It doesn't even have to be a careful look at the code. It's not complex in the least.
I must be missing something with the "String or boolean properties that affect the system state" thing. Do you mean what it is that I do with the example, where I have a string property that represents a submit button that add objects to the tree and another that can delete them?... If it isn't, can I get an example?... Arron. Ted Husted wrote: >It's true that I don't have the bandwidth right now to take a careful >look at your code, but I'm sure its quite good. It's linked both on my >site and the Struts resource page, and I'm sure people are getting value >from it. > >My statement about nesting objects on ActionForm does hold. Strut's >autopopulate mechanism can be exploited if nested object have public >String or boolean properties that affect the system state. In Struts >1.0, you can do things like change the temporary directory for uploads >from a browser. We made this mistake on the original design of the >ActionForm, and I'm just trying to bring this to people's attention >whenever I can. I do not mean to discourage people from using nested >objects, only to use them wisely. Forewarned is forearmed. > >http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4997 > >If your code provides an additional firewall, then a discussion of that >might be helpful, and draw more people into your package. > >Arron wrote: > >>That was kind of an ignorant comment. I don't know why you people >>resisting it so much. >>There is no danger in nesting objects at all. >> >>It is possible (however truly ugly) to do the same thing in out of the >>box struts. It's all about getting the JSP's to elegantly manage data >>structures you're most likely already using to some point. They release >>it to go free and make life terribly easier.. >> >>Take a look at the code. They really do sit on struts. It relies on >>struts to do what it does. They only guide the struts tags to write out >>the write properties for things and fetch the right data. ALL the brains >>of it are a 38 line method. >>org.apache.struts.taglib.nested.NestedPropertyHelper. >>Please read it, I 'aint lyin'. :) >> >>At the risk of sounding cocky, the nested system introduces nothing but >>elegant data modelling and management. >> >>The rest (which takes more talent) I willingly leave to the rest of you >>boys. I just managed to finish something that I can't believe was left >>out. It really was 95% done for me. >> >>Stuts rocks, but this just lined it a little for the boys that have to >>cut it. >>It does cut developer time. >> >>Arron. >> > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > Arron wrote: > That was kind of an ignorant comment. I don't know why you people > resisting it so much. > There is no danger in nesting objects at all. > > It is possible (however truly ugly) to do the same thing in out of the > box struts. It's all about getting the JSP's to elegantly manage data > structures you're most likely already using to some point. They > release it to go free and make life terribly easier.. > > Take a look at the code. They really do sit on struts. It relies on > struts to do what it does. They only guide the struts tags to write > out the write properties for things and fetch the right data. ALL the > brains of it are a 38 line method. > org.apache.struts.taglib.nested.NestedPropertyHelper. > Please read it, I 'aint lyin'. :) > > At the risk of sounding cocky, the nested system introduces nothing > but elegant data modelling and management. > > The rest (which takes more talent) I willingly leave to the rest of > you boys. I just managed to finish something that I can't believe was > left out. It really was 95% done for me. > > Stuts rocks, but this just lined it a little for the boys that have to > cut it. > It does cut developer time. > > > Arron. > > > Ted Husted wrote: > >> The one thing to watch with nested objects is that they don't expose >> anything that should not be exposed. >> One thing we plugged in the imminent 1.01 release candidate is "nesting" >> ActionServlet on the ActionForm. This let you do silly things like set >> the temporary directory for uploads from a browser. It now uses a >> ActionServletWrapper to only expose the non-String properties which are >> absolutely needed (a proxy object). >> >> So it's important that any object nested on an ActionForm not make state >> changes without validation, at least through String and boolean >> properties. >> -- Ted Husted, Husted dot Com, Fairport NY USA. >> -- Custom Software ~ Technical Services. >> -- Tel +1 716 737-3463 >> -- http://www.husted.com/struts/ >> >> >> Arron Bates wrote: >> >>> Just a note on this subject.... >>> >>> You know that you can get absolutely sweet decoupling from everything >>> struts for your data model with the use of nesting objects?... And no >>> messy property copying! >>> >>> I wanted to get a simple persistence mechanism running for my form >>> object, so I placed a little serialization logic into my action (Some >>> app servers need their session objects to serialize also, like >>> iPlanet). >>> The struts action form wouldn't serialize for me so all I did was >>> add an >>> extra nest level and serialized from there down leaving my entire >>> structure nothing but the data that I wanted. All the child objects >>> implement serializeable, extend nothing, and know nothing of struts. >>> >>> This is all elegantly managed in the JSP's with the use of the >>> handy-dandy nesting extension. :) >>> >>> That's my two cents. >>> If you want the code for what I just blabbed on about, mail me... >>> [EMAIL PROTECTED] >>> >>> Arron. >>> (theKM*) >>> * I think, therefore, I nest ;) >>> >>> -- >>> To unsubscribe, e-mail: >>> <mailto:[EMAIL PROTECTED]> >>> For additional commands, e-mail: >>> <mailto:[EMAIL PROTECTED]> >>> >> >> -- >> To unsubscribe, e-mail: >> <mailto:[EMAIL PROTECTED]> >> For additional commands, e-mail: >> <mailto:[EMAIL PROTECTED]> >> > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
