Re: Re: Re: Url rewriting of .action to .jsp

Sorry that was confusing. A new ModelDriven Interface would be better. ModelFacing from an Implementation perspective: - push the Model object to the top of the stack such that members can be set directly (same as model driven) - register a pre-result listener, which will revert the action class t

Re: Url rewriting of .action to .jsp

2013/9/22 Lukasz Lenart : > You should never ever allow to access JSPs directly! Thus can be > potential security risk! > > What you want to achieve are two actions: > - login-form.action to display login form > - login.action to submit login form to and perform validation/user login There is one

Re: Re: strict DMI, was: Url rewriting of .action to .jsp

Done https://cwiki.apache.org/confluence/display/WW/Action+Configuration#ActionConfiguration-DynamicMethodInvocation 2013/10/1 Christoph Nenning : >> > >> > Would you please have a look at the sample app and tell me what I am > doing >> > wrong? >> > >> > > https://github.com/wolpi/struts2-sample

Antwort: Re: strict DMI, was: Url rewriting of .action to .jsp

> > > > Would you please have a look at the sample app and tell me what I am doing > > wrong? > > > > https://github.com/wolpi/struts2-samples/tree/master/dmiandactionmappingtest > > > > It must be true, if false whole DMI logic is off. > > class="struts2.samples.dmiandactionmappingtest.act

Re: strict DMI, was: Url rewriting of .action to .jsp

2013/9/30 Christoph Nenning : > Finally I continued with my strict DMI tests. > > While creating a sample app I discovered that the above was wrong. It is a > CSRF protection interceptor in the other app which made me think that !add > was blocked by the framework. > > > But I could not get strict

Re: strict DMI, was: Url rewriting of .action to .jsp

> >> > But still: method:add works while !add does not. > >> > >> If you could prepare a small demo app, I'd like investigate that. > >> > >> > > > > I can do so next week, sorry for the delay > > No problem, I'm busy too ;-) > > Finally I continued with my strict DMI tests. While creating a s

Re: Re: Re: Url rewriting of .action to .jsp

@Ken I'm bit lost with your mails, right now I don't know what you want - new Model interfaces or current ModelDriven approach is valid? Maybe start a new discussion? Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ 2013/9/26 Ken McWilliams : > ...more often than not, NOT what I wan

Re: Re: Re: Url rewriting of .action to .jsp

...more often than not, NOT what I want (wrt: "Maybe it's just me but for some reason this is more often than not what I want (I want the model towards the request but not towards the view), so I need to forgo ModelDriven."). Sorry everyone! On Wed, Sep 25, 2013 at 7:39 PM, Ken McWilliams wrote:

Re: Re: Re: Url rewriting of .action to .jsp

Sorry should have read the last couple lines before posting! It was in defense of ModelBacking suggesting that the congruent structure could allow us to publish the action into the stack and then handle it knowing the interface. A certain result type for instance could require a specific backing mo

Re: Re: Re: Url rewriting of .action to .jsp

Not sure if this is the place to bring this up, this is an annoyance coming from ModelDriven may offer a solution... Issue: It's hard to get past the model if you want to add more attributes to the action. Also when using ModelDriven the same view of the action is applied from the HTTP side as the

Re: Re: Re: Url rewriting of .action to .jsp

2013/9/24 Christoph Nenning : >> > But still: method:add works while !add does not. >> >> If you could prepare a small demo app, I'd like investigate that. >> >> > > I can do so next week, sorry for the delay No problem, I'm busy too ;-) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.

Re: Re: Re: Url rewriting of .action to .jsp

> > But still: method:add works while !add does not. > > If you could prepare a small demo app, I'd like investigate that. > > I can do so next week, sorry for the delay This Email was scanned by Sophos Anti Virus

Re: Re: Re: Url rewriting of .action to .jsp

2013/9/24 Christoph Nenning : > But still: method:add works while !add does not. If you could prepare a small demo app, I'd like investigate that. Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe,

Re: Re: Re: Url rewriting of .action to .jsp

> >> > Yeah, I like the idea of strict-DMI. Right now I could not get it > > working > >> > with the convention pulgin, can investigate next week. > >> > >> That's why I want to have programmable configuration in XWork and then > >> XML or Convention configuration via plugins - there strict path h

Re: Re: Re: Url rewriting of .action to .jsp

2013/9/24 Christoph Nenning : >> > Yeah, I like the idea of strict-DMI. Right now I could not get it > working >> > with the convention pulgin, can investigate next week. >> >> That's why I want to have programmable configuration in XWork and then >> XML or Convention configuration via plugins - th

Antwort: Re: Re: Url rewriting of .action to .jsp

> > Yeah, I like the idea of strict-DMI. Right now I could not get it working > > with the convention pulgin, can investigate next week. > > That's why I want to have programmable configuration in XWork and then > XML or Convention configuration via plugins - there strict path how to > add new co

Re: Re: Url rewriting of .action to .jsp

2013/9/24 Christoph Nenning : > Yeah, I like the idea of strict-DMI. Right now I could not get it working > with the convention pulgin, can investigate next week. That's why I want to have programmable configuration in XWork and then XML or Convention configuration via plugins - there strict path

Antwort: Re: Url rewriting of .action to .jsp

> >> Hi all, > >> I'm using DMI to call "input" method extensively, > >> almost in every Edit*Action. > >> I call it with ParamsPrepareParams stack. > >> > >> I fully understand that allowing DMI is a security problem. > >> But maybe some kind of balance could be achevied. > >> White listing with a

Re: Url rewriting of .action to .jsp

Am 23.09.2013 20:32, schrieb Lukasz Lenart: 2013/9/23 Paweł Wielgus : Hi all, I'm using DMI to call "input" method extensively, almost in every Edit*Action. I call it with ParamsPrepareParams stack. I fully understand that allowing DMI is a security problem. But maybe some kind of balance could

Re: Url rewriting of .action to .jsp

2013/9/24 Paweł Wielgus : > One more side note, > if i understand it wright, > in my case (Edit input and execute methods) > wildcard mapping would be better from framework perspective > but it needs to be wriitten in xml configuration. > > Whereas DMI do not require me to write any xml, > but is n

Re: Url rewriting of .action to .jsp

One more side note, if i understand it wright, in my case (Edit input and execute methods) wildcard mapping would be better from framework perspective but it needs to be wriitten in xml configuration. Whereas DMI do not require me to write any xml, but is not first class citizen in terms of framew

Re: Url rewriting of .action to .jsp

Hi Lukasz, i see no problem for me in solution described by You. Off course i'm no security expert here. Best greetings, Paweł Wielgus. 2013/9/23 Lukasz Lenart : > 2013/9/23 Paweł Wielgus : >> Hi all, >> I'm using DMI to call "input" method extensively, >> almost in every Edit*Action. >> I call

Re: Url rewriting of .action to .jsp

2013/9/23 Volker Krebs : > Am 23.09.2013 11:05, schrieb Christoph Nenning: >>> >>> >>> Just a hint: DMI can be dangerous and we think about removing it. >>> >> That would force us to do heavy refactorings in all our applications. > > > Removing DMI completely would break a lot of applications. > Ho

Re: Url rewriting of .action to .jsp

2013/9/23 Paweł Wielgus : > Hi all, > I'm using DMI to call "input" method extensively, > almost in every Edit*Action. > I call it with ParamsPrepareParams stack. > > I fully understand that allowing DMI is a security problem. > But maybe some kind of balance could be achevied. > White listing with

Re: Url rewriting of .action to .jsp

Hi all, I'm using DMI to call "input" method extensively, almost in every Edit*Action. I call it with ParamsPrepareParams stack. I fully understand that allowing DMI is a security problem. But maybe some kind of balance could be achevied. White listing with annotations would not be bad for me also

Re: Url rewriting of .action to .jsp

Am 23.09.2013 11:05, schrieb Christoph Nenning: Just a hint: DMI can be dangerous and we think about removing it. That would force us to do heavy refactorings in all our applications. Removing DMI completely would break a lot of applications. How about white-listing methods ? At the moment

Re: Url rewriting of .action to .jsp

> > Just a hint: DMI can be dangerous and we think about removing it. > That would force us to do heavy refactorings in all our applications. This Email was scanned by Sophos Anti Virus

Re: Url rewriting of .action to .jsp

Just a hint: DMI can be dangerous and we think about removing it. 2013/9/23 Christoph Nenning : > It seems a little late to join this discussion, but anyway here is what I > think. > > > Per default the framework shows validation errors for simple GET requests. > > The easiest way to work around t

Re: Url rewriting of .action to .jsp

It seems a little late to join this discussion, but anyway here is what I think. Per default the framework shows validation errors for simple GET requests. The easiest way to work around that is to add "!input" to the url, like this: login!input.action You can bookmark that and generate link

Re: Url rewriting of .action to .jsp

"You cannot forward to actions" Thanks, that was the idea that was missing from my understanding. Got it working the way I wanted in a minute :) Many thanks - appreciated :) Serdyn du Toit On Mon, Sep 23, 2013 at 8:47 AM, Lukasz Lenart wrote: > 2013/9/22 Serdyn du Toit : > > What I have now

Re: Url rewriting of .action to .jsp

2013/9/22 Serdyn du Toit : > What I have now is as follows: > > > > /admin/login/login.jsp > > class="com.d6.admin.login.AdminUserLoginAction"> > /admin/login/login-form.htm > /admin/dashboard/dashboard.htm > >

Re: Url rewriting of .action to .jsp

Okay, I got the second result working: /admin/dashboard/dashboard.htm Now, just the first one I'm still having problems with as I don't want to redirect /admin/login/login-form.htm On Sun, Sep 22, 2013 at 11:16 PM, Serdyn du Toit wrote: > Thanks guys, > > Just having a bit of trouble

Re: Url rewriting of .action to .jsp

Thanks guys, Just having a bit of trouble getting it 100% - sorry for the trouble (my first Struts project) What I have now is as follows: /admin/login/login.jsp /admin/login/login-form.htm /admin/dashboard/dashboard.htm

Re: Url rewriting of .action to .jsp

You should never ever allow to access JSPs directly! Thus can be potential security risk! What you want to achieve are two actions: - login-form.action to display login form - login.action to submit login form to and perform validation/user login Instead thinking about JSPs behind, think about ac

Re: Url rewriting of .action to .jsp

That's because you are submitting that action. If that's not what you intended, I don't understand what you are trying to achieve. The setting I suggested allows you to rename the .action url extension to .jsp (or .html). (*Chris*) On Sun, Sep 22, 2013 at 1:30 AM, Serdyn du Toit wrote: > Hi

Re: Url rewriting of .action to .jsp

Hi Chris, Not exactly what I'm looking for, If I now type: http://localhost:8080/rf-adminweb/admin/login/login.jsp Then it thinks I'm submitting the form - so my form validation errors get displayed. (ie it thinks I'm submitting the form: http://localhost:8080/rf-adminweb/admin/login/login.

Re: Url rewriting of .action to .jsp

Put the following in your struts.xml configuration file: I actually prefer: since it hides the underlying technology just a bit better and makes a tiny bit harder for someone to guess how to hack it. It's not high security, but every little bit helps. (*Chris*) On Sat, Sep 21, 2013 a

Url rewriting of .action to .jsp

Hi, I have the following Struts action defined in Xml: /admin/login/login.jsp /admin/dashboard/frames.jsp When I submit the page and validation fails my browser has the following Url: http://localhost:8080/webapp/admin/login/login.acti