swetha ma

Greenhorn
+ Follow
since Jul 10, 2010
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by swetha ma

Well, I tested it using struts.xml for configuration rather than annotations and it works fine.

why are annotations not working on Jboss. Is there something that needs to be configured so that Jboss can load these struts2 annotations
13 years ago
I'm using annotations for configuration. Below is the snapshot of action class



13 years ago
I'm trying to deploy Struts2.2.1 web application on JBOSS 4.2, I'm getting this weird error.


namespace and action name are correct, the same application works fine on Tomcat6.

I've even added the constants specified in Struts2 documentation for Jboss -- http://struts.apache.org/2.x/docs/convention-plugin.html#ConventionPlugin-JBoss



is there any problem with Jboss? something else to configure?

Thanks
Swetha
13 years ago
well, I figured out that this question is really not related to web service, but is about handling user credentials in web app. However I'm posting the solution i found, just in case if someone else needs

tradeoffs of using basic authentication

GET /secured/secure.html HTTP 1.1
.
.
Authorization: BASIC aG10aGVyZTplbmNvZGVk

Authorization field is in plaintext and, as we have seen, can be captured by a third party using a network monitor or any one of a number of other tools.

Once this plaintext is captured, the third party can either decode the user ID and password and attempt to use this information to log on to the system or replay the authorization string to retrieve pages from the server.

Solution:
To protect this information, the only real option is to use SSL or an equivalent secure protocol. Using basic authentication over an unsecured connection is extremely hazardous and allows a third party to possibly intercept the request and decode the user ID and password

Reference:
http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci997878_mem1,00.html?ShortReg=1&mboxConv=searchEnterpriseDesktop_RegActivate_Submit&

13 years ago

My Java Web Application communicates with the back-end through web services.

All the back-end web services are secured and requires me to send either user name and password or BASIC authentication string in SOAP Headers for every call

In order to send BASIC Authentication string for every call, i 'm thinking to save the authentication string in session.

Could anyone guide me, if it is safe to save the authentication string in session

Thanks
Swetha
13 years ago
I have one-to-one relationship between two objects (EventActivity & Event).

public class EventActivity extends AbstractTrainingActivity
{

@OneToOne(fetch = FetchType.EAGER)
@PrimaryKeyJoinColumn
private Event event;

public Event getEvent() {
return event;
}

public void setEvent(Event event) {
this.event = event;
}

}

when I try to save EventActivity, everything in AbstractTrainingActivity is getting saved but the Event Object is not getting saved.

Is there any way to tell hibernate to save the associated objects in one-to-one mapping ???