Re: Does the StrutsTestCase test filters defined in web.xml?
I recommend you use canoo webtest. This is not a unit test tool, but integration test tool. This is the tool used for instance in AppFuse. It has specific pdf verification steps. Cheers, J. On Mon, May 14, 2012 at 5:33 PM, Miguel Almeida wrote: > Hi Steve, > > On Mon, 2012-05-14 at 11:09 +0100, Steve Higham wrote: > > > Hi Miguel, > > > > I haven't used the StrutsSpringTestCase however I have made use of the > StrutsTestCase. > > > > This only tests the interceptor stack / Action / Result. There is no web > server involved and no attempt to render the resulting page. > > Yes, that's what I thought. > > > You could try looking at Apache Cactus or Apache HttpClient to test this > behaviour? Alternatively if you generate the file within Struts then the > StrutsTestCase will suffice. I've generated exports from Struts this way. > > > > Both are no longer maintained (I guess httpclient got replaced with > Apache http components (http://hc.apache.org/ ) but I haven't explored > this yet. > > For this case (testing the pdf output created by the displaytag) I don't > think it'll be worth it to invest in a new testing setup: this is the > only thing that is produced outside the scope of struts and a manual > inspection might suffice. > > However, I do want to explore other tools that are available to test the > http request/response, so I'll look into this further. > > Cheers, > > Miguel Almeida > > > Cheers, > > > > Steve > > > > -Original Message- > > From: Miguel Almeida [mailto:mig...@almeida.at] > > Sent: 14 May 2012 10:16 > > To: user@struts.apache.org > > Subject: Does the StrutsTestCase test filters defined in web.xml? > > > > Dear all, > > > > I am using StrutsSpringTestCase (which extends StrutsTestCase) to > perform some acceptance tests (under the skin). I am also using Displaytag ( > www.displaytag.org/1.2/ ) to build some tables in the view. > > This tag supports excel/pdf export, which uses a filter you configure in > web.xml [1] > > > > The way the filter works is, in short: a (odd looking, numerical) > parameter is added to the request. The filter checks for the existence of > that parameter and, if it exists, creates the pdf/excel. > > > > I want to test the creation of this file (and its contents). However, > when I debug the StrutsSpringTestCase test with a breakpoint on that filter > it does not stop there, so my questions are: > > > > 1) Does the StrutsTestCase not pass through other filters in your > web.xml, and only goes through the struts filter? > > 2) If so, is there anything else in the struts tests that could help me > out? How do you suggest I perform this test? > > > > Thank you, > > > > Miguel Almeida > > > > > > > > [1]- see http://www.displaytag.org/1.2/export_filter.html > > > > > > - > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > >
Re: Does the StrutsTestCase test filters defined in web.xml?
You can try to use Jetty as an embedded server, take a look on BasePortletTest in Portlet Plugin Regards -- Łukasz http://www.lenart.org.pl/ mobile +48 606 323 122, office +27 11 0838747 Warszawa JUG conference - Confitura http://confitura.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: Does the StrutsTestCase test filters defined in web.xml?
Hi Steve, On Mon, 2012-05-14 at 11:09 +0100, Steve Higham wrote: > Hi Miguel, > > I haven't used the StrutsSpringTestCase however I have made use of the > StrutsTestCase. > > This only tests the interceptor stack / Action / Result. There is no web > server involved and no attempt to render the resulting page. Yes, that's what I thought. > You could try looking at Apache Cactus or Apache HttpClient to test this > behaviour? Alternatively if you generate the file within Struts then the > StrutsTestCase will suffice. I've generated exports from Struts this way. > Both are no longer maintained (I guess httpclient got replaced with Apache http components (http://hc.apache.org/ ) but I haven't explored this yet. For this case (testing the pdf output created by the displaytag) I don't think it'll be worth it to invest in a new testing setup: this is the only thing that is produced outside the scope of struts and a manual inspection might suffice. However, I do want to explore other tools that are available to test the http request/response, so I'll look into this further. Cheers, Miguel Almeida > Cheers, > > Steve > > -Original Message- > From: Miguel Almeida [mailto:mig...@almeida.at] > Sent: 14 May 2012 10:16 > To: user@struts.apache.org > Subject: Does the StrutsTestCase test filters defined in web.xml? > > Dear all, > > I am using StrutsSpringTestCase (which extends StrutsTestCase) to perform > some acceptance tests (under the skin). I am also using Displaytag > (www.displaytag.org/1.2/ ) to build some tables in the view. > This tag supports excel/pdf export, which uses a filter you configure in > web.xml [1] > > The way the filter works is, in short: a (odd looking, numerical) parameter > is added to the request. The filter checks for the existence of that > parameter and, if it exists, creates the pdf/excel. > > I want to test the creation of this file (and its contents). However, when I > debug the StrutsSpringTestCase test with a breakpoint on that filter it does > not stop there, so my questions are: > > 1) Does the StrutsTestCase not pass through other filters in your web.xml, > and only goes through the struts filter? > 2) If so, is there anything else in the struts tests that could help me out? > How do you suggest I perform this test? > > Thank you, > > Miguel Almeida > > > > [1]- see http://www.displaytag.org/1.2/export_filter.html > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
RE: Does the StrutsTestCase test filters defined in web.xml?
Hi Miguel, I haven't used the StrutsSpringTestCase however I have made use of the StrutsTestCase. This only tests the interceptor stack / Action / Result. There is no web server involved and no attempt to render the resulting page. Therefore I would be surprised if anything from web.xml is called. You could try looking at Apache Cactus or Apache HttpClient to test this behaviour? Alternatively if you generate the file within Struts then the StrutsTestCase will suffice. I've generated exports from Struts this way. Cheers, Steve -Original Message- From: Miguel Almeida [mailto:mig...@almeida.at] Sent: 14 May 2012 10:16 To: user@struts.apache.org Subject: Does the StrutsTestCase test filters defined in web.xml? Dear all, I am using StrutsSpringTestCase (which extends StrutsTestCase) to perform some acceptance tests (under the skin). I am also using Displaytag (www.displaytag.org/1.2/ ) to build some tables in the view. This tag supports excel/pdf export, which uses a filter you configure in web.xml [1] The way the filter works is, in short: a (odd looking, numerical) parameter is added to the request. The filter checks for the existence of that parameter and, if it exists, creates the pdf/excel. I want to test the creation of this file (and its contents). However, when I debug the StrutsSpringTestCase test with a breakpoint on that filter it does not stop there, so my questions are: 1) Does the StrutsTestCase not pass through other filters in your web.xml, and only goes through the struts filter? 2) If so, is there anything else in the struts tests that could help me out? How do you suggest I perform this test? Thank you, Miguel Almeida [1]- see http://www.displaytag.org/1.2/export_filter.html - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Does the StrutsTestCase test filters defined in web.xml?
Dear all, I am using StrutsSpringTestCase (which extends StrutsTestCase) to perform some acceptance tests (under the skin). I am also using Displaytag (www.displaytag.org/1.2/ ) to build some tables in the view. This tag supports excel/pdf export, which uses a filter you configure in web.xml [1] The way the filter works is, in short: a (odd looking, numerical) parameter is added to the request. The filter checks for the existence of that parameter and, if it exists, creates the pdf/excel. I want to test the creation of this file (and its contents). However, when I debug the StrutsSpringTestCase test with a breakpoint on that filter it does not stop there, so my questions are: 1) Does the StrutsTestCase not pass through other filters in your web.xml, and only goes through the struts filter? 2) If so, is there anything else in the struts tests that could help me out? How do you suggest I perform this test? Thank you, Miguel Almeida [1]- see http://www.displaytag.org/1.2/export_filter.html
Re: Order of filters when using Sitemesh
Thanks, Lukasz. That clears up my confusion. On 1/22/2012 6:52 AM, Łukasz Lenart wrote: Check section, not declaration ofs itself Regards - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Order of filters when using Sitemesh
Check section, not declaration of s itself Regards -- Łukasz 2012/1/22 Chris Mawata : > I noticed in the final example on the page > http://struts.apache.org/2.3.1.1/docs/sitemesh-plugin.html > that the order of configuration in web.xml there is StrutsPrepareFilter then > StrutsExecuteFilter and > then SiteMeshFilter. It used to be important to have Sitemesh between > Prepare and Execute. Is that > no longer the case? > Chris Mawata > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Order of filters when using Sitemesh
I noticed in the final example on the page http://struts.apache.org/2.3.1.1/docs/sitemesh-plugin.html that the order of configuration in web.xml there is StrutsPrepareFilter then StrutsExecuteFilter and then SiteMeshFilter. It used to be important to have Sitemesh between Prepare and Execute. Is that no longer the case? Chris Mawata - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Character Encoding Error using new filters
I have set UTF-8 as the default everywhere - struts, tomcat, sitemesh. I had a small breakthrough. It looks like it's a 2.1.6 specific issue. I updated a development version to 2.1.8 and 2.2.1 and both worked fine. I now have to find time to test the updated version for unintended consequences. Are there any issues I should look out for in particular when going from 2.1.6 to 2.2.1? Z. On 19/10/10 2:42 AM, "Dave Newton" wrote: >That defines the encoding of the web.xml file itself... >On Oct 18, 2010 10:32 AM, "Martin Gainty" wrote: >> >> Hi Zoran >> >> can you confirm the encoding attribute at the top of your web.xml e.g. >> >> >> in which case you *should* be able to map >> U+00C6Æc3 86LATIN CAPITAL LETTER AE >> http://www.utf8-chartable.de/ >> >> please confirm >> Martin Gainty >> __ >> Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité >> >> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene >Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte >Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht >dient lediglich dem Austausch von Informationen und entfaltet keine >rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von >E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. >> Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas >>le >destinataire prévu, nous te demandons avec bonté que pour satisfaire >informez l'expéditeur. N'importe quelle diffusion non autorisée ou la >copie >de ceci est interdite. Ce message sert à l'information seulement et n'aura >pas n'importe quel effet légalement obligatoire. Étant donné que les email >peuvent facilement être sujets à la manipulation, nous ne pouvons accepter >aucune responsabilité pour le contenu fourni. >> >> >> >> >> >>> Date: Mon, 18 Oct 2010 12:05:56 +1100 >>> Subject: Character Encoding Error using new filters >>> From: zo...@sparecreative.com >>> To: user@struts.apache.org >>> >>> I have a really strange character encoding error that is appearing >>>when I >>> attempt to change my struts2 filter configuration from: >>> >>> >>> struts-cleanup >>> >>> >org.apache.struts2.dispatcher.ActionContextCleanUpla >>> ss> >>> >>> >>> struts >>> >>> >org.apache.struts2.dispatcher.FilterDispatcher> >>> >>> >>> sitemesh >>> >>> >com.opensymphony.module.sitemesh.filter.PageFilterla >>> ss> >>> >>> >>> >>> struts-cleanup >>> /* >>> >>> >>> sitemesh >>> /* >>> >>> >>> struts >>> /* >>> >>> >>> >>> To >>> >>> >>> struts-prepare >>> >>> >org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter< >/f >>> ilter-class> >>> >>> >>> >>> sitemesh >>> >>> >com.opensymphony.sitemesh.webapp.SiteMeshFilters> >>> >>> >>> >>> struts-execute >>> >>> >org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter< >/f >>> ilter-class> >>> >>> >>> >>> struts-prepare >>> /* >>> >>> >>> >>> sitemesh >>> /* >>> REQUEST >>> FORWARD >>> INCLUDE >>> >>> >>> >>> struts-execute >>> /* >>> >>> >>> >>> With only this change when I enter a 'æ' character (and e together) it >>> appears a A!|! (garbage). Clearly there is a character encoding issue >here. >>> The whole app as well as Tomcat is encoded to UTF-8. >>> >>> What am I missing here. Please help!!! >>> >>> Z. >> - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: RE: Character Encoding Error using new filters
That defines the encoding of the web.xml file itself... On Oct 18, 2010 10:32 AM, "Martin Gainty" wrote: > > Hi Zoran > > can you confirm the encoding attribute at the top of your web.xml e.g. > > > in which case you *should* be able to map > U+00C6Æc3 86LATIN CAPITAL LETTER AE > http://www.utf8-chartable.de/ > > please confirm > Martin Gainty > __ > Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité > > Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. > Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > > > > > >> Date: Mon, 18 Oct 2010 12:05:56 +1100 >> Subject: Character Encoding Error using new filters >> From: zo...@sparecreative.com >> To: user@struts.apache.org >> >> I have a really strange character encoding error that is appearing when I >> attempt to change my struts2 filter configuration from: >> >> >> struts-cleanup >> >> org.apache.struts2.dispatcher.ActionContextCleanUp> ss> >> >> >> struts >> >> org.apache.struts2.dispatcher.FilterDispatcher >> >> >> sitemesh >> >> com.opensymphony.module.sitemesh.filter.PageFilter> ss> >> >> >> >> struts-cleanup >> /* >> >> >> sitemesh >> /* >> >> >> struts >> /* >> >> >> >> To >> >> >> struts-prepare >> >> org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter> ilter-class> >> >> >> >> sitemesh >> >> com.opensymphony.sitemesh.webapp.SiteMeshFilter >> >> >> >> struts-execute >> >> org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter> ilter-class> >> >> >> >> struts-prepare >> /* >> >> >> >> sitemesh >> /* >> REQUEST >> FORWARD >> INCLUDE >> >> >> >> struts-execute >> /* >> >> >> >> With only this change when I enter a 'æ' character (and e together) it >> appears a A!|! (garbage). Clearly there is a character encoding issue here. >> The whole app as well as Tomcat is encoded to UTF-8. >> >> What am I missing here. Please help!!! >> >> Z. >
RE: Character Encoding Error using new filters
Hi Zoran can you confirm the encoding attribute at the top of your web.xml e.g. in which case you *should* be able to map U+00C6Æc3 86LATIN CAPITAL LETTER AE http://www.utf8-chartable.de/ please confirm Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Mon, 18 Oct 2010 12:05:56 +1100 > Subject: Character Encoding Error using new filters > From: zo...@sparecreative.com > To: user@struts.apache.org > > I have a really strange character encoding error that is appearing when I > attempt to change my struts2 filter configuration from: > > > struts-cleanup > > org.apache.struts2.dispatcher.ActionContextCleanUp ss> > > > struts > > org.apache.struts2.dispatcher.FilterDispatcher > > > sitemesh > > com.opensymphony.module.sitemesh.filter.PageFilter ss> > > > > struts-cleanup > /* > > > sitemesh > /* > > > struts > /* > > > > To > > > struts-prepare > > org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter ilter-class> > > > > sitemesh > > com.opensymphony.sitemesh.webapp.SiteMeshFilter > > > > struts-execute > > org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter ilter-class> > > > > struts-prepare > /* > > > > sitemesh > /* > REQUEST > FORWARD > INCLUDE > > > > struts-execute > /* > > > > With only this change when I enter a 'æ' character (and e together) it > appears a A!|! (garbage). Clearly there is a character encoding issue here. > The whole app as well as Tomcat is encoded to UTF-8. > > What am I missing here. Please help!!! > > Z.
Re: Character Encoding Error using new filters
Sorry, type error: > In your old configuration, [StrutsPrepareFilter] is the last filter applied > to request ==> Should be: In your old configuration, [FilterDispatcher] is the last filter applied to request 2010/10/18 Li Ying : > I did a quick look at the struts2.2.1 source code. > > It looks like the method [HttpServletRequest.setCharacterEncoding] > is invoked by class [FilterDispatcher] and [StrutsPrepareFilter]. > (You can use [Call Hierarchy] view to find out this information) > > In your old configuration, [StrutsPrepareFilter] is the last filter > applied to request, so the encoding set by this filter will > be used. > > But in your new configuration, [StrutsPrepareFilter] is the first > filter applied to request, so the encoding set by this filter > could be overridden by other filters later. > In your case, it could be overridden by [SiteMeshFilter]. > > I suggest you to read source or docs of [SiteMeshFilter], > check out if it changed CharacterEncoding and how to change the > setting of it to use a correct encoding. > > > > 2010/10/18 Zoran Avtarovski : >> I have a really strange character encoding error that is appearing when I >> attempt to change my struts2 filter configuration from: >> >> >> struts-cleanup >> >> org.apache.struts2.dispatcher.ActionContextCleanUp> ss> >> >> >> struts >> >> org.apache.struts2.dispatcher.FilterDispatcher >> >> >> sitemesh >> >> com.opensymphony.module.sitemesh.filter.PageFilter> ss> >> >> >> >> struts-cleanup >> /* >> >> >> sitemesh >> /* >> >> >> struts >> /* >> >> >> >> To >> >> >> struts-prepare >> >> org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter> ilter-class> >> >> >> >> sitemesh >> >> com.opensymphony.sitemesh.webapp.SiteMeshFilter >> >> >> >> struts-execute >> >> org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter> ilter-class> >> >> >> >> struts-prepare >> /* >> >> >> >> sitemesh >> /* >> REQUEST >> FORWARD >> INCLUDE >> >> >> >> struts-execute >> /* >> >> >> >> With only this change when I enter a 'æ' character (and e together) it >> appears a A!|! (garbage). Clearly there is a character encoding issue here. >> The whole app as well as Tomcat is encoded to UTF-8. >> >> What am I missing here. Please help!!! >> >> Z. >> > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Character Encoding Error using new filters
I did a quick look at the struts2.2.1 source code. It looks like the method [HttpServletRequest.setCharacterEncoding] is invoked by class [FilterDispatcher] and [StrutsPrepareFilter]. (You can use [Call Hierarchy] view to find out this information) In your old configuration, [StrutsPrepareFilter] is the last filter applied to request, so the encoding set by this filter will be used. But in your new configuration, [StrutsPrepareFilter] is the first filter applied to request, so the encoding set by this filter could be overridden by other filters later. In your case, it could be overridden by [SiteMeshFilter]. I suggest you to read source or docs of [SiteMeshFilter], check out if it changed CharacterEncoding and how to change the setting of it to use a correct encoding. 2010/10/18 Zoran Avtarovski : > I have a really strange character encoding error that is appearing when I > attempt to change my struts2 filter configuration from: > > > struts-cleanup > > org.apache.struts2.dispatcher.ActionContextCleanUp ss> > > > struts > > org.apache.struts2.dispatcher.FilterDispatcher > > > sitemesh > > com.opensymphony.module.sitemesh.filter.PageFilter ss> > > > > struts-cleanup > /* > > > sitemesh > /* > > > struts > /* > > > > To > > > struts-prepare > > org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter ilter-class> > > > > sitemesh > > com.opensymphony.sitemesh.webapp.SiteMeshFilter > > > > struts-execute > > org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter ilter-class> > > > > struts-prepare > /* > > > > sitemesh > /* > REQUEST > FORWARD > INCLUDE > > > > struts-execute > /* > > > > With only this change when I enter a 'æ' character (and e together) it > appears a A!|! (garbage). Clearly there is a character encoding issue here. > The whole app as well as Tomcat is encoded to UTF-8. > > What am I missing here. Please help!!! > > Z. > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Character Encoding Error using new filters
I have a really strange character encoding error that is appearing when I attempt to change my struts2 filter configuration from: struts-cleanup org.apache.struts2.dispatcher.ActionContextCleanUp struts org.apache.struts2.dispatcher.FilterDispatcher sitemesh com.opensymphony.module.sitemesh.filter.PageFilter struts-cleanup /* sitemesh /* struts /* To struts-prepare org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter sitemesh com.opensymphony.sitemesh.webapp.SiteMeshFilter struts-execute org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter struts-prepare /* sitemesh /* REQUEST FORWARD INCLUDE struts-execute /* With only this change when I enter a 'æ' character (and e together) it appears a A!|! (garbage). Clearly there is a character encoding issue here. The whole app as well as Tomcat is encoded to UTF-8. What am I missing here. Please help!!! Z.
Re: [s1] Filters: distinguishing between user-requests and redirects
2007/3/13, Michael Jouravlev <[EMAIL PROTECTED]>: On 3/13/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: > > I am trying to implement a flood control mechanism to prevent robots > > requesting pages after pages at an "inhuman" rate. > > I know you've gotten lots of feedback already, but there's a > super-simple way to do this: put a marker in the request attributes the > first time your filter "sees" it. [...] You are confusing redirection with forwarding. Thank you guys! You really are a fantastic bunch! Echoing Christopher's comments, I indeed have received a lot of feedback and my ideas are much clearer on the matter. Let me just say that I found out an internal way to single out one request for each user-issued request, even when a redirect is involved. (It has to do with the presence or absence of parameters in the URI.) This might not be the most robust solution (our design could hypothetically change in the future). But, for the moment, it would do the job! But since I asked my question (which was about FloodControl through servlet Filters), I have had second thoughts. Wouldn't it be better to implement my FloodControl within the CHAIN OF COMMAND? (I have just upgraded to Struts 1.3.8.) I have never played with the Chain of command, so I would appreciate comments on my plan. PLAN: 1) Since the FloodControl has to do with the very fact that a request was made, I am tempted to ADD a command at the beginning of the process-action subchain, before the selectLocale command. 2) If the FloodControl command concludes that the current request is flooding, it throws a FloodException and stops the chain. (The FloodException is constructed with two properties: the URI and paramMap of the currently interrupted request.) 3) The exception is caught in a Struts global-exception handler, which forwards the user to a FloodControl warning page. This page allows the user to continue to his desired destination, once he clicks on a button. Is step 1) the right way to proceed? Instead of adding a command to the chain, should I instead extend one of the existing commands in the process-action subchain? Which one? AuthorizeAction??? Is throwing a FloodException the correct design, here?
Re: [s1] Filters: distinguishing between user-requests and redirects
On 3/13/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: Pierre, > I am trying to implement a flood control mechanism to prevent robots > requesting pages after pages at an "inhuman" rate. I know you've gotten lots of feedback already, but there's a super-simple way to do this: put a marker in the request attributes the first time your filter "sees" it. Check for it each time. When you place the marker in the request, perform all your magic: check the queue, add the current request + timestamp, etc. If the marker is already there, skip everything. For redirects, the request should be re-used, so the marker should remain until your final response. You are confusing redirection with forwarding. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [s1] Filters: distinguishing between user-requests and redirects
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pierre, > I am trying to implement a flood control mechanism to prevent robots > requesting pages after pages at an "inhuman" rate. I know you've gotten lots of feedback already, but there's a super-simple way to do this: put a marker in the request attributes the first time your filter "sees" it. Check for it each time. When you place the marker in the request, perform all your magic: check the queue, add the current request + timestamp, etc. If the marker is already there, skip everything. For redirects, the request should be re-used, so the marker should remain until your final response. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9shh9CaO5/Lv0PARAu44AJ4hIVOFv/mtsYZeJBD4lVf28hpYJgCfVVzx XmwRPjAbuG9qfUgvIO4hkTs= =KOGU -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [s1] Filters: distinguishing between user-requests and redirects
Yes, setting the dispatcher will work just for ignoring the forwards,
it won't work for redirects.
You can check for attributes as Paul suggests, but setting the
dispatcher seems to be easier if you have a servlet container
supporting 2.4.
You'll have to handle redirects in another way though.
A simple solution would be to remove the time of the last request from
your list if you return a redirect to the user.
HTH,
Tamas
On 3/13/07, Paul Benedict <[EMAIL PROTECTED]> wrote:
There is no technical difference between a user request and a redirect,
because the redirect causes a second user request.
If you're interested in knowing whether the action is being called as a
forward, there are standard request attributes which the Container sets.
For a forward it is "javax.servlet.forward.request_uri" and for an
include it is "javax.servlet.include.request_uri"
Paul
Tamas Szabo wrote:
> Have a look at the documentation of the "dispatcherType" at
> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd.
>
> Then you can use dispatcher elements in your filter mappings
> ("filter-mappingType" in the same xsd) to fire your filter just for
> requests but not for forwards.
>
> I pressume that by "internal redirects" in your initial mail you mean
> forwards. Is this true?
>
> Hope this helps,
>
> Tamas
>
>
> On 3/13/07, Pierre Thibaudeau <[EMAIL PROTECTED]> wrote:
>> Yes, I believe it is 2.4.
>>
>> Also:
>> Struts 1.3.5
>> Tomcat 6.0.9
>>
>> 2007/3/12, Tamas Szabo <[EMAIL PROTECTED]>:
>> >
>> > Hi,
>> >
>> > What servlet api are you using?
>> > Is it at least 2.4?
>> >
>> > Tamas
>> >
>> >
>> > On 3/13/07, Pierre Thibaudeau <[EMAIL PROTECTED]> wrote:
>> > > I am trying to implement a flood control mechanism to prevent robots
>> > > requesting pages after pages at an "inhuman" rate.
>> > >
>> > > My basic idea is this:
>> > > * A FirstInFirstOut List stored in the HttpSession, that records the
>> > time of
>> > > the user's last 10 requests.
>> > > * On each new request, a filter compares the current time with the
>> time
>> > of
>> > > the 10th previous request. If not enough time went by, redirect to a
>> > "delay
>> > > page" that requires the user to press a "Continue" button. Pipe
>> the new
>> > > request and its time, and pipe out the 10th previous request.
>> > >
>> > > The problem with that design: in some cases, one single request from
>> > the
>> > > user will go through the filters several times because of various
>> > possible
>> > > internal redirects. But I only want to record the times of the
>> requests
>> > > coming directly from the user.
>> > >
>> > > Therefore my question: Is there a simple straightforward way,
>> from the
>> > > filter's point of view, to distinguish between a request that came
>> from
>> > > outside (from the user), from an internal request (one that came
>> through
>> > a
>> > > redirection from ActionMapping to ActionMapping)?
>> > >
>> >
>> > -
>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > For additional commands, e-mail: [EMAIL PROTECTED]
>> >
>> >
>>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [s1] Filters: distinguishing between user-requests and redirects
There is no technical difference between a user request and a redirect,
because the redirect causes a second user request.
If you're interested in knowing whether the action is being called as a
forward, there are standard request attributes which the Container sets.
For a forward it is "javax.servlet.forward.request_uri" and for an
include it is "javax.servlet.include.request_uri"
Paul
Tamas Szabo wrote:
Have a look at the documentation of the "dispatcherType" at
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd.
Then you can use dispatcher elements in your filter mappings
("filter-mappingType" in the same xsd) to fire your filter just for
requests but not for forwards.
I pressume that by "internal redirects" in your initial mail you mean
forwards. Is this true?
Hope this helps,
Tamas
On 3/13/07, Pierre Thibaudeau <[EMAIL PROTECTED]> wrote:
Yes, I believe it is 2.4.
Also:
Struts 1.3.5
Tomcat 6.0.9
2007/3/12, Tamas Szabo <[EMAIL PROTECTED]>:
>
> Hi,
>
> What servlet api are you using?
> Is it at least 2.4?
>
> Tamas
>
>
> On 3/13/07, Pierre Thibaudeau <[EMAIL PROTECTED]> wrote:
> > I am trying to implement a flood control mechanism to prevent robots
> > requesting pages after pages at an "inhuman" rate.
> >
> > My basic idea is this:
> > * A FirstInFirstOut List stored in the HttpSession, that records the
> time of
> > the user's last 10 requests.
> > * On each new request, a filter compares the current time with the
time
> of
> > the 10th previous request. If not enough time went by, redirect to a
> "delay
> > page" that requires the user to press a "Continue" button. Pipe
the new
> > request and its time, and pipe out the 10th previous request.
> >
> > The problem with that design: in some cases, one single request from
> the
> > user will go through the filters several times because of various
> possible
> > internal redirects. But I only want to record the times of the
requests
> > coming directly from the user.
> >
> > Therefore my question: Is there a simple straightforward way,
from the
> > filter's point of view, to distinguish between a request that came
from
> > outside (from the user), from an internal request (one that came
through
> a
> > redirection from ActionMapping to ActionMapping)?
> >
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [s1] Filters: distinguishing between user-requests and redirects
2007/3/13, Tamas Szabo <[EMAIL PROTECTED]>: Have a look at the documentation of the "dispatcherType" at http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd. Thank you, I'll take a look. I pressume that by "internal redirects" in your initial mail you mean forwards. Is this true? Sometimes forwards, and sometimes redirects.
Re: [s1] Filters: distinguishing between user-requests and redirects
Have a look at the documentation of the "dispatcherType" at
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd.
Then you can use dispatcher elements in your filter mappings
("filter-mappingType" in the same xsd) to fire your filter just for
requests but not for forwards.
I pressume that by "internal redirects" in your initial mail you mean
forwards. Is this true?
Hope this helps,
Tamas
On 3/13/07, Pierre Thibaudeau <[EMAIL PROTECTED]> wrote:
Yes, I believe it is 2.4.
Also:
Struts 1.3.5
Tomcat 6.0.9
2007/3/12, Tamas Szabo <[EMAIL PROTECTED]>:
>
> Hi,
>
> What servlet api are you using?
> Is it at least 2.4?
>
> Tamas
>
>
> On 3/13/07, Pierre Thibaudeau <[EMAIL PROTECTED]> wrote:
> > I am trying to implement a flood control mechanism to prevent robots
> > requesting pages after pages at an "inhuman" rate.
> >
> > My basic idea is this:
> > * A FirstInFirstOut List stored in the HttpSession, that records the
> time of
> > the user's last 10 requests.
> > * On each new request, a filter compares the current time with the time
> of
> > the 10th previous request. If not enough time went by, redirect to a
> "delay
> > page" that requires the user to press a "Continue" button. Pipe the new
> > request and its time, and pipe out the 10th previous request.
> >
> > The problem with that design: in some cases, one single request from
> the
> > user will go through the filters several times because of various
> possible
> > internal redirects. But I only want to record the times of the requests
> > coming directly from the user.
> >
> > Therefore my question: Is there a simple straightforward way, from the
> > filter's point of view, to distinguish between a request that came from
> > outside (from the user), from an internal request (one that came through
> a
> > redirection from ActionMapping to ActionMapping)?
> >
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [s1] Filters: distinguishing between user-requests and redirects
Yes, I believe it is 2.4. Also: Struts 1.3.5 Tomcat 6.0.9 2007/3/12, Tamas Szabo <[EMAIL PROTECTED]>: Hi, What servlet api are you using? Is it at least 2.4? Tamas On 3/13/07, Pierre Thibaudeau <[EMAIL PROTECTED]> wrote: > I am trying to implement a flood control mechanism to prevent robots > requesting pages after pages at an "inhuman" rate. > > My basic idea is this: > * A FirstInFirstOut List stored in the HttpSession, that records the time of > the user's last 10 requests. > * On each new request, a filter compares the current time with the time of > the 10th previous request. If not enough time went by, redirect to a "delay > page" that requires the user to press a "Continue" button. Pipe the new > request and its time, and pipe out the 10th previous request. > > The problem with that design: in some cases, one single request from the > user will go through the filters several times because of various possible > internal redirects. But I only want to record the times of the requests > coming directly from the user. > > Therefore my question: Is there a simple straightforward way, from the > filter's point of view, to distinguish between a request that came from > outside (from the user), from an internal request (one that came through a > redirection from ActionMapping to ActionMapping)? > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [s1] Filters: distinguishing between user-requests and redirects
Hi, What servlet api are you using? Is it at least 2.4? Tamas On 3/13/07, Pierre Thibaudeau <[EMAIL PROTECTED]> wrote: I am trying to implement a flood control mechanism to prevent robots requesting pages after pages at an "inhuman" rate. My basic idea is this: * A FirstInFirstOut List stored in the HttpSession, that records the time of the user's last 10 requests. * On each new request, a filter compares the current time with the time of the 10th previous request. If not enough time went by, redirect to a "delay page" that requires the user to press a "Continue" button. Pipe the new request and its time, and pipe out the 10th previous request. The problem with that design: in some cases, one single request from the user will go through the filters several times because of various possible internal redirects. But I only want to record the times of the requests coming directly from the user. Therefore my question: Is there a simple straightforward way, from the filter's point of view, to distinguish between a request that came from outside (from the user), from an internal request (one that came through a redirection from ActionMapping to ActionMapping)? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[s1] Filters: distinguishing between user-requests and redirects
I am trying to implement a flood control mechanism to prevent robots requesting pages after pages at an "inhuman" rate. My basic idea is this: * A FirstInFirstOut List stored in the HttpSession, that records the time of the user's last 10 requests. * On each new request, a filter compares the current time with the time of the 10th previous request. If not enough time went by, redirect to a "delay page" that requires the user to press a "Continue" button. Pipe the new request and its time, and pipe out the 10th previous request. The problem with that design: in some cases, one single request from the user will go through the filters several times because of various possible internal redirects. But I only want to record the times of the requests coming directly from the user. Therefore my question: Is there a simple straightforward way, from the filter's point of view, to distinguish between a request that came from outside (from the user), from an internal request (one that came through a redirection from ActionMapping to ActionMapping)?
Re: [s1] Filters / State Exceptions
Laurie:
Here is my doFilter method -
*begin*
public void doFilter( ServletRequest req, ServletResponse res, FilterChain
chain)
throws IOException, ServletException {
HttpServletRequest httpReq = (HttpServletRequest)req;
System.out.println("Req: "+httpReq.getRequestURL());
// with this line - illegal state exception when submitting forms.
without it, no crash.
String test = httpReq.getParameter("s");
// some db processing clickstream analysis based on request parameters
*end*
Here is the stack trace of the crash:
java.lang.IllegalStateException: getInputStream() has already been called for
this request
at org.apache.catalina.connector.RequestBase.getReader(RequestBase.java:911)
at
org.apache.catalina.connector.RequestFacade.getReader(RequestFacade.java:212)
at com.sfs.webapp.server.Service.getRequestProperties(Service.java:105)
at com.sfs.webapp.server.Service.service(Service.java:265)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:98)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:176)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:172)
at
com.mycompany.filters.analysis.AnalysisFilter.doFilter(AnalysisFilter.java:114)the
very bottom mycompany is my filter being processed. I am trying to attach this
filter onto a web application (com.sfs.webapp.x above) running here on the
intranet. I guess it's the webapp that might be causing a crash inside it's
getRequestProperties method? I'm assuming it's normal
form processing though?
I don't have access to the "webapp" source either. Might pose a problem? :)
I dont need to post the web.xml configuration file since my filter is the ONLY
configured filter on the server.
Thoughts?
Thanks,
Paul
_
From: Laurie Harper [mailto:[EMAIL PROTECTED]
To: user@struts.apache.org
Sent: Tue, 06 Mar 2007 16:25:26 -0500
Subject: Re: [s1] Filters / State Exceptions
Without seeing your filter code and web.xml it's hard to be sure, but my
guess would be that you need to modify the order you apply your filters
in. Remember that, with a file upload, form parameters are transmitted
in the request body rather than as a query string. It sounds like
req.getParameter() is being intercepted by one of the filters in the
chain that precedes yours or something. Post your code, web.xml and full
stack trace if you still need help isolating the problem.
L.
Paul Saumets wrote:
> As a side note,
>
> My filter has a couple req.getParameter calls (which I think in-turn calls
an InputStream somehow?) in it's doFilter method which seems to be causing the
state exceptions later after a form is submitted.
>
> Is there a way to avoid this or a way to ensure filters arn't processed
when a form is submitted?
>
> Regards,
> Paul
> _
>
> From: Paul Saumets [mailto:[EMAIL PROTECTED]
> To: user@struts.apache.org
> Sent: Tue, 06 Mar 2007 14:44:32 -0500
> Subject: [s1] Filters / State Exceptions
>
> Hey,
>
> I'm hoping someone here could give me some insight why I'm getting an
IllegalStateException with my filter.
>
>
> java.lang.IllegalStateException: getInputStream() has already been called
for this request
>
> My filter calls InputStream in it's init method because it requires to
read information from a config file.
>
> the doFilter method has absolutely no stream calls. The filter works fine
until I submit a form. If I go to a page that has a form
> and submit I then receive the above state exception?
>
> Would anyone have any insight why this might be?
>
> I'm going to get around this by dropping my config file and just using
filter init-params in my web.xml file instead but I would
> REALLY like to know why this was occuring just for some understanding.
>
> Regards,
> Paul
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [s1] Filters / State Exceptions
Hey, If this is true, then how does one standardly get around this issue when forms submit? Since I believe there is a separate service which processes the forms and attempts to get an InputStream and is causing the crash. I'm really working on a hybrid clickstream tracking filter which reads in all request parameters and dumps them to a separate db before passing the request along. The web software I'm attempting to attach it to requires me to put together this custom job rather than use something available such as opensymphony's clickstream. Regards, Paul -Original Message- From: Aram Mkhitaryan [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 07, 2007 1:39 AM To: Struts Users Mailing List Subject: Re: [s1] Filters / State Exceptions Hi, That's a general problem! You are right, request.getParameter() causes request.getInputStream() call. You should decide if you want to get parameter from request or get input stream. Input stream from the request is usually used if you want to manually handle the "spacial" formatted request (for example file upload, request body is xml, etc.). You had better call request.getParameter() otherwise. Best, Aram Aram Mkhitaryan 52, 25 Lvovyan, Yerevan 375000, Armenia Mobile: +374 91 518456 E-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [s1] Filters / State Exceptions
Hi, That's a general problem! You are right, request.getParameter() causes request.getInputStream() call. You should decide if you want to get parameter from request or get input stream. Input stream from the request is usually used if you want to manually handle the "spacial" formatted request (for example file upload, request body is xml, etc.). You had better call request.getParameter() otherwise. Best, Aram Aram Mkhitaryan 52, 25 Lvovyan, Yerevan 375000, Armenia Mobile: +374 91 518456 E-mail: [EMAIL PROTECTED]
Re: [s1] Filters / State Exceptions
Without seeing your filter code and web.xml it's hard to be sure, but my guess would be that you need to modify the order you apply your filters in. Remember that, with a file upload, form parameters are transmitted in the request body rather than as a query string. It sounds like req.getParameter() is being intercepted by one of the filters in the chain that precedes yours or something. Post your code, web.xml and full stack trace if you still need help isolating the problem. L. Paul Saumets wrote: As a side note, My filter has a couple req.getParameter calls (which I think in-turn calls an InputStream somehow?) in it's doFilter method which seems to be causing the state exceptions later after a form is submitted. Is there a way to avoid this or a way to ensure filters arn't processed when a form is submitted? Regards, Paul _ From: Paul Saumets [mailto:[EMAIL PROTECTED] To: user@struts.apache.org Sent: Tue, 06 Mar 2007 14:44:32 -0500 Subject: [s1] Filters / State Exceptions Hey, I'm hoping someone here could give me some insight why I'm getting an IllegalStateException with my filter. java.lang.IllegalStateException: getInputStream() has already been called for this request My filter calls InputStream in it's init method because it requires to read information from a config file. the doFilter method has absolutely no stream calls. The filter works fine until I submit a form. If I go to a page that has a form and submit I then receive the above state exception? Would anyone have any insight why this might be? I'm going to get around this by dropping my config file and just using filter init-params in my web.xml file instead but I would REALLY like to know why this was occuring just for some understanding. Regards, Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [s1] Filters / State Exceptions
As a side note, My filter has a couple req.getParameter calls (which I think in-turn calls an InputStream somehow?) in it's doFilter method which seems to be causing the state exceptions later after a form is submitted. Is there a way to avoid this or a way to ensure filters arn't processed when a form is submitted? Regards, Paul _ From: Paul Saumets [mailto:[EMAIL PROTECTED] To: user@struts.apache.org Sent: Tue, 06 Mar 2007 14:44:32 -0500 Subject: [s1] Filters / State Exceptions Hey, I'm hoping someone here could give me some insight why I'm getting an IllegalStateException with my filter. java.lang.IllegalStateException: getInputStream() has already been called for this request My filter calls InputStream in it's init method because it requires to read information from a config file. the doFilter method has absolutely no stream calls. The filter works fine until I submit a form. If I go to a page that has a form and submit I then receive the above state exception? Would anyone have any insight why this might be? I'm going to get around this by dropping my config file and just using filter init-params in my web.xml file instead but I would REALLY like to know why this was occuring just for some understanding. Regards, Paul
[s1] Filters / State Exceptions
Hey, I'm hoping someone here could give me some insight why I'm getting an IllegalStateException with my filter. java.lang.IllegalStateException: getInputStream() has already been called for this request My filter calls InputStream in it's init method because it requires to read information from a config file. the doFilter method has absolutely no stream calls. The filter works fine until I submit a form. If I go to a page that has a form and submit I then receive the above state exception? Would anyone have any insight why this might be? I'm going to get around this by dropping my config file and just using filter init-params in my web.xml file instead but I would REALLY like to know why this was occuring just for some understanding. Regards, Paul
servlets filters
I have a servlet filter which should behave different for different ".do's" and init params are different for different ".do's" . One way of solving this situation is below. SearchResultsFilter.CheckIn com.reisys.fema.ndsp.web.filter.SearchResultsFilter req_attribute_name taskInstances SearchResultsFilter.CheckIn /action/workflow/taskinstance/checkin.do SearchResultsFilter.Assign com.reisys.fema.ndsp.web.filter.SearchResultsFilter req_attribute_name workInstances SearchResultsFilter.Assign /action/workflow/workinstance/assign.do Other approach is to create an xml or property file with a list of servlet paths and their init params and pass this config file to filter so that the filters retrieves servlet path from request matches it with the servlet path in config file and gets the param for that".do" Which is better approach ? Than ks & Regards - Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.
Re: Using Filters with Struts?
As Joe pointed out, there is no problem using filters with Struts. As Joe
also pointed out, generally speaking, getting a filter to fire for a
specific Action, or group of Actions, is problematic. Struts 1.3, as Joe
yet again pointed out, is a nice solution for this (Joe has been busy!
LOL)
However, even with Struts 1.3, or WebWork, etc., it's still part of the
request handling cycle of the framework (modifying the request chain in
Struts or an interceptor stack in WW I mean). Now, this might be exactly
what you want, and in many cases it certainly will be, but a filter is
nice because it sits outside the framework and can process before or after
the framework is involved. In some cases, *this* is really what you want.
If you do decide a filter is the way to go and you still need more
fine-grained control over when they fire, it might be helpful to look at
the filters in Java Web Parts (http://javawebparts.sourceforge.net). Not
so much because they may do what you need, but more because they all
support two init parameters, pathSpec and pathList, which combined allows
you much more control over what URIs trigger them.
More importantly, they make use of a FilterHelpers class, which you could
use from your own filters. Basically, you would read in those parameters
in your filter's init(), then in doFilter() you do:
if (FilterHelpers.filterPath(request, pathList, pathSpec)) {
...and then do whatever the filter does. So, the filter only fires when
the path matches one of the items in pathList (or, conversely, you can set
pathSpec to EXCLUDE the paths in pathList, whichever is easier). And, the
pathList supports wildcards, but you can get as specific as you like, down
to exact URIs if you wish.
HTH.
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM: fzammetti
Yahoo: fzammetti
MSN: [EMAIL PROTECTED]
Java Web Parts -
http://javawebparts.sourceforge.net
Supplying the wheel, so you don't have to reinvent it!
On Fri, March 10, 2006 8:55 am, starki78 said:
> Yes I also come to the conclusion that it doesn't fit optimally,
> but it's always worth making such considerations to come to new solutions!
>
> Thanks for your input
> Starky
>
>
>
>
> -- Initial Header ---
>
>>From : "Joe Germuska" [EMAIL PROTECTED]
> To : "starki78" [EMAIL PROTECTED],"user" user@struts.apache.org
> Cc :
> Date : Fri, 10 Mar 2006 07:25:33 -0600
> Subject : Re: Using Filters with Struts?
>
>
>
>
>
>
>
>> At 8:23 AM +0100 3/10/06, starki78 wrote:
>> >Hi I made thoughts about filters
>> >(javax.servlet.Filter)
>> >e.g. use them for logging
>> >and performance measuring purposes.
>> >Now as we are using struts I would like
>> >to know if you can, and if it makes
>> >sense to assign a filter to an action.
>> >Can someone help me understand if this might
>> >be a good solution?
>>
>> You can certainly use servlet filters with Struts. It would be hard
>> to apply a filter to a specific action, since the filters operate
>> before-and-after Struts but not during the execution. I suppose you
>> might have the filter set a request attribute and then have an Action
>> look for it, but that seems tangled and suboptimal.
>>
>> I suppose in the end it depends on what you're trying to do.
>>
>> Joe
>>
>> --
>> Joe Germuska
>> [EMAIL PROTECTED] * http://blog.germuska.com
>>
>> "You really can't burn anything out by trying something new, and
>> even if you can burn it out, it can be fixed. Try something new."
>> -- Robert Moog
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using Filters with Struts?
At 2:55 PM +0100 3/10/06, starki78 wrote: Yes I also come to the conclusion that it doesn't fit optimally, but it's always worth making such considerations to come to new solutions! And speaking of new solutions, it's worth pointing out that in Struts 1.3 you can use the commons-chain API to execute a chain of Commands instead of or in addition to an action. If you used a chain instead of an action, you could use the commons-chain Filter interface to have reusable code operate before and after just the action execution stage. Note that the complete chain is executed before the action, so you couldn't use this around an Action, per se. It wouldn't be that hard to move your action into a chain by implementing Command, but I'll spare the details... And, with WebWork, which is becoming the basis of Struts 2, you can apply a stack of interceptors on a per-action basis, which is another way to reuse common code in processing requests. Joe Thanks for your input Starky -- Initial Header --- From : "Joe Germuska" [EMAIL PROTECTED] To : "starki78" [EMAIL PROTECTED],"user" user@struts.apache.org Cc : Date : Fri, 10 Mar 2006 07:25:33 -0600 Subject : Re: Using Filters with Struts? At 8:23 AM +0100 3/10/06, starki78 wrote: >Hi I made thoughts about filters >(javax.servlet.Filter) >e.g. use them for logging >and performance measuring purposes. >Now as we are using struts I would like >to know if you can, and if it makes >sense to assign a filter to an action. >Can someone help me understand if this might >be a good solution? You can certainly use servlet filters with Struts. It would be hard to apply a filter to a specific action, since the filters operate before-and-after Struts but not during the execution. I suppose you might have the filter set a request attribute and then have an Action look for it, but that seems tangled and suboptimal. I suppose in the end it depends on what you're trying to do. Joe -- Joe Germuska [EMAIL PROTECTED] * http://blog.germuska.com "You really can't burn anything out by trying something new, and even if you can burn it out, it can be fixed. Try something new." -- Robert Moog - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Joe Germuska [EMAIL PROTECTED] * http://blog.germuska.com "You really can't burn anything out by trying something new, and even if you can burn it out, it can be fixed. Try something new." -- Robert Moog - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using Filters with Struts?
Yes I also come to the conclusion that it doesn't fit optimally, but it's always worth making such considerations to come to new solutions! Thanks for your input Starky -- Initial Header --- >From : "Joe Germuska" [EMAIL PROTECTED] To : "starki78" [EMAIL PROTECTED],"user" user@struts.apache.org Cc : Date : Fri, 10 Mar 2006 07:25:33 -0600 Subject : Re: Using Filters with Struts? > At 8:23 AM +0100 3/10/06, starki78 wrote: > >Hi I made thoughts about filters > >(javax.servlet.Filter) > >e.g. use them for logging > >and performance measuring purposes. > >Now as we are using struts I would like > >to know if you can, and if it makes > >sense to assign a filter to an action. > >Can someone help me understand if this might > >be a good solution? > > You can certainly use servlet filters with Struts. It would be hard > to apply a filter to a specific action, since the filters operate > before-and-after Struts but not during the execution. I suppose you > might have the filter set a request attribute and then have an Action > look for it, but that seems tangled and suboptimal. > > I suppose in the end it depends on what you're trying to do. > > Joe > > -- > Joe Germuska > [EMAIL PROTECTED] * http://blog.germuska.com > > "You really can't burn anything out by trying something new, and > even if you can burn it out, it can be fixed. Try something new." > -- Robert Moog > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using Filters with Struts?
At 8:23 AM +0100 3/10/06, starki78 wrote: Hi I made thoughts about filters (javax.servlet.Filter) e.g. use them for logging and performance measuring purposes. Now as we are using struts I would like to know if you can, and if it makes sense to assign a filter to an action. Can someone help me understand if this might be a good solution? You can certainly use servlet filters with Struts. It would be hard to apply a filter to a specific action, since the filters operate before-and-after Struts but not during the execution. I suppose you might have the filter set a request attribute and then have an Action look for it, but that seems tangled and suboptimal. I suppose in the end it depends on what you're trying to do. Joe -- Joe Germuska [EMAIL PROTECTED] * http://blog.germuska.com "You really can't burn anything out by trying something new, and even if you can burn it out, it can be fixed. Try something new." -- Robert Moog - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Using Filters with Struts?
Hi I made thoughts about filters (javax.servlet.Filter) e.g. use them for logging and performance measuring purposes. Now as we are using struts I would like to know if you can, and if it makes sense to assign a filter to an action. Can someone help me understand if this might be a good solution? Thank You Starki - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: filters in web application
This all depends on what your filters do. If each filter is creating wrappers, analysing output stream and so on, you could indeed get performances issues. Consider each filter is about 3~4 additional stack level. Also each filter = 1 object + it's configuration datas Basically a filter is if your do sometings are trivials, there shouldn't be much performances hits, except for the fact you call lots of methode to get the job done :) Why do you need so much filters? temp temp a écrit : >In a web application can I use several filters like 20 to 30 filters each of >them serving some functionallity usefull for more than one '.do' .Is this a >good design or there could be any performance issues when using several >filters in a web application. > Thanks & regards > > > > >- >Relax. Yahoo! Mail virus scanning helps detect nasty viruses! > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
filters in web application
In a web application can I use several filters like 20 to 30 filters each of them serving some functionallity usefull for more than one '.do' .Is this a good design or there could be any performance issues when using several filters in a web application. Thanks & regards - Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
RE: Writing Filters
chuanjiang lo asked: > > Is it the correct way to implement session management using > filters? I'm rather new to structs and i would like to know > is there any good sites or tutorials i can refer on writing filters? > what does the url-pattern do? > > and in the codes > filterChain.doFilter(request, response); > what does this actually do? It sounds like you've not done any basic homework on filters. You might want to start with http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Servlets8.html#103101 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Writing Filters
Hi, Just a few question. Is it the correct way to implement session management using filters? I'm rather new to structs and i would like to know is there any good sites or tutorials i can refer on writing filters? http://marc.theaimsgroup.com/?l=struts-user&m=110624445418289&w=2 Im looking at this thread and can someone explain SessionExpireFilter *.jsp what does the url-pattern do? and in the codes filterChain.doFilter(request, response); what does this actually do? Thanks
Re: servlets filters
Filters are common to all, just like servlets. -Max On Tue, 2006-02-07 at 13:06 -0800, temp temp wrote: > Filters in web application. > Are servlet filters similar to session ie each session will have its own > filter or its like sevlet context ie common to all sessions . > Thanks & Regards > > > > - > Yahoo! Mail - Helps protect you from nasty viruses. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
servlets filters
Filters in web application. Are servlet filters similar to session ie each session will have its own filter or its like sevlet context ie common to all sessions . Thanks & Regards - Yahoo! Mail - Helps protect you from nasty viruses.
Re: order in which filters are executed in web.xml
They are executed in the order they appear in web.xml, subject to the mapping rules (i.e., if you have 4 filters, filter 2 and 3 might be skipped for a given request depending on how they are mapped, but filter 1 and 4 will fire in that order, assuming they are listed 1, 2, 3, 4). So, in your specific case, if SecurityFilter is listed first and AccessControlFilter is listed second, then SecurityFilter will always fire before AccessControlFilter fires, but AccessControlFilter may not always fire, depending on its mapping. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM: fzammetti Yahoo: fzammetti MSN: [EMAIL PROTECTED] On Fri, January 27, 2006 12:04 pm, temp temp said: > I written two filters for my web application. > One filter is to check whether session has userId called > SecurityFilter.(This filter is applied to all *.do) > Second filter to check if login user has access to a particular page > called AccessControlFilter .(This filter only to some .do) > in the second filter I need a userId to check if user has permission to > access a page say user1.do . > when a request comes for user1.do which filter is executed first ? > SecurityFilter or AccessControlFilter . > Thanks & Regards > > > > > - > > What are the most popular cars? Find out at Yahoo! Autos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
order in which filters are executed in web.xml
I written two filters for my web application. One filter is to check whether session has userId called SecurityFilter.(This filter is applied to all *.do) Second filter to check if login user has access to a particular page called AccessControlFilter .(This filter only to some .do) in the second filter I need a userId to check if user has permission to access a page say user1.do . when a request comes for user1.do which filter is executed first ? SecurityFilter or AccessControlFilter . Thanks & Regards - What are the most popular cars? Find out at Yahoo! Autos
Re: [OT] Cross-site scripting filters
Frank W. Zammetti wrote: If you wind up writing one and would be so inclined, feel free to contribute it to JWP :) If I end up writing one, I'll definitely contribute it or make it available somewhere! L. -- Laurie, Open Source advocate, Java geek and novice blogger: http://www.holoweb.net/laurie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
If you wind up writing one and would be so inclined, feel free to contribute it to JWP :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Tue, July 19, 2005 3:21 pm, Laurie Harper said: > Craig McClanahan wrote: >> I would imagine pretty much any blogging software that allows >> restricted HTML in comments (or pretty much any Wiki software that >> accepts some HTML for formatting, for that matter) has dealt with this >> kind of issue. Might be worth spelunking open source versions of >> those projects for ideas. > > Yep, for sure, I was just hoping someone could save me the time searching > :-) > > Given this is something that should be implemented / used by so many > webapps I was kinda surprised I couldn't find anything right off the bat. > Maybe it would be a good candidate for a Jakarta sub-project, maybe in > commons or something. > > L. > -- > Laurie, Open Source advocate, Java geek and novice blogger: > http://www.holoweb.net/laurie > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
Craig McClanahan wrote: I would imagine pretty much any blogging software that allows restricted HTML in comments (or pretty much any Wiki software that accepts some HTML for formatting, for that matter) has dealt with this kind of issue. Might be worth spelunking open source versions of those projects for ideas. Yep, for sure, I was just hoping someone could save me the time searching :-) Given this is something that should be implemented / used by so many webapps I was kinda surprised I couldn't find anything right off the bat. Maybe it would be a good candidate for a Jakarta sub-project, maybe in commons or something. L. -- Laurie, Open Source advocate, Java geek and novice blogger: http://www.holoweb.net/laurie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
On 7/18/05, Laurie Harper <[EMAIL PROTECTED]> wrote: > Ed Griebel wrote: > > So it seems like you want to a) render untrusted HTML, and b) render > > secure html. Sounds like the basic requirement is at odds? You could > > do something like slashdot and other BB systems do: restrict the > > amount of valid markup to make your parsing job easier. > > Ultimately, restricting allowed markup helps but doesn't make the hard > cases much easier :-) You're right that (a) and (b) conflict somewhat, > though. But think about something like Google Mail: it needs to be able to > display as much of a user's mail as possible whilst still remaining secure > against XSS attacks. I would imagine pretty much any blogging software that allows restricted HTML in comments (or pretty much any Wiki software that accepts some HTML for formatting, for that matter) has dealt with this kind of issue. Might be worth spelunking open source versions of those projects for ideas. Craig - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
Ed Griebel wrote: So it seems like you want to a) render untrusted HTML, and b) render secure html. Sounds like the basic requirement is at odds? You could do something like slashdot and other BB systems do: restrict the amount of valid markup to make your parsing job easier. Ultimately, restricting allowed markup helps but doesn't make the hard cases much easier :-) You're right that (a) and (b) conflict somewhat, though. But think about something like Google Mail: it needs to be able to display as much of a user's mail as possible whilst still remaining secure against XSS attacks. Actually, I'm not sure if gmail *does* support showing HTML formatted email off hand, but you see what I mean. Another idea, one single regexp won't do it, but have you thought of making multiple passes through the data as a check? You could xlate unicode, remove line splits, perform xml entity substitution, etc., then if it "passes", store the original html page as entered. I'm I'm not sure I want ever to store a modified copy, but the multi-pass regex approach is valid in any case. It's probably the best way to go if you're not willing to use a complete HTML+CSS parser in your XSS filter. guessing that your requirement is to store and re-present the original markup as entered :-) Pretty much, sans XSS hacks, of course :-) Also, have you tried doing some research into what the PHP world does to prevent it? It might give a good point of reference for Java. I spent a little time hunting around in the PHP world today, though I've yet to find anything particularly useful. Most of the implementations I've looked at so far do a fairly minimal job to defeat just the most common sorts of attack. L. -ed On 7/18/05, Laurie Harper <[EMAIL PROTECTED]> wrote: Frank W. Zammetti wrote: Yeah, wouldn't help you filter on output, but I pointer that out before :) True enough :) Note that it does allow you to specify your own regex, so in reality you can filter for whatever you want. I did this specifically so when someone spots something I didn't think of it's easy to make it catch those too. The trouble is, I doubt it would be possible to construct a single regex that did a robust job -- including handling of character references (as in my example), differing syntax rules in embedded CSS, browser's recombining keywords like 'javascript' that are split over multiple lines, etc. etc... FYI, while I find it ironic to reference a Microsoft resource on a security exploit, they actually do have a decent little page about XSS... http://support.microsoft.com/default.aspx?scid=kb;en-us;252985 The solutions it discusses, though, really don't help much when the requirement is to render untrusted HTML. There's a lot more detail on what's involved in some of the CERT advisories, for example: http://www.cert.org/advisories/CA-2000-02.html http://www.cert.org/tech_tips/malicious_code_mitigation.html L. Frank Laurie Harper wrote: Frank W. Zammetti wrote: Not a problem... http://javawebparts.sourceforge.net/javadocs/index.html In the javawebparts.filter package, you should see the CrossSiteScriptingFilter. This will filter any incoming parameters, and optionally attributes (good for if your forwarding somewhere) for a list of characters (you can alter what it looks for via regex). Ah, I initially skipped that package, thinking a servlet filter wasn't really what I was after. Browsing through the code, it seems I was right. For one thing, I want to filter text on output, not filter request parameters on input. But more important, your filter only checks for (and rejects) anything with a few particular characters -- all of which are valid in most cases from an XSS-prevention standpoint. For what it's worth, injecting XSS attacks through that filter is pretty easy. For example, the following wouldn't be caught: I'm hoping I can find something that addresses all the nefarious XSS strategies out there. It's not easy to implement something that's complete, especially when you try to deal with embedded CSS in the HTML you're trying to sanitize...! Thanks for the link though :-) -- Laurie, Open Source advocate, Java geek and novice blogger: http://www.holoweb.net/laurie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Laurie, Open Source advocate, Java geek and novice blogger: http://www.holoweb.net/laurie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
So it seems like you want to a) render untrusted HTML, and b) render secure html. Sounds like the basic requirement is at odds? You could do something like slashdot and other BB systems do: restrict the amount of valid markup to make your parsing job easier. Another idea, one single regexp won't do it, but have you thought of making multiple passes through the data as a check? You could xlate unicode, remove line splits, perform xml entity substitution, etc., then if it "passes", store the original html page as entered. I'm guessing that your requirement is to store and re-present the original markup as entered :-) Also, have you tried doing some research into what the PHP world does to prevent it? It might give a good point of reference for Java. -ed On 7/18/05, Laurie Harper <[EMAIL PROTECTED]> wrote: > Frank W. Zammetti wrote: > > Yeah, wouldn't help you filter on output, but I pointer that out before :) > > True enough :) > > > Note that it does allow you to specify your own regex, so in reality you > > can filter for whatever you want. I did this specifically so when > > someone spots something I didn't think of it's easy to make it catch > > those too. > > The trouble is, I doubt it would be possible to construct a single regex > that did a robust job -- including handling of character references (as in > my example), differing syntax rules in embedded CSS, browser's recombining > keywords like 'javascript' that are split over multiple lines, etc. etc... > > > FYI, while I find it ironic to reference a Microsoft resource on a > > security exploit, they actually do have a decent little page about XSS... > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;252985 > > The solutions it discusses, though, really don't help much when the > requirement is to render untrusted HTML. There's a lot more detail on > what's involved in some of the CERT advisories, for example: > > http://www.cert.org/advisories/CA-2000-02.html > http://www.cert.org/tech_tips/malicious_code_mitigation.html > > L. > > > > > Frank > > > > Laurie Harper wrote: > > > >> Frank W. Zammetti wrote: > >> > >>> Not a problem... > >>> > >>> http://javawebparts.sourceforge.net/javadocs/index.html > >>> > >>> In the javawebparts.filter package, you should see the > >>> CrossSiteScriptingFilter. > >>> > >>> This will filter any incoming parameters, and optionally attributes > >>> (good > >>> for if your forwarding somewhere) for a list of characters (you can > >>> alter > >>> what it looks for via regex). > >> > >> > >> > >> Ah, I initially skipped that package, thinking a servlet filter wasn't > >> really what I was after. Browsing through the code, it seems I was right. > >> > >> For one thing, I want to filter text on output, not filter request > >> parameters on input. But more important, your filter only checks for > >> (and rejects) anything with a few particular characters -- all of > >> which are valid in most cases from an XSS-prevention standpoint. > >> > >> For what it's worth, injecting XSS attacks through that filter is > >> pretty easy. For example, the following wouldn't be caught: > >> > >> > >> > >> I'm hoping I can find something that addresses all the nefarious XSS > >> strategies out there. It's not easy to implement something that's > >> complete, especially when you try to deal with embedded CSS in the > >> HTML you're trying to sanitize...! > >> > >> Thanks for the link though :-) > > > > > > > -- > Laurie, Open Source advocate, Java geek and novice blogger: > http://www.holoweb.net/laurie > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
Frank W. Zammetti wrote: Yeah, wouldn't help you filter on output, but I pointer that out before :) True enough :) Note that it does allow you to specify your own regex, so in reality you can filter for whatever you want. I did this specifically so when someone spots something I didn't think of it's easy to make it catch those too. The trouble is, I doubt it would be possible to construct a single regex that did a robust job -- including handling of character references (as in my example), differing syntax rules in embedded CSS, browser's recombining keywords like 'javascript' that are split over multiple lines, etc. etc... FYI, while I find it ironic to reference a Microsoft resource on a security exploit, they actually do have a decent little page about XSS... http://support.microsoft.com/default.aspx?scid=kb;en-us;252985 The solutions it discusses, though, really don't help much when the requirement is to render untrusted HTML. There's a lot more detail on what's involved in some of the CERT advisories, for example: http://www.cert.org/advisories/CA-2000-02.html http://www.cert.org/tech_tips/malicious_code_mitigation.html L. Frank Laurie Harper wrote: Frank W. Zammetti wrote: Not a problem... http://javawebparts.sourceforge.net/javadocs/index.html In the javawebparts.filter package, you should see the CrossSiteScriptingFilter. This will filter any incoming parameters, and optionally attributes (good for if your forwarding somewhere) for a list of characters (you can alter what it looks for via regex). Ah, I initially skipped that package, thinking a servlet filter wasn't really what I was after. Browsing through the code, it seems I was right. For one thing, I want to filter text on output, not filter request parameters on input. But more important, your filter only checks for (and rejects) anything with a few particular characters -- all of which are valid in most cases from an XSS-prevention standpoint. For what it's worth, injecting XSS attacks through that filter is pretty easy. For example, the following wouldn't be caught: I'm hoping I can find something that addresses all the nefarious XSS strategies out there. It's not easy to implement something that's complete, especially when you try to deal with embedded CSS in the HTML you're trying to sanitize...! Thanks for the link though :-) -- Laurie, Open Source advocate, Java geek and novice blogger: http://www.holoweb.net/laurie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
Craig McClanahan wrote: While the code in question here might not help you, the concept of a Filter still can. You can use Filters to monitor (and potentially modify) the output stream by providing a wrapper around the HttpServletResponse that the container hands you, with custom implementations of getOutputStream() and getWriter() that send their output to a buffer instead of directly back to the client. Then, when the client returns, you can postprocess the buffer and weed out anything you think is dangerous. I think there's a sample filter to do GZIP compression in the Tomcat releases, which you could use as a model of the overall architecture. Yeah, I grok servlet filters OK ;-) The issue is that filtering the entire response is generally not too helpful for this: it'd disable all the dynamic functionality in the application that's *meant* to be there...! What I need is to allow users to enter HTML markup through a text field for subsequent display as part of a page (think, for example, of a wiki or CMS solution). Only the untrusted data should be filtered, and the submitted HTML must render correctly after potential XSS insertion has been dealt with. Cheers, L. -- Laurie, Open Source advocate, Java geek and novice blogger: http://www.holoweb.net/laurie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
I have one as part of Java Web Parts
(http://javawebparts.sourceforge.net). Let me know if it suits your needs
(and if not, let me know the shortcomings so I can expand it!)
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
On Mon, July 18, 2005 2:28 pm, Laurie Harper said:
> Does anyone know of a good, complete implementation of a cross-site
> scripting filter for pre-processing user entered text that needs to be
> rendered as HTML? Obviously / ${fn:escapeXml()} / etc. aren't the
> right solution ;-) but there's nothing in standard JSTL or Struts (that I
> know of) that is.
>
> Any pointers appreciated!
>
> L.
> --
> Laurie, Open Source advocate, Java geek and novice blogger:
> http://www.holoweb.net/laurie
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
And if you can't find that compression filter in Tomcat, JWP has one too :) Does GZip and Deflate actualy :) Frank Craig McClanahan wrote: On 7/18/05, Laurie Harper <[EMAIL PROTECTED]> wrote: Frank W. Zammetti wrote: Not a problem... http://javawebparts.sourceforge.net/javadocs/index.html In the javawebparts.filter package, you should see the CrossSiteScriptingFilter. This will filter any incoming parameters, and optionally attributes (good for if your forwarding somewhere) for a list of characters (you can alter what it looks for via regex). Ah, I initially skipped that package, thinking a servlet filter wasn't really what I was after. Browsing through the code, it seems I was right. While the code in question here might not help you, the concept of a Filter still can. You can use Filters to monitor (and potentially modify) the output stream by providing a wrapper around the HttpServletResponse that the container hands you, with custom implementations of getOutputStream() and getWriter() that send their output to a buffer instead of directly back to the client. Then, when the client returns, you can postprocess the buffer and weed out anything you think is dangerous. I think there's a sample filter to do GZIP compression in the Tomcat releases, which you could use as a model of the overall architecture. Crag - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
Yeah, wouldn't help you filter on output, but I pointer that out before :) Note that it does allow you to specify your own regex, so in reality you can filter for whatever you want. I did this specifically so when someone spots something I didn't think of it's easy to make it catch those too. FYI, while I find it ironic to reference a Microsoft resource on a security exploit, they actually do have a decent little page about XSS... http://support.microsoft.com/default.aspx?scid=kb;en-us;252985 Frank Laurie Harper wrote: Frank W. Zammetti wrote: Not a problem... http://javawebparts.sourceforge.net/javadocs/index.html In the javawebparts.filter package, you should see the CrossSiteScriptingFilter. This will filter any incoming parameters, and optionally attributes (good for if your forwarding somewhere) for a list of characters (you can alter what it looks for via regex). Ah, I initially skipped that package, thinking a servlet filter wasn't really what I was after. Browsing through the code, it seems I was right. For one thing, I want to filter text on output, not filter request parameters on input. But more important, your filter only checks for (and rejects) anything with a few particular characters -- all of which are valid in most cases from an XSS-prevention standpoint. For what it's worth, injecting XSS attacks through that filter is pretty easy. For example, the following wouldn't be caught: I'm hoping I can find something that addresses all the nefarious XSS strategies out there. It's not easy to implement something that's complete, especially when you try to deal with embedded CSS in the HTML you're trying to sanitize...! Thanks for the link though :-) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
On 7/18/05, Laurie Harper <[EMAIL PROTECTED]> wrote: > Frank W. Zammetti wrote: > > > Not a problem... > > > > http://javawebparts.sourceforge.net/javadocs/index.html > > > > In the javawebparts.filter package, you should see the > > CrossSiteScriptingFilter. > > > > This will filter any incoming parameters, and optionally attributes (good > > for if your forwarding somewhere) for a list of characters (you can alter > > what it looks for via regex). > > Ah, I initially skipped that package, thinking a servlet filter wasn't > really what I was after. Browsing through the code, it seems I was right. > While the code in question here might not help you, the concept of a Filter still can. You can use Filters to monitor (and potentially modify) the output stream by providing a wrapper around the HttpServletResponse that the container hands you, with custom implementations of getOutputStream() and getWriter() that send their output to a buffer instead of directly back to the client. Then, when the client returns, you can postprocess the buffer and weed out anything you think is dangerous. I think there's a sample filter to do GZIP compression in the Tomcat releases, which you could use as a model of the overall architecture. Crag - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
Not a problem...
http://javawebparts.sourceforge.net/javadocs/index.html
In the javawebparts.filter package, you should see the
CrossSiteScriptingFilter.
This will filter any incoming parameters, and optionally attributes (good
for if your forwarding somewhere) for a list of characters (you can alter
what it looks for via regex).
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
On Mon, July 18, 2005 3:44 pm, Laurie Harper said:
> Thanks; I had a quick hunt through the Javadocs but couldn't see anything
> relevant. Can you give me a push in the right direction? ;-)
>
> L.
>
> Frank W. Zammetti wrote:
>
>> I have one as part of Java Web Parts
>> (http://javawebparts.sourceforge.net). Let me know if it suits your
>> needs
>> (and if not, let me know the shortcomings so I can expand it!)
>>
>> --
>> Frank W. Zammetti
>> Founder and Chief Software Architect
>> Omnytex Technologies
>> http://www.omnytex.com
>>
>> On Mon, July 18, 2005 2:28 pm, Laurie Harper said:
>>
>>>Does anyone know of a good, complete implementation of a cross-site
>>>scripting filter for pre-processing user entered text that needs to be
>>>rendered as HTML? Obviously / ${fn:escapeXml()} / etc. aren't
>>> the
>>>right solution ;-) but there's nothing in standard JSTL or Struts (that
>>> I
>>>know of) that is.
>>>
>>>Any pointers appreciated!
>>>
>>>L.
>>>--
>>>Laurie, Open Source advocate, Java geek and novice blogger:
>>>http://www.holoweb.net/laurie
>>>
>>>
>>>-
>>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>
>
> --
> Laurie, Open Source advocate, Java geek and novice blogger:
> http://www.holoweb.net/laurie
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
Thanks; I had a quick hunt through the Javadocs but couldn't see anything
relevant. Can you give me a push in the right direction? ;-)
L.
Frank W. Zammetti wrote:
I have one as part of Java Web Parts
(http://javawebparts.sourceforge.net). Let me know if it suits your needs
(and if not, let me know the shortcomings so I can expand it!)
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
On Mon, July 18, 2005 2:28 pm, Laurie Harper said:
Does anyone know of a good, complete implementation of a cross-site
scripting filter for pre-processing user entered text that needs to be
rendered as HTML? Obviously / ${fn:escapeXml()} / etc. aren't the
right solution ;-) but there's nothing in standard JSTL or Struts (that I
know of) that is.
Any pointers appreciated!
L.
--
Laurie, Open Source advocate, Java geek and novice blogger:
http://www.holoweb.net/laurie
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Laurie, Open Source advocate, Java geek and novice blogger:
http://www.holoweb.net/laurie
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Cross-site scripting filters
Does anyone know of a good, complete implementation of a cross-site
scripting filter for pre-processing user entered text that needs to be
rendered as HTML? Obviously / ${fn:escapeXml()} / etc. aren't the
right solution ;-) but there's nothing in standard JSTL or Struts (that I
know of) that is.
Any pointers appreciated!
L.
--
Laurie, Open Source advocate, Java geek and novice blogger:
http://www.holoweb.net/laurie
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Cross-site scripting filters
Frank W. Zammetti wrote: Not a problem... http://javawebparts.sourceforge.net/javadocs/index.html In the javawebparts.filter package, you should see the CrossSiteScriptingFilter. This will filter any incoming parameters, and optionally attributes (good for if your forwarding somewhere) for a list of characters (you can alter what it looks for via regex). Ah, I initially skipped that package, thinking a servlet filter wasn't really what I was after. Browsing through the code, it seems I was right. For one thing, I want to filter text on output, not filter request parameters on input. But more important, your filter only checks for (and rejects) anything with a few particular characters -- all of which are valid in most cases from an XSS-prevention standpoint. For what it's worth, injecting XSS attacks through that filter is pretty easy. For example, the following wouldn't be caught: I'm hoping I can find something that addresses all the nefarious XSS strategies out there. It's not easy to implement something that's complete, especially when you try to deal with embedded CSS in the HTML you're trying to sanitize...! Thanks for the link though :-) -- Laurie, Open Source advocate, Java geek and novice blogger: http://www.holoweb.net/laurie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ActionForward not working in Struts/Filters/XSLT application
Hi again,
I posted this yesterday but got no reply, so here it is again - can anyone
help?
Thanks
Alan
Alan Mullane
04/12/2005 10:30 AM
To: user@struts.apache.org
cc:
Subject:ActionForward not working in Struts/Filters/XSLT
application
Hi,
I am working on the development a Struts application that reads all user
requests into a number of Struts Actions
and uses XSLT to output the response of all pages as HTML. Also, all
requests pass through one or more Servlet
Filters before entering the Actions, to handle security, logging, etc.
The application only uses actions for processing input requests and
doesn't use any additional web pages
such as static JSPs or html pages. The output presentation data is
dynamically generated by java objects, then
written by the Action to the HttpServletResponse and then transformed into
HTML using an XSLT transformer.
The application doesn't use ActionForward but instead the response is
always written to the HttpServletResponse
and a null ActionForward is returned by the calling action.
In some parts of the application I need to re-route the request to another
page (for example, to a logout page if the
user session expires). I have tried to use the ActionForward for this
case, by calling 'mapping.findForward("logout")
but it doesn't work and I always get a blank page - I defined action
forwards in the action mappings in the struts-config.xml
file but it seems that Struts doesn't allow forwarding to other actions in
this type of application (Struts/Filters to XSLT).
For now I am using HttpServletResponse.sendRedirect("logout.do") to get
around this problem, but it is messy as I need
to catch IOException and also lose any parameters within the request - I
would prefer to use the Struts framework for this
as it is much cleaner and parameters already in the request can be reused.
Any ideas on how to fix this?
Thanks
Alan
ActionForward not working in Struts/Filters/XSLT application
Hi,
I am working on the development a Struts application that reads all user
requests into a number of Struts Actions
and uses XSLT to output the response of all pages as HTML. Also, all
requests pass through one or more Servlet
Filters before entering the Actions, to handle security, logging, etc.
The application only uses actions for processing input requests and
doesn't use any additional web pages
such as static JSPs or html pages. The output presentation data is
dynamically generated by java objects, then
written by the Action to the HttpServletResponse and then transformed into
HTML using an XSLT transformer.
The application doesn't use ActionForward but instead the response is
always written to the HttpServletResponse
and a null ActionForward is returned by the calling action.
In some parts of the application I need to re-route the request to another
page (for example, to a logout page if the
user session expires). I have tried to use the ActionForward for this
case, by calling 'mapping.findForward("logout")
but it doesn't work and I always get a blank page - I defined action
forwards in the action mappings in the struts-config.xml
file but it seems that Struts doesn't allow forwarding to other actions in
this type of application (Struts/Filters to XSLT).
For now I am using HttpServletResponse.sendRedirect("logout.do") to get
around this problem, but it is messy as I need
to catch IOException and also lose any parameters within the request - I
would prefer to use the Struts framework for this
as it is much cleaner and parameters already in the request can be reused.
Any ideas on how to fix this?
Thanks
Alan
Re: Filters
If your filter really wants to do a RequestDispatcher.foward() call (to go someplace other than the servlet that the original request URI is mapped to), you can do that too ... you're not stuck with redirects. That way you don't lose your request parameters and attributes. Craig On Tue, 29 Mar 2005 14:01:08 -0500 (EST), Frank W. Zammetti <[EMAIL PROTECTED]> wrote: > Yeah, my bad... I cracked open the authorization filter I wrote because I > didn't want to give a wrong answer off the top of my head... problem is, > that filter just redirects to a "Go away, your not allowed in here!" kind > of page, so there was no concern with losing request parameters in that > use case. Good call Joe :) Whether he needs the contents of request of > not it's a good point to be aware of. > > -- > Frank W. Zammetti > Founder and Chief Software Architect > Omnytex Technologies > http://www.omnytex.com > > On Tue, March 29, 2005 1:24 pm, Joe Germuska said: > > Frank's suggestion might work, although note that it would result in > > the discarding of all request parameters, which may not be what you > > want. > > > > If you have complex session initialization logic in an Action and you > > want to use it in the Filter, I'd suggest factoring it out into a > > utility class. Alternatively, don't try to use the filter to do > > this: the main reason to use a filter is to apply common logic upon > > every request (or at least many requests); if you have all this in an > > Action now, that suggests you only use it once. > > > > You could probably also somehow use the Filter to set a request > > attribute, and then subclass the RequestProcessor to recognize that > > request attribute as an instruction to invoke your session-prep > > action -- but that seems way more complicated than you really need. > > > > Joe > > > > > > At 12:45 PM -0500 3/29/05, Frank W. Zammetti wrote: > >>response.sendRedirect(url); > >> > >>That's what I do. You do get a reference to request, so I would assume > >>you could get a dispatcher off it and do what you always do. I've never > >>had a need to try it though. > >> > >>-- > >>Frank W. Zammetti > >>Founder and Chief Software Architect > >>Omnytex Technologies > >>http://www.omnytex.com > >> > >>On Tue, March 29, 2005 12:40 pm, Denis Avdic said: > >>> Hello all, > >>> > >>> Although I've been using Struts for small projects for a while now, I > >>> haven't really used filters. Now I am incorporating some > >>> functionality from another project into mine, and the other project > >>> used plain old servlets and filters. > >>> > >>> My question is this: > >>> > >>> In filter's doFilter method, is there a way to forward to a Struts > >>> action somehow? I need to populate the session and I have all this > >>> stuff already written, I just need to do a forward to the action > >>> somehow. How could I do this without request.getRequestDispatcher() > >>> calls? Or can I do it at all? > >>> > >>> > >>> I haven't wrote pure servlet in a long long while and I forgot a > >>> lot of things so please excuse me if my question is dumb. > >>> > >>> > >>> Thanks, > >>> > >>> Denis > >>> > >>> - > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >> > >> > >>- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > -- > > Joe Germuska > > [EMAIL PROTECTED] > > http://blog.germuska.com > > "Narrow minds are weapons made for mass destruction" -The Ex > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filters
Yeah, my bad... I cracked open the authorization filter I wrote because I didn't want to give a wrong answer off the top of my head... problem is, that filter just redirects to a "Go away, your not allowed in here!" kind of page, so there was no concern with losing request parameters in that use case. Good call Joe :) Whether he needs the contents of request of not it's a good point to be aware of. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Tue, March 29, 2005 1:24 pm, Joe Germuska said: > Frank's suggestion might work, although note that it would result in > the discarding of all request parameters, which may not be what you > want. > > If you have complex session initialization logic in an Action and you > want to use it in the Filter, I'd suggest factoring it out into a > utility class. Alternatively, don't try to use the filter to do > this: the main reason to use a filter is to apply common logic upon > every request (or at least many requests); if you have all this in an > Action now, that suggests you only use it once. > > You could probably also somehow use the Filter to set a request > attribute, and then subclass the RequestProcessor to recognize that > request attribute as an instruction to invoke your session-prep > action -- but that seems way more complicated than you really need. > > Joe > > > At 12:45 PM -0500 3/29/05, Frank W. Zammetti wrote: >>response.sendRedirect(url); >> >>That's what I do. You do get a reference to request, so I would assume >>you could get a dispatcher off it and do what you always do. I've never >>had a need to try it though. >> >>-- >>Frank W. Zammetti >>Founder and Chief Software Architect >>Omnytex Technologies >>http://www.omnytex.com >> >>On Tue, March 29, 2005 12:40 pm, Denis Avdic said: >>> Hello all, >>> >>> Although I've been using Struts for small projects for a while now, I >>> haven't really used filters. Now I am incorporating some >>> functionality from another project into mine, and the other project >>> used plain old servlets and filters. >>> >>> My question is this: >>> >>> In filter's doFilter method, is there a way to forward to a Struts >>> action somehow? I need to populate the session and I have all this >>> stuff already written, I just need to do a forward to the action >>> somehow. How could I do this without request.getRequestDispatcher() >>> calls? Or can I do it at all? >>> >>> >>> I haven't wrote pure servlet in a long long while and I forgot a >>> lot of things so please excuse me if my question is dumb. >>> >>> >>> Thanks, >>> >>> Denis >>> >>> - >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> >>- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] > > > -- > Joe Germuska > [EMAIL PROTECTED] > http://blog.germuska.com > "Narrow minds are weapons made for mass destruction" -The Ex > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filters
Frank's suggestion might work, although note that it would result in the discarding of all request parameters, which may not be what you want. If you have complex session initialization logic in an Action and you want to use it in the Filter, I'd suggest factoring it out into a utility class. Alternatively, don't try to use the filter to do this: the main reason to use a filter is to apply common logic upon every request (or at least many requests); if you have all this in an Action now, that suggests you only use it once. You could probably also somehow use the Filter to set a request attribute, and then subclass the RequestProcessor to recognize that request attribute as an instruction to invoke your session-prep action -- but that seems way more complicated than you really need. Joe At 12:45 PM -0500 3/29/05, Frank W. Zammetti wrote: response.sendRedirect(url); That's what I do. You do get a reference to request, so I would assume you could get a dispatcher off it and do what you always do. I've never had a need to try it though. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Tue, March 29, 2005 12:40 pm, Denis Avdic said: Hello all, Although I've been using Struts for small projects for a while now, I haven't really used filters. Now I am incorporating some functionality from another project into mine, and the other project used plain old servlets and filters. My question is this: In filter's doFilter method, is there a way to forward to a Struts action somehow? I need to populate the session and I have all this stuff already written, I just need to do a forward to the action somehow. How could I do this without request.getRequestDispatcher() calls? Or can I do it at all? I haven't wrote pure servlet in a long long while and I forgot a lot of things so please excuse me if my question is dumb. Thanks, Denis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com "Narrow minds are weapons made for mass destruction" -The Ex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filters
response.sendRedirect(url); That's what I do. You do get a reference to request, so I would assume you could get a dispatcher off it and do what you always do. I've never had a need to try it though. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Tue, March 29, 2005 12:40 pm, Denis Avdic said: > Hello all, > > Although I've been using Struts for small projects for a while now, I > haven't really used filters. Now I am incorporating some > functionality from another project into mine, and the other project > used plain old servlets and filters. > > My question is this: > > In filter's doFilter method, is there a way to forward to a Struts > action somehow? I need to populate the session and I have all this > stuff already written, I just need to do a forward to the action > somehow. How could I do this without request.getRequestDispatcher() > calls? Or can I do it at all? > > > I haven't wrote pure servlet in a long long while and I forgot a > lot of things so please excuse me if my question is dumb. > > > Thanks, > > Denis > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Filters
Hello all, Although I've been using Struts for small projects for a while now, I haven't really used filters. Now I am incorporating some functionality from another project into mine, and the other project used plain old servlets and filters. My question is this: In filter's doFilter method, is there a way to forward to a Struts action somehow? I need to populate the session and I have all this stuff already written, I just need to do a forward to the action somehow. How could I do this without request.getRequestDispatcher() calls? Or can I do it at all? I haven't wrote pure servlet in a long long while and I forgot a lot of things so please excuse me if my question is dumb. Thanks, Denis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question regarding filters in html-tags
Hi David, David G. Friedman schrieb: René, By +1, I meant I would vote to add filter="true/false" to the html:text and html:textarea tags as well. So, when you write you are using regular html tags, are you using a tag with bean write, like this: name="beanName" property="propertyName"/>" /> Thanx for the information. Yes I'm using the HTML tags like this. Furthermore I'm using the select tags with logic:iterate inside to create the option entries. Best regards -- René Thol E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Question regarding filters in html-tags
René, By +1, I meant I would vote to add filter="true/false" to the html:text and html:textarea tags as well. So, when you write you are using regular html tags, are you using a tag with bean write, like this: " /> Regards, David -Original Message- From: René Thol [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 17, 2004 1:41 AM To: Struts Users Mailing List Subject: Re: Question regarding filters in html-tags Hello David, David G. Friedman schrieb: >I just skimmed over the SVN code repository for both html:text and >html:textarea tags and it looks like it automatically behaves like a >filter="true" with no option to set it differently. You could always go to >bugzilla and request a modification. I skimmed through the bean:write tag >and implementing it looks trivial. If you do that, let me know so I can +1: >I think I'm going to need unfiltered html:textareas very soon as I'm adding >FcKEditor(.net's) to my webapp. > > ATM I'm replacing the non-working struts-tags by their plain HTML counterparts. I also mulled over implementing the tags by myself, but decided to go the easier way! };-[) Fortunately the struts setters are as well served using plain HTML tags. Please forgive my ignorance but what do you mean by "I can +1" ? (do you mean as well?) Best regards -- René Thol E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question regarding filters in html-tags
Hello David, David G. Friedman schrieb: I just skimmed over the SVN code repository for both html:text and html:textarea tags and it looks like it automatically behaves like a filter="true" with no option to set it differently. You could always go to bugzilla and request a modification. I skimmed through the bean:write tag and implementing it looks trivial. If you do that, let me know so I can +1: I think I'm going to need unfiltered html:textareas very soon as I'm adding FcKEditor(.net's) to my webapp. ATM I'm replacing the non-working struts-tags by their plain HTML counterparts. I also mulled over implementing the tags by myself, but decided to go the easier way! };-[) Fortunately the struts setters are as well served using plain HTML tags. Please forgive my ignorance but what do you mean by "I can +1" ? (do you mean as well?) Best regards -- René Thol E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question regarding filters in html-tags
Hi Bill, Bill Siggelkow schrieb: Rene, Can you explain what you are trying to do? Are you trying to prohibit/allow the user inputting HTML markup? I've got an application where users can enter data into different textfields, -areas. These data are stored within a database and may be altered by the user later on. When a japanese or chinese user enters his/her data using Kanji for example the browser transfers the Kanji signs into HTML-Entities. These are stored within the DB and displayed when the user reenters and wants to change/add/delete some data. While plain HTML-Tags behave correct in this case (they are displaying the HTML entities read from DB as Kanji signs) the struts equivalents don't! The struts tags encode the leading ampersand of the HTML entities so that the entity is delivered to the browser in the following form: 〹 Therefore it is not displayed correctly anymore. The bean:write tag has the option to switch filtering of but the html:text and html:textarea don't have this option but in my opinion it's highly indicated in order to use struts within multilanguage applpications. Kind regards -- René Thol E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Question regarding filters in html-tags
I just skimmed over the SVN code repository for both html:text and html:textarea tags and it looks like it automatically behaves like a filter="true" with no option to set it differently. You could always go to bugzilla and request a modification. I skimmed through the bean:write tag and implementing it looks trivial. If you do that, let me know so I can +1: I think I'm going to need unfiltered html:textareas very soon as I'm adding FcKEditor(.net's) to my webapp. Regards, David -Original Message- From: René Thol [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 10:31 AM To: [EMAIL PROTECTED] Subject: Question regarding filters in html-tags Hello everybody, unfortunately I did not find anything within the ML archive regarding this topic! My question is: Is there any mechanism like the filter="false" within the tag for the html:text and html:textarea tags? Or does exist another way to protect the contents of the latter both tags from getting parsed and converted? Many thanks in advance Kind regards -- René Thol E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question regarding filters in html-tags
René Thol wrote: Hello everybody, unfortunately I did not find anything within the ML archive regarding this topic! My question is: Is there any mechanism like the filter="false" within the tag for the html:text and html:textarea tags? Or does exist another way to protect the contents of the latter both tags from getting parsed and converted? Many thanks in advance Kind regards Rene, Can you explain what you are trying to do? Are you trying to prohibit/allow the user inputting HTML markup? -Bill Siggelkow - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Question regarding filters in html-tags
Hello everybody, unfortunately I did not find anything within the ML archive regarding this topic! My question is: Is there any mechanism like the filter="false" within the tag for the html:text and html:textarea tags? Or does exist another way to protect the contents of the latter both tags from getting parsed and converted? Many thanks in advance Kind regards -- René Thol E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Remote Errors and Filters
I am having difficulty using a custom filter to capture remote exceptions. All requests for our application are filtered through a class called "ErrorFilter". If the exception is a client-side error, the filter takes care of the exception handling and forwards to the appropriate trouble report jsp. If the exception is remote (in particular, if the requested server object is not available), the exception never finds it's way completely back to the ErrorFilter, and the rendered page simply displays the error message. It is possible that our application code swallows the exception somewhere (though I've scoured it again and again). I am wondering if there is something in the Struts framework that would cause this type of scenario. Thanks, Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Filters, listeners and struts-config.xml
I've just googled to see how to get a filter to grab info from struts-config.xml, and haven't been able to find anything on it. I had assumed that it would have been a nice idea to have a StrutsFilter, just to be able to access the global forwards. Have I missed something? Is this a 1.2 feature? Should I invent this wheel? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Filters and forwards...
Hi all, I am trying to wrap the HttpServletResponse to apply gzip compression on data sent to the client when gzip is supported. I'm using a filter,wrapper and custom ServletOutputStream based on published code. It seems to work except when I chain actions. If I call one action which executes a forward to a JSP, I get the exception attached. We have the filter applied only to *.do in from web.xml, so we thought the filter is applied to the actions, and the JSP. We know this question has been asked several times, but we have not found a good solution for us. what could I be doing that would cause the stream to be closed? Can?t we put a filter to compress if we use forwards from actions? Thanks a lot, Exception == java.io.IOException: This output stream has already been closed at es.aranzadi.filtros.CompressionResponseStream.close(CompressionResponseStrea m.java:187) at es.aranzadi.filtros.CompressionResponseStream.close(CompressionResponseStrea m.java:205) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher. java:253) at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:10 69) at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProces sor.java:455) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:279) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65) at es.aranzadi.filtros.CompressionFilter.doFilter(CompressionFilter.java:243) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.j ava:560) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDis patcher.java:306) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher. java:240) at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:10 69) at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProces sor.java:455) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:279) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for 2EE].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65) at es.aranzadi.filtros.CompressionFilter.doFilter(CompressionFilter.java:243) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.j ava:560) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDis patcher.java:306) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java: 767) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.HttpRequestHandler.run(HttpRequestHandler.java:259) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.HttpRequestHandler.run(HttpRequestHandler.java:106) at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.ja va:803) at java.lang.Thread.run(Thread.java:479) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet filters with Struts
as as wrote: Hi, I have the same issue.Seems struts is running pretty slow (or porbably its becuase of back end database connections to mysQL using Hberntae).Any waqys I can improve the perfrmance. I am using Weblogic 7.0 The most important consideration when dealing with performance issues is to understand where the bottlenecks are that are affecting you. For many web applications it tends to be database access, but there's no way to generalize, because every application is different. One approach to investigating this, for example, would be to copy the database access logic of your webapp into a stand-alone test program, and run some timing tests there, with no web container or user interface framework involved. Thanks so much as this will highly help in running my jsp's faster ( I did try including jsp pre-compilation into jasper). Precompiling JSPs only helps make the very first request to that page run faster ... it has zero impact on ongoing performance. Regards, Sam. Craig PS: The servlet container's implementation of a filter will typically have about the same performance impact as a RequestDispatcher.forward() call, which isn't much -- basically it's a lookup and a method call. Obviously, anything your Filter actually does will affect the timing, but adding simple stuff like "how long did this request take to process" and then logging that will have little or no visible impact unless your webapp is overloaded with users or something like that. Bill Siggelkow <[EMAIL PROTECTED]> wrote: Well of course it will affect performance because the container is doing stuff it would not be doing otherwise -- the question is more like "will the negative performance impact be significant?" I would say if you calculating the elapsed time it should not be. It depends on what your filter is doing with the data -- it is simply logging it out to the console it should be OK -- the other thing that is nice about filters is that they can easily be turned off via the filter mapping. Kommana, Sridhar wrote: Hi, Iam using TimerFilter in my application which gives the response time taken for executing the each Action class. Does this will affect the performance of the application on production environment. Is there any known performance or stability issues with Servlet filters with Struts? Thanks in advance, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Tax Center - File online by April 15th - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet filters with Struts
Hi, I have the same issue.Seems struts is running pretty slow (or porbably its becuase of back end database connections to mysQL using Hberntae).Any waqys I can improve the perfrmance. I am using Weblogic 7.0 Thanks so much as this will highly help in running my jsp's faster ( I did try including jsp pre-compilation into jasper). Regards, Sam. Bill Siggelkow <[EMAIL PROTECTED]> wrote: Well of course it will affect performance because the container is doing stuff it would not be doing otherwise -- the question is more like "will the negative performance impact be significant?" I would say if you calculating the elapsed time it should not be. It depends on what your filter is doing with the data -- it is simply logging it out to the console it should be OK -- the other thing that is nice about filters is that they can easily be turned off via the filter mapping. Kommana, Sridhar wrote: > Hi, > > Iam using TimerFilter in my application which gives the response time taken for > executing the each Action class. Does this will affect the performance of the > application on production environment. Is there any known performance or stability > issues with Servlet filters with Struts? > > Thanks in advance, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Tax Center - File online by April 15th
Re: Servlet filters with Struts
Well of course it will affect performance because the container is doing stuff it would not be doing otherwise -- the question is more like "will the negative performance impact be significant?" I would say if you calculating the elapsed time it should not be. It depends on what your filter is doing with the data -- it is simply logging it out to the console it should be OK -- the other thing that is nice about filters is that they can easily be turned off via the filter mapping. Kommana, Sridhar wrote: Hi, Iam using TimerFilter in my application which gives the response time taken for executing the each Action class. Does this will affect the performance of the application on production environment. Is there any known performance or stability issues with Servlet filters with Struts? Thanks in advance, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Servlet filters with Struts
Hi, Iam using TimerFilter in my application which gives the response time taken for executing the each Action class. Does this will affect the performance of the application on production environment. Is there any known performance or stability issues with Servlet filters with Struts? Thanks in advance, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filters..
I use them for authentication.. Filter is mainly a pre-processor or a post-processor however you want to use it.. It is pretty good for taking code out code that is in EACH one or most of your servlets or jsps. By using filter, you can do *those* tasks before the request gets to them. I think filters are very good.. After all, if your filter is slow, you can speed it up by making changes at one place, the filter. And I don't really see much overheard. Generally you don't put a "do nothing" filter on every request, filter will do something that's needed for the app. Other than that, its just another class that gets loaded. I am not an expert at exactly these application servers deal with them, but I do know that I wanted filters way before they came out, so I am a big fan of em.. My 2 cents.. Paul -Original Message- From: Navjot Singh [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 06, 2004 8:51 AM To: Struts Users Mailing List Subject: RE: Filters.. yes. feel free to use them if you have a need. They are really good at handle some problems. >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Sent: Tuesday, April 06, 2004 7:53 PM >To: [EMAIL PROTECTED] >Subject: Filters.. > > >Hello All, > >I know this is an off topic but is it advisable to use Filters in a Web >Application? > >Any kind of input wud be appreciated.. > >Thanks, >VJ > > > >DISCLAIMER: >This message contains privileged and confidential information and is >intended only for the individual named.If you are not the intended >recipient you should not disseminate,distribute,store,print, copy or >deliver this message.Please notify the sender immediately by e-mail if >you have received this e-mail by mistake and delete this e-mail from >your system.E-mail transmission cannot be guaranteed to be secure or >error-free as information could be >intercepted,corrupted,lost,destroyed,arrive late or incomplete or >contain viruses.The sender therefore does not accept liability for >any errors or omissions in the contents of this message which >arise as a result of e-mail transmission. If verification is >required please request a hard-copy version. > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[FRIDAY] Re: Filters..
So if you can get your webapp smoking with filters then no worries. I'm ready for friday - are we nearly there yet? - Original Message - From: "Adam Hardy" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Tuesday, April 06, 2004 3:37 PM Subject: Re: Filters.. > I always use filters when programming. Unfiltered cigarettes are twice > as likely to give you cancer. ;) > > On 04/06/2004 04:23 PM [EMAIL PROTECTED] wrote: > > VJ, > > > > Filters are a good way of extending an existing application without > > having to recompile or rewrite code. > > > > I often use them. > > > > > > > > > > > > <[EMAIL PROTECTED]> > > 04/06/2004 10:22 AM > > Please respond to "Struts Users Mailing List" > > > > > > To: <[EMAIL PROTECTED]> > > cc: > > Subject:Filters.. > > > > > > Hello All, > > > > I know this is an off topic but is it advisable to use Filters in a Web > > Application? > > > > Any kind of input wud be appreciated.. > > > > Thanks, > > VJ > > > > > > > > DISCLAIMER: > > This message contains privileged and confidential information and is > > intended only for the individual named.If you are not the intended > > recipient you should not disseminate,distribute,store,print, copy or > > deliver this message.Please notify the sender immediately by e-mail if you > > have received this e-mail by mistake and delete this e-mail from your > > system.E-mail transmission cannot be guaranteed to be secure or error-free > > as information could be intercepted,corrupted,lost,destroyed,arrive late > > or incomplete or contain viruses.The sender therefore does not accept > > liability for any errors or omissions in the contents of this message > > which arise as a result of e-mail transmission. If verification is > > required please request a hard-copy version. > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > -- > struts 1.2 + tomcat 5.0.19 + java 1.4.2 > Linux 2.4.20 Debian > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filters..
yes. feel free to use them if you have a need. They are really good at handle some problems. >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Sent: Tuesday, April 06, 2004 7:53 PM >To: [EMAIL PROTECTED] >Subject: Filters.. > > >Hello All, > >I know this is an off topic but is it advisable to use Filters in a Web >Application? > >Any kind of input wud be appreciated.. > >Thanks, >VJ > > > >DISCLAIMER: >This message contains privileged and confidential information and >is intended only for the individual named.If you are not the >intended recipient you should not >disseminate,distribute,store,print, copy or deliver this >message.Please notify the sender immediately by e-mail if you have >received this e-mail by mistake and delete this e-mail from your >system.E-mail transmission cannot be guaranteed to be secure or >error-free as information could be >intercepted,corrupted,lost,destroyed,arrive late or incomplete or >contain viruses.The sender therefore does not accept liability for >any errors or omissions in the contents of this message which >arise as a result of e-mail transmission. If verification is >required please request a hard-copy version. > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filters..
Hi Vijay, I'm no guru, yet can give you my personal opinion on this matter: Yes, they have an impact. The heavier (execution time, resources consumption, etc...) the filter is, the greater the impact (and so the opposite :) ). I suppose that there is also a small overhead associated to the forwarding mechanism itself, but I haven't actually tested this. Depending on how time / resource - critical is your web app, this can become an issue or not. Yes, I believe they are of great use for certain things (mostly, global validations and general operations affecting the general behaviour of your web app) such as, for example, access control. Yet, as with any other technology, I wouldn't do a blindfold recommendation for it. I don't believe there is such thing as "IT-panacea". Again, that is my humble opinion. HTH, Freddy. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviado el: martes, 06 de abril de 2004 16:40 Para: [EMAIL PROTECTED] Asunto: RE: Filters.. Apologies...for the generality of the question Our Web Application primarily consists of satellite applications interfacing with a core systemI primarily want to implement them for access checks as well as a Session Manager for each request of the application... Is there any overhead in this coz I just got an opinion that it does...how was not explained :) which led me thinking whether it really does lead to an overhead?? Next time I shall be more specific about my queries :) -Original Message- From: Freddy Villalba Arias [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 06, 2004 7:53 PM To: Struts Users Mailing List Subject: RE: Filters.. Whoa, talk about general questions!!! :) I suppose it depends on what you want them for and the overall context... Could you be more specific? Cheers, Freddy. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviado el: martes, 06 de abril de 2004 16:23 Para: [EMAIL PROTECTED] Asunto: Filters.. Hello All, I know this is an off topic but is it advisable to use Filters in a Web Application? Any kind of input wud be appreciated.. Thanks, VJ DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filters..
Filters require servlets 2.3+ From: [EMAIL PROTECTED] Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: Filters.. Date: Tue, 6 Apr 2004 10:23:51 -0400 VJ, Filters are a good way of extending an existing application without having to recompile or rewrite code. I often use them. <[EMAIL PROTECTED]> 04/06/2004 10:22 AM Please respond to "Struts Users Mailing List" To: <[EMAIL PROTECTED]> cc: Subject:Filters.. Hello All, I know this is an off topic but is it advisable to use Filters in a Web Application? Any kind of input wud be appreciated.. Thanks, VJ DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filters..
I always use filters when programming. Unfiltered cigarettes are twice
as likely to give you cancer. ;)
On 04/06/2004 04:23 PM [EMAIL PROTECTED] wrote:
VJ,
Filters are a good way of extending an existing application without
having to recompile or rewrite code.
I often use them.
<[EMAIL PROTECTED]>
04/06/2004 10:22 AM
Please respond to "Struts Users Mailing List"
To: <[EMAIL PROTECTED]>
cc:
Subject:Filters..
Hello All,
I know this is an off topic but is it advisable to use Filters in a Web
Application?
Any kind of input wud be appreciated..
Thanks,
VJ
DISCLAIMER:
This message contains privileged and confidential information and is
intended only for the individual named.If you are not the intended
recipient you should not disseminate,distribute,store,print, copy or
deliver this message.Please notify the sender immediately by e-mail if you
have received this e-mail by mistake and delete this e-mail from your
system.E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted,corrupted,lost,destroyed,arrive late
or incomplete or contain viruses.The sender therefore does not accept
liability for any errors or omissions in the contents of this message
which arise as a result of e-mail transmission. If verification is
required please request a hard-copy version.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
struts 1.2 + tomcat 5.0.19 + java 1.4.2
Linux 2.4.20 Debian
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filters..
Apologies...for the generality of the question Our Web Application primarily consists of satellite applications interfacing with a core systemI primarily want to implement them for access checks as well as a Session Manager for each request of the application... Is there any overhead in this coz I just got an opinion that it does...how was not explained :) which led me thinking whether it really does lead to an overhead?? Next time I shall be more specific about my queries :) -Original Message- From: Freddy Villalba Arias [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 06, 2004 7:53 PM To: Struts Users Mailing List Subject: RE: Filters.. Whoa, talk about general questions!!! :) I suppose it depends on what you want them for and the overall context... Could you be more specific? Cheers, Freddy. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviado el: martes, 06 de abril de 2004 16:23 Para: [EMAIL PROTECTED] Asunto: Filters.. Hello All, I know this is an off topic but is it advisable to use Filters in a Web Application? Any kind of input wud be appreciated.. Thanks, VJ DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filters..
Filters are part of Servlet specs..This means they are supposed to be used in web app:-)) The only reason they are not part of Struts implementation is that Struts was developed way before the Filters were introduced. But surely struts future implementations will start using filters whereever appropriate.There was even a discussion on struts dev mailing list in this regard. -Original Message- From: Slattery, Tim - BLS [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 06, 2004 4:25 PM To: 'Struts Users Mailing List' Subject: RE: Filters.. > I know this is an off topic but is it advisable to use > Filters in a Web Application? We do routinely, to try to keep users on the approved path through the application. -- Tim Slattery [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filters..
VJ,
Filters are a good way of extending an existing application without
having to recompile or rewrite code.
I often use them.
<[EMAIL PROTECTED]>
04/06/2004 10:22 AM
Please respond to "Struts Users Mailing List"
To: <[EMAIL PROTECTED]>
cc:
Subject:Filters..
Hello All,
I know this is an off topic but is it advisable to use Filters in a Web
Application?
Any kind of input wud be appreciated..
Thanks,
VJ
DISCLAIMER:
This message contains privileged and confidential information and is
intended only for the individual named.If you are not the intended
recipient you should not disseminate,distribute,store,print, copy or
deliver this message.Please notify the sender immediately by e-mail if you
have received this e-mail by mistake and delete this e-mail from your
system.E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted,corrupted,lost,destroyed,arrive late
or incomplete or contain viruses.The sender therefore does not accept
liability for any errors or omissions in the contents of this message
which arise as a result of e-mail transmission. If verification is
required please request a hard-copy version.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filters..
Whoa, talk about general questions!!! :) I suppose it depends on what you want them for and the overall context... Could you be more specific? Cheers, Freddy. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviado el: martes, 06 de abril de 2004 16:23 Para: [EMAIL PROTECTED] Asunto: Filters.. Hello All, I know this is an off topic but is it advisable to use Filters in a Web Application? Any kind of input wud be appreciated.. Thanks, VJ DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filters..
> I know this is an off topic but is it advisable to use > Filters in a Web Application? We do routinely, to try to keep users on the approved path through the application. -- Tim Slattery [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Filters..
Hello All, I know this is an off topic but is it advisable to use Filters in a Web Application? Any kind of input wud be appreciated.. Thanks, VJ DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
