ERRest security
Does any one on the list have much experience with ERRest security. I am worried about possible injection DDoS attacks etc. Any pointers? Michael Kondratov smime.p7s Description: S/MIME cryptographic signature ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: WOBootstrap.jar importance
Hi Henrique, My apps who includes WoInject run since few month without WObootstrap. Thanks to Alexis with an example of launch script on server side. Envoyé de mon iPad > Le 4 déc. 2013 à 01:48, Henrique Prange a écrit : > > Hi Ralf and Alexis, > > Thanks for your answers. The command line length doesn’t look like an > indispensable advantage (unless you’re deploying on Windows). I’m going to > recommend WOInject users to avoid running applications using the > WOBootstrap.jar. > > Cheers, > > Henrique > >> On 03/12/2013, at 18:12, Alexis Tual wrote: >> >> Hi, >> >> the command line length is the only reason I can think of. ps auxwww | grep >> java is pretty ugly with this... jps -v is better though. >> For several month of production with woinject, that's the only drawback we >> faced for the moment :) >> >> Alex >> >> >> >> >> 2013/12/2 Ralf Schuchardt >>> Am 02.12.2013 um 13:58 schrieb Henrique Prange : >>> >>> > Hey guys, >>> > >>> > Silly question: what is the importance/advantage of running WO >>> > applications from WOBootstrap.jar? >>> > >>> > It looks like WOBootstrap just make things complicated. It uses an >>> > alternative class loader and the original classpath is incomplete. >>> > So, considering this drawbacks, which advantages are provided by this >>> > mechanism of WO app initialization compared to the old way (calling the >>> > main method directly)? >>> > >>> > Cheers, >>> > Henrique >>> >>> >>> Hi Henrique, >>> >>> WOBootstrap allows the use of long classpaths esp. on Windows, where the >>> maximum command line length was sometimes limited to only 2047 characters. >>> >>> Ralf >>> >>> >>> ___ >>> Do not post admin requests to the list. They will be ignored. >>> Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) >>> Help/Unsubscribe/Update your Subscription: >>> https://lists.apple.com/mailman/options/webobjects-dev/alexis.tual%40gmail.com >>> >>> This email sent to alexis.t...@gmail.com > > ___ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/webobjects-dev/rnaneon%40me.com > > This email sent to rnan...@me.com ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Inheritance ERRest
Hi all,
We've found out this is a bug. The ERRestRequestNode ignores the type field
when creating objects for toOne and toMany relationships. We're going to create
a pull request to fix this problem soon.
BTW, is there a way to verify we didn't introduce a bug in ERRest while trying
to fix another one?
Cheers,
Henrique
Sent from my iPhone
> On 02/12/2013, at 22:41, Elizio Marcelino wrote:
>
> Hi,
>
>
> I'm having trouble working with ERRest and EO with inheritance.
>
> I have the following structure in my EO Model.
>
> Order
> - id
> - quantity
> - NSArray payments
>
>
> AbstractPayment
> - id - autoIncrement
> - status
>
> CreditCardPayment extends AbstractPayment
> - amount
> - installments
>
> DebitCardPayment extends AbstractPayment
> - number
> - holder
>
> In my REST API, in my class OrderController doing well CreateAction:
>
> public WOActionResults createAction() throws Throwable {
> Order order = (Order)create(entityName(), filterWithAllRecursive());
> }
>
> I am making the following call with rest:
>
> {
> "status":"created",
> "payments": [
>{
> "type": "CreditCardPayment"
> "amount":100
> "instalments": 1
> }
> ]
> }
>
> If you notice my class CreditCardPayment extends AbstractPayment, and when I
> send my request to the list of payment am having the following error:
>
> ' takeValueForKey(): attempt to assign value to
> unknown key: 'amount'.
>
> This class does not have an instance variable of the name amount or _amount,
> nor a method of the name setAmount or _setAmount' object ' pk:"null">' key 'amount'>
>
>
>
> I believe when it is done trying to convert JSON to the Order object it is
> trying to convert the List of payment for AbstractPayment and not to
> CreditCardPayment.
>
> How can we show to create what should be done by CreditCardPayment
> DebitCartPayment or not by AbstractPayment?
>
>
>
> Thank you.
> Elizio
>
> ___
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/webobjects-dev/hprange%40gmail.com
>
> This email sent to hpra...@gmail.com
___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: ERXCryptoString with ERRest
Hi all,
I've been working with Elizio on this problem and we are having a hard time. :)
We were unable to find the appropriate way to provide custom JSON parsers and
writers in ERRest. Is that possible? If so, how?
We've found a way to provide a custom writer by extending the ERRestJSONWriter
class. The solution doesn't look like the appropriate solution though. :)
Anyway, we were unable to provide a custom parser by extending the
ERRestJSONParser.
The only solution we've found was changing the internal ERRest parse mechanism
to understand the ERXCryptoString type. Unless we're missing something, we're
considering the lack of support to ERXCryptoString in ERRest as a bug and we're
willing to create a pull request to fix it.
Any thoughts?
Cheers,
Henrique
Sent from my iPhone
> On 05/11/2013, at 00:21, Elizio Marcelino wrote:
>
> Hello Guys,
>
> I am new to WebObjects, and I have a problem.
>
> I'm using the ERXCryptoString for some fields, but I need to expose this
> information via ERRest, but when phaco this value is shown: {}.
>
> Is there any way to expose the data unencrypted form "automatic"
> passing a formatter if any?
>
> Thank you,
> Elizio Marcelino
> ___
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/webobjects-dev/hprange%40gmail.com
>
> This email sent to hpra...@gmail.com
___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: WOBootstrap.jar importance
Dear Henrique, WOBootstrap is really an obsolete library, we skipped it on our UNIX based solution installs some years ago. On Windows it could be of help. However, for Windows I have seen an presentation at WOWODC 2013 from a German WO guy where he promoted a native wostarter C-code (or so I don't recall the name) which is basically does the lunch setup for an WOA application. Check the old videos, this is the right way to go on Windows. Regards Helmut Tschemernjak On 02/12/13 13:58, Henrique Prange wrote: Hey guys, Silly question: what is the importance/advantage of running WO applications from WOBootstrap.jar? It looks like WOBootstrap just make things complicated. It uses an alternative class loader and the original classpath is incomplete. So, considering this drawbacks, which advantages are provided by this mechanism of WO app initialization compared to the old way (calling the main method directly)? Cheers, Henrique Sent from my iPhone ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/helmut%40helios.de This email sent to hel...@helios.de ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Job Opportunity: WebObjects developer on Gold Coast, Australia
Just a heads up before this is published publicly: Looking for an experienced Java software developer, preferably with webobjects knowledge to work for a well established SME on the Gold Coast, Australia. Position is full time salary employment working in house on internal systems (this is not a remote role). Other desirable experience includes: Mac OSX, Perl, SQL & Linux. If that sounds like you, send me your details and your resume and I will be in contact as more details are finalised. ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: processRecentChanges makes me sad
Does anyone do WO without Wonder anymore? :)
But that’s an excellent suggestion, although I’d still prefer to be able to do
this without introducing the EC subclass.
Slight problem though—in my simplified example I didn’t mention that the
mechanism also needs to handle modifications to objects (for attributes such as
modificationDate and modifiedByUser) and I don’t believe I can hook into object
modifications via an EC subclass. Perhaps I’ll just bite the bullet and handle
modifications just before save (using
EditingContextWillSaveChangesNotification).
Cheers,
- hugi
On 4.12.2013, at 11:26, Bogdan Zlatanov wrote:
> Hi Hugi,
>
> I was going to suggest something along the lines of :
>
> /**
> * A custom EOEditingContext
> */
> public class HugiEC extends ERXEC {
> @Override
> public void insertObject(EOEnterpriseObject eo) {
> super.insertObject(eo);
> if (eo instanceof Timestamped) {
> // … create EO timestamp
> }
> }
> }
>
> that can then be plugged in via Wonder via
> er.extensions.ERXEC.editingContextClassName=whatever.package.HugiEC
>
> But I don’t know if you’d like the Wonder dependency.
>
> Cheers,
> Bogdan
>
> On 4 Dec 2013, at 11:52, Hugi Thordarson wrote:
>
>> Hi Johann,
>>
>> Thanks for the idea, but the framework is meant for wider distribution so
>> I’d rather not have it depend on a modified superclass template.
>>
>> Cheers,
>> - hugi
>>
>>
>> On 4.12.2013, at 10:42, Johann Werner wrote:
>>
>>> Hi Hugi,
>>>
>>> a simple – though perhaps not as elegant as you want – solution would be to
>>> create your own EO superclass and override init() (from ERXGenericRecord)
>>> where you put your logic:
>>>
>>> @Override
>>> protected voit init(EOEditingContext ec) {
>>> super.init(ec);
>>> if (this instanceof TimeStamped) {
>>> setCreationDate(new NSTimestamp());
>>> …
>>> }
>>> }
>>>
>>> You can configure EOGenerator to use your class instead of EOGenericRecord
>>> so this would be a do it once and forget ;-)
>>>
>>> HTH
>>> jw
>>>
>>>
>>> Am 04.12.2013 um 10:18 schrieb Hugi Thordarson :
>>>
Hi all.
I’ve been attempting to automate the setting of some common attributes in
my EOs, like creationDate, createdByUser etc. etc. Usually one might
populate attributes like that in awakeFromInsertion, but that's
boilerplate I’d rather not add to my EO classes. So instead, I’ve taken a
different route. Simple example:
I have an interface TimeStamped, objects that I want stamped with the
creation date implement this interface. My application then listens for
EOEditingContext.ObjectsChangedInEditingContextNotification and when it’s
received, I iterate through inserted objects, check if they implement
TimeStamped and update their creation dates.
This works fine, apart from a little kink: The
EOEditingContext.ObjectsChangedInEditingContextNotification is not
broadcast until WO calls processRecentChanges on the EditingContext—and
that happens at the *end* of the r/r-loop. This means that if I create an
object, assign it to a page and return it, WO will happily render the
page, and THEN stamp the values on the EO (which are thus not shown until
the user next refreshes the page).
I’m aware I can expedite the broadcasting of the notification by manually
invoking processRecentChanges before returning the page—but that kind of
ruins the whole “get this functionality out of my face” aspect of the
mechanism.
Anyone have any happy litle ideas on how to tackle the problem?
Cheers,
- hugi
// Hugi Þórðarson
// Góður kóði
// 895-6688 / 561-0896
>>>
>>>
>>
>> ___
>> Do not post admin requests to the list. They will be ignored.
>> Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/webobjects-dev/bogdan.zlatanov%40gmail.com
>>
>> This email sent to bogdan.zlata...@gmail.com
>
___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: processRecentChanges makes me sad
Hi Johann,
Thanks for the idea, but the framework is meant for wider distribution so I’d
rather not have it depend on a modified superclass template.
Cheers,
- hugi
On 4.12.2013, at 10:42, Johann Werner wrote:
> Hi Hugi,
>
> a simple – though perhaps not as elegant as you want – solution would be to
> create your own EO superclass and override init() (from ERXGenericRecord)
> where you put your logic:
>
> @Override
> protected voit init(EOEditingContext ec) {
> super.init(ec);
> if (this instanceof TimeStamped) {
> setCreationDate(new NSTimestamp());
> …
> }
> }
>
> You can configure EOGenerator to use your class instead of EOGenericRecord so
> this would be a do it once and forget ;-)
>
> HTH
> jw
>
>
> Am 04.12.2013 um 10:18 schrieb Hugi Thordarson :
>
>> Hi all.
>>
>> I’ve been attempting to automate the setting of some common attributes in my
>> EOs, like creationDate, createdByUser etc. etc. Usually one might populate
>> attributes like that in awakeFromInsertion, but that's boilerplate I’d
>> rather not add to my EO classes. So instead, I’ve taken a different route.
>> Simple example:
>>
>> I have an interface TimeStamped, objects that I want stamped with the
>> creation date implement this interface. My application then listens for
>> EOEditingContext.ObjectsChangedInEditingContextNotification and when it’s
>> received, I iterate through inserted objects, check if they implement
>> TimeStamped and update their creation dates.
>>
>> This works fine, apart from a little kink: The
>> EOEditingContext.ObjectsChangedInEditingContextNotification is not broadcast
>> until WO calls processRecentChanges on the EditingContext—and that happens
>> at the *end* of the r/r-loop. This means that if I create an object, assign
>> it to a page and return it, WO will happily render the page, and THEN stamp
>> the values on the EO (which are thus not shown until the user next refreshes
>> the page).
>>
>> I’m aware I can expedite the broadcasting of the notification by manually
>> invoking processRecentChanges before returning the page—but that kind of
>> ruins the whole “get this functionality out of my face” aspect of the
>> mechanism.
>>
>> Anyone have any happy litle ideas on how to tackle the problem?
>>
>> Cheers,
>> - hugi
>>
>> // Hugi Þórðarson
>> // Góður kóði
>> // 895-6688 / 561-0896
>
>
smime.p7s
Description: S/MIME cryptographic signature
___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: processRecentChanges makes me sad
Hi Hugi,
a simple – though perhaps not as elegant as you want – solution would be to
create your own EO superclass and override init() (from ERXGenericRecord) where
you put your logic:
@Override
protected voit init(EOEditingContext ec) {
super.init(ec);
if (this instanceof TimeStamped) {
setCreationDate(new NSTimestamp());
…
}
}
You can configure EOGenerator to use your class instead of EOGenericRecord so
this would be a do it once and forget ;-)
HTH
jw
Am 04.12.2013 um 10:18 schrieb Hugi Thordarson :
> Hi all.
>
> I’ve been attempting to automate the setting of some common attributes in my
> EOs, like creationDate, createdByUser etc. etc. Usually one might populate
> attributes like that in awakeFromInsertion, but that's boilerplate I’d rather
> not add to my EO classes. So instead, I’ve taken a different route. Simple
> example:
>
> I have an interface TimeStamped, objects that I want stamped with the
> creation date implement this interface. My application then listens for
> EOEditingContext.ObjectsChangedInEditingContextNotification and when it’s
> received, I iterate through inserted objects, check if they implement
> TimeStamped and update their creation dates.
>
> This works fine, apart from a little kink: The
> EOEditingContext.ObjectsChangedInEditingContextNotification is not broadcast
> until WO calls processRecentChanges on the EditingContext—and that happens at
> the *end* of the r/r-loop. This means that if I create an object, assign it
> to a page and return it, WO will happily render the page, and THEN stamp the
> values on the EO (which are thus not shown until the user next refreshes the
> page).
>
> I’m aware I can expedite the broadcasting of the notification by manually
> invoking processRecentChanges before returning the page—but that kind of
> ruins the whole “get this functionality out of my face” aspect of the
> mechanism.
>
> Anyone have any happy litle ideas on how to tackle the problem?
>
> Cheers,
> - hugi
>
> // Hugi Þórðarson
> // Góður kóði
> // 895-6688 / 561-0896
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
processRecentChanges makes me sad
Hi all. I’ve been attempting to automate the setting of some common attributes in my EOs, like creationDate, createdByUser etc. etc. Usually one might populate attributes like that in awakeFromInsertion, but that's boilerplate I’d rather not add to my EO classes. So instead, I’ve taken a different route. Simple example: I have an interface TimeStamped, objects that I want stamped with the creation date implement this interface. My application then listens for EOEditingContext.ObjectsChangedInEditingContextNotification and when it’s received, I iterate through inserted objects, check if they implement TimeStamped and update their creation dates. This works fine, apart from a little kink: The EOEditingContext.ObjectsChangedInEditingContextNotification is not broadcast until WO calls processRecentChanges on the EditingContext—and that happens at the *end* of the r/r-loop. This means that if I create an object, assign it to a page and return it, WO will happily render the page, and THEN stamp the values on the EO (which are thus not shown until the user next refreshes the page). I’m aware I can expedite the broadcasting of the notification by manually invoking processRecentChanges before returning the page—but that kind of ruins the whole “get this functionality out of my face” aspect of the mechanism. Anyone have any happy litle ideas on how to tackle the problem? Cheers, - hugi // Hugi Þórðarson // Góður kóði // 895-6688 / 561-0896 smime.p7s Description: S/MIME cryptographic signature ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
