Ronan Dowd

Ranch Hand
+ Follow
since Jan 21, 2006
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Ronan Dowd

Hi All,

My webapp uses (among other technologies like JSP, Ajax, Dojo etc) JSF v1.2 on Webshere 7.0.

I've been fixing security issues in the code recently - in particular Cross Site Request Forgery (CSRF) vulnerabilities. The suggested approach to combat CSRF is to embed a hidden unique token in your form (and also store this same token in the session). In the controller logic (i.e that handles the form's POST) we then check that the session and request token match. I've used this in my JSP's to combat CSRF successfullu. Basically I have a filter which executes before the form loads. This filter creates the unique token and stores in request and session and so on ..

Now for JSF 1.2 ...

I'm wondering how I do this in JSF v1.2 ? Would any one have an code samples or resource they could point me towards ? Is there a filter mechanism we can employ or some callback on the post ?
One idea I had is that to populate to form with the hidden token I would do (in the form):

<h:inputHidden id="jsfSecurityToken" value="#{myBean.securityToken}"/>

In "myBean.java" I have a getSecurityToken method which
a) creates the token
b) stores it into the request
c) stores it into the session

BUT I don't know how/where on the post I can CHECK if these values match

Page 40/41 of http://turbomanage.files.wordpress.com/2009/10/securing-jsf-applications-against-owasp-top-ten-color.pdf mentions "isPostBack" but I'm not sure how to use this.

Any help would be great

Thanks - Ronan
11 years ago
JSF
Actually I just experimented and ..




//this does print "Not Running" .. but how do I change this to "Running"

Thanks - Ro
11 years ago
Hi All,

I'm using Java 1.6 and want to write code which searches for a particular piece of text between 2 delimeters and then changes that text.

I've a string as below and I want to programmatically replace any text between the "[START]" and "[END]" delimeters with the text "Running"

"[START]Not Running[END]"

The above would then get updated to be:

"[START]Running[END]"

Any help would be great. Perhaps I use the matches method in Pattern ? But not sure how I change text in between 2 matches.

Thanks - Ro

11 years ago
Hi all,

I'm wondering if there's a way I can access a java message bundle outside of the
war file I'm currently running in, i.e. one that's defined in a completely different war file in fact.

For example:
myapp.war: contains Test.java (well the class file, you know what I mean). This
class file needs to access the message bundle defined in another.war (same machine)

another.war: contains (among other things) the directory structure "WEB-INF/classes/boreas/nl/". This directory contains "myResources.properties" which contains key/value pairs.

Is there a way I can access that (correctly localized) myResources.properties of another.war from my Test
class in myapp.war ? I'm using WAS v7 btw and java 1.6

Any help would be great.
Thanks - Ro
12 years ago
Hi All,

Can someone tell me which version of WSDL is required for the exam ?

Thanks, Ro
Hi Czeslaw,

Thanks for the reply. I hadn't heard of that certification product before. I took a look at the demo on that link you provided and it looks quite good.

Cheers. Ro
Thanks for the reply. Is there any sample papers/exams at all available do you know? It's only that from doing the java programmer then web component certifications and using whizlabs that having a feel for the kinds of questions is so valuable, and being able to know if your ready to take the exam. I'd be nervous sitting the exam without having done some "sample exams"
Any thoughts would be great.
Thanks. Ro
Hi Ivan,

Interesting re: whizlabs you mentioned. Are there any other exam simulator that you folks would recommend for the JEE5 version of the exam ?.

I'm thinking that if I did download that whizlabs version, some (not all I know) question might be a little redundant. If there was a better and more appropriate simulator
for the JEE5 exam I'd consider that one :-)

Any thoughts/advice would be great.
Thanks, Ro
Heya,

This isn't answering your question but just wanted to say that's a really good presentation about the differences between JAX-RPC and JAX-WS.
Thanks for including the link in your post.

Cheers. Ro
Hi All,

In my previous certifications I've used Whizlabs and plan to do this time around also. But I noticed that on the whizlabs site (http://www.whizlabs.com/scdjws/scdjws.html) the
product is for CX-310-220. This is the older Java1.4 version of the exam. Does anyone know if Whizlabs have the current CX-310-230 (for JEE5) product?
If not could you recommend similiar products to Whizlabs that are good?

Thanks, Ro
Hi All,

According to the exam objectives, knowledge of the BP 1.1 is required. Does the BP1.1. cover/reference both SOAP 1.1. and SOAP 1.2.
If so does this mean that one needs to know both these versions of SOAP for the exam ?

Thanks, Ro
Hi All,

Just wondering if there's a handy tool out there (on the web etc) that enables an XML fragment to be validated against a schema ?
I do realised I could write a SAX/DOM java class which would validate it one against the other but was wondering if there's a tool on
the web (maybe soapUI or something like it) that currently exists ?

Any help would be great.
Thanks, Ro
Hi All,

Just wondering if anyone could point me towards where I could find (if possible) some free mock exams for SCDJWS.
I do intend to buy the full Whizlabs product shortly but want to get a general early-on feel for what the questions look like.

Any help/advise would be great.
Thanks (and Happy Christmas!)
Hi Ivan, was able to get the notes from that link just now.
Thanks! Ro