The Crsf integration is interesting: I have a couple of suggestions
- It should not throw an generic IOException when Crsf fails, but a
custom exception, maybe an CrsfValidationException
- Prevent create new sessions with getRequest().getSession( false ). If
there is no session it should throw the exception.
- There's no need to introduce the interface CsrfProtected in order to
get the current crsfToken. The crsfToken should be always in a request
attribute for the user and the interceptor to use, something like JAX-RS
MVC 1.0 does or even ASP.NET MVC does. Please check out
http://www.agilejava.eu/2015/11/17/cool-security-feature-in-mvc-1-0/
-
2017-03-30 13:23 GMT-05:00 Juan Pablo Santos RodrÃguez <
juanpablo.san...@gmail.com>:
> Hi,
>
> AFAIK, big major changes are REST and async ActionBeans. Because of the
> latter ones, minimum servlet-api is 3.0. Don't know anything about 1.7
> release, though.
>
>
> br,
> juan pablo
>
> p.s.: couldn't resist, also an Stripes - Spring Boot integration at
> https://github.com/juanpablo-santos/stripes-spring-boot O:-)
>
> On Thu, Mar 30, 2017 at 3:05 AM, Daniil S <dan...@orbisfn.com> wrote:
>
>> Working on extracting CSRF for Stripes from our internal project. May be
>> useful to some - https://github.com/SirDaniil/StripesCSRF (I remember
>> there was a thread about this some time ago).
>>
>> On 3/28/2017 8:22 PM, Joaquin Valdez wrote:
>>
>> Hello!
>>
>> Just curious if there is any news on the release of Stripes 1.7? Or is
>> there a feature list of Stripes 1.7.
>>
>> Thanks,
>> Joaquin Valdez
>> joaquinfval...@gmail.com
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> _______________________________________________
>> Stripes-users mailing
>> listStripes-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/stripes-users
>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Stripes-users mailing list
>> Stripes-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>>
>>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
