I'm upgrading my project from Struts 2.3.1 to 2.5.12.
Since ParametersAware is deprecated in 2.5.12. I want to change ParametersAware to HttpParametersAware.
But setParameter() method is entirely different in both.
setParameters(HttpParameters parameters) (struts 2.5.12)
setParameters(Map<String,String[]> parameters) (Struts 2.3.1)
How to do this?
Change Map<String,String[]> to HttpParameters. The later class implements a Map<String,Parameter>, so you can use
this to get/put parameters to the map.
The most interesting is a Parameter interface that has implementations
Parameter.Empty, Parameter.File, Parameter.Request.
The last one is used to retrieve request parameters.
This answer How could I get a parameter in JSP will throw a light on a typical usage of request parameters if you want to manipulate parameters manually.
Another approach (which is not recommended) is to get request parameters from the request itself. See Interceptors use in login in Struts 2.0.
Related
In a Struts 2 webapp (which also uses Spring),
I want to modify the "output" of the <s:token> tag to use my own token-generation algorithm.
It appears the <s:token> tag is handled by a class called org.apache.struts2.components.Token, which is a UIBean. Is there a standard way using either Struts or Spring by which I can "extend" or "modify" or replace the Token class, or the methods it uses to generate tokens?
Alternatively, can I make up my own <mytoken> tag that works in Struts 2?
At the moment in the latest S2 version 2.3.20 there is no simple way of doing that. The TokenHelper class which is responsible for generating tokens is a simple utility class with static methods.
You are better off using your own custom token solution. You need an interceptor which will handle tokens and something that will put token into JSP. For that you can create custom tag or just use a hidden input which calls some method in your base action.
Note: The execAndWait interceptor uses TokenHelper too, so if you are using execAndWait you need to change it as well.
I am using Grails 2.3.3 and spring-security-core:2.0-RC4 plugin.
I am trying to protect a controller action by securing it depending on the result of a method call from a service that takes a parameter. This parameter should be something inside the request parameters.
I'd like to be able to do the following:
#Secured("#mySecurityService.myCustomCheck(params.id)")
def myAction(){
//do some things
}
I managed to be able to do the following:
#Secured("#mySecurityService.myCustomCheck()")
but now I have no idea how to access the request parameters that are sent to the controller.
Is it even architecturally possible to reference params variables inside the #Secured notation?
PS: I know you'll ask me to use spring-security-acl plugin. My problem is that it also adds a bunch of other things that I don't think I require.
In 2.0 you can use a closure as the annotation's check; there's a brief writeup and example in the docs: https://grails-plugins.github.io/grails-spring-security-core/v2/guide/newInV2.html
You'd express your example as this:
#Secured(closure={
ctx.mySecurityService.myCustomCheck(
request.getParameter('id'))
})
Return true to allow access.
Note that the ApplicationContext is available as the ctx variable, and the request as request; this is in addition to the other variables and methods that are available when using SpEL (see the Spring Security docs for details). params isn't available, but you can access values using request.getParameter
I'm trying to use the sbt in xpages with a custom endpoint i.e a new one defined in faces config using the class com.ibm.sbt.services.endpoints.OAuth2Endpoint
The authorisation url it generates is in the format of
&client_id=xx&callback_uri=xxx
however the api i'm trying to use expects a parameter of redirect_uri
Looking at the spec for OAuth2 it appears that the convention is to use redirect_uri rather than callback_uri.
Is there a different end point class I can use which would use redirect_uri instead for the auth handler?
NB: I've searched the source code and "OAUTH2_REDIRECT_URI" isn't used anywhere so I guess not, which makes me think I've misunderstood how to use it
Thanks!
I had a similar issue for our Basecamp demo application for IBM Connect 2014.
I have inherited a new endpoint and handler for this purpose.
In the handler class I had to rewrite getAuthorizationNetworkUrl() and getAccessTokenForAuthorizedUser() methods to change those url parameters.
Overriding these methods might not be safe for the future of course. Instead, you might get the original URL and do some string operations to change desired parameters.
#Override
public String getAuthorizationNetworkUrl() {
String newUrl=super();
// Do string operations
return newUrl;
}
Checking if anything changed for the new version of SBT would be needed. I hope it helps.
You can use the SmartCloudOAuth2Endpoint, instead of the plain oauth2 endpoint. This endpoint is a custom endpoint for SmartCloud which uses redirect_uri
https://github.com/OpenNTF/SocialSDK/blob/cd373c78971bb31e1902f177eddcb33d029ae474/sdk/com.ibm.sbt.core/src/main/java/com/ibm/sbt/services/endpoints/SmartCloudOAuth2Endpoint.java
I'm using Grails 2.1.5 and the Spring Security Core plugin.
I've overridden the WebSecurityExpressionRoot to add 2 signatures of a hasPermission method to the web expression paradigm.
This method delegates to classes by name in the applicationContext calling them with the request as an argument and an arbitrary string to provide further details if any are ever required.
In my delegate class I need to be able to access the parameters to assess whether or not the user may access the requested resource and this is fine but the request does not yet contain the variables defined from the UrlMappings.
I have tried acquiring the grailsUrlMappingsHolder from the applicationContext but when I call it's match method with a valid uri I get nothing.
I'm running out of time and may have to parse the request.getRequestURI() myself to try to infer the id if no request parameters are valid but this will not get urls mapped where the id is not last.
I really hate to re-invent the wheel here and I hate to miss out on using the UrlMappings to their fullest potential but the variables they define (in my circumstance) aren't available until I'm in the controller.
Take a look at what I do in AnnotationFilterInvocationDefinition - there's a bit of setup that you need to do: https://github.com/grails-plugins/grails-spring-security-core/blob/master/src/java/grails/plugin/springsecurity/web/access/intercept/AnnotationFilterInvocationDefinition.java
I've created a new custom JSON codec for OpenRasta which works fine.
I need to pass arguments to the codec's write method when the handler is executed but cannot find any documentation on how to do it.
I notice in the implemented WriteTo method, there is a string[] codecParameters parameter, however no idea how to pass them in.
Anyone come accross this problem before? Thanks
the codec parameters are per-request. They're intended to be used together with (for example) the PathSegmentAsParameterUriDecorator.
For example, if you enable that decorator, the path /resource;segment will be treated as /resource by openrasta, and a parameter will be created with the "segment" value, and passed to the codec.
If you wish to pass information to the codec from the handler, there's nothing there, as architecturally it goes against the design of OpenRasta, which specifically prevents handlers and codecs from talking to each others.
If you wish to pass configuration data to your codec, you use the Configuration property from the ICodec interface, which will be filled with whatever object you have provided at configuration time.
You provide the configuration object either through the paramter in the .TranscodedBy(object configuration) method, or if you do custom registration using the configuration metamodel, bu adding the configuration to your Configuration property on CodecModel (which incidently is used in the ResourceModel object created by the fluent API).
Do you have a specific scenario I can help with?