[ANN] May 20 - Writing JPA Applications by Patrick Linskey at Google in Silicon Valley
This is a free event open to the general public. So, please forward this announcement on to other interested parties. The full meeting announcement including directions to meeting site at Google in Silicon Valley is here: https://sv-web-jug.dev.java.net/servlets/NewsItemView?newsItemID=5601 Advanced Registration is required to be part of give-away drawing. You can register at: http://sv-web-jug-4.eventbrite.com/ Agenda: 18:30-19:00 Arrive mingle -- Food drinks provided by Google 19:00-20:30 Writing JPA Applications Presentation Description: In this talk, Patrick explores the Java Persistence API, and examines some common practices for how to write applications that use JPA. Patrick will focus more on API usage than on mapping configuration, and will look at the bootstrapping and runtime behavior of JPA applications. You will learn about JPA's optimistic locking semantics, including the benefits of optimistic read locks. Patrick looks at when it's appropriate to use the different facilities of the Java Persistence Query Language (JPQL), and also discusses common extensions to the spec, including performance caching, pessimistic locking, and fetch strategies. --- | Michael Van Riper | http://weblogs.java.net/blog/van_riper/ | http://www.linkedin.com/in/vanriper | Silicon Valley Web JUG | mailto:[EMAIL PROTECTED] | https://sv-web-jug.dev.java.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[ANN-OT] February 19 - Stateful Applications that Scale Like Stateless Ones by Orion Letizi at Googleplex in Silicon Valley
Advanced Registration is required to be part of give-away drawing. You can register at: http://sv-web-jug.eventbrite.com/ This is a free event open to the general public. So, please forward this announcement on to other interested parties. The online meeting announcement is here: https://sv-web-jug.dev.java.net/servlets/NewsItemView?newsItemID=5425 18:30-19:00 Arrive mingle -- Food drinks provided by Google 19:00-20:30 Stateful Applications that Scale Like Stateless Ones talk by Orion Letizi TALK DESCRIPTION Within every innocent web application lies a sleeping monster. There comes a time when every successful web application outgrows its single-machine architecture. Whether for high-availability, scalability, or both, the adult web application must grow to live on more than one application server. That's when the latent beast strikes: the State Monster. The most recent accepted wisdom about solving application state problems in a scaled-out production architecture is to make your web application stateless—i.e., externalize all application state out of the application tier so that any application server can serve any user request. Unfortunately for the owners of such applications, making it stateless is hard to do, corrupts the programming and data model of the application, and pushes the problem out to other pieces of infrastructure that are ill-equipped to handle it. Stateless programming is hard on the application developer, hard on the application infrastructure, and hard on the application. There must be a better way to write business applications. In this talk, we will discuss the current stateless application paradigm, its shortcomings, and a new alternative using Terracotta's open-source availability and scalability technology for the Java Virtual Machine. Please be sure to preregister at http://sv-web-jug.eventbrite.com/ so you will be eligible for our raffle. We will be Using Jim Weaver's JavaFX Spinning Wheel for our raffle. You can learn more about the project at: http://learnjavafx.typepad.com/weblog/2008/01/spinning-wheel.html Currently, the prizes include: * IntelliJ IDEA license from JetBrains * Ajax Security from Addison Wesley * Pro JSF and Ajax: Building Rich Internet Components from Apress * Filthy Rich Clients from Addison Wesley (2 copies) * Professional Hibernate from Wrox Press * Professional Java Development with the Spring Framework from Wrox Press * Professional Ajax 2nd Edition from Wrox Press This meeting was organized by the Silicon Valley Web Developer JUG and is being co-hosted by the Silicon Valley JUG. -- | Michael Van Riper | http://weblogs.java.net/blog/van_riper/ | http://www.linkedin.com/in/vanriper | Silicon Valley Web Developer JUG | mailto:[EMAIL PROTECTED] | https://sv-web-jug.dev.java.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Every action is getting called twice
On 2/11/08, Charbel Abdul-Massih [EMAIL PROTECTED] wrote: What am I doing wrong? Every request to an action goes into the actions' execute method twice... This is going to sound unrelated, but, do you use Firefox browser with Firebug enabled to test your code. I ran into one weird problem myself where I was seeing double executions when Firebug was enabled. That may not be the problem in your case, but, your symptoms are similar to my situation where this was indeed the culprit. If you normally test with Firebug enabled, disable it and try your test again to see whether that changes things at all. Good Luck, Van -- | Mike Van Riper | http://weblogs.java.net/blog/van_riper/ - | Silicon Valley Web Developer JUG | mailto:[EMAIL PROTECTED] | https://sv-web-jug.dev.java.net - | Silicon Valley Google Technology User Group | mailto:[EMAIL PROTECTED] | http://sv-gtug.org - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Silicon Valley Code Camp at Foothill College on Oct. 27-28
This is a free event by and for the developer community in Silicon Valley. I've been promoting this event within the local Java developer community. I'll also be leading one technical session at this Code Camp based on my experiences converting to S2 from WebWork2 and the ways we use S2 now in our consumer web site (krillion.com): Details of My Sessions http://tinyurl.com/35e4fo Code Camp is a new type of community event where developers learn from fellow developers. All are welcome to attend and speak.The Code Camp Manifesto consists of six points: (1) by and for the developer community; (2) always free; (3) community developed material; (4) no fluff – only code; (5) community ownership; (6) never occur during working hours. What can you expect at the Silicon Valley Code Camp? Two full days of talking about code with fellow developers. Sessions will range from informal chalk talks to presentations. There will be a mix of presenters, some experienced folks, for some it may be their first opportunity to speak in public. And we are expecting to see people from throughout the Northern California region and beyond. Attendance is free, but space is limited so you need to register in advance. Here is the home page for the event: http://www.siliconvalley-codecamp.com It is not too late to signup to lead your own technical session too. Session submission will remain open until about a week before the event. After that, they will be assigning time slots at meeting spaces to the submitted sessions based on the interest level expressed in each topic. Whether you to choose to present or just to participate, it would be great to meetup with other S1 and S2 developers in the area at this event. If you are interested, you can either respond to this thread or contact me directly off list. If there is enough interest, we can schedule an informal Struts BOF session during the weekend sometime too. Cheers, Van -- Mike Van Riper [EMAIL PROTECTED] http://weblogs.java.net/blog/van_riper/ Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net JUGs International MAP http://tinyurl.com/ynktb2 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts - open windows without javascript
On 9/27/07, Slattery, Tim - BLS [EMAIL PROTECTED] wrote: how to open a new browser windows in Struts without to use javascript code in jsp page? Opening a new page is a client-side function. Since Struts is a server-side system, there's no way to do this. You could use the target attribute of the form... tag, which instructs the browser to open a new window for the result of the form. That's as close as you're going to get. Same goes for the link a ... tag. The attribute you add to make your form/link requests open a new browser window/tab is: target=_blank Technically, this will open a new window without javascript. It is just adding an HTML attribute to your form or link tags in your generated HTML response. No javascript required. -Van -- Mike Van Riper [EMAIL PROTECTED] http://weblogs.java.net/blog/van_riper/ Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net JUGs International MAP http://tinyurl.com/ynktb2 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts - open windows without javascript
On 9/27/07, Slattery, Tim - BLS [EMAIL PROTECTED] wrote: You could use the target attribute of the form... tag, which instructs the browser to open a new window for the result of the form. That's as close as you're going to get. Same goes for the link a ... tag. The attribute you add to make your form/link requests open a new browser window/tab is: target=_blank Technically, this will open a new window without javascript. It is just adding an HTML attribute to your form or link tags in your generated HTML response. No javascript required. One caveat on the target attribute: it doesn't exist in xhtml 1.1. Wow! I did not know that. Google to the rescue. Found this related information online: snippet JavaScript window object solution: Javascript provides a partial solution to the problem by passing the href attribute to the window object's open method, and returning a value of false. The false return from the event handler prevents the web browser from following the link specified in the href attribute. a href=http://www.TexaStar.com; onclick=window.open(this.href); return false; onkeypress=window.open(this.href); return false;TexaStar/a This previous example provides an onclick event handler for those using a pointing device, and an onkeypress event handler for those using a keyboard. However, when JavaScript isn't enabled, the link is processed as normal, providing a possibly adequate fallback mechanism, but failing to produce the designer's desired result. /snippet So, it does require a small amount of javascript to make it work in an XHTML 1.1 compliant manner. This snippet above comes from the following online source: http://www.texastar.com/tips/2004/target_blank.shtml - Van -- Mike Van Riper [EMAIL PROTECTED] http://weblogs.java.net/blog/van_riper/ Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net JUGs International MAP http://tinyurl.com/ynktb2 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [s2] Struts head tag KILLS ( 10s) page load time
On 9/20/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I have the same problem. I'm using ajax and the response time of my pages are over 40s sometimes with the s:head theme=ajax / include. Can someone tells me if this has been fixed in struts 2.1 ? Is there a work around to this problem ? The best workaround that I have found is to Just Say NO to the built in support for Dojo and instead to use Prototype judiciously. All my ajax logic is done that way. I don't use the builtin ajax support in s2 at all. This has worked well for the level of ajax support I need in my own webapp development these days. YMMV. -Van -- Mike Van Riper [EMAIL PROTECTED] http://weblogs.java.net/blog/van_riper/ Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net JUGs International MAP http://tinyurl.com/ynktb2 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Ajax using XMLHttpRequest and Struts
On 9/11/07, aarthy [EMAIL PROTECTED] wrote:
I am stuckup in this issue for a week.Please somebody help me on this please.
Frank W. Zammetti wrote:
Something is wrong in your JSP... looks like that stack trace was cut off,
but your beyond the AJAX parts at this point, you need to find the error
in your JSP.
As Frank said, you have issues with your JSP. If you literally
cut/pasted your JSP logic into the email, then I can see at least two
separate problems with this snippet that would fail at compile time of
the JSP when converting it into a servlet.
You have scriptlet logic to start the for-loop and no matching
scriptlet logic to close the for loop. Even worse, your for-loop
iteration logic is totally whack. I am not saying this will fix it,
but, the for-loop will at least be properly closed and reasonably
defined when this snippet is changed from this:
select name=TVShowSelect
%int i = 0;
ArrayList ch = (ArrayList)
request.getSession().getAttribute(characters);
String[] s = new String[ch.size()];
ch.toArray(s);
for (Iterator it = s.length; it.hasNext();) {
String name = (String)it.next();
%
option%=name%/option
/select
To this:
select name=TVShowSelect
% ArrayList ch = (ArrayList)
request.getSession().getAttribute(characters);
String[] s = new String[ch.size()];
ch.toArray(s);
for (int i = 0; i s.length; i++) {
String name = s[i];
%
option%=name%/option
% }
%
/select
I don't recommend this kind of scriptlet logic in the JSPs. If you are
going to do this though, you could at least try compiling the
scriptlet code in a test Java file first or use an IDE like IntelliJ
IDEA that will detect obvious compile issues with your scriptlet logic
in JSP files.
Good Luck, Van
--
Mike Van Riper
[EMAIL PROTECTED]
http://weblogs.java.net/blog/van_riper/
Silicon Valley Web Developer JUG
https://sv-web-jug.dev.java.net
JUGs International MAP
http://tinyurl.com/ynktb2
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: ActiveMQ Problem migrating from WebWork 2.2.2 to Struts 2.0.9
Yup! I had updated build process to exclude the spring plugin, but, I never did a full rebuild that would have nuked it from my distribution. Doh! I'm not past this problem. I'm even see struts tags execute in the JSPs forwarded to from my actions. However, I am now hitting my head on a problem with the interaction of Sitemesh with Struts 2.0.9. The WW2.2 tags which have been converted to S2.0.9 tags which are working fine in the main JSPs being evaluated are failing with an NPE on the first struts tag encountered in my sitemesh decorator JSP file. I'll start a new thread with a more appropriate topic for my current problem. -Van P.S. I already found the Wiki docs about sitemesh integration, but, that was not enough in my case. :-( On 8/3/07, Don Brown [EMAIL PROTECTED] wrote: Struts 2 behaves quite differently based on what plugins are installed. Looks like you are using the Spring plugin, which it sounds like you shouldn't be. Remove the struts2-spring-plugin-VERSION.jar from your WEB-INF/lib. Don On 8/4/07, Van Riper [EMAIL PROTECTED] wrote: I'm running into trouble migrating my existing web application from WebWork 2.2.2 to Struts 2.0.9. We are using JSE6 (AKA JDK 1.6) and Tomcat 5.5.17. I did everything mentioned on the wiki plus a bunch more stuff: http://struts.apache.org/2.x/docs/webwork-2-migration-strategies.html If I ever get this working I promise to provide feedback to update this page based on my experiences migrating to Struts 2.0.9. To set things up, I was fairly quickly able to get to the point that I had a clean build of my webapp after swapping out WebWork and swapping in Struts 2.0.9. Hard as it may be to believe, we were not using Spring IoC. I had that turned off in my webwork.properties like so: ### Configuration for IoC Container ### webwork.objectFactory=spring However, it appears that S2 really wants some IoC container because I kept getting complaints with this commented out. So, I uncommented it in my renamed struts. properties file (added necessary listener in web.xml too) and included the latest Spring Framework jar file (2.0.6). This in turn gave me complaints about missing ActiveMQ classes and including the main jar file for latest ActiveMQ (4.1.1) didn't seem to help. That catches everyone up to my current situation. Here is the full console log output for my latest failed webapp startup: CONSOLE-OUTPUT cmd /c C:\java\apache-tomcat-5.5.17\bin\catalina.bat run Using CATALINA_BASE: C:\Documents and Settings\van\.IntelliJIdea60\system\tomcat_Unnamed_7c1b22c1 Using CATALINA_HOME: C:\java\apache-tomcat-5.5.17 Using CATALINA_TMPDIR: C:\svn\head\dev\projects\krillion\dist\catalina_bases\browser\dev\temp Using JRE_HOME:C:\java\jdk1.6.0 Connected to the target VM, address: '127.0.0.1:1866', transport: 'socket' Aug 3, 2007 4:11:03 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8000 Aug 3, 2007 4:11:03 PM org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8002 Aug 3, 2007 4:11:03 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 640 ms Aug 3, 2007 4:11:03 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Aug 3, 2007 4:11:03 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.17 Aug 3, 2007 4:11:03 PM org.apache.catalina.core.StandardHost start INFO: XML validation disabled 16:11:07,218 INFO [/]: Initializing Spring root WebApplicationContext 16:11:07,218 INFO ContextLoader: Root WebApplicationContext: initialization started 16:11:07,296 INFO XmlWebApplicationContext: Refreshing [EMAIL PROTECTED]: display name [Root WebApplicationContext]; startup date [Fri Aug 03 16:11:07 PDT 2007]; root of context hierarchy 16:11:07,500 INFO XmlBeanDefinitionReader: Loading XML bean definitions from ServletContext resource [/WEB-INF/applicationContext.xml] 16:11:07,718 INFO XmlWebApplicationContext: Bean factory for application context [EMAIL PROTECTED]: [EMAIL PROTECTED] 16:11:07,812 INFO DefaultListableBeanFactory: Pre-instantiating singletons in [EMAIL PROTECTED]: defining beans [connectionFactory,messageworkDestination,jmsTemplate,mapMessageFactory,textMessageFactory,actionMessageSender]; root of factory hierarchy 16:11:07,812 INFO DefaultListableBeanFactory: Destroying singletons in [EMAIL PROTECTED]: defining beans [connectionFactory,messageworkDestination,jmsTemplate,mapMessageFactory,textMessageFactory,actionMessageSender]; root of factory hierarchy 16:11:07,828 ERROR ContextLoader: Context initialization failed org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.codehaus.activemq.ActiveMQConnectionFactory] for bean with name 'connectionFactory' defined in ServletContext resource [/WEB
[S2] Successfully migrated my WW-2.2 app to Struts-2.0.9
I had one last hiccup with the Sitemesh integration on S2. Although I am using the default JSP approach and didn't need the template support for Freemarker or Velocity provided by the Sitemesh plugin for S2, I did need to add the ActionContextCleanUp filter to my web.xml as recommended as part of this documentation for the sitemesh plugin that supports templating: http://struts.apache.org/2.0.9/docs/sitemesh-plugin.html Until I added the ActionContextCleanUp filter, I was getting an NPE for the first S2 tag encountered in my Sitemesh decorator JSP. My final working web.xml filter settings/mappings (not using the struts2-sitemesh-plugin though) are: !-- This filter allows sitemesh decorator's to access struts framework variables -- filter filter-namestruts-cleanup/filter-name filter-classorg.apache.struts2.dispatcher.ActionContextCleanUp/filter-class /filter !-- sitemesh gives us an overall page/panel definition -- filter filter-namesitemesh/filter-name filter-classcom.opensymphony.module.sitemesh.filter.PageFilter/filter-class /filter !-- Struts is attached as the last filter. Note that this must be placed AFTER other related filters (like SiteMesh) because if this succeeds and decides to send the request to struts, the rest of the filter chain is stopped. -- filter filter-namestruts/filter-name filter-classorg.apache.struts2.dispatcher.FilterDispatcher/filter-class /filter filter-mapping filter-namestruts-cleanup/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-namesitemesh/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-namestruts/filter-name url-pattern/*/url-pattern /filter-mapping I'm not sure why, but, I didn't need the extra cleanup filter for the WW-2.2 app. I may still run into some other minor hiccups during a full regression test run, but, things are basically working now. This was done on a SVN branch, but, I should be able to make the same changes in a matter of hours (thanks to IntelliJ) on our main trunk later this week after completing my regression testing on the branch. Phew! -Van Mike Van Riper [EMAIL PROTECTED] Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ActiveMQ Problem migrating from WebWork 2.2.2 to Struts 2.0.9
(ContainerBase.java:1013) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442) at org.apache.catalina.core.StandardService.start(StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) Aug 3, 2007 4:11:07 PM org.apache.catalina.core.StandardContext start SEVERE: Error listenerStart Aug 3, 2007 4:11:07 PM org.apache.catalina.core.StandardContext start SEVERE: Context [] startup failed due to previous errors 16:11:07,859 INFO [/]: Closing Spring root WebApplicationContext Aug 3, 2007 4:11:08 PM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-8000 Aug 3, 2007 4:11:08 PM org.apache.coyote.ajp.AjpAprProtocol start INFO: Starting Coyote AJP/1.3 on ajp-8002 Aug 3, 2007 4:11:08 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 4969 ms /CONSOLE-OUTPUT The peculiar thing about this failure is that it is complaining about not being able to load this class: org.codehaus.activemq.ActiveMQConnectionFactory When I crack open the latest ActiveMQ jar from Apache site, there is an ActiveMQConnectionFactory class. However, it is packaged like so: org.apache.activemq.ActiveMQConnectionFactory I am beginning to spin my wheels on this. Any pointers or suggestions would be much appreciated. If I can't figure this out, I may have to admit defeat and switch to Rails development. ;-) -Van Mike Van Riper [EMAIL PROTECTED] Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: s2: Base url in jsp's
On 6/21/07, Max Pimm [EMAIL PROTECTED] wrote: I am used to defining a base element in my pages but can't find the way to define this with struts 2. All suggestions welcome. I don't think you need struts 2 support to do this. I'm using webwork 2.2 currently and starting to monitor this list again in preparation for migrating our webapp codebase to struts 2. We also use Sitemesh for response decoration. So, our Sitemesh decorator sets the base element for our response during the execution of sitemesh response filter. The way we do it in JSP land is: base id=docBase href=%=request.getRequestURL()%/ No webapp framework support required. We give the base element an id because we have some javascript functions that need to access the base document URL dynamically. This makes it easy to do the element lookup by id via Javascript elsewhere. Cheers, Van Mike Van Riper [EMAIL PROTECTED] Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[ANNOUNCE] Silicon Valley Web Developer JUG
FYI, After learning about JUG support as projects on java.net at JavaOne, I decided to migrate the Silicon Valley Struts User JUG to a new JUG project on java.net. The other significant change to the group is the shift to a more general focus on all J2EE web application development technologies. Of course, we will continue to have some meetings where Struts development is the focus. The new JUG project on java.net is: Silicon Valley Web Developer JUG https://sv-web-jug.dev.java.net Everyone on the old Yahoo list are already migrated to the new list. For anyone new though, it does require that you register with java.net in order to subscribe to the new list. If you would like to become a member of this JUG, you can subscribe to the mailing list here: https://sv-web-jug.dev.java.net/servlets/ProjectMailingListList When the group does have a Struts-related event coming up, I'll continue to post announcements here on the struts-user list. However, the frequency of those postings will be lower now with the broader focus of the group going forward. That's All Folks, Van Mike Van Riper mailto:[EMAIL PROTECTED] https://sv-web-jug.dev.java.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[ANNOUNCEMENT] 6/27 Struts User Gathering at JavaOne
Since there were no strong preferences stated in the initial responses, I made an executive decision and went with Sunday evening after the conference opening reception. We'll be gathering around 8:30pm at the Thirsty Bear less than a block from Moscone Center. The full announcement including directions can be found here: http://tinyurl.com/2mpsq RSVP requested to [EMAIL PROTECTED] with the subject Struts User Gathering. Please RSVP by 5:00pm on Saturday, June 26th. Thanks, Mike Van Riper Silicon Valley Struts User Group http://www.baychi.org/bof/struts/ P.S. No need to RSVP again for those of you that have already done so. You are on my list for the reservation headcount. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] JavaOne Struts User Gathering
Hi Everyone, Depending upon the interest level, I'm willing to organize a social gathering at a bar or restaurant in San Francisco during the upcoming JavaOne conference. It would either be around 8:30pm on Sunday, June 27th, after the Welcome Reception ends. Or it would be around 8:00PM on Thursday, July 1st, at the very end of the conference. It would be separate from JavaOne, but, somewhere not too far from Moscone. That way, anyone attending the conference and local folks that aren't attending the conference could both participate. If this is something you would participate in, please email directly to me (no need to spam the struts-user list with count-me-in messages) at [EMAIL PROTECTED] with the subject JavaOne Struts User Gathering. Whatever I decide upon, I'll announce it again here on the mailing list. However, your responses to me now will give me an indication of size of venue required for the gathering. I will choose between Sunday and Thursday evening based upon the preferences I get back from the people that contact me. Also, I am not that familiar with our options in the city. So, I would appreciate recommendations for local bars/restaurants that would be a good venue for this gathering. Besides being big enough for the expected number of people, I'm looking for a place with good *beer* and at least some decent food options too. Thanks, Van Mike Van Riper Silicon Valley Struts User Group http://www.baychi.org/bof/struts/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Enumerating sessions
I had to do something like this and I did use the HttpSessionListener interface (requires 2.3 servlet API support in your container) as part of the solution. However, it alone is not sufficient. The callbacks for the session creation and destruction events happen so early and so late respectively that you do not have access to any session data other than the sessionID. The solution I came up with was to record logins within the webapp to a tracking table *and* store the sessionID as a field in these records. Then, you can use the sessionDestroyed() callback to check to see if there is a login record that is still active that needs to be flagged as terminated. You have to go through all these hoops because you can't rely on the user explicitly logging out. So, to update the tracking table to reliably indicate who is currently logged in you have to do this. You will hit the sessionDestroyed() callback whether they explicitly log out and you expire the session, or the session simply times out on its own because of inactivity (or as a result of closing the client-side browser window without explicitly logging out). Hope this helps, Van Mike Van Riper Silicon Valley Struts User Group http://www.baychi.org/bof/struts/ mailto:[EMAIL PROTECTED] -Original Message- From: Nick Heudecker [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 15, 2004 1:43 PM To: Struts Users Mailing List Subject: Re: Enumerating sessions Wouldn't this do it? http://jakarta.apache.org/tomcat/tomcat-5.0-doc/servletapi/jav ax/servlet/http/HttpSessionListener.html Frank Zammetti wrote: Hello all... is there any good way to enumerate all sessions under a given webapp? I know there used to be the SessionContext, but that has since been deprecated as of servlet spec 2.1 I believe... Is there anything in Struts that might help? Basically I'm just looking for an accurate way to display all currently logged on users, and also have the ability to add a session attribute to all of them (think broadcast messages and forced graceful logoffs). I keep hearing the term Session Listenter, but my research is turning up server-specific (or third party-specific references), and I need this to be server-nuetral. I could I guess create a wrapper class that is called to create or kill a session, as well as to add of remove attributes, but I'd prefer something that won't require me to change a lot of code, or any really! Thanks in advance for any ideas! Frank _ MSN 9 Dial-up Internet Access fights spam and pop-ups now 3 months FREE! http://join.msn.click-url.com/go/onm00200361ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Nick Heudecker System Mobile, Inc. Email: [EMAIL PROTECTED] Web: http://www.systemmobile.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Dealing with XSS in struts
Jeff, The way that I solved this was to implement my own subclass of the TilesRequestProcessor (because we use Tiles) and then specify that request processor in the controller element of the struts config file. In this subclass, I override processValidate() and in my override I wrap the incoming request object with my own extension of HttpServletRequestWrapper (part of 2.3 Servlet API, but, you could just pull that class into your project to make this work with a servlet container that only supports the 2.2 version of the Servlet API). My extension of the request wrapper class has both a helper function to do validation of the request parameters for XSS *and* filtering on the parameter getter functions to prevent a round-trip back to the client of any nasty XSS stuff. This allows me to do the XSS check in one bottleneck and treat it as a form validation error when XSS request parameter data is detected. If the XSS validation check passes, then I call the super.processValidate() and let Struts take it form there. I suppose something similar could be done using a request filter, but, I like doing it inside the request processor where I have access to the associated Struts action mapping along with the request object. With the action mapping available to me, I can do logical forwarding using struts configuration settings in this context that I wouldn't be able to do with a separate request filter. I've used this technique successfully on several projects. In one project, the paradigm was to take the user back to the input page with an error message at the top and cleaned up data redisplayed in the form. In another project, they preferred to go to a separate error page specific to XSS errors. With this approach, I was able to implement the first way relying on the input setting of the associated action mapping. I was also able to implement the second approach using a global forward for the error page and doing a lookup (i.e., mapping.findForward()) to implement the error handling that way. Hope this helps, Van Mike Van Riper Silicon Valley Struts User Group http://www.baychi.org/bof/struts/ -Original Message- From: jeff mutonho [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 05, 2004 4:52 AM To: [EMAIL PROTECTED] Subject: Dealing with XSS in struts Hi What are the recommendations to deal with cross-site scripting in struts? I'm got an app that a use can access at a URL , let's call it http://localhost/myapplication , now doing something like http://localhost/myapplication/applicationInit.do?mode=script alert(document.cookie)/script reveals a pop-up box containing the currently set cookies. How can I block that from happening?Is there a way of encoding a form bean? Please help as this is critical to the app. jeff mutonho - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Dealing with XSS in struts
-Original Message- From: Craig McClanahan [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 05, 2004 9:47 AM To: Struts Users Mailing List Subject: Re: Dealing with XSS in struts jeff mutonho wrote: Hi What are the recommendations to deal with cross-site scripting in struts? I'm got an app that a use can access at a URL , let's call it http://localhost/myapplication , now doing something like http://localhost/myapplication/applicationInit.do?mode=scrip talert(document.cookie)/script reveals a pop-up box containing the currently set cookies. How can I block that from happening?Is there a way of encoding a form bean?Please help as this is critical to the app. One of the keys to avoiding the particular XSS attack you are talking about here is to be careful about how you render dynamic content that was originally entered by the user. For example, if your string above was read in to a bean property named mode and you wanted to render it as text in another page, you should use something like: bean:write name=mybean property=mode/ instead of something like: %= mybean.getMode() % Struts protects you because (unless you explicitly ask it not to), it will render as lt; so that the embedded script will not actually get executed. Using the runtime expression, or things like that, simply copy the bytes back out again with no filtering. However, this only protects you when you are diligent in all your JSP coding. My management was more comfortable with an approach (see my other recent posting on this same topic) that didn't rely on that being true. Maybe that says something about what they think of me? :-) jeff mutonho Craig Van - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
