Hello i've a site that behave this way:
ContextPath = /myapp
Namespace = /user
Action = view
So, I deploy an application called mypath.war and I handle urls like:
/myapp/user/view.action
I wish to handle multilanguage and i wish to handle it in the url,
like /en /de /fr /de and so on.
Since
Yes, but i want to make some nice SEO urls.
Thanks anyway
On Fri, Apr 15, 2011 at 11:09 AM, Partha Chakraborty
par...@ontrackindia.com wrote:
You can send that as parameter
Partha Chk
-Original Message-
From: GF [mailto:gan...@gmail.com]
Sent: Saturday 7 May 2011 1:53 PM
I configured struts to handle url mapping with no extensions this way
constant name=struts.action.extension value=,, /
With this action mapping
action name=* class=myAction method=myMethod
param name=myId{1}/param
result type=tilesmyTile/result
/action
Hello everyone.
i want to use a custom UrlRenderer bean.
reading Struts2 source code i found that is used to render the URLs
generated by s:url ..
If in my struts.xml I insert:
bean type=org.apache.struts2.components.UrlRenderer name=mystruts
class=org.apache.struts2.components.MyUrlRenderer/
Hello.
is anyone using successfully Struts 2.1.8.1 using a CUSTOM freemarker
template path (placed in the Web Application and not in the
classpath)?
I mean:
constant name=struts.ui.theme value=css_xhtml /
constant name=struts.ui.templateDir value=customdirectory /
It seems that
Thank You for the nice comment.
I just wrote some code snippets for the tutorials.. i didn't have
enough time to build a full eclipse web project, if you have some
difficulties, ask :-)
On Mon, Jul 13, 2009 at 12:33 AM, Frans Thamurafr...@meruvian.org wrote:
Cool. Can I have the full code? Frans
You're absolutely right,
but there is a security reason, in real-world application, the
objects i get from business service, are usually JPA entities, and
putting a full JPA entity on the json result will lead to issues in
the case there are some properties of that object that have to kept
hidden
You're right too ;-)
I didn't want to substitute to the plugin documentation.
I'd prefer the include properties behaviour anyway.
I believe a good idea could be to use @JsonInclude annotation on the
entity properties to define (just ONE time on the entities) which of
their properties are safe to
Hello all,
i wrote a simple guide that explains how to use together Struts2 and
JQuery to create dynamic content with Ajax and JSON.
http://www.zulutown.com/blog/2009/07/12/ajax-dynamic-content-with-struts2-jquery-and-json-plugin/
I hope someone can appreciate it
Thank You
Is this a TODO or is it already available?
On Tue, Mar 24, 2009 at 4:06 AM, dusty dustin_pea...@yahoo.com wrote:
Ultimately, we should declare what are resources and get the free mapping
from the REST plugin for those Controllers. Seems like that is what the
NamspaceBasedActionMapper is, but
Hello everyone.
After the release of Struts 2.1 as GA (in 2.1.6) I decided to write a
quite simple tutorial about creating a basic application that uses the
features of Struts2 Rest Plugin and some of Convention Plugin.
If someone might be interested, here you can read it:
Hello
I'm writing tests on application that uses Struts2.
To test the actions, I use about a technique similar to the one
described here http://itefforts.blogspot.com/2007/08/struts2-spring-junit.html
I wish to do more and test the Jsp (and Tiles) output too.
That code does this:
response = new
Thanks for your answer.
Really now i prefer to keep on standard testing from java side.
Anyway I bookmarked selenium website.
2008/9/26 Paweł Wielgus [EMAIL PROTECTED]:
Hi GF,
it's not exactly answear for Your question but i find selenium family
very usefull.
But i don't know if it's
Hello.
I want to do some server side caching of some specific .action of my
websites.
I am currently working on the CacheFilter of OsCache, but it doesn't seem
very good and has some limitations I don't like.
Can you suggest me some good open source alternatives to analyze?
Thanks
] wrote:
Apache HTTPD :-
http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#forwardreverse
GF wrote:
Hello.
I want to do some server side caching of some specific .action of my
websites.
I am currently working on the CacheFilter of OsCache, but it doesn't seem
very good and has some
I'm curious to know more about this.
Which google apps do use Struts2?
Thanks!
On Sat, Jul 26, 2008 at 7:02 AM, Don Brown [EMAIL PROTECTED] wrote:
It is pretty well known that Google uses WebWork 2 and Struts 2 in
many of its applications,
an interceptor as Prototype, or is it ok?
Thanks
GF
Is this the standard JSP syntax?
On Mon, Mar 17, 2008 at 3:08 PM, Dave Newton [EMAIL PROTECTED] wrote:
--- GF [EMAIL PROTECTED] wrote:
...unless you use the XML syntax available from JSP 2.0 and later ;-)
And in this case, how can you resolve the div id=s:property... ?
div id=${aProperty
I noticed that since some version of Struts2 it is now forbidden inside s:
tag attributes.. right?
On Wed, Mar 19, 2008 at 2:54 PM, Dave Newton [EMAIL PROTECTED] wrote:
--- GF [EMAIL PROTECTED] wrote:
Is this the standard JSP syntax?
JSP 2.0 EL.
Dave
I have something like
%{#application.one.two.three}
is it possible to do something like:
%{#application.%{stringVariable}.two.three}
Thanks.
Yes, I usually use Quartz inside Spring.
If I remember correctly there is a chapter about Scheduling in the big
Spring manual
On Fri, Mar 14, 2008 at 3:47 AM, alex xander [EMAIL PROTECTED] wrote:
thx all,
i solve my problem with quartz, i used it with spring
thx so much
I learned Struts2 without knowing anything about Struts1.
But I'm a little curious to take a look to Struts1 too. But just for
personal knowledge.
On Fri, Mar 14, 2008 at 7:51 PM, akoo [EMAIL PROTECTED] wrote:
Hi, forgive me if this has been asked before. I am just starting on
struts
and
I suggest you to read this simple but useful tutorial to have an idea about
how much is simple to use Struts2+Spring+Hibernate together.
http://struts.apache.org/2.x/docs/struts-2-spring-2-jpa-ajax.html
On Thu, Mar 13, 2008 at 10:32 PM, Frank Fischer
[EMAIL PROTECTED] wrote:
Now i don't
...unless you use the XML syntax available from JSP 2.0 and later ;-)
And in this case, how can you resolve the div id=s:property... ?
On Mon, Mar 17, 2008 at 10:06 AM, GF [EMAIL PROTECTED] wrote:
I have some data stored in #application.mymap
Inside and interceptor I want to put some of this data in
#request.anothermap
How can I access them?
About the #request, is it right to do this?
final ActionContext context
I have some data stored in #application.mymap
Inside and interceptor I want to put some of this data in
#request.anothermap
How can I access them?
About the #request, is it right to do this?
final ActionContext context = invocation.getInvocationContext();
request =
I've an action like this:
action name=myAction class=myClass method=myMethod
...
result name=myResultName type=redirect/path/my.action/result
/action
I would like that, when any action method in my application returns
myResultName, a redirect to /path/my.action should be executed.
Any idea about
Thank you
It's exactly what I was looking for!
On Mon, Mar 10, 2008 at 3:34 PM, Lukasz Lenart [EMAIL PROTECTED]
wrote:
Hi,
You can use global-results
http://struts.apache.org/2.0.6/docs/result-configuration.html
I want to do a simple thing,
I have an action like this
public class MyAction {
private String myVar;
public setMyVar(String myVar) {
this.myVar = myVar;
}
}
Inside my Interceptor i want to put in my Action a string inside myVar
property of the Action.
In few words, I need to discover if the
On Thu, Mar 6, 2008 at 1:52 PM, Adam Hardy
[EMAIL PROTECTED] wrote:
I didn't see the second half of your message until I'd sent that.
What calls to the setters are you asking about? Do you mean any random
property?
Are you talking about HTTP parameters?
In few words, I have a property
Almost. Really it should be the other way around, since you don't want
user-set parameters to override your static parameters.
I agree with you.
Thanks
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
paramsPrepareParamsStack is defined this way:
interceptor-stack name=paramsPrepareParamsStack
interceptor-ref name=exception/
interceptor-ref name=alias/
interceptor-ref name=params/
interceptor-ref name=servletConfig/
Is there anything alternative (apart annotation) to place validation
xml for the action method in the same package of the action classes?
I don't like to place .xml in the same directory of the .java
Any idea (apart annotation)
thanks.
I want to edit an entity, i.e. a Message
i would set the .jsp field this way
s:textfield name=message.title /
on the MessageAction i would have a edit method that takes the
messageID and then call the business service to load the Message
object, so in the .jsp the file the textfield are loaded
Hi Antonio, as I mentioned in a previous post, it's not so simple as the
href attribute of s:a can legally contain javascript or vbscript.
I think that the problem about a in href attribute is the double
quote character, because it will close the href attribute, then with
a greater than
On Jan 15, 2008 2:45 PM, Martin Gainty [EMAIL PROTECTED] wrote:
Hi Ganfab
Are you suggesting the href contents disable javascript to disable XSS script
attacks?Martin
No, I think that maybe can be useful to think if doing some checks to
href attribute of s:a is possible to look for double
It could be a solution, but:
a href=javascript:alert(quot;byequot;)Greet/a
simply works.
Didn't know.
I'm not very into javascript coding :-)
However I think that preventing double quote in some way, can be good.
-
To
Are you suggesting that javascript injection in href be disabled to prevent
XSS attacks?
I'm suggesting that is better that the variable inside s:a
href=%{myVar} should NOT close the generated a because this
would make the browser to execute the eventual javascript
automatically on the page
Or better, escape them with their corresponding entity.
What do you think about
s:a href=%{myVar} doubleQuoteEncoding=none | urlEncode |
htmlEncode | convertToSingleQuote .../s:a
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
Well,
Or better, escape them with their corresponding entity.
Antonio
Myabe i'm wrong, but:
In XHTML this is wrong:
a href=javascript:window.alert(Example of a link that displays an
alert box);
because i use double quotes inside a javascript, inside a href tag
delimited by double quotes.
the cookies
(and sessions...) of our users...
In few words if a hacker found where we put a variable from the DB in
a s:a and he has a way to store in that DB record a malicious code..
the security of every user of our website will be in danger.
Can be acceptable such a thing?
Any thoughts?
GF
On Jan
It is a bug, since ganfab (sorry I cannot read your name :-) ) tried
I'm Fabio Gandola.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
I think that there are two levels of encoding:
1) in s:url, the parameters values must be encoded, to create a valid
(and safe) URL.
2) in s:a, the whole URL must be encoded, simply because it is used
inside an HTML element (a) between double quotes. For example, ''
becomes amp;
So do you
Fabio, one little question.
I don't see how this code can write the parameter passed to the JSP
page. Probably you pasted the wrong code in the s:url part.
Just add (i.e. in IE6) after the ? the following query string:
'scriptalert('helloworld')/script
Sorry again Fabio, but I need to understand: the querystring does not seem
to have a param=value structure, and s:url has test as action, and
does not take any dynamic value (i.e. parameter), but maybe I am missing
something.
The bug is calling that page itself (I mean XSS.jsp) passing via
I don't think this is a critical problem sheerly because the high
prevalence of such vulnerabilities means some of the responsibility
falls on the developer to not trust user-entered data.. The specific
vulnerability is that when includeParams != none, the request URL was
rendered unmodified
Johannes i got same problem time ago.
The script/script is removed from page included by s:div and the
only thing you've is a execution on first page load.. but in few words
you cannot keep function definition inside the page included with a
s:div.
It's really a strange thing.. but it is.
On Jan
I posted this bug report on the issue tracker:
https://issues.apache.org/struts/browse/WW-2414
In simple words, if you use s:url ... to build an url that is used
with s:a ... the HTML written out will not have the querystring
encoded.. and this lead to very dangerous XSS attacks.
%@ page
Time ago I noticed that javascript were removed in the pages linked by
s:div .. is this your case too?
On Jan 12, 2008 12:34 PM, Johannes Geppert [EMAIL PROTECTED] wrote:
Hello,
I have a Tabbed Panel and will execute JavaScript in the div Tabs.
But the Scripts will not be executed, I use
The javascript is executed using Internet Explorer 6 with all of its
patches installed.
The exact query string to do an XSS attack is this
'scriptalert(document.cookie)/script
However I think the problem is not browser related, if you use s:url
and a: as I wrote before, it echoes a non encoded
Of course,
to raise this security issues, the includeParams attribute parameter
of s:url should be different by none
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
If you are using apache+tomcat, you can place static file in a
directory not handled with mod_jk
On Jan 12, 2008 6:28 PM, Filipe David Manana [EMAIL PROTECTED] wrote:
Hi,
I have set the property struts.action.extension to the empty string. I can
now invoke my actions with the default .action
Well, i think you should keep on the server some tracking of the
complete percentile of the task. Then with some ajax you periodically
ask to the server the task status and update the html page.
Just an idea.
On Jan 11, 2008 10:14 PM, fea jabi [EMAIL PROTECTED] wrote:
Working a process which
Hi all
I'm using Struts 2.0.6 If I try to set encode to true and I pass in
the URL get some bad characters.. such as '', '' it doesn't encode
them when it generates the URL with s:url
Is this a bug? Has been fixed in recent version?
Thanks
..
Thanks
GF
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
is there any nice tutorial which covers the basic with step by step examples
so that i can catch up.
I think this is the best place to start
http://struts.apache.org/2.x/docs/struts-2-spring-2-jpa-ajax.html
-
To unsubscribe,
Yes, on Spring 2 it is :
scope=prototype
On Jan 7, 2008 8:41 AM, Joachim Ansorg [EMAIL PROTECTED] wrote:
Brian,
I guess you are using Spring 2.x.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
Oh.. Thanks so much!
You saved me from a lot of troubles.
If possibile it would be great to add it on the wiki page..
Thank you!
GF
The value attribute is treated an OGNL expression so John Jackson
means its trying to access a property with that name.
Instead, you need to tell it you're
I have matrix of objects.. somekind like ChessBoardPosition[][]
I want to render it using Struts2.
You can imagine my matrix as a Chessboard..
I use 2 iterators, to iterate over columns and rows, and finally i
want to render the single object inside the matrix, that will be a
empty position of
Really I have still some issues.
my struts.xml is built in this way:
struts
include file=struts1.xml /
include file=struts2.xml /
include file=struts3.xml /
In every included xml i define a different package for a different
section of the, i.e. in struts1.xml I define the package name=one
If I
default-interceptor-ref name=myStack/
...
/package
But I should do this to Every one.. and it is not nice..
Can you suggest me a quicker (and more elegant) way?
Thank you!
GF
-
To unsubscribe, e
Hi all.
Is there any document about how to automatically handle security
issues related to Cross Site Scripting on websites managed with
Struts2?
I'm thinking about my own strategy, but I would like to know if
anything already exists.
Thank you
GF
Hi everyone.
I'm using Struts2, and i'm trying to create a custom error page.
The default Tomcat error page show something like this:
_
HTTP Status 500
type Exception report
message
description The server encountered an internal error () that prevented
it from fulfilling this
it's the N-th time you post the same stuff.
On Dec 4, 2007 6:03 PM, Gigliotti, Andrea [EMAIL PROTECTED]
wrote:
If you have struts 2.0.11 or 2.0.9 you can deploy the
struts2-blank-2.0.11.war file located into the apps folder (ex.
C:\struts-2.0.11\apps).
Before deploying the web app you have
Have you tried:
aContainerObject.set2.contains(#top)
On Dec 5, 2007 11:27 AM, LEONARD Julien (Consulting for ACCOR Hotels)
[EMAIL PROTECTED] wrote:
Hello all,
I have two Set of objects. The set1 is the reference set (with all
objects) and set2 some on list1 elements.
All elements are the
I suggest you to consider Spring Framework and Quartz.
On Dec 4, 2007 4:52 AM, Christopher Cheng [EMAIL PROTECTED]
wrote:
In struts1, I have a few plugin to preconfigure some services such as
QuartzPlugIn during startup
public void init(ActionServlet actionServlet,
work too.
-Message d'origine-
De : GF [mailto:[EMAIL PROTECTED]
Envoyé : mercredi 5 décembre 2007 12:30
À : Struts Users Mailing List
Objet : Re: [S2] Ognl in s:if
Have you tried:
aContainerObject.set2.contains(#top)
On Dec 5, 2007 11:27 AM, LEONARD Julien (Consulting for ACCOR
Hello,
maybe someone of you have any good link about a non-trivial custom
made interceptor and about some action testing?
Thank you very much.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
Ok, thank you again.
On Nov 20, 2007 11:21 AM, LEONARD Julien (Consulting for ACCOR Hotels)
[EMAIL PROTECTED] wrote:
In fact belong my experience of Struts2, the good way to make an expression
is with %{ }.
And for all variables declared in JSP (s:set, or status of s:iterator ) are
I have this code:
s:if test=myVar == 'myvalue'
XXX
/s:if
s:set name=otherVar value=%{myVar} /
s:if test=otherVar == 'myvalue'
YYY
/s:if
This code shows XXX but doesn't show YYY.
How can I satisfay the second test?
Thank you.
Wow.
Now It works.
Can you explain me the difference with my version?
Or have you any good link to some guide to understand what I did wrong?
Thank you.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
71 matches
Mail list logo
