stripes 1.7

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

stripes 1.7

Joaquin Valdez-2
Hello!

Just curious if there is any news on the release of Stripes 1.7?  Or is there a feature list of Stripes 1.7.

Thanks,
Joaquin Valdez
[hidden email]


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: stripes 1.7

Nestor Hernandez
Hi I have a couple of features for the REST implementation that I can contribute for Stripes. For example, support for multiple providers ofJSON serializing and deserializing. You can check my Github fork of Stripes.
Thanks

El martes, 28 de marzo de 2017, Joaquin Valdez <[hidden email]> escribió:
Hello!

Just curious if there is any news on the release of Stripes 1.7?  Or is there a feature list of Stripes 1.7.

Thanks,
Joaquin Valdez
<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;joaquinfvaldez@gmail.com&#39;);" target="_blank">joaquinfvaldez@...


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: stripes 1.7

Daniil Sosonkin-2
In reply to this post by Joaquin Valdez-2

Working on extracting CSRF for Stripes from our internal project. May be useful to some - https://github.com/SirDaniil/StripesCSRF (I remember there was a thread about this some time ago).


On 3/28/2017 8:22 PM, Joaquin Valdez wrote:
Hello!

Just curious if there is any news on the release of Stripes 1.7?  Or is there a feature list of Stripes 1.7.

Thanks,
Joaquin Valdez
[hidden email]



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: stripes 1.7

Juan Pablo Santos Rodríguez
Hi,

AFAIK, big major changes are REST and async ActionBeans. Because of the latter ones, minimum servlet-api is 3.0. Don't know anything about 1.7 release, though.


br,
juan pablo

p.s.: couldn't resist, also an Stripes - Spring Boot integration at https://github.com/juanpablo-santos/stripes-spring-boot O:-)

On Thu, Mar 30, 2017 at 3:05 AM, Daniil S <[hidden email]> wrote:

Working on extracting CSRF for Stripes from our internal project. May be useful to some - https://github.com/SirDaniil/StripesCSRF (I remember there was a thread about this some time ago).


On 3/28/2017 8:22 PM, Joaquin Valdez wrote:
Hello!

Just curious if there is any news on the release of Stripes 1.7?  Or is there a feature list of Stripes 1.7.

Thanks,
Joaquin Valdez
[hidden email]



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: stripes 1.7

Nestor Hernandez
The Crsf integration is interesting: I have a couple of suggestions
  • It should not throw an generic IOException when Crsf fails, but a custom exception, maybe an CrsfValidationException
  • Prevent create new sessions with getRequest().getSession( false ). If there is no session it should throw the exception.
  • There's no need to introduce the interface CsrfProtected in order to get the current crsfToken. The crsfToken should be always in a request attribute for the user and the interceptor to use, something like JAX-RS MVC 1.0 does or even ASP.NET MVC does. Please check out http://www.agilejava.eu/2015/11/17/cool-security-feature-in-mvc-1-0/


2017-03-30 13:23 GMT-05:00 Juan Pablo Santos Rodríguez <[hidden email]>:
Hi,

AFAIK, big major changes are REST and async ActionBeans. Because of the latter ones, minimum servlet-api is 3.0. Don't know anything about 1.7 release, though.


br,
juan pablo

p.s.: couldn't resist, also an Stripes - Spring Boot integration at https://github.com/juanpablo-santos/stripes-spring-boot O:-)

On Thu, Mar 30, 2017 at 3:05 AM, Daniil S <[hidden email]> wrote:

Working on extracting CSRF for Stripes from our internal project. May be useful to some - https://github.com/SirDaniil/StripesCSRF (I remember there was a thread about this some time ago).


On 3/28/2017 8:22 PM, Joaquin Valdez wrote:
Hello!

Just curious if there is any news on the release of Stripes 1.7?  Or is there a feature list of Stripes 1.7.

Thanks,
Joaquin Valdez
[hidden email]



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: stripes 1.7

Daniil Sosonkin-2
  • I've been in discussions with our security team and settled to have server just produce internal error without letting anyone know what actually had happened. Kind of lazy. Personally, it feels either way is fine. Probably for public code appropriate exception should be thrown or error added to the validation list.
  • If you're talking about interceptor, agreed, my omission. However, tag doesn't seem to have that method so if form is called w/out a session, there could be a leak.
  • Completely agree on this one. The whole reason for the interface is to force our internal developers to pay close attention to the code when upgrading from servlets (yup, we're still stuck in that era).

Thank you for suggestions, I'll incorporate them shortly.


On 3/30/2017 2:50 PM, Nestor Hernandez wrote:
The Crsf integration is interesting: I have a couple of suggestions
  • It should not throw an generic IOException when Crsf fails, but a custom exception, maybe an CrsfValidationException
  • Prevent create new sessions with getRequest().getSession( false ). If there is no session it should throw the exception.
  • There's no need to introduce the interface CsrfProtected in order to get the current crsfToken. The crsfToken should be always in a request attribute for the user and the interceptor to use, something like JAX-RS MVC 1.0 does or even ASP.NET MVC does. Please check out http://www.agilejava.eu/2015/11/17/cool-security-feature-in-mvc-1-0/

2017-03-30 13:23 GMT-05:00 Juan Pablo Santos Rodríguez <[hidden email]>:
Hi,

AFAIK, big major changes are REST and async ActionBeans. Because of the latter ones, minimum servlet-api is 3.0. Don't know anything about 1.7 release, though.


br,
juan pablo

p.s.: couldn't resist, also an Stripes - Spring Boot integration at https://github.com/juanpablo-santos/stripes-spring-boot O:-)

On Thu, Mar 30, 2017 at 3:05 AM, Daniil S <[hidden email]> wrote:

Working on extracting CSRF for Stripes from our internal project. May be useful to some - https://github.com/SirDaniil/StripesCSRF (I remember there was a thread about this some time ago).


On 3/28/2017 8:22 PM, Joaquin Valdez wrote:
Hello!

Just curious if there is any news on the release of Stripes 1.7?  Or is there a feature list of Stripes 1.7.

Thanks,
Joaquin Valdez
[hidden email]



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Stripes-users mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/stripes-users
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Stripes-users mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/stripes-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users