[Lift] Re: security
Hi, For most apps cannonicalization is not really necessary as the character stream for form-url-encoded is UTF-8 by default as Lift uses UTF-8 by default. Oh and the conversion from URL encoding to plain UTF-8 content is really done by container and when we get the params from the request object they are already well formed. Now if we're talking about a higher level of validation that's a different story and IMO this is an application aspect and not much a framework one. Br's, Marius On Jun 10, 5:43 am, Oliver Lambert olambo...@gmail.com wrote: Looks like I might have a requirement for implementing OWASP secure coding practices, as described by http://www.sans.org/reading_room/whitepapers/application/rss/appsec_p...https://mail01.paycorp.com.au/owa/redir.aspx?C=a9af519a5b1b45909b8897... One thing that I definitively don't do and I believe Lift doesn't do out of the box is Canonicalize input before validation/filtering. I was looking into using OWASP ESAPIhttp://www.owasp.org/index.php/ESAPIbut I'm put off by it's use of property files and system resources. Do any of you Canonicalize input, if so, do you use a Library? Does Lift need this feature, or any of the others described in the above document? cheers Oliver --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: security
Oh and about XSS Lift is safe by default. Marius On Jun 10, 9:39 am, marius d. marius.dan...@gmail.com wrote: Hi, For most apps cannonicalization is not really necessary as the character stream for form-url-encoded is UTF-8 by default as Lift uses UTF-8 by default. Oh and the conversion from URL encoding to plain UTF-8 content is really done by container and when we get the params from the request object they are already well formed. Now if we're talking about a higher level of validation that's a different story and IMO this is an application aspect and not much a framework one. Br's, Marius On Jun 10, 5:43 am, Oliver Lambert olambo...@gmail.com wrote: Looks like I might have a requirement for implementing OWASP secure coding practices, as described by http://www.sans.org/reading_room/whitepapers/application/rss/appsec_p...https://mail01.paycorp.com.au/owa/redir.aspx?C=a9af519a5b1b45909b8897... One thing that I definitively don't do and I believe Lift doesn't do out of the box is Canonicalize input before validation/filtering. I was looking into using OWASP ESAPIhttp://www.owasp.org/index.php/ESAPIbut I'm put off by it's use of property files and system resources. Do any of you Canonicalize input, if so, do you use a Library? Does Lift need this feature, or any of the others described in the above document? cheers Oliver --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: New version of master.pdf for the Lift Book
There is soldering involved? I used to solder when I was in the Navy... (Sorry, Tim. Can't resist sometimes.) Chas. Derek Chen-Becker wrote: I'm a bit of a perfectionist when it comes to things like this. It will never be good enough for me ;) On Fri, Jun 5, 2009 at 5:43 PM, Timothy Perrett timo...@getintheloop.eu wrote: Excellent work Derek - great to see you guys still soldering on with the book effort post publication :-) Cheers, Tim On Jun 5, 11:36 pm, Derek Chen-Becker dchenbec...@gmail.com mailto:dchenbec...@gmail.com wrote: I made some major revisions to the Ajax and Comet chapter, so a new version is up on the group page: http://groups.google.com/group/the-lift-book/files I've been really busy with work lately, but I'm going to try to get at least one big chunk of revisions done each week. Derek --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Programming in Scala #5, Lift Book #8, Beginning Scala #9
2nd edition? Derek Chen-Becker wrote: No, the book ended up being much larger than they anticipated and if I understand it correctly, their workflow process could not handle that many chapters/sections. We had two options: wait for APress to fix the workflow and miss having the book out for JavaOne, or make the appendices available as a free PDF online and have a book ready in June. We opted for the latter, since we felt there was already a lot of interest around Lift and we wanted to have something for people to get their hands on. It's not an ideal situation, and I'm sure some people will disagree with our decision, but it is what it is at this point. Derek On Mon, Jun 8, 2009 at 9:03 AM, Peter Bliznak bliz...@rogers.com mailto:bliz...@rogers.com wrote: Excellent! Just curious - publisher forgot to include it in the print? That would be quite a no no . *From:* TylerWeir tyler.w...@gmail.com mailto:tyler.w...@gmail.com *To:* Lift liftweb@googlegroups.com mailto:liftweb@googlegroups.com *Sent:* Monday, June 8, 2009 10:59:15 AM *Subject:* [Lift] Re: Programming in Scala #5, Lift Book #8, Beginning Scala #9 Hey Pete, you can grab the appendices online: http://apress.com/book/view/1430224215 Bottom left of the page. On Jun 8, 10:49 am, Peter Bliznak bliz...@rogers.com mailto:bliz...@rogers.com wrote: As an loyalist to the cause I already have 3 of them . (yes = 2*scala + lift) Now for The Definitive Guide to Lift - where is numerously mentioned Appendix A..G .. I could not find it anywhere. P. From: TylerWeir tyler.w...@gmail.com mailto:tyler.w...@gmail.com To: Lift liftweb@googlegroups.com mailto:liftweb@googlegroups.com Sent: Monday, June 8, 2009 10:34:13 AM Subject: [Lift] Programming in Scala #5, Lift Book #8, Beginning Scala #9 http://www.theserverside.com/news/thread.tss?thread_id=54862 Quote: Here are the top 10 selling books at the JavaOne Bookstore. Are these a trend? You decide. 1. JavaFX: Building Rich Internet Applications - Addison Wesley ISBN: 013701287X 2. Essential JavaFX - PTR (out June 11, 2009) ISBN: 0137042795 3. Effective Java 2nd ed. - PTR ISBN: 0321356683 4. Java Puzzlers - Addison Wesley ISBN: 032133678X 5. Programming in Scala - Artima ISBN: 0981531601 6. Java Concurrency in Practice - Addison Wesley ISBN:0321349601 7. Beginning Java EE 5: From Novice to Professional - Apress ISBN: 1590594703 8. The Definitive Guide to Lift - Apress ISBN: 1430224215 9. Beginning Scala - Apress ISBN: 1430219890 10. OpenSolaris Bible - Wiley ISBN: 0470385480 Another chance for me to thank everyone involved. - dpp for building the framework and being more helpful than any person should be expected to be. - Derek and Marius for being excellent co-authors and about 8 times smarter than me. Huzza! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] LIFT + GAE + JDO
All, A friend of mine if growing the appetite for Lift (go figure) and he's starting to build a new app on GAE and he's using JDO. Of course things didn't go very well as DataNucleus was reporting some strange errors. Looks like DataNucleus has a bug (see here http://www.datanucleus.org/servlet/jira/browse/NUCENHANCER-34) in the way DataNucleus enhances the classes ... and a patch was provided here: http://gist.github.com/94447 However there is an interesting workaround: @PersistenceCapable class Persistent { def NULL = null; var name: String = NULL; var value: String = NULL } with this workaround things are working without applying the above patch. Who knows maybe other folks ran into the same problem .. .so hopefully this helps. Br's, Marius --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
Re: [scala] Re: [Lift] Programming in Scala #5, Lift Book #8, Beginning Scala #9
Note sure I'd agree make is all that simple... Unless you're doing something VERY basic then it's loaded with potential for accidental complexity. The whole philosophy of maven is to do the Right Thing(tm) by default, although I must admit that boilerplate for configuring plugins is frequently a pain in the proverbial On Wed, Jun 10, 2009 at 4:35 AM, Josh Suereth joshua.suer...@gmail.comwrote: I must say, I have not met a build system (besides automake) that exceeded make in complexity. The amount of funny exceptions to rules is astounding. I had far less trouble learning maven (in all its complexity) Sent from my iPhone On Jun 9, 2009, at 4:56 PM, Alexy Khrabrov delivera...@gmail.com wrote: Since the topic seems to have morphed into learning Scala and Lift by immersion in a day, as a recent Scala convert, I can't begin to emphasize how important it is to have the build infrastructure all done in a simple way to let novices focus on Scala. Lift is a good example where you have no choice and just follow magic Maven incantations. Another is Processing in Scala, where you can just do small sketches. If the assumption is that it is the Java crowd which comes to JVM mostly, it doesn't bootstrap non-JVM folks like those coming from Ruby and Haskell/OCaml. So I'm glad David covers the build systems in his book; there should really be an easier way to begin without making choices between Maven, SBT, Buildr, Ant, etc.! Nothing more complex than a good old command line and a Makefile in the same directory... Ideally SBT becomes a part of Scala and you'll have a --make option, or something like that. Cheers, Alexy --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Programming in Scala #5, Lift Book #8, Beginning Scala #9
We'd love to do a second edition down the road. Lift is still evolving very quickly, so I have no doubt that there will be lots of new info to cover. Derek On Wed, Jun 10, 2009 at 2:41 AM, Charles F. Munat c...@munat.com wrote: 2nd edition? Derek Chen-Becker wrote: No, the book ended up being much larger than they anticipated and if I understand it correctly, their workflow process could not handle that many chapters/sections. We had two options: wait for APress to fix the workflow and miss having the book out for JavaOne, or make the appendices available as a free PDF online and have a book ready in June. We opted for the latter, since we felt there was already a lot of interest around Lift and we wanted to have something for people to get their hands on. It's not an ideal situation, and I'm sure some people will disagree with our decision, but it is what it is at this point. Derek On Mon, Jun 8, 2009 at 9:03 AM, Peter Bliznak bliz...@rogers.com mailto:bliz...@rogers.com wrote: Excellent! Just curious - publisher forgot to include it in the print? That would be quite a no no . *From:* TylerWeir tyler.w...@gmail.com mailto:tyler.w...@gmail.com *To:* Lift liftweb@googlegroups.com mailto: liftweb@googlegroups.com *Sent:* Monday, June 8, 2009 10:59:15 AM *Subject:* [Lift] Re: Programming in Scala #5, Lift Book #8, Beginning Scala #9 Hey Pete, you can grab the appendices online: http://apress.com/book/view/1430224215 Bottom left of the page. On Jun 8, 10:49 am, Peter Bliznak bliz...@rogers.com mailto:bliz...@rogers.com wrote: As an loyalist to the cause I already have 3 of them . (yes = 2*scala + lift) Now for The Definitive Guide to Lift - where is numerously mentioned Appendix A..G .. I could not find it anywhere. P. From: TylerWeir tyler.w...@gmail.com mailto: tyler.w...@gmail.com To: Lift liftweb@googlegroups.com mailto: liftweb@googlegroups.com Sent: Monday, June 8, 2009 10:34:13 AM Subject: [Lift] Programming in Scala #5, Lift Book #8, Beginning Scala #9 http://www.theserverside.com/news/thread.tss?thread_id=54862 Quote: Here are the top 10 selling books at the JavaOne Bookstore. Are these a trend? You decide. 1. JavaFX: Building Rich Internet Applications - Addison Wesley ISBN: 013701287X 2. Essential JavaFX - PTR (out June 11, 2009) ISBN: 0137042795 3. Effective Java 2nd ed. - PTR ISBN: 0321356683 4. Java Puzzlers - Addison Wesley ISBN: 032133678X 5. Programming in Scala - Artima ISBN: 0981531601 6. Java Concurrency in Practice - Addison Wesley ISBN:0321349601 7. Beginning Java EE 5: From Novice to Professional - Apress ISBN: 1590594703 8. The Definitive Guide to Lift - Apress ISBN: 1430224215 9. Beginning Scala - Apress ISBN: 1430219890 10. OpenSolaris Bible - Wiley ISBN: 0470385480 Another chance for me to thank everyone involved. - dpp for building the framework and being more helpful than any person should be expected to be. - Derek and Marius for being excellent co-authors and about 8 times smarter than me. Huzza! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Programming in Scala #5, Lift Book #8, Beginning Scala #9
I have a feeling that we'll have to do a 2nd edition. On Jun 10, 9:26 am, Derek Chen-Becker dchenbec...@gmail.com wrote: We'd love to do a second edition down the road. Lift is still evolving very quickly, so I have no doubt that there will be lots of new info to cover. Derek On Wed, Jun 10, 2009 at 2:41 AM, Charles F. Munat c...@munat.com wrote: 2nd edition? Derek Chen-Becker wrote: No, the book ended up being much larger than they anticipated and if I understand it correctly, their workflow process could not handle that many chapters/sections. We had two options: wait for APress to fix the workflow and miss having the book out for JavaOne, or make the appendices available as a free PDF online and have a book ready in June. We opted for the latter, since we felt there was already a lot of interest around Lift and we wanted to have something for people to get their hands on. It's not an ideal situation, and I'm sure some people will disagree with our decision, but it is what it is at this point. Derek On Mon, Jun 8, 2009 at 9:03 AM, Peter Bliznak bliz...@rogers.com mailto:bliz...@rogers.com wrote: Excellent! Just curious - publisher forgot to include it in the print? That would be quite a no no . *From:* TylerWeir tyler.w...@gmail.com mailto:tyler.w...@gmail.com *To:* Lift liftweb@googlegroups.com mailto: liftweb@googlegroups.com *Sent:* Monday, June 8, 2009 10:59:15 AM *Subject:* [Lift] Re: Programming in Scala #5, Lift Book #8, Beginning Scala #9 Hey Pete, you can grab the appendices online: http://apress.com/book/view/1430224215 Bottom left of the page. On Jun 8, 10:49 am, Peter Bliznak bliz...@rogers.com mailto:bliz...@rogers.com wrote: As an loyalist to the cause I already have 3 of them . (yes = 2*scala + lift) Now for The Definitive Guide to Lift - where is numerously mentioned Appendix A..G .. I could not find it anywhere. P. From: TylerWeir tyler.w...@gmail.com mailto: tyler.w...@gmail.com To: Lift liftweb@googlegroups.com mailto: liftweb@googlegroups.com Sent: Monday, June 8, 2009 10:34:13 AM Subject: [Lift] Programming in Scala #5, Lift Book #8, Beginning Scala #9 http://www.theserverside.com/news/thread.tss?thread_id=54862 Quote: Here are the top 10 selling books at the JavaOne Bookstore. Are these a trend? You decide. 1. JavaFX: Building Rich Internet Applications - Addison Wesley ISBN: 013701287X 2. Essential JavaFX - PTR (out June 11, 2009) ISBN: 0137042795 3. Effective Java 2nd ed. - PTR ISBN: 0321356683 4. Java Puzzlers - Addison Wesley ISBN: 032133678X 5. Programming in Scala - Artima ISBN: 0981531601 6. Java Concurrency in Practice - Addison Wesley ISBN:0321349601 7. Beginning Java EE 5: From Novice to Professional - Apress ISBN: 1590594703 8. The Definitive Guide to Lift - Apress ISBN: 1430224215 9. Beginning Scala - Apress ISBN: 1430219890 10. OpenSolaris Bible - Wiley ISBN: 0470385480 Another chance for me to thank everyone involved. - dpp for building the framework and being more helpful than any person should be expected to be. - Derek and Marius for being excellent co-authors and about 8 times smarter than me. Huzza! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: security
On Tue, Jun 9, 2009 at 11:39 PM, marius d. marius.dan...@gmail.com wrote: Hi, For most apps cannonicalization is not really necessary as the character stream for form-url-encoded is UTF-8 by default as Lift uses UTF-8 by default. Oh and the conversion from URL encoding to plain UTF-8 content is really done by container and when we get the params from the request object they are already well formed. Now if we're talking about a higher level of validation that's a different story and IMO this is an application aspect and not much a framework one. And Lift does URL Decoding of the paths before presenting them as the Req() object. More broadly, Lift should provide all the features of ESAPI out of the box. If there are particular things that ESAPI offers that Lift doesn't, please flag them and we'll add them. I did a bunch of years as VPE and CTO at a web app security company. In general, I've worked to make sure that Lift has security baked in and that the developer has to work to make the app insecure, rather than vice versa. If I missed a spot, Lift will be enhanced to make sure it does have security baked in. Br's, Marius On Jun 10, 5:43 am, Oliver Lambert olambo...@gmail.com wrote: Looks like I might have a requirement for implementing OWASP secure coding practices, as described by One thing that I definitively don't do and I believe Lift doesn't do out of the box is Canonicalize input before validation/filtering. I was looking into using OWASP ESAPIhttp://www.owasp.org/index.php/ESAPIbut I'm put off by it's use of property files and system resources. Do any of you Canonicalize input, if so, do you use a Library? Does Lift need this feature, or any of the others described in the above document? cheers Oliver -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Git some: http://github.com/dpp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: New version of master.pdf for the Lift Book
Lol! That's funny, I cant spell - its true im afraid!! On 10/06/2009 09:38, Charles F. Munat c...@munat.com wrote: There is soldering involved? I used to solder when I was in the Navy... (Sorry, Tim. Can't resist sometimes.) Chas. Derek Chen-Becker wrote: I'm a bit of a perfectionist when it comes to things like this. It will never be good enough for me ;) On Fri, Jun 5, 2009 at 5:43 PM, Timothy Perrett timo...@getintheloop.eu wrote: Excellent work Derek - great to see you guys still soldering on with the book effort post publication :-) Cheers, Tim On Jun 5, 11:36 pm, Derek Chen-Becker dchenbec...@gmail.com mailto:dchenbec...@gmail.com wrote: I made some major revisions to the Ajax and Comet chapter, so a new version is up on the group page: http://groups.google.com/group/the-lift-book/files I've been really busy with work lately, but I'm going to try to get at least one big chunk of revisions done each week. Derek --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: OSGi support for Lift
Quick follow-up I've since discovered you can use the 'Webapp-Context:' manifest entry with PAX Web Extender and Spring dm Server to achieve this. http://wiki.ops4j.org/display/paxweb/WAR+Extender http://jira.springframework.org/browse/OSGI-468 alex On Tue, May 12, 2009 at 12:48 PM, Alex Boisvert boisv...@intalio.comwrote: Alright, thanks for your help! I was mostly kicking the tires to get a taste for the upcoming OSGi integration. I guess my main feedback at this point is that it would be nice to map the app into a non-root context of Jetty. e.g. http://localhost:8080/examples-osgi instead of directly under http://localhost:8080.This would make it possible to deploy several Lift apps onto the same OSGi container. alex On Tue, May 12, 2009 at 12:19 PM, Heiko Seeberger heiko.seeber...@googlemail.com wrote: Hm, does not look good :-(Thanx for trying and please keep on! I have to deal with some build issues, and will take a look at that tomorrow. Heiko 2009/5/12 Alex Boisvert boisv...@intalio.com That was it. I pulled again from git and now I can start the examples-osgi app. However, one more nitpick... I can load index.htm but the snippet isn't rendered correctly because some resources can't be found. e.g. [5285...@qtp-20735553-0 - /] INFO org.ops4j.pax.web.service.internal.HttpServiceContext - getting resource: [/templates-hidden/default.htm] [5285...@qtp-20735553-0 - /] INFO org.ops4j.pax.web.service.internal.HttpServiceContext - found resource: null Is that normal? I can see the following displayed: pFrom a snippet: spanHi, I am a snippet from a Lift-powered OSGi bundle!/span/p but there's no surrounding html body ... /body /html so the browser complains. alex On Tue, May 12, 2009 at 11:24 AM, Heiko Seeberger heiko.seeber...@googlemail.com wrote: When did you check out? I pushed again about one or two hours ago.From the log I can see that you use an old version of hello.composite. The new one should look like: scan-bundle:wrap:mvn:javax.mail/mail/1.4 scan-bundle:wrap:mvn:javax.activation/activation/1.1 ... The wrap: is important. Pax Runner will wrap vanilla JARs into OSGi bundles. Please pull again, that should help. Heiko 2009/5/12 Alex Boisvert boisv...@intalio.com Ok, I tried again based on your suggestion but I'm getting an error related to javax.mail:1.4 not being a valid bundle... - Preparing framework [Felix 1.6.0] - Downloading bundles... - mvn:javax.mail/mail/1.4 : 388864 bytes @ [ 471kBps ] s @ [ 498kBps ] ___ / / / / Oops, there has been a problem! / / /__/ org.ops4j.pax.runner.platform.PlatformException: [mvn:javax.mail/mail/1.4] is not a valid bundle ___ /__/ Use --log=debug to see details. To be sure, I wiped my M2 repo under javax/mail and retried but I'm getting the same error. Any idea? I'm attaching the full log in case it's helpful. alex On Tue, May 12, 2009 at 10:08 AM, Heiko Seeberger heiko.seeber...@googlemail.com wrote: Hi Alex, 2009/5/12 Alex Boisvert boisv...@intalio.com I downloaded and ran PAX runner, ./pax-run.sh --profiles=log,scala,felix.webconsole,web then installed the examples-osgi bundle, - install file:///home/boisvert/git/liftweb/sites/examples-osgi/hello/target/examples-osgi-hello-1.1-SNAPSHOT.jar Bundle ID: 9 - [FelixDispatchQueue] DEBUG net.liftweb.examples-osgi-hello - BundleEvent INSTALLED start 9 - [FelixDispatchQueue] DEBUG net.liftweb.examples-osgi-hello - BundleEvent RESOLVED [FelixDispatchQueue] DEBUG net.liftweb.examples-osgi-hello - BundleEvent STARTED OSGi support for Lift is implemented as extender in order to keep Lift core OSGi-agnostic. This means that there is a special add-on bundle (lift-osgi) which must be installed and started. It will watch all bundles if they are Lift-powered which means they have got a Lift-Config manifest entry. If so, these bundles will be delegated to for resource look-ups (templates) and also (latest checkin) bootstrap.liftweb.Boot classes will be called. OK, you have got to install lift-osgi and all its prerequesites, i.e. lift-webkit, lift-util, etc. You could install the example PLUS all the required other bundles manually. But better go for Pax Runner like that pax-run.sh --profiles=web,scala,others scan-composite:file:hello_comp with hello_comp the path to hello.composite which is part of sites/examples-osgi/hello Cheers Heiko -- My blog: heikoseeberger.name Follow me: twitter.com/hseeberger OSGi on Scala: www.scalamodules.org Lift, the simply functional web framework: liftweb.net -- My blog: heikoseeberger.name Follow me: twitter.com/hseeberger OSGi on Scala: www.scalamodules.org Lift, the simply functional web framework: liftweb.net --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups
[Lift] org.mortbay.util.ajax.Continuation on GAE/J
Hi there, It seems that GAE/J has changed its configuration recently, and you may encounter the crash with 'java.lang.reflect.InvocationTargetException'. If so, please try the latest 1.1-SNAPSHOT. For lift committers, it seems that 'hasContinuations_?'[1] has become 'true', private val (hasContinuations_?, contSupport, getContinuation, getObject, setObject, suspend, resume) = { try { val cc = Class.forName(org.mortbay.util.ajax.ContinuationSupport) val meth = cc.getMethod(getContinuation, classOf[HttpServletRequest], classOf[AnyRef]) val cci = Class.forName(org.mortbay.util.ajax.Continuation) val getObj = cci.getMethod(getObject) val setObj = cci.getMethod(setObject, classOf[AnyRef]) val suspend = cci.getMethod(suspend, _root_.java.lang.Long.TYPE) val resume = cci.getMethod(resume) (true, (cc), (meth), (getObj), (setObj), (suspend), resume) } catch { case e = (false, null, null, null, null, null, null) } } This means that 'org.mortbay.util.ajax.Continuation' APIs are available on GAE/J. Is there a possibility to enable them without using reflection APIs in 'checkContinuations'[2] method? [1] http://github.com/dpp/liftweb/blob/50b4e8b0490929d20e9361564393e21f845dcd67/lift/src/main/scala/net/liftweb/http/LiftRules.scala#L403 [2] http://github.com/dpp/liftweb/blob/50b4e8b0490929d20e9361564393e21f845dcd67/lift/src/main/scala/net/liftweb/http/LiftRules.scala#L446 Sincerely, -- Atsuhiko Yamanaka JCraft,Inc. 1-14-20 HONCHO AOBA-KU, SENDAI, MIYAGI 980-0014 Japan. Tel +81-22-723-2150 +1-415-578-3454 Skype callto://jcraft/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Lift group created on LinkedIn
This morning I created a group on LinkedIn for Lift enthusiasts. I called it LiftWeb and here's the link to the group - http://www.linkedin.com/groups?gid=2017908. Hopefully this will build more interest in Lift and enable Lift people to meet. Thanks, Mark --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Lift group created on LinkedIn
Cool. I just joined. Thanks for taking the initiative to do this! On Wed, Jun 10, 2009 at 8:10 AM, Mark Baker markmbake...@gmail.com wrote: This morning I created a group on LinkedIn for Lift enthusiasts. I called it LiftWeb and here's the link to the group - http://www.linkedin.com/groups?gid=2017908. Hopefully this will build more interest in Lift and enable Lift people to meet. Thanks, Mark -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Git some: http://github.com/dpp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: JTA Transaction Monad - Early Access Program
Lifted, i gotta say this thread of activity is just so cool. It's what i always dreamed open source would be like. The community essentially gets to access and think with each others' best minds and act with each others' best talents to arrive on a path to a better concrete realization of feature, function and design. We all know, individually and collectively, just how hard it is to make excellent software and know that we're more likely to achieve that aim working together. i can't help but notice that there is no explicit representation of the profit motive here. Each of us might individually be in contact with some aspect of profit motive, but it does not have an explicit representation in this little snippet of process. That gives this entrepreneur pause for thought. Best wishes, --greg On Tue, Jun 9, 2009 at 3:46 PM, David Pollak feeder.of.the.be...@gmail.comwrote: On Tue, Jun 9, 2009 at 1:08 PM, Jonas Bonér jbo...@gmail.com wrote: Now I have deleted the lib dir with all jars and fixed the POM. Thanks! 2009/6/9 Derek Chen-Becker dchenbec...@gmail.com: In my email above I have the link to the Maven artifacts for Atomikos: http://mvnrepository.com/artifact/com.atomikos I think that the dependency you want is: dependency groupIdcom.atomikos/groupId artifactIdtransactions-jta/artifactId version3.2.3/version /dependency Derek On Tue, Jun 9, 2009 at 12:54 PM, Meredith Gregory lgreg.mered...@gmail.com wrote: Jonas, Awesome! i look forward to digging into this stuff! Best wishes, --greg On Tue, Jun 9, 2009 at 6:18 AM, Jonas Bonér jbo...@gmail.com wrote: Hey guys. I have hacked together an early draft of the JTA transaction stuff. I have wrapped it up in a monad. Here are some examples of usage: for { ctx - TransactionContext.Required entity - updatedEntities if !ctx.isRollbackOnly } { // transactional stuff ctx.getEntityManager.merge(entity) } val users = for { ctx - TransactionContext.Required name - userNames } yield { // transactional stuff val query = ctx.getEntityManager.createNamedQuery(findUserByName) query.setParameter(userName, name) query.getSingleResult } If you don't like the monadic approach you can just use the high-order functions: TransactionContext.withTxRequired { ... // REQUIRED semantics TransactionContext.withTxRequiresNew { ... // REQUIRES_NEW semantics } } I have implemented the same semantics as used in the EJB spec. Required, RequiresNew, Mandatory, Supports, Never. All these are monadic objects in the TransactionContext object. I don't have a webapp to try this out, so I would be happy to get all kinds of feedback, but API wise and bug reports or fixes. This API is hooked into Derek's Scala-JPA stuff. I had my own impl of this but replaced it with Derek's work. Derek, please go through the integration to see if I have done it correctly, and where things code be improved. All committers, feel free to hack and change this code anyway you want. The code is in a branch (wip-jta-jonas), you can find it here: http://github.com/dpp/liftweb/tree/3783b9e2200cc57dd72baa1bd8cabdb1365ee923/lift-jta Check the ScalaDoc (or the source) for the documentation on usage, semantics etc. Also see the README for configuration in persistence.xml etc. Currently it is hard-coded to use the Atomikos Transaction library and Hibernate JPA, that would have to be configurable + some other options as well. See the TODOs in the code. As I said, this needs feedback and testing. Thanks. -- Jonas Bonér twitter: @jboner blog:http://jonasboner.com work: http://crisp.se work: http://scalablesolutions.se code: http://github.com/jboner -- L.G. Meredith Managing Partner Biosimilarity LLC 1219 NW 83rd St Seattle, WA 98117 +1 206.650.3740 http://biosimilarity.blogspot.com -- Jonas Bonér twitter: @jboner blog:http://jonasboner.com work: http://crisp.se work: http://scalablesolutions.se code: http://github.com/jboner -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Git some: http://github.com/dpp -- L.G. Meredith Managing Partner Biosimilarity LLC 1219 NW 83rd St Seattle, WA 98117 +1 206.650.3740 http://biosimilarity.blogspot.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: JTA Transaction Monad - Early Access Program
2009/6/9 Jonas Bonér jbo...@gmail.com: 2009/6/9 David Pollak feeder.of.the.be...@gmail.com: Jonas, We always use Maven to load dependencies. We never use GPL dependencies. If you have a question about the license of a dependency and its use in Lift, please ping me privately. I am using Maven. But as I said I could not find the Atomikos in any public library, putting them in lib will let the user easily install them in their local repo. Do you know if they are in any public repo? If its any help I added them here a while back for an integration test in ActiveMQ http://repo.fusesource.com/maven2-all/com/atomikos/ the repo is: http://repo.fusesource.com/maven2-all/ you might wanna put more recent jars up on some public repo though. -- James --- http://macstrac.blogspot.com/ Open Source Integration http://fusesource.com/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Lift group created on LinkedIn
Sure thing. Glad to help where I can. Mark On Jun 10, 11:28 am, David Pollak feeder.of.the.be...@gmail.com wrote: Cool. I just joined. Thanks for taking the initiative to do this! On Wed, Jun 10, 2009 at 8:10 AM, Mark Baker markmbake...@gmail.com wrote: This morning I created a group on LinkedIn for Lift enthusiasts. I called it LiftWeb and here's the link to the group - http://www.linkedin.com/groups?gid=2017908. Hopefully this will build more interest in Lift and enable Lift people to meet. Thanks, Mark -- Lift, the simply functional web frameworkhttp://liftweb.net Beginning Scalahttp://www.apress.com/book/view/1430219890 Follow me:http://twitter.com/dpp Git some:http://github.com/dpp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: org.mortbay.util.ajax.Continuation on GAE/J
On Wed, Jun 10, 2009 at 7:29 AM, Atsuhiko Yamanaka atsuhiko.yaman...@gmail.com wrote: Hi there, It seems that GAE/J has changed its configuration recently, and you may encounter the crash with 'java.lang.reflect.InvocationTargetException'. If so, please try the latest 1.1-SNAPSHOT. For lift committers, it seems that 'hasContinuations_?'[1] has become 'true', private val (hasContinuations_?, contSupport, getContinuation, getObject, setObject, suspend, resume) = { try { val cc = Class.forName(org.mortbay.util.ajax.ContinuationSupport) val meth = cc.getMethod(getContinuation, classOf[HttpServletRequest], classOf[AnyRef]) val cci = Class.forName(org.mortbay.util.ajax.Continuation) val getObj = cci.getMethod(getObject) val setObj = cci.getMethod(setObject, classOf[AnyRef]) val suspend = cci.getMethod(suspend, _root_.java.lang.Long.TYPE) val resume = cci.getMethod(resume) (true, (cc), (meth), (getObj), (setObj), (suspend), resume) } catch { case e = (false, null, null, null, null, null, null) } } This means that 'org.mortbay.util.ajax.Continuation' APIs are available on GAE/J. Is there a possibility to enable them without using reflection APIs in 'checkContinuations'[2] method? Unfortunately, no. In order to do this, we'd have to have a hard dependency on Jetty. It may be possible to do an external continuations module and you are encouraged to research this. Thanks, David [1] http://github.com/dpp/liftweb/blob/50b4e8b0490929d20e9361564393e21f845dcd67/lift/src/main/scala/net/liftweb/http/LiftRules.scala#L403 [2] http://github.com/dpp/liftweb/blob/50b4e8b0490929d20e9361564393e21f845dcd67/lift/src/main/scala/net/liftweb/http/LiftRules.scala#L446 Sincerely, -- Atsuhiko Yamanaka JCraft,Inc. 1-14-20 HONCHO AOBA-KU, SENDAI, MIYAGI 980-0014 Japan. Tel +81-22-723-2150 +1-415-578-3454 Skype callto://jcraft/ -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Git some: http://github.com/dpp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Lift group created on LinkedIn
Cool!I just joined. Thanx Heiko 2009/6/10 Mark Baker markmbake...@gmail.com This morning I created a group on LinkedIn for Lift enthusiasts. I called it LiftWeb and here's the link to the group - http://www.linkedin.com/groups?gid=2017908. Hopefully this will build more interest in Lift and enable Lift people to meet. Thanks, Mark -- My blog: heikoseeberger.name Follow me: twitter.com/hseeberger OSGi on Scala: www.scalamodules.org Lift, the simply functional web framework: liftweb.net --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: org.mortbay.util.ajax.Continuation on GAE/J
Hi, On Thu, Jun 11, 2009 at 12:30 AM, David Pollakfeeder.of.the.be...@gmail.com wrote: Unfortunately, no. In order to do this, we'd have to have a hard dependency on Jetty. It may be possible to do an external continuations module and you are encouraged to research this. I agree with you that a hard dependecy on jetty is not acceptable. I will research that. Sincerely, -- Atsuhiko Yamanaka JCraft,Inc. 1-14-20 HONCHO AOBA-KU, SENDAI, MIYAGI 980-0014 Japan. Tel +81-22-723-2150 +1-415-578-3454 Skype callto://jcraft/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: org.mortbay.util.ajax.Continuation on GAE/J
On Wed, Jun 10, 2009 at 9:15 AM, Atsuhiko Yamanaka atsuhiko.yaman...@gmail.com wrote: Hi, On Thu, Jun 11, 2009 at 12:30 AM, David Pollakfeeder.of.the.be...@gmail.com wrote: Unfortunately, no. In order to do this, we'd have to have a hard dependency on Jetty. It may be possible to do an external continuations module and you are encouraged to research this. I agree with you that a hard dependecy on jetty is not acceptable. I will research that. Or perhaps have some sort of pluggable factory for continuations so the hard dependency can be moved into an optional module? The factory class could be configured in web.xml as a servlet init-param. alex --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: org.mortbay.util.ajax.Continuation on GAE/J
On Jun 10, 7:27 pm, Alex Boisvert boisv...@intalio.com wrote: On Wed, Jun 10, 2009 at 9:15 AM, Atsuhiko Yamanaka atsuhiko.yaman...@gmail.com wrote: Hi, On Thu, Jun 11, 2009 at 12:30 AM, David Pollakfeeder.of.the.be...@gmail.com wrote: Unfortunately, no. In order to do this, we'd have to have a hard dependency on Jetty. It may be possible to do an external continuations module and you are encouraged to research this. I agree with you that a hard dependecy on jetty is not acceptable. I will research that. Or perhaps have some sort of pluggable factory for continuations so the hard dependency can be moved into an optional module? The factory class could be configured in web.xml as a servlet init-param. I think that the less XML config things are there, the better. We can simply have a trait and the specific implementation will be packaged in a separate jar.file that can just exist is a by convension location. Say 'plugins' folder. With a very simple classloader we can easily achieve this flexibility (... I don't thing that this is a candidate for OSGI plugins). alex --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: JTA Transaction Monad - Early Access Program
Thanks James. But I have already found them in a public repo. /Jonas 2009/6/10 James Strachan james.strac...@gmail.com: 2009/6/9 Jonas Bonér jbo...@gmail.com: 2009/6/9 David Pollak feeder.of.the.be...@gmail.com: Jonas, We always use Maven to load dependencies. We never use GPL dependencies. If you have a question about the license of a dependency and its use in Lift, please ping me privately. I am using Maven. But as I said I could not find the Atomikos in any public library, putting them in lib will let the user easily install them in their local repo. Do you know if they are in any public repo? If its any help I added them here a while back for an integration test in ActiveMQ http://repo.fusesource.com/maven2-all/com/atomikos/ the repo is: http://repo.fusesource.com/maven2-all/ you might wanna put more recent jars up on some public repo though. -- James --- http://macstrac.blogspot.com/ Open Source Integration http://fusesource.com/ -- Jonas Bonér twitter: @jboner blog:http://jonasboner.com work: http://crisp.se work: http://scalablesolutions.se code: http://github.com/jboner --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] multiSelectObj
While looking at SHtml.selectObj (correponding to select), I noticed there is no multiSelectObj -- only multiSelect. Is there any particular reason for this? Would it make sense to add one? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: multiSelectObj
On Wed, Jun 10, 2009 at 1:56 PM, Jonathan Meeks jonathanme...@gmail.comwrote: While looking at SHtml.selectObj (correponding to select), I noticed there is no multiSelectObj -- only multiSelect. Is there any particular reason for this? Would it make sense to add one? No good reason... I'll add one. -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Git some: http://github.com/dpp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: security
On Wed, Jun 10, 2009 at 11:58 PM, David Pollak feeder.of.the.be...@gmail.com wrote: On Tue, Jun 9, 2009 at 11:39 PM, marius d. marius.dan...@gmail.comwrote: Hi, For most apps cannonicalization is not really necessary as the character stream for form-url-encoded is UTF-8 by default as Lift uses UTF-8 by default. Oh and the conversion from URL encoding to plain UTF-8 content is really done by container and when we get the params from the request object they are already well formed. Now if we're talking about a higher level of validation that's a different story and IMO this is an application aspect and not much a framework one. And Lift does URL Decoding of the paths before presenting them as the Req() object. More broadly, Lift should provide all the features of ESAPI out of the box. If there are particular things that ESAPI offers that Lift doesn't, please flag them and we'll add them. I did a bunch of years as VPE and CTO at a web app security company. In general, I've worked to make sure that Lift has security baked in and that the developer has to work to make the app insecure, rather than vice versa. If I missed a spot, Lift will be enhanced to make sure it does have security baked in. From my perspective Lift is secure, much more so than other frameworks I've used. The current set of Lift apps, that I've helped develop, have survived outsourced penetration testing without requiring any modifications at all. Great! I'm not a security expert, but I am being asked to consider ESAPI features. From my limited understanding, the UTF-8 encoding is fine and Lift protects the response from displaying any scripts or html that might have inadvertently been added to the database. The problem is more what is being validated and how its being validated. I don't buy Marius's claim that this is somehow a higer order validation that is an application concern rather than a framework one. The internet has all the insecurities it has, because security has been left to the application developer. As far a I can see, one problem lies when a string is obtained from the web page and instanciated into a String object. For instance, if it comes in as scriptalert('XSS')/script, then its probably not what you want. Why does it matter if something like this gets stored in your database - perhaps because it's one part of your security. In addition if it comes in doubly encoded as %253Cscript%253Ealert('XSS')%253C%252Fscript%253E then its probably also not what you want. 1) To stop double encoding, ESAPI suggests that you use cannonicalization to convert the strings to a similar format before validation. 2) After, the input has been cannonicalized, ESAPI suggests that the input should be validated against a whitelist of allowed charaters. Now, I can't see that 1 or 2 is necessary if you are creating a number from the input, but perhaps it should be, if you are creating a ordinary String object. I also am not sure how much work would be involved in using a whitelist in a location aware multilingual way, but perhaps it could be done as a default. Br's, Marius On Jun 10, 5:43 am, Oliver Lambert olambo...@gmail.com wrote: Looks like I might have a requirement for implementing OWASP secure coding practices, as described by One thing that I definitively don't do and I believe Lift doesn't do out of the box is Canonicalize input before validation/filtering. I was looking into using OWASP ESAPIhttp://www.owasp.org/index.php/ESAPIbut I'm put off by it's use of property files and system resources. Do any of you Canonicalize input, if so, do you use a Library? Does Lift need this feature, or any of the others described in the above document? cheers Oliver -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Git some: http://github.com/dpp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: multiSelectObj
I was actually going to volunteer to add one. I'd learn something as I'm new to Lift and Scala. You'd probably be able to do it faster, but if you wanted to see what I came up with and give feedback I'd be most appreciative. --Jonathan On Jun 10, 6:05 pm, David Pollak feeder.of.the.be...@gmail.com wrote: On Wed, Jun 10, 2009 at 1:56 PM, Jonathan Meeks jonathanme...@gmail.comwrote: While looking at SHtml.selectObj (correponding to select), I noticed there is no multiSelectObj -- only multiSelect. Is there any particular reason for this? Would it make sense to add one? No good reason... I'll add one. -- Lift, the simply functional web frameworkhttp://liftweb.net Beginning Scalahttp://www.apress.com/book/view/1430219890 Follow me:http://twitter.com/dpp Git some:http://github.com/dpp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: date management
Nice! Things are moving now, thanks to your guidance. It's a matter of: 1) knowing what you want to do, and 2) knowing how to do things with Scala... duh, yea. I will post my results in a few days after I get everything working well, but the RequestVar is doing its job. On Jun 8, 7:18 am, Derek Chen-Becker dchenbec...@gmail.com wrote: Generally you can either use RequestVars or a StatefulSnippet class to keep the values around on form resubmission. If you're using a Mapper class, you really just need one RequestVar to hold your Mapper instance. For example, if I had a Mapper class for a person with first name, last name and email, I could do something like this in my snippet class: ... // Set the up the RequstVar to initialize a new MyUserClass by default object userVar extends RequestVar[MyUserClass](MyUserClass.create) def editMyUser (xhtml : NodeSeq) : NodeSeq = { // We define a val to capture the current value of the userVar. This will be used to reinject later, as well // as for current access val current = userVar.is ... def saveMyUser () { current.validate match { ... ... current.save } } bind(user, xhtml, // First we re-inject the current MyUserClass instance using a hidden field current - SHtml.hidden(() = userVar(current)) // normal fields follow, e.g. name - SHtml.text(current.name.is, current.name(_)) // alternatively, you could do both steps in the first form field: name - SHtml.text(current.name.is, { in = userVar(current); current.name(in) }) ... ) } ... Let me know if you have any questions on that. Derek On Fri, Jun 5, 2009 at 9:47 PM, g-man gregor...@gmail.com wrote: I now have the due date arriving OK from the jQuery datepicker, and I cobbled together some ugliness to give days left until the ToDo due date, so that is good. My problem now is since we are not using the 'magic' of the _toForm methods for the form elements, I have to set each var value for the model field from the input SHtml data, as was done in the PocketChange app AddEntry.scala file. What is happening is that the initialization for each var is resetting the form if validation fails, so I guess I need to institute some RequestVars to remember the form values for resubmission, right? All my questions will take take the form of 'how to' recipes of foundational webapp elements, as you can see. My plan is to develop them for a 'cookbook' section of the wiki, so that's why I am asking one simple conceptual thing at a time. Therefore, what I have to learn now is all about form binding and recalling form value state if validation fails, so please break that down for me. Thanks as always! On Jun 3, 10:25 pm, Derek Chen-Becker dchenbec...@gmail.com wrote: Box is the base class. What you want is Full(2). Derek On Wed, Jun 3, 2009 at 8:53 PM, g-man gregor...@gmail.com wrote: Very good! I did a little homework, rearranged some things, and am getting some nice results with the 'manual method'... Since I am following the PocketChange app now rather than the ToDo example, there is no 'todo' val in scope to bind, so the todo.priority.toForm method will not work. I have SHtml.select working with a mapping for my choices, and I can use Empty for my default, but how do I get a Box[2] as my default? On Jun 3, 7:21 am, Derek Chen-Becker dchenbec...@gmail.com wrote: The only issue I would mention is that there's currently an open ticket because MappedDateTime won't save the time portion when you use Derby. I haven't had time to triage this yet. Derek On Wed, Jun 3, 2009 at 3:01 AM, Timothy Perrett timo...@getintheloop.eu wrote: Greg, I dont really use toForm; have you explored doing it manually? It seems like that would be able to tell you if there is a problem with toForm on MappedDateTime. I use mapped date time quite a bit and have no problems at all persisting the dates :-) Cheers, Tim On Jun 3, 3:09 am, g-man gregor...@gmail.com wrote: Are there no ideas for my problem? I have many more questions saved up, but would like to clear each out before starting a new one. Thanks again! On May 31, 1:57 pm, g-man gregor...@gmail.com wrote: As I proceed to enhance the ToDo example, I have added a new field to the ToDo.scala model: object dueOn extends MappedDateTime(this) { final val dateFormat = DateFormat.getDateInstance (DateFormat.SHORT) override def asHtml = Text(dateFormat.format(is))} Next, I added a binding in the TD.scala snippet within the add method of the TD class: def doBind(form: NodeSeq) = { bind(todo, form,
[Lift] Re: multiSelectObj
Here's what I came up with. It seems to work. I don't know how well it will appear inlined in a posting. Let if you want it delivered in another fashion. diff --git a/lift/src/main/scala/net/liftweb/http/SHtml.scala b/lift/ src/main/scala/net/liftweb/http/SHtml.scala index 22c4832..58e6069 100644 --- a/lift/src/main/scala/net/liftweb/http/SHtml.scala +++ b/lift/src/main/scala/net/liftweb/http/SHtml.scala @@ -430,13 +430,28 @@ object SHtml { private[http] def secureOptions[T](options: Seq[(T, String)], default: Box[T], onSubmit: T = Unit): (Seq [(String, String)], Box[String], AFuncHolder) = { val secure = options.map{case (obj, txt) = (obj, randomString (20), txt)} -val defaultNonce = default.flatMap(d = secure.find(_._1 == d).map (_._2)) +val defaultNonce = default.map(secureDefaultNonce(secure, _)) val nonces = secure.map{case (obj, nonce, txt) = (nonce, txt)} def process(nonce: String): Unit = secure.find(_._2 == nonce).map(x = onSubmit(x._1)) (nonces, defaultNonce, SFuncHolder(process)) } + private[http] def secureOptions[T](options: Seq[(T, String)], default: Seq[T], + onSubmit: T = Any): (Seq [(String, String)], Seq[String], LFuncHolder) = { +val secure = options.map{case (obj, txt) = (obj, randomString (20), txt)} +val defaultNonce = default.map(secureDefaultNonce(secure, _)) +val nonces = secure.map{case (obj, nonce, txt) = (nonce, txt)} +def process(nonces: List[String]): Any = +nonces.map(nonce = secure.find(_._2 == nonce).map(x = onSubmit (x._1))) +(nonces, defaultNonce, LFuncHolder(process)) + } + + private def secureDefaultNonce[T](secureOptions: Seq[(T, String, String)], default: T): String = { +secureOptions.find(_._1 == default).get._2 + } + + /** * Create a select box based on the list with a default value and the function to be executed on * form submission @@ -518,6 +533,22 @@ object SHtml { func: List[String] = Any, attrs: (String, String) *): Elem = multiSelect_*(opts, deflt, LFuncHolder(func), attrs :_*) + /** + * Create a select box based on the list with a default value and the function + * to be executed on form submission + * + * @param options -- a list of value and text pairs (value, text to display) + * @param default -- the default value (or Empty if no default value) + * @param onSubmit -- the function to execute on form submission + */ + def multiSelectObj[T](options: Seq[(T, String)], default: Seq[T], + onSubmit: T = Unit, attrs: (String, String)*): Elem = { +val (nonces, defaultNonce, secureOnSubmit) = +secureOptions(options, default, onSubmit) + +multiSelect_*(nonces, defaultNonce, secureOnSubmit, attrs:_*) + } + def multiSelect_*(opts: Seq[(String, String)], deflt: Seq[String], func: AFuncHolder, attrs: (String, String)*): Elem = --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---