I'm new to JSF.
I have two use cases.
1: URL: https://site.com/context/part/{partId}
2: URL: https://site.com/context/register-token?tokenType=xxxxxx&token=xxxxx
in each of these cases i'd like to extract the variable information, execute code in a java class (scoped bean/#PostConstruct, i presume) then display appropriate content based on the values.
I'm sure this is pretty straight forward in JSF and I have seen quite a few nice suggestions on how to do pieces of these, but they seem to not be without controversy, so I can't say they're the correct way due to my ignorance. Additionally there seems to be significant enough changes in 2.2 the older posts could be out of date as far as "correctness" goes. Lastly there doesn't seem to be a guide (that I can find) that specifically talks to these workflows specifically in 2.2.
Can anyone provide me a semi comprehensive "correct" way to do these things in JEE7/JSF2.2?
Correct can be subjective I know, but my thinking though this seems rudimentary enough that in this case a vanilla happy path suggestion would be enough.
Much appreciated, thanks.
Finishing comment from above as the last issue has been resolved...
For workflow 1: i found this and it worked: http://www.oracle.com/technetwork/articles/java/jsf22-1377252.html
But it seemed limited to query params.
For workflow 2: I'm using prettyfaces and i was able to get it to work ~sort-of~ by using this (Section 3.6): http://ocpsoft.org/docs/prettyfaces/3.3.3/en-US/html/Configuration.html#config.actions
My web assets not resolving issue was resolved, by using this tip given by #chkal: PrettyFaces using mapped urls and actions, i lose all my stylings.
This suggestion pushed me over the edge to abandon a pure JSF solution and use pretty faces especially since im going to lean towards workflow 2 more often than not: Should I use f:event or action element in PrettyFaces?
Related
It may sound like a naive issue but I can't find a perfect solution for this.
My solution:
Copy every single URL.
Paste it in Jmeter.
Run Jmeter after every
build.
Surely, there must be a better solution.
I am not sure if this fit to your question. On my end when I test and search for broken links to my website I used "xenulink" tools. It is a bit old but still works fine on my end
Cheers
JMeter comes with HTML Link Parser which can be used for automatic checking for "dead" links
Spidering Example
Consider a simple example: let's say you wanted JMeter to "spider" through your site, hitting link after link parsed from the HTML returned from your server (this is not actually the most useful thing to do, but it serves as a good example). You would create a Simple Controller, and add the "HTML Link Parser" to it. Then, create an HTTP Request, and set the domain to ".*", and the path likewise. This will cause your test sample to match with any link found on the returned pages. If you wanted to restrict the spidering to a particular domain, then change the domain value to the one you want. Then, only links to that domain will be followed.
You may also find How to Spider a Site with JMeter - A Tutorial article useful.
I've been having terrible luck trying to get this to work, so I'm hopeful someone can help here.
In Java, I need to be able to take an HTML page with JavaScript within it and detect any JavaScript errors without, preferably without executing the JavaScript code.
I found this article:
Javascript parser for Java
And I've attempted to figure out how I'm supposed to use Caja to do this, but I'm having a difficult time finding any documentation with working examples of anything close to what I'm doing.
As a result I took a look at Nashorn also referenced in that article. I found a few examples which show how to execute JavaScript code from Java, but this doesn't process the whole HTML page. Even then, the execution doesn't seem to include the ability to validate common JavaScript functions (e.g. It hadn't heard of "alert").
Can anyone recommend something that might be able to do what I want, and point me in the right direction for their documentation or give me an example?
jshint as a standalone product seems to be a good fit for this:
it can run in java inside rhino (see https://github.com/jshint/jshint/)
a nodejs package exists (see https://www.npmjs.com/package/jshint)
it works with nashorn but it's quite tricky
I will only cover the technical difficulties around 3rd solution as I finally managed to make it work too...
Spoiler alert: "alert()" is not detected yet... Solution nb 2 will help there...
You first need to grab this specific release of jshint: https://github.com/jshint/jshint/releases/tag/2.4.4
Anything later than v2.7.0 will fail for now and I personally gave up patching intensively prototypes and namespaces... Releases from v2.4.4 until v2.6.3 work without modification but are limited in functionalities.
In the release notes, it's specifically written that "support for the Nashorn JavaScript engine" is working on this release. I'm using JDK8 nashorn 1.8.0_45 for this test.
Next step is to extract from this release this single file jshint-2.4.4/dist/jshint-rhino.js
Now you need to run nashorn/jjs in scripting mode and you need to be specific about the single file you wish to verify. In solution 2 (nodejs based) you can do multiple files or a complete hierarchy below a folder...
Create a simple file file.js:
function(){}
Now run the following command (please note the presence of -- ):
jjs -scripting jshint-rhino.js -- file.js
This will give you the following output:
Missing name in function declaration. (file.js:1:9)
> function(){}
So this covers the how to run jshint in a simple manner with nashorn... With the 3rd solution, at least you can find missing semicolons and several typical errors. But it's not a silver bullet and to me it's not a real alternative.
My personal preference would be to stick to solution 2 only. If you've the possibility to install either nodejs or iojs on your dev platform, go and grab https://www.npmjs.com/package/jshint. Not only will you be able to do more than the 3rd solution, you'll also be able to configure a jshintrc file as described at http://jshint.com/docs/
how could I use ESAPI to check for unsafe input texts in web forms ? My application is built using struts 1.X, so I assume the validations should be added to Actions classes. Any samples / tutorials you recommend ? Thanks.
For something as specific as that there is not usually going to be great tutorials out.
Hopefully I am wrong about this, but I would have to suggest their wiki due to lack of good resources.
I was looking to find input validation for you... seems they don't even have that up themselves. I coudn't find any information on it either. The videos below might have it or I would email them if it provides no real good answer. They should be able to put you in the right direction... and if you do that do us all a favor and demand they update their wiki!
Email: jeff.williams%owasp.org#gtempaccount.com (Leader, owner)
Since that email doesn't look right though I would also check this one.
Email: kevin.w.wall#gmail.com (Owner, coder of crypto libs)
Their are these youtube video's that might help. They even mention that their are not a lot of good resources to teach you how to use ESAPI, but said they hope to fix that in these four videos.
http://www.youtube.com/watch?v=suphwAsb-To
http://www.youtube.com/watch?v=13O9RyjuB3o
http://www.youtube.com/watch?v=_B2kv2mSJhE
http://www.youtube.com/watch?v=mMW4fiUI5kQ
Hope it helped!
Validation of form fields normally is done in the ActionForm class. There are all input values available and all validations can be done there. A tutorial (one of many available) cna be found here Struts form validation and error handling. More can be found using google (struts validation).
I have been working with the ESAPI library for a few months now. The library cannot do too much to validate your input, since it cannot know what the input could be or should be. That is especially true when you factor in all the international characters that could be in legitimate user input.
We use the ESAPI library mostly for encoding server output. The purpose is to send user (or possible attacker) input back to the browser in such a way that it cannot be executed. Instead HTML or JavaScript interprets it as text only.
That is why both my validation and ESAPI's encoding of user input are important for security.
Question is pretty lame I know. And the answer is pretty simple - AJAX (I think, I'm not sure).
But before proceeding further, I would like to know if there's a better way.
My problem:
I have a web application, that takes in one statement from the user, and then in response to it,sends back another statement. The whole process goes on like this.
So how can I give a dynamic nature to my JSP then? If I keep reloading the JSP, my old responses will get deleted. So, that's not how it works.
I could use RequestDispatcher 's include() method. I find that as one solution. So, I can keep including the new pages onto my old JSPs. But again, I think this will have a limitation. Haven't tested it yet though.
Is there a better way around?
Thanks for your help. :-)
I'm in love with AJAX consuming Restful Webservices so that is what I would suggest. In addition, if I understand you correctly, I don't think include() will help you in this scenario unless you manage to keep streamming your responses in 1 open connection which isn't really ideal in most Web page scenarios.
We have recently installed a Google Search Appliance in order to power our internal search (via the Java API), and all seems to be well, however I have a question regarding 'automatic' site-map generation that I'm hoping you guys may know the answer to.
We are aware of the GSA's ability to auto-generate site maps for each of its collections, however this process is rather manual, and considering that we have around 10 regional sites that need to be updated as often as possible, its not ideal to have to log into the admin interface on a regular basis in order to export them to the site root where search engines can find them.
Unfortunately there doesn't seem to be any API support for this, at least none that I can find, so I was wondering if anyone had any ideas for a solution/workaround or, if all else fails, the best alternative.
At present I'm thinking that if we can get the full index back from the API in the form of a list, then we can write an XML file out using that the old fashioned way using a chronjob or similar, however this seems like a bit of a clumsy solution - any better ideas.
You could try the GSA Admin Toolkit, or simply write some code yourself which just logs in on the administration page and then uses that session to invoke the sitemap export URL (which is basically what the Admin Toolkit does).