We use Orbeon with a custom REST interface with Apache CXF and we were wondering why does Orbeon Builder allow multiple sets of the same application/form?
Of course each set gets it's own documentId but on publish each form overwrites the other (given the same app/form)
So what was the idea behind that? It is manageable with a couple of forms but we are looking at 300+ forms with multiple users building forms with the builder.
Besides the possibility of user error when renaming a form and by accented overwriting another on publish it is quite a head ache from an administration point of view.
Speaking about the REST api:
We would like to return meaningful error messages from the persistence layer to the ui. Is that possible with the current builds of Orbeon and if so how? The 404/500 error message doesn't get displayed.
I hope Orbeon / another SO user could give us some insights about that.
It's mainly for historical reasons. We have an RFE to improve on this. Versioning, which is almost completely implemented now, will better allow handling multiple versions of a given form definition.
It's currently not possible to propagate error messages to the UI in the general case. It's possible upon Publish or when using the result-dialog when submitting, if the service returns an HTML response.
Related
I been practicing developing an application in .NET and with other languages and server, and now I want to start sketching out an architecture I want to implement.
The reason why I want to separate the two is because I cannot focus on a specific thing when everything is Jumbled into one server. I would like to be able to have the freedom to offer features that would otherwise bottleneck one server and not another(ex. notification, chatting)
What brought me here to ask this question is because I am totally confused on why everything on the UI is always called MVC. When searching for solutions to a distributed architecture that I can implement I keep running across frameworks that use an MVC pattern.
How does this actually work when you already have your API models? Isn't an MVC pattern just going to duplicate all of the models on the API (ex django, asp.net mvc or ruby on the rails)?
One scenario that threw me off and brought me to research a whole lot more, is when I wanted to create a registration form that has steps, validating the username uniqueness was on one step and zip code was on another. I found myself wanting the tweak the API based on how I wanted to present my view and thought about having to do that for different types of clients(mobile, different user agents) and quickly backed off that idea. The problem is those fields need some sort of call to the back end and every view wont have that way of registering.
The main question is how do I implement a UI layer that I can customize toward certain views, without changing the way my API is structured?
You might be interested in this article from LinkedIn dev team.
https://engineering.linkedin.com/frontend/leaving-jsps-dust-moving-linkedin-dustjs-client-side-templates
Orbeon is providing some examples that can be run easily. For example I can run in my computer http://localhost:8080/orbeon/xforms-wizard-pfc/ that does not seems to be a form created using the Form Builder. I was always using the form builder as a starting point but the last days I was paying more attention on these examples for learning a little more.
In this case, it is a form that is using a flow with different questions that are defined in different XHTML files. I like this idea for using it in very big forms.
All this examples, are using custom submit buttons with its own actions, but none of them are saving the result into database except an example that uses a rest service of 'exists' database (I have configured my Orbeon datasource to use MySQL).
I have tested that some configuration of the form runner (properties-local.xml) affects also these examples such as changing the date format, therefore maybe it is also possible to enable the standard submit button that already I have configured and save the forms into database for later be shown in the summary page of the Form Runner. But I am not able to do this with these examples using the property oxf.fr.detail.send.success.uri.<app>.<form>. Specially, because no application is defined in the example.
There is any way to, for example, save the submitted data of these "XForms applications" using the datasource of Orbeon to save to MySQL database as when using a form created by the Form Builder?
Or I need to use rest services to send data to a custom application that does all this kind of work?
The example you're referring to (xforms-wizard-pfc), along with similar examples, are written in "plain XForms". In the other side, when you create a form in Form Builder, the result goes through Form Builder, that adds a number of features on top of XForms, like persistence or the error summary (with a number of them implemented, at least in part, in XForms).
All those features that are part of Form Runner are not designed to be used on their own, so you can't easily, say, "just use the Form Runner persistence" in one of your forms. This means that you most likely need to decide whether you're better off using the whole of Form Runner, or no Form Runner at all, and just write plain XForms.
I am a new user to Orbeon. I am attempting to integrate Orbeon with another e-form type application that does not support mobile viewing. is it possible to pass an XML file to Form Runner to open and populate a pre-built form with the values from the xml file for editing? We would subsequently send the updated XML back to our other application and we already have this functionality built. if possible what is the best way to accomplish? I am still digesting all of the Orbeon knowledge and flow of the application, so be gentle =p
I haven't tried this, but it should be possible using the Persistence API.
You'll also need to configure access to the API. For testing purposes, I used the properties in the Backward compatibility section to completely open up API access.
We have a grails-groovy(right now version 1.3.7) based application with Oracle 11g database.
We have to make it OWASP complaint so we are thinking of all possible security enhancements/plugins.
The main issue is here:
We have a create email template feature in our application where a user can create a new email template and save it. The Use has to write code manually in this template page to create the template. (The implementation is done we need to secure it!)
The code consists of
1) groovy code
2) grails tags
3) SQL select queries (we can restrict the user to readonly so that no Insert and Delete etc are available)
4) HTML tags
The template is used by the application where it compiles, executes and applies the template to emails before sending them out.
I know about markup-sanitizer plugin and the HDIV api and thinking about them, but how Can I secure this feature more?
I guess this is a feature where you have to trust your users. From my point of view, you can't sanitize this kind of markup - there are too many ways how to inject malicious code. (See book "Writing Secure Code")
When it comes to OWASP, you always have to analyze the threat: how likely is an attack and how much harm can be done. If only admins (which you trust) have access to this template engine, then I guess the risk is low.
Otherwise you have to create a template generator instead of a free-form templates. But even this sounds from your description to be a big effort since you would need an SQL query builder and some kind of template builder.
So I guess you should try to redefine the requirement in such a way that a secure implementation is possible.
I'm currently working on a Struts2 application that integrates a wizard / workflow in order to produce the desired results. To make it more clear, there is a business object that is changed on three different pages (mostly with AJAX calls). At the moment I'm using a ModelDriven action (that's extended by all the actions working with the same business object) coupled with the Scope interceptor. While this works okay if the user is handling data for only one business object at a time, if the user opens the wizard for different objects in multiple tabs (and we all do this when we want to finish things faster) everything will get messy, mostly due to the fact that I have only one business object stored in the session.
I have read a few articles about using a Conversation Scope Interceptor (main article) and about using the Scope plug-in (here). However, both approaches seem to have problems:
the Conversation Scope Interceptor doesn't auto-expire the conversations, nor does it integrate properly with Struts2;
the Scope plug-in lacks proper documentation and the last build was made in 2007 (and actually includes some of the ideas written by Mark Menard when he defines his Conversation Scope Interceptor, though it doesn't use the same code).
Spring's WebFlow plug-in seems a bit too complex to be used at the moment. I'm currently looking for something that can be implemented in a few hours time, though I don't mind if you can suggest something that works as needed, even if it requires more time than I'd currently want to spend on this now.
So, seasoned Struts2 developers, what do you suggest? How should I implement this?
Okay this isn't a fully baked idea. But seeing as no else has provided anything, here is what I would start with.
1) See if you can move the whole flow into a single page. I'm a big believer in the less pages is better approach. It doesn't reduce complexity for the application at all, but the user generally finds the interface a lot more intuitive. One of the easiest ways to go about this is by using the json plugin and a lot of ajax calls to your json services.
2) If you must transition between pages (or simply think it is too much client side work to implement #1) then I'd look to the s:token tag. The very first page to kick off a flow will use this tag, which will create a unique value each invocation. You will store a map in your session of model objects. An action will need to be provided with a model by looking it up from the session.
There are a couple challenges with #2. One how do you keep the session from getting too many domain objects? a) Well it might not matter, if the session is set to say six hours you can be rather sure that over night they will get cleared up. b) provided a self management interface which can get/set/list objects in the session. It might be what you thought of at first but it would let a worker do a certain amount and then stop and work on another. If the unit of work has some meaningful name (an invoice number or whatever) it could be quite useful.
A little more sophistication would be to move the model objects out of the session and into the service layer. At which point when inserted you would set an insertion time. You would probably need a manager to hold each type of model object and each manager would have a daemon thread that would periodically scan the map of domain objects and clean out expired ones.
You can figure out more complicated system by kicking a flow off with a token and then using another token on each page. "flowId" and "currentPageId" respectively, then you can graph allowable transitions.
Mind you at this point spring web flow is starting to look pretty good.
There is now a conversation plugin for Struts2 that achieves all these goals with very little work required by the developer: http://code.google.com/p/struts2-conversation/
It has:
-nested conversations
-cleanup of dead conversations
-convention over configuration with annotations and naming conventions
-inherited conversations
-fully integrated with Struts2
-the conversation scope can also be used by Spring IoC container-managed beans
Hope it helps somebody.