advisor.jsp > /WEB-INF/view/consumer.jsp > > > Then make sure you use the "redirectAction" result type only when your > action has been executed in the action phase (form submit, or s:url > created with the attribute 'portletUrlType' set to 'action'). > > Hope that made sense... > > Nils-H > > > On Jan 15, 2008 8:45 PM, Brian Relph <[EMAIL PROTECTED]> wrote: > > I have debugged through my own code, but not too deeply through the struts2 > > code. I did notice when running it with struts 2.0.11, that there was a > > warning that the actionMapper property of the PortletActionRedirectResult > > was not set b/c the bean could not be found. > > > > Would something in the web.xml affect it? I noticed in the portlet > > archetype, that it is empty. I have included that as well. > > > > > > portlet.xml > > > > > > > > > http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd xmlns:xsi= > > http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation=" > > http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd > > http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd"; > > id="healthehealthmanagementvitals"> > > > > > > > > > > Healthe Health Management Vitals Portlet > > > > > > HealtheHealthManagementVitals > > > > HealtheHealthManagementVitals > > > > > > org.apache.struts2.portlet.dispatcher.Jsr168Dispatcher > > > > > > > > > > viewNamespace > > /view > > > > > > > > > > defaultViewAction > > index > > > > > > 0 > > > > > > text/html > > view > > > > > > en > > > > > > Healthe Health Management Vitals Portlet > > HealtheHealthManagementVitals > > struts 2,portlet,healthe,health,management,vitals > > > > > > > > Role_Consumers > > > > > > > > > > > > > > > > web.xml > > > > > > > > > Application 2.3//EN" > > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > > > > > healthe-health-management-vitals-war > > > > > > contextConfigLocation > > /WEB-INF/applicationContext*.xml > > > > > > > > > > org.springframework.web.context.ContextLoaderListener > > > > > > > > > > index.html > > index.htm > > index.jsp > > > > > > > > > > Healthe Health Management Vitals > > /HealtheHealthManagementVitals/* > > > > > > Role_Consumers > > > > > > > > > > Role_Consumers > > > > > > > > > > > > > > On 1/15/08, Nils-Helge Garli Hegvik <[EMAIL PROTECTED]> wrote: > > > > > > Hm I usually experience this behaviour when the JSPs aren't > > > found... Other than that, redirectAction runs just fine in my sample > > > applications. Have you tried launching in debug mode and step through > > > the code? Can you show your portlet.xml file? > > > > > > Nils-H > > > > > > On Jan 15, 2008 7:58 PM, Brian Relph <[EMAIL PROTECTED]> wrote: > > > > My WEB-INF/index.jsp is used so that i can use the same installation as > > > both > > > > a portlet and a servlet. Websphere comes with an embedded portlet > > > container > > > > as well as a servlet that can serve portlets as servlets, so i can > > > install > > > > my webapp a single time and have it accessible both in and out of my > > > portal. > > > > > > > > I may have led you astray by including that file in my post - the > > > redirect > > > > from there is working fine. I am testing using the JettyPlutoLauncher > > > class > > > > and the maven-pluto-plugin / maven-jetty-plugin. When accessing my > > > portlet > > > > at http://localhost/portlet/view/index, control goes into my index > > > action > > > > and i return "consumer" - the logs show: > > > > > > > > 5227707 [btpool0-1] DEBUG > > > > org.springframework.beans.factory.support.DefaultListableBeanFactory - > > > Bean > > > > 'org.apache.struts2.portlet.result.PortletActionRedirectResult' > > > instantiated > > > > via constructor [public > > > > org.apache.struts2.portlet.result.PortletActionRedirectResult()] > > > > 5227722 [btpool0-1] DEBUG > > > > com.open
Re: struts2 redirect action
I think I have figured out the problem. The problem is that "redirectAction" doesn't really do what you think it does, not when used in the render phase. I should probably implement a check for this, as you can't do a sendRedirect in a portlet. "redirectAction" in a portlet should only be used after executing an action in the action phase (I need to document this). So...with that in mind, you should change your configuration: struts.xml /WEB-INF/view/advisor.jsp /WEB-INF/view/consumer.jsp Then make sure you use the "redirectAction" result type only when your action has been executed in the action phase (form submit, or s:url created with the attribute 'portletUrlType' set to 'action'). Hope that made sense... Nils-H On Jan 15, 2008 8:45 PM, Brian Relph <[EMAIL PROTECTED]> wrote: > I have debugged through my own code, but not too deeply through the struts2 > code. I did notice when running it with struts 2.0.11, that there was a > warning that the actionMapper property of the PortletActionRedirectResult > was not set b/c the bean could not be found. > > Would something in the web.xml affect it? I noticed in the portlet > archetype, that it is empty. I have included that as well. > > > portlet.xml > > > > http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd xmlns:xsi= > http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation=" > http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd > http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd"; > id="healthehealthmanagementvitals"> > > > > > Healthe Health Management Vitals Portlet > > > HealtheHealthManagementVitals > > HealtheHealthManagementVitals > > > org.apache.struts2.portlet.dispatcher.Jsr168Dispatcher > > > > > viewNamespace > /view > > > > > defaultViewAction > index > > > 0 > > > text/html > view > > > en > > > Healthe Health Management Vitals Portlet > HealtheHealthManagementVitals > struts 2,portlet,healthe,health,management,vitals > > > > Role_Consumers > > > > > > > > web.xml > > > > Application 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > > healthe-health-management-vitals-war > > > contextConfigLocation > /WEB-INF/applicationContext*.xml > > > > > org.springframework.web.context.ContextLoaderListener > > > > > index.html > index.htm > index.jsp > > > > > Healthe Health Management Vitals > /HealtheHealthManagementVitals/* > > > Role_Consumers > > > > > Role_Consumers > > > > > > > On 1/15/08, Nils-Helge Garli Hegvik <[EMAIL PROTECTED]> wrote: > > > > Hm I usually experience this behaviour when the JSPs aren't > > found... Other than that, redirectAction runs just fine in my sample > > applications. Have you tried launching in debug mode and step through > > the code? Can you show your portlet.xml file? > > > > Nils-H > > > > On Jan 15, 2008 7:58 PM, Brian Relph <[EMAIL PROTECTED]> wrote: > > > My WEB-INF/index.jsp is used so that i can use the same installation as > > both > > > a portlet and a servlet. Websphere comes with an embedded portlet > > container > > > as well as a servlet that can serve portlets as servlets, so i can > > install > > > my webapp a single time and have it accessible both in and out of my > > portal. > > > > > > I may have led you astray by including that file in my post - the > > redirect > > > from there is working fine. I am testing using the JettyPlutoLauncher > > class > > > and the maven-pluto-plugin / maven-jetty-plugin. When accessing my > > portlet > > > at http://localhost/portlet/view/index, control goes into my index > > action > > > and i return "consumer" - the logs show: > > > > > > 5227707 [btpool0-1] DEBUG > > > org.springframework.beans.factory.support.DefaultListableBeanFactory - > > Bean > > > 'org.apache.struts2.portlet.result.PortletActionRedirectResult' > > instantiated > > > via constructor [public > > > org.apache.struts2.portlet.result.PortletActionRedirectResult()] > > > 5227722 [btpool0-1] DEBUG > > > com.opensymphony.xwork2.interceptor.I18nInterceptor - after Locale=en_US > > > 5227722 [btpool0-1] DEBUG > > > com.opensymphony.xwork2.interceptor.I18nInterceptor - intercept } > > > > > > but the page remains blank. > > > > > > If i instead access http://localhost/portlet/pluto/index.jsp, again, > > control > > > goes into my index action, i return "consumer" and the logs show: > > > > > > 316389 [btpool0-1] DEBUG > > > org.springframework.beans.factory.support.DefaultListableBeanFactory - > > Bean > > > 'org.apache.struts2.portlet.result.PortletActionRedirectResult' > > instantiated > > > via constructor [public > > > org.apache.struts2.portlet.result.PortletActionRedirectResult()] > > > 5316389 [btpool0-1] DEBUG > > org.apache.struts2.portlet.result.PortletResult - > > > Executing result in Render phase > > > 5316389 [btpool0-1] DEBUG > > org.apache.pluto.internal.impl.PortletEntityImpl - > > > Retrieved cross con
Re: struts2: how to return an validate-error if user entered incorrect email format?
xianwinwin wrote:
I would like to validate if the user has entered a valid email.
for this I have the method
@TypeConversion(converter =
"com.utilities.conversion.EmailTypeConversion")
public void setEmail(String email) {
this.email = email;
}
the conversion (where I'm a bit perplexed) is:
..
..
@Override
public String convertToString(Map context, Object o)
{
System.out.println("hey - I'm checking the convert to
string!!!");
boolean isEmailValid =
ValidateEmail.isEmailValid(values[0]);
//what comes here? ??
}
assuming the isEmailValid is false, how can I advise that the validation
failed?
thanks
Why are you trying to do validation with a type converter? If you want
to validate that the user has entered a valid email, use validation --
specifically, the email validator:
http://struts.apache.org/2.x/docs/validation.html
http://struts.apache.org/2.x/docs/email-validator.html
L.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: captcha + struts2
I use an ImageCaptchaServlet that is generally like the one in the appfuse
example, but without the security stuff. Also, i am usually not able to
store the captcha's based on session id, so i pass a parameter in called
'captchaId' on my request.
I register the servlet in my web.xml, and since i only need 1 captcha on a
page/request, i map it to captcha.jpg.
In my jsp, i create an image with 'captcha.jpg' as the source, along with an
input to grab the user's response.
Finally, i validate the captcha in my action.
There is quite a bit of spring configuration options for the captcha,
reference the appfuse implementation for it, or check the jcaptcha site. I
autowire my actions by name (the default) and my jcaptchaService bean is
declared like so:
1
18
Code snips below:
ValidateAction.java
private ImageCaptchaService jcaptchaService;
private Map session;
public void validate()
{
Boolean human = jcaptchaService.validateResponseForID(captchaId,
account.getAnswer());
if (human)
{
getSession().put("human", human);
}
else
{
this.addFieldError("captcha", getText("healthe.user.claim.captcha.failed
"));
}
return;
}
captcha.jsp
-
" name="captcha" alt="If the
image is illegible, refresh to get another one." />
web.xml
captcha
com.cerner.healthe.struts2.captcha.ImageCaptchaServlet
3
captcha
/captcha.jpg
ImageCaptchaServlet
---
package com.cerner.healthe.struts2.captcha;
import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import com.octo.captcha.service.CaptchaServiceException;
import com.octo.captcha.service.image.ImageCaptchaService;
import com.sun.image.codec.jpeg.JPEGCodec;
import com.sun.image.codec.jpeg.JPEGImageEncoder;
/**
* Servlet generates CAPTCHA jpeg images based on the JCAPTCHA package. It's
configured via spring, and requires a
* ImageCaptchaService bean with the id=japtchaService
*
* @author Jason Thrasher
*/
public class ImageCaptchaServlet extends HttpServlet
{
private static final long serialVersionUID = 3258417209566116145L;
private Log logger = LogFactory.getLog(this.getClass());
public void init(ServletConfig servletConfig) throws ServletException
{
super.init(servletConfig);
}
protected void doGet(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse) throws
ServletException, IOException
{
byte[] captchaChallengeAsJpeg = null;
// the output stream to render the captcha image as jpeg into
ByteArrayOutputStream jpegOutputStream = new
ByteArrayOutputStream();
try
{
// get the image captcha service defined via the
SpringFramework
ApplicationContext ctx =
WebApplicationContextUtils.getRequiredWebApplicationContext
(getServletContext());
Object bean = ctx.getBean("jcaptchaService");
ImageCaptchaService imageCaptchaService =
(ImageCaptchaService) bean;
// get the id that will identify the generated captcha.
// the same id must be used to validate the response
String captchaId = httpServletRequest.getParameter
("captchaId");
logger.debug("captchaIdParameter: " +
httpServletRequest.getParameter("captchaId"));
if (captchaId == null)
{
// If a captcha id is not passed in, use the session id
captchaId = httpServletRequest.getSession().getId();
logger.debug("httpServletRequest.session.id: "
+ httpServletRequest.getSession().getId());
}
logger.debug("captchaId: " + captchaId);
// call the ImageCaptchaService getChallenge method
BufferedImage challenge =
imageCaptchaService.getImageChallengeForID(captchaId,
httpServletRequest.getLocale());
// a jpeg encoder
JPEGImageEncoder jpegEncoder = JPEGCodec.createJPEGEncoder
(jpegOutputStream);
jpegEncoder.encode(challenge);
}
catch(IllegalArgumentException e)
{
httpServletResponse.sendError(
HttpServletResponse.SC_NOT_FOUND);
return;
}
catch(CaptchaServiceException e)
{
Re: struts2 redirect action
I have debugged through my own code, but not too deeply through the struts2 code. I did notice when running it with struts 2.0.11, that there was a warning that the actionMapper property of the PortletActionRedirectResult was not set b/c the bean could not be found. Would something in the web.xml affect it? I noticed in the portlet archetype, that it is empty. I have included that as well. portlet.xml http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd xmlns:xsi= http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation=" http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd"; id="healthehealthmanagementvitals"> Healthe Health Management Vitals Portlet HealtheHealthManagementVitals HealtheHealthManagementVitals org.apache.struts2.portlet.dispatcher.Jsr168Dispatcher viewNamespace /view defaultViewAction index 0 text/html view en Healthe Health Management Vitals Portlet HealtheHealthManagementVitals struts 2,portlet,healthe,health,management,vitals Role_Consumers web.xml http://java.sun.com/dtd/web-app_2_3.dtd";> healthe-health-management-vitals-war contextConfigLocation /WEB-INF/applicationContext*.xml org.springframework.web.context.ContextLoaderListener index.html index.htm index.jsp Healthe Health Management Vitals /HealtheHealthManagementVitals/* Role_Consumers Role_Consumers On 1/15/08, Nils-Helge Garli Hegvik <[EMAIL PROTECTED]> wrote: > > Hm I usually experience this behaviour when the JSPs aren't > found... Other than that, redirectAction runs just fine in my sample > applications. Have you tried launching in debug mode and step through > the code? Can you show your portlet.xml file? > > Nils-H > > On Jan 15, 2008 7:58 PM, Brian Relph <[EMAIL PROTECTED]> wrote: > > My WEB-INF/index.jsp is used so that i can use the same installation as > both > > a portlet and a servlet. Websphere comes with an embedded portlet > container > > as well as a servlet that can serve portlets as servlets, so i can > install > > my webapp a single time and have it accessible both in and out of my > portal. > > > > I may have led you astray by including that file in my post - the > redirect > > from there is working fine. I am testing using the JettyPlutoLauncher > class > > and the maven-pluto-plugin / maven-jetty-plugin. When accessing my > portlet > > at http://localhost/portlet/view/index, control goes into my index > action > > and i return "consumer" - the logs show: > > > > 5227707 [btpool0-1] DEBUG > > org.springframework.beans.factory.support.DefaultListableBeanFactory - > Bean > > 'org.apache.struts2.portlet.result.PortletActionRedirectResult' > instantiated > > via constructor [public > > org.apache.struts2.portlet.result.PortletActionRedirectResult()] > > 5227722 [btpool0-1] DEBUG > > com.opensymphony.xwork2.interceptor.I18nInterceptor - after Locale=en_US > > 5227722 [btpool0-1] DEBUG > > com.opensymphony.xwork2.interceptor.I18nInterceptor - intercept } > > > > but the page remains blank. > > > > If i instead access http://localhost/portlet/pluto/index.jsp, again, > control > > goes into my index action, i return "consumer" and the logs show: > > > > 316389 [btpool0-1] DEBUG > > org.springframework.beans.factory.support.DefaultListableBeanFactory - > Bean > > 'org.apache.struts2.portlet.result.PortletActionRedirectResult' > instantiated > > via constructor [public > > org.apache.struts2.portlet.result.PortletActionRedirectResult()] > > 5316389 [btpool0-1] DEBUG > org.apache.struts2.portlet.result.PortletResult - > > Executing result in Render phase > > 5316389 [btpool0-1] DEBUG > org.apache.pluto.internal.impl.PortletEntityImpl - > > Retrieved cross context: [EMAIL PROTECTED] > > > /portlet,file:/C:/workspaces/hin-portal-test/healthe-health-management-vitals/src/main/webapp/} > > 5316389 [btpool0-1] DEBUG > org.apache.struts2.portlet.result.PortletResult - > > Location: /view/consumerView.action > > 5316389 [btpool0-1] DEBUG > > org.apache.pluto.internal.impl.PortletContextImpl- > > PortletRequestDispatcher requested: /view/consumerView.action > > 5316389 [btpool0-1] DEBUG > > org.apache.pluto.internal.impl.PortletRequestDispatcherImpl - Named > > dispatcher created. > > 5316389 [btpool0-1] DEBUG > > org.apache.pluto.internal.impl.PortletRequestDispatcherImpl - Request > > dispatcher created. > > 5316389 [btpool0-1] DEBUG > org.apache.pluto.internal.impl.RenderRequestImpl - > > Render request's included mode: true > > 5316389 [btpool0-1] DEBUG > org.apache.pluto.internal.impl.RenderRequestImpl - > > No query string appended to the included request. > > 5316405 [btpool0-1] WARN com.opensymphony.xwork2.ognl.OgnlValueStack - > Could > > not find property > > > [Pluto_/portlet.HealtheHealthManagementVitals!_org.mortbay.jetty.included] > > 5316405 [btpool0-1] DEBUG > org.apache.pluto.int
Re: struts2 redirect action
Hm I usually experience this behaviour when the JSPs aren't found... Other than that, redirectAction runs just fine in my sample applications. Have you tried launching in debug mode and step through the code? Can you show your portlet.xml file? Nils-H On Jan 15, 2008 7:58 PM, Brian Relph <[EMAIL PROTECTED]> wrote: > My WEB-INF/index.jsp is used so that i can use the same installation as both > a portlet and a servlet. Websphere comes with an embedded portlet container > as well as a servlet that can serve portlets as servlets, so i can install > my webapp a single time and have it accessible both in and out of my portal. > > I may have led you astray by including that file in my post - the redirect > from there is working fine. I am testing using the JettyPlutoLauncher class > and the maven-pluto-plugin / maven-jetty-plugin. When accessing my portlet > at http://localhost/portlet/view/index, control goes into my index action > and i return "consumer" - the logs show: > > 5227707 [btpool0-1] DEBUG > org.springframework.beans.factory.support.DefaultListableBeanFactory - Bean > 'org.apache.struts2.portlet.result.PortletActionRedirectResult' instantiated > via constructor [public > org.apache.struts2.portlet.result.PortletActionRedirectResult()] > 5227722 [btpool0-1] DEBUG > com.opensymphony.xwork2.interceptor.I18nInterceptor - after Locale=en_US > 5227722 [btpool0-1] DEBUG > com.opensymphony.xwork2.interceptor.I18nInterceptor - intercept } > > but the page remains blank. > > If i instead access http://localhost/portlet/pluto/index.jsp, again, control > goes into my index action, i return "consumer" and the logs show: > > 316389 [btpool0-1] DEBUG > org.springframework.beans.factory.support.DefaultListableBeanFactory - Bean > 'org.apache.struts2.portlet.result.PortletActionRedirectResult' instantiated > via constructor [public > org.apache.struts2.portlet.result.PortletActionRedirectResult()] > 5316389 [btpool0-1] DEBUG org.apache.struts2.portlet.result.PortletResult - > Executing result in Render phase > 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletEntityImpl - > Retrieved cross context: [EMAIL PROTECTED] > /portlet,file:/C:/workspaces/hin-portal-test/healthe-health-management-vitals/src/main/webapp/} > 5316389 [btpool0-1] DEBUG org.apache.struts2.portlet.result.PortletResult - > Location: /view/consumerView.action > 5316389 [btpool0-1] DEBUG > org.apache.pluto.internal.impl.PortletContextImpl- > PortletRequestDispatcher requested: /view/consumerView.action > 5316389 [btpool0-1] DEBUG > org.apache.pluto.internal.impl.PortletRequestDispatcherImpl - Named > dispatcher created. > 5316389 [btpool0-1] DEBUG > org.apache.pluto.internal.impl.PortletRequestDispatcherImpl - Request > dispatcher created. > 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.RenderRequestImpl - > Render request's included mode: true > 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.RenderRequestImpl - > No query string appended to the included request. > 5316405 [btpool0-1] WARN com.opensymphony.xwork2.ognl.OgnlValueStack - Could > not find property > [Pluto_/portlet.HealtheHealthManagementVitals!_org.mortbay.jetty.included] > 5316405 [btpool0-1] DEBUG org.apache.pluto.internal.impl.RenderRequestImpl - > Render request's included mode: false > 5316405 [btpool0-1] DEBUG > com.opensymphony.xwork2.interceptor.I18nInterceptor - after Locale=en_US > 5316405 [btpool0-1] DEBUG > com.opensymphony.xwork2.interceptor.I18nInterceptor - intercept } > 5316405 [btpool0-1] DEBUG > org.apache.struts2.portlet.dispatcher.Jsr168Dispatcher - Leaving render > 5316405 [btpool0-1] DEBUG org.apache.pluto.core.PortletContainerImpl - > Portlet Container [Pluto Portal Driver]: Portlet rendered for: > HealtheHealthManagementVitals > 5316405 [btpool0-1] DEBUG > org.apache.pluto.driver.tags.PortletModeAnchorTag- Evaluated portletId > to: /portlet.HealtheHealthManagementVitals! > 5316405 [btpool0-1] DEBUG > org.apache.pluto.driver.tags.PortletModeAnchorTag- Testing if > PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] > supports mode [view] > 5316405 [btpool0-1] DEBUG > org.apache.pluto.driver.tags.PortletModeAnchorTag- Evaluated portletId > to: /portlet.HealtheHealthManagementVitals! > 5316405 [btpool0-1] DEBUG > org.apache.pluto.driver.tags.PortletModeAnchorTag- Testing if > PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] > supports mode [edit] > 5316405 [btpool0-1] INFO > org.apache.pluto.driver.services.impl.resource.SupportedModesServiceImpl - > Portlet mode 'edit' not found for portletId: > '/portlet.HealtheHealthManagementVitals!' > 5316405 [btpool0-1] DEBUG > org.apache.pluto.driver.tags.PortletModeAnchorTag- Evaluated portletId > to: /portlet.HealtheHealthManagementVitals! > 5316405 [btpool0-1] DEBUG > org.apache.pluto.driver.tags.PortletModeAnchorTag- Testing if > PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] > supports mode [help] > 5316405 [btpool0-1] INFO > org.apache.plu
Re: How do I prevent two calls concurrently?
provided if the comprehensive route is always the most difficult 2 quick questions- 1)In struts-2.0.11 has resetToken/saveToken/generateToken morphed into a different entity ? 2)can I assume a session.invalidate() will effect a resetToken Thanks/ Martin- - Original Message - From: "Givler, Eric" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" Sent: Tuesday, January 15, 2008 1:36 PM Subject: RE: How do I prevent two calls concurrently? I don't know why I overlooked that. All I had to do was put saveToken() in a calling action, and make sure I called saveToken again if any validation or system errors occurred when I was returning to the form. If the token is invalid, There was a nice thread here about it: http://www.jguru.com/faq/view.jsp?EID=779112. Thanks and apologies for not looking at this first - I guess I was going the more difficult route. Eric -Original Message- From: Manos Batsis [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 15, 2008 10:02 AM To: Struts Users Mailing List Subject: Re: How do I prevent two calls concurrently? Givler, Eric wrote: > The problem is the > user double clicks [login] and can get two calls to the service method > to execute simultaneously. They both don't see a row, so they both do > an INSERT. One of the inserts fails due to a PK on the username. See generateToken[1] and isTokenValid [2]. The token will be valid for only one request. What to do with the invalid request (also the latest) is up to you. [1] http://struts.apache.org/1.x/apidocs/org/apache/struts/action/Action.htm l#generateToken(javax.servlet.http.HttpServletRequest) [2] http://struts.apache.org/1.x/apidocs/org/apache/struts/action/Action.htm l#isTokenValid(javax.servlet.http.HttpServletRequest) Cheers, Manos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Strange behaviour -- [s:property] modifies Map???
Hi,
I've encountered very strange behaviour of struts:
adds new entry to myMap - ('testKey',
''). Why??
Details:
...in My action:
private Map myMap = new HashMap(); // it's
empty
...in jsp:
// displays {} - it's ok because is empty
// displays nothing as it should
be
// displays {testKey=} - ?? WHY?
What's wrong?
Thanks
--
View this message in context:
http://www.nabble.com/Strange-behaviour-s%3Aproperty--modifies-Maptp14844942p14844942.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts2 redirect action
My WEB-INF/index.jsp is used so that i can use the same installation as both a portlet and a servlet. Websphere comes with an embedded portlet container as well as a servlet that can serve portlets as servlets, so i can install my webapp a single time and have it accessible both in and out of my portal. I may have led you astray by including that file in my post - the redirect from there is working fine. I am testing using the JettyPlutoLauncher class and the maven-pluto-plugin / maven-jetty-plugin. When accessing my portlet at http://localhost/portlet/view/index, control goes into my index action and i return "consumer" - the logs show: 5227707 [btpool0-1] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Bean 'org.apache.struts2.portlet.result.PortletActionRedirectResult' instantiated via constructor [public org.apache.struts2.portlet.result.PortletActionRedirectResult()] 5227722 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - after Locale=en_US 5227722 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - intercept } but the page remains blank. If i instead access http://localhost/portlet/pluto/index.jsp, again, control goes into my index action, i return "consumer" and the logs show: 316389 [btpool0-1] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Bean 'org.apache.struts2.portlet.result.PortletActionRedirectResult' instantiated via constructor [public org.apache.struts2.portlet.result.PortletActionRedirectResult()] 5316389 [btpool0-1] DEBUG org.apache.struts2.portlet.result.PortletResult - Executing result in Render phase 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletEntityImpl - Retrieved cross context: [EMAIL PROTECTED] /portlet,file:/C:/workspaces/hin-portal-test/healthe-health-management-vitals/src/main/webapp/} 5316389 [btpool0-1] DEBUG org.apache.struts2.portlet.result.PortletResult - Location: /view/consumerView.action 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletContextImpl- PortletRequestDispatcher requested: /view/consumerView.action 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletRequestDispatcherImpl - Named dispatcher created. 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletRequestDispatcherImpl - Request dispatcher created. 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.RenderRequestImpl - Render request's included mode: true 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.RenderRequestImpl - No query string appended to the included request. 5316405 [btpool0-1] WARN com.opensymphony.xwork2.ognl.OgnlValueStack - Could not find property [Pluto_/portlet.HealtheHealthManagementVitals!_org.mortbay.jetty.included] 5316405 [btpool0-1] DEBUG org.apache.pluto.internal.impl.RenderRequestImpl - Render request's included mode: false 5316405 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - after Locale=en_US 5316405 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - intercept } 5316405 [btpool0-1] DEBUG org.apache.struts2.portlet.dispatcher.Jsr168Dispatcher - Leaving render 5316405 [btpool0-1] DEBUG org.apache.pluto.core.PortletContainerImpl - Portlet Container [Pluto Portal Driver]: Portlet rendered for: HealtheHealthManagementVitals 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Evaluated portletId to: /portlet.HealtheHealthManagementVitals! 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Testing if PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] supports mode [view] 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Evaluated portletId to: /portlet.HealtheHealthManagementVitals! 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Testing if PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] supports mode [edit] 5316405 [btpool0-1] INFO org.apache.pluto.driver.services.impl.resource.SupportedModesServiceImpl - Portlet mode 'edit' not found for portletId: '/portlet.HealtheHealthManagementVitals!' 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Evaluated portletId to: /portlet.HealtheHealthManagementVitals! 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Testing if PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] supports mode [help] 5316405 [btpool0-1] INFO org.apache.pluto.driver.services.impl.resource.SupportedModesServiceImpl - Portlet mode 'help' not found for portletId: '/portlet.HealtheHealthManagementVitals!' 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletWindowStateAnchorTag - Evaluated portletId to: /portlet.HealtheHealthManagementVitals! 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletWindowStateAnchorTag - Testing if PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] supports window state [minimized] 5316405 [btp
RE: How do I prevent two calls concurrently?
I don't know why I overlooked that. All I had to do was put saveToken() in a calling action, and make sure I called saveToken again if any validation or system errors occurred when I was returning to the form. If the token is invalid, There was a nice thread here about it: http://www.jguru.com/faq/view.jsp?EID=779112. Thanks and apologies for not looking at this first - I guess I was going the more difficult route. Eric -Original Message- From: Manos Batsis [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 15, 2008 10:02 AM To: Struts Users Mailing List Subject: Re: How do I prevent two calls concurrently? Givler, Eric wrote: > The problem is the > user double clicks [login] and can get two calls to the service method > to execute simultaneously. They both don't see a row, so they both do > an INSERT. One of the inserts fails due to a PK on the username. See generateToken[1] and isTokenValid [2]. The token will be valid for only one request. What to do with the invalid request (also the latest) is up to you. [1] http://struts.apache.org/1.x/apidocs/org/apache/struts/action/Action.htm l#generateToken(javax.servlet.http.HttpServletRequest) [2] http://struts.apache.org/1.x/apidocs/org/apache/struts/action/Action.htm l#isTokenValid(javax.servlet.http.HttpServletRequest) Cheers, Manos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts2 redirect action
Are you running this in a portlet container? Your index.jsp and the redirect url does not make sense i a portal server (unless you are embedding it in some way)? Please provide some more information. Nils-H On Jan 15, 2008 6:38 PM, Brian Relph <[EMAIL PROTECTED]> wrote: > I am having trouble getting a redirectAction to work. I am using > struts2-portlet-plugin-2.1.1-SNAPSHOT, i have also tried using > struts-2.0.11with no luck. Any advice? Here are my configs: > > WEB-INF/index.jsp > > <% > String redirectURL = "view/index.action"; > response.sendRedirect(redirectURL); > %> > > > struts.xml > --- > > > > > > > > > advisorView > > > consumerView > > > > > /WEB-INF/view/advisor.jsp > > > > /WEB-INF/view/consumer.jsp > > > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[S2] s:a Problem
Hi, I have rendered a link with and Alle Konten anzeigen In HTML this is generated. Alle Konten anzeigen 1. When I move the cursor over the link the calling url from my application is shown not a link with showAccountView.action in it. I click on it showAccountView is executed. Alright! 2 Now I open the link in a new window my application with the start action is shown not the showAccountView. After that I click in the old window and an error is occurs in my backend instead of executing the correct action. Why does the application behave different after open a ajax link in a new window? Best regards, Marc
struts2 redirect action
I am having trouble getting a redirectAction to work. I am using struts2-portlet-plugin-2.1.1-SNAPSHOT, i have also tried using struts-2.0.11with no luck. Any advice? Here are my configs: WEB-INF/index.jsp <% String redirectURL = "view/index.action"; response.sendRedirect(redirectURL); %> struts.xml --- advisorView consumerView /WEB-INF/view/advisor.jsp /WEB-INF/view/consumer.jsp
Struts 2 Validation Error
Hi all, I'm new to this mailing list and still a bit confused on how to look things up, so apologies if this one is already up there! I'm using Tomcat to serve up JSPs using Struts 2 with java action classes and xml validation files. For example: signup.jsp SignUp.java SignUp-validation.xml All runs fine in Tomcat until you click a button that triggers validation then the following error is displayed: java.lang.ExceptionInInitializerError com.opensymphony.xwork2.validator.ValidatorFileParser.addValidatorConfigs(ValidatorFileParser.java:192) com.opensymphony.xwork2.validator.ValidatorFileParser.parseActionValidatorConfigs(ValidatorFileParser.java:72) com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.loadFile(AnnotationActionValidatorManager.java:361) Caused by: Connection timed out: connect - [unknown location] Any pointers would be gratefully received! Liz _ Liz Johnston Software Engineer IT Development 0845 213 5152 [EMAIL PROTECTED] ** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. WARNING: Computer viruses can be transmitted by e-mail. The recipient should check this email and any attachments for the presence of viruses. SQA accepts no liability for any damage caused by any virus transmitted by this email. Scottish Qualifications Authority www.sqa.org.uk [EMAIL PROTECTED] **
Re: How do I prevent two calls concurrently?
Eric How would I prevent this from occurring? [Questions] 1. Is it simply a matter of making my service an instance variable of this action and making the login method synchronized? 2. Are there situations where I would not want there to be a single service instance? Could it cause a bottleneck? One simple technique that has worked out well for me and will depend on your use case is to disable to login button after the first time the user clicks on it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts 2.1 release date
First I wanted to say that I totally agree with Ted's view about the lack of support for Struts. I do believe that things for the Struts 2.x project will pick up now since the Holiday's are over now. I wanted to extend a personal thanks to all of the developers who contribute to the Struts 2 project. They spend a lot of their own personal time to make the project a success. With that being said, I need to send over some patches myself instead of slacking. =) Best Regards, Richard L. Burton III Ted Husted wrote: > > There's a test-build available, > > * > http://www.nabble.com/-S2--2.1.0-Test-Build-Available-tf4712874.html#a13471367 > > But, there are still a lot of outstanding patches to apply, and no one > seems to have time to commit them right now. > > Sadly, despite being the most popular Java web framework on the > planet, Struts still has no "corporate" support, and so the project > only moves forward when the volunteers are not too busy with their own > day-jobs. > > - Ted > > > On Jan 11, 2008 7:54 AM, Otto, Frank <[EMAIL PROTECTED]> wrote: >> hi, >> >> is there a deadline for struts 2.1 release? >> >> I have download the nightly build, but I can't find the new dojo plugin. >> >> >> kind regards >> >> Frank > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/struts-2.1-release-date-tp14755809p14841547.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I prevent two calls concurrently?
Givler, Eric wrote: The problem is the user double clicks [login] and can get two calls to the service method to execute simultaneously. They both don't see a row, so they both do an INSERT. One of the inserts fails due to a PK on the username. See generateToken[1] and isTokenValid [2]. The token will be valid for only one request. What to do with the invalid request (also the latest) is up to you. [1] http://struts.apache.org/1.x/apidocs/org/apache/struts/action/Action.html#generateToken(javax.servlet.http.HttpServletRequest) [2] http://struts.apache.org/1.x/apidocs/org/apache/struts/action/Action.html#isTokenValid(javax.servlet.http.HttpServletRequest) Cheers, Manos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How do I prevent two calls concurrently?
I have a Struts application where a user enters an account id#
and a pin to enter the application. The user will already be
authenticated via an LDAP server prior to accessing my application, so
the remote user name is there, as well as role information. After the
user clicks [login], I fire a method that calls a stored proc to see if
the combination of their account/pin is valid in the database. I pass
their username as well. If the user has entered an invalid account# 5
times, they are to be locked out of just my application. When I issue
the check to see if the account# is invalid, I have to create a row to
track these invalid login attempts per this account. The problem is the
user double clicks [login] and can get two calls to the service method
to execute simultaneously. They both don't see a row, so they both do
an INSERT. One of the inserts fails due to a PK on the username.
How would I prevent this from occurring? My code that invokes
this service call is like:
public ActionForward login( ... )
{
// retrieve acct/pin from struts form
// I'd like to track/log user interaction with service, so
service
// has username as property
String user = request.getRemoteUser();
LoginService svc = new LoginService( user );
// acct object has other information about call (# bad
attempts, success flag, failure msg, last access date, etc.
Account acct = svc.login( user, acct, pin );
if (acct.isLoginSuccessful() {
// forward to next page
else
// return to input page, storing failure msg with #
attempts into ActionMessage
I'd appreciate any suggestions. I tried to simulate how this
might happen by creating multiple threads of the service, but then I
realized that each instance I created would still allow me to run the
login method concurrently, even if it was synchronized. I can imagine
that there are probably other areas in the application that might allow
multiple inserts of the EXACT same data if this double click occurs if
the PK is based on a sequence.
[Questions]
1. Is it simply a matter of making my service an instance
variable of this action and making the login method synchronized? 2.
Are there situations where I would not want there to be a single service
instance? Could it cause a bottleneck?
Every day I realize how little I know. Thanks for any/all
tips/pointers.
Eric
Re: Feedback: WW-2414, XSS attack is possible if using and
> It could be a solution, but: > Greet > simply works. Didn't know. I'm not very into javascript coding :-) However I think that preventing double quote in some way, can be good. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using and
2008/1/15, GF <[EMAIL PROTECTED]>: > > > > Or better, escape them with their corresponding entity. > > What do you think about > > Greet simply works. Antonio - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using and
> Are you suggesting that javascript injection in href be disabled to prevent > XSS attacks? I'm suggesting that is better that the variable inside
Re: Feedback: WW-2414, XSS attack is possible if using and
Are you suggesting that javascript injection in href be disabled to prevent XSS attacks? Martin-- - Original Message - From: "GF" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" Sent: Tuesday, January 15, 2008 3:27 AM Subject: Re: Feedback: WW-2414, XSS attack is possible if using and > > Hi Antonio, as I mentioned in a previous post, it's not so simple as the > > href attribute of s:a can legally contain javascript or vbscript. > > I think that the problem about in href attribute is the double > quote " character, because it will close the href attribute, then with > a greater than symbol, you will close the too and finally you can > inject any kind of Javascript inside the page. > I think that can implement this kind of checking, no? > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using and
> > Or better, escape them with their corresponding entity. What do you think about
Re: Feedback: WW-2414, XSS attack is possible if using and
Well, > Or better, escape them with their corresponding entity. > > Antonio > Myabe i'm wrong, but: In XHTML this is wrong: because i use double quotes inside a javascript, inside a href tag delimited by double quotes. it would be ok to do: So since can be used to generate a "good" tag, I think that can be a nice idea to add some automatic checking and conversion to prevent exploiting of the generated . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using and
2008/1/15, GF <[EMAIL PROTECTED]>: > > On Jan 15, 2008 2:45 PM, Martin Gainty <[EMAIL PROTECTED]> wrote: > > > > Hi Ganfab > > Are you suggesting the href contents disable javascript to disable XSS > script attacks?Martin > > No, I think that maybe can be useful to think if doing some checks to > href attribute of is possible to look for double quotes > characters that can eventually close the attribute and tag. Or better, escape them with their corresponding entity. Antonio
Re: Feedback: WW-2414, XSS attack is possible if using and
On Jan 15, 2008 2:45 PM, Martin Gainty <[EMAIL PROTECTED]> wrote: > > Hi Ganfab > Are you suggesting the href contents disable javascript to disable XSS script > attacks?Martin No, I think that maybe can be useful to think if doing some checks to href attribute of is possible to look for double quotes characters that can eventually close the attribute and tag. When someone uses javascript inside the href a the XHTML it's common to not use double quotes (and use single quotes) because double quotes would close the href attribute. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Feedback: WW-2414, XSS attack is possible if using and
Hi Ganfab Are you suggesting the href contents disable javascript to disable XSS script attacks?Martin __Disclaimer and confidentiality noteEverything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission.> Date: Tue, 15 Jan 2008 09:27:03 +0100> Wrom: KVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXF _ Make distant family not so distant with Windows Vista® + Windows Live™. http://www.microsoft.com/windows/digitallife/keepintouch.mspx?ocid=TXT_TAGLM_CPC_VideoChat_distantfamily_012008
[S2] conversion and REPORT_CONVERSION_ERRORS
Setting XWorkConverter.REPORT_CONVERSION_ERRORS to stop conversion errors being reported - is it possible? I hope I don't appear to0 lazy to look for an answer but I could only find non-specific references to this on struts.apache.org, and nothing on the mailing list or the wiki. So short of searching the XWork codebase, I'm stuck. I assumed I could put in the struts.xml but it didn't pay any attention to it. What is one supposed to do to repress conversion errors per action? Thanks Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
HDIV (HTTP Data Integrity Validator) 2.0.3 Released
Hi all, HDIV 2.0.3 has just been released including new features. HDIV project is an Apache-licensed Java Web Application Security Framework that adds security functionalities to Struts 1.x, Struts 2.x, Spring MVC and JSTL in a transparent way to the programmer and without adding any complexity to the application development. New features included in this release: 1. Support for Webflow (SWF) + Spring MVC: HDIV inserts automatically the flow id (_flowExecutionKey) into the forms so that we don't have to add it manually as a hidden field to all JSP pages. Besides, HDIV optimizes memory consumption for SWF applications because it deletes from session HDIV data from finished flows, avoiding expired data in memory. 2. Support for Spring 2.5 You can have a look at: http://www.hdiv.org You can subscribe to mailing list at: https://lists.sourceforge.net/lists/listinfo/hdiv-user You can download it from SourceForge.net by following this link: https://sourceforge.net/project/showfiles.php?group_id=139104&release_id=568601 regards, Gorka Vicente. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
struts 2.0.11: autocompleter
hi, I have 6 autocompleter. The first refreshs the second, the second the third and so one. But If I clear the second autocompleter value, so that the combo box is empty, the notifyTopics-Event will not be send. Has someone an idea? I have to refresh the third combo box and then the next... kind regards, Frank
Re: JSP syntax errors through icnlude
On Jan 14, 2008 2:27 PM, Al Sutton <[EMAIL PROTECTED]> wrote: > Just re-read your original message. So you have tried it on an app server > and everything is OK. Doesn't that indicate the problem lies with eclipse > and not struts?, shouldn't it be the Eclipse bug tracking system you put > your report in and not Struts Jira? Well, I thought it might be related to the use of Struts2 tags/taglib, and then related to the translation into JSP's java code. But hey, I'm gonna try the Eclipse thing. Thanks, Maxx - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using and
> Hi Antonio, as I mentioned in a previous post, it's not so simple as the > href attribute of s:a can legally contain javascript or vbscript. I think that the problem about in href attribute is the double quote " character, because it will close the href attribute, then with a greater than symbol, you will close the too and finally you can inject any kind of Javascript inside the page. I think that can implement this kind of checking, no? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using and
2008/1/15, Jeromy Evans <[EMAIL PROTECTED]>:
>
> Hi Antonio, as I mentioned in a previous post, it's not so simple as the
> href attribute of s:a can legally contain javascript or vbscript.
> This is precisely why the href attribute is not escaped/encoded in the
> template. It's deliberate.
Sorry but I cannot understand: the HTML code, to be valid, needs that every
attribute values that contain special characters ('<' '>' '&') need to be
encoded with the corresponding HTML entity ('<', '>', '&'). I
don't see anything wrong in it.
Antonio
