I am current working on a migration project from struts1.x to struts2. I am looking for some help in migrating the existing validations.xml and validations-rules.xml to struts2 equivalent. I am aware that we need to create validation xml per action class in struts2, but idea of placing all validations under file like in struts1 looks more better in terms of managing the application. If anybody had done similar work, please give me some pointers or guidance.
Secondly, if validation using one single file is not possible, i would like some help on how to convert the validations file to equivalent struts2. I am not able to understand the plugins part, for eg, mask, date. Seems they are more easy in struts1, whereas in struts2 we have to write regex for almost everything. for eg, i couldnt find anything for just a Invalid date validation. Whereas just using the date plugin in struts1 its possible.
Related
Is it possible with standard Alfresco code to perform schema validations when adding new content to a webform? (the webform is associated with the schema file)
I have a simple schema file with 3 elements that must be unique. I've found out that I can use xs:unique to perform this validation and ensure that each element is unique, however Alfresco does not perform this validation at all.
I can submit the content with repeated fields anywhere.
I've been digging the internet to find a solution and it is possible to tackle this issue messing a little with Alfresco extensions, however I would like to know if is there any other way.
Does someone experienced this issue?
you can use custom validation in this custom validation you need to check whether your elements are unique or not please refer this documentation for custom validations.
I'm trying to secure my Spring MVC web app against cross-site scripting (XSS) attacks.
At first I thought I could simply set defaultHtmlEscape in my web.xml and be done. But I found that had no effect. As explained here -- Spring or App-Server escape html isn't working JAVA MVC, defaultHtmlEscape has no effect on INPUTS. It only sanitizes OUTPUTS within c:out tags.
So then I figured I'd write a filter to intercept requests, examine the parameters, and sanitize them as needed. But while looking into how to write the filter, I came across this -- XSS Filter to enctype="multipart/form-data" forms. It includes comments suggesting that filtering inputs is a bad idea, and that I should stick to filtering outputs.
Several posts mention HDIV and other third-party security solutions, but I'd rather not introduce a new third-party dependency to my project for something as basic as sanitization.
But filtering outputs seems inconvenient and error-prone. Are all the developers who touch my web app expected to remember to use c:out for EVERY output value on EVERY JSP page? Surely a global setting would be better? What's the best practice here?
Thanks in advance for your advice.
This is a big question. There is no easy or automatic way to do it. Every developer on your team should understand the basic aspects of this. The best practices are going to include input validation and output escaping.
Additionally, if you handle input that is expected to be html markup, you will have additional complications. AntiSAMY is a good place to go for that.
This article is a good place to start:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
No there is no way in Spring MVC to sanitize user inputs.
However you can prevent XSS by setting defaultHtmlEscape to true in web.xml
Adding this will not sanitize data it will encode it, preventing XSS.
Refer to the link below for syntax
How do I prevent people from doing XSS in Spring MVC?
I am using mongo db in my yii project.
I am newbie in yii and mvc. I need to show some fields from database to user. And also allow them to edit those fields when they click edit. From what I know so far, I need a modal to create form. Modal should extend CActiveRecord (because I am allowing edit).
But I have no clue how this is going to work with mongodb ? Its very differnt from mysql (structure and fields are not definite in mongodb). Some users have field (column) abc while some do user do not have it.
I am looked into the mongodbsuite for yii. But its very hard for me to understand that at this level.
I am willing to write my own custom code, if someone can give me a direction. (or I'll have to write my own code destroying the feel of yii/mvc. Fetching everything and inserting into textboxes and then allow users to edit those)
I think this extension will help you. Pls check - YIIMongoDBSuite
What i suggest instead of writing your own code and doing testing to make it work, it is always better to shift to mysql,oracle or anything that Yii supports. it would save life
Yii Supports
SQLite
mysql
PostgreSQL
SQL Server
Oracle
It might be worth asking this question on the yiiframework forum
http://www.yiiframework.com/forum/
where there seem to be people actively using yii and mongodb.
I have a java based web application that is around 7 years old and have grown organically over time. It has been - historically - a mvc based application. Users used to put in data which used to be validated using the standard mvc based validations i.e. Struts. Somewhere down the line, we had to use Drools to do some validations for feed files that were coming in from other sources. The Drools based validation have worked quite well.
However, now we have a problem. There are a few validations that are in the MVC i.e. Struts. There are a few validations that are in Drools. While they both work perfectly fine in their own areas, we have duplication of validations. Also, as expected we have had issues around validations present in one scenario and not in the other. Of course, the tactical fix is that we keep a good grasp over all validations and ensure that any data coming in - whether through front end or from feed files - go through all validations. It should work but this is labour intensive and error prone.
I am polling the group to find if there is some strategic solution to this. Is there anyway I can move the validations in a single repository and have both front end data and feed data go through the same validations? The easiest answer seems to be that I move all validations to Drools and ensure that the front end interacts with Drools to execute all validations. Of course Drools is handling - and will continue to handle - all feed based data. I am also aware that Drools - perhaps - was not intended to be used this way and hence would not have been my first choice for any validation for data from web based front end.
Is there some other way? Have you faced this problem? If so have you managed to solve this problem? If so, how?
Thanks for reading. And a thanks a ton for any response.
Our team is looking to support multiple concurrent uploads in struts2 (i.e. "ajaxy", gmail-style file uploads, with progress bars, that
begin immediately instead of when the user submits the form).
We are wondering if there are any tips or best practices for
implementing this feature. For example, does struts require any
special handling for XHR multipart requests? Also, is it appropriate
to use the FileUploadInterceptor for this sort of thing, or is it
better to roll our own?
We've briefly looked at ajax-file-upload-struts2
but it looks as
though that project is either abandoned or incomplete (if that's wrong
please let me know).
As for the client side, we've looked at swfupload, plupload, and
uploadify. They seem to have their various strengths/weaknesses but
if anyone has a found a solution that they prefer we'd love to hear
it.
Struts2 already provides multiple file uploads functionality and its a good one in its own since its doing all the underlying work for you.i believe doing yourself means again doing the same work.
you can have look at current implementation of multiple file upload implementation and can tweak it as per your requirements
here is official document for the multiple file upload using struts2
Multiple File Uploads