Raible Designs

[ANNOUNCE] Struts-JavaServer Faces Integration Library -- Early Access Version Now Available

I'm happy to announce the immediate availability of an integration library
that allows you to use the recently published EA3 release of JavaServer
Faces with a recent Struts build (nightly build 20030216 or later, or 
the upcoming 1.1-rc2 or finalrelease).  Nightly builds of this package are 
available at:

 http://jakarta.apache.org/builds/jakarta-struts/nightly/struts-faces/

The sources for this package are in the  "contrib/struts-faces"
subdirectory of the  "jakarta-struts" CVS repository.

You should take note of the following important points:

* The design goal of this library was to allow Struts application
 developers to migrate the view tier of their applications from the
 existing Struts tags, to pages that use corresponding JavaServer Faces
 component tags, with no changes to the corresponding business logic.
 This goal has been substantially achieved for simple applications
 so far; additional work will be necessary for more advanced apps.
 As a proof of concept, the JavaServer Faces based version of the
 canonical  "struts-example" web application is included in the
 distribution, so that you can see for yourself how little had to be
 changed.

* The integration library has been tested under Tomcat 4.1.18 and
 the Java Web Services Developer Pack (version 1.0_01), although in
 principle it should run on any Servlet 2.3/JSP 1.2 container.
 (It will not run on Servlet 2.2/JSP 1.1 containers).

* There is a known issue when trying to run JavaServer Faces EA3
 under the recently released Java Web Services Developer Pack
 (version 1.1).  Watch the JavaServer Faces web page (at the URL
 listed above) for up-to-date information on workarounds.

* The JavaServer Faces distribution is an EA release, not suitable for
 use in production environments.  In addition, the license terms
 under which it can be downloaded prohibit redistribution.  Therefore,
 you will need to download your own copy of JavaServer Faces EA3 and
 integrate it with the example application before it can be deployed.

* The integration library should also be considered to be of alpha
 quality, not suitable for production use.  There are a set of known
 issues and limitations at the bottom of the README.txt file.  Please
 file bugs against this package in the usual Bugzilla location:

   http://nagoya.apache.org/bugzilla/

* For generic questions about JavaServer Faces (i.e. not related to this
 integration library), your best resource is the JavaServer Faces forum
 (free registration required) at:

   http://forum.java.sun.com/forum.jsp?forum=427

See the README.txt file in the top-level subdirectory for more information
about installing and using this release.

Craig McClanahan

How do you initialize Hibernate?

If you're using Hibernate in a servlet container, then you're probably using a hibernate.cfg.xml file to configure Hibernate and talk to your JNDI database connection. If you're not, you might want to consider it. My question is, where do you initialize Hibernate? In version 1.2.3, you call Hibernate.configure() to do this, and everything will startup and be ready - providing that hibernate.cfg.xml is in your classpath (WEB-INF/classes).

// Configure Hibernate.
try {
    Hibernate.configure();
    if (log.isDebugEnabled()) {
        log.debug("Hibernate configuration completed...");
    }
} catch (HibernateException h) {
    h.printStackTrace();
    throw new UnavailableException("Error configuring Hibernate: " + h.getMessage());
}

I've been using a StartupServlet that is set to load first, and is also responsible for putting drop-down options into the application scope. However, it has recently come to my attention that I could easily use a ServletContextListener and initialize it (and my drop-downs) in the contextInitialized() method.

So my question is - which is better? From what I can tell, they do the same thing and I've never had any issues with the StartupServlet. Can anyone offer some pros/cons to each approach? Which do you use?

Try this sucker out with an attachment.

[ANNOUNCE] Tomcat 5.0.1 Alpha Released!

This is huge for me, as I need to start working with JSP 2.0 for my own personal satisfaction (less code == more productivity). I know that Resin supports JSP 2.0 as well, but I'm familiar with Tomcat and it's free. The most I've ever done with Resin (to this point) is to install it. To my knowledge, Resin is not free (esp. when I'm running a business site like this one). Anyway, on with the e-mail from the tomcat-user mailing list.

Tomcat 5.0.1 Alpha is now available for testing.

This is actually the first real milestone of Tomcat 5, as Tomcat 5.0.0 did not include any new feature over 4.1.x other than the support for Servlet API 2.4 drafts and JSP 2.0 drafts.

Tomcat 5.0.1 includes:
- improved performance (with additional improvements planned)
- complete montoring capabilities through JMX, with JSR 77 support
- clustering capabilities (not included with that build as a binary)
- JMX configuration capabilities
- with a lot more to come in later milestones

[Downloads]

XDoclet now supports Hibernate 2.0 (almost)

I finished patching XDoclet to allow for Hibernate 2.0 support. I say almost in this post's title because someone still has to commit it. Seems to work pretty good on struts-resume. I can't get one of my unit tests (UserManagerTest) to run, so I won't be releasing tonight (though I was hoping to). Maybe tomorrow. Here's a rough draft of features and plans in the coming 0.6:

Features in 0.6
===============
- Upgraded to Hibernate 2.0 (http://tinyurl.com/6b00) and 
  Struts 1.1RC1 (http://tinyurl.com/6cp9).
- Fixed Validation issues when attempting cancel validation and using
  LookupDispatchAction (document in Struts 1.1RC1 link above).
- Moved opening Hibernate sessions from being at a method level to being passed
  in to each method on the business/persistence tier.  Sessions are now obtained
  via the ActionFilter.getSession() method.
- Added SMTPAppender to log4.properties to e-mail errors that occur in log 
  files.
- Added "Remember Me" feature - for details see http://tinyurl.com/6du0.
- Added "Current User" count as a demonstration of a Tiles Controller.

// TODO for 0.7 
- Add Skills, SkillGroups, Education, Experience to the mix.  Make them 
  all editable when editing a resume using the Struts Nested Tag Library.
- Figure out a way to display resumes to anonymous users.  Do I create XML 
  versions of a resume in "resources/${username}" or use a servlet that maps
  to something like /struts-resume/view/${username}.  I like the servlet 
  idea better, then it's dynamic.  However, how often does a resume really
  change.
- Complete tests for all Action classes using StrutsTestCase.
- When Tomcat 5 become stable, or I figure out how to install an app on Resin 3,
  figure out a way (using Ant) to create JSP 2.0-compliant distribution.
  
// TODO for 0.8
- Add Transformers and XSL for transforming an XHTML document to XML or Text.  
  PDF will be covered in a later release.
- Allow a way for users to register (similar to Roller).
- Create User Administration interface with sortable/pageable list of users.
- Complete tests for all JSPs using Canoo WebTest.

Struts Update: 1.1 beta 3 to 1.1 RC1

While upgrading Hibernate last night and this morning, I also upgraded Struts. Now I'm having some issues there, so I'd better document those too. First of all, the following line doesn't seem to be rendering any client-side JavaScript anymore:

<html:javascript formName="resumeForm"
      dynamicJavascript="true" staticJavascript="false"/>

Update 1: Nevermind, it seems my Internet connection went dow while starting Tomcat. Since the Digester couldn't validate the Struts' XML configuration files with their respective DTDs, it stopped them from loading.

Update 2: This turned out to be a legitimate issue. Adding cdata="false" to the above tag enabled the browser to see the JavaScript by removing the "<![CDATA[" after <script type="text/javascript">

Revisiting the Hibernate upgrade, I needed to add dom4j.jar to WEB-INF/lib to solve java.lang.NoClassDefFoundError: org/dom4j/Node.

Now I'm getting:

java.lang.NoClassDefFoundError
	at net.sf.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:571)

What the @#$*%#? hibernate2.jar is in WEB-INF/lib??

Update 3: I had to add cglib.jar to WEB-INF/lib as well. Now back to an issue I'm having with the Validator where client-side validation is working when I click "cancel" (as in, it's disable), but server-side is kicks in. Argghhhh!

Update 4: I found an issue (via the struts-user list) about using the Validator with LookupDispatchAction. It basically doesn't allow you to control validation on a method level, so I've hacked the following workaround.

I changed <html:cancel> to be <html:button> and added onclick="cancel()", where cancel() is the following JavaScript method:

<script type="text/javascript">
function cancel() {
    location.href = '<html:rewrite forward="cancelUser"/>';
}
</script>

The "cancelUser" forward points to "/editUser.do?action=Cancel", which is an action-mapping that doesn't have validation (validation="false") and this hits the "cancel" method on UserAction and routes appropriately.

Phew - I'm beat. I never realized being an upgrade-happy-keyboard-monkey could be so much work!

JSP 1.2 <-> JSP 2.0

Here's something that I need: A way to convert JSP 1.2 pages to JSP 2.0 pages. Basically, this only really involves changing all the <c:out value="${...}" /> tags to be simply ${...}. I have a couple motivations for this. The first is that Wrox wants struts-resume and security-example to be written using JSP 2.0 (it is a JSP 2.0 book after all). However, I'm afraid that most developers won't be able to use 2.0 for quite some time, considering that the J2EE 1.4 (with JSP 2.0) won't be released until this summer. So I'd like a way to create a JSP 1.2 version and a JSP 2.0 version of my these applications from the same source code. What would be best - to write the source in JSP 1.2 and then parse it for <c:out /> tags and strip them accordingly? I'd rather write the source in JSP 2.0 and then add in the <c:out /> tags using Ant, since it'd be much simpler. Then again, I've already written a fair amount using JSTL with 1.2. Comments and suggestions are encouraged!

Easy Windows Authentication with Tomcat 4.x

The original blog entry by Robert Rasmussen has disappeared from the Internet (cannot find server) so I'm reproducing it here via Google's caching feature. I've made a few changes to pretty up the formatting, but that's about it.

I've been pulled into a little internal project, and one of the requirements is that users should be able to authenticate with their Windows login and password. IIS may or may not be in the picture.

Since the server is a Windows 2000 machine, this turns out to be extremely simple to do thanks to Andy Armstrong's JAAS login modules.

Once you've downloaded the login modules, set your classpath accordingly and make sure that the directory holding NTSystem.dll is in your %PATH% variable. Next, in the "Sample config" folder you'll find a tagish.login file and a java.security.sample file. The last line in the .sample file is significant, and it needs to be in your $JAVA_HOME/jre/lib/security folder (in a file named java.security). You should copy the tagish.login file there as well. If your users will always be logging into the same domain (which is the case in my situation), just set the defaultDomain property in tagish.login, like this:

NTLogin
{
    com.tagish.auth.win32.NTSystemLogin required returnNames=true returnSIDs=false defaultDomain=YOUR_DOMAIN_HERE;
};

Now, all you need to do to use Windows authentication in your webapps is to make one addition to your server.xml file (or to your specific context's definition):

<Realm className="org.apache.catalina.realm.JAASRealm" debug="99"
       appName="NTLogin"
       userClassNames="com.tagish.auth.win32.NTPrincipal"
       roleClassNames="com.tagish.auth.win32.NTPrincipal" />

I'll admit this config is slightly hokey. If you look at the Catalina JAASCallbackHandler (which is hardwired to JAASRealm), the way that I have the realm configured above pretty much counts on the User principal (in effect, the user name) being the first principal returned. This is evil, but it works. It would be nice if either Catalina allowed a pluggable CallbackHandler so that I could take advantage of the NTPrincipal.getType() method or if Andy's code returned subclasses of NTPrincipal like UserPrincipal or GroupPrincipal that I could specify in server.xml.

Once you've got this all configured, the various groups your users belong to equate to role names (so if I belong to an administrators group, my authenticated user will be in role "administrators"), and you can configure security in your webapps using these roles.

RE: Who reads them anyways....

Laurent Michalkovic has an interesting post on the fact that no one reads the specs. I read them two years ago, that's right - in December of 2001. I read all of the ones that that interested me at the time: JSP 1.2, Servlet 2.4, J2EE 1.3 and EJB 2.0. I downloaded them all and printed them out and read them. It was boring and cost me around $150 just in printer cartridges. They had good information, they're just dry. Luckily, I was very motivated to read them. I was studying for the Web Component Developer exam from Sun, so the JSP 1.2 and Servlet 2.4 specs were essential reading. I read J2EE 1.3 and EJB 2.0 shortly thereafter while studying to become a BEA Certified Developer. Interesting thing about the BEA exam, I ended up concentrating on WebLogic-specific stuff to pass the exam. Not much on standards, mostly questions on server configuration, clustering, etc.

I've skimmed through the latest ones, but I haven't read them page-by-page cover-to-cover. Besides, the mere size of each will scare you off:

• Servlet 2.4: 309 pages
• JSP 2.0: 458 pages
• J2EE 1.4: 242 pages
• JSTL 1.0: 219 pages
• JSF 1.0 EA: 117 pages

That's a heckuva lot of reading. When studying for these certifications, I also picked up Professional Java Server Programming J2EE, 1.3 Edition by Wrox. I actually thought this was a great book and I learned a lot more from it than I did from reading the specs.

Interestingly enough (or maybe not at all), I also bought (and read) J2EE Applications and BEA WebLogic Server. However, the BEA Documentation site turned out to be a better resource than that book!

Help: Which servers support HTTP Digest Authentication?

In my security chapter, I am describing HTTP Digest Authentication (please correct me if I'm wrong on any of this).

This (HTTP Digest) authentication mechanism identifies a user based on a username and password, and the client transmits the password in an encrypted form such as SHA or MD5. HTTP 1.1-enabled browsers are required to support it, at least according to this page. According to the Servlet 2.4 spec, it is not currently in widespread use, and therefore Servlet containers are not required to support it.

Now for the part I need help on. Which of the following servers support HTTP Digest? Tomcat, JBoss, Resin, Orion, WebLogic, WebSphere and Sun ONE. To test this, in your web.xml you would configure your <auth-method> to be DIGEST:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>My Application</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>My Test Application</realm-name>
</login-config>

According to this implementing WebSphere Security article from December 2002, WebSphere 4 doesn't support it. I wonder if version 5 does? Thanks for any assistance you can offer!

Update: I was missing a required element (<web-resource-name>) in the XML above, and I added <realm-name> for display on the dialog box. Tomcat (v4.1.18) supports DIGEST just fine. The dialogs do change between the types though - the differences are below.

HTTP Basic Dialog


HTTP Digest Dialog