Re: [OS-webwork] Hidden token
I proposed the ability to associate URL's with actions. When the URL is requested the action is executed and the association is removed. This removes the need for any Javascript solution or any hidden fields or any such tricks. Would the result of this execution be stored so that the second click would lead to the already generated result then? Anders Hovmöller [EMAIL PROTECTED] http://boxed.killingar.net --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
Re: [OS-webwork] Hidden token
boxed wrote: I proposed the ability to associate URL's with actions. When the URL is requested the action is executed and the association is removed. This removes the need for any Javascript solution or any hidden fields or any such tricks. Would the result of this execution be stored so that the second click would lead to the already generated result then? I don't know. Probably not. The above feature would only ensure that only code that is SUPPOSED to be executed actually gets executed. /Rickard --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
Re: [OS-webwork] Hidden token
On Thu, Jan 16, 2003 at 08:45:53AM +0100, Rickard Öberg wrote: Jason Carreira wrote: I remember Rickard was talking about something to prevent 2 submits, but I'm not sure what it was... I proposed the ability to associate URL's with actions. When the URL is requested the action is executed and the association is removed. This removes the need for any Javascript solution or any hidden fields or any such tricks. And this is also how the Portlet API is going to work. The only problem with it is that you'd have to use a JSP tag or similar to generate the URL. Hmmm, doest this mean, the jsp tag does sth. like session.getTokenStack().push(new RandomToken()) and the action compares the value passed in the hidden field to getTokenStack().pop()? -billy. -- Meisterbohne Söflinger Straße 100 Tel: +49-731-399 499-0 eLösungen 89077 Ulm Fax: +49-731-399 499-9 msg01270/pgp0.pgp Description: PGP signature
Re: [OS-webwork] Hidden token
There would be no hidden field. When the URL is generated that URL is associated with the actions to be run. There's no way to figure out from the URL what actions will be executed. So you get URLs like: http://www.myhost.com/some/path/wfjIFEOwijofOEIWjfIOWEkaAIoqjklnfoSyEj?foo=bar And then a map associates that with an action on the server side. Is that correct? --Erik --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
Re: [OS-webwork] Hidden token
Erik Beeson wrote: There would be no hidden field. When the URL is generated that URL is associated with the actions to be run. There's no way to figure out from the URL what actions will be executed. So you get URLs like: http://www.myhost.com/some/path/wfjIFEOwijofOEIWjfIOWEkaAIoqjklnfoSyEj?foo=bar And then a map associates that with an action on the server side. Is that correct? --Erik No. Example: xw:url page=foobar.html action=blahblah xw:param name=foo value=bar/ /xw:url would generate the following URL: foobar.html?foo=bar When the server runs foobar.html it first executes blahblah and makes the result available somehow for the rendering process to use. Pretty straightforward. If foobar.html?foo=bar is hit again then nothing happens, since the action has already been executed. /Rickard --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
Re: [OS-webwork] Hidden token
On Thu, Jan 16, 2003 at 11:06:58AM +0100, Rickard Öberg wrote: Philipp Meier wrote: Hmmm, doest this mean, the jsp tag does sth. like session.getTokenStack().push(new RandomToken()) and the action compares the value passed in the hidden field to getTokenStack().pop()? There would be no hidden field. When the URL is generated that URL is associated with the actions to be run. There's no way to figure out from the URL what actions will be executed. Does this mean that when I use the ww:form tag, the target url will be pushed / popped? That sounds even more reasonable. We can then use that in the other view layer, too. Ander's idea of caching the execution result would IMHO fit here. Of course it must be made optional if on the second submit the result is fetched from the cache or an error is thrown. I'm not sure how this configuration can be achieved, any Ideas? I suppose having a new RobustServletDispatcher that uses a combined Token Stack and Action Cache stored in the session. -billy. -- Meisterbohne Söflinger Straße 100 Tel: +49-731-399 499-0 eLösungen 89077 Ulm Fax: +49-731-399 499-9 msg01274/pgp0.pgp Description: PGP signature
Re: [OS-webwork] Hidden token
Philipp Meier wrote: Does this mean that when I use the ww:form tag, the target url will be pushed / popped? Not sure what you mean by pushed/popped. XWork would have an association between user/URL and actions. When that user hits a URL the association is used, and then removed. /Rickard -- Rickard Öberg [EMAIL PROTECTED] Senselogic Got blog? I do. http://dreambean.com --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
Re: [OS-webwork] Hidden token
On Thu, Jan 16, 2003 at 11:52:16AM +0100, Rickard Öberg wrote: Philipp Meier wrote: Does this mean that when I use the ww:form tag, the target url will be pushed / popped? Not sure what you mean by pushed/popped. XWork would have an association between user/URL and actions. When that user hits a URL the association is used, and then removed. I mean when the html view is rendered, the association will be put somewhere and when the url associated is used, the association will be taken (read and removed). -billy. -- Meisterbohne Söflinger Straße 100 Tel: +49-731-399 499-0 eLösungen 89077 Ulm Fax: +49-731-399 499-9 msg01276/pgp0.pgp Description: PGP signature
[OS-webwork] Portlet support
Hi all, I like to develop [kind of] portal application with some kind of portlets which could be minimized /maximized / shuffled around etc. ( www.bejug.org is a good visual example of what I like to achive ) So I'm curenlty diging around to solutions that are already there. I looked in opensymphony subproject, and found some clues how it can be done. Is there a work underway ( or maybe ready solutiuon ) to provide such funtionality? Where to look for it? Everybody speaks about portlets, but the more I look, the more quetions I get... thanks in advance... regards, = Konstantin Priblouda ( ko5tik )Freelance Software developer http://www.pribluda.de play java games - http://www.yook.de render charts online - http://www.pribluda.de/povray/ __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
[OS-webwork] Woohoo!
So we had our Webwork vs. Struts talk today, and I was able to convince people here that there was sufficiently enough better about WW to make us use it instead of Struts, even though Struts is the standard, of sorts! Cool. Off to catch a plane home... -- Jason Carreira Technical Architect, Notiva Corp. phone: 585.240.2793 fax: 585.272.8118 email: [EMAIL PROTECTED] --- Notiva - optimizing trade relationships (tm) --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
[OS-webwork] Action reloading
For people using orion, or any other appserver that doesn't automatically reload non-servlet classes in WEB-INF/classes, I've written an action reloader that reloads action classes if they're modified. More details at: http://www.opensymphony.com:8668/space/fate Feedback appreciated! Hani --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
Re: [OS-webwork] Hidden token
The way this is typically done is that as the form is generated a token is placed into the session and a hidden field is generated that matches this token. When the action is executed it is valid when the two tokens match. After the first execution the session token is removed. Therefore on subsequent tokens you have a scenario where by the hidden field is still coming across in the request but the session token isn't there hence you know that's an invalid submit. On Wednesday, January 15, 2003, at 09:04 PM, Jason Carreira wrote: Hi all, In our evaluation of Struts vs. Webwork, I was asked about the ability to do hidden tokens on WW built forms and URLs. Struts apparently, in their form and link tags, have the possibility of (optionally) adding a hidden token (either as a hidden form field, or through URL rewriting), which can keep the user from clicking twice and executing your action twice. I don't remember seeing anything like this in WW, although my take is that this would be easy enough to add to the URLTag. Also, is there a ui:form tag? I'm not sure what all got added. I remember Rickard was talking about something to prevent 2 submits, but I'm not sure what it was... Thoughts? Would this be something good to add (given that it would be optional and not break anybodies existing code)? Jason -- Jason Carreira Technical Architect, Notiva Corp. phone: 585.240.2793 fax: 585.272.8118 email: [EMAIL PROTECTED] --- Notiva - optimizing trade relationships (tm) --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
Re: [OS-webwork] Woohoo!
Can you summarize the points of that presentation? On Thursday, January 16, 2003, at 09:12 PM, Jason Carreira wrote: So we had our Webwork vs. Struts talk today, and I was able to convince people here that there was sufficiently enough better about WW to make us use it instead of Struts, even though Struts is the standard, of sorts! Cool. Off to catch a plane home... -- Jason Carreira Technical Architect, Notiva Corp. phone: 585.240.2793 fax: 585.272.8118 email: [EMAIL PROTECTED] --- Notiva - optimizing trade relationships (tm) --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
Re: [OS-webwork] Hidden token
Does that field also put the token into the session? Where's the code that adds the token to the session? On Thursday, January 16, 2003, at 01:23 AM, matt baldree wrote: no just added a hidden input field. this really isn't a ui tag. - Original Message - From: Jason Carreira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 15, 2003 6:40 PM Subject: RE: [OS-webwork] Hidden token Did you modify the ui tags to automatically do this? I also added a Jira issue for this -Original Message- From: matt baldree [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 7:44 PM To: [EMAIL PROTECTED] Subject: Re: [OS-webwork] Hidden token my project. i can add it when i get a chance. - Original Message - From: Jason Carreira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 15, 2003 6:10 PM Subject: RE: [OS-webwork] Hidden token In WW? Is this already there? Or did you do this in your project? -Original Message- From: matt baldree [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 6:05 PM To: [EMAIL PROTECTED] Subject: Re: [OS-webwork] Hidden token yes, this is how we did it. - Original Message - From: Jason Carreira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 15, 2003 3:48 PM Subject: RE: [OS-webwork] Hidden token Just thought this out some more. Here's how it could work: the hidden token is set in the session when the form is shown, then added to the form as a hidden field. When the action processes the form, you look for the token and make sure it's the same as the last one you put in the session before you process. Jason -Original Message- From: Jason Carreira Sent: Wednesday, January 15, 2003 4:04 PM To: [EMAIL PROTECTED] Subject: [OS-webwork] Hidden token Hi all, In our evaluation of Struts vs. Webwork, I was asked about the ability to do hidden tokens on WW built forms and URLs. Struts apparently, in their form and link tags, have the possibility of (optionally) adding a hidden token (either as a hidden form field, or through URL rewriting), which can keep the user from clicking twice and executing your action twice. I don't remember seeing anything like this in WW, although my take is that this would be easy enough to add to the URLTag. Also, is there a ui:form tag? I'm not sure what all got added. I remember Rickard was talking about something to prevent 2 submits, but I'm not sure what it was... Thoughts? Would this be something good to add (given that it would be optional and not break anybodies existing code)? Jason -- Jason Carreira Technical Architect, Notiva Corp. phone: 585.240.2793 fax: 585.272.8118 email: [EMAIL PROTECTED] --- Notiva - optimizing trade relationships (tm) --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi- bin/redirect.pl?thaw0028en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code
Re: [OS-webwork] Hidden token
I have the code ;). I can add it if it is what people want but Rickard has a point in trying to make this more automatic without adding a manual field. I guess we could have the old fashion way and if/when the portlet framework develops we can use it. -Matt - Original Message - From: Robert Nicholson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 16, 2003 4:48 PM Subject: Re: [OS-webwork] Hidden token Does that field also put the token into the session? Where's the code that adds the token to the session? On Thursday, January 16, 2003, at 01:23 AM, matt baldree wrote: no just added a hidden input field. this really isn't a ui tag. - Original Message - From: Jason Carreira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 15, 2003 6:40 PM Subject: RE: [OS-webwork] Hidden token Did you modify the ui tags to automatically do this? I also added a Jira issue for this -Original Message- From: matt baldree [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 7:44 PM To: [EMAIL PROTECTED] Subject: Re: [OS-webwork] Hidden token my project. i can add it when i get a chance. - Original Message - From: Jason Carreira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 15, 2003 6:10 PM Subject: RE: [OS-webwork] Hidden token In WW? Is this already there? Or did you do this in your project? -Original Message- From: matt baldree [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 6:05 PM To: [EMAIL PROTECTED] Subject: Re: [OS-webwork] Hidden token yes, this is how we did it. - Original Message - From: Jason Carreira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 15, 2003 3:48 PM Subject: RE: [OS-webwork] Hidden token Just thought this out some more. Here's how it could work: the hidden token is set in the session when the form is shown, then added to the form as a hidden field. When the action processes the form, you look for the token and make sure it's the same as the last one you put in the session before you process. Jason -Original Message- From: Jason Carreira Sent: Wednesday, January 15, 2003 4:04 PM To: [EMAIL PROTECTED] Subject: [OS-webwork] Hidden token Hi all, In our evaluation of Struts vs. Webwork, I was asked about the ability to do hidden tokens on WW built forms and URLs. Struts apparently, in their form and link tags, have the possibility of (optionally) adding a hidden token (either as a hidden form field, or through URL rewriting), which can keep the user from clicking twice and executing your action twice. I don't remember seeing anything like this in WW, although my take is that this would be easy enough to add to the URLTag. Also, is there a ui:form tag? I'm not sure what all got added. I remember Rickard was talking about something to prevent 2 submits, but I'm not sure what it was... Thoughts? Would this be something good to add (given that it would be optional and not break anybodies existing code)? Jason -- Jason Carreira Technical Architect, Notiva Corp. phone: 585.240.2793 fax: 585.272.8118 email: [EMAIL PROTECTED] --- Notiva - optimizing trade relationships (tm) --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi- bin/redirect.pl?thaw0028en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
Re: [OS-webwork] Hidden token
Joseph Ottinger wrote: I'd prefer adding it to the wiki or the current release of WW, since there are some users who actually use what's there now as opposed to vapourware, even though the vapourware is promising. Didn't you resign from OpenSymphony? Or was it just that you stopped doing things? /Rickard --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en ___ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork