I have created a new project named Stripes XSS Interceptor.
This project escapes all the parameters that Stripes Framework binds during its Validation & Binding phase using a wrapped request object (a convenient implementation of the HttpServletRequest interface).
The code follows the XSS (Cross Site Scripting) security guidance posted at OWASP (Open Web Application Security Project).
Please feel free to report any bug you find in the project’s Issue Tracker.…
This example was greatly inspired by the Stripes and jQuery AJAX Forms article from Freddy Daoud, but with some nice improvements
Last week I was working on a new Stripes / AJAX example. It involves having a table listing entities, being the last row of the table a form for adding new ones.
The form gets submitted via AJAX, using jQuery, and the response is validated in order to check if the HTTP session is still valid.
If everything is OK, the list is refreshed and a success message appears. On the other hand, if validation errors occur, the list is refreshed and an error message appears.
Also, if the user’s session has expired on the server, an alert is shown to inform the user that his session is invalid, and the page is reloaded so the user can login once more.
Inspired by the Spring with Stripes integration I decided to make one for Java EE: Stripes Injection Enricher.
Stripes Injection Enricher enriches Stripes Framework objects by satisfying injection points specified declaratively using annotations. There are three injection-based enrichers provided by Stripes Injection Enricher out of the box:
@Resource - Java EE resource injections @EJB - EJB session bean reference injections @Inject - CDI injections The source code is available on GitHub at StripesFramework/stripes-injection-enricher.…
Reading the TheServerSide.COM news I’ve found a comparison’s article between Stripes and JSF frameworks.
I can’t agree more with the author Gregg Bolinger when he says Since I stumbled on Stripes, I’ve found it to be the best all around framework for my purposes.
Read it at “Stripes and JSF: A Brief Comparison”.…