Re: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ...
Hi Antonio, as I mentioned in a previous post, it's not so simple as the href attribute of s:a can legally contain javascript or vbscript. I think that the problem about a in href attribute is the double quote character, because it will close the href attribute, then with a greater than symbol, you will close the a too and finally you can inject any kind of Javascript inside the page. I think that s:a can implement this kind of checking, no? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ...
2008/1/15, Jeromy Evans [EMAIL PROTECTED]:
Hi Antonio, as I mentioned in a previous post, it's not so simple as the
href attribute of s:a can legally contain javascript or vbscript.
This is precisely why the href attribute is not escaped/encoded in the
template. It's deliberate.
Sorry but I cannot understand: the HTML code, to be valid, needs that every
attribute values that contain special characters ('' '' '') need to be
encoded with the corresponding HTML entity ('lt;', 'gt;', 'amp;'). I
don't see anything wrong in it.
Antonio
Re: JSP syntax errors through icnlude
On Jan 14, 2008 2:27 PM, Al Sutton [EMAIL PROTECTED] wrote: Just re-read your original message. So you have tried it on an app server and everything is OK. Doesn't that indicate the problem lies with eclipse and not struts?, shouldn't it be the Eclipse bug tracking system you put your report in and not Struts Jira? Well, I thought it might be related to the use of Struts2 tags/taglib, and then related to the translation into JSP's java code. But hey, I'm gonna try the Eclipse thing. Thanks, Maxx - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
struts 2.0.11: autocompleter
hi, I have 6 autocompleter. The first refreshs the second, the second the third and so one. But If I clear the second autocompleter value, so that the combo box is empty, the notifyTopics-Event will not be send. Has someone an idea? I have to refresh the third combo box and then the next... kind regards, Frank
HDIV (HTTP Data Integrity Validator) 2.0.3 Released
Hi all, HDIV 2.0.3 has just been released including new features. HDIV project is an Apache-licensed Java Web Application Security Framework that adds security functionalities to Struts 1.x, Struts 2.x, Spring MVC and JSTL in a transparent way to the programmer and without adding any complexity to the application development. New features included in this release: 1. Support for Webflow (SWF) + Spring MVC: HDIV inserts automatically the flow id (_flowExecutionKey) into the forms so that we don't have to add it manually as a hidden field to all JSP pages. Besides, HDIV optimizes memory consumption for SWF applications because it deletes from session HDIV data from finished flows, avoiding expired data in memory. 2. Support for Spring 2.5 You can have a look at: http://www.hdiv.org You can subscribe to mailing list at: https://lists.sourceforge.net/lists/listinfo/hdiv-user You can download it from SourceForge.net by following this link: https://sourceforge.net/project/showfiles.php?group_id=139104release_id=568601 regards, Gorka Vicente. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[S2] conversion and REPORT_CONVERSION_ERRORS
Setting XWorkConverter.REPORT_CONVERSION_ERRORS to stop conversion errors being reported - is it possible? I hope I don't appear to0 lazy to look for an answer but I could only find non-specific references to this on struts.apache.org, and nothing on the mailing list or the wiki. So short of searching the XWork codebase, I'm stuck. I assumed I could put constant name=report.conversion.errors value=false / in the struts.xml but it didn't pay any attention to it. What is one supposed to do to repress conversion errors per action? Thanks Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ...
2008/1/15, GF [EMAIL PROTECTED]: On Jan 15, 2008 2:45 PM, Martin Gainty [EMAIL PROTECTED] wrote: Hi Ganfab Are you suggesting the href contents disable javascript to disable XSS script attacks?Martin No, I think that maybe can be useful to think if doing some checks to href attribute of s:a is possible to look for double quotes characters that can eventually close the attribute and tag. Or better, escape them with their corresponding entity. Antonio
Re: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ...
On Jan 15, 2008 2:45 PM, Martin Gainty [EMAIL PROTECTED] wrote: Hi Ganfab Are you suggesting the href contents disable javascript to disable XSS script attacks?Martin No, I think that maybe can be useful to think if doing some checks to href attribute of s:a is possible to look for double quotes characters that can eventually close the attribute and tag. When someone uses javascript inside the href a the XHTML a it's common to not use double quotes (and use single quotes) because double quotes would close the href attribute. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ...
Hi Ganfab Are you suggesting the href contents disable javascript to disable XSS script attacks?Martin __Disclaimer and confidentiality noteEverything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Tue, 15 Jan 2008 09:27:03 +0100 Wrom: KVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXF _ Make distant family not so distant with Windows Vista® + Windows Live™. http://www.microsoft.com/windows/digitallife/keepintouch.mspx?ocid=TXT_TAGLM_CPC_VideoChat_distantfamily_012008
Re: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ...
2008/1/15, GF [EMAIL PROTECTED]:
Or better, escape them with their corresponding entity.
What do you think about
s:a href=%{myVar} doubleQuoteEncoding=none | urlEncode |
htmlEncode | convertToSingleQuote .../s:a
It could be a solution, but:
a href=javascript:alert(quot;byequot;)Greet/a
simply works.
Antonio
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ...
It could be a solution, but: a href=javascript:alert(quot;byequot;)Greet/a simply works. Didn't know. I'm not very into javascript coding :-) However I think that preventing double quote in some way, can be good. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ...
Are you suggesting that javascript injection in href be disabled to prevent
XSS attacks?
I'm suggesting that is better that the variable inside s:a
href=%{myVar} should NOT close the generated a because this
would make the browser to execute the eventual javascript
automatically on the page load...
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ...
Are you suggesting that javascript injection in href be disabled to prevent XSS attacks? Martin-- - Original Message - From: GF [EMAIL PROTECTED] To: Struts Users Mailing List user@struts.apache.org Sent: Tuesday, January 15, 2008 3:27 AM Subject: Re: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ... Hi Antonio, as I mentioned in a previous post, it's not so simple as the href attribute of s:a can legally contain javascript or vbscript. I think that the problem about a in href attribute is the double quote character, because it will close the href attribute, then with a greater than symbol, you will close the a too and finally you can inject any kind of Javascript inside the page. I think that s:a can implement this kind of checking, no? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ...
Or better, escape them with their corresponding entity.
What do you think about
s:a href=%{myVar} doubleQuoteEncoding=none | urlEncode |
htmlEncode | convertToSingleQuote .../s:a
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ...
Well,
Or better, escape them with their corresponding entity.
Antonio
Myabe i'm wrong, but:
In XHTML this is wrong:
a href=javascript:window.alert(Example of a link that displays an
alert box);
because i use double quotes inside a javascript, inside a href tag
delimited by double quotes.
it would be ok to do:
a href=javascript:window.alert('Example of a link that displays an
alert box');
So since s:a can be used to generate a good a tag, I think that
can be a nice idea to add some automatic checking and conversion to
prevent exploiting of the generated a.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
How do I prevent two calls concurrently?
I have a Struts application where a user enters an account id#
and a pin to enter the application. The user will already be
authenticated via an LDAP server prior to accessing my application, so
the remote user name is there, as well as role information. After the
user clicks [login], I fire a method that calls a stored proc to see if
the combination of their account/pin is valid in the database. I pass
their username as well. If the user has entered an invalid account# 5
times, they are to be locked out of just my application. When I issue
the check to see if the account# is invalid, I have to create a row to
track these invalid login attempts per this account. The problem is the
user double clicks [login] and can get two calls to the service method
to execute simultaneously. They both don't see a row, so they both do
an INSERT. One of the inserts fails due to a PK on the username.
How would I prevent this from occurring? My code that invokes
this service call is like:
public ActionForward login( ... )
{
// retrieve acct/pin from struts form
// I'd like to track/log user interaction with service, so
service
// has username as property
String user = request.getRemoteUser();
LoginService svc = new LoginService( user );
// acct object has other information about call (# bad
attempts, success flag, failure msg, last access date, etc.
Account acct = svc.login( user, acct, pin );
if (acct.isLoginSuccessful() {
// forward to next page
else
// return to input page, storing failure msg with #
attempts into ActionMessage
I'd appreciate any suggestions. I tried to simulate how this
might happen by creating multiple threads of the service, but then I
realized that each instance I created would still allow me to run the
login method concurrently, even if it was synchronized. I can imagine
that there are probably other areas in the application that might allow
multiple inserts of the EXACT same data if this double click occurs if
the PK is based on a sequence.
[Questions]
1. Is it simply a matter of making my service an instance
variable of this action and making the login method synchronized? 2.
Are there situations where I would not want there to be a single service
instance? Could it cause a bottleneck?
Every day I realize how little I know. Thanks for any/all
tips/pointers.
Eric
Re: How do I prevent two calls concurrently?
Givler, Eric wrote: The problem is the user double clicks [login] and can get two calls to the service method to execute simultaneously. They both don't see a row, so they both do an INSERT. One of the inserts fails due to a PK on the username. See generateToken[1] and isTokenValid [2]. The token will be valid for only one request. What to do with the invalid request (also the latest) is up to you. [1] http://struts.apache.org/1.x/apidocs/org/apache/struts/action/Action.html#generateToken(javax.servlet.http.HttpServletRequest) [2] http://struts.apache.org/1.x/apidocs/org/apache/struts/action/Action.html#isTokenValid(javax.servlet.http.HttpServletRequest) Cheers, Manos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts 2.1 release date
First I wanted to say that I totally agree with Ted's view about the lack of support for Struts. I do believe that things for the Struts 2.x project will pick up now since the Holiday's are over now. I wanted to extend a personal thanks to all of the developers who contribute to the Struts 2 project. They spend a lot of their own personal time to make the project a success. With that being said, I need to send over some patches myself instead of slacking. =) Best Regards, Richard L. Burton III Ted Husted wrote: There's a test-build available, * http://www.nabble.com/-S2--2.1.0-Test-Build-Available-tf4712874.html#a13471367 But, there are still a lot of outstanding patches to apply, and no one seems to have time to commit them right now. Sadly, despite being the most popular Java web framework on the planet, Struts still has no corporate support, and so the project only moves forward when the volunteers are not too busy with their own day-jobs. - Ted On Jan 11, 2008 7:54 AM, Otto, Frank [EMAIL PROTECTED] wrote: hi, is there a deadline for struts 2.1 release? I have download the nightly build, but I can't find the new dojo plugin. kind regards Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/struts-2.1-release-date-tp14755809p14841547.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I prevent two calls concurrently?
Eric How would I prevent this from occurring? [Questions] 1. Is it simply a matter of making my service an instance variable of this action and making the login method synchronized? 2. Are there situations where I would not want there to be a single service instance? Could it cause a bottleneck? One simple technique that has worked out well for me and will depend on your use case is to disable to login button after the first time the user clicks on it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Struts 2 Validation Error
Hi all, I'm new to this mailing list and still a bit confused on how to look things up, so apologies if this one is already up there! I'm using Tomcat to serve up JSPs using Struts 2 with java action classes and xml validation files. For example: signup.jsp SignUp.java SignUp-validation.xml All runs fine in Tomcat until you click a button that triggers validation then the following error is displayed: java.lang.ExceptionInInitializerError com.opensymphony.xwork2.validator.ValidatorFileParser.addValidatorConfigs(ValidatorFileParser.java:192) com.opensymphony.xwork2.validator.ValidatorFileParser.parseActionValidatorConfigs(ValidatorFileParser.java:72) com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.loadFile(AnnotationActionValidatorManager.java:361) Caused by: Connection timed out: connect - [unknown location] Any pointers would be gratefully received! Liz _ Liz Johnston Software Engineer IT Development 0845 213 5152 [EMAIL PROTECTED] ** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. WARNING: Computer viruses can be transmitted by e-mail. The recipient should check this email and any attachments for the presence of viruses. SQA accepts no liability for any damage caused by any virus transmitted by this email. Scottish Qualifications Authority www.sqa.org.uk [EMAIL PROTECTED] **
struts2 redirect action
I am having trouble getting a redirectAction to work. I am using struts2-portlet-plugin-2.1.1-SNAPSHOT, i have also tried using struts-2.0.11with no luck. Any advice? Here are my configs: WEB-INF/index.jsp % String redirectURL = view/index.action; response.sendRedirect(redirectURL); % struts.xml --- struts include file=struts-portlet-default.xml / package name=default extends=struts-portlet-default namespace=/view action name=index class= com.health.management.vitals.action.IndexAction result name=advisor type=redirectAction param name=actionNameadvisorView/param /result result name=consumer type=redirectAction param name=actionNameconsumerView/param /result /action action name=advisorView class= com.health.management.vitals.action.AdvisorViewAction result/WEB-INF/view/advisor.jsp/result /action action name=consumerView class= com.health.management.vitals.action.ConsumerViewAction result/WEB-INF/view/consumer.jsp/result /action /package /struts
[S2] s:a Problem
Hi,
I have rendered a link with s:a and s:url
s:url id=showAccountView value=/showAccountView.action
s:param name=ipNbr value=%{ipNbr} /
/s:url
td align=right style=width:50px;
s:if test=%{prospect == false}
div class=accounts:a theme=ajax targets=displaySearchResults
href=%{showAccountView} title=Alle Konten anzeigenspanAlle Konten
anzeigen/span/s:a/div
/s:if
/td
In HTML this is generated.
a showerror=true targets=displaySearchResults href=# title=Alle
Konten anzeigen dojotype=struts:BindAnchorspanAlle Konten anzeigen/
span
/a
1. When I move the cursor over the link the calling url from my application
is shown not a link with showAccountView.action in it. I click on it
showAccountView is executed. Alright!
2 Now I open the link in a new window my application with the start action
is shown not the showAccountView. After that I click in the old window and
an error is occurs in my backend instead of executing the correct action.
Why does the application behave different after open a ajax link in a new
window?
Best regards,
Marc
Re: struts2 redirect action
Are you running this in a portlet container? Your index.jsp and the redirect url does not make sense i a portal server (unless you are embedding it in some way)? Please provide some more information. Nils-H On Jan 15, 2008 6:38 PM, Brian Relph [EMAIL PROTECTED] wrote: I am having trouble getting a redirectAction to work. I am using struts2-portlet-plugin-2.1.1-SNAPSHOT, i have also tried using struts-2.0.11with no luck. Any advice? Here are my configs: WEB-INF/index.jsp % String redirectURL = view/index.action; response.sendRedirect(redirectURL); % struts.xml --- struts include file=struts-portlet-default.xml / package name=default extends=struts-portlet-default namespace=/view action name=index class= com.health.management.vitals.action.IndexAction result name=advisor type=redirectAction param name=actionNameadvisorView/param /result result name=consumer type=redirectAction param name=actionNameconsumerView/param /result /action action name=advisorView class= com.health.management.vitals.action.AdvisorViewAction result/WEB-INF/view/advisor.jsp/result /action action name=consumerView class= com.health.management.vitals.action.ConsumerViewAction result/WEB-INF/view/consumer.jsp/result /action /package /struts - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How do I prevent two calls concurrently?
I don't know why I overlooked that. All I had to do was put saveToken() in a calling action, and make sure I called saveToken again if any validation or system errors occurred when I was returning to the form. If the token is invalid, There was a nice thread here about it: http://www.jguru.com/faq/view.jsp?EID=779112. Thanks and apologies for not looking at this first - I guess I was going the more difficult route. Eric -Original Message- From: Manos Batsis [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 15, 2008 10:02 AM To: Struts Users Mailing List Subject: Re: How do I prevent two calls concurrently? Givler, Eric wrote: The problem is the user double clicks [login] and can get two calls to the service method to execute simultaneously. They both don't see a row, so they both do an INSERT. One of the inserts fails due to a PK on the username. See generateToken[1] and isTokenValid [2]. The token will be valid for only one request. What to do with the invalid request (also the latest) is up to you. [1] http://struts.apache.org/1.x/apidocs/org/apache/struts/action/Action.htm l#generateToken(javax.servlet.http.HttpServletRequest) [2] http://struts.apache.org/1.x/apidocs/org/apache/struts/action/Action.htm l#isTokenValid(javax.servlet.http.HttpServletRequest) Cheers, Manos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts2 redirect action
My WEB-INF/index.jsp is used so that i can use the same installation as both a portlet and a servlet. Websphere comes with an embedded portlet container as well as a servlet that can serve portlets as servlets, so i can install my webapp a single time and have it accessible both in and out of my portal. I may have led you astray by including that file in my post - the redirect from there is working fine. I am testing using the JettyPlutoLauncher class and the maven-pluto-plugin / maven-jetty-plugin. When accessing my portlet at http://localhost/portlet/view/index, control goes into my index action and i return consumer - the logs show: 5227707 [btpool0-1] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Bean 'org.apache.struts2.portlet.result.PortletActionRedirectResult' instantiated via constructor [public org.apache.struts2.portlet.result.PortletActionRedirectResult()] 5227722 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - after Locale=en_US 5227722 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - intercept } but the page remains blank. If i instead access http://localhost/portlet/pluto/index.jsp, again, control goes into my index action, i return consumer and the logs show: 316389 [btpool0-1] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Bean 'org.apache.struts2.portlet.result.PortletActionRedirectResult' instantiated via constructor [public org.apache.struts2.portlet.result.PortletActionRedirectResult()] 5316389 [btpool0-1] DEBUG org.apache.struts2.portlet.result.PortletResult - Executing result in Render phase 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletEntityImpl - Retrieved cross context: [EMAIL PROTECTED] /portlet,file:/C:/workspaces/hin-portal-test/healthe-health-management-vitals/src/main/webapp/} 5316389 [btpool0-1] DEBUG org.apache.struts2.portlet.result.PortletResult - Location: /view/consumerView.action 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletContextImpl- PortletRequestDispatcher requested: /view/consumerView.action 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletRequestDispatcherImpl - Named dispatcher created. 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletRequestDispatcherImpl - Request dispatcher created. 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.RenderRequestImpl - Render request's included mode: true 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.RenderRequestImpl - No query string appended to the included request. 5316405 [btpool0-1] WARN com.opensymphony.xwork2.ognl.OgnlValueStack - Could not find property [Pluto_/portlet.HealtheHealthManagementVitals!_org.mortbay.jetty.included] 5316405 [btpool0-1] DEBUG org.apache.pluto.internal.impl.RenderRequestImpl - Render request's included mode: false 5316405 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - after Locale=en_US 5316405 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - intercept } 5316405 [btpool0-1] DEBUG org.apache.struts2.portlet.dispatcher.Jsr168Dispatcher - Leaving render 5316405 [btpool0-1] DEBUG org.apache.pluto.core.PortletContainerImpl - Portlet Container [Pluto Portal Driver]: Portlet rendered for: HealtheHealthManagementVitals 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Evaluated portletId to: /portlet.HealtheHealthManagementVitals! 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Testing if PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] supports mode [view] 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Evaluated portletId to: /portlet.HealtheHealthManagementVitals! 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Testing if PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] supports mode [edit] 5316405 [btpool0-1] INFO org.apache.pluto.driver.services.impl.resource.SupportedModesServiceImpl - Portlet mode 'edit' not found for portletId: '/portlet.HealtheHealthManagementVitals!' 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Evaluated portletId to: /portlet.HealtheHealthManagementVitals! 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Testing if PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] supports mode [help] 5316405 [btpool0-1] INFO org.apache.pluto.driver.services.impl.resource.SupportedModesServiceImpl - Portlet mode 'help' not found for portletId: '/portlet.HealtheHealthManagementVitals!' 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletWindowStateAnchorTag - Evaluated portletId to: /portlet.HealtheHealthManagementVitals! 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletWindowStateAnchorTag - Testing if PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] supports window state [minimized] 5316405
Strange behaviour -- [s:property] modifies Map???
Hi,
I've encountered very strange behaviour of struts:
s:property value=myMap['testKey']/ adds new entry to myMap - ('testKey',
''). Why??
Details:
...in My action:
private MapString, String myMap = new HashMapString, String(); // it's
empty
...in jsp:
s:property value=myMap/ // displays {} - it's ok because is empty
s:property value=myMap['testKey']/ // displays nothing as it should
be
s:property value=myMap/ // displays {testKey=} - ?? WHY?
What's wrong?
Thanks
--
View this message in context:
http://www.nabble.com/Strange-behaviour-s%3Aproperty--modifies-Maptp14844942p14844942.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I prevent two calls concurrently?
provided if the comprehensive route is always the most difficult 2 quick questions- 1)In struts-2.0.11 has resetToken/saveToken/generateToken morphed into a different entity ? 2)can I assume a session.invalidate() will effect a resetToken Thanks/ Martin- - Original Message - From: Givler, Eric [EMAIL PROTECTED] To: Struts Users Mailing List user@struts.apache.org Sent: Tuesday, January 15, 2008 1:36 PM Subject: RE: How do I prevent two calls concurrently? I don't know why I overlooked that. All I had to do was put saveToken() in a calling action, and make sure I called saveToken again if any validation or system errors occurred when I was returning to the form. If the token is invalid, There was a nice thread here about it: http://www.jguru.com/faq/view.jsp?EID=779112. Thanks and apologies for not looking at this first - I guess I was going the more difficult route. Eric -Original Message- From: Manos Batsis [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 15, 2008 10:02 AM To: Struts Users Mailing List Subject: Re: How do I prevent two calls concurrently? Givler, Eric wrote: The problem is the user double clicks [login] and can get two calls to the service method to execute simultaneously. They both don't see a row, so they both do an INSERT. One of the inserts fails due to a PK on the username. See generateToken[1] and isTokenValid [2]. The token will be valid for only one request. What to do with the invalid request (also the latest) is up to you. [1] http://struts.apache.org/1.x/apidocs/org/apache/struts/action/Action.htm l#generateToken(javax.servlet.http.HttpServletRequest) [2] http://struts.apache.org/1.x/apidocs/org/apache/struts/action/Action.htm l#isTokenValid(javax.servlet.http.HttpServletRequest) Cheers, Manos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts2 redirect action
Hm I usually experience this behaviour when the JSPs aren't found... Other than that, redirectAction runs just fine in my sample applications. Have you tried launching in debug mode and step through the code? Can you show your portlet.xml file? Nils-H On Jan 15, 2008 7:58 PM, Brian Relph [EMAIL PROTECTED] wrote: My WEB-INF/index.jsp is used so that i can use the same installation as both a portlet and a servlet. Websphere comes with an embedded portlet container as well as a servlet that can serve portlets as servlets, so i can install my webapp a single time and have it accessible both in and out of my portal. I may have led you astray by including that file in my post - the redirect from there is working fine. I am testing using the JettyPlutoLauncher class and the maven-pluto-plugin / maven-jetty-plugin. When accessing my portlet at http://localhost/portlet/view/index, control goes into my index action and i return consumer - the logs show: 5227707 [btpool0-1] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Bean 'org.apache.struts2.portlet.result.PortletActionRedirectResult' instantiated via constructor [public org.apache.struts2.portlet.result.PortletActionRedirectResult()] 5227722 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - after Locale=en_US 5227722 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - intercept } but the page remains blank. If i instead access http://localhost/portlet/pluto/index.jsp, again, control goes into my index action, i return consumer and the logs show: 316389 [btpool0-1] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Bean 'org.apache.struts2.portlet.result.PortletActionRedirectResult' instantiated via constructor [public org.apache.struts2.portlet.result.PortletActionRedirectResult()] 5316389 [btpool0-1] DEBUG org.apache.struts2.portlet.result.PortletResult - Executing result in Render phase 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletEntityImpl - Retrieved cross context: [EMAIL PROTECTED] /portlet,file:/C:/workspaces/hin-portal-test/healthe-health-management-vitals/src/main/webapp/} 5316389 [btpool0-1] DEBUG org.apache.struts2.portlet.result.PortletResult - Location: /view/consumerView.action 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletContextImpl- PortletRequestDispatcher requested: /view/consumerView.action 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletRequestDispatcherImpl - Named dispatcher created. 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.PortletRequestDispatcherImpl - Request dispatcher created. 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.RenderRequestImpl - Render request's included mode: true 5316389 [btpool0-1] DEBUG org.apache.pluto.internal.impl.RenderRequestImpl - No query string appended to the included request. 5316405 [btpool0-1] WARN com.opensymphony.xwork2.ognl.OgnlValueStack - Could not find property [Pluto_/portlet.HealtheHealthManagementVitals!_org.mortbay.jetty.included] 5316405 [btpool0-1] DEBUG org.apache.pluto.internal.impl.RenderRequestImpl - Render request's included mode: false 5316405 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - after Locale=en_US 5316405 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - intercept } 5316405 [btpool0-1] DEBUG org.apache.struts2.portlet.dispatcher.Jsr168Dispatcher - Leaving render 5316405 [btpool0-1] DEBUG org.apache.pluto.core.PortletContainerImpl - Portlet Container [Pluto Portal Driver]: Portlet rendered for: HealtheHealthManagementVitals 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Evaluated portletId to: /portlet.HealtheHealthManagementVitals! 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Testing if PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] supports mode [view] 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Evaluated portletId to: /portlet.HealtheHealthManagementVitals! 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Testing if PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] supports mode [edit] 5316405 [btpool0-1] INFO org.apache.pluto.driver.services.impl.resource.SupportedModesServiceImpl - Portlet mode 'edit' not found for portletId: '/portlet.HealtheHealthManagementVitals!' 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Evaluated portletId to: /portlet.HealtheHealthManagementVitals! 5316405 [btpool0-1] DEBUG org.apache.pluto.driver.tags.PortletModeAnchorTag- Testing if PortletWindowConfig [/portlet.HealtheHealthManagementVitals!] supports mode [help] 5316405 [btpool0-1] INFO org.apache.pluto.driver.services.impl.resource.SupportedModesServiceImpl - Portlet mode 'help' not found for
Re: struts2 redirect action
I have debugged through my own code, but not too deeply through the struts2 code. I did notice when running it with struts 2.0.11, that there was a warning that the actionMapper property of the PortletActionRedirectResult was not set b/c the bean could not be found. Would something in the web.xml affect it? I noticed in the portlet archetype, that it is empty. I have included that as well. portlet.xml ?xml version=1.0 encoding=UTF-8? portlet-app version=1.0 xmlns= http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd xmlns:xsi= http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation= http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd; id=healthehealthmanagementvitals portlet id=HealtheHealthManagementVitals description xml:lang=EN Healthe Health Management Vitals Portlet /description portlet-nameHealtheHealthManagementVitals/portlet-name display-name xml:lang=ENHealtheHealthManagementVitals/display-name portlet-class org.apache.struts2.portlet.dispatcher.Jsr168Dispatcher /portlet-class !-- The namespace for the actions configured for view mode -- init-param nameviewNamespace/name value/view/value /init-param !-- The default action to invoke in view mode. -- init-param namedefaultViewAction/name valueindex/value /init-param expiration-cache0/expiration-cache supports mime-typetext/html/mime-type portlet-modeview/portlet-mode /supports supported-localeen/supported-locale portlet-info titleHealthe Health Management Vitals Portlet/title short-titleHealtheHealthManagementVitals/short-title keywordsstruts 2,portlet,healthe,health,management,vitals/keywords /portlet-info security-role-ref role-nameRole_Consumers/role-name /security-role-ref /portlet /portlet-app web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app id=healthe-health-management-vitals display-namehealthe-health-management-vitals-war/display-name context-param param-namecontextConfigLocation/param-name param-value/WEB-INF/applicationContext*.xml/param-value /context-param listener listener-class org.springframework.web.context.ContextLoaderListener /listener-class /listener welcome-file-list welcome-fileindex.html/welcome-file welcome-fileindex.htm/welcome-file welcome-fileindex.jsp/welcome-file /welcome-file-list security-constraint id=SecurityConstraint_1 web-resource-collection id=WebResourceCollection_1 web-resource-nameHealthe Health Management Vitals/web-resource-name url-pattern/HealtheHealthManagementVitals/*/url-pattern /web-resource-collection auth-constraint id=AuthConstraint_1 role-nameRole_Consumers/role-name /auth-constraint /security-constraint security-role role-nameRole_Consumers/role-name /security-role /web-app On 1/15/08, Nils-Helge Garli Hegvik [EMAIL PROTECTED] wrote: Hm I usually experience this behaviour when the JSPs aren't found... Other than that, redirectAction runs just fine in my sample applications. Have you tried launching in debug mode and step through the code? Can you show your portlet.xml file? Nils-H On Jan 15, 2008 7:58 PM, Brian Relph [EMAIL PROTECTED] wrote: My WEB-INF/index.jsp is used so that i can use the same installation as both a portlet and a servlet. Websphere comes with an embedded portlet container as well as a servlet that can serve portlets as servlets, so i can install my webapp a single time and have it accessible both in and out of my portal. I may have led you astray by including that file in my post - the redirect from there is working fine. I am testing using the JettyPlutoLauncher class and the maven-pluto-plugin / maven-jetty-plugin. When accessing my portlet at http://localhost/portlet/view/index, control goes into my index action and i return consumer - the logs show: 5227707 [btpool0-1] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Bean 'org.apache.struts2.portlet.result.PortletActionRedirectResult' instantiated via constructor [public org.apache.struts2.portlet.result.PortletActionRedirectResult()] 5227722 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - after Locale=en_US 5227722 [btpool0-1] DEBUG com.opensymphony.xwork2.interceptor.I18nInterceptor - intercept } but the page remains blank. If i instead access http://localhost/portlet/pluto/index.jsp, again, control goes into my index action, i return consumer and the logs show: 316389 [btpool0-1] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Bean 'org.apache.struts2.portlet.result.PortletActionRedirectResult' instantiated via constructor [public org.apache.struts2.portlet.result.PortletActionRedirectResult()] 5316389 [btpool0-1] DEBUG
Re: captcha + struts2
I use an ImageCaptchaServlet that is generally like the one in the appfuse
example, but without the security stuff. Also, i am usually not able to
store the captcha's based on session id, so i pass a parameter in called
'captchaId' on my request.
I register the servlet in my web.xml, and since i only need 1 captcha on a
page/request, i map it to captcha.jpg.
In my jsp, i create an image with 'captcha.jpg' as the source, along with an
input to grab the user's response.
Finally, i validate the captcha in my action.
There is quite a bit of spring configuration options for the captcha,
reference the appfuse implementation for it, or check the jcaptcha site. I
autowire my actions by name (the default) and my jcaptchaService bean is
declared like so:
!-- jcaptchaService is injected into ImageCaptchaServlet as well as to
jcaptchaService beans --
bean id=jcaptchaService class=
com.octo.captcha.service.multitype.GenericManageableCaptchaService
constructor-arg index=0
ref bean=imageEngine/
/constructor-arg
constructor-arg index=1
value1/value
/constructor-arg
constructor-arg index=2
value18/value
/constructor-arg
/bean
Code snips below:
ValidateAction.java
private ImageCaptchaService jcaptchaService;
private Map session;
public void validate()
{
Boolean human = jcaptchaService.validateResponseForID(captchaId,
account.getAnswer());
if (human)
{
getSession().put(human, human);
}
else
{
this.addFieldError(captcha, getText(healthe.user.claim.captcha.failed
));
}
return;
}
captcha.jsp
-
s:form action=getTicket method=post
div class=form
div class=captcha input
s:url value='captcha.jpg' id=captcha
s:param name=captchaId value=captchaId /
/s:url
img src=s:property value=#captcha/ name=captcha alt=If the
image is illegible, refresh to get another one. /
/div
div class=input
s:textfield name=answer value= /
/div
/div
s:submit value=%{getText('healthe.user.continue')} /
web.xml
servlet
servlet-namecaptcha/servlet-name
servlet-classcom.cerner.healthe.struts2.captcha.ImageCaptchaServlet
/servlet-class
load-on-startup3/load-on-startup
/servlet
servlet-mapping
servlet-namecaptcha/servlet-name
url-pattern/captcha.jpg/url-pattern
/servlet-mapping
ImageCaptchaServlet
---
package com.cerner.healthe.struts2.captcha;
import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import com.octo.captcha.service.CaptchaServiceException;
import com.octo.captcha.service.image.ImageCaptchaService;
import com.sun.image.codec.jpeg.JPEGCodec;
import com.sun.image.codec.jpeg.JPEGImageEncoder;
/**
* Servlet generates CAPTCHA jpeg images based on the JCAPTCHA package. It's
configured via spring, and requires a
* ImageCaptchaService bean with the id=japtchaService
*
* @author Jason Thrasher
*/
public class ImageCaptchaServlet extends HttpServlet
{
private static final long serialVersionUID = 3258417209566116145L;
private Log logger = LogFactory.getLog(this.getClass());
public void init(ServletConfig servletConfig) throws ServletException
{
super.init(servletConfig);
}
protected void doGet(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse) throws
ServletException, IOException
{
byte[] captchaChallengeAsJpeg = null;
// the output stream to render the captcha image as jpeg into
ByteArrayOutputStream jpegOutputStream = new
ByteArrayOutputStream();
try
{
// get the image captcha service defined via the
SpringFramework
ApplicationContext ctx =
WebApplicationContextUtils.getRequiredWebApplicationContext
(getServletContext());
Object bean = ctx.getBean(jcaptchaService);
ImageCaptchaService imageCaptchaService =
(ImageCaptchaService) bean;
// get the id that will identify the generated captcha.
// the same id must be used to validate the response
String captchaId = httpServletRequest.getParameter
(captchaId);
logger.debug(captchaIdParameter: +
httpServletRequest.getParameter(captchaId));
if (captchaId == null)
{
// If a captcha id is not passed in, use the session id
captchaId = httpServletRequest.getSession().getId();
Re: struts2: how to return an validate-error if user entered incorrect email format?
xianwinwin wrote:
I would like to validate if the user has entered a valid email.
for this I have the method
@TypeConversion(converter =
com.utilities.conversion.EmailTypeConversion)
public void setEmail(String email) {
this.email = email;
}
the conversion (where I'm a bit perplexed) is:
..
..
@Override
public String convertToString(Map context, Object o)
{
System.out.println(hey - I'm checking the convert to
string!!!);
boolean isEmailValid =
ValidateEmail.isEmailValid(values[0]);
//what comes here? ??
}
assuming the isEmailValid is false, how can I advise that the validation
failed?
thanks
Why are you trying to do validation with a type converter? If you want
to validate that the user has entered a valid email, use validation --
specifically, the email validator:
http://struts.apache.org/2.x/docs/validation.html
http://struts.apache.org/2.x/docs/email-validator.html
L.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts2 redirect action
I just realized that the proposed solution won't do what you want it to do either, since you obviously want the other action to run before the jsps are dispatched... So, you either have to re-structure your code a bit and invoke the other actions directly (either manually or by specifying it as the default action in portlet.xml), or you could try playing with the chain result to see if that does the trick. Nils-H On Jan 15, 2008 11:32 PM, Nils-Helge Garli Hegvik [EMAIL PROTECTED] wrote: I think I have figured out the problem. The problem is that redirectAction doesn't really do what you think it does, not when used in the render phase. I should probably implement a check for this, as you can't do a sendRedirect in a portlet. redirectAction in a portlet should only be used after executing an action in the action phase (I need to document this). So...with that in mind, you should change your configuration: struts.xml action name=index class=com.cerner.healthe.health.management.vitals.action.IndexAction result name=advisor/WEB-INF/view/advisor.jsp/result result name=consumer/WEB-INF/view/consumer.jsp/result /action Then make sure you use the redirectAction result type only when your action has been executed in the action phase (form submit, or s:url created with the attribute 'portletUrlType' set to 'action'). Hope that made sense... Nils-H On Jan 15, 2008 8:45 PM, Brian Relph [EMAIL PROTECTED] wrote: I have debugged through my own code, but not too deeply through the struts2 code. I did notice when running it with struts 2.0.11, that there was a warning that the actionMapper property of the PortletActionRedirectResult was not set b/c the bean could not be found. Would something in the web.xml affect it? I noticed in the portlet archetype, that it is empty. I have included that as well. portlet.xml ?xml version=1.0 encoding=UTF-8? portlet-app version=1.0 xmlns= http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd xmlns:xsi= http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation= http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd; id=healthehealthmanagementvitals portlet id=HealtheHealthManagementVitals description xml:lang=EN Healthe Health Management Vitals Portlet /description portlet-nameHealtheHealthManagementVitals/portlet-name display-name xml:lang=ENHealtheHealthManagementVitals/display-name portlet-class org.apache.struts2.portlet.dispatcher.Jsr168Dispatcher /portlet-class !-- The namespace for the actions configured for view mode -- init-param nameviewNamespace/name value/view/value /init-param !-- The default action to invoke in view mode. -- init-param namedefaultViewAction/name valueindex/value /init-param expiration-cache0/expiration-cache supports mime-typetext/html/mime-type portlet-modeview/portlet-mode /supports supported-localeen/supported-locale portlet-info titleHealthe Health Management Vitals Portlet/title short-titleHealtheHealthManagementVitals/short-title keywordsstruts 2,portlet,healthe,health,management,vitals/keywords /portlet-info security-role-ref role-nameRole_Consumers/role-name /security-role-ref /portlet /portlet-app web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app id=healthe-health-management-vitals display-namehealthe-health-management-vitals-war/display-name context-param param-namecontextConfigLocation/param-name param-value/WEB-INF/applicationContext*.xml/param-value /context-param listener listener-class org.springframework.web.context.ContextLoaderListener /listener-class /listener welcome-file-list welcome-fileindex.html/welcome-file welcome-fileindex.htm/welcome-file welcome-fileindex.jsp/welcome-file /welcome-file-list security-constraint id=SecurityConstraint_1 web-resource-collection id=WebResourceCollection_1 web-resource-nameHealthe Health Management Vitals/web-resource-name url-pattern/HealtheHealthManagementVitals/*/url-pattern /web-resource-collection auth-constraint id=AuthConstraint_1 role-nameRole_Consumers/role-name /auth-constraint /security-constraint security-role role-nameRole_Consumers/role-name /security-role /web-app On 1/15/08, Nils-Helge Garli Hegvik [EMAIL PROTECTED] wrote: Hm I usually experience this behaviour when the JSPs aren't found... Other than that, redirectAction runs just fine in my sample applications. Have you tried launching in debug mode and step through the code? Can you show your portlet.xml file? Nils-H On Jan 15, 2008 7:58 PM, Brian Relph [EMAIL
question about interceptors
Hi all, I'm new to struts2 and have some questions about configuring Interceptors. If your action does not define an interceptor does it get the default one (i.e. defaultStack)? e.g. action name=MyAction class= // does this action get the struts2 default interceptor stack result/myAction.jsjp/result /action also, if your action *does* define an interceptor, does that augment the default one or override it? e.g. action name=MyAction class=... interceptor-ref name=myinterceptor/ // do i get defaultStack, or did i just override it? result/myAction.jsp/result /action thanks, - darren. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: question about interceptors
--- Darren James [EMAIL PROTECTED] wrote: If your action does not define an interceptor does it get the default one (i.e. defaultStack)? Yep. also, if your action *does* define an interceptor, does that augment the default one or override it? Override. action name=MyAction class=... interceptor-ref name=myinterceptor/ // do i get defaultStack, or did i just override it? result/myAction.jsp/result /action You need to include another interceptor-ref.../ element if you want the default stack in addition to the myinterceptor interceptor. (Or define an interceptor stack with your interceptor in it, etc.) d. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: struts2 redirect action
Thank you so much for you help. Yes, we do want the other action to execute before reaching the jsp ... as i was refactoring the code, i read your next response, and yes, the chain result is exactly the fix for me. I think action chaining is in general frowned on, but for my initial login, i think it fits perfectly. Again, thanks for you time looking at it! On 1/15/08, Nils-Helge Garli Hegvik [EMAIL PROTECTED] wrote: I just realized that the proposed solution won't do what you want it to do either, since you obviously want the other action to run before the jsps are dispatched... So, you either have to re-structure your code a bit and invoke the other actions directly (either manually or by specifying it as the default action in portlet.xml), or you could try playing with the chain result to see if that does the trick. Nils-H On Jan 15, 2008 11:32 PM, Nils-Helge Garli Hegvik [EMAIL PROTECTED] wrote: I think I have figured out the problem. The problem is that redirectAction doesn't really do what you think it does, not when used in the render phase. I should probably implement a check for this, as you can't do a sendRedirect in a portlet. redirectAction in a portlet should only be used after executing an action in the action phase (I need to document this). So...with that in mind, you should change your configuration: struts.xml action name=index class=com.cerner.healthe.health.management.vitals.action.IndexAction result name=advisor/WEB-INF/view/advisor.jsp/result result name=consumer/WEB-INF/view/consumer.jsp/result /action Then make sure you use the redirectAction result type only when your action has been executed in the action phase (form submit, or s:url created with the attribute 'portletUrlType' set to 'action'). Hope that made sense... Nils-H On Jan 15, 2008 8:45 PM, Brian Relph [EMAIL PROTECTED] wrote: I have debugged through my own code, but not too deeply through the struts2 code. I did notice when running it with struts 2.0.11, that there was a warning that the actionMapper property of the PortletActionRedirectResult was not set b/c the bean could not be found. Would something in the web.xml affect it? I noticed in the portlet archetype, that it is empty. I have included that as well. portlet.xml ?xml version=1.0 encoding=UTF-8? portlet-app version=1.0 xmlns= http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd xmlns:xsi= http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation= http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd; id=healthehealthmanagementvitals portlet id=HealtheHealthManagementVitals description xml:lang=EN Healthe Health Management Vitals Portlet /description portlet-nameHealtheHealthManagementVitals/portlet-name display-name xml:lang=ENHealtheHealthManagementVitals/display-name portlet-class org.apache.struts2.portlet.dispatcher.Jsr168Dispatcher /portlet-class !-- The namespace for the actions configured for view mode -- init-param nameviewNamespace/name value/view/value /init-param !-- The default action to invoke in view mode. -- init-param namedefaultViewAction/name valueindex/value /init-param expiration-cache0/expiration-cache supports mime-typetext/html/mime-type portlet-modeview/portlet-mode /supports supported-localeen/supported-locale portlet-info titleHealthe Health Management Vitals Portlet/title short-titleHealtheHealthManagementVitals/short-title keywordsstruts 2,portlet,healthe,health,management,vitals/keywords /portlet-info security-role-ref role-nameRole_Consumers/role-name /security-role-ref /portlet /portlet-app web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app id=healthe-health-management-vitals display-namehealthe-health-management-vitals-war/display-name context-param param-namecontextConfigLocation/param-name param-value/WEB-INF/applicationContext*.xml/param-value /context-param listener listener-class org.springframework.web.context.ContextLoaderListener /listener-class /listener welcome-file-list welcome-fileindex.html/welcome-file welcome-fileindex.htm/welcome-file welcome-fileindex.jsp/welcome-file /welcome-file-list security-constraint id=SecurityConstraint_1 web-resource-collection id=WebResourceCollection_1 web-resource-nameHealthe Health Management Vitals/web-resource-name url-pattern/HealtheHealthManagementVitals/*/url-pattern /web-resource-collection auth-constraint id=AuthConstraint_1
Re: AW: struts 2 and ognl
Otto, Frank wrote:
hi,
thanks for your answer.
how can I build a ognl variable dynamic? Example:
I have an iteration with different url-definitions, because
I need always another parameter (index):
s:iterator value=myList id=list status=stat
...
s:url id=myMethod%{#stat.index}
action=test_myMethod.action
s:param name=myParam value=%{#stat.index}/
/s:url
s:autocompleter ...
href=%{myMethod%{#stat.index}}/ --- I need
here: %{myMethod0}, %{myMethod1}, ..., but it wasn't evaluated
/s:iterator
Has someone an idea?
Firstly, it's not valid to nest OGNL expression
(%{...%{...}}) but you
can get the result you want something like this (untested):
href=%{'myMethod'+#stat.index}
This may also work:
href=myMethod%{#stat.index}
However, based on the code you posted, I suspect this isn't what you
want; aren't you trying to set the autocompleter's href to
the URL you
built with s:url above? In that case, just simplify:
s:iterator ...
s:url id=url ...
s:autocompleter href=%{#url} ...
You don't need the identifier to be dynamic.
In my opinion I need the indifier. I have 2 or more (dynamic) autocompleter,
and the first autocompleter refreshs the second, the second and so one. I have
the same action for the refresh, but I need the index of the autcompleter,
which sends the notfiyTopic. So I need a dynamic build url id, because there is
different parameter for it. f.e.:
s:url id=refresh0 ...
s:param name=myParam value=0/
/s:url
s:autocompleter href=refresh0 ...
s:url id=refresh1 ...
s:param name=myParam value=1/
/s:url
s:autocompleter href=refresh0 ...
s:url id=refreshX ...
s:param name=myParam value=X/
/s:url
s:autocompleter href=refreshX ...
I guess I just don't understand your question. You'd get the same result
from the above if each s:url tag used the same id value, as in:
s:url id=href ...s:param name=myParam value=0//s:url
s:autocompleter href=%{#href} .../
s:url id=href ...s:param name=myParam value=1//s:url
s:autocompleter href=%{#href} .../
There's still no need for the id attribute to have a dynamic value.
L.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts2 actions' extension
Filipe David Manana wrote: Yes, I use Tomcat 5.5. Where in tomcat do I configure directories not handled with mod_jk? He said 'apache+tomcat'; mod_jk is an Apache Httpd component, so it's not relevant if you aren't using Apache Httpd. See below for further comments. By the way, is there a Struts2 config only? thank you On Jan 12, 2008 6:56 PM, GF [EMAIL PROTECTED] wrote: If you are using apache+tomcat, you can place static file in a directory not handled with mod_jk On Jan 12, 2008 6:28 PM, Filipe David Manana [EMAIL PROTECTED] wrote: Hi, I have set the property struts.action.extension to the empty string. I can now invoke my actions with the default .action suffix, although I have a problem: You mean without the default .action suffix, right? css files (ending in .css) and javascript (.js) are no longer accessible to the client. How can I fix this? If you don't want to use a URL extension (e.g. .action) to identify which requests should be processed by Struts, you need to partition the URL namespace. For example, /struts/* gets handled by Struts and /static/* gets handled by Tomcat for serving CSS, JS, etc. L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
i want to use the source luke.
I recently downloaded the 2.0.11 distribution, and was able to find the sources to all of the java classes under the org.apache.struts2.*. However, i did not see the source for any of the com.opensymphony.xwork2.* classes. Is the source for these classes available? thanks in advance, - darren. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: i want to use the source luke.
--- Darren James [EMAIL PROTECTED] wrote: I recently downloaded the 2.0.11 distribution, and was able to find the sources to all of the java classes under the org.apache.struts2.*. However, i did not see the source for any of the com.opensymphony.xwork2.* classes. Is the source for these classes available? Sure, but not in the S2 source download. XWork is a separate project. I believe building using Maven does include the XWork source (or it's in the repository; I forget which), so that's another option. d. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Feedback: WW-2414, XSS attack is possible if using s:url ... and s:a ...
GF wrote:
It could be a solution, but:
a href=javascript:alert(quot;byequot;)Greet/a
simply works.
Unfortunately simply HTML Escaping the href attribute isn't
satisfactory. It would corrupt valid javascript.
eg.
a href=javascript:alert('123='+(123));Link A/a
HTML escaped is not equivalent:
a href=javascript:alert('1amp;2gt;3='+(1amp;2gt3));Link B/a
As Martin suggested, you could write code that parses the attribute to
ensure it's not prematurely terminated by a quote. The complication is
that it can't replace double quotes/single quotes with an html
equivalent as it will need to be aware of quote nesting and escaping,
and the tag implementation doesn't know whether the template uses a
single quote or double quote to open the attribute. This problem has
been solved plenty of times before though.
Despite all that, the developer of the tag library did decide to html
escape all the scripting-event attributes already (onclick etc) so maybe
I'm making a pointless point.
More importantly, the developer needs to ensure user-entered data is
escaped, which brings us back to s:url's encode attribute and the use of
variables generally.
Perhaps it would be more useful if could easily escape variables before
inserting them into the HTML:
eg. as per freemarker notation:
s:a href=%{url?html}/s:a
I've used this reliably before
s:a href=%{encode(url)}link/s:a
or
a href=%{encode(url)}link/a
Where encode is a function in the context.
Similarly this will work:
a href=[EMAIL PROTECTED]@encode(url)}link/a
The developer knows best whether a variable can be trusted in the
current context and there are sufficient tools at his disposal to
protect against this particular XSS vulnerability. I agree it may be
useful if s:url encoded the entire query string through.
cheers,
Jeromy Evans
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: i want to use the source luke.
On Jan 15, 2008 5:24 PM, Darren James [EMAIL PROTECTED] wrote: I recently downloaded the 2.0.11 distribution, and was able to find the sources to all of the java classes under the org.apache.struts2.*. However, i did not see the source for any of the com.opensymphony.xwork2.* classes. Is the source for these classes available? According to the struts2-core 2.0.11 pom, it depends on xwork 2.0.4. Try the -sources jar, here: http://repo1.maven.org/maven2/com/opensymphony/xwork/2.0.4/ -- Wendy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: i want to use the source luke.
However, i did not see the source for any of the com.opensymphony.xwork2.* classes. Is the source for these classes available? XWork is a seperate project at opensymphony. You can get the sources from https://svn.opensymphony.com/svn/xwork/ Piero - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Question on Application, Session, Request Awareness best practices ...
Hello, Since struts2 actions are not shared amongst requests and if these actions are Aware of one of the scopes they essentially have a copy of that scope's parameters in a map. Lets say the application has about 15 attributes and the session has about 7 attributes. Que1. When you add a new application attribute, does it automatically get added to all the present maps of that particular scope in all the instances of a particular action that are ApplicationAware? Que2. What are the performance implications of having such a map on each application instance that requires access to a particular application scoped attribute and not all? Que3. If an action needs just one application attribute, is it better to have an interceptor extract that from the application scope and set it on the action? Que4. Is it better to implement the Awareness of one or more of the scope in an interceptor ? (Since interceptor instances are shared across requests) If yes, would this map of attributes from the particular scope get updated when a new attribute is added to that particular scope? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [S2] JasperReports plugin vs. Subreports
Hi Dave, Did you make any progress with this? The approach I've used is for the action to set up a JRDataSource instance in a public property. The DataSource is defined as a normal parameter in the Master Report. The Jasper Result passes this JRDataSource instance to the Master report through the parameter and the Master report passes the datasource to the subreport through a dataSourceExpression. Although it's possible for the action to setup a JRHibernateListDataSource/JRJpaDataSource/other JRDataSource instance, I instead created a subclass of JRAbstactBeanDataSource that performs an nested iteration over the nested collection(s). I'm not sure if that makes sense - it runs multiple iterators to unroll the nested collection as the master collection is iterated over. This basically means there's no additional code in the action other than to define the JRDataSources for the subreports. I'm interested to hear if you solved it another way. regards, Jeromy Evans Dave Newton wrote: This might be a JasperReports question; not sure yet. I'm trying to figure out if there's a way I can use sub-reports via the JasperReports plugin. I have a reasonably complicated data structure with multiple nested collections. At this point I might just write XML and use an XML datasource and use JR by hand, but I'd really like to avoid that if possible. Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
