You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Kamlesh Koringa <ka...@gmail.com> on 2009/08/24 12:52:41 UTC
Struts Security
I want to integrate Struts2 (2.1.6) with HDIV using SPI ( ProcessingParamter
Integaration) define in link below.
http://wiki.apache.org/struts/HDIV
Is there any source or help avaliable for that. In this link there is
integration for Struts 1.3.8. and web application is not downloaded properly
given in link. Can any one provides Sample application of Struts2 + HDIV
using SPI.
--
--------------------------
Kamlesh Koringa
Re: Struts Security
Posted by Dave Newton <ne...@yahoo.com>.
Musachy Barroso wrote:
> The answer to your questions is 42. What in the name of the Flying
> Spaghetti Monster are you talking about?
Ramen.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Struts Security
Posted by dusty <du...@yahoo.com>.
Hot Div Injection Vector - Service Pack 1 : a little know DHTML library used
exclusively by porn link aggregator sites. I am surprised you didn't know
that.
and Martin, I am so busy that I only make it back here periodically, but it
seems like everytime I do Musachy is giving you a beat down about another
total fail post. It reminds me of a famous SNL skit with William Shatner,
"Shatner, I think you are the most ridiculously terrible actor ever born on
this Earth, and I get a thousand letters a day telling me the same thing.".
To which Shatner replies, "What is the word on the street about me?".
*sigh*.
Musachy Barroso wrote:
>
> The answer to your questions is 42. What in the name of the Flying
> Spaghetti Monster are you talking about? It is not only that you add
> more questions that are not even related to the topic (FreeMarker,
> Velocity?). What is "HDIV-SP1"? not even google finds anything
> relevant about it. Then on top of that you post code from SPRING MVC
> examples (taken from here http://wiki.netbeans.org/SpringFileUpload?
> or
> http://www.coderanch.com/t/446495/Spring/dispatcher-servlet-xml-works?).
>
> In this community we encourage *people* to *help* each other and ask
> questions freely. "People" and "help" are the keywords here, your
> posts seem generated by a bot/script and are *not* helpful . I have
> seen you doing the same thing on other open source project mailing
> lists, would you please be so kind as to spare us your
> seemingly-random-generated-spam? You are confusing users and adding
> noise to the mailing list.
>
> And no, I can't just ignore you because your rants do confuse users
> which form the community that we, as struts developers try to help,
> and spend our free time supporting.
>
> musachy
>
> On Mon, Aug 24, 2009 at 8:46 AM, Martin Gainty<mg...@hotmail.com> wrote:
>>
>> xwork supplies a ParameterFilterInterceptor
>> <interceptors>
>> <interceptor name="parameterFilter"
>> class="com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor"/>
>>
>> i dont see any security considerations here for HDIV-SP1?
>> could you explain which security features/functions would be provided by
>> HDIV-SP1?
>>
>> would HDIV-SP1 be supported by either Freemarker or Velocity template
>> languages?
>>
>> how would existing struts tags incorporate this 'additional'
>> functionality..presumable thru an additional attribute?
>>
>> controller:
>> <bean
>> class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping"/>
>>
>> <!-- Most controllers will use the ControllerClassNameHandlerMapping
>> above, but
>> for the index controller we are using ParameterizableViewController, so
>> we must define an explicit mapping for it. -->
>> <!-- The index controller. -->
>>
>> <bean name="indexController"
>>
>>
>> class="org.springframework.web.servlet.mvc.ParameterizableViewController"
>>
>> p:viewName="index" />
>>
>> <bean id="urlMapping"
>> class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
>> <property name="mappings">
>> <props>
>> <prop key="/index.htm">indexController</prop>
>> </props>
>> </property>
>> </bean>
>>
>> what additional controller functionality would HDIV-SP1 provide which is
>> not already provided by spring ParameterizableViewController
>> ?
>> thanks,
>> Martin Gainty
>> ______________________________________________
>> Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
>>
>> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
>> Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede
>> unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese
>> Nachricht dient lediglich dem Austausch von Informationen und entfaltet
>> keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit
>> von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
>> Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas
>> le destinataire prévu, nous te demandons avec bonté que pour satisfaire
>> informez l'expéditeur. N'importe quelle diffusion non autorisée ou la
>> copie de ceci est interdite. Ce message sert à l'information seulement et
>> n'aura pas n'importe quel effet légalement obligatoire. Étant donné que
>> les email peuvent facilement être sujets à la manipulation, nous ne
>> pouvons accepter aucune responsabilité pour le contenu fourni.
>>
>>
>>
>>
>>> From: kamleshkoringa@gmail.com
>>> Date: Mon, 24 Aug 2009 16:22:41 +0530
>>> Subject: Struts Security
>>> To: user@struts.apache.org
>>>
>>> I want to integrate Struts2 (2.1.6) with HDIV using SPI (
>>> ProcessingParamter
>>> Integaration) define in link below.
>>> http://wiki.apache.org/struts/HDIV
>>>
>>> Is there any source or help avaliable for that. In this link there is
>>> integration for Struts 1.3.8. and web application is not downloaded
>>> properly
>>> given in link. Can any one provides Sample application of Struts2 + HDIV
>>> using SPI.
>>>
>>>
>>>
>>> --
>>> --------------------------
>>> Kamlesh Koringa
>>
>> _________________________________________________________________
>> Windows Live: Make it easier for your friends to see what you’re up to on
>> Facebook.
>> http://windowslive.com/Campaign/SocialNetworking?ocid=PID23285::T:WLMTAGL:ON:WL:en-US:SI_SB_facebook:082009
>
>
>
> --
> "Hey you! Would you help me to carry the stone?" Pink Floyd
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Struts-Security-tp25113976p25124970.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Struts Security
Posted by Musachy Barroso <mu...@gmail.com>.
The answer to your questions is 42. What in the name of the Flying
Spaghetti Monster are you talking about? It is not only that you add
more questions that are not even related to the topic (FreeMarker,
Velocity?). What is "HDIV-SP1"? not even google finds anything
relevant about it. Then on top of that you post code from SPRING MVC
examples (taken from here http://wiki.netbeans.org/SpringFileUpload?
or http://www.coderanch.com/t/446495/Spring/dispatcher-servlet-xml-works?).
In this community we encourage *people* to *help* each other and ask
questions freely. "People" and "help" are the keywords here, your
posts seem generated by a bot/script and are *not* helpful . I have
seen you doing the same thing on other open source project mailing
lists, would you please be so kind as to spare us your
seemingly-random-generated-spam? You are confusing users and adding
noise to the mailing list.
And no, I can't just ignore you because your rants do confuse users
which form the community that we, as struts developers try to help,
and spend our free time supporting.
musachy
On Mon, Aug 24, 2009 at 8:46 AM, Martin Gainty<mg...@hotmail.com> wrote:
>
> xwork supplies a ParameterFilterInterceptor
> <interceptors>
> <interceptor name="parameterFilter" class="com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor"/>
>
> i dont see any security considerations here for HDIV-SP1?
> could you explain which security features/functions would be provided by HDIV-SP1?
>
> would HDIV-SP1 be supported by either Freemarker or Velocity template languages?
>
> how would existing struts tags incorporate this 'additional' functionality..presumable thru an additional attribute?
>
> controller:
> <bean class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping"/>
>
> <!-- Most controllers will use the ControllerClassNameHandlerMapping above, but
> for the index controller we are using ParameterizableViewController, so we must define an explicit mapping for it. -->
> <!-- The index controller. -->
>
> <bean name="indexController"
>
> class="org.springframework.web.servlet.mvc.ParameterizableViewController"
>
> p:viewName="index" />
>
> <bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
> <property name="mappings">
> <props>
> <prop key="/index.htm">indexController</prop>
> </props>
> </property>
> </bean>
>
> what additional controller functionality would HDIV-SP1 provide which is not already provided by spring ParameterizableViewController
> ?
> thanks,
> Martin Gainty
> ______________________________________________
> Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
>
> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
> Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
>
>
>
>
>> From: kamleshkoringa@gmail.com
>> Date: Mon, 24 Aug 2009 16:22:41 +0530
>> Subject: Struts Security
>> To: user@struts.apache.org
>>
>> I want to integrate Struts2 (2.1.6) with HDIV using SPI ( ProcessingParamter
>> Integaration) define in link below.
>> http://wiki.apache.org/struts/HDIV
>>
>> Is there any source or help avaliable for that. In this link there is
>> integration for Struts 1.3.8. and web application is not downloaded properly
>> given in link. Can any one provides Sample application of Struts2 + HDIV
>> using SPI.
>>
>>
>>
>> --
>> --------------------------
>> Kamlesh Koringa
>
> _________________________________________________________________
> Windows Live: Make it easier for your friends to see what you’re up to on Facebook.
> http://windowslive.com/Campaign/SocialNetworking?ocid=PID23285::T:WLMTAGL:ON:WL:en-US:SI_SB_facebook:082009
--
"Hey you! Would you help me to carry the stone?" Pink Floyd
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
RE: Struts Security
Posted by Martin Gainty <mg...@hotmail.com>.
xwork supplies a ParameterFilterInterceptor
<interceptors>
<interceptor name="parameterFilter" class="com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor"/>
i dont see any security considerations here for HDIV-SP1?
could you explain which security features/functions would be provided by HDIV-SP1?
would HDIV-SP1 be supported by either Freemarker or Velocity template languages?
how would existing struts tags incorporate this 'additional' functionality..presumable thru an additional attribute?
controller:
<bean class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping"/>
<!-- Most controllers will use the ControllerClassNameHandlerMapping above, but
for the index controller we are using ParameterizableViewController, so we must define an explicit mapping for it. -->
<!-- The index controller. -->
<bean name="indexController"
class="org.springframework.web.servlet.mvc.ParameterizableViewController"
p:viewName="index" />
<bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/index.htm">indexController</prop>
</props>
</property>
</bean>
what additional controller functionality would HDIV-SP1 provide which is not already provided by spring ParameterizableViewController
?
thanks,
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> From: kamleshkoringa@gmail.com
> Date: Mon, 24 Aug 2009 16:22:41 +0530
> Subject: Struts Security
> To: user@struts.apache.org
>
> I want to integrate Struts2 (2.1.6) with HDIV using SPI ( ProcessingParamter
> Integaration) define in link below.
> http://wiki.apache.org/struts/HDIV
>
> Is there any source or help avaliable for that. In this link there is
> integration for Struts 1.3.8. and web application is not downloaded properly
> given in link. Can any one provides Sample application of Struts2 + HDIV
> using SPI.
>
>
>
> --
> --------------------------
> Kamlesh Koringa
_________________________________________________________________
Windows Live: Make it easier for your friends to see what you’re up to on Facebook.
http://windowslive.com/Campaign/SocialNetworking?ocid=PID23285::T:WLMTAGL:ON:WL:en-US:SI_SB_facebook:082009