tag:blogger.com,1999:blog-5936887697378880105.post8501331718707011910..comments2024-03-09T01:12:26.325-08:00Comments on Nutpan Blog: Secure your web apps with HDIVNutpanhttp://www.blogger.com/profile/06307605312954706933noreply@blogger.comBlogger15125tag:blogger.com,1999:blog-5936887697378880105.post-62955019731603451512015-12-13T00:53:15.112-08:002015-12-13T00:53:15.112-08:00Thanks for the information. I am integrating HDIV ...Thanks for the information. I am integrating HDIV with my struts1.3 application, I need your help as i am getting exception :<br /><br />SEVERE: Context initialization failed<br /><br />org.springframework.beans.factory.BeanDefinitionStoreException: Unexpected exception parsing XML document from ServletContext resource [/WEB-INF/hdiv-config.xml]; nested exception is org.springframework.beans.FatalBeanException: Invalid NamespaceHandler class [org.hdiv.config.xml.HdivNamespaceHandler] for namespace [http://www.hdiv.org/schema/hdi...]: problem with handler class file or dependent class; nested exception is java.lang.NoClassDefFoundError<br /><br />I am using following jars hdiv-struts-1-2.1.12.jar,spring-2.5.jar,hdiv-core-2.1.0.jar,hdiv-config-2.1.0.jar<br /><br />My hdic-config.xml looks like<br /><br /><br /><br />Please help me<br /><br />Thanks in advance<br /><br />AnandAnandhttps://www.blogger.com/profile/03804578749700695478noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-46825224416721049582014-02-17T23:40:13.869-08:002014-02-17T23:40:13.869-08:00Hi,
I have an existing JSP based application whic...Hi,<br /><br />I have an existing JSP based application which does not use servlets . The requests are submitted via JSP and processed by JSP using javabeans.<br /><br />Can HDIV be applied to this JSP based application. I see the HDIV docs say, they are only for frameworks like struts/spring.<br /><br />Since, this is a legacy application redesigning it is a difficult task. But, a lot of security issues have been identified in the application. so, to remediate them I am looking for a sensible option.Suryahttps://www.blogger.com/profile/11569821167453928973noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-72437202917252915402013-05-23T07:40:35.461-07:002013-05-23T07:40:35.461-07:00Hi,
Is HDIV can be worked with Thymeleaf and html ...Hi,<br />Is HDIV can be worked with Thymeleaf and html without jsp as front end.Anonymoushttps://www.blogger.com/profile/03376009836799954132noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-3441227827368803342012-11-26T02:49:46.696-08:002012-11-26T02:49:46.696-08:00Nuptan,
I did not properly use the C tag. After i...Nuptan, <br />I did not properly use the C tag. After inputting the correct syntax, I was able to do it correctly. <br /><br /><br />Also, I have one question, can we exclude any page from the HDIV validation. Like, it is not the starting page, but it is some URL that caters to the AJAX request. I tried to configure it within the tag and it didnot work. Also what is the purpose of . DO you know anything about it?Mageshhttps://www.blogger.com/profile/11146448607391590361noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-9733915954537751192012-09-27T13:03:30.573-07:002012-09-27T13:03:30.573-07:00using,
hdiv-spring-mvc-2.5-2.0.3.jar
hdiv-core-2.0...using,<br />hdiv-spring-mvc-2.5-2.0.3.jar<br />hdiv-core-2.0.3.jar<br /><br />EditableParameterValidator is not working, I tried to debug the class, found <br />Hashtable editableParameters = (Hashtable)RequestContextHolder.getRequestAttributes().getAttribute("org.hdiv.action.EDITABLE_PARAMETER_ERROR", 0);<br /><br />editableParameters - as null so its going as normal flow, Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-19148063406996742972012-09-20T02:38:11.709-07:002012-09-20T02:38:11.709-07:00I'd like to add that it gives me the error pag...I'd like to add that it gives me the error page for all other applicable cases (missing parameters, wrong hdiv state,...)Guy Of Haggerhttps://www.blogger.com/profile/04392732146758065045noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-21337214828577768802012-09-20T00:35:23.667-07:002012-09-20T00:35:23.667-07:00Hi, I have configured HDIV as you have said. Howev...Hi, I have configured HDIV as you have said. However, when I submit a form with text that would fail the editable validations it puts an error message in the log but it still proceeds as normal and submits the form to the controller; it doesn't block the request. Do you have any idea what could be wrong?<br /><br />Using spring 3.1.Guy Of Haggerhttps://www.blogger.com/profile/04392732146758065045noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-6122334979078949052012-08-26T02:25:17.831-07:002012-08-26T02:25:17.831-07:00great Magesh... if you can share what was the prob...great Magesh... if you can share what was the problem you faced and how you overcome that, it will be useful for others. Nutpanhttps://www.blogger.com/profile/06307605312954706933noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-5524884498818665732012-08-23T19:56:32.283-07:002012-08-23T19:56:32.283-07:00Thanks. I was able to make it work!!!Thanks. I was able to make it work!!!Mageshhttps://www.blogger.com/profile/11146448607391590361noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-53709878218822153172012-08-20T20:04:47.258-07:002012-08-20T20:04:47.258-07:00When I disable the HDIV Validator filter in the we...When I disable the HDIV Validator filter in the web.xml, the flow and all the webpages are displayed correctly. But if I enable the validator, always it is redirected to the error page. Mageshhttps://www.blogger.com/profile/11146448607391590361noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-50899296105604921062012-08-20T18:28:10.355-07:002012-08-20T18:28:10.355-07:00I am able to get the image and the CSS. I have add...I am able to get the image and the CSS. I have added the necessary configurations in excludedExtensions in hdiv-config.xml.Mageshhttps://www.blogger.com/profile/11146448607391590361noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-57299403216460280152012-08-20T18:16:52.471-07:002012-08-20T18:16:52.471-07:00Thanks for your response Nutpan. I ran into some o...Thanks for your response Nutpan. I ran into some other problems and is described below.<br /><br />I have included the initial landing page as index.jsp and redirected to the login page. The login page is displayed but the CSS and the images are not displayed.From the logger I could see the error message<br /><br />[ INFO] [http-bio-7780-exec-4 09:04:47] (Logger.java:log:66) HDIV_PARAMETER_NOT_EXISTS;/sample/login.htm;jsessionid=8960F3999D17C62D889620C4DB77D187;_HDIV_STATE_;null;127.0.0.1;127.0.0.1;user<br />[ INFO] [http-bio-7780-exec-6 09:04:47] (MainController.java:displayLogin:61) Login Page GET MEthod called !<br />[ INFO] [http-bio-7780-exec-7 09:04:50] (Logger.java:log:66) HDIV_PARAMETER_NOT_EXISTS;/sample/resources/img/header_bg.jpg;_HDIV_STATE_;null;127.0.0.1;127.0.0.1;user.<br /><br /><br />Also after successful login, it is redirected to the error page defined in the hdiv-config.xml. From the log, I could see the following message.<br /><br />[ INFO] [http-bio-7780-exec-6 09:05:16] (Logger.java:log:66) HDIV_PARAMETER_NOT_EXISTS;/sample/home.htm;_HDIV_STATE_;null;127.0.0.1;127.0.0.1;user.<br /><br />Can you give any pointers on this regard ? What might be the problem ? I have included all the configurations as specified by you.Mageshhttps://www.blogger.com/profile/11146448607391590361noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-1287869319984349672012-08-20T18:15:08.821-07:002012-08-20T18:15:08.821-07:00This comment has been removed by the author.Mageshhttps://www.blogger.com/profile/11146448607391590361noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-57687450645558101672012-08-19T23:05:49.423-07:002012-08-19T23:05:49.423-07:00Thanks Magesh,
Actually you have to exclude initi...Thanks Magesh,<br /><br />Actually you have to exclude initial/landing hdiv hash generating page from spring security. In my example above the index.jsp file in Step 5 should be excluded in spring security. you don't need to exclude any thing else from hdiv or spring security. Hope it helps. All the best...Nutpanhttps://www.blogger.com/profile/06307605312954706933noreply@blogger.comtag:blogger.com,1999:blog-5936887697378880105.post-16183161607568183572012-08-17T01:48:58.016-07:002012-08-17T01:48:58.016-07:00Good one!! Can you give the configurations for usi...Good one!! Can you give the configurations for using with Spring Security. I have tried with excluding the spring security pages in the hdiv-config.xml. But still, am not able to get to the login page. Is the landing or starting page should be applied to all the page?Mageshhttps://www.blogger.com/profile/11146448607391590361noreply@blogger.com