Right now we are using Struts 2.5 and I have Dynamic Method Invocation=true in Struts configuration file .
And i have action mappings as below.
<action name="action name" class="action class"
<result name="view" type="redirectAction"></result>
<allowed-methods>
view,modify,delete,duplicate
</allowed-methods>
</action>
To remediate App-sec finding i have to set Dynamic Method Invocation to false.
I have set Dynamic Method Invocation value="false" . Now allowed methods are not working.
I did specify multiple actions with methods, it did not work as well. It is calling default reset and process method from the Action class instead the specified method.
I have read that for allowed-methods to work we have to have Dynamic Method Invocation set to true?
How do i call multiple methods with the same action with disabling Dynamic Method Invocation?
If DMI is turned off you cannot invoke methods dynamically; that's the point of turning it off.
You can use Strict Method Invocation to explicitly allow methods; SMI is enabled by default.
You can't have it both ways--DMI is either enabled, or not.
Related
I need to call a method from my action object inside the JSP, something like:
var currentStatus = ${getCurrentStatus()};
I cannot call an attribute, and I tried following this answer (How to call an action method using OGNL) and it didn't work.
There are a variety of ways to call methods (on actions, on other objects, or static methods from classes) from OGNL.
In this case, however, I don't see any issue with using a normal accessor. Note that the JavaBean convention is almost (completely?) about naming. A getter named getCurrentStatus(), accessed simply in OGNL via currentStatus, can contain whatever code you want.
This could include the DB access you mention in your question, etc.
I have a foreach element in my flow, which has a variable named "counter" set. Inside the foreach, I have a component, and I'm trying to get access to the "counter" variable from within the component. What is the proper way to get a hold of this variable from inside the component? Does it require adding a parameter to the method? I already have a parameter to take in the payload.
Any variable from the mule flow can be accessed inside a Component by using the
muleMessage.getInvocationProperty("counter");
muleMessage can be obtained from MuleEventContext of the onCall(MuleEventContext arg0) method. Assuming that you have implemented Callable interface of mule.
If not, try getting the message from org.mule.RequestContext.getEvent().getMessage()
This is RequestContext is deprecated as of now.
Hope this helps.
If we set the counter value in a property, we can get that property in inbound properties of message inside the component.
some thing like this
<set-variable variableName="counter" value="10" />
<set-property propertyName="testout" value="#[counter]" doc:name="Property" />
Thanks-
I have one property file linked both ways (using f:loadBundle and faces-config.xml) both with different var names. So it would look like the following:
datatypes.properties:
A=first
B=second
C=third
faces-config.xml:
<resource-bundle>
<base-name>datatypes</base-name>
<var>myProp</var>
</resource-bundle>
myPage.xhtml:
<f:loadBundle basename="datatypes" var="prop"/>
in myPage.xhtml I make a list of all the keys from the property file. What I can't seem to understand is that when I use #{prop} in the code below it works but when I replace it with #{myProp} the list no longer displays.
<h:form>
<h:selectManyListbox id="list">
<f:selectItems value="#{myProp}"></f:selectItems>
</h:selectManyListbox>
</h:form>
I figure this means the variables in both cases are not the same behind the scenes but I would appreciate it if someone could explain (or point me to an explaination) in what way they are different. I would ideally like to just use #{myProp} without having to pull the keys out in code and store them in a list.
Thanks.
Both <f:loadBundle> and <resource-bundle> are different ways to load properties with difference being in their access scopes. The latter has by the way the additional benefit that the bundle is also injectable in a managed bean by #ManagedProperty("#{myProp}")
Using <resource-bundle> in faces-config.xml creates a global resource bundle which can be accessed anywhere in your application. This is implemented through a java.util.ResourceBundle instance.
Using <f:loadBundle> in your view creates a view-specific resource bundle which is accessible only within that view. The tag handler implements this using an internal implementation of a Map. This is as specified in the VDL of the tag:
Load a resource bundle localized for the Locale of the current view,
and expose it as a java.util.Map in the request attributes of the
current request under the key specified by the value of the "var"
attribute of this tag.
Now since you're trying to use the values from datatypes.properties through <f:selectItems>, you'll get the said exception. This is because the value attribute for the tag should evaluate to a Collection or an array.
Value expression pointing at any Collection or array. The member
elements may be instances of SelectItem or any Java Object.
So in order to use the global bundle instance, you first have to convert the same into a List<SelectItem> inside your backing bean before using it.
NOTE: You can verify the above cases by setting a breakpoint in the initializeItems(Object) method in the com.sun.faces.renderkit.SelectItemsIterator class. This is, of course, assuming that you're using the Mojarra implementation.
<navigation-case>
<from-action>#{tabViewController.openscreen}</from-action>
<from-outcome>Group Master</from-outcome>
<to-view-id>#{tabViewController.openscreen1}</to-view-id>
</navigation-case>
in the , i want to call a java function because i need to open a screen in tab controller.
I guess you come from a framework that has this functionality? As in Pageflows from seam.
JSF-2.0 does not have this afaik. But if I understand you correctly you want to execute a method when a view gets loaded.
This is usually done with either:
<f:event listener="#{user.isAdmin}" type="preRenderView" />
full example: http://www.mkyong.com/jsf2/jsf-2-prerenderviewevent-example/
Or by using JSR-250 and the annotation #PostConstruct.
A method annotated with it will be executed after injections and it's a very useful annotation for your use case and afaik it's best practice in most cases.
Good luck.
In the book 'Struts2 in Action', its stated :
while actions that don’t define any interceptor-refs themselves will
inherit the default interceptors, as soon as an action declares its
own interceptors, it loses that automatic default and must explicitly
name the defaultStack in order to use it.
But in so many example on the net, I see that the action section declares its own interceptors, but still doesn't need to declare the default stack like here . Their code is :
<action name="TestLogger" class="vaannila.TestLoggerAction">
<interceptor-ref name="logger" />
<result name="success">/success.jsp</result>
</action>
Is there something I am missing ?
That should be an example to show how to configure custom interceptors.Though you can declare and apply this single interceptor but that means other interceptor being provides by the Framework will not gona get executed and most of the functionality provides by framework will not come in to act.
By what author is trying to explain is that if we define our own interceptor stack and do not inherit default stack or not define other interceptor being used by the framework most of the functionalities will be missing
Interceptors can be configured on a per-action basis. Your own custom Interceptors can be mixed-and-matched with the Interceptors bundled with the framework.The Interceptors are defined in a stack that specifies the execution order and in most cases while defining our custom interceptor stack we end up either extending default-stack or define the provided interceptor execution in our own way.
Have a look at how interceptor stack is actually being declared by the framework
interceptors
So in short if you see interceptor stack is a set of interceptors grouped together and they will get fired in the sequence as defined in the stack.
One more example to define a custom interceptor
creating_a_login_interceptor
Hope this will give you some idea