Proposal: Page Scope

classic Classic list List threaded Threaded
24 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Proposal: Page Scope

YEE CHUT NGEOW
Hi guys,

I like to make a proposal - for making the rendered page an additional scope
where we can store objects. The objects can be serialized into an encrypted
block in a hidden textbox. On postback the encrypted block will be deserialized
and bind back to the original variables.

We can add an annotation for this:

@PageScope
private Customer customer;

I get my idea from VIEWSTATE mechanism of ASP.NET. This is basically the only
thing I missed about ASP.NET.

Currently I have been using a fair bit of <stripes:hidden> for achieving the
effect. It is simply too sloppy.

What do you guys think?

Cheers,
Chut


7th years into stripes and counting...


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

Morten Matras-3
The idea is brilliant. I could use it too.

Regards

Morten Matras

2012/4/3 Chut Yee <[hidden email]>
Hi guys,

I like to make a proposal - for making the rendered page an additional scope
where we can store objects. The objects can be serialized into an encrypted
block in a hidden textbox. On postback the encrypted block will be deserialized
and bind back to the original variables.

We can add an annotation for this:

@PageScope
private Customer customer;

I get my idea from VIEWSTATE mechanism of ASP.NET. This is basically the only
thing I missed about ASP.NET.

Currently I have been using a fair bit of <stripes:hidden> for achieving the
effect. It is simply too sloppy.

What do you guys think?

Cheers,
Chut


7th years into stripes and counting...


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users



--

Morten Matras
Phone: +45 36 96 07 06
Skype: mortena


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

Iwao AVE!
In reply to this post by YEE CHUT NGEOW
Hi,

Here's an alternative solution using a custom Formatter/TypeConverter.

public abstract class XMLTypeConverter<T> implements TypeConverter<T>,
Formatter<T> {
  public String format(T input) {
    ByteArrayOutputStream out = new ByteArrayOutputStream();
    XMLEncoder encoder = new XMLEncoder(out);
    encoder.writeObject(input);
    encoder.close();
    return CryptoUtil.encrypt(out.toString());
  }

  public T convert(String input, Class<? extends T> targetType,
    Collection<ValidationError> errors) {
    ByteArrayInputStream in = new
ByteArrayInputStream(CryptoUtil.decrypt(input).getBytes());
    XMLDecoder decoder = new XMLDecoder(in);
    @SuppressWarnings("unchecked")
    T obj = (T)decoder.readObject();
    decoder.close();
    return obj;
  }

  // Other methods can be left empty.
}

For object you want to store on a page, create a subclass of
XMLTypeConverter and put it into the extension package.
Here's the one for Customer, for example.

public class CustomerTypeConverter
  extends XMLTypeConverter<Customer>
  implements Formatter<Customer>, TypeConverter<Customer> {}

Assuming an ActionBean has a field 'customer' of type Customer, just
write a hidden tag on the JSP.

<stripes:hidden name="customer" />

The Formatter encodes the customer object to an encrypted string when
the tag is rendered.
And when the form is submitted, the TypeConverter decodes the string
back into a Customer object.

In the actual solution, JSON might be a better alternative to XML
because the output string is smaller.

To all:
It might be useful to add a 'formatter' property to InputTagSupport so
that we can specify non-global formatter for a particular input tag
(like 'converter' in @Validate).
Was there a discussion about this before?

Regards,
Iwao

2012/4/3 Chut Yee <[hidden email]>:

> Hi guys,
>
> I like to make a proposal - for making the rendered page an additional scope
> where we can store objects. The objects can be serialized into an encrypted
> block in a hidden textbox. On postback the encrypted block will be deserialized
> and bind back to the original variables.
>
> We can add an annotation for this:
>
> @PageScope
> private Customer customer;
>
> I get my idea from VIEWSTATE mechanism of ASP.NET. This is basically the only
> thing I missed about ASP.NET.
>
> Currently I have been using a fair bit of <stripes:hidden> for achieving the
> effect. It is simply too sloppy.
>
> What do you guys think?
>
> Cheers,
> Chut
>
>
> 7th years into stripes and counting...
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> Stripes-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/stripes-users

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

Mike McNally-3
In reply to this post by Morten Matras-3
I think there are some security issues with this, potentially. How is
this better than simply keeping things in the session?

On Tue, Apr 3, 2012 at 1:54 AM, Morten Matras <[hidden email]> wrote:

> The idea is brilliant. I could use it too.
>
> Regards
>
> Morten Matras
> CEO: http://LeadDoubler.com
>
> 2012/4/3 Chut Yee <[hidden email]>
>>
>> Hi guys,
>>
>> I like to make a proposal - for making the rendered page an additional
>> scope
>> where we can store objects. The objects can be serialized into an
>> encrypted
>> block in a hidden textbox. On postback the encrypted block will be
>> deserialized
>> and bind back to the original variables.
>>
>> We can add an annotation for this:
>>
>> @PageScope
>> private Customer customer;
>>
>> I get my idea from VIEWSTATE mechanism of ASP.NET. This is basically the
>> only
>> thing I missed about ASP.NET.
>>
>> Currently I have been using a fair bit of <stripes:hidden> for achieving
>> the
>> effect. It is simply too sloppy.
>>
>> What do you guys think?
>>
>> Cheers,
>> Chut
>>
>>
>> 7th years into stripes and counting...
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Better than sec? Nothing is better than sec when it comes to
>> monitoring Big Data applications. Try Boundary one-second
>> resolution app monitoring today. Free.
>> http://p.sf.net/sfu/Boundary-dev2dev
>> _______________________________________________
>> Stripes-users mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
>
>
> --
>
> Morten Matras
> CEO - Leaddoubler.com
> Phone: +45 36 96 07 06
> Skype: mortena
> http://twitter.com/#!/LeadDoubler
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> Stripes-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>



--
Turtle, turtle, on the ground,
Pink and shiny, turn around.

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

YEE CHUT NGEOW

Hi Mike,

Below are a couple of reasons:
1) I want to keep the session small.
2) If the user opens more than one browser windows/tabs working on the same
page, they will interfere with each other if objects are stored in session.

Regarding security issue - encryption will handle it. Even currently Stripes is
already writing some state variables to the browser in encrypted form.

Regards,
Chut




------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

Rick Grashel
I'm not sure how this would be done.  It would seem that a lot of potential conflicts or clashes could occur with current functionality.  In the example:

@PageScope
private Customer customer;

This would presume that something is stored in the form itself and submitted on postback.  Something like this probably:

<input type="hidden" name="customer" value="<some bunch of encrypted serialized hex>" />

Ok, good so far, but what if this is an edit screen for a customer?  So we have other fields on the screen like this:

<stripes:text name="customer.name"/>

On the final post, which one wins?  Does the serialized object bind first and then the individual fields bind/overwrite?  How would validation work?  Can they be required?  Should objects on the page be able to interact with this object?  ${viewState.customer}?  There's a lot of unanswered questions and potential issues.  Iwao actually has a decent starting point for a solution to this using a Formatter and TypeConverter -- I'm not sure much else would be necessary. 

I'm also trying to understand the reasons for this ask.  As for keeping the session small, you can still do that without having to resort to putting serialized objects in your pages.  In most cases, the session is merely used as a holder of objects for the lifecycle of the request/response.  As for someone opening more than one browser to the same page, if you use the request scope, I would think collisions would be prevented.  Or am I missing something here?

-- Rick


On Tue, Apr 3, 2012 at 7:26 AM, Chut Yee <[hidden email]> wrote:

Hi Mike,

Below are a couple of reasons:
1) I want to keep the session small.
2) If the user opens more than one browser windows/tabs working on the same
page, they will interfere with each other if objects are stored in session.

Regarding security issue - encryption will handle it. Even currently Stripes is
already writing some state variables to the browser in encrypted form.

Regards,
Chut




------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

YEE CHUT NGEOW
Hmm... I have not thought about the binding conflicts.

Think of it - maybe we can specify a rule that the page scope gets the binding
first, the come the bindings from the parameters.

Re the request scope - it is too short.
Persisting values in the browser is a all too common requirements. For example a
web page that view/edit a customer almost invariably has something like:

<stripes:hidden name="customerId" value="${actionBean.customerId}" />

I still think having the browser scope is a nice idea.

Cheers,
Chut



------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

Poitras Christian
In reply to this post by Rick Grashel

Hi,

 

For binding Stripes always binds shortest parameters first.

So if you have these two bindings:

<stripes:hidden name=”customer”/>

<stripes:hidden name=”customer.name”/>

“customer” will always be bound before “customer.name”.

 

This makes sense to me.

 

Christian

 

De : Rick Grashel [mailto:[hidden email]]
Envoyé : April-03-12 8:52 AM
À : Stripes Users List
Objet : Re: [Stripes-users] Proposal: Page Scope

 

I'm not sure how this would be done.  It would seem that a lot of potential conflicts or clashes could occur with current functionality.  In the example:

@PageScope
private Customer customer;

This would presume that something is stored in the form itself and submitted on postback.  Something like this probably:

<input type="hidden" name="customer" value="<some bunch of encrypted serialized hex>" />

Ok, good so far, but what if this is an edit screen for a customer?  So we have other fields on the screen like this:

<stripes:text name="customer.name"/>

On the final post, which one wins?  Does the serialized object bind first and then the individual fields bind/overwrite?  How would validation work?  Can they be required?  Should objects on the page be able to interact with this object?  ${viewState.customer}?  There's a lot of unanswered questions and potential issues.  Iwao actually has a decent starting point for a solution to this using a Formatter and TypeConverter -- I'm not sure much else would be necessary. 

I'm also trying to understand the reasons for this ask.  As for keeping the session small, you can still do that without having to resort to putting serialized objects in your pages.  In most cases, the session is merely used as a holder of objects for the lifecycle of the request/response.  As for someone opening more than one browser to the same page, if you use the request scope, I would think collisions would be prevented.  Or am I missing something here?

-- Rick

On Tue, Apr 3, 2012 at 7:26 AM, Chut Yee <[hidden email]> wrote:


Hi Mike,

Below are a couple of reasons:
1) I want to keep the session small.
2) If the user opens more than one browser windows/tabs working on the same
page, they will interfere with each other if objects are stored in session.

Regarding security issue - encryption will handle it. Even currently Stripes is
already writing some state variables to the browser in encrypted form.

Regards,
Chut





------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users

 


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

Mike McNally-3
Maybe a simple way to get functionality like this would be to have a
way to annotate action bean properties (and sub-properties) such that
an <s:form> tag would implicitly introduce <s:hidden> inputs to map to
those properties.

There'd have to be some way for the <s:form> to know which bean
properties to pay attention to, which would be a little messy.


On Tue, Apr 3, 2012 at 8:51 AM, Poitras Christian
<[hidden email]> wrote:

> Hi,
>
>
>
> For binding Stripes always binds shortest parameters first.
>
> So if you have these two bindings:
>
> <stripes:hidden name=”customer”/>
>
> <stripes:hidden name=”customer.name”/>
>
> “customer” will always be bound before “customer.name”.
>
>
>
> This makes sense to me.
>
>
>
> Christian
>
>
>
> De : Rick Grashel [mailto:[hidden email]]
> Envoyé : April-03-12 8:52 AM
> À : Stripes Users List
> Objet : Re: [Stripes-users] Proposal: Page Scope
>
>
>
> I'm not sure how this would be done.  It would seem that a lot of potential
> conflicts or clashes could occur with current functionality.  In the
> example:
>
> @PageScope
> private Customer customer;
>
> This would presume that something is stored in the form itself and submitted
> on postback.  Something like this probably:
>
> <input type="hidden" name="customer" value="<some bunch of encrypted
> serialized hex>" />
>
> Ok, good so far, but what if this is an edit screen for a customer?  So we
> have other fields on the screen like this:
>
> <stripes:text name="customer.name"/>
>
> On the final post, which one wins?  Does the serialized object bind first
> and then the individual fields bind/overwrite?  How would validation work?
> Can they be required?  Should objects on the page be able to interact with
> this object?  ${viewState.customer}?  There's a lot of unanswered questions
> and potential issues.  Iwao actually has a decent starting point for a
> solution to this using a Formatter and TypeConverter -- I'm not sure much
> else would be necessary.
>
> I'm also trying to understand the reasons for this ask.  As for keeping the
> session small, you can still do that without having to resort to putting
> serialized objects in your pages.  In most cases, the session is merely used
> as a holder of objects for the lifecycle of the request/response.  As for
> someone opening more than one browser to the same page, if you use the
> request scope, I would think collisions would be prevented.  Or am I missing
> something here?
>
> -- Rick
>
> On Tue, Apr 3, 2012 at 7:26 AM, Chut Yee <[hidden email]> wrote:
>
>
> Hi Mike,
>
> Below are a couple of reasons:
> 1) I want to keep the session small.
> 2) If the user opens more than one browser windows/tabs working on the same
> page, they will interfere with each other if objects are stored in session.
>
> Regarding security issue - encryption will handle it. Even currently Stripes
> is
> already writing some state variables to the browser in encrypted form.
>
> Regards,
> Chut
>
>
>
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> Stripes-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> Stripes-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>



--
Turtle, turtle, on the ground,
Pink and shiny, turn around.

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

W. Hartung

On Apr 3, 2012, at 6:56 AM, Mike McNally wrote:

> Maybe a simple way to get functionality like this would be to have a
> way to annotate action bean properties (and sub-properties) such that
> an <s:form> tag would implicitly introduce <s:hidden> inputs to map to
> those properties.
>
> There'd have to be some way for the <s:form> to know which bean
> properties to pay attention to, which would be a little messy.

Iwaos idea is a good interim step, and shows how far you can go with the toolset in place. I'd probably just serialize and compress the data than XML encode it, but that's simply a matter of taste.

If this were a first class concept, the PageScoped state would have the special characteristic of binding first, then everything else would bind later. This is likely more what folks want anyway. Bind to the old values, and then stomp on them with the new values.

I wouldn't put much effort in to "which fields to bind", as it does complicate things. Since the user has control over what it scoped at all, (rather than "everything"), I think that gives enough flexibility to the developers without putting an undo burden on the PageScope logic. If you as a developer don't want something save, then set the fields to null or 0 before you save out.

There would need to be a change to the s:form tag to automatically populate this field, or optionally not populate it depending on how you want to go. I'd also limit this to only POSTs, just to ensure that it doesn't force its way into a GET and end up on the URL.

Or there could be the addition of a new tag solely to place the state data.

If you're willing to do some manual lifting and add your own <input type="hidden" name="_pageScope"/>, then this can probably be completely done as an add on with some interceptors, with no change at all to stock stripes. Make it a StripesStuff feature.

I think if the community was able to pony up a working implementation via StripesStuff, the maintainer would be more likely to roll it in to a later distribution than simply waiting around for them to implement this out of whole cloth. It will give the design some more thought, and some real world testing by folks who would actually use the feature in the wild rather than some contrived use cases and unit tests made up by someone who, at the moment, has no use for it.

Using Iwaos initial example as a starting point and looking at SessionScoped should give a lot of insight in to how this could be done without having to be an expert on Stripes and its inner workings, making it likely an intermediate task for someone interested in showing a sample implementation.

Regards,

Will Hartung


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

YEE CHUT NGEOW
Thanks Will Hartung for providing some some very sensible ideas. I think
something like this should work:

(1) Add an annotation org.stripestuff.pagescope.PageScope

(2) Page Rendering - interceptor at After EventHandling.
- Collects the fields annotated with @PageScope into a Map.
- Serialize the Map, encrypt it, and adds it to a Request attribute _pageScope.

(3) The JSP page. Adds a hidden field:
  <stripes:form .....>
    <stripes:hidden name="_pageScope" value="${_pageScope}"
  </stripes:form>

(4) Form postback - interceptor at Before BindingAndValidation
- decrypt _pageScope, and marshal the serialized map.
- Loop through the @PageScope annoted variable in action bean, and try to locate
an object in the Map.


Any comments?

My work schedule mandates I can only squeeze time during weekends - and I am
going away for the next 3 weekends! Anybody like to volunteer?

Best regards,
Chut


------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

samaxes
Hi all,

I find that the name @PageScope can be easily confused with JSP pageScope[1], which is very different from what we are trying to do here.
Can you think of a better name for this?

[1] http://docs.oracle.com/javaee/5/tutorial/doc/bnahq.html#bnaij

Cheers,

--
Samuel Santos
http://www.samaxes.com/


On Sun, Apr 8, 2012 at 4:18 PM, Chut Yee <[hidden email]> wrote:
Thanks Will Hartung for providing some some very sensible ideas. I think
something like this should work:

(1) Add an annotation org.stripestuff.pagescope.PageScope

(2) Page Rendering - interceptor at After EventHandling.
- Collects the fields annotated with @PageScope into a Map.
- Serialize the Map, encrypt it, and adds it to a Request attribute _pageScope.

(3) The JSP page. Adds a hidden field:
 <stripes:form .....>
   <stripes:hidden name="_pageScope" value="${_pageScope}"
 </stripes:form>

(4) Form postback - interceptor at Before BindingAndValidation
- decrypt _pageScope, and marshal the serialized map.
- Loop through the @PageScope annoted variable in action bean, and try to locate
an object in the Map.


Any comments?

My work schedule mandates I can only squeeze time during weekends - and I am
going away for the next 3 weekends! Anybody like to volunteer?

Best regards,
Chut


------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users


------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2

_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

YEE CHUT NGEOW
Does anybody has a better name for the annotation?

A question - there is a encryptionKey configured in stripes filter.

        <!-- A very long, and very random key for encrypting data sent to the client -->
        <init-param>
            <param-name>Stripes.EncryptionKey</param-name>
            <param-value>MyKey</param-value>
        </init-param>

Is it possible to get hold of this key?

Best regards,
Chut



------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

Erik Remmelzwaal-2


2012/4/9 Chut Yee <[hidden email]>

A question - there is a encryptionKey configured in stripes filter.

       <!-- A very long, and very random key for encrypting data sent to the client -->
       <init-param>
           <param-name>Stripes.EncryptionKey</param-name>
           <param-value>MyKey</param-value>
       </init-param>

Is it possible to get hold of this key?

Best regards,
Chut

Replace 'MyKey' with yours. It is private to the deployment of your stripes installation. So a client can not inject/replace data-references with other values.

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2

_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

YEE CHUT NGEOW
In reply to this post by YEE CHUT NGEOW
Hi,

I got start, but ran into a problem. In the code below the line

    Object actionBean = context.getActionBean();

always gives DefaultViewActionBean - not my action bean. Can someone help?

Thanks
Chut

---------------------------------------------------------


@Intercepts({LifecycleStage.ActionBeanResolution, LifecycleStage.EventHandling})
public class PageScopeInterceptor implements Interceptor
{
        private static final String PAGE_SCOPE_KEY = "_pageScope";
       
        public Resolution intercept(ExecutionContext context) throws Exception
        {
                Resolution resolution = context.proceed();

                // Restores values from session.
                if (LifecycleStage.ActionBeanResolution.equals(context.getLifecycleStage())) {
                        bindPageScopeFields(context);
                }

                if (LifecycleStage.EventHandling.equals(context.getLifecycleStage())) {
                        serializePageScopeFields(context);
                }

                return resolution;
        }

        private void serializePageScopeFields(ExecutionContext context)
                        throws IllegalArgumentException, IllegalAccessException, IOException
        {
                HashMap<String, Object> map = new HashMap<String, Object>(5);

                Object actionBean = context.getActionBean();

                for (Field field : actionBean.getClass().getDeclaredFields()) {
                        // check if field has annotation
                        if (field.getAnnotation(PageScope.class) != null) {
                                field.setAccessible(true);
                                map.put(field.getName(), field.get(actionBean));
                        }
                }

                String _pageScope = toString(map);
                context.getActionBeanContext().getRequest().setAttribute(PAGE_SCOPE_KEY,
_pageScope);
        }

        private void bindPageScopeFields(ExecutionContext context)
                        throws IllegalArgumentException, IllegalAccessException, IOException,
ClassNotFoundException
        {
                String pageScope =
context.getActionBeanContext().getRequest().getParameter(PAGE_SCOPE_KEY);
               
                if (pageScope == null)
                        return;
               
                @SuppressWarnings("unchecked")
                HashMap<String, Object> map = (HashMap<String, Object>) fromString(pageScope);

                Object actionBean = context.getActionBean();
                for (Field field : actionBean.getClass().getDeclaredFields()) {
                        // check if field has annotation
                        if (field.getAnnotation(PageScope.class) != null) {
                                if (map.get(field.getName()) != null) {
                                        field.setAccessible(true);
                                        field.set(actionBean, map.get(field.getName()));
                                }
                        }
                }
        }



------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

YEE CHUT NGEOW
Chut Yee <yeechut@...> writes:

>
> Hi,
>
> I got start, but ran into a problem. In the code below the line
>
>     Object actionBean = context.getActionBean();
>
> always gives DefaultViewActionBean - not my action bean. Can someone help?
>
> Thanks
> Chut
>
It turned out that I supplied the wrong path for ActionBeanContext in web.xml.

It looks like the implementation is working OK.

Does anybody wants to test it out? Email me at yeechut at gmail.com I will send
you the package.

How do I get it incorporated in stripesstuff?

Cheers,
Chut


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

YEE CHUT NGEOW
Another question:
I would like use the Stripes.EncryptionKey configured in StripesFilter to do
encryption. It is possible to get hold of it?

Or - what is the best way to specify an encryption key at runtime? A property
file seems to be an overkill here.

Thanks,
Chut


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Proposal: Page Scope

Ben Gunter
You can call CryptoUtil.encrypt(..) to encrypt and encode a string. Likewise, you can use CryptoUtil.decrypt(..) to decode and decrypt an encrypted value.

http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/util/CryptoUtil.html

On Tue, Apr 10, 2012 at 11:58 AM, Chut Yee <[hidden email]> wrote:
Another question:
I would like use the Stripes.EncryptionKey configured in StripesFilter to do
encryption. It is possible to get hold of it?

Or - what is the best way to specify an encryption key at runtime? A property
file seems to be an overkill here.

Thanks,
Chut


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Page Scope - Implementation

YEE CHUT NGEOW
In reply to this post by YEE CHUT NGEOW
Here it is. I think the name BrowserScope is better. What do you think?

----------------------------------------------------------
package org.stripesstuff.plugin.pagescope;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
 * For annotating fields in ActionBean for persisting to the web browser.
 *
 * @see PageScopeInterceptor
 *
 * @author [hidden email]
 *
 */
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.FIELD)
public @interface PageScope {
}


----------------------------------------------------------
package org.stripesstuff.plugin.pagescope;

import java.lang.reflect.Field;
import java.util.HashMap;

import org.apache.log4j.Logger;

import net.sourceforge.stripes.action.Resolution;
import net.sourceforge.stripes.controller.ExecutionContext;
import net.sourceforge.stripes.controller.Interceptor;
import net.sourceforge.stripes.controller.Intercepts;
import net.sourceforge.stripes.controller.LifecycleStage;
import net.sourceforge.stripes.util.Base64;
import net.sourceforge.stripes.util.CryptoUtil;

/**
 * Persisting actionbean fields to the web browser:
 * <ul>
 * <li>After LifecycleStage.ActioBeanResolution - fields annotated with
 * {@link PageScope} will be restored from the _pageScope parameter</li>
 * <li>After LifecycleStage.EventHandling - fields annotated with
 * {@link PageScope} will be serialized into a request attribute named
 * _pageScope</li>
 * <li>JSP: adds a hidden field &ltinput type="hidden" name="_pageScope"
 * value="${_pageScope}" /&gt to form</li>
 * <ul>
 * <br/>
 *
 * @author [hidden email]
 *
 */
@Intercepts({LifecycleStage.ActionBeanResolution,
        LifecycleStage.EventHandling})
public class PageScopeInterceptor implements Interceptor
{
        private static final String PAGE_SCOPE_KEY = "_pageScope";

        private static final Logger logger = Logger
                        .getLogger(PageScopeInterceptor.class);

        public Resolution intercept(ExecutionContext context) throws Exception
        {
                Resolution resolution = context.proceed();

                // Restores annotated fields from _pageScope parameter
                if (LifecycleStage.ActionBeanResolution.equals(context
                                .getLifecycleStage())) {
                        bindPageScopeFields(context);
                }

                // serialise annotated fields into _pageScope parameter
                if (LifecycleStage.EventHandling.equals(context.getLifecycleStage())) {
                        serializePageScopeFields(context);
                }

                return resolution;
        }

        private void serializePageScopeFields(ExecutionContext context)
                        throws IllegalAccessException
        {
                HashMap<String, Object> map = new HashMap<String, Object>(5);
                collectPageScopeFields(context.getActionBean(), map);

                if (map.size() > 0) {
                        String pageScopeStr = CryptoUtil.encrypt(Base64.encodeObject(map));
                        logger.debug("pagescope length:" + pageScopeStr.length());

                        context.getActionBeanContext().getRequest()
                                        .setAttribute(PAGE_SCOPE_KEY, pageScopeStr);
                }
        }

        private void collectPageScopeFields(Object actionBean,
                        HashMap<String, Object> map) throws IllegalAccessException
        {
                Class<?> clazz = actionBean.getClass();
                while (clazz != null) {
                        for (Field field : clazz.getDeclaredFields()) {
                                // add field with PageScope annotation to map
                                if (field.getAnnotation(PageScope.class) != null) {
                                        field.setAccessible(true);
                                        if (field.get(actionBean) != null)
                                                map.put(field.getName(), field.get(actionBean));
                                }
                        }
                        clazz = clazz.getSuperclass();
                }
        }

        private void bindPageScopeFields(ExecutionContext context)
                        throws IllegalAccessException
        {
                String pageScopeStr = context.getActionBeanContext().getRequest()
                                .getParameter(PAGE_SCOPE_KEY);

                if (pageScopeStr == null)
                        return;

                pageScopeStr = CryptoUtil.decrypt(pageScopeStr);

                @SuppressWarnings("unchecked")
                HashMap<String, Object> map = (HashMap<String, Object>) Base64
                                .decodeToObject(pageScopeStr);

                bindPageScopeFields(context.getActionBean(), map);
        }

        private void bindPageScopeFields(Object actionBean,
                        HashMap<String, Object> map) throws IllegalAccessException
        {
                Class<?> clazz = actionBean.getClass();
                while (clazz != null) {
                        if (map.size() == 0)
                                break;
                        for (Field field : clazz.getDeclaredFields()) {
                                if (map.size() == 0)
                                        break;
                                // try to bind field with PageScope annotation from map
                                if (field.getAnnotation(PageScope.class) != null) {
                                        field.setAccessible(true);
                                        if (map.get(field.getName()) != null) {
                                                field.set(actionBean, map.get(field.getName()));
                                                // remove from map so that superclass fields of the same
                                                // name won't be bound
                                                map.remove(field.getName());
                                        }
                                }
                        }
                        clazz = clazz.getSuperclass();
                }
        }
}



------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Page Scope - Implementation

samaxes
Hi Chut,

If the goal is to mimic ASP.NET VIEWSTATE why not just call it @ViewState?
Sorry if I'm missing something.

Cheers,

--
Samuel Santos
http://www.samaxes.com/


On Thu, Apr 12, 2012 at 4:08 AM, Chut Yee <[hidden email]> wrote:
Here it is. I think the name BrowserScope is better. What do you think?

----------------------------------------------------------
package org.stripesstuff.plugin.pagescope;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
 * For annotating fields in ActionBean for persisting to the web browser.
 *
 * @see PageScopeInterceptor
 *
 * @author [hidden email]
 *
 */
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.FIELD)
public @interface PageScope {
}


----------------------------------------------------------
package org.stripesstuff.plugin.pagescope;

import java.lang.reflect.Field;
import java.util.HashMap;

import org.apache.log4j.Logger;

import net.sourceforge.stripes.action.Resolution;
import net.sourceforge.stripes.controller.ExecutionContext;
import net.sourceforge.stripes.controller.Interceptor;
import net.sourceforge.stripes.controller.Intercepts;
import net.sourceforge.stripes.controller.LifecycleStage;
import net.sourceforge.stripes.util.Base64;
import net.sourceforge.stripes.util.CryptoUtil;

/**
 * Persisting actionbean fields to the web browser:
 * <ul>
 * <li>After LifecycleStage.ActioBeanResolution - fields annotated with
 * {@link PageScope} will be restored from the _pageScope parameter</li>
 * <li>After LifecycleStage.EventHandling - fields annotated with
 * {@link PageScope} will be serialized into a request attribute named
 * _pageScope</li>
 * <li>JSP: adds a hidden field &ltinput type="hidden" name="_pageScope"
 * value="${_pageScope}" /&gt to form</li>
 * <ul>
 * <br/>
 *
 * @author [hidden email]
 *
 */
@Intercepts({LifecycleStage.ActionBeanResolution,
       LifecycleStage.EventHandling})
public class PageScopeInterceptor implements Interceptor
{
       private static final String PAGE_SCOPE_KEY = "_pageScope";

       private static final Logger logger = Logger
                       .getLogger(PageScopeInterceptor.class);

       public Resolution intercept(ExecutionContext context) throws Exception
       {
               Resolution resolution = context.proceed();

               // Restores annotated fields from _pageScope parameter
               if (LifecycleStage.ActionBeanResolution.equals(context
                               .getLifecycleStage())) {
                       bindPageScopeFields(context);
               }

               // serialise annotated fields into _pageScope parameter
               if (LifecycleStage.EventHandling.equals(context.getLifecycleStage())) {
                       serializePageScopeFields(context);
               }

               return resolution;
       }

       private void serializePageScopeFields(ExecutionContext context)
                       throws IllegalAccessException
       {
               HashMap<String, Object> map = new HashMap<String, Object>(5);
               collectPageScopeFields(context.getActionBean(), map);

               if (map.size() > 0) {
                       String pageScopeStr = CryptoUtil.encrypt(Base64.encodeObject(map));
                       logger.debug("pagescope length:" + pageScopeStr.length());

                       context.getActionBeanContext().getRequest()
                                       .setAttribute(PAGE_SCOPE_KEY, pageScopeStr);
               }
       }

       private void collectPageScopeFields(Object actionBean,
                       HashMap<String, Object> map) throws IllegalAccessException
       {
               Class<?> clazz = actionBean.getClass();
               while (clazz != null) {
                       for (Field field : clazz.getDeclaredFields()) {
                               // add field with PageScope annotation to map
                               if (field.getAnnotation(PageScope.class) != null) {
                                       field.setAccessible(true);
                                       if (field.get(actionBean) != null)
                                               map.put(field.getName(), field.get(actionBean));
                               }
                       }
                       clazz = clazz.getSuperclass();
               }
       }

       private void bindPageScopeFields(ExecutionContext context)
                       throws IllegalAccessException
       {
               String pageScopeStr = context.getActionBeanContext().getRequest()
                               .getParameter(PAGE_SCOPE_KEY);

               if (pageScopeStr == null)
                       return;

               pageScopeStr = CryptoUtil.decrypt(pageScopeStr);

               @SuppressWarnings("unchecked")
               HashMap<String, Object> map = (HashMap<String, Object>) Base64
                               .decodeToObject(pageScopeStr);

               bindPageScopeFields(context.getActionBean(), map);
       }

       private void bindPageScopeFields(Object actionBean,
                       HashMap<String, Object> map) throws IllegalAccessException
       {
               Class<?> clazz = actionBean.getClass();
               while (clazz != null) {
                       if (map.size() == 0)
                               break;
                       for (Field field : clazz.getDeclaredFields()) {
                               if (map.size() == 0)
                                       break;
                               // try to bind field with PageScope annotation from map
                               if (field.getAnnotation(PageScope.class) != null) {
                                       field.setAccessible(true);
                                       if (map.get(field.getName()) != null) {
                                               field.set(actionBean, map.get(field.getName()));
                                               // remove from map so that superclass fields of the same
                                               // name won't be bound
                                               map.remove(field.getName());
                                       }
                               }
                       }
                       clazz = clazz.getSuperclass();
               }
       }
}



------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users


------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
12