RE: Basic security problem
if your security is simple - fixed roles to access certain actions... i created a custom role interceptor added it to the interceptor stack and then just added struts.xml definitions with interceptor-ref name=stackWithRoles param name=customRole.allowedRolesmember/param /interceptor-ref the allowedRoles value can be comma separated to allow multiple roles, then struts will check whether the user has this role (by calling interceptor) and if not will not allow them to access the action. only coding is creating the interceptor. ps. my user is kept in the session as are their roles once logged in. adam From: cosm...@gmail.com Date: Fri, 16 Apr 2010 11:28:05 +0800 Subject: Re: Basic security problem To: user@struts.apache.org; cimba...@cimballi.net Thank you for answers. Your method looks good Cimbali. But do you think it would be really better than an object which describe the role of the user stored in the session map ? At firstline of each action in java, i would have: 'if (role.hasRighMethodName == true) .. Do you think your method is more convinient and more secured, or it's basicly the same ? On Fri, Apr 16, 2010 at 11:15 AM, Cimballi wrote: Hi Stephane, As Kun says, you have to test the role in your action. One way to do it it to have a super action with a permission property, and you set the permission property with a static param in your struts xml files using the StaticParameters interceptor. Then, you add a hasPermission method to your super class, and you write a PermissionInterceptor which calls the hasPermission method. Finally you add the PermissionInterceptor interceptor to your stack on all protected actions. Cimballi On Thu, Apr 15, 2010 at 9:39 PM, Kun Niu wrote: You should check the authentication all by yourself in your action. Stephane Cosmeur wrote: Hello struts users I have a really basic security problem and i would like to know what is the best practice to resolve it. I have an application with an authentification system and diffrent rights for diffrent type of user. To add or remove a link/fonctionnality, we simply declarate the element in a balise. But the problem is the actions are still available by typing URL in bar address. How can i fix it ? Regards, - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Cimballi JAVA J2EE Freelance http://cimballi.elance.com/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Stéphane Cosmeur 06 33 54 36 04 _ http://clk.atdmt.com/UKM/go/19780/direct/01/ Do you have a story that started on Hotmail? Tell us now - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Struts2 XML based validation doesnt work !
Hello all , I'm trying to include XML based validation in my application ? This is part of my struts.xml - action name=addAuctionItem class=auctionItemAction method=addAuctionItem result name=success /body_displayAddAuctionItem.jsp /result result name=input /body_displayAddAuctionItem.jsp /result /action and this is my AuctionItemAction-addAuctionItem-validation.xml - !DOCTYPE validators PUBLIC -//OpenSymphony Group//XWork Validator 1.0.2//EN http://www.opensymphony.com/xwork/xwork-validator-1.0.2.dtd; validators field name=auctionItem.shortDescription field-validator type=requiredstring messageItem name is required./message /field-validator /field field name=auctionItem.longDescription field-validator type=requiredstring messageDescription is required./message /field-validator /field /validators When I try to run the application the validation doesnt happen at all . The class and xml file are in the same package structure . Do anyone have an idea about this ? Any help on this will be greatly appreciated . Thanks Nanditha -- View this message in context: http://old.nabble.com/Struts2-XML-based-validation-doesnt-work-%21-tp28265349p28265349.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 XML based validation doesnt work !
2010/4/16 nandyiyer nandussi...@gmail.com: I'm trying to include XML based validation in my application ? This is part of my struts.xml - action name=addAuctionItem class=auctionItemAction Are you using Spring? Try default packge and auctionItemAction-addAuctionItem-validation.xml Regards -- Łukasz http://www.lenart.org.pl/ Kapituła Javarsovia 2010 http://javarsovia.pl - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: How to reuse field validators?
Maybe I didn't express my problem correctly. The @SkipValidation annotation marks an Action method not to be validated. I want to reuse the field validations in modelClass-validator.xml in two different Action classes in two different packages and different namespaces. Is there a way to do that without copying the XML file? MG -Original Message- From: Lukasz Lenart [mailto:lukasz.len...@googlemail.com] Sent: Friday, April 16, 2010 12:13 AM To: Struts Users Mailing List Subject: Re: How to reuse field validators? 2010/4/16 Griffith, Michael * michael.griff...@fda.hhs.gov: Hello all, I am not clear on how to reuse a field validator that doesn't share a common package or action/alias. I have package ...struts.admin/ ...struts/application/ with namespaces /admin and /application respectively. I have a model object with a validator modelClass-validator.xml in the /application package that I need to reuse in the admin package. What's the best way to reuse the validator without repeating it? You can add annotation @SkipValidation Regards -- Łukasz http://www.lenart.org.pl/ Kapituła Javarsovia 2010 http://javarsovia.pl - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Using json in Struts 2.1.8.1
Hi sameer, In struts 2.1.8.1 having 'struts2-dojo-plugin-2.1.8.1.jar' file so we don't need to use 'jsonplugin-0.34.jar' for using json. This is my understanding :) If we are not including 'jsonplugin-0.34.jar' then we cannot use com.googlecode.jsonplugin.JSONResult With new Struts 2.1.8.1 version how to use json without using any annotations in action. Can someone please send me some examples for using json in this new version of struts2. Thanks in advance. Regards, Sharath. --- On Thu, 4/15/10, hisameer cool_sameer_fo...@yahoo.com wrote: From: hisameer cool_sameer_fo...@yahoo.com Subject: Re: Using json in Struts 2.1.8.1 To: user@struts.apache.org Date: Thursday, April 15, 2010, 7:22 PM Do something like this: In your struts.xml define result types as follows: package name=package_name extends=struts-default namespace=/namespace_name result-types result-type name=json class=com.googlecode.jsonplugin.JSONResult / /result-types then in the action mapping: action name=action_name class=AutocompleteField method=getCities() result type=json /result /action and put annotation in the getter method in your action class: @JSON public MapString,String getJson() { return json; } and u can use this json map in the jsp page. I Hope it helps! sharath wrote: Hi All, I'm having following Action - Action(Begin) - public class AutocompleteField extends ActionSupport { private String city; private MapString,String json; public String execute() throws Exception() { return SUCCESS; } public String getCities() throws Exception() { json = new HashMapString,String(); if(city != null city.length() 0) { CityDao dao = new CityDao(); ListCity cities = dao.getCitiesStartingWith(city); for(City city : cities) { json.put(city.getId(), city.getName() + , + city.getState().getAbbreviation()); } } return SUCCESS; } public void setCity(String city) { this.city = city; } public MapString,String getJson() { return json; } } - Action(End) - In struts.xml file I given following entries action name=Autocomplete!* class=gov.action.AutocompleteField method={1} !-- result type=jsonjson/result -- result name=success type=json / /action When I keep 'jsonplugin-0.34.jar' file getting below error java.lang.NoClassDefFoundError: com/opensymphony/xwork2/util/TextUtils After reading some posts, they said that we should not include this .jar in this new struts2.1.8 version. I removed this .jar file I added 'struts2-dojo-plugin-2.1.8.1.jar' file in /WEB-INF/lib folder. When I deploy the application getting below error There is no result type defined for type 'json' mapped with name 'success'. Did you mean 'json'? - result Can anyone please let me know, how to define 'json' in struts.xml file? in package level I even added 'json-default' package name=admin extends=struts-default,json-default Thanks in advance. Regards, Sharath. -- View this message in context: http://old.nabble.com/Using-json-in-Struts-2.1.8.1-tp28245651p28261689.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts vs SpringMVC
On Thu, 15 Apr 2010 22:04:53 -0400, Frans Thamura fr...@meruvian.org wrote: have anyone read this? http://www.java4learners.com/struts/faq/what-are-advantages-spring-mvc-over-struts http://www.java4learners.com/struts/faq/what-are-advantages-spring-mvc-over-strutsany comment? Kind of bizzare to publish a comparison between Spring MVC Struts 1. I'm wondering if this is really an old article - he says with the advent of Spring MVC as though it's just come out. Not worth reading IMHO. Steve - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: How to reuse field validators?
Currently the xml file is in the package with the struts action. I this this is where my problem lies, should it be in the model package? MG -Original Message- From: Lukasz Lenart [mailto:lukasz.len...@googlemail.com] Sent: Friday, April 16, 2010 9:26 AM To: Griffith, Michael * Subject: Re: How to reuse field validators? W dniu 16 kwietnia 2010 14:51 użytkownik Griffith, Michael * michael.griff...@fda.hhs.gov napisał: I want to reuse the field validations in modelClass-validator.xml in two different Action classes in two different packages and different namespaces. Is there a way to do that without copying the XML file? Your model validation should work, if you are using the same model in different actions. Maybe the name is wrong - modelClass-validation.xml? Regards -- Łukasz http://www.lenart.org.pl/ Kapituła Javarsovia 2010 http://javarsovia.pl - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Basic security problem
Hand-rolled security almost always has many holes. I would suggest using spring security. Cimballi wrote: One way to do it it to have a super action with a permission property, and you set the permission property with a static param in your struts xml files using the StaticParameters interceptor. Make sure you don't have a params interceptor after your staticParams interceptor, or else users can change the injected security level with an added request parameter. -Dale - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Using json in Struts 2.1.8.1
package name=package_name extends=struts-default namespace=/namespace_name result-types result-type name=json class=com.googlecode.jsonplugin.JSONResult / /result-types Or just package name=package-name extends=json-default -Dale - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: How to reuse field validators?
W dniu 16 kwietnia 2010 16:27 użytkownik Griffith, Michael * michael.griff...@fda.hhs.gov napisał: Currently the xml file is in the package with the struts action. I this this is where my problem lies, should it be in the model package? Yes, and you must expose you model directly. Regards -- Łukasz http://www.lenart.org.pl/ Kapituła Javarsovia 2010 http://javarsovia.pl - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: How to reuse field validators?
you must expose you model directly. I'm not sure what you mean by that... Can you restate? MG -Original Message- From: Lukasz Lenart [mailto:lukasz.len...@googlemail.com] Sent: Friday, April 16, 2010 9:53 AM To: Griffith, Michael * Cc: Struts Users Mailing List Subject: Re: How to reuse field validators? W dniu 16 kwietnia 2010 16:27 użytkownik Griffith, Michael * michael.griff...@fda.hhs.gov napisał: Currently the xml file is in the package with the struts action. I this this is where my problem lies, should it be in the model package? Yes, and you must expose you model directly. Regards -- Łukasz http://www.lenart.org.pl/ Kapituła Javarsovia 2010 http://javarsovia.pl - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Using json in Struts 2.1.8.1
As of struts 2.1.8, you have (well can, but it's recommended) use the struts2-json-plugin rather than the googlecode version (the google code one has been transferred to apache as a struts 2 plugin). To do that, just use the class name org.apache.struts2.json.JSONResult (see http://struts.apache.org/2.1.8.1/struts2-plugins/struts2-json-plugin/apidocs/org/apache/struts2/json/JSONResult.html ) for your json result. Ie : package name=package_name extends=struts-default namespace=/namespace_name result-types result-type name=json class=org.apache.struts2.json.JSONResult / /result-types And include the jar file (can be found at http://repo2.maven.org/maven2/org/apache/struts/struts2-json-plugin/2.1.8.1/struts2-json-plugin-2.1.8.1.jar or in the complete distribution of struts 2) in your classpath. So your understanding is good, but you need the struts2-json-plugin-2.1.8.1.jar file too. Denis. Le 2010-04-16 10:00, sharath karnati a écrit : Hi sameer, In struts 2.1.8.1 having 'struts2-dojo-plugin-2.1.8.1.jar' file so we don't need to use 'jsonplugin-0.34.jar' for using json. This is my understanding :) If we are not including 'jsonplugin-0.34.jar' then we cannot use com.googlecode.jsonplugin.JSONResult With new Struts 2.1.8.1 version how to use json without using any annotations in action. Can someone please send me some examples for using json in this new version of struts2. Thanks in advance. Regards, Sharath. --- On Thu, 4/15/10, hisameercool_sameer_fo...@yahoo.com wrote: From: hisameercool_sameer_fo...@yahoo.com Subject: Re: Using json in Struts 2.1.8.1 To: user@struts.apache.org Date: Thursday, April 15, 2010, 7:22 PM Do something like this: In your struts.xml define result types as follows: package name=package_name extends=struts-default namespace=/namespace_name result-types result-type name=json class=com.googlecode.jsonplugin.JSONResult / /result-types then in the action mapping: action name=action_name class=AutocompleteField method=getCities() result type=json /result /action and put annotation in the getter method in your action class: @JSON public MapString,String getJson() { return json; } and u can use this json map in the jsp page. I Hope it helps! sharath wrote: Hi All, I'm having following Action - Action(Begin) - public class AutocompleteField extends ActionSupport { private String city; private MapString,String json; public String execute() throws Exception() { return SUCCESS; } public String getCities() throws Exception() { json = new HashMapString,String(); if(city != null city.length() 0) { CityDao dao = new CityDao(); ListCity cities = dao.getCitiesStartingWith(city); for(City city : cities) { json.put(city.getId(), city.getName() + , + city.getState().getAbbreviation()); } } return SUCCESS; } public void setCity(String city) { this.city = city; } public MapString,String getJson() { return json; } } - Action(End) - In struts.xml file I given following entries action name=Autocomplete!* class=gov.action.AutocompleteField method={1} !--result type=jsonjson/result -- result name=success type=json / /action When I keep 'jsonplugin-0.34.jar' file getting below error java.lang.NoClassDefFoundError: com/opensymphony/xwork2/util/TextUtils After reading some posts, they said that we should not include this .jar in this new struts2.1.8 version. I removed this .jar file I added 'struts2-dojo-plugin-2.1.8.1.jar' file in /WEB-INF/lib folder. When I deploy the application getting below error There is no result type defined for type 'json' mapped with name 'success'. Did you mean 'json'? - result Can anyone please let me know, how to define 'json' in struts.xml file? in package level I even added 'json-default' package name=admin extends=struts-default,json-default Thanks in advance. Regards, Sharath. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Basic security problem
place your right control check in a filter, i.e whenever the user send a request to the server, retrieve its right information then compare the request uri, if match, the user has been granted to do so, or does not have the proper right. good luck. On 04/16/2010 10:36 AM, Stephane Cosmeur wrote: Hello struts users I have a really basic security problem and i would like to know what is the best practice to resolve it. I have an application with an authentification system and diffrent rights for diffrent type of user. To add or remove a link/fonctionnality, we simply declarate the element in as:if test=.. balise. But the problem is the actions are still available by typing URL in bar address. How can i fix it ? Regards, - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org