struts module switching issue. SwitchAction

[tito]

Hi guys,

 I was hoping if anyone cud help me with struts  SwitchAction. I am using
struts 1.1 and scaffold.

I have two modules, customer and utilities.  I am switching an action from *
struts-config-utilities.xml* to *struts-config-customer.xml* , the jsp in
customer module is loaded and the beans are executed.

But when I try to invoke another action (*/listCustomerAdvancedProfile*)
from the JSP in customer, it says invalid path.

*"  HTTP Status 400 - Invalid path /listCustomerAdvancedProfile was
requested   "*

 I found out that my module is not switched. When i debugged , the module
name still shows *utilities *, it should actually be "*customer*" . So any
action I invoke in customer JSP is taken as  *\utilities\action.do* . I dont
know why the module name switching is not happening although action is
switched correctly.

here are my codes.

I am submitting the action thru Javascript from a JSP page in utilities
module and here is action that I submit.

*
/actionSwitcherScoreCommand.do?prefix=/customer&page=/scoreCustomerRegistrationNew.do
*

prefix = customer (module)
page = /scoreCustomerRegistrationNew.do*  ( action present in
 struts-config-customer.xml )*
*
*
*
*
*struts-config-utilities.xml *

**

*struts-config-customer.xml *
*
*
*


 




 




JSP

CustomerRegistration.jsp in the customer module gets loaded OK.

Now the problem is , from this JSP if i invoke an action , the action path
is taken as utilities/action.do  , instead of customer/action.do ,

As far as my understanding , it shud switch the module rt ? Can you help me
out please ? Is there anything else I need to do to switch action.
When I googled , i only found that I need to call switchAction in my action
mapping and give
*




regards,
Tito Cheriachan
___
Automate Twittering using AutoTweeter
http://www.autotweeter.in
Follow twitter users automatically with
AutoFollower
http://www.twitterautofollower.com



--

Re: Avoid Phishing in Struts Applications plugin

[Oscar]

Ok, i got it. Thanks so much for the info.

2010/9/6 Dale Newfield 

> Examples of why SiteKey really isn't sufficient:
> http://antivirus.about.com/b/2010/03/23/bank-of-america-sitekey-scam.htm
>
> http://www.aviransplace.com/2007/02/05/study-finds-bank-of-america-sitekey-is-flawed/
> (As well as the fact that it's possible for a phishing site to use the same
> provided ID to ask the real site what sitekey should be shown to the end
> user, effectively a man-in-the-middle attack, illustrated at
> https://www.sestus.com/vt/sitekeyMITM.asp )
>
> Some other company's solution that appears to involve users having to store
> a keyfile on their machine, but it seems that would make it impossible to
> log into the site from a random machine (or a mobile device like the iphone
> that doesn't have an available filestore), and I don't see what prevents
> those users from being duped into providing that keyfile to a phisher.
> https://www.sestus.com/vt/comparesitekey.asp
>
> It's a hard problem, and it mostly happens *outside* your app, so good luck
> solving it within your app. :-(
>
> -Dale
>



-- 
Oscar Calderón
SCJP 6  

Re: Avoid Phishing in Struts Applications plugin

[Dale Newfield]

Examples of why SiteKey really isn't sufficient:
http://antivirus.about.com/b/2010/03/23/bank-of-america-sitekey-scam.htm
http://www.aviransplace.com/2007/02/05/study-finds-bank-of-america-sitekey-is-flawed/
(As well as the fact that it's possible for a phishing site to use the 
same provided ID to ask the real site what sitekey should be shown to 
the end user, effectively a man-in-the-middle attack, illustrated at 
https://www.sestus.com/vt/sitekeyMITM.asp )


Some other company's solution that appears to involve users having to 
store a keyfile on their machine, but it seems that would make it 
impossible to log into the site from a random machine (or a mobile 
device like the iphone that doesn't have an available filestore), and I 
don't see what prevents those users from being duped into providing that 
keyfile to a phisher.

https://www.sestus.com/vt/comparesitekey.asp

It's a hard problem, and it mostly happens *outside* your app, so good 
luck solving it within your app. :-(


-Dale

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Avoid Phishing in Struts Applications plugin

[Dale Newfield]

On 9/6/10 11:42 AM, Oscar wrote:

anti-phishing mehcanism into the application


If I understand what people generally refer to as phishing, it's someone 
else making pages appear enough like yours to fool the customers, but 
with the submitted data going to a third party.  As such, there's not a 
whole lot you can do to prevent someone copying your site, but you can 
make some feature on your site different from customer to customer and 
try to train the customers to look for that personal feature before 
trusting that they are where the page claims they are.  For example, 
Bank of America has an image that they ask you to select when setting up 
your account.  They call this a "SiteKey". 
http://en.wikipedia.org/wiki/SiteKey There are obvious flaws with this 
technique, but it can help somewhat.  I don't know if there are any 
relevant patents/etc. but you should look into them before copying this 
idea in case there are requisite licenses/royalties due to EMC.  Of 
course using https with a known key is a technical way of doing the 
reverse side of mutual authentication, but it really does come down to 
user training, as if the bank's users don't notice a different URL in 
the address bar, they're also not going to notice http instead of https.


http://en.wikipedia.org/wiki/Mutual_authentication

Basically phishing involves mimicking your web application, and there's 
very little you can do within your application to prevent that.  I fear 
there are no good solutions that don't involved training the bank's 
customers to be more vigilant.  If you come up with a good, clean 
solution, please let us know.


-Dale

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Avoid Phishing in Struts Applications plugin

[Oscar]

Hi to all. I'm working in a project for Bank using Struts 2.1.8 and i have
to implement an anti-phishing mehcanism into the application, but i don't
know where to start. I understand the basics of phishing but i never applied
to a project. Do you know if in Struts exists something like a security
plugin to avoid phishing or another plugin or library for J2EE applications
that achieves that?

Thanks in advance

-- 
Oscar Calderón
SCJP 6  

Re: URL "format" advice

[Greg Akins]

Thanks Dale and Jordi; I started using a Filter to determine, but
hadn't seen the wildcard mapping.  That looks like just what I was
looking for.

On Mon, Sep 6, 2010 at 9:28 AM, Dale Newfield  wrote:
> On 9/6/10 6:27 AM, jordi wrote:
>>
>> You can do that with wildcard mappings. I'm using Advanced wildcard
>> mappings
>> with regex... check it out
>>
>> http://struts.apache.org/2.x/docs/wildcard-mappings.html
>
> Especially if you couple that with the Url Rewrite Filter.
> http://www.tuckey.org/urlrewrite/
>
> -Dale
>



-- 
Greg Akins

http://insomnia-consulting.org
http://www.pghcodingdojo.org
http://pittjug.dev.java.net
http://twitter.com/akinsgre
http://www.linkedin.com/in/akinsgre

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: WG: Struts2 Dynamic Merge of two webform objects / join two objects in database

[Dale Newfield]

On 9/6/10 8:06 AM, Nicolas Kopp wrote:

Sorry for interrupting again, but it seems that its even easier without the 
Scope plugin.

What we did right now is just to implement preparable


Which is why someone earlier suggested the params-prepare-params 
technique.  It allows you to have lots of values handy during the 
prepare call so you can fetch the right model object, then have the 
params set against that (potentially newly loaded, or alternately newly 
created) object.


Of course, without calling the params interceptor twice, you can also 
just have your prepare method call request.getParameter() to fetch the 
values that could help you load the correct model object, or decide to 
create a new one.


-Dale

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: URL "format" advice

[Dale Newfield]

On 9/6/10 6:27 AM, jordi wrote:

You can do that with wildcard mappings. I'm using Advanced wildcard mappings
with regex... check it out

http://struts.apache.org/2.x/docs/wildcard-mappings.html


Especially if you couple that with the Url Rewrite Filter.
http://www.tuckey.org/urlrewrite/

-Dale

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

WG: Struts2 Dynamic Merge of two webform objects / join two objects in database

[Nicolas Kopp]

Sorry for interrupting again, but it seems that its even easier without the 
Scope plugin.

What we did right now is just to implement preparable like this:

public class UpdateProfileAction extends ActionSupport implements 
ServletRequestAware, SessionAware, Preparable{

..

}

and added an override like this:

@Override
public void prepare() throws Exception {
if (user == null ) { 
User sessionUser = (User)session.get("user");
user = userService.getUser(sessionUser.getUserId());
}
}

which solved all of our problems. Life can be so easy.


I hope it helps someone else!

Nicolas




-Ursprüngliche Nachricht-
Von: Nicolas Kopp [mailto:nicolas.k...@empirica.com] 
Gesendet: Montag, 6. September 2010 11:36
An: Struts Users Mailing List
Betreff: AW: Struts2 Dynamic Merge of two webform objects / join two objects in 
database

Hey,

it seems that using the Scope plugin described by Rahul here fits best for our 
uses in this case.:


" 

I use the scope plugin (
https://cwiki.apache.org/S2PLUGINS/scope-plugin.html) for this. A bit heavy on 
the session memory, but suits my purpose.

Put @InOut annotation on your model with scope set as session. This outjects 
the object loaded from DB into session just before forwarding to the JSP. On 
submission, the object is injected back into the action class from session 
before the params interceptor is invoked, which will update the same object 
from http request. So, basically its the same object that gets updated. 

Hope this works for you.

- Rahul

"

copyProperties() from the BeanUtils also seems to be nice.

 Big Thanks to all of you for your help! I'll also post the resolutions in the 
forums where we also posted this question.

cheers!

Nicolas

-Ursprüngliche Nachricht-
Von: Allen Lee [mailto:allen@asu.edu] 
Gesendet: Freitag, 3. September 2010 21:15
An: Struts Users Mailing List
Betreff: Re: Struts2 Dynamic Merge of two webform objects / join two objects in 
database

We use the paramsPrepareParams stack for this (see
http://struts.apache.org/2.x/docs/interceptors.html for an example).
Basically the flow is: (1) params get applied first but the primary
use of this is to set the database entity ID that you want to update
(2) the prepare() method is invoked, this is where you load your model
object from the db with the entity ID from step 1 (3) params are
applied again, but this time they will be operating on your loaded
database entity, not a fresh instance.

On Fri, Sep 3, 2010 at 4:31 AM, Robert Taylor  wrote:
> Hi Nicolas,
>
> I'ld also be interested in hearing about an elegant solution to this problem
> as well.
>
> Ideally it would be nice if we all had nice simple models where we could
> reuse our hibernate
> objects for both persistence and web binding. However, if have found, this
> is often not the case.
>
> Although maybe not ideal, for the case you mentioned, i have always ended up
> creating/using a separate DTO (data transfer object)
> which contained a subset of the Hibernate entity object properties.
>
> If the properties are simple enough, I have been able to use
> BeanUtils.copyProperties()
> to transfer the appropriate values between the two objects.
>
> Probably not the answer you were looking for, but this has been my approach
> so far.
>
> /robert
>
>
>
> - Original Message - From: "Nicolas Kopp"
> 
> To: 
> Sent: Friday, September 03, 2010 5:23 AM
> Subject: Struts2 Dynamic Merge of two webform objects / join two objects in
> database
>
>
> Hi there,
>
> We (Team of two developers) use Hibernate integrated in a Struts2 web
> application. If we want to perform an update to our objects on the database
> we fetch the data and load the resulting object into a web form where the
> user can edit the data. In this web form not all the object's attributes are
> displayed and editable. Submitting the form data will create a new object
> with the values set in the web form, which is then saved to the database
> again using Hibernate.
>
> Since not all the attributes from this certain object were set in the web
> form, some values result as null, which leads us to the problem that these
> values (even though there are set in the DB) get overwritten with null
> values. Hibernate is set to dynamic-update=true in all involved mappings.
>
> There are (at least) three workarounds that we could think of:
>
> 1.            Adding the missing attributes as hidden fields in the web form
> (not very flexible)
> 2.            Adding the missing attributes in the Java code before saving
> the object to the DB (not very flexible either)
> 3.            Writing a utility class which merges the data from the
> persistent object with the one created by the web form (flexible but
> cumbersome).
>
> What we do right now is to iterate through all methods of the specific
> object, find out the getterMethods and setterMethods of both the "old"
> d

Re: URL "format" advice

[jordi]

You can do that with wildcard mappings. I'm using Advanced wildcard mappings
with regex... check it out

http://struts.apache.org/2.x/docs/wildcard-mappings.html

jordi

On Wed, Aug 25, 2010 at 4:46 PM, Greg Akins  wrote:

> I need to implement a webapp that uses the URL to determine the
> "partner" that is accessing the application.  I'd like your opinion on
> the way to do this that might work best with Struts.
>
> Right now, we use a querystring parameter to set a session value that
> is references throughout the application to determine the partner.
>
> I can do that same thing with struts (ie.,
> www.example.com/myapp?partnerId=8)
>
> I am wondering if it might be better to create a URL like
> www.example.com/myapp/8
>
> Ultimately, it would be nice to map a url to a domain (ie.,
> www.example.com/myapp/8 -> partner8.example.com
>
> Ultimately, this would avoid problems with keeping the value in the
> session, as it could always be retrieved from the URL
>
> --
> Greg Akins
>
> http://insomnia-consulting.org
> http://www.pghcodingdojo.org
> http://pittjug.dev.java.net
> http://twitter.com/akinsgre
> http://www.linkedin.com/in/akinsgre
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>

AW: Struts2 Dynamic Merge of two webform objects / join two objects in database

[Nicolas Kopp]

Hey,

it seems that using the Scope plugin described by Rahul here fits best for our 
uses in this case.:


" 

I use the scope plugin (
https://cwiki.apache.org/S2PLUGINS/scope-plugin.html) for this. A bit heavy on 
the session memory, but suits my purpose.

Put @InOut annotation on your model with scope set as session. This outjects 
the object loaded from DB into session just before forwarding to the JSP. On 
submission, the object is injected back into the action class from session 
before the params interceptor is invoked, which will update the same object 
from http request. So, basically its the same object that gets updated. 

Hope this works for you.

- Rahul

"

copyProperties() from the BeanUtils also seems to be nice.

 Big Thanks to all of you for your help! I'll also post the resolutions in the 
forums where we also posted this question.

cheers!

Nicolas

-Ursprüngliche Nachricht-
Von: Allen Lee [mailto:allen@asu.edu] 
Gesendet: Freitag, 3. September 2010 21:15
An: Struts Users Mailing List
Betreff: Re: Struts2 Dynamic Merge of two webform objects / join two objects in 
database

We use the paramsPrepareParams stack for this (see
http://struts.apache.org/2.x/docs/interceptors.html for an example).
Basically the flow is: (1) params get applied first but the primary
use of this is to set the database entity ID that you want to update
(2) the prepare() method is invoked, this is where you load your model
object from the db with the entity ID from step 1 (3) params are
applied again, but this time they will be operating on your loaded
database entity, not a fresh instance.

On Fri, Sep 3, 2010 at 4:31 AM, Robert Taylor  wrote:
> Hi Nicolas,
>
> I'ld also be interested in hearing about an elegant solution to this problem
> as well.
>
> Ideally it would be nice if we all had nice simple models where we could
> reuse our hibernate
> objects for both persistence and web binding. However, if have found, this
> is often not the case.
>
> Although maybe not ideal, for the case you mentioned, i have always ended up
> creating/using a separate DTO (data transfer object)
> which contained a subset of the Hibernate entity object properties.
>
> If the properties are simple enough, I have been able to use
> BeanUtils.copyProperties()
> to transfer the appropriate values between the two objects.
>
> Probably not the answer you were looking for, but this has been my approach
> so far.
>
> /robert
>
>
>
> - Original Message - From: "Nicolas Kopp"
> 
> To: 
> Sent: Friday, September 03, 2010 5:23 AM
> Subject: Struts2 Dynamic Merge of two webform objects / join two objects in
> database
>
>
> Hi there,
>
> We (Team of two developers) use Hibernate integrated in a Struts2 web
> application. If we want to perform an update to our objects on the database
> we fetch the data and load the resulting object into a web form where the
> user can edit the data. In this web form not all the object's attributes are
> displayed and editable. Submitting the form data will create a new object
> with the values set in the web form, which is then saved to the database
> again using Hibernate.
>
> Since not all the attributes from this certain object were set in the web
> form, some values result as null, which leads us to the problem that these
> values (even though there are set in the DB) get overwritten with null
> values. Hibernate is set to dynamic-update=true in all involved mappings.
>
> There are (at least) three workarounds that we could think of:
>
> 1.            Adding the missing attributes as hidden fields in the web form
> (not very flexible)
> 2.            Adding the missing attributes in the Java code before saving
> the object to the DB (not very flexible either)
> 3.            Writing a utility class which merges the data from the
> persistent object with the one created by the web form (flexible but
> cumbersome).
>
> What we do right now is to iterate through all methods of the specific
> object, find out the getterMethods and setterMethods of both the "old"
> database-object and the "new" Hibernate object, compare values and take the
> values which are not null. This is not a very satisfying resolution, because
> some objects contain Other objects with values and so on, sometimes three or
> more layers of depth. Also, using reflection in Java is not a very nice
> resolution.
>
> We are sure there must be other people out there facing similar problems but
> even after quite some research efforts we were not be able to find anything
> of help in the web.
>
> We are even not sure if this is more a Hibernate or a Struts2 problem.
>
> We'd be really grateful if someone could point us in the right direction.
> Thanks in advance!
>
> Nicolas & Alex
>
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>



-- 
Allen Lee
Center for the Study o

AW: How do I get wibble[0][something]=blah to parse into an action?

[Nicolas Kopp]

Hi Andy,

maybe you forgot to initialize the ArrayList as a new Object in the setter?

try this:

 public void setWibble(ArrayList> wibble) {
this.wibble = new ArrayList>();
this.wibble = wibble;
 }

Maybe worth a try. Not tested.

Cheers,
Nico


-Ursprüngliche Nachricht-
Von: Andy Chapman [mailto:andrew.chap...@brighterworking.com] 
Gesendet: Samstag, 4. September 2010 02:59
An: user@struts.apache.org
Betreff: How do I get wibble[0][something]=blah to parse into an action?

  I've got a 3rd party javascript tool that posts parameters like:

wibble[0][something] = /babble
wibble[0][foo] = 3
wibble[0][bar] = seventeen
wibble[1][something] = /bloop
wibble[1][foo] = 12
wibble[1][bar] = Only on Wednesdays

I can't figure out how to get the ParametersInterceptor to put the 
values it into my setter.
I've tried all sorts of things, but the [something] is failing to get 
through. My best effort was something like this,

public MyActionClass extends ActionSupport {

 ArrayList> wibble = null;

<...execute etc. don't really matter...>

 public ArrayList> getWibble() {
 if (this.wibble==null) {
 this.wibble = new ArrayList>();
 }
 return this.wibble;
 }

 public void setWibble(ArrayList> wibble) {
 this.wibble = wibble;
 }
}

In debug I can see the struts2 innards calling getWibble for each post 
parameter and creating the 0'th or 1'th element of the ArrayList but 
then it seems to resolve [something] by looking for a property or method 
(setSomething?) on the MyActionClass instance in the context rather than 
the ArrayList instance it got previously (which never goes into the 
context).

Obviously, I can make the action RequestAware and parse out the 
parameters myself or write/extend an interceptor, but it would be nice 
to have the base ParameterInterceptor and OGNL do it .

Any ideas?

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: struts2 annotations

[Hantsy Bai]

 于 2010/9/6 16:31, Daniel Rindt 写道:

Am Montag, den 06.09.2010, 13:55 +0800 schrieb Hantsy Bai:

Use convention plugin[1] please, it is shipped with struts2 dist
package.
[1]https://cwiki.apache.org/confluence/display/WW/Convention%20Plugin

Thanks for the reactions, but after using the convention plugin, i am
not able to use the @Result as its described in the Documentation[1].
The "value" attribute is not included.

http://struts.apache.org/2.0.14/docs/result-annotation.html

The struts 2.0.14 is not compatible with the latest Struts 2.2.1...The 
old codebehind plugin(in struts 2.0.x) is replaced by the redesigned 
convention plugin(2.1.x and 2.2.x).


If u are using the convention plugin, please the read the link I 
provided above.


Regards.
Hantsy

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: struts2 annotations

[Daniel Rindt]

Am Montag, den 06.09.2010, 13:55 +0800 schrieb Hantsy Bai:
> Use convention plugin[1] please, it is shipped with struts2 dist
> package.
> [1]https://cwiki.apache.org/confluence/display/WW/Convention%20Plugin

Thanks for the reactions, but after using the convention plugin, i am
not able to use the @Result as its described in the Documentation[1].
The "value" attribute is not included. 

http://struts.apache.org/2.0.14/docs/result-annotation.html



signature.asc
Description: This is a digitally signed message part