I am facing a crazy issue. On form submit if any word contains 'script' (Eg: De'script'ion) then that will b truncated, hence remaining with 'Deion' ('script' removed from 'Description'). Could not find the reason for it.. I am using Velocity Templates for UI and Struts 1.x
Form Bean
<form-bean name="newUserForm" dynamic="true" type="com.test.fe.webapp.form.NewUserForm">
<form-property name="userId" type="java.lang.String" />
<form-property name="role" type="java.lang.String" />
<form-property name="selectedPartnersMultiSelect" type="java.lang.String[]" />
<form-property name="isExistingUser" type="java.lang.String" />
</form-bean>
Found the root cause for this..
Our application has applied a Filter to prevent Cross Site Scripting(XSS) attacks, hence this issue was occuring..
Thanks
Related
I have some difficulties to call a JNDI variable to my jsp Page.
Context.xml :
<!-- Environnement de l'application -->
<Environment name="app/env" override="false" type="java.lang.String" value="Développement" />
conf-view-spring.xml
<jee:jndi-lookup id="jndiLookEnv" jndi-name="app/env"
expected-type="java.lang.String" />
footer.jsp
<div class="panel-footer footerstick clearfix">
<div class="pull-right">
<strong><c:out value="${jndiLookEnv}"></c:out></strong>
</div>
</div>
I have no error but my jndiLookEnv is empty,
What's wrong in this case?
Thank you.
Beans in the context aren't accessible by the JSP (or at least not in the way you are trying to). You would need a scriptlet to get access to the ApplicationContext and do a getBean to retrieve the value. Using ${jndiLookEnv} isn't going to work.
To make it available for easy use in the JSP you need to add a ServletContextAttributeExporter to expose it.
<bean class="org.springframework.web.context.suppor.ServletContextAttributeExporter">
<property name="attributes">
<map>
<entry key="env" value-ref="jndiLookEnv" />
</map>
</properties>
</bean>
Now you can use ${env} to reference to value.
Now you can improve on this and remove the JNDI lookup al together (assuming that you are on a recent spring version).
<bean class="org.springframework.web.context.suppor.ServletContextAttributeExporter">
<property name="attributes">
<map>
<entry key="env" value="#{environment['app/env']}" />
</map>
</properties>
</bean>
The Environment abstraction will do a lookup for the property in various locations, one of them being JNDI (you could override the app/env property using properties or a system property for instance.
I've inherited an old application that is using Struts 1.2 Tiles 1. For various annoying reasons I can't upgrade.
I'm not very familiar with Struts, or specifically Tiles in general and I'm trying to do something that makes sense in my head but I can't seem to make work in practice. Here's an example of what I'm trying to accomplish:
<tiles-definition>
<definition name="content-with-sidebar" path="/content_with_sidebar.jsp">
<put name="top" value="" type="string" />
<put name="sidebar" value="/tiles/sidebar.jsp" />
<put name="main" value="" type="string" />
<put name="bottom" value="" type="string" />
</definition
</tiles-definition>
content_with_sidebar.jsp
...
<tiles:insert attribute="top" flush="false" />
<div id="content">
<aside>
<tiles:insert attribute="sidebar" flush="false" />
</aside>
<div id="main">
<tiles:insert attribute="main" flush="false" />
</diV>
</div>
<tiles:insert attribute="top" flush="false" />
...
actual_page.jsp
<tiles:insert definition="content-with-sidebar" flush="false">
<tiles:put name="top" type="string">
<div>Maybe this page has something on the top that isn't the page header</div>
</tiles:put>
<!-- use the default sidebar -->
<tiles:put name="main">
<strong>Current Location:</strong>
<address><h:outputText value="#{locationDesc} #{zipCode}" /></address>
<!-- Some more dynamic jsp markup -->
</tiles:put>
<!-- This one doesn't have anything extra on the bottom -->
</tiles:insert>
This almost works but the dynamic bits get rendered above and outside the <tiles:insert> and the plain strings go where they should. I understand now, after much searching, that <tiles:put> in this, er, context, is expecting a plain ole string.
Is there a pattern to accomplish what I want with dynamic context?
As it stands I'm having to create another jsp file to be referenced by the <tiles:put> tag. i.e.
<tiles:put name="main" value="/actual_page_body.jsp" />
I'd rather not have to create an additional file when one would do. Any advice would be helpful.
With tiles, when the definition is rendered (content-with-sidebar in your code), the jsp corresponding to the 'path' attribute (/content_with_sidebar.jsp) will be invoked. All other jsps have to be manually invoked using a <tiles:insert>. What tiles provides you is a way to configurationally invoke them as definition attributes.
I'm developing a simple tag library in order to centralize the creation of form components.
In my custom tag I need to get the value of the backing object mapped field.
Here is how I pass the field name value to my library:
<jsp:directive.attribute name="field" type="java.lang.String" required="true" rtexprvalue="true" description="The field exposed from the form backing object" />
Inside my tag library, using <form:hidden path="${field}.id" /> from spring tag library works, but how can I get same value not using that library? I do not want to have an input type hidden mapped in my form, but only retrieve the value of that field name.
Thanks for any hints.
You can try the spring:eval tag
<jsp:directive.attribute name="object" type="java.lang.Object" required="true" description="The form backing object" />
<jsp:directive.attribute name="field" type="java.lang.String" required="true" description="The field name" />
<spring:eval expression="object[field]" />
I'm using Spring Social with Spring Security to authenticate users and automatically create local accounts on my web app. How do I provide the OAuth2 scope for authentication?
In the spring-social-samples, I don't see where scope should go.
<bean id="socialAuthenticationFilter" class="org.springframework.social.security.SocialAuthenticationFilter"
c:_0-ref="authenticationManager"
c:_1-ref="userIdSource"
c:_2-ref="usersConnectionRepository"
c:_3-ref="connectionFactoryLocator"
p:signupUrl="/spring-social-showcase/signup"
p:rememberMeServices-ref="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices#0" />
<bean id="socialAuthenticationProvider" class="org.springframework.social.security.SocialAuthenticationProvider"
c:_0-ref="usersConnectionRepository"
c:_1-ref="socialUsersDetailService" />
A specific usecase for scope would be to let the user authenticate with Facebook and then get the user's Facebook email (scope="email") for creating a local account.
In your configuration, you need to specify scope as a property of the FacebookAuthenticationService. This is the service that handles calls to auth/facebook
In XML configuration, instead of:
<facebook:config app-id="${facebook.clientId}" app-secret="${facebook.clientSecret}"/>
use:
<bean id="connectionFactoryLocator" class="org.springframework.social.security.SocialAuthenticationServiceRegistry">
<property name="authenticationServices">
<list>
<bean class="org.springframework.social.facebook.security.FacebookAuthenticationService">
<constructor-arg value="${facebook.clientId}" />
<constructor-arg value="${facebook.clientSecret}" />
<!-- Important: The next property name changed from "scope" to "defaultScope" in 1.1.0.M4 -->
<property name="scope" value="email" />
</bean>
</list>
</property>
</bean>
This works with Spring Social 1.1.0.M3
You can pass additional scope parameter in a connection / signup form. See example for twitter from the official documentation:
<form action="<c:url value="/connect/twitter" />" method="POST">
<input type="hidden" name="scope" value="publish_stream,offline_access" />
...
<button type="submit"><img src="<c:url value="/resources/social/twitter/signin.png" />"/></button>
</form>
It is the same principle for facebook too, just use appropriate scope values.
Be sure that you do not missed this part:
Facebook access tokens expire after about 2 hours. So, to avoid having
to ask your users to re-authorize ever 2 hours, the best way to keep a
long-lived access token is to request "offline_access".
I am using spring webflow and I have registered all the flow xmls in the webflow.xml like this
<!-- The Flow handler adapter, to handle flows request recieved by the dispatcher servlet -->
<bean id="flowController" class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter">
<property name="flowExecutor" ref="flowExecutor"/>
</bean>
<flow:flow-registry id="myflowRegistry" flow-builder-services="flowBuilderServices" >
<!-- all xml files in base path and subfolders -->
<flow:flow-location path="/WEB-INF/flows/payslips.xml" />
<flow:flow-location path="/WEB-INF/flows/admissions.xml" />
<flow:flow-location id="cash-advance" path="/WEB-INF/flows/cashadvance.xml"/>
<flow:flow-location path="/WEB-INF/flows/services.xml" />
<flow:flow-location path="/WEB-INF/flows/undergradadm.xml" />
</flow:flow-registry>
<bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping">
<property name="order" value="0" />
<property name="flowRegistry" ref="myflowRegistry" />
</bean>
Now when I tr to access any of these pages with payslips.go or cash-advance.go they dont work and give me :
Error 500: Request processing failed; nested exception is java.lang.StringIndexOutOfBoundsException: String index out of range: 1
I am very new to webflow and It seems logical that it should work. The views in the spring MVC that are not part of the webflow or dont have any xmls defined under flow work perfectly fine because it has nothing to do with webflow. but these pages which have a flow defined. I dont think mozilla has anything to do with it.
On some other machine, these are working fine. there must be something with my own setup that its not letting it work.
May be this will help as well
Caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: 1
at java.lang.String.substring(String.java:1060)
at org.springframework.webflow.context.servlet.DefaultFlowUrlHandler.getFlowId(DefaultFlowUrlHandler.java:83)
at org.springframework.webflow.mvc.servlet.FlowHandlerMapping.getHandlerInternal(FlowHandlerMapping.java:92)
at org.springframework.web.servlet.handler.AbstractHandlerMapping.getHandler(AbstractHandlerMapping.java:184)
at org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:1057)
Thanks
This is how I am configuring SWF:
<!--
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
SPRING WEB FLOW'S CONFIGURATION
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-->
<!-- Creates a flow executor in Spring, responsible for creating and executing flows -->
<flow:flow-executor id="flowExecutor" flow-registry="flowRegistry" />
<!-- Load flow definitions and make them available to the flow executor -->
<flow:flow-registry id="flowRegistry">
<flow:flow-location id="process-flow" path="/process/flows/process-flow.xml" />
</flow:flow-registry>
<!-- The FlowHandlerMapping helps DispatcherServlet to knowing that it should send flow requests to Spring Web Flow -->
<bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping">
<property name="flowRegistry" ref="flowRegistry" />
</bean>
<!-- The FlowHandlerAdapter is equivalent to a Spring MVC controller in that it handles requests coming in for a flow and processes those requests -->
<bean class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter">
<property name="flowExecutor" ref="flowExecutor" />
</bean>
My flow is in the root of my web folder, but you can also use the WEB-INF dir; this way, the path should be "/WEB-INF/foo/bar.xml/".
I hope it helps, regards.