struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject struts-site git commit: Adds TOCs
Date Tue, 05 Sep 2017 09:32:03 GMT
Repository: struts-site
Updated Branches:
  refs/heads/master 04d894c47 -> c036f9f02


Adds TOCs


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/c036f9f0
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/c036f9f0
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/c036f9f0

Branch: refs/heads/master
Commit: c036f9f02051f7ce3dc81b1be338abac42d16ccd
Parents: 04d894c
Author: Lukasz Lenart <lukaszlenart@apache.org>
Authored: Tue Sep 5 11:31:52 2017 +0200
Committer: Lukasz Lenart <lukaszlenart@apache.org>
Committed: Tue Sep 5 11:31:52 2017 +0200

----------------------------------------------------------------------
 _config.yml                                     |  3 +
 .../core-developers/parameters-interceptor.md   |  6 +-
 source/getting-started/http-session.md          | 84 +++++++++++++-------
 3 files changed, 65 insertions(+), 28 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts-site/blob/c036f9f0/_config.yml
----------------------------------------------------------------------
diff --git a/_config.yml b/_config.yml
index de8e65c..ffbe528 100644
--- a/_config.yml
+++ b/_config.yml
@@ -21,3 +21,6 @@ beta_release_date_short: 20160126
 
 # Allows directly edit pages on GitHub
 repository_url: https://github.com/apache/struts-site
+
+# Used to generate links to Struts Core ApiDocs
+apidocs: /maven/struts2-core/apidocs

http://git-wip-us.apache.org/repos/asf/struts-site/blob/c036f9f0/source/core-developers/parameters-interceptor.md
----------------------------------------------------------------------
diff --git a/source/core-developers/parameters-interceptor.md b/source/core-developers/parameters-interceptor.md
index f944af3..9f6a428 100644
--- a/source/core-developers/parameters-interceptor.md
+++ b/source/core-developers/parameters-interceptor.md
@@ -4,6 +4,10 @@ title: Parameters Interceptor
 ---
 
 # Parameters Interceptor
+{:.no_toc}
+
+* Will be replaced with the ToC, excluding a header
+{:toc}
 
 This interceptor sets all parameters on the value stack.
 
@@ -116,7 +120,7 @@ Error setting expression 'search' with value ['search', ] - [unknown location]
 
 Thus is expected behaviour to allow developer to spot missing setter or typo in either parameter
name or setter.
 
-###Examples
+### Examples
 
 ```xml
 <action name="someAction" class="com.examples.SomeAction">

http://git-wip-us.apache.org/repos/asf/struts-site/blob/c036f9f0/source/getting-started/http-session.md
----------------------------------------------------------------------
diff --git a/source/getting-started/http-session.md b/source/getting-started/http-session.md
index 20bd341..fa874a6 100644
--- a/source/getting-started/http-session.md
+++ b/source/getting-started/http-session.md
@@ -2,19 +2,29 @@
 layout: getting-started
 title: Http Session
 ---
-## HTTP Session
 
-The example code for this tutorial, http_session, is available at [https://github.com/apache/struts-examples](https://github.com/apache/struts-examples)
+# HTTP Session
+{:.no_toc}
 
-__Introduction__
+* Will be replaced with the ToC, excluding a header
+{:toc}
 
-Your Struts 2 application may need to access the HTTP session object. Struts 2 provides an
interface, [SessionAware](https://struts.apache.org/maven/struts2-core/apidocs/org/apache/struts2/interceptor/SessionAware.html),
that your Action class should implement to obtain a reference to the HTTP session object.
+The example code for this tutorial, http_session, is available at [https://github.com/apache/struts-examples].
 
-The [Struts 2 user mailing list](http://struts.apache.org/mail.html) is an excellent place
to get help. If you are having a problem getting the tutorial example applications to work
search the Struts 2 mailing list. If you don't find an answer to your problem, post a question
on the mailing list.
+## Introduction
 
-__SessionAware Interface__
+Your Struts 2 application may need to access the HTTP session object. Struts 2 provides an
interface, 
+[SessionAware]({{ site.apidocs }}/org/apache/struts2/interceptor/SessionAware.html), that
your Action class 
+should implement to obtain a reference to the HTTP session object.
 
-The SessionAware interface has one method, setSession, that your Action class will need to
override. In the example application (see above), the HelloWorldAction class implements the
SessionAware interface and includes this code:
+The [Struts 2 user mailing list](http://struts.apache.org/mail.html) is an excellent place
to get help. If you are 
+having a problem getting the tutorial example applications to work search the Struts 2 mailing
list. If you don't find 
+an answer to your problem, post a question on the mailing list.
+
+## SessionAware Interface
+
+The SessionAware interface has one method, setSession, that your Action class will need to
override. In the example 
+application (see above), the HelloWorldAction class implements the SessionAware interface
and includes this code:
 
 **HelloWorldAction.java setSession Method**
 
@@ -26,18 +36,20 @@ public void setSession(Map<String, Object) session) {
 }
 ```
 
-The Struts 2 framework has an interceptor that will inject the HTTP session object into the
Action class by calling the setSession method.
+The Struts 2 framework has an interceptor that will inject the HTTP session object into the
Action class by calling 
+the `setSession` method.
 
-__Using the HTTP Session Object In The Action Class__
+## Using the HTTP Session Object In The Action Class
 
-The example application keeps track of how many times the user clicks on a Hello link or
submits the hello form. It stores this count in the HTTP session object in the increaseHelloCount
method.
+The example application keeps track of how many times the user clicks on a Hello link or
submits the hello form. 
+It stores this count in the HTTP session object in the increaseHelloCount method.
 
 **HelloWorldAction.java increaseHelloCount Method**
 
 ```java
 private void increaseHelloCount() {
     Integer helloCount = (Integer) userSession.get(HELLO_COUNT);
-		
+
     if (helloCount == null ) {
         helloCount = 1;
     } else {
@@ -48,11 +60,14 @@ private void increaseHelloCount() {
 }
 ```
 
-When the increaseHelloCount method is called from within the execute method, the userSession
object is a reference to the HTTP session object injected by the Struts 2 framework. So any
objects stored in the HTTP session can be retrieved using the userSession object and any objects
stored in the userSession object will be stored in the HTTP session object.
+When the increaseHelloCount method is called from within the execute method, the userSession
object is a reference 
+to the HTTP session object injected by the Struts 2 framework. So any objects stored in the
HTTP session can be retrieved 
+using the userSession object and any objects stored in the userSession object will be stored
in the HTTP session object.
 
-__Accessing HTTP Session Objects In The View__
+## Accessing HTTP Session Objects In The View
 
-Struts 2 provides an easy way to get an object stored in the HTTP session from within the
view page. In the example application is HelloWorld.jsp with this markup:
+Struts 2 provides an easy way to get an object stored in the HTTP session from within the
view page. In the example 
+application is `HelloWorld.jsp` with this markup:
 
 **HelloWorld.jsp Get helloCount Value From HTTP Session**
 
@@ -60,15 +75,20 @@ Struts 2 provides an easy way to get an object stored in the HTTP session
from w
     <p>I've said hello to you <s:property value="#session.helloCount" /> times!</p>
 ```
 
-The s:property tag's value attribute has a value of \#session.helloCount. The "\#" before
the word session tells the Struts framework to look in the session scope for a key of "helloCount"
(which is the value of the String constant HELLO_COUNT referenced in method increaseHelloCount).
Struts will get the object mapped to helloCount key and then call that object's toString method
to determine what to display in the view page.
-
-__Best Practices When Using SessionAware__
+The `s:property` tag's value attribute has a value of `#session.helloCount`. The "#" before
the word session tells 
+the Struts framework to look in the session scope for a key of "helloCount" (which is the
value of the String constant 
+`HELLO_COUNT` referenced in method `increaseHelloCount`). Struts will get the object mapped
to `helloCount` key and 
+then call that object's toString method to determine what to display in the view page.
 
-Using SessionAware does introduce a potential security vulnerability that you should mitigate
by also following these practices in the Action class that implements the SessionAware interface.
+## Best Practices When Using SessionAware
 
-1. Do not have a public Map<String, Object) getSession method in the Action class. You
only need a public void setSession method to implement the SessionAware interface.
+Using SessionAware does introduce a potential security vulnerability that you should mitigate
by also following these 
+practices in the Action class that implements the SessionAware interface.
 
-2. Also have the Action class implement the [ParameterNameAware interface](https://struts.apache.org/maven/struts2-core/apidocs/com/opensymphony/xwork2/interceptor/ParameterNameAware.html)
and override its acceptableParameterName method:
+1. Do not have a public `Map<String, Object> getSession` method in the Action class.
You only need a public void 
+  `setSession` method to implement the `SessionAware` interface.
+2. Also have the Action class implement the [ParameterNameAware interface]({{ site.apidocs
}}/com/opensymphony/xwork2/interceptor/ParameterNameAware.html) 
+  and override its acceptableParameterName method:
 
 **HelloWorldAction.java acceptableParameterName Method**
 
@@ -84,9 +104,13 @@ public boolean acceptableParameterName(String parameterName) {
 }
 ```
 
-This method will be called by the Struts 2 framework for each parameter in the request scope.
By returning false if the parameter name contains "session" we are telling the Struts 2 framework
to ignore that parameter. This will prevent a malicious user from trying to hack the HTTP
session object.
+This method will be called by the Struts 2 framework for each parameter in the request scope.
By returning false if 
+the parameter name contains "session" we are telling the Struts 2 framework to ignore that
parameter. This will prevent 
+a malicious user from trying to hack the HTTP session object.
 
-Instead of having each action that implements SessionAware also implement the ParameterNameAware
interface you can tell the params interceptor to exclude specific request attributes for all
actions in a package. In struts.xml configure the struts-default set of interceptors as follows:
+Instead of having each action that implements SessionAware also implement the ParameterNameAware
interface you can tell t
+he params interceptor to exclude specific request attributes for all actions in a package.
In struts.xml configure 
+the `struts-default` set of interceptors as follows:
 
 **struts.xml configure params interceptor**
 
@@ -107,14 +131,20 @@ Instead of having each action that implements SessionAware also implement
the Pa
 </package>
 ```
 
-The above code will ensure that every action in the "basicstruts2" package that implements
the SessionAware interface will exclude from processing parameters that starts with the strings
provided in the params.excludeParams noded.
+The above code will ensure that every action in the "basicstruts2" package that implements
the SessionAware interface 
+will exclude from processing parameters that starts with the strings provided in the `params.excludeParams`
node.
 
 The example project includes both methods for mitigating the SessionAware security vulnerability.
 
-| Note the same issue exists if you implement the ServletRequestAware interface, which is
why the above method returns false if the parameter name contains "request".
+> Note the same issue exists if you implement the ServletRequestAware interface, which
is why the above method returns 
+> false if the parameter name contains "request".
 
-__Summary__
+## Summary
 
-When your Action class needs to access the HTTP session object implement the SessionAware
interface and override the setSession method. Be sure to also implement the ParameterNameAware
interface and override the acceptableParameterName method to mitigate a potential security
vulnerability. If you have multiple actions that implement SessionAware then consider modifying
the params interceptor's excludeParams value as part of your Struts 2 package setup.
+When your Action class needs to access the HTTP session object implement the SessionAware
interface and override 
+the `setSession` method. Be sure to also implement the `ParameterNameAware` interface and
override 
+the `acceptableParameterName` method to mitigate a potential security vulnerability. If you
have multiple actions 
+that implement `SessionAware` then consider modifying the params interceptor's `excludeParams`
value as part of your 
+Struts 2 package setup.
 
-|Return to [Unit Testing](unit-testing.html)|or|onward to [Preparable Interface](preperable-interface.html)|
\ No newline at end of file
+|Return to [Unit Testing](unit-testing.html)|or|onward to [Preparable Interface](preperable-interface.html)|


Mime
View raw message