Re: [struts] params and staticParams
I can't seem to find any indication where this ever wound up from several months ago, but I found the same issue independently after making the (poor) assumption that a statically assigned parameter wouldn't be overridden by a request parameter. I did some searching and found this thread. Like Dale, I've made the same fix in my default interceptor stack and fixed this. To me, this is a potential security issue. It's very handy to define a parameter passed into the action via the action configuration. It's easy to make the assumption that these parameters can't be overwritten by the user. It seems to me the framework should by default be configured with security in mind. So, can anyone tell me where this wound up? I'd just like to add my voice requesting the default order be changed. Dale Newfield wrote: Dale Newfield wrote: Jeromy Evans wrote: Wouldn't it be the case for most people that specify params in the action definition that they wouldn't want those overridden by request params? I don't know the history but I think you make a good point. It a couple more people agree I'll create a JIRA issue and post a patch. Clearly that should have started If a couple... -Dale - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [struts] params and staticParams
Dale Newfield wrote:
Lets see if I can come up with an off-the-cuff example:
Ok, I see what you're doing now.
Because I still can't find people that are friends with both joe and amy:
http://localhost:8080/social-networking-app-de-jur/users/friendsOf/joe/friendsOf/amy.html
because one constraint will overwrite the next of the same type.
And I don't think this is really what the rest plugin does, either.
(Am I wrong?)
Yeah, I'm certain no mapping supports params like the friendOf' and
friendOf example at the moment. The NamedVariablePatternMatcher is
based on fixed patterns:
eg.
@Namespace(users/{relationshipA}/{usernameA}/{relationshipB}/{usernameB})
In order to prevent a multitude of urls, I guess I could be careful
and alphabetize the constraints when constructing urls (alphabetizing
values when constraints are multiply present. So I would need to
detect that this is incorrect:
http://localhost:8080/social-networking-app-de-jur/users/friendsOf/joe/friendsOf/amy.html
and redirect to:
http://localhost:8080/social-networking-app-de-jur/users/friendsOf/amy/friendsOf/joe.html
before returning a result.
So now that I better understand how to most cleanly describe the urls
to request information from my system, how do I go about implementing
that mapping? From what I understand of the various rest tools we've
got, this isn't the way any of them work. Should I just send all
/widgets/* to a single action that does it's own URL parsing?
I think this is an argument for a custom action mapper that supports
your expressions. It's up to the mapper to parse the URL to extract the
namespace, action and params. The mappers seem fairly straight-forward.
Actually, I don't think any of the existing mappers can send
/widgets/* to your action because I think they would confuse the paths
training widgets with the namespace or action name (except perhaps when
it fails it will fallback to an in the default namespace)..
I'd start by looking at the parseNameAndNamespace method of
http://svn.apache.org/repos/asf/struts/struts2/trunk/plugins/rest/src/main/java/org/apache/struts2/rest/RestActionMapper.java
and
http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
And create you're own.
Since you asked, the REST plugin with the NamedVariablePatternMatcher
enabled would allow you to move some params into the path to tidy it
up a bit (and address each resource with a unique url):
This might be what I'm looking for... I can read the source, luke
at
http://svn.opensymphony.com/fisheye/browse/~raw,r=1664/xwork/trunk/src/java/com/opensymphony/xwork2/util/NamedVariablePatternMatcher.java
But I don't see *any* documentation for this. Where exactly would I
specify those patterns described in the javadoc at the top of that
java? I don't understand how NamedVariablePatternMatcher relates to
the REST plugin...
The NamedVariablePatternMatcher isn't documented at all yet as far as I
know (except perhaps in Don's presentation - haven't checked) [1]
The relationship to the REST plugin is that it was written to support
namespace parameters for it [2]. It could probably be used with the
normal action mapper or smarturls but I doubt anyone's tried that yet.
It's enabled by overridding the PatternMatcher bean in struts.xml:
bean type=com.opensymphony.xwork2.util.PatternMatcher name=struts
class=com.opensymphony.xwork2.util.NamedVariablePatternMatcher/
(see struts-default.xml for comparison)
The patterns mentioned in the javadoc are assumed to be specified using
@Namespace within your action (rest/codebehind) but I suppose you could
specify them with namespace attributes in struts.xml too (I'm guessing)
as it all results in the same config.
Hope some of this helps. I haven't tried anything as complicated or
flexible as you're doing with action params.
[1] http://www.jroller.com/mrdon/entry/struts_2_and_rest_apachecon
[2]
http://www.nabble.com/-S2.1--url-action-mapping-problem-(restful)-t4695060.html
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [struts] params and staticParams
Thanks for the link Dale so the URL /WEB-INF/content/foo/bar/compound-name.jsp is grouped to category: contents of struts.properties file smarturls.base.result.location=/WEB-INF/content smarturls.action.packages=com.example.actions where /WEB-INF/content/ is mapped to com.example.actions subcategory: concatenated with URI namespace foo/bar/compound-name.jsp (to locate the resource) is this what jeromy refers to as 'sub-package'? I would be very interested to see how this category/subcategory algorithm is REST-ful Thanks! Martin- - Original Message - From: Dale Newfield [EMAIL PROTECTED] To: Struts Users Mailing List user@struts.apache.org Sent: Saturday, December 08, 2007 9:40 AM Subject: Re: [struts] params and staticParams Martin Gainty wrote: Could you give us a definition of SmartURL ? I'm fuzzy on this, but the best I've got is: http://cwiki.apache.org/S2PLUGINS/smarturls-plugin.html -Dale - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [struts] params and staticParams
Martin Gainty wrote: Could you give us a definition of SmartURL ? I'm fuzzy on this, but the best I've got is: http://cwiki.apache.org/S2PLUGINS/smarturls-plugin.html -Dale - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [struts] params and staticParams
Could you give us a definition of SmartURL ?
Thanks
Martin--
- Original Message -
From: Jeromy Evans [EMAIL PROTECTED]
To: Struts Users Mailing List user@struts.apache.org
Sent: Saturday, December 08, 2007 3:50 AM
Subject: Re: [struts] params and staticParams
Dale Newfield wrote:
Lets see if I can come up with an off-the-cuff example:
Ok, I see what you're doing now.
Because I still can't find people that are friends with both joe and
amy:
http://localhost:8080/social-networking-app-de-jur/users/friendsOf/joe/frien
dsOf/amy.html
because one constraint will overwrite the next of the same type.
And I don't think this is really what the rest plugin does, either.
(Am I wrong?)
Yeah, I'm certain no mapping supports params like the friendOf' and
friendOf example at the moment. The NamedVariablePatternMatcher is
based on fixed patterns:
eg.
@Namespace(users/{relationshipA}/{usernameA}/{relationshipB}/{usernameB})
In order to prevent a multitude of urls, I guess I could be careful
and alphabetize the constraints when constructing urls (alphabetizing
values when constraints are multiply present. So I would need to
detect that this is incorrect:
http://localhost:8080/social-networking-app-de-jur/users/friendsOf/joe/frien
dsOf/amy.html
and redirect to:
http://localhost:8080/social-networking-app-de-jur/users/friendsOf/amy/frien
dsOf/joe.html
before returning a result.
So now that I better understand how to most cleanly describe the urls
to request information from my system, how do I go about implementing
that mapping? From what I understand of the various rest tools we've
got, this isn't the way any of them work. Should I just send all
/widgets/* to a single action that does it's own URL parsing?
I think this is an argument for a custom action mapper that supports
your expressions. It's up to the mapper to parse the URL to extract the
namespace, action and params. The mappers seem fairly straight-forward.
Actually, I don't think any of the existing mappers can send
/widgets/* to your action because I think they would confuse the paths
training widgets with the namespace or action name (except perhaps when
it fails it will fallback to an in the default namespace)..
I'd start by looking at the parseNameAndNamespace method of
http://svn.apache.org/repos/asf/struts/struts2/trunk/plugins/rest/src/main/j
ava/org/apache/struts2/rest/RestActionMapper.java
and
http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/
apache/struts2/dispatcher/mapper/DefaultActionMapper.java
And create you're own.
Since you asked, the REST plugin with the NamedVariablePatternMatcher
enabled would allow you to move some params into the path to tidy it
up a bit (and address each resource with a unique url):
This might be what I'm looking for... I can read the source, luke
at
http://svn.opensymphony.com/fisheye/browse/~raw,r=1664/xwork/trunk/src/java/
com/opensymphony/xwork2/util/NamedVariablePatternMatcher.java
But I don't see *any* documentation for this. Where exactly would I
specify those patterns described in the javadoc at the top of that
java? I don't understand how NamedVariablePatternMatcher relates to
the REST plugin...
The NamedVariablePatternMatcher isn't documented at all yet as far as I
know (except perhaps in Don's presentation - haven't checked) [1]
The relationship to the REST plugin is that it was written to support
namespace parameters for it [2]. It could probably be used with the
normal action mapper or smarturls but I doubt anyone's tried that yet.
It's enabled by overridding the PatternMatcher bean in struts.xml:
bean type=com.opensymphony.xwork2.util.PatternMatcher name=struts
class=com.opensymphony.xwork2.util.NamedVariablePatternMatcher/
(see struts-default.xml for comparison)
The patterns mentioned in the javadoc are assumed to be specified using
@Namespace within your action (rest/codebehind) but I suppose you could
specify them with namespace attributes in struts.xml too (I'm guessing)
as it all results in the same config.
Hope some of this helps. I haven't tried anything as complicated or
flexible as you're doing with action params.
[1] http://www.jroller.com/mrdon/entry/struts_2_and_rest_apachecon
[2]
http://www.nabble.com/-S2.1--url-action-mapping-problem-(restful)-t4695060.h
tml
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [struts] params and staticParams
Dale Newfield wrote: Jeromy Evans wrote: Wouldn't it be the case for most people that specify params in the action definition that they wouldn't want those overridden by request params? I don't know the history but I think you make a good point. It a couple more people agree I'll create a JIRA issue and post a patch. Clearly that should have started If a couple... -Dale - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [struts] params and staticParams
Jeromy Evans wrote:
Should I just send all /widgets/* to a single action that does it's own URL
parsing?
I think this is an argument for a custom action mapper that supports
your expressions. It's up to the mapper to parse the URL to extract the
namespace, action and params.
I thought that for a while when I composed my last message, but changed
my mind before I sent it. The problem is that I only want this funky
parse for urls that start with the plural form of my five nouns, which
could each be their own namespace if need be. The ActionMapper is
defined not per namespace but for the entire app. Is the
CompositeActionMapper what I'm looking for to get both? I can write my
own mapper that parses the url into tuples (like the
Restful2ActionMapper, but that uses a storage mechanism that won't mask
multiply-specified constraints), but have it return null if it doesn't
start with one of the magic 5 namespaces, and have CompositeActionMapper
allow normal parsing for the rest. (I'm also not sure how I'd configure
this custom mapper with the 5 magic names.)
But it's not really the mapping from url to action that is difficult
here -- there are exactly 5, and all 5 could use the same action. It's
the parameter parsing. And since I want to be able to have duplicates I
really don't want that part of the url space to be handled as normal
parameters, anyway. This makes me think that I don't want a custom
action mapping, just custom url parsing within my (1 or 5) action(s).
That's assuming that I can get the request to the right action in the
first place.
I'd start by looking at the parseNameAndNamespace method of
http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
To get urls of the form /user/bob.html I've been using wildcards:
package name=viewUser namespace=/user extends=default
action name=* class=userAction method=view
param name=username{1}/param
result name=success/WEB-INF/pages/viewUser.jsp/result
result name=badID/404.jsp/result
/action
/package
From reading the DefaultActionMapper source, I think a similar solution
like the following might result in it selecting the correct action mapping:
package name=viewUsers namespace=/users extends=default
action name=* class=elementListAction
param name=elementTypeUser/param
result name=success/WEB-INF/pages/viewUserList.jsp/result
result name=badID/404.jsp/result
/action
/package
But I'm not sure (for example will that unreferenced wildcard cause
problems?). I guess it's time to stop reading code and start trying
stuff out :-)
NamedVariablePatternMatcher is interesting, as:
package
name=viewUsers/friendOf/{username}/attendedEvent/{eventShortName}
namespace=/users extends=default
action name=* class=elementListAction
param name=elementTypeUser/param
result name=success/WEB-INF/pages/viewUserList.jsp/result
result name=badID/404.jsp/result
/action
/package
Would work (even if the order of those two constraints were reversed),
but it still would mask one of the constraints in my
/friendOf/joe/friendOf/amy example.
The patterns mentioned in the javadoc are assumed to be specified using
@Namespace within your action (rest/codebehind) but I suppose you could
specify them with namespace attributes in struts.xml too (I'm guessing)
as it all results in the same config.
Hrm...I'm confused why this is designed just for matching wildcards in
namespaces and not also in action names? In other words why must the
above be in it's own package instead of something like:
action name=users/friendOf/{username}/attendedEvent/{eventShortName}
class=elementListAction
Hope some of this helps. I haven't tried anything as complicated or
flexible as you're doing with action params.
It's definitely led me to the right pieces of xwork/struts code to be
reading to better understand this stuff. I very much appreciate your
responses!
This all started with a custom tag to be able to drop in a view of some
collection in a page. For collections that are too big that code
generated by that tag only includes some values, but also adds
javascript to asynchronously fetch additional element blocks from the
server as they are needed. The urls fetched by the javascript didn't
have to be pretty, but now that I want to use this same mechanism to
generate pages the URLs are much more important. The changes here will
have to be mimicked in that tag so I can support fetching the next block
of values for friendOf/joe/friendOf/amy style collections...
I guess in the tag I'll have to put a setter for each of the bazillion
constraints, and make the setFriendOf() method add the argument into the
list so one value doesn't overwrite the previous one...So I should be
able to do this as long as
myTagLib:myTag showMe=Users friendOf=joe friendOf=amy/
is valid (which I'm not sure it is). Guess I'll
URL questions...Was: Re: [struts] params and staticParams
Dale Newfield wrote: myTagLib:myTag showMe=Users friendOf=joe friendOf=amy/ org.apache.jasper.JasperException: Validation error messages from TagLibraryValidator org.xml.sax.SAXParseException: Attribute testAttribute was already specified for element myTagLib:myTag. Argh! It's not valid. (Glad I checked before getting too far on this!) Back to the drawing board. I guess the simplest solution is the opposite of the-compact solution: A setter for each constraint name, each looking for a comma-separated list of constraint direct object names. (And that same solution for both the tag and the action.) But are commas url friendly? I.E.: Is this bad? http://mymachine/myapp/users/friendOf/amy,joe/attendedEvent/BobsBirthday.html What other character would be more search-engine friendly and isn't already special as far as struts is concerned? But I guess this puts either Restful2ActionMapper or NamedVariablePatternMatcher back on the table... -Dale - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL questions...Was: Re: [struts] params and staticParams
Dale Newfield wrote: But are commas url friendly? I.E.: Is this bad? http://mymachine/myapp/users/friendOf/amy,joe/attendedEvent/BobsBirthday.html I think http://www.ietf.org/rfc/rfc3986.txt says that this is OK. -Dale - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [struts] params and staticParams
Martin Gainty wrote: is this what jeromy refers to as 'sub-package'? I'd said/meant subclasses of the action. SmartURLs is convention and annotation-based. The namespace of the action is derived from the package of the action or the @Namespace annotation on the class. In Dale's case he had one action class providing several actions, so if he were using SmartURLs I believe he'd have to create subclasses of the parent action so each action can be uniquely identified. I would be very interested to see how this category/subcategory algorithm is REST-ful SmartURLs is not REST-ful. It's only provides a convention-over-configuration approach to defining your actions and action namespaces that result in friendly urls. My point was that though carefully constructing your actions you can at least achieve a distinct URL to each resource type which is better than the original proposed single URL for every resource type. Thanks! Martin- - Original Message - From: Dale Newfield [EMAIL PROTECTED] To: Struts Users Mailing List user@struts.apache.org Sent: Saturday, December 08, 2007 9:40 AM Subject: Re: [struts] params and staticParams Martin Gainty wrote: Could you give us a definition of SmartURL ? I'm fuzzy on this, but the best I've got is: http://cwiki.apache.org/S2PLUGINS/smarturls-plugin.html -Dale - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [struts] params and staticParams
Jeromy Evans wrote: Wouldn't it be the case for most people that specify params in the action definition that they wouldn't want those overridden by request params? I don't know the history but I think you make a good point. It a couple more people agree I'll create a JIRA issue and post a patch. I think you've done a good thing in your example. At least your decision to create three different actions with a unique url for each type of resource should make REST purists happier than the original generic form. The problem is that I have 5 nouns in this system, and between them 59 or 77 relationships (depending on how you count). So building a separate action definition for them is still too many, and when more than one constraint is specified the additional ones will still be ugly. I had gone with the breakdown I did earlier because I figured the smallest number that wasn't growing was 5, and that capped me to 10 arguments: For each dimension an argument that said There's a THIS constraint with an object of this type and another that said This is the object with which you have that constraint (I had always realized the unfortunate side-effect being that you could only have one constraint per noun applied.) But in thinking all this through I finally realize that as long as I make sure all the relationship names indicate a distinct noun type, I don't have triples: I really just have a list of tuples: (constraint-name, object-name) Lets see if I can come up with an off-the-cuff example: http://localhost:8080/appname/widgets/madeByCompany/acme/neededFor/roadRunnerTrapXQ4/distributedThroughCompany/acmeMailOrder.html Would result in a page listing widgets that fit all three constraints. Of course there's still the need for other arguments that don't fit this constraint model, so I don't know if http://localhost:8080/appname/widgets/madeByCompany/acme/neededFor/roadRunnerTrapXQ4/distributedThroughCompany/acmeMailOrder.html?startAt=50 or http://localhost:8080/appname/widgets/madeByCompany/acme/neededFor/roadRunnerTrapXQ4/distributedThroughCompany/acmeMailOrder/startAt/50.html is better (for displaying the next page, for example). What I would love is a way to take all /widgets/* urls, and be able to quickly wind up with a list of tuples. RestfulActionMapper doesn't help: http://HOST/ACTION_NAME/PARAM_NAME1/PARAM_VALUE1/PARAM_NAME2/PARAM_VALUE2 Because I still can't find people that are friends with both joe and amy: http://localhost:8080/social-networking-app-de-jur/users/friendsOf/joe/friendsOf/amy.html because one constraint will overwrite the next of the same type. And I don't think this is really what the rest plugin does, either. (Am I wrong?) In order to prevent a multitude of urls, I guess I could be careful and alphabetize the constraints when constructing urls (alphabetizing values when constraints are multiply present. So I would need to detect that this is incorrect: http://localhost:8080/social-networking-app-de-jur/users/friendsOf/joe/friendsOf/amy.html and redirect to: http://localhost:8080/social-networking-app-de-jur/users/friendsOf/amy/friendsOf/joe.html before returning a result. So now that I better understand how to most cleanly describe the urls to request information from my system, how do I go about implementing that mapping? From what I understand of the various rest tools we've got, this isn't the way any of them work. Should I just send all /widgets/* to a single action that does it's own URL parsing? Since you asked, the REST plugin with the NamedVariablePatternMatcher enabled would allow you to move some params into the path to tidy it up a bit (and address each resource with a unique url): This might be what I'm looking for... I can read the source, luke at http://svn.opensymphony.com/fisheye/browse/~raw,r=1664/xwork/trunk/src/java/com/opensymphony/xwork2/util/NamedVariablePatternMatcher.java But I don't see *any* documentation for this. Where exactly would I specify those patterns described in the javadoc at the top of that java? I don't understand how NamedVariablePatternMatcher relates to the REST plugin... -Dale - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
