Giriraj Bhojak

Hi Jim and August,


Thank you for spending time on writing a book on security for Java based web apps.
When explaining security semantics, did you consider a certain JDK version?
Also, is this book in line with OWASP recommendations?

Regards,
Giriraj Bhojak.

It's not really that weird .
Indeed the other application would be a SOAP server.
I wanted to say that I would control the message format and the other app would need to adhere to it. And my confusion was around using web-services to accomplish it.
But after much discussion with you guys, I have better understanding now.
Million thanks to you guys.

Thanks,
Giriraj.

My application would govern the message format. The other application would need to adhere to the request/response format and send a response in the pre-defined format.
It's not like there is an existing schema that the other app is using and I need to stick to it.
It does not have control over the message format.
So in that case I would need to send the schema to other application(I am not sure I should call it a client, since my application would make a request to it).
I will see if it's still possible to request WSDL from the client.
But do you guys still think wsdl is the right way to go?
Thank you for clearing the notions about WSDL and UDDI.

Thanks,
Giriraj.

Thank you guys for prompt responses.
Apologies for not being clear earlier.
I am a newbie to web services.
To answer William's question:
The other application to which I need to send a request is not under my control.
I am going through Apache WSS4J and it mentions that it can be used in standalone manner.
The reason for using SOAP is due to the structure of request message, it's a complex message and the structure can be easily explained via xsd/xml. Same goes for the response.

To reply to Ulf's question:
Pardon me but I am not that familiar with web services, I am more than willing to use a WS f/w. I have been going through Apache CXF user guide, but I haven't been able to find a way to send a message without defining a contract first.
It seems that wsdl is required for communicating. The whole notion of endpoints seem to be tied to WSDL.
Here is what I need to do:
Create a request message using request schema(through an xml-java mapping), apply ws security around it and then send it over HTTP.
The client (most probably a servlet )is expected to perform the reverse operations on security aspects, process the message and then return a response.

I found org.apache.axis2.saaj.SOAPConnectionImpl in Axis2 distribution that can be used to for point to point communication over HTTP. But I am hesitant to use it since I would have to build a WSS4J layer around it to answer security concerns.
I am still not able to fathom the need for WSDL here, since there is not service that I need to publish. Perhaps I am missing something.
I would be very thankful for your suggestions and help. Coderanch has helped me a lot over the years to answer not so trivial questions.

Thanks,
Giriraj.

Hello everyone,

I have a requirement wherein I need to send a SOAP message via HTTP to another application and expect a response.
I don't have a need to create a WSDL or use web services.
I simply need to create a SOAP message, apply WS security and send it via HTTP.
I am not aware of any existing SOAP implementations that would aid in this task. I need to implement a request-response model.
Could anyone please help me find such a framework?

Thanks,
Giriraj.

I am using org.springframework.jms.core.JmsTemplate and org.springframework.jms.listener.DefaultMessageListenerContainer to write and read from MQs.
Once the message is consumed in onMessage, I need to set values on httpSession to indicate successful processing of the request(message).

How do I do that?

I thought of using:
message.setObjectProperty("session", httpSesstion)

But that would mean serializing the complete session while sending the message.
Is there a way I can achieve this? Some listener that would set values on session probably?

Please help me with this.

I asked this question in the wrong forum earlier.

Thanks,
Giriraj.

I am using org.springframework.jms.core.JmsTemplate and org.springframework.jms.listener.DefaultMessageListenerContainer to write and read from MQs.
Once the message is consumed in onMessage, I need to set values on httpSession to indicate successful processing of the request(message).

How do I do that?

I thought of using message.setObjectProperty("session", httpSesstion)

But that would mean serializing the complete session while sending the message.
Is there a way I can achieve this? Some listener that would set values on session probably?

Please help me with this.

Thanks,
Giriraj.

That would require refactoring which unfortunately isn't an option for me right now.
I simply have to improve the coverage for existing code base.
What else could you suggest?

Thanks a ton for replying...

Giriraj.

I am using Clover.
Testing each and every catch block is exhaustive and seems improbable to me.
But there has to be way to handle most of the error conditions.

Thanks,
Giriraj.

I am trying to improve code coverage of our enterprise application.
Is there an approved way to handle catch blocks?
How do i increase code coverage by running tests that lets the control go to catch block?

I hope my query is clear enough.

Thanks,
Giriraj.

[11/30/10 12:56:09:023 EST] 0000003b ValidatorReso W org.apache.commons.validator.ValidatorResources getForm Form 'MyForm' not found for locale 'en_US'

I keep getting this warning in SystemOut.log in WebSphere.
It doesn't seem to cause any issues but I would like to have a clean console without any warning.
I am using Struts 1.3.
Is there a properties file where i can specify the trace level for Struts.
It happens while the server is started.


Regards,
Giriraj.

My web application calls response.sendRedirect("/newapp/home.jsp").
It works fine.
But i am also passing some request parameters which are exposed through request-header.

Is there a way i can use RequestDispatcher to invoke a jsp in another web-app.
I tried::
getServletContext().getRequestDispatcher(newURL).forward(request, response)
But it didn't work.
I am doing this in a Struts action class.
Any ideas?

Regards,
Giriraj.

I am using following field on a form ::

<field property="myProperty" depends="mask">
<msg name="mask" key="errors.invalid" bundle="myBundle"></msg>
</field>

I get an error on console::

java.lang.NullPointerException: No message resources found for bundle: myBundle
at org.apache.struts.validator.Resources.getMessageResources(Resources.java:140)
at org.apache.struts.validator.Resources.getActionMessage(Resources.java:390)

How do i specify the resource bundle name in the bundle attribute of msg tag?

Regards,
Giriraj.

Is there a way i can achieve above requirement in Java.
I tried using RandomAccessFile, but i do not know how to search in the file.

Basically i want to create an XML document, add elements to it, search through them, modify the elements and save them again.
All in one process.


Regards,
Giriraj.

Our web application extends Struts 1.3 in a big way.
I have a task wherein::
1) I need to find all the action mappings in all the struts config files(we have more than 10 of them) and write all the path attributes in an xml file.
2) And then as the application is deployed and used, I need to find all the unique paths traversed and write them to probably the same xml file.
I have identified the hooks where I need to place the code.
But i am concerned about the approach as writing to an xml file on every http request would be a big performance hit.
Could anyone suggest me a better way to handle this?
Also which XML api should I use to write to the file. It has to be efficient too as i need to write unique paths traversed to the xml file and this means i would need to find if the incoming path already exists in the xml file.

Regards,
Giriraj.