Stripes

Hi Will,

First off, welcome to Stripes ! I'm quite sure you'll enjoy the ride :-)

The Stripes docos on this point do not really reflect feelings of a
few folks out here, me included ! Many of us have come to the
conclusion that <s:useActionBean> is useless or almost...

The usual scenario goes like :
1/ the browser issues a request to an action
2/ stripes locates the action and invokes one of your events in there
3/ the action loads the object you want to display and makes it
available via a getter
4/ the action forwards to a protected JSP (e.g. under WEB-INF)
5/ the JSP renders what has to be rendered

The browser->action->JSP->browser cycle enables :
* greater flexibility (you can do stuff in your pre action)
* hiding of the backing technology (your could map your actions to
*.blah or /blah/* and don't let everybody know you're using Java)
* URL abstraction (links and forms accept the "beanclass" attribute
instead of "href" so you don't hardcode your visible URLs)
* consistent model (you don't ask yourself how to do things : there's
only one way !)

This is my personal opinion and maybe folks out here will tell you
that pre-actions are not necessarily a good option for given cases...
but if you think about it : if the <s:useActionBean> did not exist,
would you ever have asked youself how to use it ???
:-)

Cheers

Remi

On 1/17/07, Will Gayther <willgayther@...> wrote:
>
> Hi,
>
> I'm just learning Stripes for a project where I'm currently the only one
> working on it. Which gives me a lot of control :-), but not a lot of other
> people to ask for advice!
>
> I feel kind of silly asking such a basic question, but I figure that Stripes
> probably has a standard way of doing this, and I'd like to start things out
> right.
>
> I'd like to have a page like "ShowQuestion.jsp?id=2". Naturally, this page
> will display the question with an id of 2. I'll also add security in the
> action to redirect the page to a security error page. But I'm not sure how
> to do this -
> 1. If I use an action, I'd have to rename the page to ShowQuestion.action,
> 2. The Best Practices page suggests using <stripes:useActionBean ... />, but
> I'm not quite sure if this will work - if they aren't authorized to see that
> question, I need to redirect them to a different page, and it doesn't seem
> like that will work...
>
> I've tried looking at the bugzooky sample app, but it only uses
> <jsp:useBean...
>
> I feel like I'm just missing something really easy, and if anyone would like
> to point out the right way to do it, I'd appreciate it. Thanks!
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@...
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
>

I never did comment on that big long thread a few weeks back.  But to  
chime in here....

Remi, I think you (and the other who voiced similar opinions) are  
mostly right.  I think that in the vast majority of cases it is  
preferable to use a pre-action over useActionBean. As you suggest it  
makes for a less complicated and more elegant solution overall.

The exception to this rule (and where useActionBean is truly useful)  
is when creating embeddable JSPs.  I use useActionBean quite a lot to  
collect data for JSPs when the JSP is embedded (through a layout or  
otherwise) in more than one view.  This allows me to compartmentalize  
the code needed to support the embedded JSP, and still take advantage  
of having the code in an ActionBean instead of right in the JSP.

A little background over how this came about might be informative  
too.  Basically Greg (who contributed an early version of the tag)  
and I had been burned in Struts where it was a whole lot of effort to  
write a basic pre-action.  It was a) write the JSP, b) write the  
action because you can't view the JSP without the action class, c)  
write the XML to glue them together.  And the XML would traditionally  
contain the action mapping and the result mapping.  All of this to  
basically navigate to a page.  So...the useActionBean tag seems like  
a nice simply solution to that.  Except, in retrospect, the process  
is so much easier in Stripes that really it's not necessary.  In  
Stripes you write your 4 line class, and you're done.  So really,  
other than for embeddable stuff, or where you need to use multiple  
beans to pull data in for multiple forms on a page, pre-actions tend  
to be better than useActionBean.

I really should get around to updating that doco.....

-t


On Jan 17, 2007, at 6:02 PM, VANKEISBELCK Remi wrote:

> Hi Will,
>
> First off, welcome to Stripes ! I'm quite sure you'll enjoy the  
> ride :-)
>
> The Stripes docos on this point do not really reflect feelings of a
> few folks out here, me included ! Many of us have come to the
> conclusion that <s:useActionBean> is useless or almost...
>
> The usual scenario goes like :
> 1/ the browser issues a request to an action
> 2/ stripes locates the action and invokes one of your events in there
> 3/ the action loads the object you want to display and makes it
> available via a getter
> 4/ the action forwards to a protected JSP (e.g. under WEB-INF)
> 5/ the JSP renders what has to be rendered
>
> The browser->action->JSP->browser cycle enables :
> * greater flexibility (you can do stuff in your pre action)
> * hiding of the backing technology (your could map your actions to
> *.blah or /blah/* and don't let everybody know you're using Java)
> * URL abstraction (links and forms accept the "beanclass" attribute
> instead of "href" so you don't hardcode your visible URLs)
> * consistent model (you don't ask yourself how to do things : there's
> only one way !)
>
> This is my personal opinion and maybe folks out here will tell you
> that pre-actions are not necessarily a good option for given cases...
> but if you think about it : if the <s:useActionBean> did not exist,
> would you ever have asked youself how to use it ???
> :-)
>
> Cheers
>
> Remi
>
> On 1/17/07, Will Gayther <willgayther@...> wrote:
>>
>> Hi,
>>
>> I'm just learning Stripes for a project where I'm currently the  
>> only one
>> working on it. Which gives me a lot of control :-), but not a lot  
>> of other
>> people to ask for advice!
>>
>> I feel kind of silly asking such a basic question, but I figure  
>> that Stripes
>> probably has a standard way of doing this, and I'd like to start  
>> things out
>> right.
>>
>> I'd like to have a page like "ShowQuestion.jsp?id=2". Naturally,  
>> this page
>> will display the question with an id of 2. I'll also add security  
>> in the
>> action to redirect the page to a security error page. But I'm not  
>> sure how
>> to do this -
>> 1. If I use an action, I'd have to rename the page to  
>> ShowQuestion.action,
>> 2. The Best Practices page suggests using  
>> <stripes:useActionBean ... />, but
>> I'm not quite sure if this will work - if they aren't authorized  
>> to see that
>> question, I need to redirect them to a different page, and it  
>> doesn't seem
>> like that will work...
>>
>> I've tried looking at the bugzooky sample app, but it only uses
>> <jsp:useBean...
>>
>> I feel like I'm just missing something really easy, and if anyone  
>> would like
>> to point out the right way to do it, I'd appreciate it. Thanks!
>> --------------------------------------------------------------------- 
>> ----
>> Take Surveys. Earn Cash. Influence the Future of IT
>> Join SourceForge.net's Techsay panel and you'll get the chance to  
>> share your
>> opinions on IT & business topics through brief surveys - and earn  
>> cash
>> http://www.techsay.com/default.php? 
>> page=join.php&p=sourceforge&CID=DEVDEV
>>
>> _______________________________________________
>> Stripes-users mailing list
>> Stripes-users@...
>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>>
>>
>>
>
> ---------------------------------------------------------------------- 
> ---
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to  
> share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php? 
> page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@...
> https://lists.sourceforge.net/lists/listinfo/stripes-users

Yeah, agreed, the view helper is useful for reusable fragments...

Hmmmm... even these could be encapsulated behind controllers ??
I mean, we could include *actions* into JSPs instead of other JSP fragments ?

stuff like this :

<jsp:include page="/LatestNewsList.action"/>

or even better :
<stripes:include beanclass="com.xyz.web.fragments.LatestNewsListAction"/>
:-)

This would completely hide the fragments behind a unique controller...
fragments would not be plain JSPs any more : even them would have a
pre controller... everything is an action... No need for additional
stuff...

Not sure it's a good idea, it's late and I might already be dreaming yet ;-P

Cheers

Remi

On 1/18/07, Tim Fennell <tfenne@...> wrote:
> I never did comment on that big long thread a few weeks back.  But to
> chime in here....
>
> Remi, I think you (and the other who voiced similar opinions) are
> mostly right.  I think that in the vast majority of cases it is
> preferable to use a pre-action over useActionBean. As you suggest it
> makes for a less complicated and more elegant solution overall.
>
> The exception to this rule (and where useActionBean is truly useful)
> is when creating embeddable JSPs.  I use useActionBean quite a lot to
> collect data for JSPs when the JSP is embedded (through a layout or
> otherwise) in more than one view.  This allows me to compartmentalize
> the code needed to support the embedded JSP, and still take advantage
> of having the code in an ActionBean instead of right in the JSP.
>
> A little background over how this came about might be informative
> too.  Basically Greg (who contributed an early version of the tag)
> and I had been burned in Struts where it was a whole lot of effort to
> write a basic pre-action.  It was a) write the JSP, b) write the
> action because you can't view the JSP without the action class, c)
> write the XML to glue them together.  And the XML would traditionally
> contain the action mapping and the result mapping.  All of this to
> basically navigate to a page.  So...the useActionBean tag seems like
> a nice simply solution to that.  Except, in retrospect, the process
> is so much easier in Stripes that really it's not necessary.  In
> Stripes you write your 4 line class, and you're done.  So really,
> other than for embeddable stuff, or where you need to use multiple
> beans to pull data in for multiple forms on a page, pre-actions tend
> to be better than useActionBean.
>
> I really should get around to updating that doco.....
>
> -t
>
>
> On Jan 17, 2007, at 6:02 PM, VANKEISBELCK Remi wrote:
>
> > Hi Will,
> >
> > First off, welcome to Stripes ! I'm quite sure you'll enjoy the
> > ride :-)
> >
> > The Stripes docos on this point do not really reflect feelings of a
> > few folks out here, me included ! Many of us have come to the
> > conclusion that <s:useActionBean> is useless or almost...
> >
> > The usual scenario goes like :
> > 1/ the browser issues a request to an action
> > 2/ stripes locates the action and invokes one of your events in there
> > 3/ the action loads the object you want to display and makes it
> > available via a getter
> > 4/ the action forwards to a protected JSP (e.g. under WEB-INF)
> > 5/ the JSP renders what has to be rendered
> >
> > The browser->action->JSP->browser cycle enables :
> > * greater flexibility (you can do stuff in your pre action)
> > * hiding of the backing technology (your could map your actions to
> > *.blah or /blah/* and don't let everybody know you're using Java)
> > * URL abstraction (links and forms accept the "beanclass" attribute
> > instead of "href" so you don't hardcode your visible URLs)
> > * consistent model (you don't ask yourself how to do things : there's
> > only one way !)
> >
> > This is my personal opinion and maybe folks out here will tell you
> > that pre-actions are not necessarily a good option for given cases...
> > but if you think about it : if the <s:useActionBean> did not exist,
> > would you ever have asked youself how to use it ???
> > :-)
> >
> > Cheers
> >
> > Remi
> >
> > On 1/17/07, Will Gayther <willgayther@...> wrote:
> >>
> >> Hi,
> >>
> >> I'm just learning Stripes for a project where I'm currently the
> >> only one
> >> working on it. Which gives me a lot of control :-), but not a lot
> >> of other
> >> people to ask for advice!
> >>
> >> I feel kind of silly asking such a basic question, but I figure
> >> that Stripes
> >> probably has a standard way of doing this, and I'd like to start
> >> things out
> >> right.
> >>
> >> I'd like to have a page like "ShowQuestion.jsp?id=2". Naturally,
> >> this page
> >> will display the question with an id of 2. I'll also add security
> >> in the
> >> action to redirect the page to a security error page. But I'm not
> >> sure how
> >> to do this -
> >> 1. If I use an action, I'd have to rename the page to
> >> ShowQuestion.action,
> >> 2. The Best Practices page suggests using
> >> <stripes:useActionBean ... />, but
> >> I'm not quite sure if this will work - if they aren't authorized
> >> to see that
> >> question, I need to redirect them to a different page, and it
> >> doesn't seem
> >> like that will work...
> >>
> >> I've tried looking at the bugzooky sample app, but it only uses
> >> <jsp:useBean...
> >>
> >> I feel like I'm just missing something really easy, and if anyone
> >> would like
> >> to point out the right way to do it, I'd appreciate it. Thanks!
> >> ---------------------------------------------------------------------
> >> ----
> >> Take Surveys. Earn Cash. Influence the Future of IT
> >> Join SourceForge.net's Techsay panel and you'll get the chance to
> >> share your
> >> opinions on IT & business topics through brief surveys - and earn
> >> cash
> >> http://www.techsay.com/default.php?
> >> page=join.php&p=sourceforge&CID=DEVDEV
> >>
> >> _______________________________________________
> >> Stripes-users mailing list
> >> Stripes-users@...
> >> https://lists.sourceforge.net/lists/listinfo/stripes-users
> >>
> >>
> >>
> >
> > ----------------------------------------------------------------------
> > ---
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to
> > share your
> > opinions on IT & business topics through brief surveys - and earn cash
> > http://www.techsay.com/default.php?
> > page=join.php&p=sourceforge&CID=DEVDEV
> > _______________________________________________
> > Stripes-users mailing list
> > Stripes-users@...
> > https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>

I would highly recommend that you use Acegi (http://www.acegisecurity.org/)
for security. You can configure it such that they will never be able to even
get to the URL of your action bean if they aren't logged in, or do not have
the required role.

It makes it much easier to write your action bean code if you can assume the
security has been taken care of already, by another framework or security
filter.

Derek


On 1/17/07, Will Gayther <willgayther@...> wrote:
>
> Hi,
>
> I'm just learning Stripes for a project where I'm currently the only one
> working on it. Which gives me a lot of control :-), but not a lot of other
> people to ask for advice!
>
> I feel kind of silly asking such a basic question, but I figure that
> Stripes probably has a standard way of doing this, and I'd like to start
> things out right.
>
> I'd like to have a page like "ShowQuestion.jsp?id=2". Naturally, this page
> will display the question with an id of 2. I'll also add security in the
> action to redirect the page to a security error page. But I'm not sure how
> to do this -
> 1. If I use an action, I'd have to rename the page to ShowQuestion.action,
> 2. The Best Practices page suggests using <stripes:useActionBean ... /><http://stripes.sourceforge.net/docs/current/taglib/stripes/useActionBean.html>,
> but I'm not quite sure if this will work - if they aren't authorized to see
> that question, I need to redirect them to a different page, and it doesn't
> seem like that will work...
>
> I've tried looking at the bugzooky sample app, but it only uses
> <jsp:useBean...
>
> I feel like I'm just missing something really easy, and if anyone would
> like to point out the right way to do it, I'd appreciate it. Thanks!
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@...
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
>

Hi Will,

> 2. The Best Practices page suggests using <stripes:useActionBean ... />, but I'm not quite sure if this will work - if they aren't authorized to see that question, I need to redirect them to a different page, and it doesn't seem like that will work...

You can try writing something like this:

    public class CheckQuestionActionBean ... {
        private Long id;
        public Long getId() { return id; }
        public void setId(Long id) { this.id = id; }

        public Resolution checkTheId() {
            if (...) {          // can user access the question?
                return null;    // yes, continue rendering the jsp
            }
            // no, redirect to "access denied" page
            try { // (not sure if the .reset() is necessary)
                getContext().getResponse().reset();
            } catch (Exception ex) {
            }
            return new RedirectResolution(...);
        }
    }

and near the top of the jsp:

    <stripes:useActionBean
        beanclass="com.blah.CheckQuestionActionBean"
        event="checkTheId"
        alwaysExecuteEvent="true"
        executeResolution="true"
    />
    <!-- at this point, user CAN see the question -->

Like you, I am also not quite sure if this will work :)

Andy


On Wed, 17 Jan 2007, Will Gayther wrote:

> Hi,

I'm just learning Stripes for a project where I'm currently the only one working on it. Which gives me a lot of control :-), but not a lot of other people to ask for advice!

I feel kind of silly asking such a basic question, but I figure that Stripes probably has a standard way of doing this, and I'd like to start things out right.

I'd like to have a page like "ShowQuestion.jsp?id=2". Naturally, this page will display the question with an id of 2. I'll also add security in the action to redirect the page to a security error page. But I'm not sure how to do this -
1. If I use an action, I'd have to rename the page to ShowQuestion.action,
2. The Best Practices page suggests using <stripes:useActionBean ... />, but I'm not quite sure if this will work - if they aren't authorized to see that question, I need to redirect them to a different page, and it doesn't seem like that will work...

I've tried looking at the bugzooky sample app, but it only uses <jsp:useBean...

I feel like I'm just missing something really easy, and if anyone would like to point out the right way to do it, I'd appreciate it. Thanks!

Just to additionally chime in here, and hopefully not getting too terribly
far from Will's original question, but I tend to use pre-actions rather than
going to the JSP as well.  But not because I want to hide my technology.  I
think that's a bit of an old wive's tale.

I put all my JSP's in the WEB-INF directory in a jsp folder.  I use
constants in my base action bean to specify the location of each one (ie,
MANAGE_USERS_PAGE = "/WEB-INF/jsp/manage_users.jsp";).  I also use constants
to map all my actions.  In my abstract BaseActionBean I have a method:

@DontValidate
@DefaultHandler
public anstract Resolution display();

This method is overriden in any class that extends BaseActionBean and the
new method might look something like:

@Override
public Resolution display()
{
    return new ForwardResolution(MANAGE_USERS_PAGE);
}

You can put more code in the display method if you need to do anything else
before the page is rendered.  I like this because if working on a team, it's
easy for other developers to know what they need to do to display a JSP
page.  And all URL's point to an action.

As far as security, we used a Stripes Interceptor and had stripes load it
with something like:

<init-param>
            <param-name>Interceptor.Classes</param-name>
            <param-value>
                com.app.web.SecurityInterceptor,
                net.sourceforge.stripes.integration.spring.SpringInterceptor
,

net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor
            </param-value>
</init-param>

Works really well for us.

Gregg

On 1/18/07, Andy <andy@...> wrote:
>
> Hi Will,
>
> > 2. The Best Practices page suggests using <stripes:useActionBean ... />,
> but I'm not quite sure if this will work - if they aren't authorized to see
> that question, I need to redirect them to a different page, and it doesn't
> seem like that will work...
>
> You can try writing something like this:
>
>     public class CheckQuestionActionBean ... {
>         private Long id;
>         public Long getId() { return id; }
>         public void setId(Long id) { this.id = id; }
>
>         public Resolution checkTheId() {
>             if (...) {          // can user access the question?
>                 return null;    // yes, continue rendering the jsp
>             }
>             // no, redirect to "access denied" page
>             try { // (not sure if the .reset() is necessary)
>                 getContext().getResponse().reset();
>             } catch (Exception ex) {
>             }
>             return new RedirectResolution(...);
>         }
>     }
>
> and near the top of the jsp:
>
>     <stripes:useActionBean
>         beanclass="com.blah.CheckQuestionActionBean"
>         event="checkTheId"
>         alwaysExecuteEvent="true"
>         executeResolution="true"
>     />
>     <!-- at this point, user CAN see the question -->
>
> Like you, I am also not quite sure if this will work :)
>
> Andy
>
>
> On Wed, 17 Jan 2007, Will Gayther wrote:
>
> > Hi,
>
> I'm just learning Stripes for a project where I'm currently the only one
> working on it. Which gives me a lot of control :-), but not a lot of other
> people to ask for advice!
>
> I feel kind of silly asking such a basic question, but I figure that
> Stripes probably has a standard way of doing this, and I'd like to start
> things out right.
>
> I'd like to have a page like "ShowQuestion.jsp?id=2". Naturally, this page
> will display the question with an id of 2. I'll also add security in the
> action to redirect the page to a security error page. But I'm not sure how
> to do this -
> 1. If I use an action, I'd have to rename the page to ShowQuestion.action,
> 2. The Best Practices page suggests using <stripes:useActionBean ... />,
> but I'm not quite sure if this will work - if they aren't authorized to see
> that question, I need to redirect them to a different page, and it doesn't
> seem like that will work...
>
> I've tried looking at the bugzooky sample app, but it only uses
> <jsp:useBean...
>
> I feel like I'm just missing something really easy, and if anyone would
> like to point out the right way to do it, I'd appreciate it. Thanks!
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@...
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>

Thanks for your guys responses, although I'm still a little confused - how =
do I do a preaction on a jsp that's sitting in a normal location - like /te=
st/ViewQuestion.jsp?=0A=0A=0AVANKEISBELCK Remi - "if the <s:useActionBean> =
did not exist, would you ever have asked youself how to use it ???"=0AWell,=
 actually, yes - that's pretty much the way I'm doing it with straight serv=
lets and jsp's right now! :-) But the need to redirect the page if they are=
n't authorized makes that approach problematic (it seems). However, the pre=
action seems a little more...natural to me, to...=0A=0ATim Fennell - That's=
 an interesting point about the embedable stuff. For a slightly different t=
ake, I like the idea that you go to the .jsp page, and that page references=
 everything you need to know for that page. If you have a url like "/test/V=
iewQuestion.jsp", the actual action could be named SecureAndShowQuestion.ja=
va and it would be a real pain to hunt down which ActionBean actually goes =
with that jsp. If you're using annotations, maybe you could do a text searc=
h...if you've set up naming conventions, then another programmer would have=
 to learn about how the naming conventions work to figure it out. I like pu=
tting a reference to the action in the jsp - but I need the ability to redi=
rect the page in certain cases, to.=0A=0ADerek Ward - Acegi may be interest=
ing, but it looks to complicated for me to look much into right now. It als=
o seems to be tied to Spring, and I'm not using spring. And finally, I'd re=
ally kind of rather handle security in my actions rather than having securi=
ty in yet-another-layer somewhere in the code.=0A=0AAndy - Thanks for sugge=
sting the example, I'm going to give it a try right after I send out this e=
mail - it doesn't seem like a redirect would work, but maybe it would...=0A=
=0AGregg Bolinger - Thanks for the concrete example. My problem, though, is=
 that I'd rather not have my jsp's hidden away in the WEB-INF directory for=
 two reasons:=0A1. I don't want to have to write actions so the user can ac=
cess jsp's that don't actually need actions=0A2. While not that unusual, if=
 I can I'd prefer to leave them in the default location so I don't have to =
hunt them down later.=0A=0AThanks for everyone's replies - if anyone know t=
he answer to the question at the top, that would be great to. Thanks.

You write that pre-action and forward to the JSP from your event.
Stuff like this :

@UrlBinding("/test/ViewQuestion.action")
public class ViewQuestionAction ... {

  ...

  @DefaultHandler
  public Resolution view() {
    return new ForwardResolution("/test/ViewQuestion.jsp");
  }
}

Of course, nothing prevents the user to reach the JSP directly by
typing the URL himself...

Cheers

Remi

On 1/18/07, Will Gayther <willgayther@...> wrote:
> Thanks for your guys responses, although I'm still a little confused - how
> do I do a preaction on a jsp that's sitting in a normal location - like
> /test/ViewQuestion.jsp?

Actually, according to the javadocs for NameBasedActionResolver[1], you
don't even have to create the pre-action if the JSP is publicly available.
So if you have a JSP at /test/ViewQuestion.jsp, if you enter in the URL
/test/ViewQuestion.action, Stripes will first check to see if there is an
ActionBean bound to that URL, and if there isn't, it will check to see if
there is a matching JSP before throwing an error.  This is nice because you
don't have to create an ActionBean simply to forward to a JSP, but if you
decide later you need to perform some logic before the JSP executes, you can
create an ActionBean and you won't have to change any of your links.

[1]:
http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/controller/NameBasedActionResolver.html

On 1/18/07, VANKEISBELCK Remi <remi@...> wrote:
>
> You write that pre-action and forward to the JSP from your event.
> Stuff like this :
>
> @UrlBinding("/test/ViewQuestion.action")
> public class ViewQuestionAction ... {
>
>   ...
>
>   @DefaultHandler
>   public Resolution view() {
>     return new ForwardResolution("/test/ViewQuestion.jsp");
>   }
> }
>
> Of course, nothing prevents the user to reach the JSP directly by
> typing the URL himself...
>
> Cheers
>
> Remi
>
> On 1/18/07, Will Gayther <willgayther@...> wrote:
> > Thanks for your guys responses, although I'm still a little confused -
> how
> > do I do a preaction on a jsp that's sitting in a normal location - like
> > /test/ViewQuestion.jsp?
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@...
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>

> Derek Ward - Acegi may be interesting, but it looks to complicated for me
to look much into right now. 
> It also seems to be tied to Spring, and I'm not using spring. And finally,
> I'd really kind of rather handle 
> security in my actions rather than having security in yet-another-layer
> somewhere in the code.

Here's what you should be doing here.

Simply put, you should be relying on the Servlet model for Security and
leave the implementation to a 3rd party (i.e. the container or Acegi, or
whatever).

The Servlet model is basic, but quite functional. If you want something
beyond what it offers, then you should implement that model on top of the
Servlet model. This leaves the Servlet model as your foundation.

The Servlet model has 2 methods. That's it. It doesn't get much simpler than
that. The two methods are HttpServletRequest.getUserPrincipal() and
HttpServletRequest.isUserInRole().

getUserPrincipal gets you, essentially, the user Login ID. isUserInRole()
takes a role name as a string and returns true if the user is indeed in that
role.

Why would you want to use this? Simply because it's standard to the platform
and your application will port to different containers as well as different
authentication/authorization schemes. It will port because it's completely
ignorant of all of them.

Your code basically punts all of the detail of security to
HttpServletRequest. So what does this mean?

Well, if you use container security, and it works for you, then you get
access to authentication and authorization "for free", with a few container
specific bits (like the Tomcat realms) and some web.xml magic.

If container security won't work for you, then something like Acegi will
support this model as well. 

If you don't like either of those and want to write your own (say the
StripesSecurityFilter from the Bugzooky example), then just tweak the filter
to send your own HttpServletRequestWrapper that implements the
getUserPrincipal and isUserInRole methods properly.

You can still have programmatic control to your logic (just wrap code up in
isUserInRole checks, using whatever mechanism you like -- simple if's,
interceptor patterns, custom filters, whatever).

A lot of folks don't like container managed security for assorted reasons.
But that doesn't mean the basic model of the Principal and isUserInRole is a
bad model. It's a fine model. So, while folks may toss out container managed
security, there's no reason to toss out the actual Servlet Security model.
And regardless of the actual implementation of security on the outside of
the application, this model will port.

> Gregg Bolinger - Thanks for the concrete example. My problem, though, is
> that I'd rather not have 
> my jsp's hidden away in the WEB-INF directory for two reasons:
> 1. I don't want to have to write actions so the user can access jsp's that
> don't actually need actions
> 2. While not that unusual, if I can I'd prefer to leave them in the
> default location so I don't have 
> to hunt them down later.

You can have a pre-action Forward or Redirect any place you want.

return ForwardResolution("/test/ViewQuestion.jsp");

The primary reason that folks bury JSPs in to the WEB-INF folder is that
it's the only folder that essentially guaranteed by the container to be
inaccessible to a client browser. i.e. There's no way the container will
serve up the raw text of the JSP file from the WEB-INF folder, because the
container refuses to acknowledge the existence of that folder in the first
place. If you have ViewQuestion.jsp in the /test directory, there may be
(through some chicanery or trickery) a way to convince the container to
serve up the file as a text file rather than executing it as a servlet.
Problematic if you perhaps have passwords or other sensitive information in
the JSP.

It also prevents the user from directly accessing a JSP from the browser,
even if it does execute the code rather than dump the text, when the user
makes the request, it may be an inappropriate time for it (depending on what
the JSP does).

In my webapps so far, they're small enough that I have all my JSPs in a
single flat directory, and all my actions in a single package. But through
the use of @UrlMapping with the actions, I actually have the actions divided
in to 3 separate areas, for the sake of security. So while my internal
project structure is quite flat, the view to the user is in three different
sub-contexts off of the main webapp. But then I use pre-actions for
everything. The user nevers seens .jsp url in his browser. It's nice using
the UrlMapping to control the logical presentation of the application rather
than being forced by a file hierarchy.

For me, the primary reason I use pre-actions is simply that I don't want my
JSPs to have any affect on the state of the server. They are simply view
only. useActionBean CAN BE (not necessarily is) used to call events on the
action bean which CAN BE used to alter server state.

The way I see it, I need to have the action code anyway (doing whatever it
is that the useActionBean call is going to do), so I may as well take the
JSP completely out of the loop. For me, it cleans the entire project up, and
lets the JSPs be simpler since they have less vested in the overall process.


-- 
View this message in context: http://www.nabble.com/Basic-pre-action-question-tf3030916.html#a8460667
Sent from the stripes-users mailing list archive at Nabble.com.

Hi all,
=20
Can somebody help me out with the following:
I have a bunch of classes with CRUD-jsp's. I created one super
ActionBean class say SuperActionBean. Some of my classes require
specific handling in their own SomeClassActionBean (=3Dsubclass of
SuperActionBean) but most of them only require the default processing
done in SuperActionBean.
How do I configure Stripes such that, whenever it receives a request for
/SomeClass.action and subsequently finds out that SomeClassActionBean
does not exist, in that case it should instantiate SuperActionBean?
I have been fiddling around with a subclass of NameBasedActionResolver
overriding handleActionBeanNotFound or getActionBean(context, string)
but to no avail.
=20
Thanks,
Willem

So I did get it working, by overriding getActionBean in =
NameBasedActionResolver.
However I'm still stuck with something I dislike. I'm following the =
pattern as described in 'Binding Into Domain Models' so when I receive a =
request for /SomeClass.action while SomeClassActionBean does not exist, =
it will instantiate SuperClassActionBean. The problem arises in the .jsp =
where I refer to the actionBean like so:
<stripes:useActionBean binding=3D"/SomeClass.action" var=3D"actionBean" =
/>

by default, however, Stripes does not find the actionBean I created in =
the overridden method getActionBean. In order for Stripes to find it, I =
had to put the actionBean into a request attribute by going =
request.setAttribute("/SomeClass.action", =
newInstanceOfSuperClassActionBean). This I could only find out by =
inspecting the Stripes sources. Is there a better way to trick Stripes =
into reusing the SuperClassActionBean?

Willem


________________________________

De: stripes-users-bounces@... =
[mailto:stripes-users-bounces@...] En nombre de Willem =
Vermeer
Enviado el: mi=E9rcoles, 07 de febrero de 2007 10:59
Para: Stripes Users List
Asunto: [Stripes-users] ActionBean resolution


Hi all,
=20
Can somebody help me out with the following:
I have a bunch of classes with CRUD-jsp's. I created one super =
ActionBean class say SuperActionBean. Some of my classes require =
specific handling in their own SomeClassActionBean (=3Dsubclass of =
SuperActionBean) but most of them only require the default processing =
done in SuperActionBean.
How do I configure Stripes such that, whenever it receives a request for =
/SomeClass.action and subsequently finds out that SomeClassActionBean =
does not exist, in that case it should instantiate SuperActionBean?
I have been fiddling around with a subclass of NameBasedActionResolver =
overriding handleActionBeanNotFound or getActionBean(context, string) =
but to no avail.
=20
Thanks,
Willem

AFAICS, there are two reasonable solutions:

1.- Use only one class and one link, except the concrete cases where a
different subclass is suitable.
2.- Use empty subclasses all around.

There is also http redirection, but that probably is not what you seek
for. Are you sure you need this kind of solution?

Regards,

Ignacio.

On 2/7/07, Willem Vermeer <willem.vermeer@...> wrote:
>
>
> So I did get it working, by overriding getActionBean in
> NameBasedActionResolver.
> However I'm still stuck with something I dislike. I'm following the patte=
rn
> as described in 'Binding Into Domain Models' so when I receive a request =
for
> /SomeClass.action while SomeClassActionBean does not exist, it will
> instantiate SuperClassActionBean. The problem arises in the .jsp where I
> refer to the actionBean like so:
>
>
> <stripes:useActionBean binding=3D"/SomeClass.action" var=3D"actionBean" /=
>
>
> by default, however, Stripes does not find the actionBean I created in th=
e
> overridden method getActionBean. In order for Stripes to find it, I had t=
o
> put the actionBean into a request attribute by going
> request.setAttribute("/SomeClass.action",
> newInstanceOfSuperClassActionBean). This I could only find
> out by inspecting the Stripes sources. Is there a better way to trick
> Stripes into reusing the SuperClassActionBean?
>
> Willem
>
>  ________________________________
>  De: stripes-users-bounces@...
> [mailto:stripes-users-bounces@...] En
> nombre de Willem Vermeer
> Enviado el: mi=E9rcoles, 07 de febrero de 2007 10:59
> Para: Stripes Users List
> Asunto: [Stripes-users] ActionBean resolution
>
>
>
> Hi all,
>
> Can somebody help me out with the following:
> I have a bunch of classes with CRUD-jsp's. I created one super ActionBean
> class say SuperActionBean. Some of my classes require specific handling i=
n
> their own SomeClassActionBean (=3Dsubclass of SuperActionBean) but most o=
f
> them only require the default processing done in SuperActionBean.
> How do I configure Stripes such that, whenever it receives a request for
> /SomeClass.action and subsequently finds out that SomeClassActionBean doe=
s
> not exist, in that case it should instantiate SuperActionBean?
> I have been fiddling around with a subclass of NameBasedActionResolver
> overriding handleActionBeanNotFound or getActionBean(context, string) but=
 to
> no avail.
>
> Thanks,
> Willem
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier.
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronim=
o
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=
=3D121642
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@...
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>