Win a copy of liveProject: Protecting User Data with Spring Security and OAuth2 this week in the Spring forum!

Xavi Sanchez

Greenhorn
+ Follow
since Mar 11, 2008
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Xavi Sanchez

Hi.

I'm taking the exam this week.

Could anyone confirm my deductions please?

Thanks.
Hi.

Regarding Business method interceptor methods (AroundInvoke methods) invocation order, is this correct?

* Invocation rules:
  - If a method is overridden it will not be invoked.
  - Default order is as specified on annotation or DD element.
  - For a given level, annotated interceptors precede DD interceptors.
  - For a given class, invocation is hierarchical from most general superclass.

* Invocation order:
  - Default interceptors.
  - Class-level interceptors.
  - Method-level interceptors.
  - Bean interceptor method.

* Full order with rules applied (always non overridden AroundInvoke methods):
  - Default interceptors as specified in the DD. For each, invocation is hierarchical from most general superclass.
  - Annotated class-level interceptor classes as specified in annotation. For each, invocation is hierarchical from most general superclass.
  - DD class-level interceptor classes as specified in DD. For each, invocation is hierarchical from most general superclass.
  - Annotated method-level interceptor classes as specified in annotation. For each, invocation is hierarchical from most general superclass.
  - DD method-level interceptor classes as specified in DD. For each, invocation is hierarchical from most general superclass.
  - Bean’s superclasses AroundInvoke methods, most general superclass first.
  - Bean’s AroundInvoke method.

Hope that I have explained...

Thank you in advance.
Just says "Be sure that the tag class is available"

I tried in Eclipse and worked so I think it is a JDeveloper issue...
Moreover, <gridview:value/> compiles ok if I use it in a JSP.

Can a tag file be used in another tag file or just in JSPs?
- Error(40): Couldn't instantiate tag gridview:value (class:_oracle._jsp._tag._gridview._value_tag). Be
- Error(40): Couln't find bean class: null defined by tag class: _oracle._jsp._tag._gridview._value_tag


Moreover, I have no problems using other tags from the same folder in JSPs
Hi.

In /WEB-INF/tags/gridview/ I have 2 tag files: grid.tag and value.tag

I want to use value.tag inside grid.tag, so grid.tag is like this:

<%@ taglib tagdir="/WEB-INF/tags/gridview/" prefix="gridview"%>
...
<gridview:value/>
...

JDeveloper is giving compilation error.

Am I doing something wrong or this coul be a JDeveloper issue?

Thanks!
Hi again.

I passed the SCWCD 5 with 89%

Preparation took about 2 months but with about 3 weeks within in which I could not study.

1.Readed HFSJ (1st edition) twice (second time very fast, just to review).
2.Readed Peabody's notes on Patterns
3.Did some online mock exams
4.Did HFSJ final mock exam (78%)

Post-exam feelings:

1.Not difficult, but not easy
2.Plenty of time, done in 2 hours
3.Some questions on patterns tried to be confusing, and one of them really was
4.I think I got wrong at most 2 questions for not memorizing perfectly tags and APIS, but could have been up to 4
5.There was one question with Java 5 foreach loop and another one with generics (which had an error), but just syntax, no real problem
6.There were 3 or 4 quite/really confusing questions, and I really think that 2 of them may be wrong or at least too ambiguous
7.There was 1 "What the hell are you talking about?" question

So now as the book says, I'm ready to become obscenely rich!

Good luck for those who are preparing
Hi.

I don't like Q53 either. I've come to the conclusion that the question is assuming that you are using your own security stuff, not declarative security, as there is no requirement for the container to put the user in session... but even assuming this I don't like it...

In case it helps I've asked about this in
this other post

Other opinions?
Hi.

I've done the HFSJ mock exam and I am very surprised about 2 questions:

Q53: What type of listener could be used to log the user name of a user at the time that she logs into a system?

A. HttpSessionListener
B. ServletContextListener
C. HttpSessionAttributeListener
D. ServletContextAttributeListener

Answer: C

Q31: How would you write the JSP standard action code to import a JSP segment that generates a menu that is parametrized by the user's role?

A. <jsp:include page="user-menu.jsp">
<jsp:param name="userRole" value="${user.role}" />
</jsp:include>
B. Idem with jsp:import
C. Idem with jsp:parameter
D. Idem with jsp:import and jsp:parameter
E. This CANNOT be done using a JSP atandard action

Answer: A

Can anyone explain?
Hi.

For those who have taken the exam recently. How much important do you think that memorizing exactly all the tags and APIs is, either to pass the exam and to get a good score?

Because I find it annoying and quite useless/stupid...

Thanks!
I�ve been collecting suggestions and invetigating on other forums here on JavaRanch and here�s what I�ve got by the moment:

1)Work fellow suggested using JAAS:
a.I think it�s complicating it too much for what I want to do
b.I think I won�t have access to the session during the login process, so anyone knows if, after the authentication, request.getUserPrincipal() will return my own full JAAS principal object or another implementation with just the user login? Because java doc says �Returns a java.security.Principal object containing the name of the current authenticated user�. Anyway I suppose that depends on the vendor, so I wouldn�t like to loose platform neutrality either.
c.Should I open post with this on security forum?

2)Use own login method and authenticate programmatically on container:
a.I think there isn�t a standard way of doing, so if it can be done and how depends on the vendor. Loosing platform neutrality again.

Worst of all is that another work fellow keeps picking on me because this can be done in . NET, and do you know how? with a LoginEvent (I don�t know if it�s true, but I suppose so)

So what the hell I have to do to get my LoginListener brilliant idea included in the next spec? Or shall I move to .Net ?

Thank you very much for your answer!

I can get a feeling of how polling and COMET may work, but with piggybacking... which are the options? any request to the same web app will do the trick? or has to be to the same "page"? or which is the contract or the restrictions?

I'll try to find some documentation if you don't have time to answer.

Thanks again.
Hi Marc.

Thanks for your answer and, by the way, thanks for tour patterns notes! Just a few comments:

1)Althought I don't like it very much, it's the best soluton in performance right now.
2)I had thought of an Intercepting Filter, but as you comment every request is verified, and I'd like to avoid that.
3)I really don't see this one. Even assuming what you say, how would I get the user in the HttpSessionListener?

There isn't really another way? Any idea if future specs will allow something like this?

Thanks again.
Hi.

Could anyone explain how the Reverse Ajax thing works?

Thanks!
Hi!

I got SCJP 5 with 90% on december and now I�m preparing to take SCWCD 5 soon. As I prepare, I try to think how to apply what I�m learning to an application of my company that we will probably soon refactor, and there�s something for which I haven�t found a satisfactory answer. I�ll try to be brief, so if you want further clarifications please just let me know.

1.- All the resources are restricted, I mean the user always has to be logged in to do anything.
2.- There�s information about the user that I always want to keep in session, as it will be used very often, like look & feel preferences.
3.- At the moment this info is loaded in our own login method.

If we change to declarative container managed security (auth-method=FORM, although I think it doesn�t matter), as we can�t control the login method, is there any way we could achieve the same thing? I mean, loading the info when the user logs in, so that we don�t have to check if the info is already there or not throught the rest of requests. It would be like a LoginListener.

Thanks a lot in advance!