FreeMarker

Hi all,

I am a Freemarker user as well as Dreamweaver user and I have been thinking
about developing an extension to Dreamweaver. I haven't seen one for
Freemarker although I saw one posted for Velocity at the Velocity site
recently.

Has anybody done one of these already?  Would this be useful for anyone but
me?

Thanks,

Pete Helgren

Wednesday, April 21, 2004, 6:08:58 PM, Pete Helgren wrote:

> Hi all,
>
> I am a Freemarker user as well as Dreamweaver user and I have been thinking
> about developing an extension to Dreamweaver. I haven't seen one for
> Freemarker although I saw one posted for Velocity at the Velocity site
> recently.

Yeah, and we are starting to be envy about that... ;)

> Has anybody done one of these already?

No. (As far as I know at least...)

> Would this be useful for anyone but
> me?

I surely would be a good thing! Although editing heavily dynamic pages
with a WYSIWYG editor probably will not work (in general it will not;
not just for FreeMarker), but for simple/typical templates it can still
work more/less.

For editing dynamic pages the solution would by if the preview frame of
the editor (I mean, not the HTML source frame, but the WYSIWYG view)
shows the output generated by the servlet, rather than directly the
edited file. And, I have seen that Dreamweaver has a mode that does
that: it shows the HTML returned by the HTTP server... if the plug-in
could work well with this DW feature, that would be nice. And then, a
servlet that allows page editors to use mock-data to see the templates
in different situations (rather than using the real Web application for
previewing the pages) could be a nice thing too.

Anyway, it was just mussing above. Even a very very basic Dreamweaver
plug-in would be nice, as we have nothing currently.

> Thanks,
>
> Pete Helgren

-- 
Best regards,
 Daniel Dekany

Wednesday, April 21, 2004, 6:59:44 PM, Daniel Dekany wrote:

> Wednesday, April 21, 2004, 6:08:58 PM, Pete Helgren wrote:
>
>> Hi all,
>>
>> I am a Freemarker user as well as Dreamweaver user and I have been thinking
>> about developing an extension to Dreamweaver. I haven't seen one for
>> Freemarker although I saw one posted for Velocity at the Velocity site
>> recently.
>
> Yeah, and we are starting to be envy about that... ;)
>
>> Has anybody done one of these already?
>
> No. (As far as I know at least...)
>
>> Would this be useful for anyone but
>> me?
>
> I surely would be a good thing!
[snip]

I meant of course: "It surely would be a good thing!"
Eh... :)

-- 
Best regards,
 Daniel Dekany

It'd definitely be nice. Frankly, I feel like we're at a point where 
FreeMarker's further development will be much more about tools and 
integration than about core development (altough there are still ideas to 
implement there as well). In this light, a Dreamweaver extension would be 
more than welcome.

Cheers,
   Attila.

On Wed, 21 Apr 2004 10:08:58 -0600, Pete Helgren <phelgren@...> 
wrote:

> Hi all,
>
> I am a Freemarker user as well as Dreamweaver user and I have been 
> thinking
> about developing an extension to Dreamweaver. I haven't seen one for
> Freemarker although I saw one posted for Velocity at the Velocity site
> recently.
>
> Has anybody done one of these already?  Would this be useful for anyone 
> but
> me?
>
> Thanks,
>
> Pete Helgren
>
>
>
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> FreeMarker-user mailing list
> FreeMarker-user@...
> https://lists.sourceforge.net/lists/listinfo/freemarker-user
>



-- 
home: http://www.szegedi.org
Visit Szegedi Butterfly fractals at:
   http://www.szegedi.org/fractals/butterfly/index.html

Ok, here's the analysis of the problem:

- we're placing the HttpServletRequest object into the JSP page context, 
as required by the JSP spec. The "JSP page context" is really just the 
FreeMarker data model, so the object gets wrapped.

- the default wrapper is actually a BeansWrapper, so it attempts to 
introspect the object's class for accessible methods. (The object is 
naturally a container-specific implementation of the HttpServletRequest 
interface in org.apache.catalina.core package).

- In the process of doing so, BeansWrapper will call Class.getMethods(), 
and receive the securityException.

Now, there's no easy way around this. One thing that'd work (as long as 
you're *not* subclassing FreemarkerServlet) is to convince your hosting 
provider to at least give these permissions to classes in freemarker.jar.

This is a genuine security problem - if you can't convince the people 
controlling the server to trust freemarker.jar at least to degree to 
configure it with the minimal set of required privileges in the security 
policy file, then you're stuck.

As a matter of fact, this'll occur with *any* JSP taglib, whether external 
or not.

Another way out of this is to use a custom object wrapper class. I.e. one 
that subclasses BeansWrapper, and for the most part just delegates 
functionality to it, but that selectively wraps instances of internal 
Catalina classes into some dummy TemplateModel object (i.e. 
TemplateModel.NOTHING).

something along the lines of:

public class MyObjectWrapper extends BeansWrapper
{
   public TemplateModel wrap(Object o) throws TemplateModelException
   {
     if(o != null && 
o.getClass().getName().startsWith("org.apache.catalina.")
     {
         return TemplateModel.NOTHING;
     }
     return super.wrap(o);
   }
}

If you write such a wrapper class, you can install it by adding this to 
the servlet's configuration in web.xml:
<init-param>
   <param-name>object_wrapper</param-name>
   <param-value>com.foo.MyObjectWrapper</param-value>
</init-param>

Attila.

On Wed, 21 Apr 2004 19:16:52 +0400, Dmitry Kalynchuk 
<messir@...> wrote:

> Hi,
> I've got the following problem trying to deploy my servlet with tomcat 
> 4.1
> under security manager. I'm using latest freemaker 2.3rc3.
> Exception is thrown when any tags from external taglib are encountered.
> Obviously, my hosting provider won't set permissions to
> org.apache.catalina.core package for me, is there another way to make my
> servlet work ?
>

I may have something to "try on for size" this weekend.  It will take me a
while to get familiar with all the Dreamweaver Extension stuff.

Pete



-----Original Message-----
From: freemarker-user-admin@...
[mailto:freemarker-user-admin@... Behalf Of Attila
Szegedi
Sent: Wednesday, April 21, 2004 1:59 PM
To: freemarker-user@...
Subject: Re: [FreeMarker-user] Dreamweaver Extension


It'd definitely be nice. Frankly, I feel like we're at a point where
FreeMarker's further development will be much more about tools and
integration than about core development (altough there are still ideas to
implement there as well). In this light, a Dreamweaver extension would be
more than welcome.

Cheers,
   Attila.

On Wed, 21 Apr 2004 10:08:58 -0600, Pete Helgren <phelgren@...>
wrote:

> Hi all,
>
> I am a Freemarker user as well as Dreamweaver user and I have been
> thinking
> about developing an extension to Dreamweaver. I haven't seen one for
> Freemarker although I saw one posted for Velocity at the Velocity site
> recently.
>
> Has anybody done one of these already?  Would this be useful for anyone
> but
> me?
>
> Thanks,
>
> Pete Helgren
>
>
>
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> FreeMarker-user mailing list
> FreeMarker-user@...
> https://lists.sourceforge.net/lists/listinfo/freemarker-user
>



--
home: http://www.szegedi.org
Visit Szegedi Butterfly fractals at:
   http://www.szegedi.org/fractals/butterfly/index.html


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
FreeMarker-user mailing list
FreeMarker-user@...
https://lists.sourceforge.net/lists/listinfo/freemarker-user

Wednesday, April 21, 2004, 10:34:16 PM, Attila Szegedi wrote:

> Ok, here's the analysis of the problem:
>
> - we're placing the HttpServletRequest object into the JSP page context, 
> as required by the JSP spec. The "JSP page context" is really just the 
> FreeMarker data model, so the object gets wrapped.
>
> - the default wrapper is actually a BeansWrapper, so it attempts to 
> introspect the object's class for accessible methods. (The object is 
> naturally a container-specific implementation of the HttpServletRequest 
> interface in org.apache.catalina.core package).
>
> - In the process of doing so, BeansWrapper will call Class.getMethods(), 
> and receive the securityException.
[snip]

Maybe I'm saying a stupid thing as I didn't dig into this issue, but, is
it a possible solution that: if a security exception occurs then the
wrapper tries to read the list of methods only through the java.** and
javax.** classes/interfaces that the examined object extends/implements?
After all, it really should not expose the implementation specific
details of the Servlet related objects, because if somebody would
utilize that, then his software was not portable between Servlet
implementations.

-- 
Best regards,
 Daniel Dekany

Well, you really didn't dig into the issue :-)
BeansWrapper first introspects the class using java.beans.Introspector - 
so far so good. However, if the class isn't public, a special algorithm 
kicks in. Frankly, I'd believe this algorithm should be already present in 
java.beans.Introspector, but unfortunately it isn't, so we have to do it 
on our own. This algorithm does what you write about: dinamically finds 
the public superclasses/interfaces and extracts the public methods from 
them. Unfortunately, it uses Class.getMethods() on the original, 
non-public class first and that's where the security exception is thrown.

I've analyzed the problem, and I *can* rewrite it so that 
Class.getMethods() is only called on public classes and interfaces. I 
think it'll be a little less efficient in general case, though, but it'll 
avoid tripping accross security checks.

(I'm glad this came up - another opportunity for making FM play more 
nicely in security-restrained environments).

Stay tuned :-)

Attila.

BTW, aren't you glad I ditched Outlook Express? :-)

On Thu, 22 Apr 2004 21:00:46 +0200, Daniel Dekany <ddekany@...> 
wrote:

> Wednesday, April 21, 2004, 10:34:16 PM, Attila Szegedi wrote:
>

[snip]

>
> Maybe I'm saying a stupid thing as I didn't dig into this issue, but, is
> it a possible solution that: if a security exception occurs then the
> wrapper tries to read the list of methods only through the java.** and
> javax.** classes/interfaces that the examined object extends/implements?
> After all, it really should not expose the implementation specific
> details of the Servlet related objects, because if somebody would
> utilize that, then his software was not portable between Servlet
> implementations.
>

Friday, April 23, 2004, 9:24:14 AM, Attila Szegedi wrote:

> Well, you really didn't dig into the issue :-)
> BeansWrapper first introspects the class using java.beans.Introspector - 
> so far so good. However, if the class isn't public, a special algorithm 
> kicks in. Frankly, I'd believe this algorithm should be already present in 
> java.beans.Introspector, but unfortunately it isn't, so we have to do it 
> on our own. This algorithm does what you write about: dinamically finds 
> the public superclasses/interfaces and extracts the public methods from 
> them. Unfortunately, it uses Class.getMethods() on the original, 
> non-public class first and that's where the security exception is thrown.
>
> I've analyzed the problem, and I *can* rewrite it so that 
> Class.getMethods() is only called on public classes and interfaces. I 
> think it'll be a little less efficient in general case, though, but it'll 
> avoid tripping accross security checks.

Then this second strategy should be used only if there was a security
exception... (I still didn't dig so maybe it was something stupid
again... :))

> (I'm glad this came up - another opportunity for making FM play more 
> nicely in security-restrained environments).
>
> Stay tuned :-)
>
> Attila.
>
> BTW, aren't you glad I ditched Outlook Express? :-)

Wow! :) And what mailer agent did you chosen? (I don't see any X-Mailer
headers...)

-- 
Best regards,
 Daniel Dekany

Dmitry,

try

   <http://freemarker.sourceforge.net/hotfix/2.3/freemarker.jar>

This is a private build that I believe should run in your 
security-constrained Tomcat without problems. If everything's alright, the 
changes in this build will go into the next FreeMarker release.

Attila.

On Wed, 21 Apr 2004 19:16:52 +0400, Dmitry Kalynchuk 
<messir@...> wrote:

> Hi,
> I've got the following problem trying to deploy my servlet with tomcat 
> 4.1
> under security manager. I'm using latest freemaker 2.3rc3.
> Exception is thrown when any tags from external taglib are encountered.
> Obviously, my hosting provider won't set permissions to
> org.apache.catalina.core package for me, is there another way to make my
> servlet work ?
>
-- 
home: http://www.szegedi.org
Visit Szegedi Butterfly fractals at:
   http://www.szegedi.org/fractals/butterfly/index.html

Friday, April 23, 2004, 12:10:53 PM, Attila Szegedi wrote:

> Dmitry,
>
> try
>
>    <http://freemarker.sourceforge.net/hotfix/2.3/freemarker.jar>
>
> This is a private build that I believe should run in your 
> security-constrained Tomcat without problems. If everything's alright, the 
> changes in this build will go into the next FreeMarker release.

That would be 2.3 final... but if you are sure it's working. BTW, some
bug fixings would be good, so we can release the final release.

-- 
Best regards,
 Daniel Dekany

I completed the (at least) initial work on a FreeMarker Extension for
Dreamweaver this weekend and sent it out internally for feedback but I
haven't heard from my own workmates yet so I'll make it available for you
folks to try as well.  I think I got all the directives correct. The icons
are a bit amateurish but I am not much of a graphics person.  Improvement
suggestions are welcome.  I AM having some trouble getting linefeeds to
occur when they are between tags (a JavaScript or DW parsing issue, I
think). I also have an issue with file references not being properly offset
with spaces.  But it is, at  least, a start.

If you would take a look and let me know (gently) what you think or how I
can make it more useful I'll jump back in and clean it up.  I do plan to
submit it to Macromedia for inclusion at their developer site but I'd like
to clean up any obvious problems first before I do that.

You can download the .zip file here:
http://www.petesworkshop.com/FreemarkerSuite.zip and once you extract it,
you should be able to double click the .mxp file.  At least, that works for
DWMX 2004.

Pete Helgren
Value Added Software,Inc.
801.581.1154 x202

Monday, May 3, 2004, 7:34:04 PM, Pete Helgren wrote:

> I completed the (at least) initial work on a FreeMarker Extension for
> Dreamweaver this weekend and sent it out internally for feedback but I
> haven't heard from my own workmates yet so I'll make it available for you
> folks to try as well.

I have forwarded a copy of your mail to the freemarker-devel list (I
guess we have more subscribers there). So if you are not subscriber
there, then you may should be.

> I think I got all the directives correct. The icons are a bit
> amateurish but I am not much of a graphics person. Improvement
> suggestions are welcome. I AM having some trouble getting linefeeds to
> occur when they are between tags (a JavaScript or DW parsing issue, I
> think). I also have an issue with file references not being properly
> offset with spaces. But it is, at least, a start.
>
> If you would take a look and let me know (gently) what you think or how I
> can make it more useful I'll jump back in and clean it up.  I do plan to
> submit it to Macromedia for inclusion at their developer site but I'd like
> to clean up any obvious problems first before I do that.
>
> You can download the .zip file here:
> http://www.petesworkshop.com/FreemarkerSuite.zip and once you extract it,
> you should be able to double click the .mxp file.  At least, that works for
> DWMX 2004.

There is Dreamweaver MX 6.0 here, and its extension manager tells that
"This extension package is not compatible with this version of
Macromedia Extension Manager".

> Pete Helgren
> Value Added Software,Inc.
> 801.581.1154 x202

-- 
Best regards,
 Daniel Dekany