Kevin P Smith

Ranch Hand
+ Follow
since Feb 18, 2005
Merit badge: grant badges
For More
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Kevin P Smith

Arh yes it works with the struts2-spring.2.3.8.jar I had the 'reverse' jar spring-struts2.jar

11 years ago

I have the spring-struts-plugin.jar but guess I'm not using it properly.

Another interesting read I just found is this, not tried any of it yet though.

Cheers for the input.
11 years ago
Hi guys,

Spent the past day or so trying to set up a little Struts2, Spring3 (eventually Hibernate4) app with Annotations eg @autowired
but am having a little trouble.

For some reason my Action is always dropping to teh error.jsp, because my TestService is NULL.
Just wondering if anyone can see an obvioius reason why this is the case. I think I have included everything I need to below...

I'm sure it's going to turn out to be something stupid...

Thanks in advance

11 years ago
Hi guys,

Using Struts2 with annotations, I have set up a very simplistic webapp which starts up and I can manually go directly to a JSP (so I know it's working in a basic form)

But when I create a simple Struts2 Action using annotations like the one below

And go to the URLs:

I get the following error:

But if I just go to a URL like

It works (finds the page).

Could anyone explain this?

11 years ago
Hi guys,

I'm trying to loop through a simple List<String> imagesList

I have tried both JSTL & JSF and can't get this to work, on both occasions I get the same issue. Only the final image is displayed.
If I output just the URL (no IMG tag) I get all 3 results, so it's the IMG tag that's breaking it (I guess)

As I say, don;t care if it's JSF (repeat, datagrid) or JSTL (forEach)
My loop (JSTL):

Any help on how to get this working would be great!

11 years ago
You've touched on point 2 with this person too.

I think if you go directly to the login page and login, you get redirected to.... the login page! :-)

So I thought maybe my login link could actually try to take the user to their ./secure/homepage page, that would sort of work around it.
11 years ago
Hi Ulf,

Yes I noticed you replied to my post a few weeks back about JAAS and if it was worth the effort.

I think j_security_check would be the closest fi to what I'm looking for (basically a simple login, but with some 'roles' witin the the admin side of things).

There are although, a couple of issues I have with j_security_check.

Plain text! Now maybe this isn't an issue at all, but I have always encrypted (MessageDigest) passwords. I can't see a way to do this with j_security_check, in fact it seems to work with clear text passwords.

Going straight to a login page. j_security_checker is great for attempting to access a secure page, but if the user goes to a login form?

Actually on point 2, I suppose my 'login' link could try to take the user to their 'homepage', then it would goto the login screen first and then redirect to the 'homepage'.
11 years ago
OK, this is more an general enquiry than anything...

This isn't fully working code; in fact it was written quickly so is more pseudo code than real code.

I'm just wondering, from a 'stupidly simple' user login point-of-view; what do JAAS, j_security_checker, Shiro etc do
which this doesn't (excluding Realms for now, will look at that later.)?
Why would (if at all) this be an unsecure (ineffective) method of simply checking a user's username/password and allowing them
to a secure page if authenticated, else redirecting them to the login screen. By that I mean is there a way you could do XYZ and always be authenticated.



Example Filter

Cheers in advance

11 years ago
Fantastic, cool & cheers all rolled into one!
11 years ago
Hi guys,

I have the following code for generating and reading a secretKey file which I use for encode/decode.

Just wondering if anyone could shed any light onto why I get the

Error when running my encryption/decryption code.

below is the code for generating the key and reading the key and encryption/decryption...



Cheers in advance

11 years ago
Hi Ulf

Thanks for the response, I thought maybe I was missing something obvious with JAAS when I read it.

I have had a little look at Shiro (although haven't got it working yet); just wondering where does Shiro compare to j_security_check? More-or-less the same, an extension or totally independent new framework?
Can you use j_security_check with digest (something like SHA512)?
11 years ago
Been looking into security in regards to webapps; which until now I have just used handwritten classes for simple
username/password lookups.

I have had a play around with j_security_check/Realms with Tomcat and this all seems pretty straight forward (but nbot sure what it gives you, that doing this yourself doesn't).

But recently started looking into J2EE JAAS and got to thinking... WHat is actually that good about JAAS?

Looking at a simple example I see that it (for this example) reads in your username/password
Passes them into a LoginContext (what?) which uses a hand written CallbackHandler class which in turn calls a
LoginModule (a lot of classes going on here)

The CallbackHandler then just seems to take the username/password and set something called NameCallback & PasswordCallback
which then get passed into the LoginModule.login method which (again) sets a NameCallback & PasswordCallback
but ultimately all it then does is a simplest of simple 'isEquals' checks:

So what has JAAS actually done that a simple handwritten class which passes in a username/password encrypts the password to something like SHA-512 and then does a simple lookup of the username, gets the User object, gets the salt (however you fancy doing that) for that User and encrypts the passed in password and compares to the password related to the found username, doesn't?

Whenever I try to find an answer into why you should use JAAS, I usually just find some copy-n-pasted reference that's clearly come from the Java offical description of what JAAS is, but not actual hand-on experience of it benefits.
What makes JAAS more secure, easier, benefitial in the real World, is it more secure than a DIY authentication, or is it just a way of saying "Our website used J2EE JAAS security".

11 years ago
I have Dynamic Web Project (web-app) and standard java Project (common-app)

What I was hoping to do, I get web project to use the standard project as a location for all common classes, so if I have multiple web-apps they can all access classes from this common location

I have set-up a the Projects link in ‘Configure Build Path > Projects’ in my web-app to use the common-app, and this works as development; but as soon as I deploy I get a ‘Class not found’ on any class from the common-app which is used in the web-app.

The problems are thrown on sever start-up in my application-context.xml where I have things like:


How can I set up my web-app so it uses the common-app, as I don’t particularly want to replicate things like my ‘model’ package if I can avoid it

Cheers in advance
11 years ago
So I guess in the above senario a @ViewScoped would be suited?

This is the example I built this on (but I use Spring/Hib instead of EJB/JPA)

I goto index.jsf

In doing so, my app passed through a @PostConstruct method in Index class and 'gets' my List and displays it to my view (index.xhtml)

Here I can edit/delete/add rows (user_edit.xhtml). When happy with my changes I click 'save' call the save method which
sends updated List to DB then returns to a confirm screen (which I guess would then re-get the new List from the DB)

And a similar method could be used to display a confirmation view, as with calling the user_edit.xhtml view, I guess.

Will take some getting used to but think I'll get it. I'll expand my testApp and see how it goes.

11 years ago
Hmmm, OK. Just wondering though, why I can pass an Object like String, Integer or custom Object back, but not a collection.

But in regards to how JSF 'should' work. What would be the best way of handling the senario.

- testMethod1() sets a List of values
- List is displayed in my xhtml page
- I edit one value from the list and click 'save'
- testMethod2() does stuff.

By the time I get to testMethod2() List is null again. So I'll end up re-init it from something like @PostConstrut and have to do a load of
logic to find the updated entry etc... Would be a lot easier to just pass the updated List back to the Bean like you can with other objects.

Doesn't seem to be doing much more than a bulk standard Servlet httpRequest to me.
11 years ago