[Lift] Re: security

2009-06-10 Thread marius d.

Hi,

For most apps cannonicalization is not really necessary as the
character stream for form-url-encoded is UTF-8 by default as Lift uses
UTF-8 by default. Oh and the conversion from URL encoding to plain
UTF-8 content is really done by container and when we get the params
from the request object they are already well formed. Now if we're
talking about a higher level of validation that's a different story
and IMO this is an application aspect and not much a framework one.

Br's,
Marius

On Jun 10, 5:43 am, Oliver Lambert olambo...@gmail.com wrote:
 Looks like I might have a requirement for implementing OWASP secure coding
 practices, as described by

 http://www.sans.org/reading_room/whitepapers/application/rss/appsec_p...https://mail01.paycorp.com.au/owa/redir.aspx?C=a9af519a5b1b45909b8897...

 One thing that I definitively don't do and I believe Lift doesn't do out of
 the box is Canonicalize input
 before validation/filtering. I was looking into using OWASP
 ESAPIhttp://www.owasp.org/index.php/ESAPIbut I'm put off by it's use
 of
 property files and system resources.  Do any of you Canonicalize input, if
 so, do you use a Library? Does Lift
 need this feature, or any of the others described in the above document?

 cheers
 Oliver
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: security

2009-06-10 Thread marius d.

Oh and about XSS Lift is safe by default.

Marius

On Jun 10, 9:39 am, marius d. marius.dan...@gmail.com wrote:
 Hi,

 For most apps cannonicalization is not really necessary as the
 character stream for form-url-encoded is UTF-8 by default as Lift uses
 UTF-8 by default. Oh and the conversion from URL encoding to plain
 UTF-8 content is really done by container and when we get the params
 from the request object they are already well formed. Now if we're
 talking about a higher level of validation that's a different story
 and IMO this is an application aspect and not much a framework one.

 Br's,
 Marius

 On Jun 10, 5:43 am, Oliver Lambert olambo...@gmail.com wrote:

  Looks like I might have a requirement for implementing OWASP secure coding
  practices, as described by

 http://www.sans.org/reading_room/whitepapers/application/rss/appsec_p...https://mail01.paycorp.com.au/owa/redir.aspx?C=a9af519a5b1b45909b8897...

  One thing that I definitively don't do and I believe Lift doesn't do out of
  the box is Canonicalize input
  before validation/filtering. I was looking into using OWASP
  ESAPIhttp://www.owasp.org/index.php/ESAPIbut I'm put off by it's use
  of
  property files and system resources.  Do any of you Canonicalize input, if
  so, do you use a Library? Does Lift
  need this feature, or any of the others described in the above document?

  cheers
  Oliver
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: New version of master.pdf for the Lift Book

2009-06-10 Thread Charles F. Munat

There is soldering involved? I used to solder when I was in the Navy...

(Sorry, Tim. Can't resist sometimes.)

Chas.

Derek Chen-Becker wrote:
 I'm a bit of a perfectionist when it comes to things like this. It will 
 never be good enough for me ;)
 
 On Fri, Jun 5, 2009 at 5:43 PM, Timothy Perrett 
 timo...@getintheloop.eu wrote:
 
 
 Excellent work Derek - great to see you guys still soldering on with
 the book effort post publication :-)
 
 Cheers, Tim
 
 On Jun 5, 11:36 pm, Derek Chen-Becker dchenbec...@gmail.com
 mailto:dchenbec...@gmail.com wrote:
   I made some major revisions to the Ajax and Comet chapter, so a
 new version
   is up on the group page:
  
   http://groups.google.com/group/the-lift-book/files
  
   I've been really busy with work lately, but I'm going to try to
 get at least
   one big chunk of revisions done each week.
  
   Derek
 
 
 
  

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: Programming in Scala #5, Lift Book #8, Beginning Scala #9

2009-06-10 Thread Charles F. Munat

2nd edition?

Derek Chen-Becker wrote:
 No, the book ended up being much larger than they anticipated and if I 
 understand it correctly, their workflow process could not handle that 
 many chapters/sections. We had two options: wait for APress to fix the 
 workflow and miss having the book out for JavaOne, or make the 
 appendices available as a free PDF online and have a book ready in June. 
 We opted for the latter, since we felt there was already a lot of 
 interest around Lift and we wanted to have something for people to get 
 their hands on. It's not an ideal situation, and I'm sure some people 
 will disagree with our decision, but it is what it is at this point.
 
 Derek
 
 On Mon, Jun 8, 2009 at 9:03 AM, Peter Bliznak bliz...@rogers.com 
 mailto:bliz...@rogers.com wrote:
 
 Excellent!
 Just curious - publisher forgot to include it in the print? That
 would be quite a no no .
 
 
 *From:* TylerWeir tyler.w...@gmail.com mailto:tyler.w...@gmail.com
 
 *To:* Lift liftweb@googlegroups.com mailto:liftweb@googlegroups.com
 *Sent:* Monday, June 8, 2009 10:59:15 AM
 *Subject:* [Lift] Re: Programming in Scala #5, Lift Book #8,
 Beginning Scala #9
 
 
 Hey Pete, you can grab the appendices online:
 http://apress.com/book/view/1430224215
 
 Bottom left of the page.
 
 On Jun 8, 10:49 am, Peter Bliznak bliz...@rogers.com
 mailto:bliz...@rogers.com wrote:
   As an loyalist to the cause I already have 3 of them . (yes =
 2*scala + lift)
  
   Now for  The Definitive Guide to Lift - where is numerously
 mentioned Appendix A..G ..
   I could not find it anywhere.
  
   P.
  
   
   From: TylerWeir tyler.w...@gmail.com mailto:tyler.w...@gmail.com
   To: Lift liftweb@googlegroups.com mailto:liftweb@googlegroups.com
   Sent: Monday, June 8, 2009 10:34:13 AM
   Subject: [Lift] Programming in Scala #5, Lift Book #8, Beginning
 Scala #9
  
   http://www.theserverside.com/news/thread.tss?thread_id=54862
  
   Quote:
   Here are the top 10 selling books at the JavaOne Bookstore. Are these
   a trend? You decide.
  
   1. JavaFX: Building Rich Internet Applications - Addison Wesley ISBN:
   013701287X
   2. Essential JavaFX - PTR (out June 11, 2009) ISBN: 0137042795
   3. Effective Java 2nd ed. - PTR ISBN: 0321356683
   4. Java Puzzlers - Addison Wesley ISBN: 032133678X
   5. Programming in Scala - Artima ISBN: 0981531601
   6. Java Concurrency in Practice - Addison Wesley ISBN:0321349601
   7. Beginning Java EE 5: From Novice to Professional - Apress ISBN:
   1590594703
   8. The Definitive Guide to Lift - Apress ISBN: 1430224215
   9. Beginning Scala - Apress ISBN: 1430219890
   10. OpenSolaris Bible - Wiley ISBN: 0470385480
  
   Another chance for me to thank everyone involved.
   - dpp for building the framework and being more helpful than any
   person should be expected to be.
   - Derek and Marius for being excellent co-authors and about 8 times
   smarter than me.
  
   Huzza!
 
 
 
 
 
 
  

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] LIFT + GAE + JDO

2009-06-10 Thread Marius

All,

A friend of mine if growing the appetite for Lift (go figure) and he's
starting to build a new app on GAE and he's using JDO. Of course
things didn't go very well as DataNucleus was reporting some strange
errors. Looks like DataNucleus has a bug (see here
http://www.datanucleus.org/servlet/jira/browse/NUCENHANCER-34) in the
way DataNucleus enhances the classes ... and a patch was provided
here: http://gist.github.com/94447

However there is an interesting workaround:

 @PersistenceCapable
  class Persistent {
def NULL = null;
var name: String = NULL;
var value: String = NULL
  }

with this workaround things are working without applying the above
patch.

Who knows maybe other folks ran into the same problem .. .so hopefully
this helps.

Br's,
Marius
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



Re: [scala] Re: [Lift] Programming in Scala #5, Lift Book #8, Beginning Scala #9

2009-06-10 Thread Kevin Wright
Note sure I'd agree make is all that simple... Unless you're doing something
VERY basic then it's loaded with potential for accidental complexity.  The
whole philosophy of maven is to do the Right Thing(tm) by default, although
I must admit that boilerplate for configuring plugins is frequently a pain
in the proverbial

On Wed, Jun 10, 2009 at 4:35 AM, Josh Suereth joshua.suer...@gmail.comwrote:


 I must say, I have not met a build system (besides automake) that
 exceeded make in complexity.  The amount of funny exceptions to rules
 is astounding.  I had far less trouble learning maven (in all its
 complexity)

 Sent from my iPhone

 On Jun 9, 2009, at 4:56 PM, Alexy Khrabrov delivera...@gmail.com
 wrote:

  Since the topic seems to have morphed into learning Scala and Lift by
  immersion in a day, as a recent Scala convert, I can't begin to
  emphasize how important it is to have the build infrastructure all
  done in a simple way to let novices focus on Scala.  Lift is a good
  example where you have no choice and just follow magic Maven
  incantations.  Another is Processing in Scala, where you can just do
  small sketches.  If the assumption is that it is the Java crowd which
  comes to JVM mostly, it doesn't bootstrap non-JVM folks like those
  coming from Ruby and Haskell/OCaml.  So I'm glad David covers the
  build systems in his book; there should really be an easier way to
  begin without making choices between Maven, SBT, Buildr, Ant, etc.!
  Nothing more complex than a good old command line and a Makefile in
  the same directory...  Ideally SBT becomes a part of Scala and you'll
  have a --make option, or something like that.
 
  Cheers,
  Alexy

 


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: Programming in Scala #5, Lift Book #8, Beginning Scala #9

2009-06-10 Thread Derek Chen-Becker
We'd love to do a second edition down the road. Lift is still evolving very
quickly, so I have no doubt that there will be lots of new info to cover.

Derek

On Wed, Jun 10, 2009 at 2:41 AM, Charles F. Munat c...@munat.com wrote:


 2nd edition?

 Derek Chen-Becker wrote:
  No, the book ended up being much larger than they anticipated and if I
  understand it correctly, their workflow process could not handle that
  many chapters/sections. We had two options: wait for APress to fix the
  workflow and miss having the book out for JavaOne, or make the
  appendices available as a free PDF online and have a book ready in June.
  We opted for the latter, since we felt there was already a lot of
  interest around Lift and we wanted to have something for people to get
  their hands on. It's not an ideal situation, and I'm sure some people
  will disagree with our decision, but it is what it is at this point.
 
  Derek
 
  On Mon, Jun 8, 2009 at 9:03 AM, Peter Bliznak bliz...@rogers.com
  mailto:bliz...@rogers.com wrote:
 
  Excellent!
  Just curious - publisher forgot to include it in the print? That
  would be quite a no no .
 
 
 
  *From:* TylerWeir tyler.w...@gmail.com mailto:tyler.w...@gmail.com
 
 
  *To:* Lift liftweb@googlegroups.com mailto:
 liftweb@googlegroups.com
  *Sent:* Monday, June 8, 2009 10:59:15 AM
  *Subject:* [Lift] Re: Programming in Scala #5, Lift Book #8,
  Beginning Scala #9
 
 
  Hey Pete, you can grab the appendices online:
  http://apress.com/book/view/1430224215
 
  Bottom left of the page.
 
  On Jun 8, 10:49 am, Peter Bliznak bliz...@rogers.com
  mailto:bliz...@rogers.com wrote:
As an loyalist to the cause I already have 3 of them . (yes =
  2*scala + lift)
   
Now for  The Definitive Guide to Lift - where is numerously
  mentioned Appendix A..G ..
I could not find it anywhere.
   
P.
   

From: TylerWeir tyler.w...@gmail.com mailto:
 tyler.w...@gmail.com
To: Lift liftweb@googlegroups.com mailto:
 liftweb@googlegroups.com
Sent: Monday, June 8, 2009 10:34:13 AM
Subject: [Lift] Programming in Scala #5, Lift Book #8, Beginning
  Scala #9
   
http://www.theserverside.com/news/thread.tss?thread_id=54862
   
Quote:
Here are the top 10 selling books at the JavaOne Bookstore. Are
 these
a trend? You decide.
   
1. JavaFX: Building Rich Internet Applications - Addison Wesley
 ISBN:
013701287X
2. Essential JavaFX - PTR (out June 11, 2009) ISBN: 0137042795
3. Effective Java 2nd ed. - PTR ISBN: 0321356683
4. Java Puzzlers - Addison Wesley ISBN: 032133678X
5. Programming in Scala - Artima ISBN: 0981531601
6. Java Concurrency in Practice - Addison Wesley ISBN:0321349601
7. Beginning Java EE 5: From Novice to Professional - Apress ISBN:
1590594703
8. The Definitive Guide to Lift - Apress ISBN: 1430224215
9. Beginning Scala - Apress ISBN: 1430219890
10. OpenSolaris Bible - Wiley ISBN: 0470385480
   
Another chance for me to thank everyone involved.
- dpp for building the framework and being more helpful than any
person should be expected to be.
- Derek and Marius for being excellent co-authors and about 8
 times
smarter than me.
   
Huzza!
 
 
 
 
 
 
  

 


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: Programming in Scala #5, Lift Book #8, Beginning Scala #9

2009-06-10 Thread TylerWeir

I have a feeling that we'll have to do a 2nd edition.

On Jun 10, 9:26 am, Derek Chen-Becker dchenbec...@gmail.com wrote:
 We'd love to do a second edition down the road. Lift is still evolving very
 quickly, so I have no doubt that there will be lots of new info to cover.

 Derek

 On Wed, Jun 10, 2009 at 2:41 AM, Charles F. Munat c...@munat.com wrote:



  2nd edition?

  Derek Chen-Becker wrote:
   No, the book ended up being much larger than they anticipated and if I
   understand it correctly, their workflow process could not handle that
   many chapters/sections. We had two options: wait for APress to fix the
   workflow and miss having the book out for JavaOne, or make the
   appendices available as a free PDF online and have a book ready in June.
   We opted for the latter, since we felt there was already a lot of
   interest around Lift and we wanted to have something for people to get
   their hands on. It's not an ideal situation, and I'm sure some people
   will disagree with our decision, but it is what it is at this point.

   Derek

   On Mon, Jun 8, 2009 at 9:03 AM, Peter Bliznak bliz...@rogers.com
   mailto:bliz...@rogers.com wrote:

       Excellent!
       Just curious - publisher forgot to include it in the print? That
       would be quite a no no .

  
       *From:* TylerWeir tyler.w...@gmail.com mailto:tyler.w...@gmail.com

       *To:* Lift liftweb@googlegroups.com mailto:
  liftweb@googlegroups.com
       *Sent:* Monday, June 8, 2009 10:59:15 AM
       *Subject:* [Lift] Re: Programming in Scala #5, Lift Book #8,
       Beginning Scala #9

       Hey Pete, you can grab the appendices online:
      http://apress.com/book/view/1430224215

       Bottom left of the page.

       On Jun 8, 10:49 am, Peter Bliznak bliz...@rogers.com
       mailto:bliz...@rogers.com wrote:
         As an loyalist to the cause I already have 3 of them . (yes =
       2*scala + lift)

         Now for  The Definitive Guide to Lift - where is numerously
       mentioned Appendix A..G ..
         I could not find it anywhere.

         P.

         
         From: TylerWeir tyler.w...@gmail.com mailto:
  tyler.w...@gmail.com
         To: Lift liftweb@googlegroups.com mailto:
  liftweb@googlegroups.com
         Sent: Monday, June 8, 2009 10:34:13 AM
         Subject: [Lift] Programming in Scala #5, Lift Book #8, Beginning
       Scala #9

        http://www.theserverside.com/news/thread.tss?thread_id=54862

         Quote:
         Here are the top 10 selling books at the JavaOne Bookstore. Are
  these
         a trend? You decide.

         1. JavaFX: Building Rich Internet Applications - Addison Wesley
  ISBN:
         013701287X
         2. Essential JavaFX - PTR (out June 11, 2009) ISBN: 0137042795
         3. Effective Java 2nd ed. - PTR ISBN: 0321356683
         4. Java Puzzlers - Addison Wesley ISBN: 032133678X
         5. Programming in Scala - Artima ISBN: 0981531601
         6. Java Concurrency in Practice - Addison Wesley ISBN:0321349601
         7. Beginning Java EE 5: From Novice to Professional - Apress ISBN:
         1590594703
         8. The Definitive Guide to Lift - Apress ISBN: 1430224215
         9. Beginning Scala - Apress ISBN: 1430219890
         10. OpenSolaris Bible - Wiley ISBN: 0470385480

         Another chance for me to thank everyone involved.
         - dpp for building the framework and being more helpful than any
         person should be expected to be.
         - Derek and Marius for being excellent co-authors and about 8
  times
         smarter than me.

         Huzza!


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: security

2009-06-10 Thread David Pollak
On Tue, Jun 9, 2009 at 11:39 PM, marius d. marius.dan...@gmail.com wrote:


 Hi,

 For most apps cannonicalization is not really necessary as the
 character stream for form-url-encoded is UTF-8 by default as Lift uses
 UTF-8 by default. Oh and the conversion from URL encoding to plain
 UTF-8 content is really done by container and when we get the params
 from the request object they are already well formed. Now if we're
 talking about a higher level of validation that's a different story
 and IMO this is an application aspect and not much a framework one.


And Lift does URL Decoding of the paths before presenting them as the Req()
object.

More broadly, Lift should provide all the features of ESAPI out of the box.
 If there are particular things that ESAPI offers that Lift doesn't, please
flag them and we'll add them.

I did a bunch of years as VPE and CTO at a web app security company.  In
general, I've worked to make sure that Lift has security baked in and that
the developer has to work to make the app insecure, rather than vice versa.
 If I missed a spot, Lift will be enhanced to make sure it does have
security baked in.




 Br's,
 Marius

 On Jun 10, 5:43 am, Oliver Lambert olambo...@gmail.com wrote:
  Looks like I might have a requirement for implementing OWASP secure
 coding
  practices, as described by
 

  One thing that I definitively don't do and I believe Lift doesn't do out
 of
  the box is Canonicalize input
  before validation/filtering. I was looking into using OWASP
  ESAPIhttp://www.owasp.org/index.php/ESAPIbut I'm put off by it's use
  of
  property files and system resources.  Do any of you Canonicalize input,
 if
  so, do you use a Library? Does Lift
  need this feature, or any of the others described in the above document?
 
  cheers
  Oliver
 



-- 
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: New version of master.pdf for the Lift Book

2009-06-10 Thread Timothy Perrett


Lol! That's funny, I cant spell - its true im afraid!!

On 10/06/2009 09:38, Charles F. Munat c...@munat.com wrote:

 
 There is soldering involved? I used to solder when I was in the Navy...
 
 (Sorry, Tim. Can't resist sometimes.)
 
 Chas.
 
 Derek Chen-Becker wrote:
 I'm a bit of a perfectionist when it comes to things like this. It will
 never be good enough for me ;)
 
 On Fri, Jun 5, 2009 at 5:43 PM, Timothy Perrett
 timo...@getintheloop.eu wrote:
 
 
 Excellent work Derek - great to see you guys still soldering on with
 the book effort post publication :-)
 
 Cheers, Tim
 
 On Jun 5, 11:36 pm, Derek Chen-Becker dchenbec...@gmail.com
 mailto:dchenbec...@gmail.com wrote:
 I made some major revisions to the Ajax and Comet chapter, so a
 new version
 is up on the group page:
 
 http://groups.google.com/group/the-lift-book/files
 
 I've been really busy with work lately, but I'm going to try to
 get at least
 one big chunk of revisions done each week.
 
 Derek
 
 
 
 
 
  
 



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: OSGi support for Lift

2009-06-10 Thread Alex Boisvert
Quick follow-up I've since discovered you can use the 'Webapp-Context:'
manifest entry with PAX Web Extender and Spring dm Server to achieve this.

http://wiki.ops4j.org/display/paxweb/WAR+Extender
http://jira.springframework.org/browse/OSGI-468

alex

On Tue, May 12, 2009 at 12:48 PM, Alex Boisvert boisv...@intalio.comwrote:

 Alright, thanks for your help!   I was mostly kicking the tires to get a
 taste for the upcoming OSGi integration.  I guess my main feedback at this
 point is that it would be nice to map the app into a non-root context of
 Jetty.   e.g. http://localhost:8080/examples-osgi instead of directly
 under http://localhost:8080.This would make it possible to deploy
 several Lift apps onto the same OSGi container.

 alex



 On Tue, May 12, 2009 at 12:19 PM, Heiko Seeberger 
 heiko.seeber...@googlemail.com wrote:

 Hm, does not look good :-(Thanx for trying and please keep on!
 I have to deal with some build issues, and will take a look at that
 tomorrow.

 Heiko

 2009/5/12 Alex Boisvert boisv...@intalio.com

 That was it.  I pulled again from git and now I can start the
 examples-osgi app.

 However, one more nitpick...  I can load index.htm but the snippet isn't
 rendered correctly because some resources can't be found.

 e.g.
 [5285...@qtp-20735553-0 - /] INFO
 org.ops4j.pax.web.service.internal.HttpServiceContext - getting resource:
 [/templates-hidden/default.htm]
 [5285...@qtp-20735553-0 - /] INFO
 org.ops4j.pax.web.service.internal.HttpServiceContext - found resource: null

 Is that normal?  I can see the following displayed:

   pFrom a snippet: spanHi, I am a snippet from a Lift-powered OSGi
 bundle!/span/p

 but there's no surrounding html body ... /body /html so the
 browser complains.

 alex

 On Tue, May 12, 2009 at 11:24 AM, Heiko Seeberger 
 heiko.seeber...@googlemail.com wrote:

 When did you check out? I pushed again about one or two hours ago.From
 the log I can see that you use an old version of hello.composite. The new
 one should look like:

 scan-bundle:wrap:mvn:javax.mail/mail/1.4

 scan-bundle:wrap:mvn:javax.activation/activation/1.1
 ...

 The wrap: is important. Pax Runner will wrap vanilla JARs into OSGi
 bundles.

 Please pull again, that should help.
 Heiko

 2009/5/12 Alex Boisvert boisv...@intalio.com

 Ok, I tried again based on your suggestion but I'm getting an error
 related to javax.mail:1.4 not being a valid bundle...

  - Preparing framework [Felix 1.6.0]
  - Downloading bundles...
  - mvn:javax.mail/mail/1.4 : 388864 bytes @ [ 471kBps ]
 s @ [ 498kBps ]

  ___
 /  /
/  / Oops, there has been a problem!
   /  /
  /__/   org.ops4j.pax.runner.platform.PlatformException:
 [mvn:javax.mail/mail/1.4] is not a valid bundle
 ___
/__/ Use --log=debug to see details.


 To be sure, I wiped my M2 repo under javax/mail and retried but I'm
 getting the same error.  Any idea?

 I'm attaching the full log in case it's helpful.

 alex




 On Tue, May 12, 2009 at 10:08 AM, Heiko Seeberger 
 heiko.seeber...@googlemail.com wrote:

 Hi Alex,
 2009/5/12 Alex Boisvert boisv...@intalio.com

 I downloaded and ran PAX runner,

 ./pax-run.sh --profiles=log,scala,felix.webconsole,web



 then installed the examples-osgi bundle,

 - install
 file:///home/boisvert/git/liftweb/sites/examples-osgi/hello/target/examples-osgi-hello-1.1-SNAPSHOT.jar
 Bundle ID: 9
 - [FelixDispatchQueue] DEBUG net.liftweb.examples-osgi-hello -
 BundleEvent INSTALLED
 start 9
 - [FelixDispatchQueue] DEBUG net.liftweb.examples-osgi-hello -
 BundleEvent RESOLVED
 [FelixDispatchQueue] DEBUG net.liftweb.examples-osgi-hello -
 BundleEvent STARTED


 OSGi support for Lift is implemented as extender in order to keep
 Lift core OSGi-agnostic. This means that there is a special add-on 
 bundle
 (lift-osgi) which must be installed and started. It will watch all 
 bundles
 if they are Lift-powered which means they have got a Lift-Config manifest
 entry. If so, these bundles will be delegated to for resource look-ups
 (templates) and also (latest checkin) bootstrap.liftweb.Boot classes 
 will be
 called.

 OK, you have got to install lift-osgi and all its prerequesites, i.e.
 lift-webkit, lift-util, etc. You could install the example PLUS all the
 required other bundles manually. But better go for Pax Runner like that

 pax-run.sh --profiles=web,scala,others
 scan-composite:file:hello_comp

 with hello_comp the path to hello.composite which is part of
 sites/examples-osgi/hello

 Cheers
 Heiko








 --
 My blog: heikoseeberger.name
 Follow me: twitter.com/hseeberger
 OSGi on Scala: www.scalamodules.org
 Lift, the simply functional web framework: liftweb.net








 --
 My blog: heikoseeberger.name
 Follow me: twitter.com/hseeberger
 OSGi on Scala: www.scalamodules.org
 Lift, the simply functional web framework: liftweb.net

 



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 

[Lift] org.mortbay.util.ajax.Continuation on GAE/J

2009-06-10 Thread Atsuhiko Yamanaka

Hi there,

It seems that GAE/J has changed its configuration recently,
and you may encounter the crash with
'java.lang.reflect.InvocationTargetException'.
If so, please try the latest 1.1-SNAPSHOT.

For lift committers, it seems that 'hasContinuations_?'[1] has become 'true',

  private val (hasContinuations_?, contSupport, getContinuation,
getObject, setObject, suspend, resume) = {
try {
  val cc = Class.forName(org.mortbay.util.ajax.ContinuationSupport)
  val meth = cc.getMethod(getContinuation,
classOf[HttpServletRequest], classOf[AnyRef])
  val cci = Class.forName(org.mortbay.util.ajax.Continuation)
  val getObj = cci.getMethod(getObject)
  val setObj = cci.getMethod(setObject, classOf[AnyRef])
  val suspend = cci.getMethod(suspend, _root_.java.lang.Long.TYPE)
  val resume = cci.getMethod(resume)
  (true, (cc), (meth), (getObj), (setObj), (suspend), resume)
} catch {
  case e = (false, null, null, null, null, null, null)
}
  }

This means that 'org.mortbay.util.ajax.Continuation' APIs are
available on GAE/J.
Is there a possibility to enable them without using reflection APIs
in 'checkContinuations'[2] method?


[1] 
http://github.com/dpp/liftweb/blob/50b4e8b0490929d20e9361564393e21f845dcd67/lift/src/main/scala/net/liftweb/http/LiftRules.scala#L403
[2] 
http://github.com/dpp/liftweb/blob/50b4e8b0490929d20e9361564393e21f845dcd67/lift/src/main/scala/net/liftweb/http/LiftRules.scala#L446


Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
+1-415-578-3454
Skype callto://jcraft/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Lift group created on LinkedIn

2009-06-10 Thread Mark Baker

This morning I created a group on LinkedIn for Lift enthusiasts.  I
called it LiftWeb and here's the link to the group -
http://www.linkedin.com/groups?gid=2017908.  Hopefully this will build
more interest in Lift and enable Lift people to meet.

Thanks,
Mark

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: Lift group created on LinkedIn

2009-06-10 Thread David Pollak
Cool.  I just joined.
Thanks for taking the initiative to do this!

On Wed, Jun 10, 2009 at 8:10 AM, Mark Baker markmbake...@gmail.com wrote:


 This morning I created a group on LinkedIn for Lift enthusiasts.  I
 called it LiftWeb and here's the link to the group -
 http://www.linkedin.com/groups?gid=2017908.  Hopefully this will build
 more interest in Lift and enable Lift people to meet.

 Thanks,
 Mark

 



-- 
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: JTA Transaction Monad - Early Access Program

2009-06-10 Thread Meredith Gregory
Lifted,

i gotta say this thread of activity is just so cool. It's what i always
dreamed open source would be like. The community essentially gets to access
and think with each others' best minds and act with each others' best
talents to arrive on a path to a better concrete realization of feature,
function and design. We all know, individually and collectively, just how
hard it is to make excellent software and know that we're more likely to
achieve that aim working together. i can't help but notice that there is no
explicit representation of the profit motive here. Each of us might
individually be in contact with some aspect of profit motive, but it does
not have an explicit representation in this little snippet of process. That
gives this entrepreneur pause for thought.

Best wishes,

--greg

On Tue, Jun 9, 2009 at 3:46 PM, David Pollak
feeder.of.the.be...@gmail.comwrote:



 On Tue, Jun 9, 2009 at 1:08 PM, Jonas Bonér jbo...@gmail.com wrote:


 Now I have deleted the lib dir with all jars and fixed the POM.


 Thanks!




 2009/6/9 Derek Chen-Becker dchenbec...@gmail.com:
  In my email above I have the link to the Maven artifacts for Atomikos:
 
  http://mvnrepository.com/artifact/com.atomikos
 
  I think that the dependency you want is:
 
  dependency
  groupIdcom.atomikos/groupId
  artifactIdtransactions-jta/artifactId
  version3.2.3/version
  /dependency
 
  Derek
 
  On Tue, Jun 9, 2009 at 12:54 PM, Meredith Gregory 
 lgreg.mered...@gmail.com
  wrote:
 
  Jonas,
 
  Awesome! i look forward to digging into this stuff!
 
  Best wishes,
 
  --greg
 
  On Tue, Jun 9, 2009 at 6:18 AM, Jonas Bonér jbo...@gmail.com wrote:
 
  Hey guys.
 
  I have hacked together an early draft of the JTA transaction stuff.
 
  I have wrapped it up in a monad. Here  are some examples of usage:
 
   for {
ctx - TransactionContext.Required
entity - updatedEntities
if !ctx.isRollbackOnly
   } {
// transactional stuff
ctx.getEntityManager.merge(entity)
   }
 
  val users = for {
ctx - TransactionContext.Required
name - userNames
   } yield {
// transactional stuff
val query = ctx.getEntityManager.createNamedQuery(findUserByName)
query.setParameter(userName, name)
query.getSingleResult
   }
 
  If you don't like the monadic approach you can just use the high-order
  functions:
 
  TransactionContext.withTxRequired {
 ... // REQUIRED semantics
 
   TransactionContext.withTxRequiresNew {
 ... // REQUIRES_NEW semantics
   }
  }
 
  I have implemented the same semantics as used in the EJB spec.
  Required, RequiresNew, Mandatory, Supports, Never. All these are
  monadic objects in the TransactionContext object.
  I don't have a webapp to try this out, so I would be happy to get all
  kinds of feedback, but API wise and bug reports or fixes.
 
  This API is hooked into Derek's Scala-JPA stuff. I had my own impl of
  this but replaced it with Derek's work.
 
  Derek,
  please go through the integration to see if I have done it correctly,
  and where things code be improved.
 
  All committers,
  feel free to hack and change this code anyway you want.
 
  The code is in a branch (wip-jta-jonas), you can find it here:
 
 
 http://github.com/dpp/liftweb/tree/3783b9e2200cc57dd72baa1bd8cabdb1365ee923/lift-jta
 
  Check the ScalaDoc (or the source) for the documentation on usage,
  semantics etc.
  Also see the README for configuration in persistence.xml etc.
 
  Currently it is hard-coded to use the Atomikos Transaction library and
  Hibernate JPA, that would have to be configurable + some other options
  as well. See the TODOs in the code.
 
  As I said, this needs feedback and testing. Thanks.
 
  --
  Jonas Bonér
 
  twitter: @jboner
  blog:http://jonasboner.com
  work:   http://crisp.se
  work:   http://scalablesolutions.se
  code:   http://github.com/jboner
 
 
 
 
 
  --
  L.G. Meredith
  Managing Partner
  Biosimilarity LLC
  1219 NW 83rd St
  Seattle, WA 98117
 
  +1 206.650.3740
 
  http://biosimilarity.blogspot.com
 
 
 
 
  
 



 --
 Jonas Bonér

 twitter: @jboner
 blog:http://jonasboner.com
 work:   http://crisp.se
 work:   http://scalablesolutions.se
 code:   http://github.com/jboner





 --
 Lift, the simply functional web framework http://liftweb.net
 Beginning Scala http://www.apress.com/book/view/1430219890
 Follow me: http://twitter.com/dpp
 Git some: http://github.com/dpp

 



-- 
L.G. Meredith
Managing Partner
Biosimilarity LLC
1219 NW 83rd St
Seattle, WA 98117

+1 206.650.3740

http://biosimilarity.blogspot.com

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: JTA Transaction Monad - Early Access Program

2009-06-10 Thread James Strachan

2009/6/9 Jonas Bonér jbo...@gmail.com:

 2009/6/9 David Pollak feeder.of.the.be...@gmail.com:
 Jonas,
 We always use Maven to load dependencies.  We never use GPL dependencies.
  If you have a question about the license of a dependency and its use in
 Lift, please ping me privately.

 I am using Maven. But as I said I could not find the Atomikos in any
 public library, putting them in lib will let the user easily install
 them in their local repo.
 Do you know if they are in any public repo?

If its any help I added them here a while back for an integration test
in ActiveMQ
http://repo.fusesource.com/maven2-all/com/atomikos/

the repo is: http://repo.fusesource.com/maven2-all/

you might wanna put more recent jars up on some public repo though.


-- 
James
---
http://macstrac.blogspot.com/

Open Source Integration
http://fusesource.com/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: Lift group created on LinkedIn

2009-06-10 Thread Mark Baker

Sure thing.  Glad to help where I can.

Mark

On Jun 10, 11:28 am, David Pollak feeder.of.the.be...@gmail.com
wrote:
 Cool.  I just joined.
 Thanks for taking the initiative to do this!

 On Wed, Jun 10, 2009 at 8:10 AM, Mark Baker markmbake...@gmail.com wrote:

  This morning I created a group on LinkedIn for Lift enthusiasts.  I
  called it LiftWeb and here's the link to the group -
 http://www.linkedin.com/groups?gid=2017908.  Hopefully this will build
  more interest in Lift and enable Lift people to meet.

  Thanks,
  Mark

 --
 Lift, the simply functional web frameworkhttp://liftweb.net
 Beginning Scalahttp://www.apress.com/book/view/1430219890
 Follow me:http://twitter.com/dpp
 Git some:http://github.com/dpp

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: org.mortbay.util.ajax.Continuation on GAE/J

2009-06-10 Thread David Pollak
On Wed, Jun 10, 2009 at 7:29 AM, Atsuhiko Yamanaka 
atsuhiko.yaman...@gmail.com wrote:


 Hi there,

 It seems that GAE/J has changed its configuration recently,
 and you may encounter the crash with
 'java.lang.reflect.InvocationTargetException'.
 If so, please try the latest 1.1-SNAPSHOT.

 For lift committers, it seems that 'hasContinuations_?'[1] has become
 'true',

  private val (hasContinuations_?, contSupport, getContinuation,
 getObject, setObject, suspend, resume) = {
try {
  val cc = Class.forName(org.mortbay.util.ajax.ContinuationSupport)
  val meth = cc.getMethod(getContinuation,
 classOf[HttpServletRequest], classOf[AnyRef])
  val cci = Class.forName(org.mortbay.util.ajax.Continuation)
  val getObj = cci.getMethod(getObject)
  val setObj = cci.getMethod(setObject, classOf[AnyRef])
  val suspend = cci.getMethod(suspend, _root_.java.lang.Long.TYPE)
  val resume = cci.getMethod(resume)
  (true, (cc), (meth), (getObj), (setObj), (suspend), resume)
} catch {
  case e = (false, null, null, null, null, null, null)
}
  }

 This means that 'org.mortbay.util.ajax.Continuation' APIs are
 available on GAE/J.
 Is there a possibility to enable them without using reflection APIs
 in 'checkContinuations'[2] method?


Unfortunately, no.  In order to do this, we'd have to have a hard dependency
on Jetty.  It may be possible to do an external continuations module and you
are encouraged to research this.

Thanks,

David





 [1]
 http://github.com/dpp/liftweb/blob/50b4e8b0490929d20e9361564393e21f845dcd67/lift/src/main/scala/net/liftweb/http/LiftRules.scala#L403
 [2]
 http://github.com/dpp/liftweb/blob/50b4e8b0490929d20e9361564393e21f845dcd67/lift/src/main/scala/net/liftweb/http/LiftRules.scala#L446


 Sincerely,
 --
 Atsuhiko Yamanaka
 JCraft,Inc.
 1-14-20 HONCHO AOBA-KU,
 SENDAI, MIYAGI 980-0014 Japan.
 Tel +81-22-723-2150
+1-415-578-3454
 Skype callto://jcraft/

 



-- 
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: Lift group created on LinkedIn

2009-06-10 Thread Heiko Seeberger
Cool!I just joined.

Thanx
Heiko

2009/6/10 Mark Baker markmbake...@gmail.com


 This morning I created a group on LinkedIn for Lift enthusiasts.  I
 called it LiftWeb and here's the link to the group -
 http://www.linkedin.com/groups?gid=2017908.  Hopefully this will build
 more interest in Lift and enable Lift people to meet.

 Thanks,
 Mark

 



-- 
My blog: heikoseeberger.name
Follow me: twitter.com/hseeberger
OSGi on Scala: www.scalamodules.org
Lift, the simply functional web framework: liftweb.net

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: org.mortbay.util.ajax.Continuation on GAE/J

2009-06-10 Thread Atsuhiko Yamanaka

Hi,

On Thu, Jun 11, 2009 at 12:30 AM, David
Pollakfeeder.of.the.be...@gmail.com wrote:
 Unfortunately, no.  In order to do this, we'd have to have a hard dependency
 on Jetty.  It may be possible to do an external continuations module and you
 are encouraged to research this.

I agree with you that a hard dependecy on jetty is not acceptable.
I will research that.


Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
+1-415-578-3454
Skype callto://jcraft/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: org.mortbay.util.ajax.Continuation on GAE/J

2009-06-10 Thread Alex Boisvert
On Wed, Jun 10, 2009 at 9:15 AM, Atsuhiko Yamanaka 
atsuhiko.yaman...@gmail.com wrote:


 Hi,

 On Thu, Jun 11, 2009 at 12:30 AM, David
 Pollakfeeder.of.the.be...@gmail.com wrote:
  Unfortunately, no.  In order to do this, we'd have to have a hard
 dependency
  on Jetty.  It may be possible to do an external continuations module and
 you
  are encouraged to research this.

 I agree with you that a hard dependecy on jetty is not acceptable.
 I will research that.


Or perhaps have some sort of pluggable factory for continuations so the hard
dependency can be moved into an optional module?  The factory class could be
configured in web.xml as a servlet init-param.

alex

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: org.mortbay.util.ajax.Continuation on GAE/J

2009-06-10 Thread marius d.



On Jun 10, 7:27 pm, Alex Boisvert boisv...@intalio.com wrote:
 On Wed, Jun 10, 2009 at 9:15 AM, Atsuhiko Yamanaka 

 atsuhiko.yaman...@gmail.com wrote:

  Hi,

  On Thu, Jun 11, 2009 at 12:30 AM, David
  Pollakfeeder.of.the.be...@gmail.com wrote:
   Unfortunately, no.  In order to do this, we'd have to have a hard
  dependency
   on Jetty.  It may be possible to do an external continuations module and
  you
   are encouraged to research this.

  I agree with you that a hard dependecy on jetty is not acceptable.
  I will research that.

 Or perhaps have some sort of pluggable factory for continuations so the hard
 dependency can be moved into an optional module?  The factory class could be
 configured in web.xml as a servlet init-param.

I think that the less XML config things are there, the better. We can
simply have a trait and the specific implementation will be packaged
in a separate jar.file that can just exist is a by convension
location. Say 'plugins' folder. With a very simple classloader we can
easily achieve this flexibility (... I don't thing that this is a
candidate for OSGI plugins).


 alex
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: JTA Transaction Monad - Early Access Program

2009-06-10 Thread Jonas Bonér

Thanks James.
But I have already found them in a public repo.
/Jonas

2009/6/10 James Strachan james.strac...@gmail.com:

 2009/6/9 Jonas Bonér jbo...@gmail.com:

 2009/6/9 David Pollak feeder.of.the.be...@gmail.com:
 Jonas,
 We always use Maven to load dependencies.  We never use GPL dependencies.
  If you have a question about the license of a dependency and its use in
 Lift, please ping me privately.

 I am using Maven. But as I said I could not find the Atomikos in any
 public library, putting them in lib will let the user easily install
 them in their local repo.
 Do you know if they are in any public repo?

 If its any help I added them here a while back for an integration test
 in ActiveMQ
 http://repo.fusesource.com/maven2-all/com/atomikos/

 the repo is: http://repo.fusesource.com/maven2-all/

 you might wanna put more recent jars up on some public repo though.


 --
 James
 ---
 http://macstrac.blogspot.com/

 Open Source Integration
 http://fusesource.com/

 




-- 
Jonas Bonér

twitter: @jboner
blog:http://jonasboner.com
work:   http://crisp.se
work:   http://scalablesolutions.se
code:   http://github.com/jboner

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] multiSelectObj

2009-06-10 Thread Jonathan Meeks

While looking at SHtml.selectObj (correponding to select), I noticed
there is no multiSelectObj -- only multiSelect. Is there any
particular reason for this? Would it make sense to add one?

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: multiSelectObj

2009-06-10 Thread David Pollak
On Wed, Jun 10, 2009 at 1:56 PM, Jonathan Meeks jonathanme...@gmail.comwrote:


 While looking at SHtml.selectObj (correponding to select), I noticed
 there is no multiSelectObj -- only multiSelect. Is there any
 particular reason for this? Would it make sense to add one?


No good reason... I'll add one.




 



-- 
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: security

2009-06-10 Thread Oliver Lambert
On Wed, Jun 10, 2009 at 11:58 PM, David Pollak 
feeder.of.the.be...@gmail.com wrote:



 On Tue, Jun 9, 2009 at 11:39 PM, marius d. marius.dan...@gmail.comwrote:


 Hi,

 For most apps cannonicalization is not really necessary as the
 character stream for form-url-encoded is UTF-8 by default as Lift uses
 UTF-8 by default. Oh and the conversion from URL encoding to plain
 UTF-8 content is really done by container and when we get the params
 from the request object they are already well formed. Now if we're
 talking about a higher level of validation that's a different story
 and IMO this is an application aspect and not much a framework one.


 And Lift does URL Decoding of the paths before presenting them as the Req()
 object.

 More broadly, Lift should provide all the features of ESAPI out of the box.
  If there are particular things that ESAPI offers that Lift doesn't, please
 flag them and we'll add them.

 I did a bunch of years as VPE and CTO at a web app security company.  In
 general, I've worked to make sure that Lift has security baked in and that
 the developer has to work to make the app insecure, rather than vice versa.
  If I missed a spot, Lift will be enhanced to make sure it does have
 security baked in.


From my perspective Lift is secure, much more so than other frameworks I've
used. The current set of Lift apps, that I've helped develop, have survived
outsourced penetration testing without requiring any modifications at all.
Great!

I'm not a security expert, but I am being asked to consider ESAPI features.
From my limited understanding, the UTF-8 encoding is fine and Lift protects
the response from displaying any scripts or html that might have
inadvertently been added to the database.  The problem is more what is being
validated and how its being validated. I don't buy Marius's claim that this
is somehow a higer order validation that is an application concern rather
than a framework one. The internet has all the insecurities it has, because
security has been left to the application developer.

As far a I can see, one problem lies when a string is obtained from the web
page and instanciated into a String object.  For instance, if it comes in as
scriptalert('XSS')/script, then its probably not what you want.  Why
does it matter if something like this gets stored in your database - perhaps
because it's one part of your security.  In addition if it comes in doubly
encoded as

%253Cscript%253Ealert('XSS')%253C%252Fscript%253E

then its probably also not what you want.

1) To stop double encoding, ESAPI suggests that you use cannonicalization to
convert the strings to a similar format before validation.
2) After, the input has been cannonicalized, ESAPI suggests that the input
should be validated against a whitelist of allowed charaters.

Now, I can't see that 1 or 2 is necessary if you are creating a number from
the input, but perhaps it should be, if you are creating a ordinary String
object. I also am not sure how much work would be involved in using a
whitelist in a location aware multilingual way, but perhaps it could be done
as a default.





 Br's,
 Marius

 On Jun 10, 5:43 am, Oliver Lambert olambo...@gmail.com wrote:
  Looks like I might have a requirement for implementing OWASP secure
 coding
  practices, as described by
 

  One thing that I definitively don't do and I believe Lift doesn't do out
 of
  the box is Canonicalize input
  before validation/filtering. I was looking into using OWASP
  ESAPIhttp://www.owasp.org/index.php/ESAPIbut I'm put off by it's use
  of
  property files and system resources.  Do any of you Canonicalize input,
 if
  so, do you use a Library? Does Lift
  need this feature, or any of the others described in the above document?
 
  cheers
  Oliver




 --
 Lift, the simply functional web framework http://liftweb.net
 Beginning Scala http://www.apress.com/book/view/1430219890
 Follow me: http://twitter.com/dpp
 Git some: http://github.com/dpp

 


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: multiSelectObj

2009-06-10 Thread Jonathan Meeks

I was actually going to volunteer to add one. I'd learn something as
I'm new to Lift and Scala.

You'd probably be able to do it faster, but if you wanted to see what
I came up with and give feedback I'd be most appreciative.

--Jonathan

On Jun 10, 6:05 pm, David Pollak feeder.of.the.be...@gmail.com
wrote:
 On Wed, Jun 10, 2009 at 1:56 PM, Jonathan Meeks 
 jonathanme...@gmail.comwrote:



  While looking at SHtml.selectObj (correponding to select), I noticed
  there is no multiSelectObj -- only multiSelect. Is there any
  particular reason for this? Would it make sense to add one?

 No good reason... I'll add one.



 --
 Lift, the simply functional web frameworkhttp://liftweb.net
 Beginning Scalahttp://www.apress.com/book/view/1430219890
 Follow me:http://twitter.com/dpp
 Git some:http://github.com/dpp

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: date management

2009-06-10 Thread g-man

Nice!

Things are moving now, thanks to your guidance. It's a matter of: 1)
knowing what you want to do, and 2) knowing how to do things with
Scala... duh, yea.

I will post my results in a few days after I get everything working
well, but the RequestVar is doing its job.


On Jun 8, 7:18 am, Derek Chen-Becker dchenbec...@gmail.com wrote:
 Generally you can either use RequestVars or a StatefulSnippet class to keep
 the values around on form resubmission. If you're using a Mapper class, you
 really just need one RequestVar to hold your Mapper instance. For example,
 if I had a Mapper class for a person with first name, last name and email, I
 could do something like this in my snippet class:

 ...
   // Set the up the RequstVar to initialize a new MyUserClass by default
   object userVar extends RequestVar[MyUserClass](MyUserClass.create)

   def editMyUser (xhtml : NodeSeq) : NodeSeq = {
     // We define a val to capture the current value of the userVar. This
 will be used to reinject later, as well
     // as for current access
     val current = userVar.is
     ...
     def saveMyUser () {
       current.validate match { ...
         ...
         current.save
       }
     }

     bind(user, xhtml,
            // First we re-inject the current MyUserClass instance using a
 hidden field
            current - SHtml.hidden(() = userVar(current))
            // normal fields follow, e.g.
            name - SHtml.text(current.name.is, current.name(_))
            // alternatively, you could do both steps in the first form
 field:
            name - SHtml.text(current.name.is, { in = userVar(current);
 current.name(in) })
            ...
     )
   }
 ...

 Let me know if you have any questions on that.

 Derek

 On Fri, Jun 5, 2009 at 9:47 PM, g-man gregor...@gmail.com wrote:

  I now have the due date arriving OK from the jQuery datepicker, and I
  cobbled together some ugliness to give days left until the ToDo due
  date, so that is good.

  My problem now is since we are not using the 'magic' of the _toForm
  methods for the form elements, I have to set each var value for the
  model field from the input SHtml data, as was done in the PocketChange
  app AddEntry.scala file.

  What is happening is that the initialization for each var is resetting
  the form if validation fails, so I guess I need to institute some
  RequestVars to remember the form values for resubmission, right?

  All my questions will take take the form of 'how to' recipes of
  foundational webapp elements, as you can see. My plan is to develop
  them for a 'cookbook' section of the wiki, so that's why I am asking
  one simple conceptual thing at a time.

  Therefore, what I have to learn now is all about form binding and
  recalling form value state if validation fails, so please break that
  down for me.

  Thanks as always!

  On Jun 3, 10:25 pm, Derek Chen-Becker dchenbec...@gmail.com wrote:
   Box is the base class. What you want is Full(2).

   Derek

   On Wed, Jun 3, 2009 at 8:53 PM, g-man gregor...@gmail.com wrote:

Very good!

I did a little homework, rearranged some things, and am getting some
nice results with the 'manual method'...

Since I am following the PocketChange app now rather than the ToDo
example, there is no 'todo' val in scope to bind, so the
todo.priority.toForm method will not work.

I have SHtml.select working with a mapping for my choices, and I can
use Empty for my default, but how do I get a Box[2] as my default?

On Jun 3, 7:21 am, Derek Chen-Becker dchenbec...@gmail.com wrote:
 The only issue I would mention is that there's currently an open
  ticket
 because MappedDateTime won't save the time portion when you use
  Derby. I
 haven't had time to triage this yet.

 Derek

 On Wed, Jun 3, 2009 at 3:01 AM, Timothy Perrett
  timo...@getintheloop.eu
wrote:

  Greg,

  I dont really use toForm; have you explored doing it manually? It
  seems like that would be able to tell you if there is a problem
  with
  toForm on MappedDateTime.

  I use mapped date time quite a bit and have no problems at all
  persisting the dates :-)

  Cheers, Tim

  On Jun 3, 3:09 am, g-man gregor...@gmail.com wrote:
   Are there no ideas for my problem?

   I have many more questions saved up, but would like to clear each
  out
   before starting a new one.

   Thanks again!

   On May 31, 1:57 pm, g-man gregor...@gmail.com wrote:

As I proceed to enhance the ToDo example, I have added a new
  field
to
the ToDo.scala model:

object dueOn extends MappedDateTime(this) {
    final val dateFormat = DateFormat.getDateInstance
(DateFormat.SHORT)
    override def asHtml = Text(dateFormat.format(is))}

Next, I added a binding in the TD.scala snippet within the add
method
of the TD class:

def doBind(form: NodeSeq) = {
      bind(todo, form,  

[Lift] Re: multiSelectObj

2009-06-10 Thread Jonathan Meeks

Here's what I came up with. It seems to work.

I don't know how well it will appear inlined in a posting. Let if you
want it delivered in another fashion.

diff --git a/lift/src/main/scala/net/liftweb/http/SHtml.scala b/lift/
src/main/scala/net/liftweb/http/SHtml.scala
index 22c4832..58e6069 100644
--- a/lift/src/main/scala/net/liftweb/http/SHtml.scala
+++ b/lift/src/main/scala/net/liftweb/http/SHtml.scala
@@ -430,13 +430,28 @@ object SHtml {
   private[http] def secureOptions[T](options: Seq[(T, String)],
default: Box[T],
  onSubmit: T = Unit): (Seq
[(String, String)], Box[String], AFuncHolder) = {
 val secure = options.map{case (obj, txt) = (obj, randomString
(20), txt)}
-val defaultNonce = default.flatMap(d = secure.find(_._1 == d).map
(_._2))
+val defaultNonce = default.map(secureDefaultNonce(secure, _))
 val nonces = secure.map{case (obj, nonce, txt) = (nonce, txt)}
 def process(nonce: String): Unit =
 secure.find(_._2 == nonce).map(x = onSubmit(x._1))
 (nonces, defaultNonce, SFuncHolder(process))
   }

+  private[http] def secureOptions[T](options: Seq[(T, String)],
default: Seq[T],
+ onSubmit: T = Any): (Seq
[(String, String)], Seq[String], LFuncHolder) = {
+val secure = options.map{case (obj, txt) = (obj, randomString
(20), txt)}
+val defaultNonce = default.map(secureDefaultNonce(secure, _))
+val nonces = secure.map{case (obj, nonce, txt) = (nonce, txt)}
+def process(nonces: List[String]): Any =
+nonces.map(nonce = secure.find(_._2 == nonce).map(x = onSubmit
(x._1)))
+(nonces, defaultNonce, LFuncHolder(process))
+  }
+
+  private def secureDefaultNonce[T](secureOptions: Seq[(T, String,
String)], default: T): String = {
+secureOptions.find(_._1 == default).get._2
+  }
+
+
   /**
* Create a select box based on the list with a default value and
the function to be executed on
* form submission
@@ -518,6 +533,22 @@ object SHtml {
   func: List[String] = Any, attrs: (String, String)
*): Elem =
   multiSelect_*(opts, deflt, LFuncHolder(func), attrs :_*)

+  /**
+   * Create a select box based on the list with a default value and
the function
+   * to be executed on form submission
+   *
+   * @param options  -- a list of value and text pairs (value, text
to display)
+   * @param default  -- the default value (or Empty if no default
value)
+   * @param onSubmit -- the function to execute on form submission
+   */
+  def multiSelectObj[T](options: Seq[(T, String)], default: Seq[T],
+   onSubmit: T = Unit, attrs: (String, String)*):
Elem = {
+val (nonces, defaultNonce, secureOnSubmit) =
+secureOptions(options, default, onSubmit)
+
+multiSelect_*(nonces, defaultNonce, secureOnSubmit, attrs:_*)
+  }
+
   def multiSelect_*(opts: Seq[(String, String)],
 deflt: Seq[String],
 func: AFuncHolder, attrs: (String, String)*):
Elem =


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---