Error messages for Security Forms hard coded

[Mehdi Bennani <mb...@freebalance.com>]

Hey Folks, 

 

We have implemented our UserManagement, groupManagement and
roleManagement security classes as per the jetpseed interfaces provided.
It is all working fine, except that the messages returned when there is
any failure are all hard-coded and coming from the SecurityConstants
class string array. This poses a problem, not only for localization but
also prevents us from displaying the right message to the user.  

Example: if the admin tries to create a user with an invalid email
address according to some password policy, we would like to inform the
admin: "Error: password not conform to policy XYZ...". But instead we
get the generic: "Invalid Entity Name. Please enter a valid entity
name."

 

Are you thinking of changing that in the future? And, in the meantime,
is there a way to access the context from our UserManagement class and
put in the right message? Something like:

context.put(SecurityConstants.PARAM_MSG, "Error: password not conform to
policy XYZ");

 

And would that be enough? Wouldn't that context value be overwritten
afterwards from the Security Action class?

 

 

Thank you a bunch,

Mehdi--

 

Re: Error messages for Security Forms hard coded

[David Sean Taylor <da...@bluesunrise.com>]

Mehdi Bennani wrote:
> Hey Folks, 
> 
>  
> 
> We have implemented our UserManagement, groupManagement and
> roleManagement security classes as per the jetpseed interfaces provided.
> It is all working fine, except that the messages returned when there is
> any failure are all hard-coded and coming from the SecurityConstants
> class string array. This poses a problem, not only for localization but
> also prevents us from displaying the right message to the user.  
> 
> Example: if the admin tries to create a user with an invalid email
> address according to some password policy, we would like to inform the
> admin: "Error: password not conform to policy XYZ...". But instead we
> get the generic: "Invalid Entity Name. Please enter a valid entity
> name."
> 

A patch using Java localized resources files would be very welcome!
There are examples of this in the Jetspeed-2 cvs
See for example

http://cvs.apache.org/viewcvs.cgi/jakarta-jetspeed-2/applications/security/src/java/org/apache/jetspeed/portlets/security/resources/

-- 
David Sean Taylor
Bluesunrise Software
david@bluesunrise.com
[office] +01 707 773-4646
[mobile] +01 707 529 9194

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

Re: Error messages for Security Forms hard coded

[Dan Moore <mo...@yahoo.com>]

Hi,

One other solution:

1. modify the SecurityConstants class to have only keys
(ERROR_MESSAGE_1, ERROR_MESSAGE_EMAIL_INVALID) in it,

and

2. find where the errors were ouptput (in which velocity/jsp template)
and wrap them with a call to the l10n tool.

This way, you can just put whatever error messages you want in a bundle
with the appropriate key.

If you were willing to live with the text in the SecurityConstants
class as your key, you wouldn't need to do step 1, but I'm not sure how
java handles keys with spaces and other special characters in them.

This wouldn't handle, however, the case where the Security class
returns the incorrect (too general) error message.  Not sure how to
handle that.

Dan

--- Mehdi Bennani <mb...@freebalance.com> wrote:

> Hey Folks, 
> 
>  
> 
> We have implemented our UserManagement, groupManagement and
> roleManagement security classes as per the jetpseed interfaces
> provided.
> It is all working fine, except that the messages returned when there
> is
> any failure are all hard-coded and coming from the SecurityConstants
> class string array. This poses a problem, not only for localization
> but
> also prevents us from displaying the right message to the user.  
> 
> Example: if the admin tries to create a user with an invalid email
> address according to some password policy, we would like to inform
> the
> admin: "Error: password not conform to policy XYZ...". But instead we
> get the generic: "Invalid Entity Name. Please enter a valid entity
> name."
> 
>  
> 
> Are you thinking of changing that in the future? And, in the
> meantime,
> is there a way to access the context from our UserManagement class
> and
> put in the right message? Something like:
> 
> context.put(SecurityConstants.PARAM_MSG, "Error: password not conform
> to
> policy XYZ");
> 
>  
> 
> And would that be enough? Wouldn't that context value be overwritten
> afterwards from the Security Action class?
> 
>  
> 
>  
> 
> Thank you a bunch,
> 
> Mehdi--
> 
>  
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org