Struts2 csrf token in velocity template - struts2

How to use Struts 2 CSRF token interceptor in Velocity template.
Below is standard JSP example with struts tag
<s:form action="UpdateUser">
<s:textfield name="name" label="User Name">
</s:textfield>
<s:textfield name="address" label="Address">
</s:textfield>
<s:submit name="submit" value="Update">
</s:submit>
<%-- add token to JSP to be used by Token interceptor --%>
<s:token />
</s:form>
Same I want to achieve using Velocity template and want to know how to get token value in Velocity.

What do you want to know about Velocity, is already integrated in Struts 2. You might want to use tags in velocity type results. You can learn more about it reading Velocity Tags.
Velocity tags are extensions of the generic Struts Tags provided by the framework. You can get jump right in just by knowing the structure in which the tags can be accessed: #s<tag> (...), where tag is any of the Struts Tags supported by the framework.
For using token interceptor for CSRF you should read this answer.

Related

Struts1 tags to Struts2 tags

The Web application which i am currently working uses Struts1, now i am migrating this application to Struts2.
The below tags are Struts1 tags, Need to modify this tags to Struts2.
<bean:define id="recordPerPageList" name="searchForm" property="recordPerPageList" type="java.util.Collection"/>
<td class="formPromptTd"><html:hidden property="action" value="<%=actionFirst%>"/><input name="quickSearchFlag" type="hidden" value=""></td>
<html:image property="searchButton" src="<%=searchImage%>"/>
Could any one provide the Struts 2 equivalent tags ?
The <s:fieldError> tag would be the closest equivalent for <html:message>
<html:messages id="userName" property="userName">
<s:fielderror fieldName="userName" />
The tag would be the closest equivalent for

How to use Html5 tags e.g email with struts2

I am using struts2 for presentation layer, now there is requirement to use html5 tags e.g. email, tel etc., but it seems that struts2 doesn't support html5 tags.
Is there any way to achieve the above requirement?
You can add custom (HTML5 and others) attributes to Struts2 Tags that have declared they support Dynamic Attributes. Look in the documentation, for each tag you are using, under the Parameters part if you see Dynamic Attributes Allowed: true;
You can still use native HTML elements, along with Struts tags. Then both the following ways are good:
<s:textfield name="foo" value="bar" customAttr />
<input type="text" name="foo" value="<s:property value="bar"/>" customAttr />
If you need to change the type, you can now do it with the Struts <s:textfield /> tag too:
<s:textfield type="email" name="foo" value="bar" customAttr />
<s:textfield type="date" name="foo" value="bar" customAttr />
<s:textfield type="currency" name="foo" value="bar" customAttr />
etc...
Your struts2 tags(<s: >) will finally be converted to basic HTML tags when the page is rendered, which you can check by looking into the generated source. Usually, Struts2 just adds some css(if you are not using theme="simple") to the basic HTML tags. So. it is incorrect to say that
struts2 doesn't support html5 tags
Use the Html5 tags as usual, they will work.
It looks like you are new to the community, so dont get demotivated by the downvotes but in future try to do some homework and ask specific problems, what did you try and what did not work

Can i use html tags in struts2 form?

Can i use html form tags in struts 2 form?
Like
<input type='text' value='' />
<input type='submit' />
Will the values be posted through struts2?
It's not at all mandatory to use struts2 tags. You could go with regular HTML.
Of course.
This is one of those questions you can just try.
All the S2 form tags do is emit HTML, filling in various attributes as required. (It's slightly more complicated than that, but ultimately, they spit out an HTML form field.)
Flip your question on its head: why wouldn't a hand-crafted input tag be sent via the normal browser HTTP submission process? What mechanism could prevent it from working? How is the request body of from such a form submission different from one where the input tags are S2 custom tags?
These questions are all trivial to explore.
Yes.
You must give them a name; the name will be used to set properties (with correct type conversion) in the struts action.
If you call an input somename the setSomename() will be called on post.
If simple HTML used you wont be able to call struts tags inside it eg:
<s:submit cssStyle="submit_button" id='newrc%{#stat.index}.%{#questionIndex.index}' name="newrc%{#stat.index}.%{#questionIndex.index}" onclick="return newrcClick(this)" value="+" />
This works but below code does not provide values for id and name from values stack thus :name="newrc%{#stat.index}.%{#questionIndex.index}"
<input type="button" cssStyle="submit_button" id='newrc%{#stat.index}.%{#questionIndex.index}' name="newrc%{#stat.index}.%{#questionIndex.index}" onclick="return newrcClick(this)" value="+" />

Struts2 : Using form action

I am working with a struts2 based application
Inside my JSP page for form submission is it mandatory to use s:form (Predefined struts component )
Because when i tried this way it worked (calling the Action class under struts.xml )
<s:form action="HelloWorld" >
<s:submit />
</s:form>
But When I tried to use normal form submission as shown
<form action="HelloWorld">
<input type="Submit"/>
</form>
It isn't working , it gave me 404 error .
please tell me is it mandatory to use and for data submission ??
A struts form action and an HTML tag form action are different. You can use a standard HTML form tag with struts if you create a struts specific URL for example (off the top of my head):
if using in multiple places, generate the url in and call like this -
<s:url id="myActionUrl" action="HelloWorld" />
<form action="<s:property value="%{myActionUrl}" />">
<input type="Submit"/>
</form>
or using in a single instance -
<form action="<s:url id="myActionUrl" action="HelloWorld" />">
<input type="Submit"/>
</form>
You can often look at the page source in your browser to see what Struts generates and recreate it manually like this. You will often end up using additional struts tags such as property to retrieve values from your value stack, but it is useful at times, for instance when generating JavaScript code dynamically.
No, it's not mandatory to use any of the S2 tags, but as Russell says, you need to duplicate the correct action URL.
You also need to be a little careful when mixing-and-matching S2 form tags with non-S2 HTML form tags, because the default S2 theme adds additional HTML markup to the page; they don't just create form tags--the default theme uses table tags to lay out the form.
You can use s:form for form and
<input type="Submit"/>
can be replaced by
<button type="submit"/>
It's not about which to use,it is what you want from it.Struts2 tags provides additional capabilities to the form.
Please go through below two links to get the diffrence
1] http://struts.apache.org/release/2.1.x/docs/form-tags.html
2] http://www.w3schools.com/tags/tag_form.asp
some facilities such as namespace,tooltip,tooltipIconPath and many are provided by struts2 tags.

Spring Security 3.0 form-login Forwarding to External Resources

Can the form-login tag make use of URLs to external resources?
I have two Web services running in separate application contexts [Case #1]. They could be on separate machines as well [Case #2].
I want the first service to use Spring Security to enforce authentication for certain methods. I want the second service to be used as the authenticating mechanism. If a request is not authenticated when it attempts to invoke a protected method on the first service, the request should be forwarded to the second service for authentication.
Both services are up and running. I have the first service configured and "working" except for the URL it forwards the request to when the user is not yet authenticated.
If the first Web service is located at http://server1/community, can Spring Security forward a user to a different service running in a separate context?
Ex:
<security:form-login
login-page="/auth/login.jsp" />
where /auth is the context of the second service.
Or, can it forward to a different server altogether?
<security:form-login
login-page="http://server2/auth/login.jsp" />
When I attempted the first configuration above, the URL forwarded to became http://server1/community/auth/login.jsp. I wanted http://server1/auth/login.jsp.
The second configuration yielded http://server1/communityhttp://server2/auth/login.jsp.
Clearly, the URLs are taken to be relative to the current context. Is there a way to change that behavior? Or, is there a better way to do what I am trying to do and I just haven't stumbled on it yet? ^__^
Thank you for your help!
-- JS
PS: I posted this earlier as an "Answer" to a previous post by mistake. Sorry.
Yes there is a way to do what you want. The keyword that you need is login-processing-url on the form-login element.
Example:
<form-login login-page="/auth/login" login-processing-url="/auth/example_security_check"/>
Then in your jsp page you want to set the action to whatever you put there:
<form action="example_security_check" method="post">
<label for="j_username">Login</label>:
<input id="j_username" name="j_username" size="20" maxlength="50" type="text"/>
<br/>
<label for="j_password">Password</label>:
<input id="j_password" name="j_password" size="20" maxlength="50" type="password"/>
<br/>
<input type="submit" value="Login"/>
<br/>
<br/>
<input id="_spring_security_remember_me" name="_spring_security_remember_me" type="checkbox" value="true"/>
<label for="_spring_security_remember_me">Remember Me?</label>
</form>
The documentation for the attribute is here
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/appendix-namespace.html
I guess you can overwrite the class LoginUrlAuthenticationEntryPoint and instead of using the tag, you manually add the required elements to the configuration
See form-login doku for the required elements.
its only the UsernamePasswordAuthenticationFilter and the LoginUrlAuthenticationEntryPoint.
I guess you can use the custom-filter tag to add the filter.

Resources