I thought I tried that (or similar). Seems Coldspring thinks esapi needs
to be a cfc rather than something loaded from java. I found a post online
where someone made a cfc that
returned createObject("java",arguments.className) and then loaded that
first, then loaded esapi using that bean to load it. That's what I have
going on presently...
On Tuesday, November 4, 2014 10:37:15 AM UTC-7, Dan Wilson -
[email protected] wrote:
>
> If you are using a modern version of Model Glue, you can add these to the
> beans scope for a controller:
>
>
> https://github.com/modelglue/modelglue-framework/wiki/How-To-Use-Bean-Injection
>
>
> Use in a model object just means you need to create the bean object and
> inject it into a model object. Like this:
> ***ColdSpring Config***
> <bean id="NameOfObjectThatNeedsESAPI"
> class="path.to.ObjectThatNeedsESAPI">
> <constructor-arg name="ESAPI">
> <ref bean="ESAPI"/>
> </constructor-arg>
> </bean>
> <bean id="ESAPI" class="path.to.ESAPI">
> <constructor-arg name="AParamYouWantToPassIn">
> <value>TheValueOfTheParam</value>
> </constructor-arg>
> </bean>
>
> ***CFC Definition Example for NameOfObjectThatNeedsESAPI object ***
>
> <cfcomponent>
>
> <cffunction name="init" output="false" access="public"
> returntype="NameOfObjectThatNeedsESAPI">
> <cfargument name="ESAPI" type="any" required="true" />
> <cfset variables.ESAPI = arguments.ESAPI/>
>
> <cfreturn this />
> </cffunction>
>
>
>
>
> Then, any place in NameOfObjectThatNeedsESAPI just call
> variables.ESAPI.doSomething() and you'll be using that method from the
> ESAPI component you set up in ColdSpring.
>
> Make sense?
>
> Irvin Wilson <javascript:>
> Tuesday, November 04, 2014 12:20 PM
> I was looking to add latest versions of esapi and antiSamy to an app
> running on ACF9. I have it working now but isn't really proper probably.
> In my mind these functions were "helpers" so I had them set up external to
> MG. Now that I have them in Coldspring I have to reference them with
> a _modelglue.GetBean approach (or so I believe). Anyway it's pretty much
> at the controller level where these get called in order to scrub and format
> input and output that originated from the user. I've got one spot where the
> model uses esapi in order to format some stored text for output in the
> email. Maybe these functions should have been in a section in the model...
>
>
>
> On Monday, November 3, 2014 11:48:21 AM UTC-7, Dan Wilson -
> [email protected] <javascript:> wrote:
> --
> --
> Model-Glue Sites:
> Home Page: http://www.model-glue.com
> Documentation: http://docs.model-glue.com
> Bug Tracker: http://bugs.model-glue.com
> Blog: http://www.model-glue.com/blog
>
> You received this message because you are subscribed to the Google
> Groups "model-glue" group.
> To post to this group, send email to [email protected]
> <javascript:>
> To unsubscribe from this group, send email to
> [email protected] <javascript:>
> For more options, visit this group at
> http://groups.google.com/group/model-glue?hl=en
> ---
> You received this message because you are subscribed to the Google Groups
> "model-glue" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected] <javascript:>.
> For more options, visit https://groups.google.com/d/optout.
> Dan Wilson <javascript:>
> Monday, November 03, 2014 1:48 PM
> Interesting. Did you add the OWASP code to your web application? I don't
> think Model Glue does that internally
>
> DW
>
> Irvin Wilson <javascript:>
> Monday, November 03, 2014 1:32 PM
> I fired onSessionEnd manually and trapped
>
> <cfset var componentMetadata = getMetadata( arguments.instance ) />
> <cfset var scope = componentMetadata.extends />
>
> since it was componentMetadata.extends that was breaking. This is what I
> get. Not sure if same as session expiring naturally? That said, it sorta
> makes sense now but not sure what to do about it.
>
> Results of the following:
> <cfdump var=#arguments.type# label="type" />
> <cfdump var=#instance# label="instance" />
> <cfdump var=#componentMetadata# abort="true" label="componentMetadata" />
>
> ModelGlue.gesture.ModelGlueinstance - object of org.owasp.esapi.ESAPI
> Class Nameorg.owasp.esapi.ESAPIMethodsMethodReturn TypeaccessController()
> org.owasp.esapi.AccessControllerauthenticator()
> org.owasp.esapi.AuthenticatorclearCurrent()voidcurrentRequest()
> javax.servlet.http.HttpServletRequestcurrentResponse()
> javax.servlet.http.HttpServletResponseencoder()org.owasp.esapi.Encoder
> encryptor()org.owasp.esapi.Encryptorexecutor()org.owasp.esapi.Executor
> getLogger(java.lang.Class)org.owasp.esapi.Logger
> getLogger(java.lang.String)org.owasp.esapi.LoggerhttpUtilities()
> org.owasp.esapi.HTTPUtilitiesinitialize(java.lang.String)java.lang.String
> intrusionDetector()org.owasp.esapi.IntrusionDetectorlog()
> org.owasp.esapi.Loggeroverride(org.owasp.esapi.SecurityConfiguration)void
> randomizer()org.owasp.esapi.RandomizersecurityConfiguration()
> org.owasp.esapi.SecurityConfigurationvalidator()org.owasp.esapi.ValidatorcomponentMetadata
>
> - object of java.lang.Class
> Class Namejava.lang.ClassMethodsMethodReturn Type
> asSubclass(java.lang.Class)java.lang.Classcast(java.lang.Object)
> java.lang.ObjectdesiredAssertionStatus()booleanforName(java.lang.String,
> boolean, java.lang.ClassLoader)java.lang.ClassforName(java.lang.String)
> java.lang.ClassgetAnnotation(java.lang.Class)
> java.lang.annotation.AnnotationgetAnnotations()
> java.lang.annotation.Annotation[]getCanonicalName()java.lang.String
> getClassLoader()java.lang.ClassLoadergetClasses()java.lang.Class[]
> getComponentType()java.lang.ClassgetConstructor(java.lang.Class[])
> java.lang.reflect.ConstructorgetConstructors()
> java.lang.reflect.Constructor[]getDeclaredAnnotations()
> java.lang.annotation.Annotation[]getDeclaredClasses()java.lang.Class[]
> getDeclaredConstructor(java.lang.Class[])java.lang.reflect.Constructor
> getDeclaredConstructors()java.lang.reflect.Constructor[]
> getDeclaredField(java.lang.String)java.lang.reflect.Field
> getDeclaredFields()java.lang.reflect.Field[]getDeclaredMethod(java.lang.String,
>
> java.lang.Class[])java.lang.reflect.MethodgetDeclaredMethods()
> java.lang.reflect.Method[]getDeclaringClass()java.lang.Class
> getEnclosingClass()java.lang.ClassgetEnclosingConstructor()
> java.lang.reflect.ConstructorgetEnclosingMethod()java.lang.reflect.Method
> getEnumConstants()java.lang.Object[]getField(java.lang.String)
> java.lang.reflect.FieldgetFields()java.lang.reflect.Field[]
> getGenericInterfaces()java.lang.reflect.Type[]getGenericSuperclass()
> java.lang.reflect.TypegetInterfaces()java.lang.Class[]getMethod(java.lang.String,
>
> java.lang.Class[])java.lang.reflect.MethodgetMethods()
> java.lang.reflect.Method[]getModifiers()intgetName()java.lang.String
> getPackage()java.lang.PackagegetProtectionDomain()
> java.security.ProtectionDomaingetResource(java.lang.String)java.net.URL
> getResourceAsStream(java.lang.String)java.io.InputStreamgetSigners()
> java.lang.Object[]getSimpleName()java.lang.StringgetSuperclass()
> java.lang.ClassgetTypeParameters()java.lang.reflect.TypeVariable[]
> isAnnotation()booleanisAnnotationPresent(java.lang.Class)boolean
> isAnonymousClass()booleanisArray()booleanisAssignableFrom(java.lang.Class)
> booleanisEnum()booleanisInstance(java.lang.Object)booleanisInterface()
> booleanisLocalClass()booleanisMemberClass()booleanisPrimitive()boolean
> isSynthetic()booleannewInstance()java.lang.ObjecttoString()
> java.lang.String
>
>
>
> --
> --
> Model-Glue Sites:
> Home Page: http://www.model-glue.com
> Documentation: http://docs.model-glue.com
> Bug Tracker: http://bugs.model-glue.com
> Blog: http://www.model-glue.com/blog
>
> You received this message because you are subscribed to the Google
> Groups "model-glue" group.
> To post to this group, send email to [email protected]
> <javascript:>
> To unsubscribe from this group, send email to
> [email protected] <javascript:>
> For more options, visit this group at
> http://groups.google.com/group/model-glue?hl=en
> ---
> You received this message because you are subscribed to the Google Groups
> "model-glue" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected] <javascript:>.
> For more options, visit https://groups.google.com/d/optout.
> Dan Wilson <javascript:>
> Monday, November 03, 2014 12:49 PM
> Trap the error and find out what this variable contains:
>
> scope[key]
>
> in this line in ModelGlueFrameworkLocator .findInScope()
> <cfif isObject(scope[key]) and isTypeOf( "ModelGlue.gesture.ModelGlue",
> scope[key] )>
>
>
> DW
> Irvin Wilson <javascript:>
> Monday, November 03, 2014 12:16 PM
>
> In Application.cfc I have
>
> <cffunction name="onSessionEnd" output="false">
> <cfargument name="sessionScope" type="struct" required="true">
> <cfargument name="appScope" type="struct" required="false">
> <cfset invokeSessionEvent("modelglue.onSessionEnd",
> arguments.sessionScope, appScope) />
> </cffunction>
>
> <cffunction name="invokeSessionEvent" output="false" access="private">
> <cfargument name="eventName" />
> <cfargument name="sessionScope" />
> <cfargument name="appScope" />
> <cfset var mgInstances = createObject("component",
> "ModelGlue.Util.ModelGlueFrameworkLocator").findInScope(appScope) />
> <cfset var values = structNew() />
> <cfset var i = "" />
> <cfset values.sessionScope = arguments.sessionScope />
> <cfloop from="1" to="#arrayLen(mgInstances)#" index="i">
> <cfset mgInstances[i].executeEvent(arguments.eventName, values) />
> </cfloop>
> </cffunction>
>
> ModelGlueFrameworkLocator then has....
>
> <cffunction name="findInScope" output="fals
>
> ...
--
--
Model-Glue Sites:
Home Page: http://www.model-glue.com
Documentation: http://docs.model-glue.com
Bug Tracker: http://bugs.model-glue.com
Blog: http://www.model-glue.com/blog
You received this message because you are subscribed to the Google
Groups "model-glue" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/model-glue?hl=en
---
You received this message because you are subscribed to the Google Groups
"model-glue" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
