Spring Integration - Difference from channel and int:channel - spring-integration

I'm studing by few days Spring Integration and in some example i've noticed the use of channel and int:channel.
What is the difference ?
In the same way, there are other keywords: someone start with int: and other (with the same name) are not.

It just depends on how you configure the namespaces at the top of the XML file, and specifically the default xmlns. In the first case, the integration schema is the default, in the second, something else is, usually beans...
<beans:beans xmlns="http://www.springframework.org/schema/integration"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
...
In this case, integration is the default xmlns and you would use
<channel ...
and
<beans:bean ...
here...
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:int="http://www.springframework.org/schema/integration"
...
beans is the default xmlns and you would use
<int:channel...
and
<bean ....
So, it's simply a matter of personal choice.

Related

In Service Fabric, can I alter the Arguments in the ServiceManifest.xml file using Application Parameters?

I have an ApplicationManifest.xml file that looks like:
<?xml version="1.0" encoding="utf-8"?>
<ApplicationManifest xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/2011/01/fabric"
ApplicationTypeName="ServiceFabricTestType" ApplicationTypeVersion="1.9">
<Parameters>
<Parameter Name="Prop_BehavioursPath" DefaultValue="behaviours.yml"/>
<Parameter Name="Prop_AliasesPath" DefaultValue="aliases.yml"/>
</Parameters>
<ServiceManifestImport>
<ServiceManifestRef
ServiceManifestName="SummaryGenerator"
ServiceManifestVersion="1.9.0.0"
/>
</ServiceManifestImport>
</ApplicationManifest>
And I want to use the parameters to adjust the Argument of my guest hosted service, declared in a ServiceManifest.xml file like so:
<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/2011/01/fabric"
Name="SummaryGenerator" Version="1.9.0.0">
<ServiceTypes>
<StatelessServiceType ServiceTypeName="SummaryGenerator" UseImplicitHost="true"/>
</ServiceTypes>
<CodePackage Name="code" Version="1.9.0.0">
<EntryPoint>
<ExeHost>
<Program>MyProgram.exe</Program>
<Arguments>"LoadFrom=[Prop_AliasesPath]|[Prop_BehavioursPath]"</Arguments>
<ConsoleRedirection FileRetentionCount="5" FileMaxSizeInKb="2048"/>
</ExeHost>
</EntryPoint>
</CodePackage>
</ServiceManifest>
This clearly doesn't work as the properties going into the Arguments are treated as verbatim and not resolved from the parameter values.
What I really want to do is to be able to start a service and pass in different values for Prop_BehavioursPath and Prop_AliasesPath. Is there a better way to do this in Service Fabric?
The application being run doesn't know about Service Fabric and the only way to push configuration through to it is via the command arguments.
Doesn't look like you can do that... Instead, you could try a workaround where you write a small .NET wrapper that reads the sf configuration and then launches your guest executable. You could redirect stdin/stdout from the child process and hook into it's exited event as well so the main process terminates when the child terminates.
Similar to parameters, you can define environment variables (say Prop_AliasesPath andProp_BehavioursPath) in ServiceManifest.xml and then override their values in ApplicationManifest.xml. Then you have two options:
Option 1:
Even if your entry point MyProgram.exe is not service fabric aware, it can read the environment variables.
Option 2:
To avoid reading environment variables inside MyProgram.exe, you can use a batch file as a entry point and from it call "MyProgram.exe LoadFrom=%Prop_AliasesPath%%Prop_BehavioursPath%"
More info about overriding Environment Variables:
https://dzimchuk.net/using-code-package-environment-variables-in-service-fabric/

How to exclude classes from scanning with CDI-unit?

I am running tests with CDI-unit runner and want some classes to be excluded (because they act on CDI events). I tried beans.xml:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee">
<scan>
<exclude name="com.mypackage.**"/>
</scan>
</beans>
but CDI-unit seems to be ignoring it. So what is the correct way to exclude the classes with CDI-unit?
You may provide an alternative of the class you want to exclude, so that the alternative test class is used instead. With CDI Unit you turn on your alternative with #ActivatedAlternatives on your tests, or globally with #ProducesAlternative on your test producer. See more here: http://jglue.org/cdi-unit-user-guide/#alternatives
AFAIK, CDI Unit does not directly support exclusion of beans. But in most cases using alternatives is sufficient.

JSF1064 when using tags defined in the taglib.xml

I've created my own custom myfw:repeat tag for our project as described in JSF ui:repeat in ui:repeat with dynamically assigned var-value and defined it in the myfw.taglib.xml:
<?xml version="1.0"?>
<facelet-taglib xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facelettaglibrary_2_0.xsd"
version="2.0" id="myfw">
<namespace>http://company.at/myfw</namespace>
<composite-library-name>myfw</composite-library-name>
<!-- Other tags -->
<tag>
<tag-name>repeat</tag-name>
<component>
<component-type>at.company.myfw.jsf.component.repeat.UIRepeatForFloatingTable</component-type>
</component>
</tag>
</facelet-taglib>
The tag used in the page is working fine but every time the page is viewed the warning message:
13:03:30,577 WARNING [javax.enterprise.resource.webcontainer.jsf.application] (http-/127.0.0.1:8080-2) JSF1064: Unable to find or serve resource, repeat.xhtml, from library, myfw.
shows up in the logs. This is not just the case with the repeat tag, it also happens to every tag defined in the taglib like ui:compositions. So the log is currently spammed by these messages but the page/tags work properly. A current workaround is to change the log-level, but it is not the desired solution. Using EAP 6.2.0.GA with Mojarra 2.1.19.
This is a bug in Mojarra. It's during Development stage too eagerly logging JSF1064 for tagfiles which couldn't be found in <composite-library-name>, while it should still continue to work through <tag> entries registered directly in taglib itself.
This is not your fault. Those warnings aren't logged in Production stage. I reported this issue as JAVASERVERFACES-3696 (update: this was fixed only a few hours later and will be available as per Mojarra 2.3.0-M02).

CSRF & XSS not working using HDIV

I am using HDIV in my project for securing from OWASP list but text boxs are accepting <script>alert(1);</script> as an input and saving to db.
I want to write test case for all OWASP issue.
Below are the project configuration
web.xml Configuration
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
WEB-INF/spring/applicationContext-db.xml
WEB-INF/spring/spring-security.xml
WEB-INF/spring/hdiv-config.xml
</param-value>
</context-param>
webmvc-config.xml Configuration
<import resource="applicationContext-hdiv.xml" />
applicationContext-hdiv.xml Configuration
<beans>
<bean id="requestDataValueProcessor" class="org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor" />
<bean id="editableValidator" class="org.hdiv.web.validator.EditableParameterValidator"/>
<mvc:annotation-driven validator="editableValidator" />
</beans>
hdiv-config.xml Configuration
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:hdiv="http://www.hdiv.org/schema/hdiv" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.hdiv.org/schema/hdiv http://www.hdiv.org/schema/hdiv/hdiv.xsd">
<hdiv:config excludedExtensions="css,js,ttf" errorPage="/manage/security-error" maxPagesPerSession="10" confidentiality="true" strategy="memory" randomName="true">
<hdiv:sessionExpired loginPage="/main/common" homePage="/"/>
<hdiv:startPages method="get">/,/.*,/manage/.*,/login</hdiv:startPages>
</hdiv:config>
<hdiv:validation id="customValidation" componentType="text">
<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9#.\-_]*$]]></hdiv:acceptedPattern>
<hdiv:rejectedPattern><![CDATA[(\s|\S)*(--)(\s|\S)*]]></hdiv:rejectedPattern>
</hdiv:validation>
<hdiv:editableValidations registerDefaults="true">
<hdiv:validationRule url=".*" enableDefaults="false">customValidation</hdiv:validationRule>
</hdiv:editableValidations>
</beans>
XSS is an output problem, not an input problem. Input validation is about making sure data is correct according to the domain. So for instance you want to check that a field expecting to take a year actually receives a number within the expected range. You may also want to make sure that only allowed characters are in use. And in many cases this will stop many attacks.
However for complex inputs, this is no longer viable. Consider a text field where you want to allow users to comment. The user should be allowed to to write a comment such as "An hence x < 4". Now we are allowing characters used to build html tags.
Now we have two options:
Use a tool to strip out dangerous HTML - likely to fail at some point
Use context aware escaping as described in the OWASP XSS prevention cheat sheet
Remove 'requestDataValueProcessor' and 'editableValidator' beans from 'applicationContext-hdiv.xml' file, they are automatically created by tag.
Have a look at this project configuration for a working example:
https://github.com/hdiv/hdiv-spring-mvc-showcase

Custom Facelets components and attributes defined in taglib

Defining custom components in Facelets is easy and quick but there's one thing I can't figure out.
Is it possible with Facelets to define what attributes my custom component has? I.e: I've created a component which is used in such a way:
<blue:modalWindow id="editFeesWizard" width="500" height="440" title="Wizard">
and is defined in taglib.xml as follows:
<!DOCTYPE facelet-taglib PUBLIC
"-//Sun Microsystems, Inc.//DTD Facelet Taglib 1.0//EN"
"http://java.sun.com/dtd/facelet-taglib_1_0.dtd">
<facelet-taglib>
<namespace>...</namespace>
<tag>
<tag-name>modalWindow</tag-name>
<source>components/modalWindow.xhtml</source>
</tag>
</facelet-taglib>
Taglib doesn't contain any information on component's attributes (id, width, height, title) and IDE cannot therefore check my syntax nor can it suggest attributes while I'm typing.
I cannot find anything on this subject in Facelets documentation. Thought you could help. Thanks!
It seems there isn't a way. But even if there was, I don't think Eclipse (for example) would be able to handle it and offer autocomplete. That's why you can define a .tld, containing the attributes:
<?xml version="1.0" encoding="utf-8"?>
<taglib
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.1">
......
</taglib>
Just for the sake of autocompletion. Ugly, I know.
I don't know about before, but it is possible now. Just add:
<tag>
<tag-name>mycustomtag</tag-name>
<source>tags/mycustomtag.xhtml</source>
<attribute>
<description>What does this do?!</description>
<name>attribute</name>
</attribute>
</tag>
I'm looking forward to being able to create composite components using JSF 2 and facelets; from what I've read, it seems very quick and easy, and you define what attributes your composite component accepts.

Resources