Stripes doesn't include a client-side (JavaScript) companion framework. It
can encrypt a hidden field when its value is prepared *at the server*. It
cannot do *anything* to any field values once the page resides in the
client web browser.
If you need security for field values, the right thing to do is use HTTPS
(TLS).
(Some Stripes person can chime in if I'm wrong, but I'll be pretty stunned.)
On Wed, Feb 22, 2012 at 10:05 AM, Ankur Sharda <ankurshard...@gmail.com>wrote:
> Thanks Mike, yes it's a text field.
>
> So I think what I will do is use jQuery to populate a hidden field based
> on the contents of a text field (so that the user interaction remains as
> people would expect).
>
> Is there are "theoretical" reason why a text field's contents can't be
> encrypted, or is it just something that hasn't been implemented.
>
> Thanks for your help
>
>
> On Thu, Feb 23, 2012 at 12:00 AM, Mike McNally <emmecin...@gmail.com>wrote:
>
>> What does your JSP look like? If the field is an ordinary "text" input
>> field, there's nothing Stripes can do to encrypt the value. If you drop
>> the property in a <stripes:hidden> field, however, the tag can make sure
>> that the value is encrypted.
>>
>>
>> On Wed, Feb 22, 2012 at 9:52 AM, Ankur Sharda <ankurshard...@gmail.com>wrote:
>>
>>> Hi,
>>>
>>> I tried to use the @Validate(encrypted=true) annotation, but it didn't
>>> seem to do anything.
>>>
>>> My understanding is that all I need to do is add this annotation
>>> above/next to a variable and when it is sent to the ActionBean it is
>>> encrypted (and then decrypted). I changed my form's method to GET so I
>>> could more easily show the values and it's quite clear that they aren't
>>> being encrypted.
>>>
>>> My ActionBean looks like this:
>>>
>>> public class LoginActionBean extends OrderActionBean{
>>>
>>> @Validate(encrypted=true)
>>> String garbage;
>>> Account account;
>>>
>>> // ... getters & setters and class code here
>>>
>>> }
>>>
>>> The Account.java looks like
>>>
>>> public class Account{
>>>
>>> @Id ObjectId id;
>>> String username;
>>> String password;
>>> boolean loggedIn;
>>>
>>> // getters, setters and other methods here
>>>
>>> }
>>>
>>> When I look in Firebug I see this
>>>
>>> __fpkgDCepNG-aU=_sourcePage ZtAJgTlif_wM4ldzc1Gq7FhGO6IERk99Rga0aY5xTto=
>>> account.password1234 account.usernamemangiare garbagesome nonsense
>>> loginRestaurant Login
>>>
>>> and the query string of the next page looks like
>>>
>>>
>>> http://localhost:8080/MindMySeat/login?garbage=some+nonsense&account.username=mangiare&account.password=1234&loginRestaurant=Login&_sourcePage=ZtAJgTlif_wM4ldzc1Gq7FhGO6IERk99Rga0aY5xTto%3D&__fp=kgDCepNG-aU%3D
>>>
>>> So I am assuming that the encryption process is not taking place (unless
>>> the browser is making it invisible to me???).
>>>
>>> I can see three options:
>>>
>>> 1. I am wrong and encryption is taking place
>>> 2. I am doing something wrong - I can provide more code if it would help
>>> 3. There's a bug (I am using 1.5.6)
>>>
>>> Tx,
>>> Ankur
>>>
>>> --
>>> Ankur Sharda
>>> E: ankurshard...@gmail.com
>>> M: 0421 311 106
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Virtualization & Cloud Management Using Capacity Planning
>>> Cloud computing makes use of virtualization - but cloud computing
>>> also focuses on allowing computing to be delivered as a service.
>>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>>> _______________________________________________
>>> Stripes-users mailing list
>>> Stripes-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>>>
>>>
>>
>>
>> --
>> Turtle, turtle, on the ground,
>> Pink and shiny, turn around.
>>
>>
>> ------------------------------------------------------------------------------
>> Virtualization & Cloud Management Using Capacity Planning
>> Cloud computing makes use of virtualization - but cloud computing
>> also focuses on allowing computing to be delivered as a service.
>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>> _______________________________________________
>> Stripes-users mailing list
>> Stripes-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>>
>>
>
>
> --
> Ankur Sharda
> E: ankurshard...@gmail.com
> M: 0421 311 106
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
--
Turtle, turtle, on the ground,
Pink and shiny, turn around.
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
