I am working on a static analysis for detecting security vulnerabilities in web applications, and I am looking for some web applications to run my analysis on.
More specifically I am right now looking for open-source web applications that use the Struts2 framework, but I have a hard time finding such applications.
Does anyone know of some more or less complete and open-source web applications written using Struts2 (or possibly just plain JSP)?
The very complete and stable Struts2 application i use for log file analysis is KonaKart. The advantage is that you can set it up on your server, including demo data and configure it and use it as you wish.
In terms of openness:
"Only the customizable parts of KonaKart are open source. These include the Struts action classes and
forms, the JSPs, the payment modules, order total modules, shipping modules and the GWT One Page
Checkout code. They are shipped under the GNU Lesser General Public License."
If you need 100% open source it is not for you.
Projects Using WebWork or Struts2
https://cwiki.apache.org/S2WIKI/projects-using-webwork-or-struts2.html
Others
http://api.cnn.com/
http://www.allhomes.com.au/
Check these tutorials. there downloads are available. link1, link2
Related
Good day, I've been using ServiceStack for many years, I currently designing and planning a rewrite of an ASP MVC (Razor) project. #Script seems to be an almost perfect fit, without hands-on experience of the technology I have some doubts and questions.
My question is how relevant is #Script today and what is the future plans of this technology. I ask these questions because when I looked at GitHub example I noticed that there is not a lot of activity, and searching the internet I am also not finding a community around it.
As #Script's author I would say that #Script is a complete library for what it's designed for as an embeddable sandboxed .NET scripting and templating language that's ideal for exploratory programming with seamless integration into .NET APIs (including Win32 APIs) that includes a vast built-in library (1000+) of filters that's easily and highly extensible to the point that it's even able to natively support multiple languages (inc. built-in LISP Repl) within the same page that's been a joy to develop with thanks to its built-in Hot Reloading support where changes are instantly visible upon save - so technology-wise IMO it's pretty great.
If we were to compare it to comparable libraries in other languages like the Ruby's Liquid it should be pretty clear that #Script is vastly more capable where it scales from a user-friendly templating language to a powerful scripting language where it's capable of developing entire Windows Desktop Apps that fits in a Gist.
On the activity front, Liquid is also an established library with low activity with only a handful of commits in 2021, the difference is that it's vastly more popular and used in popular products like Jekyll as used in GitHub Pages which ensures it will always have a rich, vibrant ecosystem which is the most important indicator for assessing a technology's longevity.
Technology not as important as ecosystem
However in the end the technology doesn't matter nearly as much as its user base, community and ecosystem behind it which is where #Script is sorely lacking. Unfortunately this is the reality of libraries that compete Microsoft's defaults like Razor which are exclusively promoted for .NET and will always retain the majority of adoption in .NET.
#Script is a "complete" library in that I've added all the features I planned for it and there's basically nothing I can think of to add to it to make it more appealing, but facing the realization of its indefinite lack of adoption I wouldn't recommend using it for large living (i.e. multi-year) Websites, given it will never have the community and adoption enjoyed by other ecosystems since the benefits of a community and ecosystem are ultimately the most important attributes in order to continue investing in a technology.
Continue to be actively supported
Like all of ServiceStack, #Script is still an actively supported library with no outstanding issues so it's safe to use in that any issues will be promptly resolved should you wish to.
Website Development Recommendations
I'd say it's still a fine option for smaller definitively-scoped projects since its compile-time-free and Hot-Reload makes for a very productive Dev UX for server-generated dynamic pages. However even then I'd first evaluate if a static generated framework like Jekyll, Hugo or other popular static generators would be more appropriate since they enjoy a vibrant community and a statically generated site results in a more performant, resilient and cheaper to host and deploy website.
Static Site Generators
Having recently redeveloped the servicestack.net website to split it out into using Jekyll for static content and ServiceStack.Razor for dynamic content, my recommendation for large websites with large static and dynamic components is to use a static site generator for its static content which yields several benefits:
Although it does require a fair bit of overhead to setup as you're effectively maintaining 2 different websites however it greatly benefits if the static content is actively updated as there's a lot less friction to change and update content on a static generated site then a dynamic one and it results in a superior end user UX thanks to CDN Edge caches that's also cheaper to host from free sites like GitHub Pages and Netlify.
In order to preserve existing URLs we needed extra functionality not possible from a static host so our static content is deployed to a S3 bucket where we use CloudFront for CDN edge caching, CF Behaviors for proxying "external static" routes to our .NET5 dynamic website and a CF Function for supporting pretty URLs. For internally deployed websites you'll be able to accomplish similar functionality with reverse proxy and redirect rules.
SPA or Razor
For small websites or mostly dynamic websites that wont benefit from a content site split I'd recommend either an SPA Project Template if you prefer TypeScript and an established SPA FX like Vue, React, Svelte or Angular or Razor or MVC if you instead prefer C# server generated websites.
Progressive Enhancement
My personal preference is for read-heavy dynamic sites to use ServiceStack Razor utilizing API First Development approach so that all writes are made to the same clean ServiceStack APIs that Mobile and Desktop Apps would also call. This typically involves using some kind of progressive enhancement like our Client TypeScript Validation example which utilizes the Form & Validation Binding in #servicestack/client to take over <form> submissions to perform TypeScript API calls and apply any validation errors back to the Form's UI.
The Client jQuery example accomplishes the same thing without the tsc -w watched build step whose form & validation binding utilizes the older jQuery ss-utils.js library but it does mean you'd need to author logic in an older broadly ECMAScript 5 supported version of JS.
Future of #Script
As I don't expect #Script Pages will ever achieve any meaningful adoption required for self-sustained active development, it's unlikely we'll continue in investing in further development for usage in dynamic websites (i.e. the script project template), it's a complete and extensible library so further development isn't strictly necessary as it can be easily extended with your own local Plugins, Methods, Transformers and Blocks. But it does mean we're unlikely to be creating and including new methods/plugins designed for dynamic websites in the library OOB.
Still a critical ServiceStack component
#Script is still a critical component of ServiceStack where it's used to provide integrated SPA templates since it's able to render dynamic websites from static *.html pages in npm dev hot-reload servers which can't use Razor's *.cshtml pages. It's also what makes ServiceStack's Declarative Validation possible where validation rules can be defined on dependency-free DTOs as it allows defining binary-decoupled logic in dep-free attributes. It's also what makes vuedesktop.com Desktop Apps like ServiceStack Studio possible as well as command tools like Post Command - HTTP API Command Line Utils and cross-platform dotnet scripts which makes usage of its internal functionality, so it's going to continue on as a actively developed & supported library.
Good future use-cases of #Script
However I'd limit any #Script usage to where it excels, e.g. as an embeddable scripting .NET sandbox given it's more versatile & flexible than Razor for tasks like Rendering Emails, authoring & rendering Live Documents (e.g. if needing to maintain live user-generated reports in an RDBMS) or as an embeddable Template, JS or LISP DSL or for evaluating adhoc JS/LISP Expressions or .NET logic.
Future replacement project templates
For developing server-generated websites with ServiceStack we're looking at shipping a couple of new templates which encompasses our latest recommendations (e.g. embracing an API First Development style), if they result in a great Dev UX we're looking at:
An Integrated Static generated (e.g. Hugo/Jekyll) + Dynamic Project template
An API First MVC Pages + ServiceStack template with integrated progressive enhancement
Please follow #ServiceStack to get notified as soon as they become available.
VS2013 update 5, MVC5 using Areas
I have a stand-alone function programmed for a website. The functionality is a specific user interface to collect survey responses in a particular way. It has several controllers, a model and a group of views. The functionality is completely contained in an Area of the project, except for the Shared _Layout file that provides the main menu for consistency.
'Is it possible for me to' / 'how do I' compile this Area into a single or set of .dll file(s) that I could then add conveniently to other websites? I'm assuming creating something for transfer/download is very standard functionality. For example, I used Elmah.MVC for this site. What I want to do is pretty much create a package that can be downloaded in a similar way to how we integrate Elmah.MVC into a site. (Be certain I'm not talking about creating error logging software, I'm only using Elmah.MVC as an example of software that is easily integrated into other website applications.)
I've never compiled any website functionality into a .dll(s) for use elsewhere and would appreciate either some specific guidance, or perhaps what would be easier is to provide a link with a good step by step tutorial or explanation for how to do this. Most of what I've found on the web describes bits and pieces of doing this, but it's not enough for me to feel confident with it.
It seems to me there are a lot of 'moving parts' to taking a particular piece of an MVC application and turning it into something that is easily added to other projects.
A particular issue I don't quite grasp is the difference in downloaded packages between getting code and getting just the .dll(s). For instance, when I download an MVC5 site, I get controllers, models and views, but when I download Elmah I get a .dll and no code files. Also, I do understand the concept of transforms, but I'm just struggling right now with even getting from my programmed application into a 'package' regardless of the transforms that make it easy to integrate into another website.
These are just some of my questions I have about how to perform this particular process in developing deliverable and/or shareable software.
What you are looking to do is create a portable MVC Area project. A Portable Area is a set of reusable multi page functionality can be dropped into an application to provide rich functionality without having to custom build functionality that is literally the same in every application. An MVC Portable Area is really just a dll that contains the views, controllers, scripts, etc… needed to use in a website that is either a Web Forms website or an MVC website. A developer can use them for a reusable widget or a complete engine. I have actually used them for both. Here is a link with some basic info to get started. http://elegantcode.com/2012/04/06/mvc-portable-areas/
I am working on a web app which uses JSF. I would like to know that What are best practices and available tools for performing a load test on it.
Application is hosted on glassfish server 3.1.2.2
Depends somewhat on the site you want to test. At work we have a complex RIA, and to test it we have to reproduce user interaction. We use jMeter for this.
It's kind of messy to set up (look at the guides they have) but once this is done it's very flexible and allows you to configure and tweak many things. I particularly like its "proxy" feature where you can proxy your app through jMeter and it records everything so you can play it back later on. Note that for JSF you have to do some tricks with the ViewStateId, so google a "jmeter JSF" guide for how to set this up.
In a previous project I have used RadView WebLOAD to test a JSF site, it enable recording the user scenario and handles correlating the dynamic values.
At our company we are using Liferay for portals. My biggest issue with developing for such a huge framework is that the restart takes a lot of time even on a decent PC. We're trying to use hot deploying were it's possible but this sometimes just doesn't work (dependencies require restart, PermGen space errors occurs sometimes and Liferay have to be killed, etc.)
What i'm thinking about is that with most of our portlet's we are not really using any Liferay specific services just the JSR 168 provided things which is a standard. So i'm wondering if there's any minimal portlet environments available for Jetty or Tomcat which we can use for quicker portlet development? Of course i know that once i encounter a Liferay specific service call this is not an option.
I was testing Apache Pluto earlier which is a full blown but still lightweight portlet container however it works differently the way the portlet wars are assembled (web.xml should be modified) and it breaks compatibility in our build environment with Liferay. So it's not an option but i'm looking for something similar.
I've never used life ray portal, but too much played with GateIn portal because IBM Portal is heay, mostly for quick development on JSR-286 i used gatein
Currently used for visioneo.org, very flexible for every kind of use, large community.
Here is short summary
Liferay Currently used for visioneo.org, very flexible for every kind of use, large community.
eXo Platform Awesome look and set of web applications embedded. Last generation portal, very impressive! Based on Gatein
JBoss EPP Based on gatein, and designed to work with JBoss middleware architecture
Gatein A great portlet container. Light weight, easy to use. But unlike Liferay and eXo, it does not ship with collaborative portlets (Forum, Wiki etc.)
uPortal Beautiful portal, though its CSS are very intrusive: some BIRT styles are broken by uPortal's css.
Pluto Not really a portal, Apache Pluto can be used as a development / test platform. Often considered as a reference for portlet specifications.
Jahia Great look however not based on standards: portlets are supported but not really highlighted, a specific module technology is used instead
You might want to try the JRebel integration for Liferay. There's an introduction Webinar available, I don't know if it fully applies to the current implementation (the webinar is a bit aged) but it will give you an idea of the product/project.
Is it possible to develop a Web Part without usage of .NET technologies? I'm looking for possibilities of integration of legacy (for example java) applications into SharePoint.
Any valid way for .Net CLR to call your code will do what you want. However with that said, it is likely to be very low level, very obscure and very difficult to do.
A more straightforward approach to reusing your Java or whatever code was if there was some sort of public cross language interface for you to exploit in your .Net skeleton. The obvious answer is a REST or SOAP wrapper around the Java code but it doesn't have to be that. It could be CORBA or JMS or all sorts of things.
Even if you want to integrate Java apps, the web Part will be coded in .NET.
There are a few ways to accomplish this, all of which involve a .NET web part exposing external data. All of your common integration methods apply including exposing the legacy application through web services or even directly accessing the database - you could use whatever your organization is accustomed to with other integrations.
Another possible option, depending on your SharePoint version is the Business Data Catalog (2007) or Business Connectivity Services (2010). These options, while can be a little bit of a pain to set up (though third party tools are available) do allow for some automatic integration of other applications into SharePoint.