I have some data that I need to persist through multiple actions within my Grails app. Due to the nature of the data, I would prefer not to store the data in the session. Here is an example of what I would like to do.
class MyController{
def index(){
MyObject object = MyObject.new(params.first, params.second, params.third)
[gspObject:object]
}
def process(){
MyObject object = params.gspObject
//continue from here
}
}
In my GSP if I do
<g:form action="process" params="[gspObject:gspObject]">
Then I get the error
Cannot cast object 'net.package.MyObject#699c14d8' with class 'java.lang.String' to class 'net.package.MyObject'
My question is, If I want to get the object back that I sent to the gsp, how can I get that? Is there some kind of scope that I can save the object in that would be a little safer then session? Is there a way to pass the object into the page itself and pass it back in the next request?
Grails has many layers, but at the bottom you have plain old HTTP just like in any web app. It's a stateless protocol, and you send a text or binary response, and receive text or text + binary requests. But you can't expect to be able to send an arbitrary object to a web browser in HTML and receive it back again in the same state as when you sent it - where is this Java/Groovy JVM object going to be stored in the browser?
You have basically two options. One is to store it at the server, which is less work because it remains as the same object the whole time. The session is a good location because it's coupled to the user, is created on-demand and can automatically time out and be removed, etc. The other is to do what you're trying to do - send it to the client and receive it back - but you are going to have to serialize it from an object (which could be a complex object containing arbitrarily many other objects) and deserialize it from the format you used on the client back into Java/Groovy objects.
JSON is a good option for serialization/marshalling. You could store the stringified object in a hidden form element if your page uses a form, or in a querystring arg if you click a link from this page to the next in the workflow. Don't send all of the object's data though, only what you need to rebuild it. Anything that's available in the database should be referenced by id and reloaded.
Something like
[gspObject: object as JSON]
or
[gspObject: [first: object.first, first: object.firstsecond, ...] as JSON]
will get it in the correct format for sending, and then you can parse the JSON from the request to reinstantiate the instance.
Related
I am currently creating an MVC application that is currently getting a value from a post from a webhook. I think that the problem is that the application is getting the value from the POST verb but then it is not displaying it because the Get verb is being used to display the View so both Verbs are counter acting each other.
The webhook will fire A Json payload to my application successfully because I have code in it that will send the Json payload in a variable via email to my email account.
Dim body = issue.issue.key
mail.Body = body
That is in a try catch block because in order for it to have a value it must have a value in it and the application will perform the GET first, so there is a null value in the body variable, then it does the POST to get the value but it will not display the value, refreshing will just perform the GET preventing it from being displayed. How can I perform both actions at the same time so I can display a value in a ViewBag for example.
ViewBag.response = status + key
This is the type of structure that I would like to implement to try and fix the error but I do not know how to complete all of the steps:
This is what I have got so far:
The POST is coming in from a webhook and I am reading it like this.
Dim reader As System.IO.StreamReader = New System.IO.StreamReader(HttpContext.Request.InputStream)
Dim rawSendGridJSON As String = reader.ReadToEnd()
Dim tempVar As Rootobject = JsonConvert.DeserializeObject(Of Rootobject)(rawSendGridJSON)
System.Diagnostics.Trace.TraceError(rawSendGridJSON)
I am then trying to store the post values in a table like this:
Public Function CallBack(tempTable as temporaryTable)
Dim tempVar As Rootobject = JsonConvert.DeserializeObject(Of Rootobject)(rawSendGridJSON)
tempVar = temporaryTable.tempVar
I then save the new items in the actual table in the database, then I try to display it in a view on another page. This is not working correctly and the problem lies with this line, as the post is not being correctly read in at the right time. (The value is processing correctly as I can use an email method to send the variables in an email back to the application but this application needs to be real-time efficient code).
Is there a better way to use this method and how can I invoke this process that I want to do properly so that I can display the correct information?
Update
To clarify, there are two posts that are happening, the first one is when the user enters in information and submits it. This is then stored in a database and send to JIRA via email. Once JIRA receives the information, it is sends a HTTP POST webhook JSON Payload back to my application with updated information. I then have deserialized the JSON Payload into a variable called issueKey.
The problem is that on the View page that the information is sent to will automatically display a null value first before the value is sent to it, I want the application to work so that it will actually display/store in a database the values from the Webhook JSON Payload but I cannot figure out how to display the values.
I have now set up a communication channel from SignalR to my MVC application, at the moment it is being received by the MVC and I have set up a SignalR chat Hub in my MVC application, but I don't know how to integrate them, how can this be done?
As I understand it, there are two flows at work here. The user posts data, which triggers an email to Jira. Then sometime later (usually quite fast, but not always) JIRA triggers a webhook in the web application with some updated information, and you want to display this updated information to the user somehow, or at least inform the user when the updated information comes back from JIRA.
I would implement a standard Post-Redirect-Get for the user initiated part (as per br4d's comment). I.e. a post to store the data in the database and send email to jira, which returns a redirect to a get which shows the data stored in the database.
Now for the other part I would use signalr to set up some sort of communications channel to the user. The webook could then send a signal (of sorts) through the communication channel to the users browser and either display the data, or trigger a refresh of the page (if you are updating the database with data from Jira).
It is unclear if you are doing straigt mvc, or some sort of SPA application, but it is not really important. The users browser has no way of knowing about the webhook (which is a part of the webapplication and unrelated to the users session), and you need some sort of communication between the webapplication and the browser, and for this signalr is very very good.
Flash, which is a temporary storage map for one request.
I am wondering how this is implemented on the grails core framework
In particular I'm interested in the class(es) responsible for putting the flash map in the request and then taking it out once the request has finessed processing.
Flash is actually a temporary storage map for the present request and the next request only. It won't retain the entries after the next request unless entries are repopulated in the next request (which would be current in future). Here is how it works in Grails:
FlashScope interface which extends Map itself has two methods next() and getNow() is implemented by GrailsFlashScope. All of which can be found in grails-web-mvc.
GrailsFlasScope mainly maintains two concurrent HasMap (one for current request and second for the next request) to hold the entries. It implements next() from FlashScope to do the cleaning and "restricting-to-next-request-only" part as:
a. clear current
b. make next as current
c. clear next
Next thing to focus will be GrailsWebRequestFilter (implements OncePerRequestFilter) which makes sure that there is always a single execution of request per dispatch.
All http servlet requests are filtered by GrailsWebRequestFilter. This filter sets the flash scope to next so that every time the latest and valid info is retrieved.
Now the question is how does FlashScope reconciles current and next map? Well, that is why FlashScope is extended from Map. FlashScope overrides get(key) from map to reconcile both the maps by making sure values are retrieved from next map otherwise switch to current map.
How is flash available to controllers by default? All controller inherit ControllersApi which inherits CommonWebApi.
I hope you get what you were looking for..
If you print the class of the object:
class MyController {
def index() {
println flash.getClass().name
}
}
You will see that's org.codehaus.groovy.grails.web.servlet.GrailsFlashScope. If you look at the code, there are two ConcurrentHashMap's: one for the current request and another to the next request.
To make it available, the instance is stored in the session (see registerWithSessionIfNecessary).
I have an MVC application that is rendering rendering the following javascript on the client:
var rawData = [{"ID":5317,"Code":"12345","Description":"sometext \u003c/= 100"}];
The JSON data is a result of serializing an object using the JavaScriptSerializer and then running the result through the Html.Raw() helper.
This data is then used to load a knockout view model and display a popup on hover. In the popup, only the "sometext" portion of the "Description" property is being shown as the string gets converted to the unencoded version when setting the rawData variable (i.e. \u003c is converted to <).
Also, this data ends up being sent back to the server upon saving of data, and the ASP.NET validation kicks in and fails the request as it detects the "
I've worked around this, temporarily, by adding a computed property to my Knockout View Model like so:
self.DescriptionEncoded = ko.observable('');
self.Description = ko.computed({
read: function() {
return self.DescriptionEncoded ();
},
write: function(value) {
self.DescriptionEncoded($('<div/>').text(value).html());
}
});
In this way I can access the escaped property from my popup and the unescaped value is not sent back to the server when I serialize my viewmodel (using .toJSON()).
Is there a more global way to handle this rather than creating computed properties for every object that may have some text that appear to be a bad request while not compromising on security? I've considered an overload/helper to the serialization routine that would accept a list of properties to apply a Find/Replace I am thinking this will have to be handled on a case by case basis in a manner similar to what I've already done. As for sending the data back to the server, I could override the toJSON() method on my view model and delete the properties that don't need to be sent back, but that won't help me with my popup.
Thoughts?
You can encode using Ajax.JavaScriptStringEncode. You might also get the AntiXSS library and use it for the encoding.
I hope I understood your question well.
I am trying to send map from gsp to controller but the map is considered as a string in the controller
<g:remoteFunction
action="updateCart"
params="{startDate:stDt,endDate:endDt,cartId:pkid,shoppingCart:'${shoppingCart}'}"
update="resourcesSelectedId"/>
Here the shoppingCart is a grails map variable I am trying to send
Edit:
there was a typo in the code I posted above. Missed starting "{" in the params
params="{startDate:stDt,endDate:endDt,cartId:pkid,shoppingCart:'${shoppingCart}'}"
Updated my question as per my comments below
In my case shoppingCart is an object and it has, lets say for example, items and quantity of each item. I have some rules to be applied based on the items selected and quantity and determine the price for each item and show it back to the user. I want to do this processing the controller. Whenever user updates the cart I need to re-calculate and show it back to user. Is there any other better approach you would suggest to do this instead of passing the objects back and forth
Anytime you're using the params attribute, it has to be in the format of a Map anyway, which means including the [ ]. This also means you can exclude the ${ } from any values because grails will parse all these as potential variables.
<g:remoteFunction
action="updateCart"
params="[startDate:stDt,endDate:endDt,cartId:pkid,shoppingCart:shoppingCart]"
update="resourcesSelectedId"/>
However, keep in mind that you can't send objects. I'm not sure what shoppingCart is in your example, but it would only be able to be a simple value that can be represented as a String. Possibly you would want shoppingCart.id? Otherwise, that should get you going in the right direction.
I could able to overcome this issue by following below steps
converted the shoppingcart object to json string
Pass the json as part of the params
parse the json string server-side & process
pass the updated object back to gsp
I am still mostly unfamiliar with Inversion of Control (although I am learning about it now) so if that is the solution to my question, just let me know and I'll get back to learning about it.
I have a pair of controllers which need to a Session variable, naturally nothing too special has happen because of how Session works in the first place, but this got me wondering what the cleanest way to share related objects between two separate controllers is. In my specific scenario I have an UploadController and a ProductController which work in conjunction with one another to upload image files. As files are uploaded by the UploadController, data about the upload is stored in the Session. After this happens I need to access that Session data in the ProductController. If I create a get/set property for the Session variable containing my upload information in both controllers I'll be able to access that data, but at the same time I'll be violating all sorts of DRY, not to mention creating a, at best, confusing design where an object is shared and modified by two completely disconnected objects.
What do you suggest?
Exact Context:
A file upload View posts a file to UploadController.ImageWithpreview(), which then reads in the posted file and copies it to a temporary directory. After saving the file, another class produces a thumbnail of the uploaded image. The path to both the original file and the generated thumbnail are then returned with a JsonResult to a javascript callback which updates some dynamic content in a form on the page which can be "Saved" or "Cancelled". Whether the uploaded image is saved or it is skipped, I need to either move or delete both it and the generated thumbnail from the temporary directory. To facilitate this, UploadController keeps track of all of the upload files and their thumbnails in a Session-maintained Queue object.
Back in the View: after the form is populated with a generated thumbnail of the image that was uploaded, the form posts back to the ProductsController where the selected file is identified (currently I store the filename in a Hidden field, which I realize is a horrible vulnerability), and then copied out of the temp directory to a permanent location. Ideally, I would like to simply access the Queue I have stored in the Session so that the form does not need to contain the image location as it does now. This is how I have envisioned my solution, but I'll eagerly listen to any comments or criticisms.
A couple of solutions come to mind. You could use a "SessionState" class that maps into the request and gets/sets the info as such (I'm doing this from memory so this is unlikely to compile and is meant to convey the point):
internal class SessionState
{
string ImageName
{
get { return HttpContext.Current.Session["ImageName"]; }
set { HttpContext.Current.Session["ImageName"] = value; }
}
}
And then from the controller, do something like:
var sessionState = new SessionState();
sessionState.ImageName = "xyz";
/* Or */
var imageName = sessionState.ImageName;
Alternatively, you could create a controller extension method:
public static class SessionControllerExtensions
{
public static string GetImageName(this IController controller)
{
return HttpContext.Current.Session["ImageName"];
}
public static string SetImageName(this IController controller, string imageName)
{
HttpContext.Current.Session["ImageName"] = imageName;
}
}
Then from the controller:
this.SetImageName("xyz");
/* or */
var imageName = this.GetImageName();
This is certainly DRY. That said, I don't particularly like either of these solutions as I prefer to store as little data, if any, in session. But if you're intent is to hold onto all of this information without having to load/discern it from some other source, this is the quickest (dirtiest) way I can think of to do it. I'm quite certain there's a much more elegant solution, but I don't have all of the information about what it is you're trying to do and what the problem domain is.
Keep in mind that when storing information in the session, you will have to dehydrate/rehydrate the objects via serialization and you may not be getting the performance you think you are from doing it this way.
Hope this helps.
EDIT: In response to additional information
Not sure on where you're looking to deploy this, but processing images "real-time" is a sure fire way to be hit with a DoS attack. My suggestion to you is as follows -- this is assuming that this is public facing and anyone can upload an image:
1) Allow the user to upload an image. This image goes into the processing queue for background processing by the application or some service. Additionally, the name of the image goes into the user's personal processing queue -- likely a table in the database. Information about background processing in a web app can be found # Schedule a job in hosted web server
2) Process these images and, while processing, display a "processing graphic". You can have an ajax request on the product page that checks for images being processed and trys to reload them every X seconds.
3) While an image is being "processed", the user can opt out of processing assuming they're the one that uploaded the image. This is available either on the product page(s) that display the image or on a separate "user queue" view that will allow them to remove the image from consideration.
So, you end up with some more domain objects and those objects are managed by the queue. I'm a strong advocate of convention over configuration so the final destination of the product image(s) should be predefined. Something like:
images/products/{id}.jpg or, if a collection, images/products/{id}/{sequence}.jpg.
You then don't need to know the destination in the form. It's the same for all images.
The queue then needs to know where the temp image was uploaded and what the product id was. The queue worker pops items from the queue, processes them, and stores them accordingly.
I know this sounds a little more "structured" than what you originally intended, but I think it's a little cleaner.
Is there complete equivalence between the UploadController and ProductController?
As files are uploaded by the UploadController, data about the upload is stored in the Session. After this happens I need to access that Session data in the ProductController.
As I read that the UploadControl needs read and write access to Upload data, the ProductController needs only read.
If that's true then you can make it clear by using an immuatable wrapper around the upload information and have the UploadController put that into the session.
The Session itself is by definiton a public shared noticeboard, decouples explicit relationships at the cost of allowing anyone to get and put. You could allow the ProductController to know about the UploadController and hence remove the need for passing the upload information via the session. My instinct is that the upload info is interesting to the public, so using Session is reasonable.
I don't see any DRY violation here, we are explicitly trying to separate responsibilities.