What's the real role of ModelMap in Spring Portlet MVC? I've been testing a few portlets using Spring Portlet MVC 3.0 in WebSphere Portal 7 and it seems every attribute set in ModelMap gets stored in PortletSession.
If that's the case, what's the role of Session Attributes? (by the way, there's a several bug including clearing these guys). And what if I want to store attributes that last only to the current request? (For example, a Confirmation Message). If I put this message in the ModelMap, it gets stored in session and I have to manually clear it every time a user gets into Portal.
If you have added #SessionAttributes annotation to your controller class and have the same #ModelAttribute value, then there is a chance of storing your ModelMap to the PortletSession. But ideally, ModelMap is not defualtly store in PortletSession.
Related
Some one please me to find out the spring mvc examples,
Because usually, once we log in into the application we will create a session and put some objects into session . we will access later point of time , request scope as well. but spring MVC3 is difficult to understand even documentation also confusing, but every one giving example is basic examples only.
You can access these objects in a JSP/JSTL:
applicationScope
cookie
header
headerValues
initParam
pageContext
pageScope
param
paramValues
requestScope
sessionScope
As well as any request attributes that you add, including model attributes (who's default name is command).
More info here: http://www.informit.com/articles/article.aspx?p=30946&seqNum=7
If you want to access HttpRequest, HttpResponse, HttpSession, add them as arguments to a Spring Controller Handler Method . Spring will pass them in for you.
In my Spring MVC project I have a jsp page , registration page , in which there is a form. In this form the user inserts his data (name, surname and so on).I created a bean User and I bound the form with this bean.But now I have a problem.How can i put the user object into a session in a method of a controller?
Can I use #SessionAttributes,httpsession or I set the scope of the bean to session? How can i solve it?Sorry for my English. Thanks
You can use HttpSession so just need to set your user object in your session and access anywhere into the system.
Refer this httpsession documentation for setting session value.
I am using Struts 2 v 2.3.16.3 with tomcat 6.
A user will click on an action which finds an object by id and the page displays it. I have encountered a sporadic bug where the user will all of a sudden get the id of another lookup from another user on another machine. So effectively they are both calling the same action but passing different id to the request, but both end up viewing the same id.
This is obviously disastrous, and the data is totally corrupted as both users think they are editing a different record. Any ideas how make sure session/request activity is kept secure to each session?
I am also using spring and am using the #Transactional annotation in my Service layer, which returns the objects from the DAO. Is there something I need to do with this annotation to make it secure for each session ?
I am using org.springframework.orm.hibernate3.HibernateTransactionManager
Classic Thread-UnSafe problem.
Since you nominated Spring, my first guess is that you have not specified the right scope for your action beans in Spring xml configuration.
Be sure you are using scope="prototype" because otherwise the default scope of Spring is Singleton, and you don't want a single(ton) instance of an Action, that would not be ThreadLocal (and hence ThreadSafe) anymore.
If it is not that, it could be something on an Interceptor (that, differently from an action, is not Thread Safe), or you are using something static (in your Business / DAO layer, or in the Action itself) that should be not.
It's so frustating, but I cannot upgrade Spring core to 3.1, only MVC.
The thing is that I need to use Flash Attributes after a redirect.
Or maybe there's a "howto" to do the same as RedirectAttributes, in Spring 3.0.
Thank you so much!
You can just implement it yourself.
For the flash request attributes, add them to the session with a special flag attribute (a prefix in their string key value), like REDIRECT_HAPPENING_<attributeName>.
Then create an interceptor that checks if you have any attributes named that way in the session. If you do, add them as request attributes (and remove them from the session - you can do this in postHandle()), otherwise return.
I've been looking into using Spring Security for the authentication/authorization of my web application (this will be JDBC based).
However, a core component seems to be left out from my perspective. How do I register/create new users? Is there an out of the box API for that?
Do i need to write user registration and management from scratch?
Things i need to do include:
- Registering a new user
- Resetting passwords
- Emailing a user to activate their account
- Emailing a user to reset their account.
Thank you in advance.
I use Spring Security on my project. The framework does not have an API for user creation or registration as you asked. For Spring Security to be generic and usable across multiple frameworks, it can only take you so far before you have to write custom code. You can't really get a more specific answer about a framework or tool to use because at this point you will just use the frameworks you are already using anyway.
If you've set it up to use users and roles in your database, from your data access layer you would create a record in the user table or update a password (preferably stored as a hash) in that record. And as Aravind said, Spring does provide email support.
If you really want to see one way to do it: I'm using Spring MVC, JSP, and Hibernate. I use Spring's form tags in a JSP to bind a new user form to a Person object, and my controller method passes that Person object to my Dao to persist it.
The controller method signature looks like this...
#RequestMapping(value = "/newUser", method = RequestMethod.POST)
public ModelAndView createNewUser(final #Valid #ModelAttribute Person user,
final BindingResult result,
final SessionStatus status,
final #RequestParam(value = "unencodedPassword", required = true) String password) {
...
user.getRoles().add(new Role(user, Role.APPLICATION_ROLE.ROLE_USER));
userDao.createNewUser(user);
...
}
and my PersonDao would use Hibernate to persist the user like so
#Transactional
public void createNewUser(Person user)
{
Session session = sessionFactory.getCurrentSession();
session.save(user);
session.flush();
}
Have a look at my answer here.
"I have implemented a JAVA project for this use case. It is open
source, based on Spring-Security. A release version is on
Maven-Central, so you do not need to compile it, but instead you can
fetch it as maven-dependency to your project!"
<dependency>
<groupId>com.ohadr</groupId>
<artifactId>authentication-flows</artifactId>
<version>1.5.0-RELEASE</version>
</dependency>
As far as I know, Spring Security does not have built in support for new user creation and registration. You will have to manage this yourself. However it does have emailing support. Check here for more on this.