Author Login •
Post Reply
user Digest 10 Aug 2010 12:38:18 -0000 Issue 9142
Topics (messages 207151 through 207163):
if else in XML via struts 1.2
207151 by: abhishek jain
207152 by: Michael Dekmetzian
Get i18n text problem
207153 by: Franz Wong
207156 by: Michal Ciasnocha
URL authentication
207154 by: Guy Thomas
207155 by: Rahul Mohan
207157 by: Dave Newton
207159 by: CRANFORD, CHRIS
207162 by: Guy Thomas
Hosting for Struts 1.2 tomcat
207158 by: abhishek jain
Re: Re : s:url tag - multiple params with same name
207160 by: Stephen Turner
Re: s:url tag - multiple params with same name
207161 by: Stephen Turner
Problems with List<Map<>> OGNL expression
207163 by: Obinna
Administrivia:
---------------------------------------------------------------------
To post to the list, e-mail: user@(protected)
To unsubscribe, e-mail: user-digest-unsubscribe@(protected)
For additional commands, e-mail: user-digest-help@(protected)
----------------------------------------------------------------------
Attachment:
user_207151.ezm (zipped)Hi friends,
I am using struts 1.2 on tomcat, 5.5 and apache,
I am using some dynamic html which need an xml file. no problem till here,
but i need to change the content of that xml file. depending on some request
parameter.
I need to know is there a way, i can process and write some if else
condition on the xml file, probably allowing making the xml file behave like
jsp file.
One solution is that i do some rule via urlrewrite / mod_rewrite which
passes all request for that xml to a jsp page, but that dont seem to be a
good sol to me.
Pl. advice.
--
Thanks and kind Regards,
Abhishek jain
Attachment:
user_207152.ezm (zipped) Depending on how big your site is you can always configure a servlet at
the xml files's location to be rendered by a jsp page.
Something like this:
<servlet>
<servlet-name>xmlservlet</servlet-name>
<jsp-file>/path/to/yourfile.jsp</jsp-file>
</servlet>
<servlet-mapping>
<servlet-name>xmlservlet</servlet-name>
<url-pattern>/path/to/xmlfile.xml</url-pattern>
</servlet-mapping>
Of course you can also use a jsp file in place of your xml file if
you're happy with it having a jsp extension.
Cheers
Michael
On 8/8/10 1:44 PM, abhishek jain wrote:
> Hi friends,
> I am using struts 1.2 on tomcat, 5.5 and apache,
>
> I am using some dynamic html which need an xml file. no problem till here,
> but i need to change the content of that xml file. depending on some request
> parameter.
> I need to know is there a way, i can process and write some if else
> condition on the xml file, probably allowing making the xml file behave like
> jsp file.
>
> One solution is that i do some rule via urlrewrite / mod_rewrite which
> passes all request for that xml to a jsp page, but that dont seem to be a
> good sol to me.
>
> Pl. advice.
Attachment:
user_207153.ezm (zipped)Hi group,
In the jsp page, I have a page scope variable "title". This variable stores
the key of the resource bundle. I can print the value by <%= title %>.
However, I am not able to use it with <s:text/>.
I have tried <s:text name="${title}"/> or <s:text name="<%= title %>"/>. But
both of them do not work.
Thanks.
Franz
Attachment:
user_207156.ezm (zipped) Hi Franz,
you can use tag <s:property value="getText(title)" /> for text
translation (where "title" is name of your variable).
Best regards,
Michal
Franz Wong wrote on 9.8.2010 5:14:
> Hi group,
>
> In the jsp page, I have a page scope variable "title". This variable stores
> the key of the resource bundle. I can print the value by<%= title %>.
> However, I am not able to use it with<s:text/>.
>
> I have tried<s:text name="${title}"/> or<s:text name="<%= title %>"/>. But
> both of them do not work.
>
> Thanks.
> Franz
>
Attachment:
user_207154.ezm (zipped)I am adding authentication to a Struts2 web application by implementing an authentication interceptor.
With an interceptor, as far as I understand, you can prevent non-authenticated perons from accessing specific actions.
However, suppose somebody forwards a URL to a specific pdf-file to a non-authenticated "outsider".
For example: http://.../persberichten/persbericht12954.pdf
Which Struts2 mechanism can I use to prevent the non-authenticated "outsider" from accessing that PDF?
Or, another example:
http://.../persoverzicht/ophalenpub.jsp?id=27859
Is it possible to prevent the outsider from accessing that specific press article?
-------------
Aan dit bericht kunnen geen rechten worden ontleend. Alle berichten naar dit professioneel e-mailadres kunnen door de werkgever gelezen worden.
Ondernemingsnummer: 0253.973.219
Attachment:
user_207155.ezm (zipped)I think we are mixing two issues here. Authentication deals with verifying
whether a user is what he/she claims to be and authorization is the
mechanism for checking whether someone has access to a particular
resource.
The standard practice is to prevent unauthenticated users from accessing
any resource within your app. This is typically done by an interceptor
that allows a request to pass through only if it can find a user-specific
token in the session. This should solve your first problem.
The second question is about authorization, where a particular user is not
having access to a particular resource. This can also be built into the
same interceptor, but you will have to supply the authorization table
somehow - usually from an LDAP or RDBMS.
- Rahul
From:
Guy Thomas <guy.thomas@(protected)>
To:
Struts Users Mailing List <user@(protected)>
Date:
09-08-2010 11:47
Subject:
URL authentication
I am adding authentication to a Struts2 web application by implementing an
authentication interceptor.
With an interceptor, as far as I understand, you can prevent
non-authenticated perons from accessing specific actions.
However, suppose somebody forwards a URL to a specific pdf-file to a
non-authenticated "outsider".
For example: http://.../persberichten/persbericht12954.pdf
Which Struts2 mechanism can I use to prevent the non-authenticated
"outsider" from accessing that PDF?
Or, another example:
http://.../persoverzicht/ophalenpub.jsp?id=27859
Is it possible to prevent the outsider from accessing that specific press
article?
-------------
Aan dit bericht kunnen geen rechten worden ontleend. Alle berichten naar
dit professioneel e-mailadres kunnen door de werkgever gelezen worden.
Ondernemingsnummer: 0253.973.219
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
Attachment:
user_207157.ezm (zipped)FWIW, I wouldn't combine the two into the same interceptor since they're
rather different things... plus resource access is more likely to take place
in a different layer, and not be a cross-cutting concern.
Dave
On Mon, Aug 9, 2010 at 3:07 AM, Rahul Mohan <rahul.mohan@(protected):
> I think we are mixing two issues here. Authentication deals with verifying
> whether a user is what he/she claims to be and authorization is the
> mechanism for checking whether someone has access to a particular
> resource.
>
> The standard practice is to prevent unauthenticated users from accessing
> any resource within your app. This is typically done by an interceptor
> that allows a request to pass through only if it can find a user-specific
> token in the session. This should solve your first problem.
>
> The second question is about authorization, where a particular user is not
> having access to a particular resource. This can also be built into the
> same interceptor, but you will have to supply the authorization table
> somehow - usually from an LDAP or RDBMS.
>
> - Rahul
>
>
>
> From:
> Guy Thomas <guy.thomas@(protected)>
> To:
> Struts Users Mailing List <user@(protected)>
> Date:
> 09-08-2010 11:47
> Subject:
> URL authentication
>
>
>
> I am adding authentication to a Struts2 web application by implementing an
> authentication interceptor.
> With an interceptor, as far as I understand, you can prevent
> non-authenticated perons from accessing specific actions.
>
> However, suppose somebody forwards a URL to a specific pdf-file to a
> non-authenticated "outsider".
> For example: http://.../persberichten/persbericht12954.pdf
>
> Which Struts2 mechanism can I use to prevent the non-authenticated
> "outsider" from accessing that PDF?
>
> Or, another example:
>
> http://.../persoverzicht/ophalenpub.jsp?id=27859
>
> Is it possible to prevent the outsider from accessing that specific press
> article?
>
>
>
> -------------
> Aan dit bericht kunnen geen rechten worden ontleend. Alle berichten naar
> dit professioneel e-mailadres kunnen door de werkgever gelezen worden.
> Ondernemingsnummer: 0253.973.219
>
>
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
>
Attachment:
user_207159.ezm (zipped)Pattern A:
/unsecured/*
Run whatever unsecured interceptors on these. This would not include
the authentication interceptor or the allowed resource check
interceptor. That's because these are considered OPEN to everyone.
Pattern B:
/secured/*
Run the authentication check and the resource check interceptors.
The authentication check would verify simply that the HttpSession object
contains whatever credential token in memory. If this value doesn't
exist, you simply don't have any authentication, return LOGIN as your
result, sending the user to the login page. The neat thing we did when
this happened in our application is we captured the original resource
and any parameters, set that value to a page scope variable and stored
it in the login form. This way when the user called the LoginAction, we
could redirect the user to the original requestsed resource once we got
their credentials.
The resource check logic for us in my case was simple as well. When we
grab the authentication object (User object that is), the object gets
populated with a map of resources and their access permissions. This
way the data is grabbed only once and gets stored in the session object
only during login. Therefore, all resource checks simply verify that
the user object contains the resource and desired access. There is no
trip to the RDBMS on each web call, reducing the overhead. If a user's
access changes during a session, it doesn't get updated. They simply
logout and back in and the access is fixed.
Lots of ways to do it, but I would keep them separate.
Chris
> -----Original Message-----
> From: Dave Newton [mailto:davelnewton@(protected)]
> Sent: Monday, August 09, 2010 6:23 AM
> To: Struts Users Mailing List
> Subject: Re: URL authentication
>
> FWIW, I wouldn't combine the two into the same interceptor since
> rather different things... plus resource access is more likely to take
> in a different layer, and not be a cross-cutting concern.
Attachment:
user_207162.ezm (zipped)I was thinking of using declarative security (in web.xml) for resource authorization. Is this a good idea? Is it enough?
-----Oorspronkelijk bericht-----
Van: CRANFORD, CHRIS [mailto:Chris.Cranford@(protected)]
Verzonden: maandag 9 augustus 2010 15:50
Aan: Struts Users Mailing List
Onderwerp: RE: URL authentication
Pattern A:
/unsecured/*
Run whatever unsecured interceptors on these. This would not include the authentication interceptor or the allowed resource check interceptor. That's because these are considered OPEN to everyone.
Pattern B:
/secured/*
Run the authentication check and the resource check interceptors.
The authentication check would verify simply that the HttpSession object contains whatever credential token in memory. If this value doesn't exist, you simply don't have any authentication, return LOGIN as your result, sending the user to the login page. The neat thing we did when this happened in our application is we captured the original resource and any parameters, set that value to a page scope variable and stored it in the login form. This way when the user called the LoginAction, we could redirect the user to the original requestsed resource once we got their credentials.
The resource check logic for us in my case was simple as well. When we grab the authentication object (User object that is), the object gets populated with a map of resources and their access permissions. This way the data is grabbed only once and gets stored in the session object only during login. Therefore, all resource checks simply verify that the user object contains the resource and desired access. There is no trip to the RDBMS on each web call, reducing the overhead. If a user's access changes during a session, it doesn't get updated. They simply logout and back in and the access is fixed.
Lots of ways to do it, but I would keep them separate.
Chris
> -----Original Message-----
> From: Dave Newton [mailto:davelnewton@(protected)]
> Sent: Monday, August 09, 2010 6:23 AM
> To: Struts Users Mailing List
> Subject: Re: URL authentication
>
> FWIW, I wouldn't combine the two into the same interceptor since
> rather different things... plus resource access is more likely to take
> in a different layer, and not be a cross-cutting concern.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@(protected)
For additional commands, e-mail: user-help@(protected)
-------------
Aan dit bericht kunnen geen rechten worden ontleend. Alle berichten naar dit professioneel e-mailadres kunnen door de werkgever gelezen worden.
Ondernemingsnummer: 0253.973.219
Attachment:
user_207158.ezm (zipped)hi,
I need shared hosting for struts 1.2 on tomcat. Would anyone recommend one,
also what is better VPS or shared hosting for this .
I am looking for lowcost , good quality .
Please advice.
--
Thanks and kind Regards,
Abhishek jain
Attachment:
user_207160.ezm (zipped)On Fri, 06 Aug 2010 17:12:10 -0400, François Rouxel <rouxelec@(protected)>
wrote:
> should be working, did you put in s:url tag includeParameters='get' ?
>
Yes, although I don't think that's what includeParams is used for - here's
my actual code:
<s:url id="xurl" value="a.b" includeParams="get" escapeAmp="false">
<s:param name="pn" value="'firstval'" />
<s:param name="pn" value="'secondval'" />
<s:param name="pn" value="'thirdval'" />
</s:url>
URL 1: <s:property value="xurl"/>
and here's the result:
URL 1: a.b?pn=thirdval
I'm using Struts 2.0.11
Steve
--
Stephen Turner
Senior Programmer/Analyst - MIT IS&T
Attachment:
user_207161.ezm (zipped)On Fri, 06 Aug 2010 20:49:03 -0400, Martin Gainty <mgainty@(protected)>
wrote:
>
> <s:url>
> <!-- assume your Action contains a collection -->
> <!-- public
java.util.ArrayList<CartItem> availableItems; -->
> <s:iterator value="availableItems">
> <!-- each CartItem has a name, Price and OriginalValue attributes -->
> <td><s:property value="name" /></td>
> <td><s:property value="Price" /></td>
> <td><s:property value="OriginalValue" /></td>
> </tr>
> </s:iterator>
> </s:url>
>
> if the action collection accessor formats the array to deliver each
> attribute of CartItem as expected by param within url
> then grab the array from the action..
> <s:url>
> <s:param name="pn" value="%{'action.availableItems'}" />
> </s:url>
>
> Martin Gainty
Mr Gainty wins the prize.
For reference, this works:
<s:url id="xurl" value="a.b" includeParams="none" escapeAmp="false">
<s:param name="pn" value="{'firstval','secondval','thirdval'}" />
</s:url>
URL 1: <s:property value="xurl"/>
Result is:
URL 1: a.b?pn=firstval&pn=secondval&pn=thirdval
which is what I was looking for.
Steve
Attachment:
user_207163.ezm (zipped)I'm using Struts 2.1.8.1, xwork 2.1.6 and Tthere seems to be an issue trying
to populate the fields of a Lis of Maps using OGNL.
In my action I have an action property name 'grid' with appropriate
getters/setters of type ArrayList<HashMap<String,String>> which I want to
populate dynamically from a grid of textboxes.
I am setting my textbox name property to
name="grid[%{#status.index}]['MapKey']" such that the html name properties
resolves to: grid[0]['MapKey'], grid[1]['MapKey'], grid[2]['MapKey'],
etc...
I expect this to dynamically create and populate a new ArrayList with new
HashMap instances and put a 'MapKey' entry in each map with a value equal to
the value of the textfield.
However, I am getting an xwork OGNL error which sys that it is trying to
covert the String 'MakKey' to type 'HashMap' and obviously failing.
The syntax grid[%{#status.index}]['MapKey'] appears correct for what I'm
trying to do, but somehow OGNL is not interpreting the result
of grid[%{#status.index}] as a list entry and the trying to create the new
HashMap instance before populating it.
Is there a different syntax for chain the indexed properties for a List of
Maps?
Thanks,
Strykker
