RE: Multiple ApplicationResources.properties
You can define multiple Message-resources in your struts-config.xml and To access MyWebAppResources, use Then to access MyWebAppResources2.properties, just use Thanks, Yuanbo -Original Message- From: Viral_Thakkar [mailto:[EMAIL PROTECTED] Sent: Friday, June 11, 2004 3:33 AM To: Struts Users Mailing List Cc: satish ashok shukla Subject: Multiple ApplicationResources.properties Hi All, Can we have multiple ApplicationResources.properties files for a project? As of now I have a following entry in web.xml for an ApplicationResources.properties file. application ApplicationResources Thanks & Regards, Viral - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Single ActionForm accross multiple Actions
Interesting topic. I am new to server clustering so I'd like to discuss about how fail-over get implemented in a clustering env. I understand any ActionForms and custom data objects in the session need to be serializable, so in case one node server fails, all the information can be serialized and recreated in another node server. And the end user will not aware of this fail over happened. But when does the Serialization happen? Think of the extreme case of a fatal memory error in one node server, if the session data does not get serialized before, then this node server may not have the chance to do the serialization. So if my logic is correct, the server need to serialize the session object often enough with each http request, to be safe. Then if your session object is big, there will be a lot of IO involved to do the serialization. That may be the reason IBM suggest to keep session object under 4K. Am I right on this? Thanks, Yuanbo -Original Message- From: Frank Zammetti [mailto:[EMAIL PROTECTED] Sent: Thursday, June 10, 2004 9:42 AM To: [EMAIL PROTECTED] Subject: RE: Single ActionForm accross multiple Actions That's good info, thank you! I was suspecting this was an issue that arises in a distributed environment and probably isn't quite as critical on a single server. I think the thought of keeping session as small as possible is ALWAYS a good idea, but my suspicion is that it only really becomes very important with multiple servers involved, as you point out. Your point about session vs. cost of back-end work is important, and was the reason I personally did what I did in the app I'm thinking of... The back-end calls in a couple of cases were fairly expensive, and keeping the data in session improved performance noticably. However I may now in fact be moving into a distributed environment, so I may have to do some refactoring to cut down session size Interestingly, using the code from Ken yesterday I discovered that my user's session in this app average 8k-10k, but peak up to 25k-30k at certain points... I also discovered that I'm never clearing out that session info to get it back down to 10k. I thought I was all this time. Leaving that info there doesn't affect the functioning of the application in any way because it's constantly being overwritten with fresh data, but the fact is that I really should clear it out to reduce the size of session when possible. Fortunately there is one place in the app that makes perfect sense to do this, the app kind of flows through this one spot, so that's a nice thing. I'm going to be looking into cutting out some of that data, but I already know there's not much I can do in that regard. Frank >From: "Jesse Alexander (KXT)" <[EMAIL PROTECTED]> >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> >To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> >Subject: RE: Single ActionForm accross multiple Actions >Date: Thu, 10 Jun 2004 09:01:57 +0200 > >As far as I know... > >The recommendation to keep the session below the 4-5 kB limit comes >from clustering. > >When you build a cluster for your webapp and specify "session >failover", meaning that a session should be taken over by a running >instance in the cluster if the original instance crashes, then the >session must be replicated everytime it changes to all instances in the >cluster. This session-replication usually scales well, IF the >information to be broadcasted does not exceed 4 kB. > >At least that's what I was taught. I operate in WLS-area, but I believe >WS >is >behaving similar in that area (everybody is cooking with the same water ;-) >). > >I know of applications that scale well with session up into the >MB-area! >Their >problem is not the memory on the mid-tier server. You just must give them >all >the memory you can buy... These applications cache some data they must >request >from a backend. And the backend-mechanism make it perform and scale better >when >the data is cached in the session. But these apps are special cases!!! >(Cost of >calling the backend must also be considered...). > >hth >Alexander > >-Original Message- >From: Frank Zammetti [mailto:[EMAIL PROTECTED] >Sent: Mittwoch, 9. Juni 2004 20:02 >To: [EMAIL PROTECTED] >Subject: RE: Single ActionForm accross multiple Actions > > >I had that thought too, but I don't know enough about WebSphere to know >if it does that all the time... I know that I just installed 5.0 on a >test box and didn't have to set up a database or anything, so unless it >(a) set one up itself and is using it "under the hood", or (b) is >persisting to the file system, which I tend to doubt, then I'm thinking >along the same lines as you >I think, which is to say that this recommendation, while probably valid all >the time, doesn't carry the same weight if session is in-memory only. > >Can anyone shed more light on this? > >Frank > > > >From: [EMAIL PROTECTED] > >Reply-To: "Struts Users Mailin
RE: Pluggable User Security Framework
No experience with this, but maybe worth a look. http://sourceforge.net/projects/jguard Thanks, Yuanbo -Original Message- From: Amin Lalji [mailto:[EMAIL PROTECTED] Sent: Thursday, June 10, 2004 9:55 AM To: 'Struts Users Mailing List' Subject: Pluggable User Security Framework Hello All, Just wondering if anybody has come across an Open Source Pluggable User Authentication Frameworks that integrates well with struts... nothing fancy... just user login/password, tombstone information, group levels etc... Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Downloading a file from an Action class.
ByteArrayOutputStream baos = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(baos); ps.print(new String(returnStr)); ServletOutputStream sos = response.getOutputStream(); baos.writeTo(sos); sos.flush(); sos.close(); Then return null ActionForward in your action method. Thanks, Yuanbo -Original Message- From: Miquel Angel [mailto:[EMAIL PROTECTED] Sent: Thursday, June 10, 2004 8:01 AM To: Struts Users Mailing List Subject: Downloading a file from an Action class. Hi! I try to download a file from an action class to the user PC. That's what I do in the action class: String Path = "C:" + java.io.File.separator; //Location of the file String FileName = Path + "CSV.TXT"; //Name of the file int buffer = 10 * 1024; File file = new File(FileName); FileOutputStream fos= new FileOutputStream(file); //Fill the file with some information. PrintWriter pw = new PrintWriter(fos); for (int i = 0; i< 200; i++) { pw.write("l1 campo1" + ";" + "l1 campo2" + ";" + "l1 campo3" + "\n"); pw.write("l2 campo1" + ";" + "l2 campo2" + ";" + "l2 campo3" + "\n"); } pw.flush(); pw.close(); fos.close(); //download response.reset(); response.setContentType("text/plain"); response.setHeader("Content-Disposition", "attachment; filename=\"" + file.getName() + "\""); response.flushBuffer(); return null; All works fine, but when the user save the file, it's empty. Any ideas.. Thanks in advance. Miquel Angel Segui - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: design security issue
One comment. Make sure your ActionServlet intercepts all URL patterns so any HTTP request need to get session validated first. Yuanbo -Original Message- From: Frank Zammetti [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 3:34 PM To: [EMAIL PROTECTED] Subject: RE: design security issue To really do security properly, you really should externalize it using a product like Netegrity's SiteMinder. That would be my first suggestion, but there is considerable cost in something like that, so it's not right for everyone or every situation. So, you can do some more minor things within your aop that should give you decent results: (1) Don't do anything within any action unless a valid session is found. This will keep quite a few people out of your app on it's own since they won't be able to just hack together a URL with a query string. I accomplish this in one app I did by having an ActionHelpers class, and the first thing any of my Actions do is call a validateSession() static method. If no session is present, forward right then and there to the logon page. You must be careful also that there is one and only one place in your code that creates a session, your logon Action most likely. (2) Make sure your running through SSL. Takes care of packet sniffing, more or less. (3) Encrypt the passwords in your database with a one-way hash encryption. Makes administration a little bit of a pain (no way to read the password), but it also makes hacking the system a little tougher. (4) Have good policies with regard to session timeouts and password structure. A 5-minute timeout might be too short depeneding on the app, but it's good security-wise. Make sure you have solid rules for what a password must look like (i.e., 6-10 characters in length, at least one non-alphabetic character and one non-alphanumeric character, must be chaged once a month, etc.). These are all easy to implement, and will lead to a fairly secure system. Not perfect, but reasonably secure. Depending on your environment, it might be plenty. Frank >From: "Zhang, Larry (L.)" <[EMAIL PROTECTED]> >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: design security issue >Date: Tue, 8 Jun 2004 15:14:36 -0400 > >I have an web application on which the manager can view his manage tree >and >select his employee for transactions (such as Perfromance Rating, putting >on Leave of absence). Definitely it is very vital in this case to keep the >security or make sure one data for one employee is submitted not for >another employee. Another thinking is that if the user come to a page via a >bookmark or come to the page without visiting the previous page, we should >catch this event and disallow the further action. I need to come up some >design solutions so that this security is handled elegantly. Any ideas? If >you know some sites discussing this, please let me know. > >Thanks. > >Larry Zhang > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > _ Watch the online reality show Mixed Messages with a friend and enter to win a trip to NY http://www.msnmessenger-download.click-url.com/go/onm00200497ave/direct/ 01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Using DispatchActions with validation
Correct me if I am wrong, I don't know if this is ever possible. If the validation method in ActionForm class returns a not null ActionErrors obj, the flow will direct to "input" page, so if you really want to invoke something in this case, my bet is that you have to put that logic inside your ActionForm.validate method? Any idea? Thanks, Yuanbo -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of GMaine Sent: Friday, May 14, 2004 12:31 PM To: [EMAIL PROTECTED] Subject: Using DispatchActions with validation I have a DispatchAction with two methods. I pass a hidden field "method" in my form, to determine which method should be called. But I want to override this and call a specific method if the form's validation fails. Is it legitimate to put this in the action mapping? input="/myAction.do?method=myMethod" Or could this conflict with the "method" hidden field? Jacob - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Sharing what I've learned: locale switching
Thanks for sharing the information. Basically struts using the following method to decide which Locale is in the session, then load the corresponding resource bundle: protected Locale getLocale(HttpServletRequest request) { HttpSession session = request.getSession(); Locale locale = (Locale)session.getAttribute("org.apache.struts.action.LOCALE"); if(locale == null) locale = defaultLocale; return locale; } So to switch the Locale dynamically, update the Locale object saved in the session. Thanks, Yuanbo -Original Message- From: None None [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 2:16 PM To: [EMAIL PROTECTED] Subject: Sharing what I've learned: locale switching Because this might be helpful to others, and because I probably would have spent another couple of hours figuring it out on my own without the help of some people on this lsit, I wanted to give back as much as I could. So, here's a consolidated bit of info I've learned about switching language in your Struts apps... What I have is a file manager application, more or less just for me to learn Struts. I wanted to have the ability to switch languages on-the-fly. To do this, I've done the following: (1) I created two files and placed them in WEB-INF/classes. They are ofmResources_en.properties and ofmResources_de.properties (en for English, de for German). These files contain various text strings in both language. For instance, there is a lable on the screen for file uploads which is defined as follows: labels.uploadFile=Upload a file: and for the German version: labels.uploadFile=hochladen Sie eine Datei: (2) I added the following entry to web.xml, as an init parameter of the ActionServlet: application ofmResources As near as I can tell, NO entries are required in struts-config.xml. You also do NOT need to do anything for each version of the resource file. As long as they are named x_ll.properties, where x is the value of the application parameter above, and ll is a valid country code, that's all there is to it. (3) Next, I added some flag graphics to my web pages, one an American flag, one a German flag. Here is the HTML for them: Pretty trivial stuff there. (4) Next, I created an ActionForm called ChangeLocaleActionForm as follows: package com.mycompany.ofm.actionforms; import org.apache.struts.action.*; public class ChangeLocaleActionForm extends ActionForm { private String languageCode = null; public ChangeLocaleActionForm() { languageCode = null; } public void setLanguageCode(String inLanguageCode) { languageCode = inLanguageCode; } public String getLsnguageCode() { return languageCode; } } (5) Next, I created an accompanying Action: package com.mycompany.ofm.actions; import java.util.*; import javax.servlet.http.*; import com.omnytex.ofm.actionforms.*; import org.apache.struts.*; import org.apache.struts.action.*; public class ChangeLocaleAction extends Action { public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { ChangeLocaleActionForm claf = (ChangeLocaleActionForm)form; String languageCode = claf.getLsnguageCode(); request.getSession().setAttribute(Globals.LOCALE_KEY, new Locale(languageCode)); return mapping.findForward("showPathContents"); } } As it turns out as someone here informed me, there is "automagically" a Locale in session, created based on what is sent by the browser. So, by default on my system the value en_US is stored in session under the name Globals.LOCALE_KEY. By the way, as near as I can tell, the _US portion of the language code doesn't matter (I'm sure it MATTERS, but for what I'm describing it doesn't). So, this allows one to switch the locale (read: language) of the app by clicking a flag. No big deal. (6) To make use of this all, there are two concerns... One is messages in a JSP rendered with the tag, the other is messages returned from an Action that you want to display to the user. For the JSP side of things, it's simple... you just do this... Struts uses the Locale stored in session to pull the key from the correct resource file. Yeah, it's that easy! As I said previously, the fact that to start my Locale contains en_US doesn't seem to matter... Struts looks to be smart enough to look for a properties file with just _en in the name... I presume that if I named the file ofmResources_en_US.properties it would work as well, but I haven't verified that. For messages returned from an Action, I have found that this code does what I want: lpcaf.setMessage(getResources(reque
user@struts.apache.org
Try: String url = "oSomething.do?p1=BU&p2=" + java.net.URLEncoder.encode("BR&M) + "&p3=bu2" Thanks, Yuanbo -Original Message- From: bojke [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 11:51 AM To: Struts Users Mailing List Subject: The request parameter value contains & Hi, I have the request parameter and that one has value par example BR&M. par example: doSomething.do?p1=BU&p2=BR&M&p3=bu2 I must use GET method for the as methodt. (I am launching the popup using window.open(url)). So, in the action, on the server side I am getting BR as the parameter value instead of BR&M. Does anybody has idea? Thanks in advance, Bojan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]