[Stripes-users] stripes 1.7

Discussion:

Joaquin Valdez

2017-03-29 00:22:12 UTC

Hello!

Just curious if there is any news on the release of Stripes 1.7? Or is there a feature list of Stripes 1.7.

Thanks,
Joaquin Valdez
***@gmail.com

Nestor Hernandez

2017-03-29 02:33:01 UTC

Permalink

Hi I have a couple of features for the REST implementation that I can
contribute for Stripes. For example, support for multiple providers ofJSON
serializing and deserializing. You can check my Github fork of Stripes.
Thanks

Post by Joaquin Valdez
Hello!
Just curious if there is any news on the release of Stripes 1.7? Or is
there a feature list of Stripes 1.7.
Thanks,
Joaquin Valdez

Daniil S

2017-03-30 01:05:56 UTC

Permalink

Working on extracting CSRF for Stripes from our internal project. May be
useful to some - https://github.com/SirDaniil/StripesCSRF (I remember
there was a thread about this some time ago).

Post by Joaquin Valdez
Hello!
Just curious if there is any news on the release of Stripes 1.7? Or
is there a feature list of Stripes 1.7.
Thanks,
Joaquin Valdez
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
https://lists.sourceforge.net/lists/listinfo/stripes-users

Juan Pablo Santos Rodríguez

2017-03-30 18:23:26 UTC

Permalink

Hi,

AFAIK, big major changes are REST and async ActionBeans. Because of the
latter ones, minimum servlet-api is 3.0. Don't know anything about 1.7
release, though.

br,
juan pablo

p.s.: couldn't resist, also an Stripes - Spring Boot integration at
https://github.com/juanpablo-santos/stripes-spring-boot O:-)

Post by Daniil S
Working on extracting CSRF for Stripes from our internal project. May be
useful to some - https://github.com/SirDaniil/StripesCSRF (I remember
there was a thread about this some time ago).
Hello!
Just curious if there is any news on the release of Stripes 1.7? Or is
there a feature list of Stripes 1.7.
Thanks,
Joaquin Valdez
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
https://lists.sourceforge.net/lists/listinfo/stripes-users

Nestor Hernandez

2017-03-30 18:50:41 UTC

Permalink

The Crsf integration is interesting: I have a couple of suggestions

- It should not throw an generic IOException when Crsf fails, but a
custom exception, maybe an CrsfValidationException
- Prevent create new sessions with getRequest().getSession( false ). If
there is no session it should throw the exception.
- There's no need to introduce the interface CsrfProtected in order to
get the current crsfToken. The crsfToken should be always in a request
attribute for the user and the interceptor to use, something like JAX-RS
MVC 1.0 does or even ASP.NET MVC does. Please check out
http://www.agilejava.eu/2015/11/17/cool-security-feature-in-mvc-1-0/
-

2017-03-30 13:23 GMT-05:00 Juan Pablo Santos RodrÃguez <

Post by Juan Pablo Santos RodrÃguez
Hi,
AFAIK, big major changes are REST and async ActionBeans. Because of the
latter ones, minimum servlet-api is 3.0. Don't know anything about 1.7
release, though.
br,
juan pablo
p.s.: couldn't resist, also an Stripes - Spring Boot integration at
https://github.com/juanpablo-santos/stripes-spring-boot O:-)

Daniil S

2017-03-30 19:30:20 UTC

Permalink

* I've been in discussions with our security team and settled to have
server just produce internal error without letting anyone know what
actually had happened. Kind of lazy. Personally, it feels either way
is fine. Probably for public code appropriate exception should be
thrown or error added to the validation list.
* If you're talking about interceptor, agreed, my omission. However,
tag doesn't seem to have that method so if form is called w/out a
session, there could be a leak.
* Completely agree on this one. The whole reason for the interface is
to force our internal developers to pay close attention to the code
when upgrading from servlets (yup, we're still stuck in that era).

Thank you for suggestions, I'll incorporate them shortly.

Post by Nestor Hernandez
The Crsf integration is interesting: I have a couple of suggestions
* It should not throw an generic IOException when Crsf fails, but a
custom exception, maybe an CrsfValidationException
* Prevent create new sessions with getRequest().getSession( false ).
If there is no session it should throw the exception.
* There's no need to introduce the interface CsrfProtected in order
to get the current crsfToken. The crsfToken should be always in a
request attribute for the user and the interceptor to use,
something like JAX-RS MVC 1.0 does or even ASP.NET
<http://ASP.NET> MVC does. Please check out
http://www.agilejava.eu/2015/11/17/cool-security-feature-in-mvc-1-0/
*
2017-03-30 13:23 GMT-05:00 Juan Pablo Santos Rodríguez
Hi,
AFAIK, big major changes are REST and async ActionBeans. Because
of the latter ones, minimum servlet-api is 3.0. Don't know
anything about 1.7 release, though.
br,
juan pablo
p.s.: couldn't resist, also an Stripes - Spring Boot integration
at https://github.com/juanpablo-santos/stripes-spring-boot
<https://github.com/juanpablo-santos/stripes-spring-boot> O:-)
Working on extracting CSRF for Stripes from our internal
project. May be useful to some -
https://github.com/SirDaniil/StripesCSRF
<https://github.com/SirDaniil/StripesCSRF> (I remember there
was a thread about this some time ago).

Post by Joaquin Valdez
Hello!
Just curious if there is any news on the release of Stripes
1.7? Or is there a feature list of Stripes 1.7.
Thanks,
Joaquin Valdez
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
https://lists.sourceforge.net/lists/listinfo/stripes-users
<https://lists.sourceforge.net/lists/listinfo/stripes-users>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's
most engaging tech sites, Slashdot.org!
http://sdm.link/slashdot
_______________________________________________ Stripes-users
https://lists.sourceforge.net/lists/listinfo/stripes-users
<https://lists.sourceforge.net/lists/listinfo/stripes-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Stripes-users
https://lists.sourceforge.net/lists/listinfo/stripes-users
<https://lists.sourceforge.net/lists/listinfo/stripes-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Stripes-users mailing list
https://lists.sourceforge.net/lists/listinfo/stripes-users