Re: [Struts2] SessionToken Interceptor used with json Result and Javascript Calls

2012-11-07 Thread Ken McWilliams 
Can you share the interceptor stack configuration for your normal JSP's and
the stack configuration for the json actions?


On Wed, Nov 7, 2012 at 5:37 AM, Jan Fröhlich wrote:

> Hi...
>
> I try to secure one of my web applications with tokens.
> Everything works fine with basic jsp pages. But in one case, I call an
> action from javascript via jquery.ajax and return a json result.
>
> To do that, I added two properties to the json result object
> (documenTable) with token and tokenName and populate them in the action with
> documentTable.setTokenName(TokenHelper.getTokenName());
> documentTable.setToken(TokenHelper.getToken());
>
> The Javascript that gets the result object (data) looks like this:
> var submitData = {
> documentID : documentRow.documentID,
> showMessage : true
> };
> submitData[data.tokenName] = data.token;
> tdName.bind("click", function() {
> $.ajax({
> url : "view",
> type: 'POST',
> data : submitData,
> success : function() {
> ...
> }
> });
>
> When the click event is fired, the parameters struts.token.name and
> struts.token are submitted with the request but the action returns
> invalid.token.
>
> Is that a way I can go? Is the TokenHelper the right thing to get a new
> valid token from?
>
> Any hints welcome!
>
> Regards
> Jan
>
>

Re: Getting request as null

2012-11-07 Thread Chris Pratt 
If I had to guess, I'd say that the ServletActionContext hasn't been
completely initialized when the Class is instantiated, so calling
getServletRequest in an instance initializer isn't going to work.  Either
call ServletActionContext.getServletRequest() in the method body, or
(better option) use the ServletRequestAware interface on your Action and
have the ServletRequest injected into your Action.
  (*Chris*)


On Wed, Nov 7, 2012 at 4:17 AM, Srineel Mazumdar wrote:

> Hi,
>
> I am getting request object as null. Checked google..no help..
>
>
> *Class where I am getting null*
>
> package com.home.practice.shop;
>
> import javax.servlet.ServletContext;
> import javax.servlet.http.HttpServletRequest;
>
> import org.apache.struts2.ServletActionContext;
> import org.springframework.web.context.WebApplicationContext;
> import org.springframework.web.context.support.WebApplicationContextUtils;
>
> import com.home.practice.shop.domain.logic.PetStoreFacade;
> import com.opensymphony.xwork2.ActionSupport;
>
> public  class BaseAction extends ActionSupport {
>
> private PetStoreFacade petStore;
> HttpServletRequest request = ServletActionContext.getRequest();
>  public void setServlet() {
>
> ServletContext context = ServletActionContext.getServletContext();
> WebApplicationContext wac = WebApplicationContextUtils
> .getRequiredWebApplicationContext(context);
> this.petStore = (PetStoreFacade) wac.getBean("petStore");
>
> }
>
> protected PetStoreFacade getPetStore() {
> return petStore;
> }
>
> }
>
> But strangely in the following class the same code I have wriiten and I am
> getting request object
>
> public class ViewCategoryAction  extends BaseAction {
>
> public String execute() throws Exception {
> HttpServletRequest request = ServletActionContext.getRequest();
> System.out.println("**" + request);
>
>
> Why is it so ? ServletActionContext.getRequest() is returning null in base
> class but not in child class.
>
> applicationContext.xml
>
> 
>
>
> http://www.springframework.org/schema/beans";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:aop="
> http://www.springframework.org/schema/aop";
> xmlns:tx="http://www.springframework.org/schema/tx";
> xsi:schemaLocation="
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
> http://www.springframework.org/schema/aop
> http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
> http://www.springframework.org/schema/tx
> http://www.springframework.org/schema/tx/spring-tx-2.5.xsd";>
>
>
>  "prototype" abstract="true"/>
>
>  class="com.home.practice.shop.AddItemToCartAction" scope = "prototype"
> parent = "baseAction">
> 
> 
> 
>
> 
>
>  scope = "prototype" parent = "baseAction"/>
>
>  class="com.home.practice.shop.EditAccountAction" scope = "prototype" parent
> = "baseAction">
> 
> 
> 
> 
> 
> enlish
> japanese
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>
>  class="com.home.practice.shop.EditAccountFormAction" scope = "prototype"
> parent = "baseAction"/>
>   class="com.home.practice.shop.ListOrdersAction" scope = "prototype" parent
> = "baseAction"/>
>   class="com.home.practice.shop.NewAccountAction" scope = "prototype" parent
> = "baseAction"/>
>
>  class="com.home.practice.shop.NewOrderFormAction" scope = "prototype"
> parent = "baseAction">
> 
> 
> 
> 
> 
> Visa
> MasterCard
> American Express
> 
> 
> 
>   scope = "prototype" parent = "baseAction">
> 
> 
> 
> 
> 
> Visa
> MasterCard
> American Express
> 
> 
> 
>
>
>  class="com.home.practice.shop.NewOrderFormAction" scope = "prototype"
> parent = "baseAction">
> 
> 
> 
> 
> 
> Visa
> MasterCard
> American Express
> 
> 
> 
>   class="com.home.practice.shop.RemoveItemFromCartAction" scope = "prototype"
> parent = "baseAction">
> 
> 
> 
>
>  class="com.home.practice.shop.SearchProductsAction" scope = "prototype"
> parent = "baseAction"/>
>
>
>  "prototype" parent = "baseAction">
> 
> 
> 
> 
> 
> enlish
> japanese
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>
>   class="com.home.practice.shop.UpdateCartQuantitiesAction" scope =
> "prototype" parent = "baseAction">
> 
> 
> 
>
>
>  scope = "prototype" parent = "baseAction">
> 
> 
> 
>
>
>  class="com.home.practice.shop.ViewCategoryAction" scope = "prototype"
> parent = "baseAction"/>
>
>  scope = "prototype" parent = "baseAction"/>
>
>  scope = "prototype" parent = "baseAction">
> 
> 
>
> 
>
> 
> 
> enlish
> japanese
> 
> 
> 
> 
> 
> 
>
> 
>
> 
>
>  ref = "myPageList" />
> 
>
>  class="com.home.practice.shop.ViewProductAction" scope = "prototype" parent
> = "baseAction"/>
>   scope = "prototype"/>
>  "prototype"/>
>  scope = "prototype"/>
>  scope = "prototype"/>
>  "prototype"/>
>  scope = "prototype"/>
>  "prototype"/>
>  scope = "prototype"/>
>  "org.springframework.beans.support.PagedListHolder" scope = "prototype"/>
>
>
> 
>
>
> Regards,
> Srineel
>

[Struts2] SessionToken Interceptor used with json Result and Javascript Calls

2012-11-07 Thread Jan Fröhlich 
Hi...

I try to secure one of my web applications with tokens.
Everything works fine with basic jsp pages. But in one case, I call an action 
from javascript via jquery.ajax and return a json result.

To do that, I added two properties to the json result object (documenTable) 
with token and tokenName and populate them in the action with
documentTable.setTokenName(TokenHelper.getTokenName());
documentTable.setToken(TokenHelper.getToken());

The Javascript that gets the result object (data) looks like this:
var submitData = {
documentID : documentRow.documentID,
showMessage : true
};
submitData[data.tokenName] = data.token;
tdName.bind("click", function() {
$.ajax({
url : "view",
type: 'POST',
data : submitData,
success : function() {
...
}
});

When the click event is fired, the parameters struts.token.name and 
struts.token are submitted with the request but the action returns 
invalid.token.

Is that a way I can go? Is the TokenHelper the right thing to get a new valid 
token from?

Any hints welcome!

Regards
Jan

Re: Issue with maven archetypes - jetty plugin version 8 not refreshing JSPs

2012-11-07 Thread Miguel Almeida 
A follow-up on this. I was able to identify the root cause of this
issue. While this is a bit specific to our use case, I share this with
the community nonetheless.

This was basically caused by the timestamps of the files. My work
directory is an NFS mount of another server. For some strange reason*
the clock on that server is delayed. This means that if it's 9:00 and I
change the JSP file, the file will be timestamped with 8:40. 

There might have been a change in Jetty from 6 to 8 regarding the
strategy used for JSP file reloading - while Jetty 6 does not seem to
care about the file's timestamp and refreshes anyway, Jetty 8 is more
sensitive and does not reload the file.

So the "solution" here was simply to update the remote NFS server's
clock. Why the NTP-aware server is having trouble with the time is
another issue...

Miguel Almeida



On Tue, 2012-11-06 at 13:12 +0100, Lukasz Lenart wrote:

> 2012/10/31 Miguel Almeida 
> 
> > Hey Lukasz,
> >
> > Does your jetty configuration match the ones I provided? More
> > specifically, did you remove the   element? With
> > scanTargets you will see the JSP changes, but only after the automatic
> > container reload (so, worse case scenario in 10 seconds, as defined in
> > the  element.
> >
> > If you remove scanTargets, the page will not be refreshed on JSP change
> > in jetty 8 but will be refreshed in jetty 6! And reloading the entire
> > container for every JSP change seems like an overkill (and slows down
> > development process considerably when your webapp has session variables
> > and security).
> >
> > Could you try the configuration without  for jetty 6 and 8?
> 
> 
> Yes, I did that and even committed the change [1], there was no Jetty
> restarts when I've been changing jsp file.
> 
> [1] https://issues.apache.org/jira/browse/WW-3916
> 
> 
> Regards