Hi Dave,
Did you make any progress with this?
The approach I've used is for the action to set up a JRDataSource
instance in a public property. The DataSource is defined as a normal
parameter in the Master Report. The Jasper Result passes this
JRDataSource instance to the Master report throu
Hello,
Since struts2 actions are not shared amongst requests and if these
actions are Aware of one of the scopes they essentially have a copy
of that scope's parameters in a map. Lets say the application has
about 15 attributes and the session has about 7 attributes.
Que1. When you add a
> However, i
> did not see
> the source for any of the "com.opensymphony.xwork2.*" classes. Is the
> source
> for these classes available?
XWork is a seperate project at opensymphony. You can get the sources from
https://svn.opensymphony.com/svn/xwork/
Piero
On Jan 15, 2008 5:24 PM, Darren James <[EMAIL PROTECTED]> wrote:
>
> I recently downloaded the 2.0.11 distribution, and was able to find the
> sources to
> all of the java classes under the "org.apache.struts2.*". However, i
> did not see
> the source for any of the "com.opensymphony.xwork2.*" cla
GF wrote:
It could be a solution, but:
Greet
simply works.
Unfortunately simply HTML Escaping the href attribute isn't
satisfactory. It would corrupt valid javascript.
eg.
Link A
HTML escaped is not equivalent:
Link B
As Martin suggested, you could write code that parses the attribute
--- Darren James <[EMAIL PROTECTED]> wrote:
> I recently downloaded the 2.0.11 distribution, and was able to find the
> sources to
> all of the java classes under the "org.apache.struts2.*". However, i
> did not see
> the source for any of the "com.opensymphony.xwork2.*" classes. Is the
> sour
I recently downloaded the 2.0.11 distribution, and was able to find the
sources to
all of the java classes under the "org.apache.struts2.*". However, i
did not see
the source for any of the "com.opensymphony.xwork2.*" classes. Is the
source
for these classes available?
thanks in advance,
Filipe David Manana wrote:
Yes, I use Tomcat 5.5. Where in tomcat do I configure directories not
handled with mod_jk?
He said 'apache+tomcat'; mod_jk is an Apache Httpd component, so it's
not relevant if you aren't using Apache Httpd.
See below for further comments.
By the way, is there a
Otto, Frank wrote:
hi,
thanks for your answer.
how can I build a ognl variable dynamic? Example:
I have an iteration with different url-definitions, because
I need always another parameter (index):
...
action="test_myMethod.action">
href="%{myMethod
Thank you so much for you help. Yes, we do want the other action to execute
before reaching the jsp ... as i was refactoring the code, i read your next
response, and yes, the "chain" result is exactly the fix for me. I think
action chaining is in general frowned on, but for my initial login, i th
--- Darren James <[EMAIL PROTECTED]> wrote:
> If your action does not define an interceptor does it get the default
> one (i.e. "defaultStack")?
Yep.
> also, if your action *does* define an interceptor, does that augment the
> default one or override it?
Override.
>
> /
Hi all,
I'm new to struts2 and have some questions about configuring Interceptors.
If your action does not define an interceptor does it get the default
one (i.e. "defaultStack")?
e.g.
// does this action get
the struts2 default interceptor stack
/myAction.jsjp
I just realized that the proposed solution won't do what you want it
to do either, since you obviously want the other action to run before
the jsps are dispatched... So, you either have to re-structure your
code a bit and invoke the other actions directly (either manually or
by specifying it as the
I think I have figured out the problem. The problem is that
"redirectAction" doesn't really do what you think it does, not when
used in the render phase. I should probably implement a check for
this, as you can't do a sendRedirect in a portlet. "redirectAction" in
a portlet should only be used afte
xianwinwin wrote:
I would like to validate if the user has entered a valid email.
for this I have the method
@TypeConversion(converter =
"com.utilities.conversion.EmailTypeConversion")
public void setEmail(String email) {
this.email = email;
}
the conv
I use an ImageCaptchaServlet that is generally like the one in the appfuse
example, but without the security stuff. Also, i am usually not able to
store the captcha's based on session id, so i pass a parameter in called
'captchaId' on my request.
I register the servlet in my web.xml, and since i
I have debugged through my own code, but not too deeply through the struts2
code. I did notice when running it with struts 2.0.11, that there was a
warning that the actionMapper property of the PortletActionRedirectResult
was not set b/c the bean could not be found.
Would something in the web.xml
Hm I usually experience this behaviour when the JSPs aren't
found... Other than that, redirectAction runs just fine in my sample
applications. Have you tried launching in debug mode and step through
the code? Can you show your portlet.xml file?
Nils-H
On Jan 15, 2008 7:58 PM, Brian Relph <[EM
provided if the comprehensive route is always the most difficult
2 quick questions-
1)In struts-2.0.11 has resetToken/saveToken/generateToken morphed into a
different entity ?
2)can I assume a session.invalidate() will effect a resetToken
Thanks/
Martin-
- Original Message -
From: "Givler
Hi,
I've encountered very strange behaviour of struts:
adds new entry to myMap - ('testKey',
''). Why??
Details:
...in My action:
private Map myMap = new HashMap(); // it's
empty
...in jsp:
// displays {} - it's ok because is empty
// displays nothing as it should
be
// display
My WEB-INF/index.jsp is used so that i can use the same installation as both
a portlet and a servlet. Websphere comes with an embedded portlet container
as well as a servlet that can serve portlets as servlets, so i can install
my webapp a single time and have it accessible both in and out of my p
I don't know why I overlooked that. All I had to do was put saveToken()
in a calling action, and make sure I called saveToken again if any
validation or system errors occurred when I was returning to the form.
If the token is invalid, There was a nice thread here about it:
http://www.jguru.com/faq
Are you running this in a portlet container? Your index.jsp and the
redirect url does not make sense i a portal server (unless you are
embedding it in some way)? Please provide some more information.
Nils-H
On Jan 15, 2008 6:38 PM, Brian Relph <[EMAIL PROTECTED]> wrote:
> I am having trouble
Hi,
I have rendered a link with and
Alle Konten
anzeigen
In HTML this is generated.
Alle Konten anzeigen
1. When I move the cursor over the link the calling url from my application
is shown not a link with showAccountView.action in it. I click on it
showAccou
I am having trouble getting a redirectAction to work. I am using
struts2-portlet-plugin-2.1.1-SNAPSHOT, i have also tried using
struts-2.0.11with no luck. Any advice? Here are my configs:
WEB-INF/index.jsp
<%
String redirectURL = "view/index.action";
response.sendRe
Hi all,
I'm new to this mailing list and still a bit confused on how to look
things up, so apologies if this one is already up there!
I'm using Tomcat to serve up JSPs using Struts 2 with java action classes
and xml validation files. For example:
signup.jsp
SignUp.java
SignUp-validation.xml
A
Eric
How would I prevent this from occurring?
[Questions]
1. Is it simply a matter of making my service an instance
variable of this action and making the login method synchronized? 2.
Are there situations where I would not want there to be a single
service
ins
First I wanted to say that I totally agree with Ted's view about the lack of
support for Struts. I do believe that things for the Struts 2.x project will
pick up now since the Holiday's are over now.
I wanted to extend a personal thanks to all of the developers who contribute
to the Struts 2 pro
Givler, Eric wrote:
The problem is the
user double clicks [login] and can get two calls to the service method
to execute simultaneously. They both don't see a row, so they both do
an INSERT. One of the inserts fails due to a PK on the username.
See generateToken[1] and isTokenValid [2]. T
I have a Struts application where a user enters an account id#
and a pin to enter the application. The user will already be
authenticated via an LDAP server prior to accessing my application, so
the remote user name is there, as well as role information. After the
user clicks [login], I f
> It could be a solution, but:
> Greet
> simply works.
Didn't know.
I'm not very into javascript coding :-)
However I think that preventing double quote in some way, can be good.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For ad
2008/1/15, GF <[EMAIL PROTECTED]>:
> >
> > Or better, escape them with their corresponding entity.
>
> What do you think about
>
> Greet
simply works.
Antonio
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e
> Are you suggesting that javascript injection in href be disabled to prevent
> XSS attacks?
I'm suggesting that is better that the variable inside
Are you suggesting that javascript injection in href be disabled to prevent
XSS attacks?
Martin--
- Original Message -
From: "GF" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List"
Sent: Tuesday, January 15, 2008 3:27 AM
Subject: Re: Feedback: WW-2414, XSS attack is possible if using
an
>
> Or better, escape them with their corresponding entity.
What do you think about
Well,
> Or better, escape them with their corresponding entity.
>
> Antonio
>
Myabe i'm wrong, but:
In XHTML this is wrong:
because i use double quotes inside a javascript, inside a href tag
delimited by double quotes.
it would be ok to do:
So since can be used to generate a "good" tag,
2008/1/15, GF <[EMAIL PROTECTED]>:
>
> On Jan 15, 2008 2:45 PM, Martin Gainty <[EMAIL PROTECTED]> wrote:
> >
> > Hi Ganfab
> > Are you suggesting the href contents disable javascript to disable XSS
> script attacks?Martin
>
> No, I think that maybe can be useful to think if doing some checks to
> h
On Jan 15, 2008 2:45 PM, Martin Gainty <[EMAIL PROTECTED]> wrote:
>
> Hi Ganfab
> Are you suggesting the href contents disable javascript to disable XSS script
> attacks?Martin
No, I think that maybe can be useful to think if doing some checks to
href attribute of is possible to look for double
Hi Ganfab
Are you suggesting the href contents disable javascript to disable XSS script
attacks?Martin __Disclaimer and
confidentiality noteEverything in this e-mail and any attachments relates to
the official business of Sender. This transmission is
Setting XWorkConverter.REPORT_CONVERSION_ERRORS to stop conversion errors being
reported - is it possible?
I hope I don't appear to0 lazy to look for an answer but I could only find
non-specific references to this on struts.apache.org, and nothing on the mailing
list or the wiki. So short of s
Hi all,
HDIV 2.0.3 has just been released including new features.
HDIV project is an Apache-licensed Java Web Application Security Framework that
adds security functionalities to Struts 1.x, Struts 2.x, Spring MVC and JSTL in
a transparent way to the programmer and without adding any complexity
hi,
I have 6 autocompleter. The first refreshs the second, the second the third and
so one.
But If I clear the second autocompleter value, so that the combo box is empty,
the notifyTopics-Event will not be send. Has someone an idea? I have to refresh
the third combo box and then the next...
On Jan 14, 2008 2:27 PM, Al Sutton <[EMAIL PROTECTED]> wrote:
> Just re-read your original message. So you have tried it on an app server
> and everything is OK. Doesn't that indicate the problem lies with eclipse
> and not struts?, shouldn't it be the Eclipse bug tracking system you put
> your rep
> Hi Antonio, as I mentioned in a previous post, it's not so simple as the
> href attribute of s:a can legally contain javascript or vbscript.
I think that the problem about in href attribute is the double
quote " character, because it will close the href attribute, then with
a greater than symbo
2008/1/15, Jeromy Evans <[EMAIL PROTECTED]>:
>
> Hi Antonio, as I mentioned in a previous post, it's not so simple as the
> href attribute of s:a can legally contain javascript or vbscript.
> This is precisely why the href attribute is not escaped/encoded in the
> template. It's deliberate.
Sor
45 matches
Mail list logo
