struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shahbaz Akhter (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-3718) HDIV and Struts 2 integration
Date Wed, 03 Dec 2014 12:03:12 GMT

    [ https://issues.apache.org/jira/browse/WW-3718?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14232924#comment-14232924
] 

Shahbaz Akhter commented on WW-3718:
------------------------------------

There are no other alternatives if we talk about CSRF, HDIV should support the latest struts
2.3.16.3 version.

> HDIV and Struts 2 integration
> -----------------------------
>
>                 Key: WW-3718
>                 URL: https://issues.apache.org/jira/browse/WW-3718
>             Project: Struts 2
>          Issue Type: New Feature
>          Components: Other
>    Affects Versions: 2.2.3.1
>            Reporter: Gorka Vicente
>            Priority: Minor
>              Labels: extension, integration, security, spring, tags
>             Fix For: 2.5
>
>         Attachments: RequestDataValueProcessor.java
>
>
> Nowadays there is an intregration between Struts2 and HDIV that can be used by adding
the HDIV filter and by using Struts2's custom tag extension. This means that it is possible
to apply HDIV to a web application developed in Struts2 in a declarative way, without making
any change to the source code.
> But this approach has a maintenability disadvantage that forces to release a new set
of HDIV custom tags for every new version of Struts2. This does not happen to the HDIV core
and web filter, as they are no intrusive extensions.
> This problem arises because there isn't a clear extension point of the Struts2´s custom
tags that will make possible a clear extension of the component's behaviour without having
to create a new version of it.
> Consecuently, it is necessary to create a new version of HDIV's custom tags for Struts2
each time a new version of the framework is released.
> Also there is the risk that the behaviour of the Struts2's custom tags may change in
the future and become not compatible with HDIV.
> The objective of this new feature is to have an official integration between HDIV and
Struts2 that eliminates the maintenance cost that exists today for new versions of Struts2.
This integration will provide an integrated and compatible solution even for future versions
of both frameworks.
> In order to get this purpose, we propose the creation of a Java interface or contract
that will be used by Struts2's custom tags. With this extension point it will no longer be
necessary to create specific Struts2 custom tags for HDIV, reducing the integration task to
only implementing the interface.
> I have attached an interface proposal (RequestDataValueProcessor). Struts2 tags should
use this new interface in order to avoid tags extension.
> HDIV needs to process all urls sent to the client and needs to intercept redirects. Currently
we extend Struts2 default ActionMapper, ServletRedirectResult, ServletActionRedirectResult
and ServletActionRedirectResult. Struts2 should use the new interface in order to avoid these
extensions.
> At this moment, we are finishing HDIV for Struts2 (2.2.3.1), extending all tags as in
the older releases. In a few days we will publish it and it can be the starting point to implement
a new version of Struts2 using the proposed new interface.
> IMPORTANT NOTES
> -----------------------------
> 1. Some time ago we spoke with Struts1 people team and they opened a discussion for this
integration: http://wiki.apache.org/struts/HDIV
> 2. Other web frameworks like Spring MVC have been created a extension point like we are
proposing here and a few weeks ago they have been integrated in the last version (3.1 RC1).
You can see it here: https://jira.springsource.org/browse/SPR-7943



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message