You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Security Management <li...@secmgmt.com> on 2009/03/12 18:41:56 UTC
Convention for keeping passwords out of struts.xml
What's the general convention for keeping database settings out of
struts.xml? I have an app that will be sent to people that already have a
database setup, and they need to specify the hostname, username, etc. I
need ideas on how to store this outside of the war that I send.
Can anyone help, I can't find much on the web (but I might just be missing
the search terms)
Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Do all actions in an action class (struts 2.1) have to inherit
definitions from the same package?
Posted by mu...@aol.com.
Thanks for clarifying.
Chris
-----Original Message-----
From: Musachy Barroso <mu...@gmail.com>
To: Struts Users Mailing List <us...@struts.apache.org>
Sent: Fri, 13 Mar 2009 10:44 pm
Subject: Re: Do all actions in an action class (struts 2.1) have to inherit definitions from the same package?
yes
On Fri, Mar 13, 2009 at 4:53 AM, <mu...@aol.com> wrote:
>
> Question on design intent: I noticed that the @Action annotation does not have
attributes for a parent namespace so if you have multiple actions in the same
class you only have the @ParentPackage class level annotation to indicate the
location of definitions for custom inteceptors, results etc. Is it part of the
design?that colocation of action methods in the same action class implies they
are in the same package?
> Cheers
> Chris
>
>
--
"Hey you! Would you help me to carry the stone?" Pink Floyd
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Do all actions in an action class (struts 2.1) have to inherit
definitions from the same package?
Posted by Musachy Barroso <mu...@gmail.com>.
yes
On Fri, Mar 13, 2009 at 4:53 AM, <mu...@aol.com> wrote:
>
> Question on design intent: I noticed that the @Action annotation does not have attributes for a parent namespace so if you have multiple actions in the same class you only have the @ParentPackage class level annotation to indicate the location of definitions for custom inteceptors, results etc. Is it part of the design?that colocation of action methods in the same action class implies they are in the same package?
> Cheers
> Chris
>
>
--
"Hey you! Would you help me to carry the stone?" Pink Floyd
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Do all actions in an action class (struts 2.1) have to inherit definitions
from the same package?
Posted by mu...@aol.com.
Question on design intent: I noticed that the @Action annotation does not have attributes for a parent namespace so if you have multiple actions in the same class you only have the @ParentPackage class level annotation to indicate the location of definitions for custom inteceptors, results etc. Is it part of the design?that colocation of action methods in the same action class implies they are in the same package?
Cheers
Chris
RE: Convention for keeping passwords out of struts.xml
Posted by Security Management <li...@secmgmt.com>.
I'll look up the spring way to do it, I was incorrectly thinking my stuff
was in struts.xml, but it's in applicationContext (which is, of course,
spring).
Thanks
-----Original Message-----
From: Dave Newton [mailto:newton.dave@yahoo.com]
Sent: Thursday, March 12, 2009 2:57 PM
To: Struts Users Mailing List
Subject: Re: Convention for keeping passwords out of struts.xml
Jim Kiley wrote:
> Dave's right -- a good choice here is to keep that kind of data in a
server
> settings config file, and set up your application to pull the database
> context info out of the JNDI context. Check out
> http://tomcat.apache.org/tomcat-5.5-doc/index.html
> <http://tomcat.apache.org/tomcat-5.5-doc/index.html>for
> details on this sort of thing.
I'm with Jim. But that aside you can also use Spring's
property-placeholder (or whatever it's called) to keep passwords in a
property file, the values of which are then referenced inside the Spring
config file.
This seems more like a Spring-ish topic, though.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Convention for keeping passwords out of struts.xml
Posted by Dave Newton <ne...@yahoo.com>.
Jim Kiley wrote:
> Dave's right -- a good choice here is to keep that kind of data in a server
> settings config file, and set up your application to pull the database
> context info out of the JNDI context. Check out
> http://tomcat.apache.org/tomcat-5.5-doc/index.html
> <http://tomcat.apache.org/tomcat-5.5-doc/index.html>for
> details on this sort of thing.
I'm with Jim. But that aside you can also use Spring's
property-placeholder (or whatever it's called) to keep passwords in a
property file, the values of which are then referenced inside the Spring
config file.
This seems more like a Spring-ish topic, though.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Convention for keeping passwords out of struts.xml
Posted by Jim Kiley <jh...@summa-tech.com>.
Dave's right -- a good choice here is to keep that kind of data in a server
settings config file, and set up your application to pull the database
context info out of the JNDI context. Check out
http://tomcat.apache.org/tomcat-5.5-doc/index.html
<http://tomcat.apache.org/tomcat-5.5-doc/index.html>for
details on this sort of thing.
jk
On Thu, Mar 12, 2009 at 2:50 PM, Security Management <
list-subscriptions@secmgmt.com> wrote:
> OK, my bad, I meant out of the applicationContext.xml
>
> I basically want to be able to tell someone to deploy a war file, edit a
> file outside of the "webroot" that has the settings in it, and startup
> tomcat.
>
> Then, my app would load that properties file and make the connection.
>
>
>
> -----Original Message-----
> From: Dave Newton [mailto:newton.dave@yahoo.com]
> Sent: Thursday, March 12, 2009 2:40 PM
> To: Struts Users Mailing List
> Subject: Re: Convention for keeping passwords out of struts.xml
>
> Security Management wrote:
> > What's the convention for keeping database settings out of struts.xml?
>
> Hmm, I guess I never even considered putting them in there.
>
> JNDI, Spring, and property files are the obvious choices, most DB
> technologies support creating a datasource in their own config as well.
>
> Dave
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
--
Jim Kiley
Senior Technical Consultant | Summa
[p] 412.258.3346
http://www.summa-tech.com
RE: Convention for keeping passwords out of struts.xml
Posted by Security Management <li...@secmgmt.com>.
OK, my bad, I meant out of the applicationContext.xml
I basically want to be able to tell someone to deploy a war file, edit a
file outside of the "webroot" that has the settings in it, and startup
tomcat.
Then, my app would load that properties file and make the connection.
-----Original Message-----
From: Dave Newton [mailto:newton.dave@yahoo.com]
Sent: Thursday, March 12, 2009 2:40 PM
To: Struts Users Mailing List
Subject: Re: Convention for keeping passwords out of struts.xml
Security Management wrote:
> What's the convention for keeping database settings out of struts.xml?
Hmm, I guess I never even considered putting them in there.
JNDI, Spring, and property files are the obvious choices, most DB
technologies support creating a datasource in their own config as well.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Convention for keeping passwords out of struts.xml
Posted by Dave Newton <ne...@yahoo.com>.
Security Management wrote:
> What's the convention for keeping database settings out of struts.xml?
Hmm, I guess I never even considered putting them in there.
JNDI, Spring, and property files are the obvious choices, most DB
technologies support creating a datasource in their own config as well.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org