| Time |
S |
Nick |
Message |
| 01:54 |
|
|
kobain joined ##javaee |
| 01:54 |
|
|
kobain joined ##javaee |
| 01:55 |
|
|
kobain joined ##javaee |
| 01:55 |
|
|
kobain joined ##javaee |
| 01:56 |
|
|
kobain joined ##javaee |
| 01:56 |
|
|
kobain joined ##javaee |
| 01:57 |
|
|
kobain joined ##javaee |
| 01:57 |
|
|
kobain joined ##javaee |
| 01:58 |
|
|
kobain joined ##javaee |
| 01:58 |
|
|
kobain joined ##javaee |
| 01:59 |
|
|
kobain joined ##javaee |
| 01:59 |
|
|
kobain joined ##javaee |
| 02:18 |
|
Naros2 |
whartung: you ever used a composite PK on an entity that extended another @MappedSuperclass ? |
| 02:19 |
|
Naros2 |
The PK fields are being created with the lowest fields of the class hierarchy first, then the parent fields. This creates problems where the PK index is backward. |
| 02:20 |
|
Naros2 |
child.fieldC, parent.fieldB, grandparent.fieldA rather than fieldA, fieldB, fieldC |
| 02:20 |
|
Naros2 |
afaik, only solution is not to use @MappedSuperclass with composite keys and hardwire the PK columns in the proper order. |
| 11:50 |
|
|
Guest87977 joined ##javaee |
| 12:54 |
|
|
Guest87977 left ##javaee |
| 13:42 |
|
|
Naros joined ##javaee |
| 13:46 |
|
|
SoniEx2|2 joined ##javaee |
| 14:02 |
|
|
Guest87977 joined ##javaee |
| 14:12 |
|
pdurbin |
buh? even when I `git stash` what I've been working on, clean and build, restart glassfish and netbeans, I'm suddenly getting this: |
| 14:13 |
|
pdurbin |
PWC1382: Allocate exception for servlet edu.harvard.iq.dvn.core.web.servlet.SWORDv2ContainerServlet |
| 14:13 |
|
pdurbin |
java.lang.ClassFormatError: Absent Code attribute in method that is not native or abstract in class file edu/harvard/iq/dvn/core/web/servlet/SWORDv2ContainerServlet |
| 14:15 |
|
pdurbin |
by `git stash` I mean I rolled back to the previous commit: https://github.com/IQSS/dvn/commit/79bc2d8 |
| 14:25 |
|
* pdurbin |
tries rebooting |
| 14:47 |
|
pdurbin |
ok |
| 14:47 |
|
pdurbin |
the solution: cd ~/Library/Caches/NetBeans && mv 7.2.1 7.2.1.moved6 |
| 14:47 |
|
pdurbin |
same solution as http://devguide.thedata.org/errors/duplicate-class |
| 14:48 |
|
pdurbin |
phew! |
| 14:48 |
|
pdurbin |
friggin netbeans |
| 15:04 |
|
Guest87977 |
pdurbin, why dont you use IDEA |
| 15:05 |
|
pdurbin |
is it free for Java EE? |
| 15:29 |
|
|
Naros joined ##javaee |
| 16:00 |
|
whartung |
Naros, Naros2: no i've not used a composite PK. I've been fortunate to be able to design my DBs with knowledge of JPA, and just haven't bothered with that kind of complexity. |
| 16:06 |
|
Guest87977 |
pdurbin, its free as community version |
| 16:07 |
|
Naros |
whartung: OK. yah looks like even when no inheritance is in place, I suspect hibernate is creating the PK columns ordered by alphanumeric names which is BAD |
| 16:07 |
|
whartung |
heh |
| 16:07 |
|
whartung |
doh |
| 16:08 |
|
Naros |
Since FIELD_ID is the third property in the Embeddable yet its the first column in the PK :S |
| 16:08 |
|
whartung |
yea |
| 16:08 |
|
Naros |
Makes lookups jump all over the index |
| 16:08 |
|
Naros |
Appears I'll be maintaining the DB entirely from SQL scripts :P |
| 16:09 |
|
whartung |
that's what we do -- sorta |
| 16:09 |
|
whartung |
we have a process where we continually add SQL snippets to an SQL file |
| 16:09 |
|
Naros |
it's just another layer of complexity I would much rather avoid. |
| 16:10 |
|
whartung |
then each time the app starts up, it checks which snippets have run and just plays the new ones. It works really well. |
| 16:10 |
|
whartung |
it also does some cross DB tweaks as well, but the big benefit is the incremental deployment of sql |
| 16:11 |
|
Naros |
Agreed. |
| 16:12 |
|
Naros |
We do something similar, I was just hoping when creating a new test DB that the hibernate schema updater would have done a better job |
| 16:12 |
|
Naros |
thankfully I can use TOAD, export the schema, tweak it and reimport. |
| 16:13 |
|
whartung |
yea, well, you can't really trust those anyway, it's too generic. Sometime DB updates are more sophisticated than simply adding a column to a table |
| 16:13 |
|
Naros |
then save the DDL script |
| 16:13 |
|
whartung |
what's nice is you can deploy a new container, throw in the jdbc driver, configure a DB pool, and then deploy the app -- shazam instant DB. |
| 16:13 |
|
whartung |
come back 6 months later, deploy the new version, shazam, updated DB |
| 16:13 |
|
Naros |
aye that is sweet. |
| 16:14 |
|
Naros |
we aren't that sophisticated with DB updates here |
| 16:14 |
|
Guest87977 |
I want to add permissions to user like (can do thing A, can do thing B, ...) is adding multiple roles in spring security a better option (like role:CanDoA, CanDoB, CanDoC) ? if yes. how to do that in http://pastebin.com/fB22NN2z |
| 16:14 |
|
Guest87977 |
its not authentication. its authorization ^ |
| 16:15 |
|
whartung |
in general, you want to use Roles to do that Guest87977 |
| 16:15 |
|
Guest87977 |
hm. |
| 16:15 |
|
Guest87977 |
whartung, how to add multiple roles than in the paste code |
| 16:15 |
|
whartung |
actually, you want to do it via privileges that are mapped to roles in your app, IMHO. I can't speak to Spring anything, I don't know it. |
| 16:16 |
|
Guest87977 |
k |
| 16:16 |
|
Guest87977 |
whartung, spring will maintain them in the session and wont go to database again and again? |
| 16:16 |
|
Naros |
Guest87977: We do precisely that. |
| 16:16 |
|
whartung |
I have no idea Guest87977 |
| 16:16 |
|
Naros |
We define privileges like AO_VIEW_ATTACHMENTS and AO_MODIFY_ATTACHMENTS |
| 16:17 |
|
Guest87977 |
Naros, ok |
| 16:17 |
|
Guest87977 |
Naros, spring will maintain them in the session and wont go to database again and again? |
| 16:17 |
|
Naros |
In our case, each authorization object (AO) has some metadata but generally speaking, the code checks if the user has that authorization and if so, the guard passes. |
| 16:17 |
|
Naros |
Yes, Spring Security only loads them during the login process by default |
| 16:17 |
|
Guest87977 |
k |
| 16:18 |
|
Naros |
You must supply a list of authorizations when you create the UserDetails object |
| 16:18 |
|
Guest87977 |
Naros, ya. can you show me how to pass list of auths? |
| 16:18 |
|
Naros |
now that list can be empty ofc ;P |
| 16:18 |
|
Naros |
hm, 1 sec. |
| 16:18 |
|
Guest87977 |
K |
| 16:19 |
|
Naros |
http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/core/userdetails/User.html |
| 16:19 |
|
Naros |
you see the constructor for User ? |
| 16:20 |
|
Naros |
Create yourself a class that implements GrantedAuthority for your code base. |
| 16:20 |
|
Naros |
Create yourself a class that extends User (if you need additional logic) |
| 16:20 |
|
Guest87977 |
Naros, iam already using it. http://pastebin.com/fB22NN2z iam just ambigous on how to add multiple roles |
| 16:20 |
|
Naros |
then construct and return the UserDetails object from the authentication service. |
| 16:21 |
|
Naros |
look at your getAuthorities method |
| 16:21 |
|
Guest87977 |
ya |
| 16:21 |
|
Naros |
authList.add(new GrantedAuthortyImpl("ROLE_USER_CAN_DO_X")); |
| 16:21 |
|
Naros |
authList.add(new GrantedAuthortyImpl("ROLE_USER_CAN_DO_Y")); |
| 16:21 |
|
Naros |
authList.add(new GrantedAuthortyImpl("ROLE_USER_CAN_DO_X")); |
| 16:21 |
|
Naros |
oops, last one should be Z |
| 16:21 |
|
Guest87977 |
hm |
| 16:22 |
|
Naros |
all granted authority implementation offers is a class which holds a single authorization by string name. |
| 16:22 |
|
Guest87977 |
ok. I would add multiples .add to list inside the if() statement |
| 16:23 |
|
Naros |
usually you would have some database table that has a relationship of user to priveleges |
| 16:23 |
|
Naros |
and you load that relationship and populate that list from that resultset. |
| 16:23 |
|
whartung |
yup |
| 16:23 |
|
Guest87977 |
if(acces.equals(canDoX)) {authList.add(new GrantedAuthortyImpl("CanDoX"));} |
| 16:24 |
|
Guest87977 |
if(acces.equals(canDoY)) {authList.add(new GrantedAuthortyImpl("CanDoY"));} |
| 16:24 |
|
Guest87977 |
but |
| 16:24 |
|
Guest87977 |
how to change line 69 of http://pastebin.com/fB22NN2z |
| 16:24 |
|
Naros |
getAuthorities(userName) ? |
| 16:24 |
|
Naros |
:P |
| 16:24 |
|
Guest87977 |
its just aim confused |
| 16:24 |
|
Guest87977 |
Naros, yes |
| 16:25 |
|
Naros |
In Hibernate, your User entity should have some relationship to a List<Authorization> entities |
| 16:25 |
|
Naros |
when u fetch your user, eagerly load that list<> |
| 16:25 |
|
Naros |
then in getAuthorities(), pass in the user, iterate the List<> :P |
| 16:26 |
|
Naros |
now if you dont map that relationship via the entities but have a way to fetch it via some other query mechanism, then just pass in the user id or whatever FK of the user to get the list of authorization values. |
| 16:26 |
|
Naros |
it's still an iteration, list.add() concept. |
| 16:27 |
|
Guest87977 |
hm |
| 16:27 |
|
Naros |
let me see if i can get my code for u to show u |
| 16:27 |
|
Guest87977 |
so I need to pass up a collection of AUTHORITIES in getAuthorities(2) |
| 16:28 |
|
Guest87977 |
so I need to pass up a collection of AUTHORITIES instead * getAuthorities(2) |
| 16:28 |
|
Guest87977 |
Naros, ok |
| 16:28 |
|
Naros |
http://pastebin.com/jCRu6JtT |
| 16:28 |
|
Naros |
this is just some dummy code but gives you an idea. |
| 16:28 |
|
whartung |
Users have Roles, Roles have privileges. When the user is loaded, the Roles are iterated across and from that you create a set of privileges. When checking for access, you check for inclusion of the right in the users set of privileges. |
| 16:29 |
|
Guest87977 |
hm |
| 16:29 |
|
Guest87977 |
Thanks |
| 16:29 |
|
Guest87977 |
whartung, well, roles in this case are the privileges |
| 16:29 |
|
whartung |
yea, they shouldn't be |
| 16:29 |
|
Guest87977 |
shouldnt be? then what should it be like? |
| 16:30 |
|
whartung |
consider |
| 16:30 |
|
whartung |
a simple CRUD screen |
| 16:30 |
|
Naros |
we do some funny stuff there because we need to be able to combine authorization permissions because role 1 may grant PRIV1 with some value list of A, B but another role 2 may grant PRIV2 with some value list of C, D. The net result is PRIV1 with A, B, C, and D for the user. |
| 16:30 |
|
whartung |
that alone has 4 separate privileges. CAn Read, Can Create, Can Update, Can Delete. |
| 16:31 |
|
whartung |
now do that for a few dozen tables, and you have hundreds of privileges. |
| 16:31 |
|
whartung |
Those privileges are too fine grained, and assigning them directly to users is unwieldly |
| 16:31 |
|
Naros |
Exactly. |
| 16:31 |
|
whartung |
so you group them in to Roles |
| 16:31 |
|
whartung |
Then you assign the Roles to users |
| 16:31 |
|
Guest87977 |
hm |
| 16:31 |
|
Naros |
And authorization is like can view attachments or can maintain attachments. We then create a role and combine authorizations. then assign a few roles to a single user. |
| 16:32 |
|
whartung |
exactly |
| 16:32 |
|
whartung |
and there is no shortcut here. This is one reason why user security/role management/privleges, etc. sucks. It's a lot of detail to manage. |
| 16:33 |
|
whartung |
many people punt with something like "User.canDo("privilege") || User.isAdmin()" |
| 16:33 |
|
whartung |
and that's super lazy weak sauce |
| 16:33 |
|
whartung |
because they don't want to maintain the privilege set for an Admin |
| 16:33 |
|
whartung |
because maintained that detail is a pain |
| 16:33 |
|
whartung |
but you should do it anyway. |
| 16:33 |
|
Guest87977 |
well out app already have groups . one user may have multiple groups and he be a member of. and auths belong to groups, not users directly. so this would happen == <Naros> we do some funny stuff there because we need to be able to combine authorization permissions because role 1 may grant PRIV1 with some value list of A, B but another role 2 may grant PRIV2 with some value list of C, D. The net result is PRIV1 with A, B, C, and D for th |
| 16:33 |
|
Guest87977 |
e user. |
| 16:34 |
|
Guest87977 |
but its good and ok.. |
| 16:34 |
|
Guest87977 |
in my case |
| 16:35 |
|
Guest87977 |
well i would have to check the user groups by itereating each auth for each group. and combining them. so its complicated but i think thats how its going to me |
| 16:35 |
|
Guest87977 |
be* |
| 16:35 |
|
Naros |
Your groups sound similar to roles then. |
| 16:35 |
|
whartung |
yea |
| 16:35 |
|
whartung |
it's not hard Guest87977 |
| 16:35 |
|
Guest87977 |
Naros, yes. but those are groups for much more things |
| 16:35 |
|
Guest87977 |
whartung, am. ya. for starters it is :) |
| 16:35 |
|
whartung |
just build the privilege set once when the user is loaded, and compare against the set. EZ |
| 16:35 |
|
Naros |
Perhaps, but its something you'll have the iterate and get to the fine grained data non-the-less. |
| 16:35 |
|
Guest87977 |
whartung, ya. thats what i would do |
| 16:36 |
|
Naros |
Once you get the dataset,, you'll be able to later add a Spring Security filter that refreshes the authorization list on each secure page request with ease. |
| 16:36 |
|
Naros |
meaning, once u get it working just for login. |
| 16:36 |
|
Naros |
the other is really simple to add later. |
| 16:37 |
|
Guest87977 |
Naros, you mean spring sec will again fetch database data to refresh? |
| 16:37 |
|
Naros |
You can writer a filter and hook it into the security filter chain to do that, yes. |
| 16:37 |
|
Guest87977 |
Naros, you mean spring sec will again fetch database data to refresh on each page request? |
| 16:37 |
|
Guest87977 |
Naros, whats the default behaviour? |
| 16:37 |
|
Naros |
it wont do it on its own at that point, YOU have to do it yourself. |
| 16:38 |
|
Guest87977 |
hm |
| 16:38 |
|
Guest87977 |
ok |
| 16:38 |
|
Naros |
default behavior is just you give the User object some authorizations at login ONLY. |
| 16:38 |
|
whartung |
store the user in the session |
| 16:38 |
|
Naros |
whartung: it is by default |
| 16:38 |
|
Guest87977 |
ok |
| 16:38 |
|
Naros |
SecurityContextHolder holds all that information |
| 16:38 |
|
Guest87977 |
Naros, whartung it wont be fun if i do all that in the old fashion way of sessions and request.Get.. manually instead of spring? |
| 16:38 |
|
Naros |
it gets initialized on each request by spring security so that the static singleton class gives u access to the principal at any moment in time. |
| 16:39 |
|
whartung |
I can't speak to spring. |
| 16:39 |
|
Guest87977 |
whartung, i said instead of spring |
| 16:39 |
|
Naros |
Guest87977: the session management is done by default by spring security. |
| 16:39 |
|
whartung |
User user = (User)request.getSession().get("user") ; |
| 16:39 |
|
Guest87977 |
Naros, yes. |
| 16:39 |
|
whartung |
I don't consider that particularly daunting |
| 16:39 |
|
Guest87977 |
whartung, but its a bit coding overload. right |
| 16:40 |
|
whartung |
not really |
| 16:40 |
|
whartung |
there's no reason to do it more than once, you can have a simply utility that returns it for you, you can make it part of the lifecyelc of your web action thing (whatever framework you're using). All sorts of ways to bury this and make it "free" |
| 16:41 |
|
Naros |
UserDetails u = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal() |
| 16:41 |
|
Naros |
That's all u need anywhere to get your user details :P |
| 16:41 |
|
Guest87977 |
wait a minute. if user cant go to site.com/someReistrictedPage but if he knows how to send the values by the from in that page. he can access/retrieve. any solution for that? (as spring only restricts urls, not form data in them) |
| 16:41 |
|
Naros |
ofc, check for NullPointerExceptions :P |
| 16:42 |
|
Naros |
that's business API |
| 16:42 |
|
whartung |
different problem |
| 16:42 |
|
Guest87977 |
sory? |
| 16:42 |
|
Naros |
If users request data for facility A and B but are only permitted to see facility A, you have to check that during form validation |
| 16:43 |
|
whartung |
like you said, one layer of security protects access to the page itself, but it's another layer to protect the data |
| 16:43 |
|
Naros |
but you can hook into the authorization list at that point and validate |
| 16:43 |
|
whartung |
GET http://host.com/app/ViewSensitiveThing?id=notsupposedtoseething |
| 16:43 |
|
Naros |
that's why we extended GrantedAuthority class :P |
| 16:43 |
|
whartung |
a person may be authorized to get to ViewSensitiveThing page, but not have access to notsupposedtoseethis |
| 16:44 |
|
whartung |
two different layers of security |
| 16:44 |
|
Naros |
Exactly |
| 16:44 |
|
Naros |
But the same layer can handle both easily. |
| 16:44 |
|
Naros |
you just have to extend spring security to do it |
| 16:44 |
|
whartung |
sure, still use privileges to manage it |
| 16:44 |
|
Guest87977 |
hm |
| 16:44 |
|
Naros |
now they'll tell you to use ACLs, but ZOMGZ dont |
| 16:45 |
|
Guest87977 |
how to handle the second layer to protect data? |
| 16:45 |
|
Naros |
you dont want to store CRUD flags for every single entity |
| 16:45 |
|
whartung |
if (thing.hasSecurityLevel3 && User.hasPrivilege("can_see_security_level_3) { // let them in } |
| 16:45 |
|
Naros |
http://pastebin.com/xwGVJ5mP |
| 16:46 |
|
Naros |
Do you see how we extended GrantedAuthority? |
| 16:46 |
|
Naros |
You can extend it however you want to do your checks by privelege. |
| 16:47 |
|
Naros |
we use the hasValue() and hasValues() methods to accomplish what you are talking about |
| 16:47 |
|
Guest87977 |
whats serialVersionUID |
| 16:47 |
|
Naros |
hehe, that's requireed for Serializable objects |
| 16:47 |
|
Guest87977 |
hm |
| 16:47 |
|
Naros |
anything you stick into the session should be serializable |
| 16:47 |
|
Naros |
particularly if you are deploying to a cluster. |
| 16:48 |
|
Guest87977 |
I think I would first setup the role thing . then come back to know about data securtiy |
| 16:48 |
|
Naros |
You can. |
| 16:48 |
|
Guest87977 |
this is advanced |
| 16:48 |
|
Guest87977 |
whats serialzable. its only to move data from one medium to another i think |
| 16:49 |
|
whartung |
most apps don't need higher granularity of access than simply access to the table itself |
| 16:49 |
|
Naros |
http://www.javapractices.com/topic/TopicAction.do?Id=45 |
| 16:49 |
|
Naros |
that talks about Serializable |
| 16:50 |
|
Guest87977 |
k |
| 16:50 |
|
Guest87977 |
thanks! |
| 16:50 |
|
whartung |
you need your stuff in your session to be serializable if you want the session to survive server restarts or do anything with failover |
| 16:51 |
|
Naros |
I'd argue even if you don't use those two, its always best to prepare for it |
| 16:51 |
|
Naros |
Can be a headache after the fact. |
| 16:51 |
|
whartung |
well, the compiler automatically assigns a serial id if you don't. |
| 16:51 |
|
Naros |
Also, your hibernate entities should implement Serializable if you plan to implement a second level cache too. |
| 16:52 |
|
Naros |
aye, but MyEclipse complains if I don't so I do :P |
| 16:54 |
|
pdurbin |
Guest87977: Java EE support comes with "IntelliJ IDEA Ultimate" not "IntelliJ IDEA Community Edition": http://www.jetbrains.com/idea/ :( |
| 17:41 |
|
Guest87977 |
whartung, Naros why serialize any way? i mean thres alot of text on this subject but is there a one line answer to what serializationdo |
| 17:41 |
|
whartung |
serialization is what allows the JVM to copy an object out to, say, a file. |
| 17:41 |
|
whartung |
(and then read it back in) |
| 17:41 |
|
Guest87977 |
pdurbin, ultimate is free for 30 days |
| 17:41 |
|
whartung |
serialization is pervasive in java |
| 17:41 |
|
Guest87977 |
try it pdurbin |
| 17:42 |
|
Guest87977 |
whartung, oh |
| 17:42 |
|
Guest87977 |
got it! |
| 17:55 |
|
Naros |
Guest87977: Lets say you have to tomcat servers operating in a cluster. you likely want their session data to be used by both in a load balancing scenario or fail over scenario. if the data isn't serializable, the session data can't be shared. |
| 17:55 |
|
Naros |
*two tomat |
| 17:55 |
|
Naros |
*tomcat |
| 17:56 |
|
Naros |
in the case of hibernate, ehcache for example creates files on disk with the most recently accessed entities. therefore they need to be serializable to be stored on disk. |
| 17:57 |
|
Guest87977 |
hm |
| 17:57 |
|
Guest87977 |
what excactly is happened to the data that is serialized? |
| 17:58 |
|
Naros |
Guest87977: you know JSON right? |
| 17:58 |
|
Guest87977 |
yes |
| 17:59 |
|
Naros |
ok, java class -> json -> java class |
| 17:59 |
|
Guest87977 |
I had difficult time choosing b/w xml and json though |
| 17:59 |
|
Naros |
tomcat takes the data and makes a file representation of the class data. Then the other tomcat server can read it in and reconstruct the class |
| 17:59 |
|
Guest87977 |
Naros, ok. java class -> json -> java class is serialization? |
| 17:59 |
|
Guest87977 |
oh |
| 18:00 |
|
Guest87977 |
Naros, the file representation of a class/ object is basically serialization? |
| 18:00 |
|
Naros |
Yes, but doesn't have to be limited to a file representation. |
| 18:00 |
|
Naros |
Could ship an object across any pipe (tcp, etc) |
| 18:01 |
|
Guest87977 |
is serialized object be read by any language/ technology? |
| 18:01 |
|
Guest87977 |
is serialized object by one language *be read by any language/ technology? |
| 18:01 |
|
Naros |
This is java specific. |
| 18:01 |
|
Guest87977 |
oh |
| 18:01 |
|
Guest87977 |
ok |
| 18:01 |
|
Guest87977 |
if its java secific. why not just pass it in the form of object data? |
| 18:01 |
|
Naros |
But you can hook into this for other languages/technology too |
| 18:01 |
|
Guest87977 |
from one tomcate to another. |
| 18:03 |
|
Naros |
i think you need to read about Serializable to get a better understanding. |
| 18:03 |
|
Naros |
It's Java's way of writing the contents of a class to a stream. |
| 18:03 |
|
Naros |
And how Java can reinterpret and read that stream back in to construct that class. |
| 18:04 |
|
Naros |
It's part of java.lang.Object :P |
| 18:05 |
|
Naros |
er java.io |
| 18:05 |
|
Naros |
Many technologies use their own means. For example, RPC uses marshalling to serialize a remote procedure call |
| 18:06 |
|
Naros |
it's nothing more than fancy serialization. |
| 18:06 |
|
Naros |
COM/CORBA are also based on similar concepts |
| 18:11 |
|
Guest87977 |
hm |
| 18:12 |
|
Guest87977 |
i see |
| 18:14 |
|
Guest87977 |
lame question: if my form page is site.com/groups/create what should be the form action="(url?)" |
| 18:16 |
|
Naros |
that likely depends on your framework. |
| 18:16 |
|
Guest87977 |
spring |
| 18:16 |
|
Guest87977 |
i mean are there any conventions? |
| 18:17 |
|
Naros |
That's really up to your application |
| 18:17 |
|
Guest87977 |
k |
| 18:17 |
|
Naros |
our urls are restful like such as /context/inventory/item/detail/6/109394 but that was just our choice. |
| 18:18 |
|
Guest87977 |
thats what i would go for |
| 18:18 |
|
Naros |
but that could easily be /context/itemDetails?fid=6&iid=109394 |
| 18:18 |
|
Naros |
hence up to u :P |
| 18:30 |
|
Guest87977 |
ok |
| 19:00 |
|
|
Guest87977 left ##javaee |
| 19:17 |
|
pdurbin |
free for 30 days. hmm. I'll try it someday |
| 19:27 |
|
|
Guest342342 joined ##javaee |
| 19:27 |
|
Guest342342 |
Naros, this is what you were saying about spring forms where I can use @annotations http://codetutr.com/2013/05/28/spring-mvc-form-validation/ ? |
| 19:28 |
|
Guest342342 |
Naros, why not do it by hand, the old traditional way? |
| 19:28 |
|
Naros |
Because that is often lots more code than a few annotations :P |
| 19:29 |
|
Guest342342 |
hm |
| 19:29 |
|
Naros |
I'd argue form validation is probably highly dependent on tastes. |
| 19:29 |
|
Guest342342 |
Have to make a class for every from (for its fields) |
| 19:30 |
|
Guest342342 |
? |
| 19:30 |
|
Naros |
Well there are benefits to doing that. |
| 19:30 |
|
Guest342342 |
like? |
| 19:30 |
|
Naros |
In fact, we do that precisely in our app |
| 19:30 |
|
Naros |
Maybe you have 2 or 3 controllers that take the same form but do different stuff. |
| 19:30 |
|
Guest342342 |
hm.. |
| 19:31 |
|
Naros |
We have several controllers that take the same search forms but the outcome is very different. Rather than duplicate the search form logic, it's factored out into a model and then the controller implements ModelDriven<MyForm> |
| 19:31 |
|
Naros |
the controller sets the values on the MyForm object and we use that inside the action. |
| 19:32 |
|
Guest342342 |
isnt it obviouse , by the way, that a form with fixed field of input may only have on use? |
| 19:32 |
|
Naros |
It's also more pleasing and easier to read than looking at a controller with lots of internal state plus all these get/set and properties for form fields. |
| 19:32 |
|
Guest342342 |
isnt it obviouse , by the way, that a form with fixed field of input may only have on use by one controller.. as its for a specific funtion/purpose? |
| 19:34 |
|
Guest342342 |
if say its a user registration form. only one controller will use it. none else? |
| 19:34 |
|
Naros |
That's a very specific use case though. |
| 19:34 |
|
Guest342342 |
Naros, I didnt knew you used spring for form validation? |
| 19:34 |
|
Guest342342 |
Naros, do you have an example for more generic use case? |
| 19:35 |
|
Naros |
We dont use spring validation. |
| 19:35 |
|
Naros |
Struts2 has it's own validation framework which is configured in adjacent action XMLs. |
| 19:35 |
|
Naros |
ItemSearchAction-validation.xml |
| 19:36 |
|
Guest342342 |
i guess similar to spring? |
| 19:36 |
|
Guest342342 |
and @valid @notnul things |
| 19:36 |
|
Naros |
Yes, it has an annotated version and a XML based version. |
| 19:37 |
|
Naros |
but there is also a procedural approach |
| 19:37 |
|
Guest342342 |
hm |
| 19:37 |
|
Guest342342 |
Naros, do you have an example for more generic use case? |
| 19:37 |
|
Naros |
which we use. e.g. your old style |
| 19:37 |
|
Naros |
public void validateSearch() { if(form.someField() == null) addActionError("your field is null"); } |
| 19:38 |
|
Guest342342 |
hm |
| 19:38 |
|
Naros |
mainly because many forms have field dependencies which can't be expressed in annotations or xml configurations. |
| 19:38 |
|
Guest342342 |
ok |
| 19:39 |
|
Guest342342 |
can you tell an example for more generic use case in which one form class is used by many controllers? |
| 19:42 |
|
Naros |
Get me all purchase orders for a given part #. |
| 19:42 |
|
Naros |
Get me all purchase requisitions for a given part # |
| 19:42 |
|
Naros |
Get me all transactions for a given part # |
| 19:42 |
|
Naros |
All 3 take a part # and a facility # |
| 19:43 |
|
Naros |
what resources are accessed are different. The views are very different. But the data exchange from client to server for the action are precisely the same. |
| 19:43 |
|
Guest342342 |
can I merge two from classes in a given method of a controller? |
| 19:43 |
|
Guest342342 |
merge/user in combination |
| 19:43 |
|
Naros |
i dont follow. |
| 19:44 |
|
Naros |
In Struts, I cannot merge two forms unless you mean one extends the other. |
| 19:44 |
|
Guest342342 |
e.g userDetailsFrom + userOfficialDetailsForm both classes used in a controller method , combined data. |
| 19:45 |
|
Naros |
IDK about spring, but in Struts, no. One form extends the other and then the controller is based on the extended form. |
| 19:45 |
|
Guest342342 |
so then : |
| 19:45 |
|
Naros |
and a form is nothing more than a pojo :P |
| 19:45 |
|
Guest342342 |
e.g userDetailsFrom extends userOfficialDetailsForm both classes used in a controller method , combined data. |
| 19:45 |
|
Naros |
sure, that's jdk 101 :P |
| 19:46 |
|
Naros |
userDetailsForm would contain its own data and that from the userOfficialDetailsForm |
| 19:46 |
|
Guest342342 |
ok |
| 19:51 |
|
Guest342342 |
Mmmm hope there would be ajax support too . instead of reloading all the page every time an input field error occurs |
| 19:57 |
|
Naros |
depends on framework. if they're static errors, usually validation fires once during submission. |
| 19:57 |
|
Guest342342 |
hm have to look into spring |
| 21:59 |
|
|
SoniEx2 joined ##javaee |
