PROTECTED]
--
Max Cooper [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
See the thread File-Upload: Progress-Bar that has been going on over the
last few days.
-Max
- Original Message -
From: Frank Burns [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Saturday, March 20, 2004 1:57 AM
Subject: Recommend file upload progress bar
I
A simpler solution that may still meet your needs might be to use an
animated GIF on a pop-up just to give the user some feedback that the upload
is still in progress and that they should be patient.
You could setup something like this:
The HTML form with upload file input element has a hidden
David,
I think it is unusual to design the security system such that you must
switch identities to meet your requirements. It may be worth rethinking your
security system design so that a user will remain who they are, but be
allowed to access resources that fall under their responsibility.
As a
The app probably did not deploy. Consult the server log to figure out why.
-Max
- Original Message -
From: Iwan Soenarto (IT) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 18, 2004 12:18 AM
Subject: Problem in Deploying
HTTP Status 404 -
I would look for a server setting before I wrote code to solve the problem.
-Max
- Original Message -
From: Joao Batistella [EMAIL PROTECTED]
To: 'Struts Users Mailing List' [EMAIL PROTECTED]
Sent: Thursday, March 18, 2004 12:38 PM
Subject: [Off-topic] How to invalidate a session when a
If the hacker thinks that 7 character passwords may be allowed, they might
waste a considerable amount of time trying all 1-to-7 character
combinations. If you tell them the minimum is 8 chars, they can save a lot
of time by not trying those shorter passwords.
Also, if the minimum length is
The last user to log into the system has their details available to all
other users logged in.
Be really specific about you mean here, and give a few details about the
deployment environment.
- What session information appears to be shared by the users?
- Can you demonstrate the session problem
On Thu, 2004-02-26 at 23:01, Pradeep, PK wrote:
I think whatever you do you can't make JSP and Action Class independent.
Where are you populating ActionForm Object from the results from service
layer? In Action class only right? Which you know very well for which
JSP page it will be
I am not sure this will be a complete solution to your problem, but try:
moduleConfig.addForwardConfig(new ActionForward(mypath,myurl,true));
ActionForm extends ForwardConfig, not the other way around.
-Max
On Fri, 2004-02-27 at 03:22, Vano Beridze wrote:
Hello
I've got
struts 1.1
sun
I consider the ActionForms to be part of the view primarily. They should
both collect submitted data and provide the JSP (or other view
components) with most or all the data they need to render the page (camp
2). I say 'most' only because sometimes custom tags can be useful for
getting data for
I'm the primary author of the SecurityFilter project, and the filter
logic is a bit more complicated than the code that was posted. Even if
you decide not to use SecurityFilter, it is probably worth a look at the
doFilter() method.
Some issues that you will/may have to deal with:
1. Filter
Put it in the ActionForm.
-Max
- Original Message -
From: Pradeep, PK [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Wednesday, February 25, 2004 6:51 AM
Subject: data transfer from Action class to jsp page
I have this basic question.
Suppose action
You can't mix static text and a %= % in the same attribute value.
Here is the solution:
property=%= popupSrc + p2 %
-Max
- Original Message -
From: Daniel Lipofsky [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, February 24, 2004 4:24 PM
Subject: expanding %=...%
In the JSP
Define what you mean by where the request is coming from and what kind of
processing you would like to optionally perform. It is not clear what you
are trying to accomplish -- give some more details so we can help.
-Max
- Original Message -
From: Ramadoss Chinnakuzhandai [EMAIL
Implement container-managed security, use SecurityFilter
(http://www.securityfilter.org), or implement your own filter-based security that will
answer request.isUserInRole() calls to make the role information available to Struts.
-Max
- Original Message -
From: [EMAIL PROTECTED]
Nathan,
Struts actually uses a Servlet rather than a Filter. But you are right about
Filters in general -- requests can pass through as many filters as you have
configured. If you have both SecurityFilter and Struts in the same app,
SecurityFilter will always be called first (when the request URL
]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Max Cooper [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
,
Dora Raymaker
Sr. Technical Writer
XO Communications, Interactive Division
503.972.6808
[EMAIL PROTECTED]
--
Max Cooper [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e
Andrew's procedure is what my team has done on one project, too. Originally,
we tried getting the ActionForward and changing it directly, but it turns
out that is a shared instance and changing the original was messing up other
requests. After we discovered this problem, we switched to Andrew's
URL does not change even after changing actionThis is likely a forward vs. redirect
issue...
Forward: happens on the server, one action forwards the current request to another.
The browser never knows about it, so the URL in the address bar does not change. If
the original request was for
Another nice option is SmartCVS (http://www.smartcvs.com). It is a pure Java
GUI app that is available as a free version or a reasonably priced
commercial version (with more features). One especially nice thing about
SmartCVS is that it is easy to setup for CVS over SSH access. I don't mind
Two issues may be at work here:
1. It isn't valid to have a JSP tag render an attribute value for another
JSP tag. This might work instead, depending on the scope of styleVar:
html:text
name=Customer
property =Name
maxlength=256
size=256
style=%=styleVar%
/
2. Are you missing the %@
My perspective is that there is still value in having an ActionForm for that
example. I generally think it is best for your Actions to pass information
to the JSPs that render them through an ActionForm rather than putting
things in the request or session directly. For this reason, I think it
Is a compiled com.topit.action.WellcomeAction class file in the classpath
for your web app (WEB-INF/classes or WEB-INF/lib)? It seems to be saying
that it couldn't create an instance of your Action class for that path.
-Max
- Original Message -
From: Daniel [EMAIL PROTECTED]
To: [EMAIL
Use a regular form tag for the login page. The form will not be submitted to
a Struts action but rather it will be processed by the filter. There is no
way to call an Action during the authentication process. This is very
similar to how container-managed security works.
One difference between
with an Action, or have an Action do
additional authentication-time processing when the login page is submitted.
-Max
- Original Message -
From: Max Cooper [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Friday, January 30, 2004 1:19 PM
Subject: Re: SecurityFilter with Struts
Could your struts-bean.tld file be damaged? It seems like the exceptions you
posted are ocurring when the .tld file is being parsed, rather than when the
server is reading your web.xml specifically.
WILD GUESSES: Look for urn in the .tld file -- the parser seems to think
there is an XML element
solve my problem.
We are using websphere 5.0. We are not using ant though...
If you can give me little more details on the configuration stuff and how
to specify a particular jsp to be converted into an html, that would be
great...
-Jacob
Max Cooper [EMAIL PROTECTED] wrote:
View Source
The tag attribute value must be one big %= % or static text. You can't mix
static text and a %= %. This is a limitation of JSP, and not something
strange with Struts JSP tags in particular. Fortunately, it is pretty easy
to create a %= % expression that will have the value you want.
Instead of:
View Source ... Save As works generally, but browsers sometimes mess with
the HTML in subtle ways (netscape used to add an HTML base tag, for
instance), so I would be very wary of using that technique (diff users
w/diff browser, changes after browser upgrade, etc.). The command-line tools
curl or
, but mine keeps asking for
/images/deniserichards.jpg
hmmm
-Original Message-
From: Max Cooper [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 15, 2004 7:20 PM
To: Struts Users Mailing List
Subject: Re: JSP Protection
The images are requested directly by the browser, so they must
My guess is that it is finding and executing the servlet, but that something
goes wrong while the servlet is being processed. It looks like it drops down
into some JSPs, and that seems to be the source of the exception.
We need to know more about what that servlet does. I see Struts classes in
This seems telling:
[javac] javac: invalid flag: C:\Program
It seems like some kind of path with a space in it is being passed to the
compiler, but it is not being quoted properly.
javac -classpath C:\Program Files\somelib\lib.jar ...
(should be: javac -classpath C:\Program
The images are requested directly by the browser, so they must be accessible
from the outside. Here's a little browser-server dialog to illustrate how it
works:
Browser: please give me /DoSomething.do
Server: Here you go... (server invokes Struts action servlet, action servlet
invokes the
for your suggestions immediate response,
Regards,
viru
- Original Message -
From: Max Cooper [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Wednesday, January 14, 2004 12:30 PM
Subject: Re: Database pool full.
My guess is that you have a connection leak
My guess is that you have a connection leak somewhere. Does this problem
start occurring immediately, or does it only show up after visiting a number
of pages in the site?
Various db pools have different ways of dealing with no connections being
available. Often, you can configure which strategy
Dipak,
Are you certain that the filter will be invoked on the /j_security_check
request when container-based security is used? I have not tested this, but
it would not surprise me to find that some containers do not execute filters
on /j_security_check requests. I don't know if the Servlet Spec
http://www.fiskars.com/ is using Struts, too.
-Max
- Original Message -
From: Andy Engle [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Thursday, December 18, 2003 7:58 AM
Subject: Re: URGENT - Help defending Struts
[EMAIL PROTECTED] wrote:
Our CIO is
Two threads can access and use the same object from the session at the same
time. Struts does not prevent this from occurring.
It is something to worry about unless you want to be woken up with bug
reports in the middle of the night. :-)
-Max
- Original Message -
From: Joe Hertz [EMAIL
Even though you got a few different objects with those calls, they all
represent the same conceptual session underneath. The concept of a session
would be worthless otherwise. In other words, if you stash a reference to
some object in the session, you will be able to get a reference to that same
I am sure part of it is just that he doesn't want to choose something that
doesn't have a lot of mind/market share. How many people use something is a
decent (but not perfect) indicator of how likely it will be that support
will be available in the future, and that the skills acquired in learning
Agreed. I wasn't thinking that the question was to literally synchronize on
the session object itself. I see now that that may have been the original
intent. Synchronizing on the session object itself seems like a really
dangerous idea to me (invitation for deadlock, performance issues). And
Most (all?) containers pool the request-handler threads, so it won't be
creating hibernate sessions for each request. It would still be thread safe,
since a single thread won't be used to process two requests simultaneously.
This sounds like a good approach to me -- safe and likely to perform just
You have only two choices for making request.isUserInRole() work:
1. Use container-managed security.
2. Use or create a Filter-based security system where you wrap the the
request objects in order to implement the isUserInRole() method. You can't
do this without writing a filter.
The
How does your FindEditorData class get called? It is the responsibility of
the caller to tell this class who the user is. I assume that there is an
Action mixed in here since the call is made in response to an HTML form
being submitted. Have your Action figure out who the user is
The submit button exists on the client. The Action code executes on the
server. Action code cannot reach out and disable a submit button on the
client.
However, you can have the Action decide in advance that the page the browser
will render has its submit button disabled. Consider an ActionForm
That one is pretty simple:
- Use a GET request so the programId is part of the URL.
- Store the whole URL, including the query string.
- Redirect back to the URL (including query string) after the login.
The more difficult case is POSTed parameters that don't show up on the query
string. All
Craig Edwards [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] says...
You could do that... or you could do it the J2EE way, decleratively
without any coding, letting container do it that way:
Thanks for the reply Vic. I can see how
Scriptlets let you do anything you want in your JSP. Many kinds of
processing don't belong in JSPs. Disallowing scriptlets discourages/prevents
writing complex logic in JSPs. That might keep your application architecture
more tidy. Or it might just anger your JSP authors. Opinions differ, but I
1. Here is at least one problem, fix this first:
java.lang.ClassNotFoundException: pu.strutsapp.actionform.LogonForm
Perhaps the package structure does not match the structure in
WEB-INF/classes?
2. You need the other jars that come with Struts in your WEB-INF/lib
directory.
3. There are some
That approach breaks the page-level addressibility advantage that building
web apps generally affords, however. The breakage is that the user won't be
sent back to the page they requested after they login.
Container-managed security offers robust and time-tested security for your
Actions/pages,
The answer is yes, but not in the way you are thinking.
You cannot send a stream of HTML and image data together and expect the
browser to display it. You can send a stream of HTML data with references to
image data (IMG tags) and the browser will make a separate request for
each of the images.
__
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Max Cooper
I don't know anything about the nested tags, but it seems very unlikely that
this code, as a complete JSP, could work:
%@ taglib uri=/WEB-INF/tld/struts-nested.tld prefix=nested %
nested:root
nested:write property=objName /
/nested:root
What bean is objName a property of? This seems to
You may want to write a separate servlet to serve the image data. That
allows you to implement getLastModified() and allow proper browser-caching
support, which can significantly increase the speed of your pages if the
user is likely to view the images more than once. We did this with an Action
The recommendation is simply to have Actions handle all of your app's
requests, rather than sending users to bare (no Action in front) JSPs.
That means that the user's browser should never have a URL that ends in
.jsp. Some of your Actions may be pretty thin in that all they do is forward
to the
You can use HttpServletResponse.sendRedirect(): http://tinyurl.com/sdgg
Or, and I'm not sure if this works or not, you could have a forward in your
action mapping like this:
forward path=http://othersite.com/; redirect=true/
-Max
- Original Message -
From: ajay brar [EMAIL PROTECTED]
The input page is specified in the action mapping. Use separate action
mappings for each input page (add.jsp and edit.jsp). You can use the same
Action class for both.
-Max
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, October 24, 2003 12:15 PM
That seems like some kind of XML parsing error. I validated your web.xml and
it passed (no errors). Perhaps there is an XML error in your
struts-config.xml?
The element type null thing makes me think there is a lone '' in the file
somewhere with a space after it. The parser would read the '' and
It might be deadlock of a dining philosophers nature. Consider a request
that takes 2 simultaneous database connections to process. You have a db
connection pool with 5 connections in it. If 5 of these
2-connection-requiring requests come in at once, each request-handler thread
might grab one
I forgot to list one of the easy solutions:
- If you know that your worst offender request takes 3 simultaneous db
connections, and that you have 15 request handler threads, set the max size
of your db connection pool to 3x15 = 45 connections.
-Max
- Original Message -
From: Max Cooper
First, I understand your motivation -- HTML file size can be a big
performance problem for many apps. We did some analysis on a project that I
was on and it turned out the server was quite fast, but that HTML file
transfer time and then browser redering time were the major factors in
actual
2. Putting struts.jar in that location seems like a very bad idea to me.
Whenever possible, put the jars for your application in your application's
WEB-INF/lib dir. You can almost always do this, and it makes your app more
of a self-contained unit. Having dependencies on non-standard libraries
The forward is a forward, not necessarily a request that Struts will know
how to handle when it comes in from the outside (which is what will happen
with a link). With the JSP residing in the WEB-INF subtree, it could not be
served directly anyway.
You probably want to setup a doGetCostCenter
It could be that there is a broken image reference or something (stylesheet,
etc.) in the login error page that is requesting a protected resource. That
request may reset the URL that the container is holding onto to send the
user to, so that they get sent to the wrong place when their login
The second problem is likely an infinite redirection loop:
Browser: I want http://server/page.jsp
Server: Go to https://server/page.jsp
Browser: I want https://server/page.jsp
Server: Go to http://server/page.jsp
Browser: I want http://server/page.jsp
Server: Go to https://server/page.jsp
...
IntelliJ IDEA is capable checking your JSPs at the end of a build. It
takes a long time, though, which I suspect means that it is compiling them
all to .java and then to .class files. I don't know if it is possible to use
these compiled versions or not, but it can be useful as a check. It does not
Struts is looking for the action form defined for the /kiosk action (since
that is what the html:form submits to on your page. The action or action
form does not exist, so you get the error of Struts looking for the null
action form.
Use a regular HTML form tag to evade that issue, or define the
Use container-managed security, or this filter-based clone, for which I am
the project leader: http://securityfilter.sourceforge.net/. The Servlet spec
contains the information needed to get started with container-managed
security. Your app server documentation will have information about how to
If the missing fields are display-only, you might need to add hidden fields
to carry their values along in the request when the page is submitted so
that they will be available on a validation error.
reset() is called before the ActionForm is populated with the values from
the request, so I don't
That is working as designed. The Action (mapping) doesn't exist, so you get
a 404 error. This seems like the appropriate behavior to me.
-Max
- Original Message -
From: Peter Ondruska [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 06, 2003 12:09 PM
Subject: error code 404
are the advantages/disadvantages? If
I am out of the loop on some product/project/standard/technology in this
area, I'd like to hear about those, too.
-Max
- Original Message -
From: Max Cooper [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Saturday, October 04
The requirement to allow a given to user to see only a subset of the data in
a particular table is a relatively common one. For instance, in a sales
reporting application, you may have a table of total monthly sales for a
number of territories and a given user may only be allowed to view/edit one
I should have proofread my message before sending. Sorry. If one of my
statements doesn't make sense, look here for a correction. Fixes:
--
A mechanism that allowed you to register a security module with a
particular
(or a set of) Struts modules is also possible.
A mechanism that allowed you to
Is your webapp actually deployed (as opposed to simply uploading the files)
on that server? It seems like Struts is not running or your web.xml is
messed up if the server is not forwarding *.do requests to the Struts
ActionServlet.
-Max
- Original Message -
From: ajay brar [EMAIL
The container knows to look for the servlet that you have named 'action', so
at least the servlet-mapping element is present. Are you sure that you
have a servlet element in your web.xml for the Struts action servlet, and
that it's servlet-name is 'action' (without the quotes)?
Assuming you do
Do you have the form-error-page set to something different than the
form-login-page? That is the normal means to inform the user that
something was wrong with the username/password combo they typed in. Of then
the form-error-page is nearly identical to the form-login-page, except
that a bad
Struts has a tag that will put the context path on the front of the src URL
for you. Here's an example:
html:img page=/images/leiste_oben.jpg width=430 height=80 border=0
alt=/
If you want to reserve the option to internationalize what image gets
displayed, Struts has good support for that, too.
Joshua,
I am not sure I understand quite what you want to do, but you can use the
redirect attribute of a forward element in struts-config.xml to do a
redirect:
forward path=/foo.jsp redirect=true /
-Max
- Original Message -
From: White, Joshua A (HTSC, CASD) [EMAIL PROTECTED]
To:
I don't think it is valid JSP syntax to nest tags like that. I have tried
stuff like that in the past and concluded that you cannot use one JSP custom
tag to render an attribute value for another JSP custom tag.
This might be an alternative:
tiles:useAttribute id=sectionURL name=section_url/
I like Tiles, too, and think it is definitely worth a look for your site.
One of the best parts about it relative to some other page templating
techniques is that tiles page definitions support inheritance so you don't
have to specify the same stuff over and over for each page. Your proposed
What's with this?:
Drug and alcohol abusers will vehemently deny their addiction, especially
UNIX systems administrators...
Are Unix Sys Admins the hardest partyers of the IT bunch? Or maybe the
author thinks that Unix is over, and that the sysadmins are just in denial
about that and thus prone
sslext:rewrite / can render URLs to stick into the area href's.
-Max
- Original Message -
From: Mick Knutson [EMAIL PROTECTED]
To: struts [EMAIL PROTECTED]
Sent: Thursday, September 25, 2003 1:23 PM
Subject: Re: SSLExt and useMap?
I have an HTML image map that needs to use the
Fax
---
- Original Message -
From: Max Cooper [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Thursday, September 25, 2003 1:29 PM
Subject: Re: SSLExt and useMap?
sslext:rewrite / can render URLs to stick into the area href's.
-Max
- Original
)
at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:455)
---
Thanks
Mick Knutson
http://www.baselogic.com
+001(805) 563-0666 Office
+001 (708) 570-2772 Fax
---
- Original Message -
From: Max Cooper [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Thursday, September
, 2003 2:35 PM
Subject: Re: And now for something completely different... [OT]
Oh I see, Max, it sounds like you might be a Unix systems administrator
yourself... ;)
is it Friday yet?
On 09/25/2003 10:28 PM Max Cooper wrote:
What's with this?:
Drug and alcohol abusers
Creating an index.do is one option. If it is not marked as secure, sslext
will write an absolute URL back to http:// for it. Many Struts users
advocate that all requests should be served by Actions, even if the action
merely forwards to a JSP.
I think you can also use the secure attribute in the
I don't like HTML base tags, generally, because they make debugging
confusing and they specify something that has no value (doesn't help, but
reduces flexibility, and might break stuff). I have heard some
justifications for their use, but I've written thousands of web pages and
never needed one. I
I agree with Matt here wholeheartedly.
If you build an app that runs in a web browser, your app should work
properly in that environment. Asking users not to use the Back button is not
a reasonable expectation, and trying to hide it with JavaScript or other
hacks is folly.
However, there are
Edgar,
What is your aim in doing this? If there is a validation error, the Struts
framework sends the user back to the input page to inform them of the
problem, and possibly allow them to fix it and resubmit. If the request
still gets passed to the action, the action will need to do conditional
Message -
From: Stephane Grenier [EMAIL PROTECTED]
To: Max Cooper [EMAIL PROTECTED]; Struts Users Mailing List
[EMAIL PROTECTED]
Sent: Friday, September 12, 2003 5:40 PM
Subject: Re: sslext can only get it to post
Hello Max.
Thank you for the information. You cleared up some vagueness in my
Stephane,
The parameters are getting appended to the URL because sslext is doing a
redirect. So the POST is probably working, but then sslext thinks the
request should have arrived on the other port, and since you can't do a POST
in a redirect, sslext appends the POSTed data to the URL as a query
: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Max Cooper [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
, September 08, 2003 11:12 PM
Subject: Re: Icon?
On Mon, 2003-09-08 at 03:27, Max Cooper wrote:
Two things come to mind:
1. Do you want an icon that will show up in a browser when a user
accesses
your application/site? If so, you need to do something else -- the
icon
part of the servlet
/internet/110599I.html
-Max
- Original Message -
From: Bjørn T Johansen [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 08, 2003 11:12 PM
Subject: Re: Icon?
On Mon, 2003-09-08 at 03:27, Max Cooper wrote:
Two things come to mind:
1. Do you
Keep these things in mind as you develop a solution:
1. There is absolutely no way to prevent users from making whatever requests
they want. Bookmarking, typing in URLs, emailing URLs, etc. are all possible
and there is nothing that can be done to prevent people from making these
requests.
2.
That is kind of an open-ended question, but here are two alternatives
and some problems associated with them:
1. Filter -- some containers require that a request really does map to a
resource, so even if the Filter mapping matched the request you could
end up with 404 errors in the case where the
Two things come to mind:
1. Do you want an icon that will show up in a browser when a user accesses
your application/site? If so, you need to do something else -- the icon
part of the servlet spec seems to indicate that it is for GUI tools (like
your app server's management console) rather than
You can't change the request parameters at all. (Technically, you can change
them with a Filter, but that would not be appropriate here, so they are
essentially immutable in this context.)
Use a redirect after the login action rather than a forward. That way the
URL in the browser will match what
1 - 100 of 245 matches
Mail list logo