Re: Struts 2 session problem

[RajibJana]

Thanks Wes  for your reply.

The application requires userid info for various reasons like authorization,
auditing etc.  Hidden key (security reason)  or cookies ( may be disabled)
are not the good way to handle this situation. I am wondering whether this
is not a common requirement for any web app where we  need to keep some
information that can be accessed for a particular user session. I hoped that
Struts 2 is capable to handle user session.

I am in a fix,  may I need to look other frameworks like Seam? 

Thanks

Rajib




Wes Wannemacher wrote:
> 
> On Saturday 17 January 2009 00:23:49 RajibJana wrote:
>>
>> 1) A User opens a browser window( IE 7/Firfox) and logs in the
>> application
>> as User X and the application shows the logged in userid as X and DB
>> transactions also get userid info as X.
>> 2) The same user opens a bowser tab or new window from the opened window
>> (
>> from where he logged in as X), and logs in the application as User Y. Now
>> userid Y overrides the userid X in session map( as no new session is not
>> opened, I guess) and I get userid as Y in both the browser tabs. My
>> application breaks.
>> 3) If the user opens a new browser instance, then a new session is
>> created
>> and both the windows have their own user id info( i.e. userid doesnt
>> override)
>>
> 
> I don't know if you will be able to fix your problem as long as you use a
> form 
> of authorization that relies on the session. Each browser tab will
> continue 
> using the session that is already established. 
> 
> Although I would not suggest this for a production application, but if
> this 
> behavior is a requirement for your application, then you could try hiding
> a 
> key within the page (a hidden input field) and also appending the key to
> each 
> request URL. This is a very bad way to do it because it will be easy to
> hijack 
> a session. Especially in cases where the user is clicking a link and the
> key 
> will be visible in the GET request. 
> 
> I would consider whether your requirement is a development-time
> requirement... 
> Meaning, is this something you need for testing your app? Or is this
> something 
> the users will need? If it is something that the users need, consider re-
> factoring before you hide key fields as I suggest above. If this is
> something 
> you need for testing and development, then try to find a browser plugin
> that 
> allows you to gain finer control over your cookies so that you can control
> the 
> sessions while you work.
> 
> -Wes
> 
> -- 
> 
> Wes Wannemacher
> Author - Struts 2 In Practice 
> Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and more
> http://www.manning.com/wannemacher
> 
> 
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Struts-2-session-problem-tp21513305p21514087.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts 2 session problem

[abhishek reddy]

*If the user opens a new browser instance, then a new session is created
and both the windows have their own user id info( i.e. userid doesnt
override)*

Taking the above point into consideration...you can try this way

1.When User X logged in successfully, you are storing the id in the session.
2.Now, If User Y logged in from the same broswer instance, session will be
old...so check for the attribute value set by the User X.
If attribute value is null, proceed asusual, else tell the user to open a
new browser window..

hope this is helpfull..

> transactions also get userid info as X.

On Sat, Jan 17, 2009 at 1:46 PM, RajibJana  wrote:

>
> Thanks Wes  for your reply.
>
> The application requires userid info for various reasons like
> authorization,
> auditing etc.  Hidden key (security reason)  or cookies ( may be disabled)
> are not the good way to handle this situation. I am wondering whether this
> is not a common requirement for any web app where we  need to keep some
> information that can be accessed for a particular user session. I hoped
> that
> Struts 2 is capable to handle user session.
>
> I am in a fix,  may I need to look other frameworks like Seam?
>
> Thanks
>
> Rajib
>
>
>
>
> Wes Wannemacher wrote:
> >
> > On Saturday 17 January 2009 00:23:49 RajibJana wrote:
> >>
> >> 1) A User opens a browser window( IE 7/Firfox) and logs in the
> >> application
> >> as User X and the application shows the logged in userid as X and DB
> >> transactions also get userid info as X.
> >> 2) The same user opens a bowser tab or new window from the opened window
> >> (
> >> from where he logged in as X), and logs in the application as User Y.
> Now
> >> userid Y overrides the userid X in session map( as no new session is not
> >> opened, I guess) and I get userid as Y in both the browser tabs. My
> >> application breaks.
> >> 3) If the user opens a new browser instance, then a new session is
> >> created
> >> and both the windows have their own user id info( i.e. userid doesnt
> >> override)
> >>
> >
> > I don't know if you will be able to fix your problem as long as you use a
> > form
> > of authorization that relies on the session. Each browser tab will
> > continue
> > using the session that is already established.
> >
> > Although I would not suggest this for a production application, but if
> > this
> > behavior is a requirement for your application, then you could try hiding
> > a
> > key within the page (a hidden input field) and also appending the key to
> > each
> > request URL. This is a very bad way to do it because it will be easy to
> > hijack
> > a session. Especially in cases where the user is clicking a link and the
> > key
> > will be visible in the GET request.
> >
> > I would consider whether your requirement is a development-time
> > requirement...
> > Meaning, is this something you need for testing your app? Or is this
> > something
> > the users will need? If it is something that the users need, consider re-
> > factoring before you hide key fields as I suggest above. If this is
> > something
> > you need for testing and development, then try to find a browser plugin
> > that
> > allows you to gain finer control over your cookies so that you can
> control
> > the
> > sessions while you work.
> >
> > -Wes
> >
> > --
> >
> > Wes Wannemacher
> > Author - Struts 2 In Practice
> > Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and more
> > http://www.manning.com/wannemacher
> >
> >
> > -
> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> > For additional commands, e-mail: user-h...@struts.apache.org
> >
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Struts-2-session-problem-tp21513305p21514087.html
> Sent from the Struts - User mailing list archive at Nabble.com.
>
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>


-- 
Abhishek

Re: Logic Iterate problem

[ECLIPSE + CVS]

Thanks !!!



Paweł Wielgus wrote:
> 
> Hi,
> You are iterating over user.
> 
> Best regards,
> Paweł Wielgus.
> 
> 2009/1/14 ECLIPSE + CVS :
>>
>> Hi,
>>
>> In one page of my  application i am trying to iterate through one
>> collection
>> for populating one combo box. But it is showing
>> "javax.servlet.jsp.JspException: Cannot create iterator for this
>> collection"
>> 
>>
>> I have one LoginForm that extends Validator form and it containg one
>> object
>> of User. This user object contains a List of user roles .Actually i am
>> trying to display these user roles in my combo box in the jsp page. My
>> code
>> is below.
>>
>> I am using struts 1.3 for develping this project ...
>>
>> Please help me
>>
>>
>>
>> My form class is below...
>>
>>
>> public class Loginform extends ValidatorForm{
>>
>>public String userName;
>>public String passWord;
>>public User user = new User();
>>
>>
>>public String getUserName() {
>>return userName;
>>}
>>
>>public void setUserName(String userName) {
>>this.userName = userName;
>>}
>>
>>public String getPassWord() {
>>return passWord;
>>}
>>
>>public void setPassWord(String passWord) {
>>this.passWord = passWord;
>>}
>>
>>public User getUser() {
>>return user;
>>}
>>
>>public void setUser(User user) {
>>this.user = user;
>>}
>>
>>/**
>> * Reset all properties to their default values.
>> *
>> * @param mapping The mapping used to select this instance
>> * @param request The servlet request we are processing
>> */
>>public void reset(ActionMapping mapping, HttpServletRequest request) {
>>super.reset(mapping, request);
>>userName = "";
>>passWord= "";
>>}
>> }
>>
>>
>>
>>
>>   User object is
>>
>>public class User implements Serializable{
>>
>>public String userid = "Ashli";
>>public String userName = "Ashli Isaac";
>>public String passWord = "123456";
>>public String userNumber = "1001";
>>public List userRoles = new ArrayList();
>>public String loginStatus;
>>public String riskCounter;
>>
>>
>>public User(){
>>userRoles.add("Admin User");
>>userRoles.add("Trial User");
>>userRoles.add("BackUP User");
>>userRoles.add("Super User");
>>
>>}
>>
>>public List getUserRoles() {
>>return userRoles;
>>}
>>public void setUserRoles(List userRoles) {
>>this.userRoles = userRoles;
>>}
>>
>>
>>
>>
>>the code snippet for iteration in jsp is
>>
>> 
>>
>>
>>> name="loginForm" property="user">
>>> name="results" property="userRoles">
>>> name="result"/>
>>
>>
>>
>>
>>
>> My exception stack trace is
>>
>> SEVERE: Servlet.service() for servlet jsp threw exception
>> javax.servlet.jsp.JspException: Cannot create iterator for this
>> collection
>>at
>> org.apache.struts.taglib.logic.IterateTag.doStartTag(IterateTag.java:275)
>>at
>> org.apache.jsp.jsp.welcome_jsp._jspService(welcome_jsp.java:193)
>>at
>> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
>>at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>>at
>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
>>at
>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
>>at
>> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
>>at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>>at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>at
>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:630)
>>at
>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
>>at
>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
>>at
>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
>>at
>> org.apache.struts.chain.commands.servlet.PerformForward.handleAsForward(PerformForward.java:113)
>>at
>> org.apache.struts.chain.commands.servlet.PerformForward.perform(PerformForward.java:96)
>>at
>> org.apache.struts.chain.commands.Abstract

java.lang.SecurityException

[ECLIPSE + CVS]

Hi,

In one of my project i am planning to use Display tag libraries for the
pagination purpose. While i am using any one of the tags from the dispaly
tld it is showing the security exception. Please see the below exception. Is
there any other libraries available for pagination  ?.

Am using displaytag version 1.2 ...
 
Please help me its very urgent for me ...

java.lang.SecurityException: class
"org.apache.commons.collections.IteratorUtils"'s signer information does not
match signer information of other classes in the same package
at java.lang.ClassLoader.checkCerts(ClassLoader.java:775)
at java.lang.ClassLoader.preDefineClass(ClassLoader.java:487)
at java.lang.ClassLoader.defineClass(ClassLoader.java:614)
at 
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
at
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:961)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1423)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
at org.displaytag.tags.TableTag.initParameters(TableTag.java:1068)
at org.displaytag.tags.TableTag.doStartTag(TableTag.java:767)
at
org.apache.jsp.jsp.welcome_jsp._jspx_meth_display_table_0(welcome_jsp.java
from :184)
at 
org.apache.jsp.jsp.welcome_jsp._jspx_meth_html_form_0(welcome_jsp.java
from :147)
at org.apache.jsp.jsp.welcome_jsp._jspService(welcome_jsp.java from :75)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:93)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:373)
at 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:470)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:364)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
at
org.apache.catalina.core.ApplicationDispatcher.doInvoke(ApplicationDispatcher.java:855)
at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:703)
at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:542)
at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:474)
at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:366)
at
org.apache.struts.chain.commands.servlet.PerformForward.handleAsForward(PerformForward.java:113)
at
org.apache.struts.chain.commands.servlet.PerformForward.perform(PerformForward.java:96)
at
org.apache.struts.chain.commands.AbstractPerformForward.execute(AbstractPerformForward.java:54)
at
org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:190)
at
org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:304)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:190)
at
org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at 
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at 
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInv

Unit Testing Struts 2 Action

[Doug Pham]

Hi All,
    I am putting together Struts 2, Hibernate & Sitemesh.  Where can I find 
information on how to unit test my new application actions?

Thanks,
Doug



  

Re: Struts 2 session problem

[RajibJana]

OK, I may try this if no other solution emerges.

My question this is typical requirement for any enterprise level web app,
how Struts2 handles it?

If it does not able to, then there is no other option but to leave S2 and
look for other server frameworks. There is a need of looking beyond http
session.

I guess S2 is positioning itself as a server framework, I hope it addresses
basic requirements for a enterprise application.

Thanks

Rajib



abhishek reddy wrote:
> 
> *If the user opens a new browser instance, then a new session is created
> and both the windows have their own user id info( i.e. userid doesnt
> override)*
> 
> Taking the above point into consideration...you can try this way
> 
> 1.When User X logged in successfully, you are storing the id in the
> session.
> 2.Now, If User Y logged in from the same broswer instance, session will be
> old...so check for the attribute value set by the User X.
> If attribute value is null, proceed asusual, else tell the user to open a
> new browser window..
> 
> hope this is helpfull..
> 
>> transactions also get userid info as X.
> 
> On Sat, Jan 17, 2009 at 1:46 PM, RajibJana  wrote:
> 
>>
>> Thanks Wes  for your reply.
>>
>> The application requires userid info for various reasons like
>> authorization,
>> auditing etc.  Hidden key (security reason)  or cookies ( may be
>> disabled)
>> are not the good way to handle this situation. I am wondering whether
>> this
>> is not a common requirement for any web app where we  need to keep some
>> information that can be accessed for a particular user session. I hoped
>> that
>> Struts 2 is capable to handle user session.
>>
>> I am in a fix,  may I need to look other frameworks like Seam?
>>
>> Thanks
>>
>> Rajib
>>
>>
>>
>>
>> Wes Wannemacher wrote:
>> >
>> > On Saturday 17 January 2009 00:23:49 RajibJana wrote:
>> >>
>> >> 1) A User opens a browser window( IE 7/Firfox) and logs in the
>> >> application
>> >> as User X and the application shows the logged in userid as X and DB
>> >> transactions also get userid info as X.
>> >> 2) The same user opens a bowser tab or new window from the opened
>> window
>> >> (
>> >> from where he logged in as X), and logs in the application as User Y.
>> Now
>> >> userid Y overrides the userid X in session map( as no new session is
>> not
>> >> opened, I guess) and I get userid as Y in both the browser tabs. My
>> >> application breaks.
>> >> 3) If the user opens a new browser instance, then a new session is
>> >> created
>> >> and both the windows have their own user id info( i.e. userid doesnt
>> >> override)
>> >>
>> >
>> > I don't know if you will be able to fix your problem as long as you use
>> a
>> > form
>> > of authorization that relies on the session. Each browser tab will
>> > continue
>> > using the session that is already established.
>> >
>> > Although I would not suggest this for a production application, but if
>> > this
>> > behavior is a requirement for your application, then you could try
>> hiding
>> > a
>> > key within the page (a hidden input field) and also appending the key
>> to
>> > each
>> > request URL. This is a very bad way to do it because it will be easy to
>> > hijack
>> > a session. Especially in cases where the user is clicking a link and
>> the
>> > key
>> > will be visible in the GET request.
>> >
>> > I would consider whether your requirement is a development-time
>> > requirement...
>> > Meaning, is this something you need for testing your app? Or is this
>> > something
>> > the users will need? If it is something that the users need, consider
>> re-
>> > factoring before you hide key fields as I suggest above. If this is
>> > something
>> > you need for testing and development, then try to find a browser plugin
>> > that
>> > allows you to gain finer control over your cookies so that you can
>> control
>> > the
>> > sessions while you work.
>> >
>> > -Wes
>> >
>> > --
>> >
>> > Wes Wannemacher
>> > Author - Struts 2 In Practice
>> > Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and more
>> > http://www.manning.com/wannemacher
>> >
>> >
>> > -
>> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> > For additional commands, e-mail: user-h...@struts.apache.org
>> >
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Struts-2-session-problem-tp21513305p21514087.html
>> Sent from the Struts - User mailing list archive at Nabble.com.
>>
>>
>> -
>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> For additional commands, e-mail: user-h...@struts.apache.org
>>
>>
> 
> 
> -- 
> Abhishek
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Struts-2-session-problem-tp21513305p21514568.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubs

Re: Struts 2 session problem

[abhishek reddy]

OK, If you find better solution, please let me know

On Sat, Jan 17, 2009 at 2:58 PM, RajibJana  wrote:

>
> OK, I may try this if no other solution emerges.
>
> My question this is typical requirement for any enterprise level web app,
> how Struts2 handles it?
>
> If it does not able to, then there is no other option but to leave S2 and
> look for other server frameworks. There is a need of looking beyond http
> session.
>
> I guess S2 is positioning itself as a server framework, I hope it addresses
> basic requirements for a enterprise application.
>
> Thanks
>
> Rajib
>
>
>
> abhishek reddy wrote:
> >
> > *If the user opens a new browser instance, then a new session is created
> > and both the windows have their own user id info( i.e. userid doesnt
> > override)*
> >
> > Taking the above point into consideration...you can try this way
> >
> > 1.When User X logged in successfully, you are storing the id in the
> > session.
> > 2.Now, If User Y logged in from the same broswer instance, session will
> be
> > old...so check for the attribute value set by the User X.
> > If attribute value is null, proceed asusual, else tell the user to open a
> > new browser window..
> >
> > hope this is helpfull..
> >
> >> transactions also get userid info as X.
> >
> > On Sat, Jan 17, 2009 at 1:46 PM, RajibJana  wrote:
> >
> >>
> >> Thanks Wes  for your reply.
> >>
> >> The application requires userid info for various reasons like
> >> authorization,
> >> auditing etc.  Hidden key (security reason)  or cookies ( may be
> >> disabled)
> >> are not the good way to handle this situation. I am wondering whether
> >> this
> >> is not a common requirement for any web app where we  need to keep some
> >> information that can be accessed for a particular user session. I hoped
> >> that
> >> Struts 2 is capable to handle user session.
> >>
> >> I am in a fix,  may I need to look other frameworks like Seam?
> >>
> >> Thanks
> >>
> >> Rajib
> >>
> >>
> >>
> >>
> >> Wes Wannemacher wrote:
> >> >
> >> > On Saturday 17 January 2009 00:23:49 RajibJana wrote:
> >> >>
> >> >> 1) A User opens a browser window( IE 7/Firfox) and logs in the
> >> >> application
> >> >> as User X and the application shows the logged in userid as X and DB
> >> >> transactions also get userid info as X.
> >> >> 2) The same user opens a bowser tab or new window from the opened
> >> window
> >> >> (
> >> >> from where he logged in as X), and logs in the application as User Y.
> >> Now
> >> >> userid Y overrides the userid X in session map( as no new session is
> >> not
> >> >> opened, I guess) and I get userid as Y in both the browser tabs. My
> >> >> application breaks.
> >> >> 3) If the user opens a new browser instance, then a new session is
> >> >> created
> >> >> and both the windows have their own user id info( i.e. userid doesnt
> >> >> override)
> >> >>
> >> >
> >> > I don't know if you will be able to fix your problem as long as you
> use
> >> a
> >> > form
> >> > of authorization that relies on the session. Each browser tab will
> >> > continue
> >> > using the session that is already established.
> >> >
> >> > Although I would not suggest this for a production application, but if
> >> > this
> >> > behavior is a requirement for your application, then you could try
> >> hiding
> >> > a
> >> > key within the page (a hidden input field) and also appending the key
> >> to
> >> > each
> >> > request URL. This is a very bad way to do it because it will be easy
> to
> >> > hijack
> >> > a session. Especially in cases where the user is clicking a link and
> >> the
> >> > key
> >> > will be visible in the GET request.
> >> >
> >> > I would consider whether your requirement is a development-time
> >> > requirement...
> >> > Meaning, is this something you need for testing your app? Or is this
> >> > something
> >> > the users will need? If it is something that the users need, consider
> >> re-
> >> > factoring before you hide key fields as I suggest above. If this is
> >> > something
> >> > you need for testing and development, then try to find a browser
> plugin
> >> > that
> >> > allows you to gain finer control over your cookies so that you can
> >> control
> >> > the
> >> > sessions while you work.
> >> >
> >> > -Wes
> >> >
> >> > --
> >> >
> >> > Wes Wannemacher
> >> > Author - Struts 2 In Practice
> >> > Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and
> more
> >> > http://www.manning.com/wannemacher
> >> >
> >> >
> >> > -
> >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> >> > For additional commands, e-mail: user-h...@struts.apache.org
> >> >
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >> http://www.nabble.com/Struts-2-session-problem-tp21513305p21514087.html
> >> Sent from the Struts - User mailing list archive at Nabble.com.
> >>
> >>
> >> -
> >> To unsubscribe, 

Re: Struts 2 session problem

[RajibJana]

Seems to me S2 can not give better solution than you have mentioned. 

I checked relevent codes in S2 ( e.g. scope interceptor) and IMO, struts 2
can not have feature like user session/conversation as it depends on http
session for session mgmt.



Thanks 

Rajib
 

abhishek reddy wrote:
> 
> OK, If you find better solution, please let me know
> 
> On Sat, Jan 17, 2009 at 2:58 PM, RajibJana  wrote:
> 
>>
>> OK, I may try this if no other solution emerges.
>>
>> My question this is typical requirement for any enterprise level web app,
>> how Struts2 handles it?
>>
>> If it does not able to, then there is no other option but to leave S2 and
>> look for other server frameworks. There is a need of looking beyond http
>> session.
>>
>> I guess S2 is positioning itself as a server framework, I hope it
>> addresses
>> basic requirements for a enterprise application.
>>
>> Thanks
>>
>> Rajib
>>
>>
>>
>> abhishek reddy wrote:
>> >
>> > *If the user opens a new browser instance, then a new session is
>> created
>> > and both the windows have their own user id info( i.e. userid doesnt
>> > override)*
>> >
>> > Taking the above point into consideration...you can try this way
>> >
>> > 1.When User X logged in successfully, you are storing the id in the
>> > session.
>> > 2.Now, If User Y logged in from the same broswer instance, session will
>> be
>> > old...so check for the attribute value set by the User X.
>> > If attribute value is null, proceed asusual, else tell the user to open
>> a
>> > new browser window..
>> >
>> > hope this is helpfull..
>> >
>> >> transactions also get userid info as X.
>> >
>> > On Sat, Jan 17, 2009 at 1:46 PM, RajibJana  wrote:
>> >
>> >>
>> >> Thanks Wes  for your reply.
>> >>
>> >> The application requires userid info for various reasons like
>> >> authorization,
>> >> auditing etc.  Hidden key (security reason)  or cookies ( may be
>> >> disabled)
>> >> are not the good way to handle this situation. I am wondering whether
>> >> this
>> >> is not a common requirement for any web app where we  need to keep
>> some
>> >> information that can be accessed for a particular user session. I
>> hoped
>> >> that
>> >> Struts 2 is capable to handle user session.
>> >>
>> >> I am in a fix,  may I need to look other frameworks like Seam?
>> >>
>> >> Thanks
>> >>
>> >> Rajib
>> >>
>> >>
>> >>
>> >>
>> >> Wes Wannemacher wrote:
>> >> >
>> >> > On Saturday 17 January 2009 00:23:49 RajibJana wrote:
>> >> >>
>> >> >> 1) A User opens a browser window( IE 7/Firfox) and logs in the
>> >> >> application
>> >> >> as User X and the application shows the logged in userid as X and
>> DB
>> >> >> transactions also get userid info as X.
>> >> >> 2) The same user opens a bowser tab or new window from the opened
>> >> window
>> >> >> (
>> >> >> from where he logged in as X), and logs in the application as User
>> Y.
>> >> Now
>> >> >> userid Y overrides the userid X in session map( as no new session
>> is
>> >> not
>> >> >> opened, I guess) and I get userid as Y in both the browser tabs. My
>> >> >> application breaks.
>> >> >> 3) If the user opens a new browser instance, then a new session is
>> >> >> created
>> >> >> and both the windows have their own user id info( i.e. userid
>> doesnt
>> >> >> override)
>> >> >>
>> >> >
>> >> > I don't know if you will be able to fix your problem as long as you
>> use
>> >> a
>> >> > form
>> >> > of authorization that relies on the session. Each browser tab will
>> >> > continue
>> >> > using the session that is already established.
>> >> >
>> >> > Although I would not suggest this for a production application, but
>> if
>> >> > this
>> >> > behavior is a requirement for your application, then you could try
>> >> hiding
>> >> > a
>> >> > key within the page (a hidden input field) and also appending the
>> key
>> >> to
>> >> > each
>> >> > request URL. This is a very bad way to do it because it will be easy
>> to
>> >> > hijack
>> >> > a session. Especially in cases where the user is clicking a link and
>> >> the
>> >> > key
>> >> > will be visible in the GET request.
>> >> >
>> >> > I would consider whether your requirement is a development-time
>> >> > requirement...
>> >> > Meaning, is this something you need for testing your app? Or is this
>> >> > something
>> >> > the users will need? If it is something that the users need,
>> consider
>> >> re-
>> >> > factoring before you hide key fields as I suggest above. If this is
>> >> > something
>> >> > you need for testing and development, then try to find a browser
>> plugin
>> >> > that
>> >> > allows you to gain finer control over your cookies so that you can
>> >> control
>> >> > the
>> >> > sessions while you work.
>> >> >
>> >> > -Wes
>> >> >
>> >> > --
>> >> >
>> >> > Wes Wannemacher
>> >> > Author - Struts 2 In Practice
>> >> > Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and
>> more
>> >> > http://www.manning.com/wannemacher
>> >> >
>> >> >
>> >> >
>> --

Re: Unit Testing Struts 2 Action

[Nils-Helge Garli Hegvik]

One of the things I really like about Struts 2 is how easy it is to
unit test actions. Using the proper mechanisms for injecting what you
need, unit testing the action should be as simple as instantiating the
action, set the appropriate dependencies, and then execute it.

Nils-H

On Sat, Jan 17, 2009 at 10:21 AM, Doug Pham  wrote:
> Hi All,
> I am putting together Struts 2, Hibernate & Sitemesh.  Where can I find 
> information on how to unit test my new application actions?
>
> Thanks,
> Doug
>
>
>
>

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: [S2] struts 2.1.3: share portlet session with servlet (yui ajax)

[Nils-Helge Garli Hegvik]

Did you try the suggestion of encoding the session id in the url? It
does sound strange indeed. Have you tried deploying to a different
container, like pluto?

Nils-H

On Fri, Jan 16, 2009 at 4:47 PM, Frank Otto  wrote:
> Yes, but no answer with a solution.
>
> I think the problem ist, that the ajax-call create for each request a new
> session. It doesn't use the session-id of the portal/portlet.
>
> I have no idea. Here is an other forum thread of this topic:
>
> http://forums.oracle.com/forums/thread.jspa?threadID=341338&start=15&tstart=0
>
> But there is no solution too.
>
>
> Frank
>
> Nils-Helge Garli Hegvik schrieb:
>>
>> Then I'm out of ideas. Have you tried posting to the portlet-container
>> mailing list?
>>
>> Nils-H
>>
>> On Tue, Jan 13, 2009 at 11:03 AM, Frank Otto  wrote:
>>>
>>> I have found out, that the attribute emptySessionPath is like this:
>>>
>>> 
>>>   
>>>   
>>>   
>>> 
>>>
>>> But, it does not solve my problem. :-(
>>>
>>> Nils-Helge Garli Hegvik schrieb:

 This one: https://portlet-container.dev.java.net/ ?

 Haven't tried it. Have you tried posting to their mailing list? Maybe
 the information at
 http://wiki.apache.org/portals/Pluto/InstallPlutoGlassfish could be
 relevant.

 Nils-H

 On Tue, Jan 13, 2009 at 10:25 AM, Frank Otto 
 wrote:
>
> The portlet and servlet are in the same war. I use glassfish with
> portlet
> container 1.0 for develop.
>
> I have read the emptySessionPath must be true for the connector
> (tomcat).
> How can I set this for classfish?
>
> Nils-Helge Garli Hegvik schrieb:
>>
>> Are both the portlet and the servlet in the same application (war
>> file)? What container are you using?
>>
>> Nils-H
>>
>> On Tue, Jan 13, 2009 at 9:55 AM, Frank Otto 
>> wrote:
>>>
>>> hi,
>>>
>>> I have a portlet with struts. It works fine, but I can't share
>>> objects
>>> in
>>> my
>>> portlet session with the servlet/action for yui ajax calls.
>>>
>>> I set in my porlet struts 2 action an object in the portlet session:
>>>
>>> portletRequest.getPortletSession().setAttribute(MY_KEY,
>>>   mySessionObject, PortletSession.APPLICATION_SCOPE);
>>>
>>> In the yui action I want get the object from the session scope:
>>>
>>> mySessionObject= (MySessionObject)
>>> servletRequest.getSession().getAttribute(MY_KEY);
>>>
>>> But is it null. I have no idea. I wonder that the session id for the
>>> portlet
>>> request is other than in the servlet request.
>>>
>>> Can someone help me please?
>>>
>>> kind regards,
>>>
>>> Frank
>>>
>>>
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>> For additional commands, e-mail: user-h...@struts.apache.org
>>>
>>>
>> -
>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> For additional commands, e-mail: user-h...@struts.apache.org
>>
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>
 -
 To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
 For additional commands, e-mail: user-h...@struts.apache.org

>>>
>>>
>>> -
>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>> For additional commands, e-mail: user-h...@struts.apache.org
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> For additional commands, e-mail: user-h...@struts.apache.org
>>
>
>
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Unit Testing Struts 2 Action

[Robert Harrison]

Here's  the
first step of a nice, three-part tutorial (I have no connection to author)

Bob

"Sure you can trust the government.  Just ask any Indian" - anonymous



On Sat, Jan 17, 2009 at 6:21 AM, Nils-Helge Garli Hegvik
wrote:

> One of the things I really like about Struts 2 is how easy it is to
> unit test actions. Using the proper mechanisms for injecting what you
> need, unit testing the action should be as simple as instantiating the
> action, set the appropriate dependencies, and then execute it.
>
> Nils-H
>
> On Sat, Jan 17, 2009 at 10:21 AM, Doug Pham  wrote:
> > Hi All,
> > I am putting together Struts 2, Hibernate & Sitemesh.  Where can I
> find information on how to unit test my new application actions?
> >
> > Thanks,
> > Doug
> >
> >
> >
> >
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>

RE: Struts 2 session problem

[Deepak Kumar]

Please check http://www.roseindia.net/struts/struts2/struts2-login.shtml

Thanks

-Original Message-
From: RajibJana [mailto:rajibj...@gmail.com]
Sent: Saturday, January 17, 2009 4:35 PM
To: user@struts.apache.org
Subject: Re: Struts 2 session problem



Seems to me S2 can not give better solution than you have mentioned.

I checked relevent codes in S2 ( e.g. scope interceptor) and IMO, struts 2
can not have feature like user session/conversation as it depends on http
session for session mgmt.



Thanks

Rajib


abhishek reddy wrote:
>
> OK, If you find better solution, please let me know
>
> On Sat, Jan 17, 2009 at 2:58 PM, RajibJana  wrote:
>
>>
>> OK, I may try this if no other solution emerges.
>>
>> My question this is typical requirement for any enterprise level web app,
>> how Struts2 handles it?
>>
>> If it does not able to, then there is no other option but to leave S2 and
>> look for other server frameworks. There is a need of looking beyond http
>> session.
>>
>> I guess S2 is positioning itself as a server framework, I hope it
>> addresses
>> basic requirements for a enterprise application.
>>
>> Thanks
>>
>> Rajib
>>
>>
>>
>> abhishek reddy wrote:
>> >
>> > *If the user opens a new browser instance, then a new session is
>> created
>> > and both the windows have their own user id info( i.e. userid doesnt
>> > override)*
>> >
>> > Taking the above point into consideration...you can try this way
>> >
>> > 1.When User X logged in successfully, you are storing the id in the
>> > session.
>> > 2.Now, If User Y logged in from the same broswer instance, session will
>> be
>> > old...so check for the attribute value set by the User X.
>> > If attribute value is null, proceed asusual, else tell the user to open
>> a
>> > new browser window..
>> >
>> > hope this is helpfull..
>> >
>> >> transactions also get userid info as X.
>> >
>> > On Sat, Jan 17, 2009 at 1:46 PM, RajibJana  wrote:
>> >
>> >>
>> >> Thanks Wes  for your reply.
>> >>
>> >> The application requires userid info for various reasons like
>> >> authorization,
>> >> auditing etc.  Hidden key (security reason)  or cookies ( may be
>> >> disabled)
>> >> are not the good way to handle this situation. I am wondering whether
>> >> this
>> >> is not a common requirement for any web app where we  need to keep
>> some
>> >> information that can be accessed for a particular user session. I
>> hoped
>> >> that
>> >> Struts 2 is capable to handle user session.
>> >>
>> >> I am in a fix,  may I need to look other frameworks like Seam?
>> >>
>> >> Thanks
>> >>
>> >> Rajib
>> >>
>> >>
>> >>
>> >>
>> >> Wes Wannemacher wrote:
>> >> >
>> >> > On Saturday 17 January 2009 00:23:49 RajibJana wrote:
>> >> >>
>> >> >> 1) A User opens a browser window( IE 7/Firfox) and logs in the
>> >> >> application
>> >> >> as User X and the application shows the logged in userid as X and
>> DB
>> >> >> transactions also get userid info as X.
>> >> >> 2) The same user opens a bowser tab or new window from the opened
>> >> window
>> >> >> (
>> >> >> from where he logged in as X), and logs in the application as User
>> Y.
>> >> Now
>> >> >> userid Y overrides the userid X in session map( as no new session
>> is
>> >> not
>> >> >> opened, I guess) and I get userid as Y in both the browser tabs. My
>> >> >> application breaks.
>> >> >> 3) If the user opens a new browser instance, then a new session is
>> >> >> created
>> >> >> and both the windows have their own user id info( i.e. userid
>> doesnt
>> >> >> override)
>> >> >>
>> >> >
>> >> > I don't know if you will be able to fix your problem as long as you
>> use
>> >> a
>> >> > form
>> >> > of authorization that relies on the session. Each browser tab will
>> >> > continue
>> >> > using the session that is already established.
>> >> >
>> >> > Although I would not suggest this for a production application, but
>> if
>> >> > this
>> >> > behavior is a requirement for your application, then you could try
>> >> hiding
>> >> > a
>> >> > key within the page (a hidden input field) and also appending the
>> key
>> >> to
>> >> > each
>> >> > request URL. This is a very bad way to do it because it will be easy
>> to
>> >> > hijack
>> >> > a session. Especially in cases where the user is clicking a link and
>> >> the
>> >> > key
>> >> > will be visible in the GET request.
>> >> >
>> >> > I would consider whether your requirement is a development-time
>> >> > requirement...
>> >> > Meaning, is this something you need for testing your app? Or is this
>> >> > something
>> >> > the users will need? If it is something that the users need,
>> consider
>> >> re-
>> >> > factoring before you hide key fields as I suggest above. If this is
>> >> > something
>> >> > you need for testing and development, then try to find a browser
>> plugin
>> >> > that
>> >> > allows you to gain finer control over your cookies so that you can
>> >> control
>> >> > the
>> >> > sessions while you work.
>> >> >
>> >> > -Wes
>> >> >
>> >> > --
>> >> >
>> >>

Re: Unit Testing Struts 2 Action

[Dave Newton]

Doug Pham wrote:
> [...] information on how to unit test my new application actions?

When you hit "reply" and change the subject this is what happens in 
threaded view:


http://tinypic.com/view.php?pic=n5mog5&s=5

Please consider starting new threads.

Dave


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts 2 session problem

[Dave Newton]

Deepak Kumar wrote:

Please check http://www.roseindia.net/struts/struts2/struts2-login.shtml


I don't see how that addresses the issue at all; perhaps you could 
explain further?


Thanks,
Dave


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

dissplay a message in jsp

[m.harig]

hello all

 I've a LoginAction in my application . Am checking my username
, password with my db. If the user doesn't exist i've to display a message
in my jsp page. Now am using session object to store the message . to print
the message in jsp am using
   <%out.println(session.getAttribute("status"))%>

is it good to use like this . please help me out of this...
-- 
View this message in context: 
http://www.nabble.com/dissplay-a-message-in-jsp-tp21515691p21515691.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

RE: java.lang.SecurityException

[Martin Gainty]

Worker-

can we the iterator tag in your welcome.jsp?
better yet please display the entire welcome.jsp

Martin 
__ 
Disclaimer and confidentiality note 
Everything in this e-mail and any attachments relates to the official business 
of Sender. This transmission is of a confidential nature and Sender does not 
endorse distribution to any party other than intended recipient. Sender does 
not necessarily endorse content contained within this transmission. 




> Date: Sat, 17 Jan 2009 01:17:38 -0800
> From: anishpis...@gmail.com
> To: user@struts.apache.org
> Subject: java.lang.SecurityException
> 
> 
> Hi,
> 
> In one of my project i am planning to use Display tag libraries for the
> pagination purpose. While i am using any one of the tags from the dispaly
> tld it is showing the security exception. Please see the below exception. Is
> there any other libraries available for pagination  ?.
> 
> Am using displaytag version 1.2 ...
>  
> Please help me its very urgent for me ...
> 
> java.lang.SecurityException: class
> "org.apache.commons.collections.IteratorUtils"'s signer information does not
> match signer information of other classes in the same package
>   at java.lang.ClassLoader.checkCerts(ClassLoader.java:775)
>   at java.lang.ClassLoader.preDefineClass(ClassLoader.java:487)
>   at java.lang.ClassLoader.defineClass(ClassLoader.java:614)
>   at 
> java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
>   at
> org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:961)
>   at
> org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1423)
>   at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
>   at org.displaytag.tags.TableTag.initParameters(TableTag.java:1068)
>   at org.displaytag.tags.TableTag.doStartTag(TableTag.java:767)
>   at
> org.apache.jsp.jsp.welcome_jsp._jspx_meth_display_table_0(welcome_jsp.java
> from :184)
>   at 
> org.apache.jsp.jsp.welcome_jsp._jspx_meth_html_form_0(welcome_jsp.java
> from :147)
>   at org.apache.jsp.jsp.welcome_jsp._jspService(welcome_jsp.java from :75)
>   at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:93)
>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
>   at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:373)
>   at 
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:470)
>   at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:364)
>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
>   at
> org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
>   at
> org.apache.catalina.core.ApplicationDispatcher.doInvoke(ApplicationDispatcher.java:855)
>   at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:703)
>   at
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:542)
>   at
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:474)
>   at
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:366)
>   at
> org.apache.struts.chain.commands.servlet.PerformForward.handleAsForward(PerformForward.java:113)
>   at
> org.apache.struts.chain.commands.servlet.PerformForward.perform(PerformForward.java:96)
>   at
> org.apache.struts.chain.commands.AbstractPerformForward.execute(AbstractPerformForward.java:54)
>   at
> org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
>   at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:190)
>   at
> org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:304)
>   at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:190)
>   at
> org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
>   at 
> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
>   at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
>   at
> org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
>   at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
>   at
> org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
>   at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
>   at
> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
>   at
> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
>   at com.su

Re: Struts 2 session problem

[RajibJana]

Yes, Dave, the tutorial does not address the problem.

My application has user authentication page which has userid/password field.
The valid user id ( after checking the user info in db) is put into the
session map ( action implments sessionaware interface). The application has
lots of screens and each screen shows the logged in user in page header ( by
putting #session.userid )
The application also does CRUD operations for some master information and
each create/update/delete is  marked by userid in db for audit purpose. 

I have two cases:

1) if one opens a window and a tabbed window, logs into the application by
giving different user id and password combinations, then two seperate
sessions are not created. As a result, in the session map userid overrides
each other and same user id ( last logged in user ) is shown in all pages in
two windows.

2) If one opens two window instances ( not tabbed one), logs into the app by
giving different user info, then two  seperate sessions are created, two
distinct userid is stored in two seperate sessions and each window shows the
correct usr id in its all pages.

You see , in case 1 , my application breaks as I am not able to get the
diiferent userids even though two users logged into the app. The app needs
whenever a user logs in ( irrespective of new window, tabbed window), it
should not be overridden in the session map.

I checked the scope interceptor and implements conversion, but the
interceptor puts conversation info into the http session and as a result the
same behaviour is observed as explained in case 1. 

I think this is a basic requirement of a app, S2 has answer for it. 

Please help me to find a solution of this problem.


Thanks


Rajib









newton.dave wrote:
> 
> Deepak Kumar wrote:
>> Please check http://www.roseindia.net/struts/struts2/struts2-login.shtml
> 
> I don't see how that addresses the issue at all; perhaps you could 
> explain further?
> 
> Thanks,
> Dave
> 
> 
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Struts-2-session-problem-tp21513305p21517802.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: dissplay a message in jsp

[RajibJana]

simply use #session.status if the action has a getter for status field.



m.harig wrote:
> 
> hello all
> 
>  I've a LoginAction in my application . Am checking my
> username , password with my db. If the user doesn't exist i've to display
> a message in my jsp page. Now am using session object to store the message
> . to print the message in jsp am using
><%out.println(session.getAttribute("status"))%>
> 
> is it good to use like this . please help me out of this...
> 

-- 
View this message in context: 
http://www.nabble.com/dissplay-a-message-in-jsp-tp21515691p21517928.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

S2: caching problem,-user clicks on a link and then back w/ broweser data is lost

[xianwinwin]

Hi All,

Here's a scenario that drives me crazy:
1. A user fills-up a form (a date) and clicks submit
2. An Action return a List of items related to the user's input
3. The list is returned as an ID (AJAX) to the form 
4. User sees the list and can click a URL from the list

Problem: When the user clicks a url from the list and then click BACK on the
*BROWSER'S BUTTON* - the list is GONE and he needs to input the date/data
again.

can anyone explain why this happens and how to circumvent this?



-- 
View this message in context: 
http://www.nabble.com/S2%3A-caching-problem%2C-user-clicks-on-a-link-and-then-back-w--broweser-data-is-lost-tp21518044p21518044.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

stack values in converter

[Andrei Ivanov]

Hello,
I have a date converter that does something like this:

String value = values[0];
Locale locale = (Locale) context.get(ActionContext.LOCALE);
DateFormat df = DateFormat.getDateInstance(DateFormat.SHORT, locale);
Date date = df.parse(value);

The locale is set in the context by the
com.opensymphony.xwork2.interceptor.I18nInterceptor

After upgrading struts and xwork it seems this code doesn't work
anymore, because of the changes
made in ParametersInterceptor, which clear the stack values (begining
with "boolean clearableStack = newStack instanceof
ClearableValueStack;")

What can I do to make it work again?

Thank you

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts 2 session problem

[Struts Two]

There are a few solutions to your problem:

1- You can serialize your object as a hidden field and deserialize it on each 
request if you need it. It serves like a baggage that you carry form page to 
other. In this way, you avoid putting any object in session scope.
Some folks may argue that this is not efficient for huge-sized objects, but 
keep in mind httpsession should not be confused with storage. I already use 
this solution in a few medium size webapps, works like charm.

2- If the object put in session is sort of object like ,say, the one the holds 
user credentials, roles, timezones, etc that can be calculated at each request, 
you may have custom interceptor that does it each time a user submits a 
request. You may incur just an extra cost of going to databse, to get all the 
information but with today's hardware speed and software, you should not worry 
about that. I have also used this solution and it also works like charm.

3- [I have not tried this myself ], If you are using servers like websphere, 
they provide other ways of session management except cookies and url rewriting 
like using ssl id for session management. You may want to try it.


--- On Sat, 1/17/09, RajibJana  wrote:

> From: RajibJana 
> Subject: Struts 2 session problem
> To: user@struts.apache.org
> Received: Saturday, January 17, 2009, 5:23 AM
> Hi All,
> 
> I am using struts 2.0.14 to build an enterprise
> application. It uses spring,
> hibernate, tiles, Dojo 1.2.2.
> 
> Now I have a serious problem.
> 
> My application has lots a pages and each page shows the
> logged in userid ( a
> string variable). This userid is put into the session map
> injected by the
> SessionAware interceptor. The injected userid is used in
> jsp page
> (#session.userid)  to show the logged in user info and also
> is saved in
> database for each business transaction for audit control.
> 
> Now the problem is:
> 
> 1) A User opens a browser window( IE 7/Firfox) and logs in
> the application
> as User X and the application shows the logged in userid as
> X and DB
> transactions also get userid info as X.
> 2) The same user opens a bowser tab or new window from the
> opened window (
> from where he logged in as X), and logs in the application
> as User Y. Now
> userid Y overrides the userid X in session map( as no new
> session is not
> opened, I guess) and I get userid as Y in both the browser
> tabs. My
> application breaks.
> 3) If the user opens a new browser instance, then a new
> session is created
> and both the windows have their own user id info( i.e.
> userid doesnt
> override)
> 
> I tried the scope interceptor ( by starting a conversion),
> but the result is
> same( i.e. could not get new session in a window tab).
> 
> I searched for a solution, could not get a solution. Please
> suggest how to
> get rid of this problem.
> 
> Thanks
> 
> Rajib
> 
>  
> -- 
> View this message in context:
> http://www.nabble.com/Struts-2-session-problem-tp21513305p21513305.html
> Sent from the Struts - User mailing list archive at
> Nabble.com.
> 
> 
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail:
> user-h...@struts.apache.org


  __
Ask a question on any topic and get answers from real people. Go to Yahoo! 
Answers and share what you know at http://ca.answers.yahoo.com


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

exception handling

[J J]

Hello,
I am trying to implement declarative exception handling for all the possible 
exceptions. The problem is that in this way I only catch some exceptions (not 
all of them) and I cant get its stack trace nor its message(it is only rendered 
the rest of my JSP but not the information about the stack or message about the 
excepion). I have this:

In my struts.xml

error.jsp






And in my JSP
   <%@ taglib prefix="s" uri="/struts-tags" %>
...



Thanks in advanced



  

Re: Struts 2 session problem

[Dale Newfield]

RajibJana wrote:

1) if one opens a window and a tabbed window, logs into the application by
giving different user id and password combinations, then two seperate
sessions are not created. As a result, in the session map userid overrides
each other and same user id ( last logged in user ) is shown in all pages in
two windows.


One running browser instance shares session across all windows.  Using 
Safari and Firefox in tandem will allow two sessions from one machine. 
It sounds here like you've got another problem, though--it sounds like 
your login logic is not first checking that you're *already* logged in 
in that session, and disallowing the second login until the first 
session is destroyed by logging out.



2) If one opens two window instances ( not tabbed one), logs into the app by
giving different user info, then two  seperate sessions are created, two
distinct userid is stored in two seperate sessions and each window shows the
correct usr id in its all pages.


I would like to know what browser shows this behavior.  It might be a 
timing issue: If you load the login screen in two windows/tabs before 
submitting either of them, there's a chance each login form is displayed 
in such a way that they are each creating stub sessions that are fleshed 
out by that specific form on that page getting submitted.  If you are 
able to witness this behavior it should not be relied upon.  In fact, I 
would consider the logic that's creating those two sessions to be flawed 
since it's way too browser specific to rely upon.


-Dale

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts 2 session problem

[Dave Newton]

Dale Newfield wrote:
One running browser instance shares session across all windows.  Using 
Safari and Firefox in tandem will allow two sessions from one machine. 


The OP wants a SEAM-like solution, but S2 doesn't have that 
functionality built-in (nor do most other frameworks, AFAIK).


It *would* be a nice feature to add, though.

2) If one opens two window instances ( not tabbed one), logs into the 
app by giving different user info [...]

I would like to know what browser shows this behavior.


I can never remember which is which, but IIRC IE (pre-6, don't remember 
after that) would give different sessions per-window, FF wouldn't. In 
any case, I agree that it's a bad idea to rely on browser behavior 
(unless you're controlling browser deployment, but I don't like that 
much either :)


Dave


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts 2 session problem

[RajibJana]

option 2 and 3 are overheads for a large app, I will check option 3 ,
currently I am using glassfish, will check whether option 3 is available in
gf. 

Thanks

Rajib 




Struts Two wrote:
> 
> There are a few solutions to your problem:
> 
> 1- You can serialize your object as a hidden field and deserialize it on
> each request if you need it. It serves like a baggage that you carry form
> page to other. In this way, you avoid putting any object in session scope.
> Some folks may argue that this is not efficient for huge-sized objects,
> but keep in mind httpsession should not be confused with storage. I
> already use this solution in a few medium size webapps, works like charm.
> 
> 2- If the object put in session is sort of object like ,say, the one the
> holds user credentials, roles, timezones, etc that can be calculated at
> each request, you may have custom interceptor that does it each time a
> user submits a request. You may incur just an extra cost of going to
> databse, to get all the information but with today's hardware speed and
> software, you should not worry about that. I have also used this solution
> and it also works like charm.
> 
> 3- [I have not tried this myself ], If you are using servers like
> websphere, they provide other ways of session management except cookies
> and url rewriting like using ssl id for session management. You may want
> to try it.
> 
> 
> --- On Sat, 1/17/09, RajibJana  wrote:
> 
>> From: RajibJana 
>> Subject: Struts 2 session problem
>> To: user@struts.apache.org
>> Received: Saturday, January 17, 2009, 5:23 AM
>> Hi All,
>> 
>> I am using struts 2.0.14 to build an enterprise
>> application. It uses spring,
>> hibernate, tiles, Dojo 1.2.2.
>> 
>> Now I have a serious problem.
>> 
>> My application has lots a pages and each page shows the
>> logged in userid ( a
>> string variable). This userid is put into the session map
>> injected by the
>> SessionAware interceptor. The injected userid is used in
>> jsp page
>> (#session.userid)  to show the logged in user info and also
>> is saved in
>> database for each business transaction for audit control.
>> 
>> Now the problem is:
>> 
>> 1) A User opens a browser window( IE 7/Firfox) and logs in
>> the application
>> as User X and the application shows the logged in userid as
>> X and DB
>> transactions also get userid info as X.
>> 2) The same user opens a bowser tab or new window from the
>> opened window (
>> from where he logged in as X), and logs in the application
>> as User Y. Now
>> userid Y overrides the userid X in session map( as no new
>> session is not
>> opened, I guess) and I get userid as Y in both the browser
>> tabs. My
>> application breaks.
>> 3) If the user opens a new browser instance, then a new
>> session is created
>> and both the windows have their own user id info( i.e.
>> userid doesnt
>> override)
>> 
>> I tried the scope interceptor ( by starting a conversion),
>> but the result is
>> same( i.e. could not get new session in a window tab).
>> 
>> I searched for a solution, could not get a solution. Please
>> suggest how to
>> get rid of this problem.
>> 
>> Thanks
>> 
>> Rajib
>> 
>>  
>> -- 
>> View this message in context:
>> http://www.nabble.com/Struts-2-session-problem-tp21513305p21513305.html
>> Sent from the Struts - User mailing list archive at
>> Nabble.com.
>> 
>> 
>> -
>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> For additional commands, e-mail:
>> user-h...@struts.apache.org
> 
> 
>   __
> Ask a question on any topic and get answers from real people. Go to Yahoo!
> Answers and share what you know at http://ca.answers.yahoo.com
> 
> 
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Struts-2-session-problem-tp21513305p21524239.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts 2 session problem

[RajibJana]

DNewfield wrote:
> 
> RajibJana wrote:
>> 1) if one opens a window and a tabbed window, logs into the application
>> by
>> giving different user id and password combinations, then two seperate
>> sessions are not created. As a result, in the session map userid
>> overrides
>> each other and same user id ( last logged in user ) is shown in all pages
>> in
>> two windows.
> 
> One running browser instance shares session across all windows.  Using 
> Safari and Firefox in tandem will allow two sessions from one machine. 
> It sounds here like you've got another problem, though--it sounds like 
> your login logic is not first checking that you're *already* logged in 
> in that session, and disallowing the second login until the first 
> session is destroyed by logging out.
> 
> Rajib>> I am using IE 7 and FF 3. The problem happens only when one opens
> a new tab or new window from a already open window, then two sessions are
> not created. I can have the login you have mentioned, but that is kind of
> restriction on user, for a large app. the app will not be of ease-of-use.
> ( Why should I open a new browser instance, when there is a option to open
> a browser tab from a opened window?).
> 
> 
> 
>> 2) If one opens two window instances ( not tabbed one), logs into the app
>> by
>> giving different user info, then two  seperate sessions are created, two
>> distinct userid is stored in two seperate sessions and each window shows
>> the
>> correct usr id in its all pages.
> 
> I would like to know what browser shows this behavior.  It might be a 
> timing issue: If you load the login screen in two windows/tabs before 
> submitting either of them, there's a chance each login form is displayed 
> in such a way that they are each creating stub sessions that are fleshed 
> out by that specific form on that page getting submitted.  If you are 
> able to witness this behavior it should not be relied upon.  In fact, I 
> would consider the logic that's creating those two sessions to be flawed 
> since it's way too browser specific to rely upon.
> 
> -Dale
> 
> 
> Rajib>> Its not the timeing issue. The problem is only one session is
> created when two browser tabs open the application login page.
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Struts-2-session-problem-tp21513305p21524321.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts 2 session problem

[RajibJana]

Sorry for replying late, as there is time diff ( living in India)


Yes, the app wants SEAM conversation feature. Does S 2.1.6 provide any such
feature or any other future version? 


Thanks

Rajib


newton.dave wrote:
> 
> Dale Newfield wrote:
>> One running browser instance shares session across all windows.  Using 
>> Safari and Firefox in tandem will allow two sessions from one machine. 
> 
> The OP wants a SEAM-like solution, but S2 doesn't have that 
> functionality built-in (nor do most other frameworks, AFAIK).
> 
> It *would* be a nice feature to add, though.
> 
>>> 2) If one opens two window instances ( not tabbed one), logs into the 
>>> app by giving different user info [...]
>> I would like to know what browser shows this behavior.
> 
> I can never remember which is which, but IIRC IE (pre-6, don't remember 
> after that) would give different sessions per-window, FF wouldn't. In 
> any case, I agree that it's a bad idea to rely on browser behavior 
> (unless you're controlling browser deployment, but I don't like that 
> much either :)
> 
> Dave
> 
> 
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Struts-2-session-problem-tp21513305p21524341.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Dynamic s:checkbox name?

[KE LI]

Dear All,  I am confusing about how to write dynamic s:checkbox names in s2.
For example,
  

  

  I want to achieve the result as:
  
  
  
  
  
  etc.

  The main problem is that i dont know how to write the right ognl
expression in the code above(around the "?" position). Can anyone help me?
Thanks in advance.

-- 
Best Regards,
Licco

Re: Dynamic s:checkbox name?

[Nuwan Chandrasoma]

 
   
 

Thanks,

Nuwan C


KE LI wrote:

Dear All,  I am confusing about how to write dynamic s:checkbox names in s2.
For example,
  

  

  I want to achieve the result as:
  
  
  
  
  
  etc.

  The main problem is that i dont know how to write the right ognl
expression in the code above(around the "?" position). Can anyone help me?
Thanks in advance.

  



-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts 2 session problem

[dusty]

Allowing a user to login again to a different ID using the same session is a
FAIL.  

It is not really a S2 issue, but an authentication implementation issue.  It
is true that S2 does not provide a default authentication/authorization
implementation, but Spring Security does the job very well.   Why reinvent
it?

Having a stateful conversation that is independent of the users HTTP session
is an interesting feature, but not really a basic requirement of all
enterprise web-based applications.  There have been several suggestions on
how you might do this using tokens in the URL, etc.  S2 does provide the
tools to make this happen with interceptors.  

My recommendation is to either a) implement Spring Security or b) improve
the session handling of your current authentication mechanism so that a new
session is required in order for someone to login as two different users at
the same time.  




RajibJana wrote:
> 
> Sorry for replying late, as there is time diff ( living in India)
> 
> 
> Yes, the app wants SEAM conversation feature. Does S 2.1.6 provide any
> such feature or any other future version? 
> 
> 
> Thanks
> 
> Rajib
> 
> 
> newton.dave wrote:
>> 
>> Dale Newfield wrote:
>>> One running browser instance shares session across all windows.  Using 
>>> Safari and Firefox in tandem will allow two sessions from one machine. 
>> 
>> The OP wants a SEAM-like solution, but S2 doesn't have that 
>> functionality built-in (nor do most other frameworks, AFAIK).
>> 
>> It *would* be a nice feature to add, though.
>> 
 2) If one opens two window instances ( not tabbed one), logs into the 
 app by giving different user info [...]
>>> I would like to know what browser shows this behavior.
>> 
>> I can never remember which is which, but IIRC IE (pre-6, don't remember 
>> after that) would give different sessions per-window, FF wouldn't. In 
>> any case, I agree that it's a bad idea to rely on browser behavior 
>> (unless you're controlling browser deployment, but I don't like that 
>> much either :)
>> 
>> Dave
>> 
>> 
>> -
>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> For additional commands, e-mail: user-h...@struts.apache.org
>> 
>> 
>> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Struts-2-session-problem-tp21513305p21524655.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: S2: caching problem,-user clicks on a link and then back w/ broweser data is lost

[dusty]

So, your form posts via AJAX to the action and the results sent as (JSON,
XML, HTML) and rendered via Javascript on some div on the page?

If that is the case then you do indeed have a problem.  One easy fix is to
use an actual list page rather than rendering the list via Javascript.  But
if that is not an option then you can inspect the search field when the page
is loaded and then automatically run the search and render the results if
the search field is not blank.   Is the date field empty when you come back? 
What clears it?


xianwinwin wrote:
> 
> Hi All,
> 
> Here's a scenario that drives me crazy:
> 1. A user fills-up a form (a date) and clicks submit
> 2. An Action return a List of items related to the user's input
> 3. The list is returned as an ID (AJAX) to the form 
> 4. User sees the list and can click a URL from the list
> 
> Problem: When the user clicks a url from the list and then click BACK on
> the *BROWSER'S BUTTON* - the list is GONE and he needs to input the
> date/data again.
> 
> can anyone explain why this happens and how to circumvent this?
> 
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/S2%3A-caching-problem%2C-user-clicks-on-a-link-and-then-back-w--broweser-data-is-lost-tp21518044p21524683.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Dynamic s:checkbox name?

[Wes Wannemacher]

On Sunday 18 January 2009 00:47:51 Nuwan Chandrasoma wrote:
>   
> 
>   
>
> Thanks,
>
> Nuwan C
>

Nuwan, 

I'm not sure if that is what he is intending. It will work, but for what seems 
to be the wrong reasons. If "test_list" contains the values to iterate over, 
then I would use those, rather than the loop index. 


 
  

This is a slightly different variation of the OGNL, as I enclosed the whole 
expression. Also, "top" will point to the value on the top of the Value Stack, 
which will contain the value pushed onto it by the s:iterator tag.

-Wes
-- 

Wes Wannemacher
Author - Struts 2 In Practice 
Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and more
http://www.manning.com/wannemacher


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts 2 session problem

[RajibJana]

This is not a authentication/authorization issue alone, app needs to maintain
various user session specific info that need to be accessed in other action
classes, enterprise level web app needs that. ( Thats why in SEAM, that is a
highlighted feature). 

I can implement spring security, thats not the issue, issue is to have
stateful conversation in S2.

The only solution in S2 is: restrict user to login into app using the same
session.

"Restriction" is always bad, IMO.

Thanks

Rajib



dusty wrote:
> 
> Allowing a user to login again to a different ID using the same session is
> a FAIL.  
> 
> It is not really a S2 issue, but an authentication implementation issue. 
> It is true that S2 does not provide a default authentication/authorization
> implementation, but Spring Security does the job very well.   Why reinvent
> it?
> 
> Having a stateful conversation that is independent of the users HTTP
> session is an interesting feature, but not really a basic requirement of
> all enterprise web-based applications.  There have been several
> suggestions on how you might do this using tokens in the URL, etc.  S2
> does provide the tools to make this happen with interceptors.  
> 
> My recommendation is to either a) implement Spring Security or b) improve
> the session handling of your current authentication mechanism so that a
> new session is required in order for someone to login as two different
> users at the same time.  
> 
> 
> 
> 
> RajibJana wrote:
>> 
>> Sorry for replying late, as there is time diff ( living in India)
>> 
>> 
>> Yes, the app wants SEAM conversation feature. Does S 2.1.6 provide any
>> such feature or any other future version? 
>> 
>> 
>> Thanks
>> 
>> Rajib
>> 
>> 
>> newton.dave wrote:
>>> 
>>> Dale Newfield wrote:
 One running browser instance shares session across all windows.  Using 
 Safari and Firefox in tandem will allow two sessions from one machine. 
>>> 
>>> The OP wants a SEAM-like solution, but S2 doesn't have that 
>>> functionality built-in (nor do most other frameworks, AFAIK).
>>> 
>>> It *would* be a nice feature to add, though.
>>> 
> 2) If one opens two window instances ( not tabbed one), logs into the 
> app by giving different user info [...]
 I would like to know what browser shows this behavior.
>>> 
>>> I can never remember which is which, but IIRC IE (pre-6, don't remember 
>>> after that) would give different sessions per-window, FF wouldn't. In 
>>> any case, I agree that it's a bad idea to rely on browser behavior 
>>> (unless you're controlling browser deployment, but I don't like that 
>>> much either :)
>>> 
>>> Dave
>>> 
>>> 
>>> -
>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>> For additional commands, e-mail: user-h...@struts.apache.org
>>> 
>>> 
>>> 
>> 
>> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Struts-2-session-problem-tp21513305p21524962.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts 2 session problem

[Nils-Helge Garli Hegvik]

I agree conversations would be a nice feature, but aren't
conversations usually just different states in the application for the
same user? I'm having difficulties understanding how it would solve a
problem of two simultaneous users sharing the same session. I would
say that is more of a login/security issue...

Nils-H

On Sun, Jan 18, 2009 at 8:26 AM, RajibJana  wrote:
>
> This is not a authentication/authorization issue alone, app needs to maintain
> various user session specific info that need to be accessed in other action
> classes, enterprise level web app needs that. ( Thats why in SEAM, that is a
> highlighted feature).
>
> I can implement spring security, thats not the issue, issue is to have
> stateful conversation in S2.
>
> The only solution in S2 is: restrict user to login into app using the same
> session.
>
> "Restriction" is always bad, IMO.
>
> Thanks
>
> Rajib
>
>
>
> dusty wrote:
>>
>> Allowing a user to login again to a different ID using the same session is
>> a FAIL.
>>
>> It is not really a S2 issue, but an authentication implementation issue.
>> It is true that S2 does not provide a default authentication/authorization
>> implementation, but Spring Security does the job very well.   Why reinvent
>> it?
>>
>> Having a stateful conversation that is independent of the users HTTP
>> session is an interesting feature, but not really a basic requirement of
>> all enterprise web-based applications.  There have been several
>> suggestions on how you might do this using tokens in the URL, etc.  S2
>> does provide the tools to make this happen with interceptors.
>>
>> My recommendation is to either a) implement Spring Security or b) improve
>> the session handling of your current authentication mechanism so that a
>> new session is required in order for someone to login as two different
>> users at the same time.
>>
>>
>>
>>
>> RajibJana wrote:
>>>
>>> Sorry for replying late, as there is time diff ( living in India)
>>>
>>>
>>> Yes, the app wants SEAM conversation feature. Does S 2.1.6 provide any
>>> such feature or any other future version?
>>>
>>>
>>> Thanks
>>>
>>> Rajib
>>>
>>>
>>> newton.dave wrote:

 Dale Newfield wrote:
> One running browser instance shares session across all windows.  Using
> Safari and Firefox in tandem will allow two sessions from one machine.

 The OP wants a SEAM-like solution, but S2 doesn't have that
 functionality built-in (nor do most other frameworks, AFAIK).

 It *would* be a nice feature to add, though.

>> 2) If one opens two window instances ( not tabbed one), logs into the
>> app by giving different user info [...]
> I would like to know what browser shows this behavior.

 I can never remember which is which, but IIRC IE (pre-6, don't remember
 after that) would give different sessions per-window, FF wouldn't. In
 any case, I agree that it's a bad idea to rely on browser behavior
 (unless you're controlling browser deployment, but I don't like that
 much either :)

 Dave


 -
 To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
 For additional commands, e-mail: user-h...@struts.apache.org



>>>
>>>
>>
>>
>
> --
> View this message in context: 
> http://www.nabble.com/Struts-2-session-problem-tp21513305p21524962.html
> Sent from the Struts - User mailing list archive at Nabble.com.
>
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Dynamic s:checkbox name?

[abhijit . sulhyan]

Licco:

Try as:


 
   

- Abhijit Sulhyan


On 1/18/09, KE LI  wrote:
> Dear All,  I am confusing about how to write dynamic s:checkbox names in s2.
> For example,
>   
> 
>   
>
>   I want to achieve the result as:
>   
>   
>   
>   
>   
>   etc.
>
>   The main problem is that i dont know how to write the right ognl
> expression in the code above(around the "?" position). Can anyone help me?
> Thanks in advance.
>
> --
> Best Regards,
> Licco
>

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts 2 session problem

[RajibJana]

By conversation, I want to mean http session independent conversation. So two
simultaneous users sharing the same http session can work independently,
storing/retriving their own properties throughout the application without
having conflict with other user .

Thanks

Rajib


Nils-Helge Garli wrote:
> 
> I agree conversations would be a nice feature, but aren't
> conversations usually just different states in the application for the
> same user? I'm having difficulties understanding how it would solve a
> problem of two simultaneous users sharing the same session. I would
> say that is more of a login/security issue...
> 
> Nils-H
> 
> On Sun, Jan 18, 2009 at 8:26 AM, RajibJana  wrote:
>>
>> This is not a authentication/authorization issue alone, app needs to
>> maintain
>> various user session specific info that need to be accessed in other
>> action
>> classes, enterprise level web app needs that. ( Thats why in SEAM, that
>> is a
>> highlighted feature).
>>
>> I can implement spring security, thats not the issue, issue is to have
>> stateful conversation in S2.
>>
>> The only solution in S2 is: restrict user to login into app using the
>> same
>> session.
>>
>> "Restriction" is always bad, IMO.
>>
>> Thanks
>>
>> Rajib
>>
>>
>>
>> dusty wrote:
>>>
>>> Allowing a user to login again to a different ID using the same session
>>> is
>>> a FAIL.
>>>
>>> It is not really a S2 issue, but an authentication implementation issue.
>>> It is true that S2 does not provide a default
>>> authentication/authorization
>>> implementation, but Spring Security does the job very well.   Why
>>> reinvent
>>> it?
>>>
>>> Having a stateful conversation that is independent of the users HTTP
>>> session is an interesting feature, but not really a basic requirement of
>>> all enterprise web-based applications.  There have been several
>>> suggestions on how you might do this using tokens in the URL, etc.  S2
>>> does provide the tools to make this happen with interceptors.
>>>
>>> My recommendation is to either a) implement Spring Security or b)
>>> improve
>>> the session handling of your current authentication mechanism so that a
>>> new session is required in order for someone to login as two different
>>> users at the same time.
>>>
>>>
>>>
>>>
>>> RajibJana wrote:

 Sorry for replying late, as there is time diff ( living in India)


 Yes, the app wants SEAM conversation feature. Does S 2.1.6 provide any
 such feature or any other future version?


 Thanks

 Rajib


 newton.dave wrote:
>
> Dale Newfield wrote:
>> One running browser instance shares session across all windows. 
>> Using
>> Safari and Firefox in tandem will allow two sessions from one
>> machine.
>
> The OP wants a SEAM-like solution, but S2 doesn't have that
> functionality built-in (nor do most other frameworks, AFAIK).
>
> It *would* be a nice feature to add, though.
>
>>> 2) If one opens two window instances ( not tabbed one), logs into
>>> the
>>> app by giving different user info [...]
>> I would like to know what browser shows this behavior.
>
> I can never remember which is which, but IIRC IE (pre-6, don't
> remember
> after that) would give different sessions per-window, FF wouldn't. In
> any case, I agree that it's a bad idea to rely on browser behavior
> (unless you're controlling browser deployment, but I don't like that
> much either :)
>
> Dave
>
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>
>


>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Struts-2-session-problem-tp21513305p21524962.html
>> Sent from the Struts - User mailing list archive at Nabble.com.
>>
>>
>> -
>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> For additional commands, e-mail: user-h...@struts.apache.org
>>
>>
> 
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Struts-2-session-problem-tp21513305p21525105.html
Sent from the Struts - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org