Combination of ERXApplication.replaceApplicationPath, Session-Cookies and Ajax doesn't work

2015-11-07 Thread CHRISTOPH WICK | i4innovation GmbH, Bonn 
Hi list,

has anyone the combination of

- ERXApplication.replaceApplicationPath and
- SessionID stored in cookies and
- Ajax (from Wonder's Ajax-Framework)

successfully working in combination?

I don't get it up and running on a test-server. In my case each click on a 
submit button in a form containing Ajax-Update-Containers is returning to the 
"Main"-page. Somewhere in the whole stack, WebObjects forgets the session and 
starts as if a new session was created.

And help is welcome.
Thx, C.U.CW
--
The three great virtues of a programmer are Laziness, Impatience and Hubris. 
(Randal Schwartz)



signature.asc
Description: Message signed with OpenPGP using GPGMail
 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Secure storage of passwords or credit card data

2015-11-07 Thread Mark Wardle 
I’m using http://www.jasypt.org 

I have a property such as encryptedPassword and then write code like this:

public void setPassword(String newPassword) {
BasicPasswordEncryptor passwordEncryptor = new 
BasicPasswordEncryptor();

setEncryptedPassword(passwordEncryptor.encryptPassword(newPassword));
}

public boolean canAuthenticateWithPassword(String password) {
BasicPasswordEncryptor passwordEncryptor = new 
BasicPasswordEncryptor();
try {
return passwordEncryptor.checkPassword(password, 
encryptedPassword());
}
catch (EncryptionOperationNotPossibleException e) {
log.error(e);
}
return false;
}

Mark

> On 4 Nov 2015, at 18:29, Ray Kiddy  wrote:
> 
> On Wed, 04 Nov 2015 10:40:49 +0100
> Markus Ruggiero  wrote:
> 
>> Folks,
>> 
>> another quick question: what are you using for secure storage of
>> passowords and credit card data in a Wonder app? Is there anything in
>> Wonder (probably there is, but it is not always easy to find things),
>> or are you using other things/libs/code? Any code examples?
>> 
>> Thanks for any hint / pointer /example
>> ---markus---
>> 
> 
> This is a good source of info on how to do some of these things:
> 
> https://www.owasp.org/index.php/Cheat_Sheets
> 
> See the cheat sheets on password storage, authentication, "forgot
> password", and many, many others. The ones that I have read tend to come
> with both a good explanation and code examples.
> 
> cheers - ray
> ___
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/webobjects-dev/mark%40wardle.org
> 
> This email sent to m...@wardle.org

 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Making EOs aware of session properties (I know they should not but I need this anyway)

2015-11-07 Thread Mark Wardle 
Markus,

I do this a lot with ERXThreadStorage.

eg. in my session class:

/**
 * @param user set the current user
 */
public void setAuthenticatedUser(User user) {
_authenticatedUser = 
user.localInstanceIn(defaultEditingContext());
ERCoreBusinessLogic.setActor(_authenticatedUser);
}


And in my EO:

@Override public void init(EOEditingContext ec) {
super.init(ec);
setCreatedDateTime(new NSTimestamp());

setCreatedUser((User)ERCoreBusinessLogic.actor(editingContext()));
setStatus(Status.DRAFT);
}


If you look at the source for ERCoreBusinessLogic.setActor(), then it is simply:

/**
 * Sets the actor in the current thread storage.
 * @param actor current user for this thread
 */
public static void setActor(EOEnterpriseObject actor) {
if (log.isDebugEnabled())
log.debug("Setting actor to : "+actor);
if (actor != null) {
ERXThreadStorage.takeValueForKey(actor, "actor");
} else {
ERXThreadStorage.removeValueForKey("actor");
}
}

/**
 * Gets the actor as a local instance in the given context.
 * @param ec editing context to pull a local copy of the actor
 *  into
 * @return actor instance in the given editing context
 */
public static EOEnterpriseObject actor(EOEditingContext ec) {
EOEnterpriseObject actor = actor();
if (actor != null && actor.editingContext() != ec) {
EOEditingContext actorEc = actor.editingContext();
actorEc.lock();
try {
EOEnterpriseObject localActor = 
ERXEOControlUtilities.localInstanceOfObject(ec, actor);
try {
if(actor instanceof ERCoreUserInterface) {
NSArray prefs = 
((ERCoreUserInterface)actor).preferences();
prefs = 
ERXEOControlUtilities.localInstancesOfObjects(ec, prefs);

((ERCoreUserInterface)localActor).setPreferences(prefs);
}
} catch(RuntimeException ex) {
log.error("Error while setting getting actor's 
preferences: " + ex, ex);
}
actor = localActor;
} finally {
actorEc.unlock();
}
}
return actor;
}

Anjo Krank’s BugTracker example uses this as well.

Mark

> On 7 Nov 2015, at 14:56, Markus Ruggiero  wrote:
> 
> Folks,
> 
> I have the following problem:
> My application must support different geographical regions. A logged-in user 
> is assigned a region. This uses info is stored in Session. My EOs have 
> business logic that must act region specific. How can I let the EOs know 
> about the current region (from session().currentUser().region() )? The 
> business logic is in its own framework and knows nothing about sessions 
> (which is how it supposed to be). Would ERXThreadStorage be of any help here?
> 
> Example of what I need:
> Entity Product has a region specific product description. So simple accessors 
> "description()" and "setDescription(String text)" are not good enough. The 
> logic inside these accessors MUST take the current user's region into account.
> 
> I used to have my own editing context class with a session instance variable. 
> This worked before because I had the business logic and all the controller 
> code in the same project. Now with the separation into different projects 
> this does not work anymore (which is actually quite ok, I know it was a 
> kludge before).
> 
> Thanks for any help
> ---markus---
> ___
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/webobjects-dev/mark%40wardle.org
> 
> This email sent to m...@wardle.org

 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Making EOs aware of session properties (I know they should not but I need this anyway)

2015-11-07 Thread Jean-François Veillette 
There is an userInfo dictionary in the editing context, you can store stuff in 
there as well.  At page level, when you have access to all contextual 
information (local, user, etc.) it’s time to set that in the editingContext 
userInfo dictionary before you trigger your core methods.

Depending on the use case, ERXThreadStorage or EOEditingContext userInfo are 
good candidates.

jfv


> Le 7 nov. 2015 à 10:38, Ken Anderson  a écrit :
> 
> Is currentUser not an EO?  I’m guessing not, otherwise you wouldn’t have this 
> problem :)
> 
> Are the EOs shared across sessions?  If not, you could always subclass ERXEC 
> and add a region property, then set your subclass as the factory EC.  When 
> the user logs in and the session is created, set the region of the default EC 
> to be the region of the user.
> 
>> On Nov 7, 2015, at 9:56 AM, Markus Ruggiero > > wrote:
>> 
>> Folks,
>> 
>> I have the following problem:
>> My application must support different geographical regions. A logged-in user 
>> is assigned a region. This uses info is stored in Session. My EOs have 
>> business logic that must act region specific. How can I let the EOs know 
>> about the current region (from session().currentUser().region() )? The 
>> business logic is in its own framework and knows nothing about sessions 
>> (which is how it supposed to be). Would ERXThreadStorage be of any help here?
>> 
>> Example of what I need:
>> Entity Product has a region specific product description. So simple 
>> accessors "description()" and "setDescription(String text)" are not good 
>> enough. The logic inside these accessors MUST take the current user's region 
>> into account.
>> 
>> I used to have my own editing context class with a session instance 
>> variable. This worked before because I had the business logic and all the 
>> controller code in the same project. Now with the separation into different 
>> projects this does not work anymore (which is actually quite ok, I know it 
>> was a kludge before).
>> 
>> Thanks for any help
>> ---markus---
>> ___
>> Do not post admin requests to the list. They will be ignored.
>> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/webobjects-dev/kenlists%40anderhome.com
>>  
>> 
>> 
>> This email sent to kenli...@anderhome.com 
> 
> 
> ___
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com 
> )
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/webobjects-dev/jean_francois_veillette%40yahoo.ca
>  
> 
> 
> This email sent to jean_francois_veille...@yahoo.ca 
> 
 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Making EOs aware of session properties (I know they should not but I need this anyway)

2015-11-07 Thread Ken Anderson 
Is currentUser not an EO?  I’m guessing not, otherwise you wouldn’t have this 
problem :)

Are the EOs shared across sessions?  If not, you could always subclass ERXEC 
and add a region property, then set your subclass as the factory EC.  When the 
user logs in and the session is created, set the region of the default EC to be 
the region of the user.

> On Nov 7, 2015, at 9:56 AM, Markus Ruggiero  wrote:
> 
> Folks,
> 
> I have the following problem:
> My application must support different geographical regions. A logged-in user 
> is assigned a region. This uses info is stored in Session. My EOs have 
> business logic that must act region specific. How can I let the EOs know 
> about the current region (from session().currentUser().region() )? The 
> business logic is in its own framework and knows nothing about sessions 
> (which is how it supposed to be). Would ERXThreadStorage be of any help here?
> 
> Example of what I need:
> Entity Product has a region specific product description. So simple accessors 
> "description()" and "setDescription(String text)" are not good enough. The 
> logic inside these accessors MUST take the current user's region into account.
> 
> I used to have my own editing context class with a session instance variable. 
> This worked before because I had the business logic and all the controller 
> code in the same project. Now with the separation into different projects 
> this does not work anymore (which is actually quite ok, I know it was a 
> kludge before).
> 
> Thanks for any help
> ---markus---
> ___
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/webobjects-dev/kenlists%40anderhome.com
> 
> This email sent to kenli...@anderhome.com


 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Making EOs aware of session properties (I know they should not but I need this anyway)

2015-11-07 Thread Markus Ruggiero 
Folks,

I have the following problem:
My application must support different geographical regions. A logged-in user is 
assigned a region. This uses info is stored in Session. My EOs have business 
logic that must act region specific. How can I let the EOs know about the 
current region (from session().currentUser().region() )? The business logic is 
in its own framework and knows nothing about sessions (which is how it supposed 
to be). Would ERXThreadStorage be of any help here?

Example of what I need:
Entity Product has a region specific product description. So simple accessors 
"description()" and "setDescription(String text)" are not good enough. The 
logic inside these accessors MUST take the current user's region into account.

I used to have my own editing context class with a session instance variable. 
This worked before because I had the business logic and all the controller code 
in the same project. Now with the separation into different projects this does 
not work anymore (which is actually quite ok, I know it was a kludge before).

Thanks for any help
---markus--- ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com