Search Results

Search found 5991 results on 240 pages for 'w3 validation'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 30/240 | < Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37  | Next Page >

  • OpenSource License Validation [closed]

    - by Macmade
    I'm basically looking for some kind of FLOSS/OpenSource license validation service. I have special needs for some projects I'd like to open-source. I know there's actually tons of different FLOSS/OpenSource licenses, each one suitable for some specific purpose, and that creating a «new» one is not something recommended, usually. Anyway, even if I'm not an expert in the legal domain, I've got some experience with FLOSS/OpenSource, at a legal level, and it seems there's just no license covering my needs. I actually wrote the license terms I'd like to use, and contacted the FSF, asking them to review that license, as it seems (at least that's written on their website) they can do such review work. No answer. I tried repetitively, but no luck. So I'm currently looking for an alternate legal expertise about that specific license. I don't mind paying such a service, as long as I can be sure the license can be recognised as a FLOSS/OpenSource license. About the license, it's basically a mix of a BSD (third-clause) with a BOOST software license. The difference is about redistribution. Source code redistribution shall retain the copyright novices. The same applies for binary redistribution (like BSD), unless it's distributed as a library (more like BOOST). I hope this question is OK for programmers.stackexchange. I'm usually more active on StackOverflow, but it just seems the right place for such a question. So thank you for your time and enlightened advices. : )

    Read the article

  • BizTalk Schema Validation

    - by Christopher House
    Perhaps this one should be filed under:  Obvious Yesterday I created a new schema that is going to be used for a WCF receive.  The schema has a bunch of restrictions in it, with the intention that we'd validate incoming messages against the schema.  I'd never done message validation with BizTalk but I knew the XmlDisassembler component had an option for validating, so I figured it would be a piece of cake.  Sadly, that was not to be the case.  I deployed my artifacts and configured my receive location's XmlDisassembler with what I thought to be the correct document spec name.  I entered My.Project.Name.SchemaTypeName for the document spec and started running unit tests.  All of them failed with the following error logged in the event log: "WcfReceivePort_BizTalkWcfService/PurchaseOrderService" URI: "/BizTalkWcfService/PurchaseOrderService.svc" Reason: No Disassemble stage components can recognize the data. I went to the receive port and turned on tracking, submitted another message, then went to the admin console and saved the message.  It looked correct, but just to be sure, I manually validated it against the schema in my project.  As expected, it validated correctly. After a bit of thinking on this, I realized that I probably needed to fully qualify my document spec name, meaning, include the assembly name, as well as the type name.  So, I went back to the receive location and changed the document spec to: My.Project.Name.SchemaTypeName, My.Project.Name,Version=1.0.0.0, Culture=neutral, PublicKeyToken=xxxxxxxxx I re-ran my unit tests and everything was working as expected.  So, note to self:  remember to include the assembly name when setting the document spec.  If you need an easy way to determine your schema name and assembly name, find your schema in the admin console and go to it's properties.  On the property screen, look at the Name and Assembly properties.  Your document spec will be "SchemaName, AssemblyName"

    Read the article

  • Generating Java classes out of XMLSchema.xsd using JAXB

    - by Christian Schulz
    I'm using jaxb to generate java classes out of a xml schema. The schema imports XMLSchema.xsd and its content is used as an element in the document. If I remove the import and the reference to "xsd:schema" respectively then the binding compiler generates successfully the classes. If I do not then it would produce the following errors, which are the same if I would try to generate Java classes from the XMLSchema.xsd only! C:\Users\me"%JAXB%/xjc" -extension -d tmp/uisocketdesc -p uis.jaxb uisocketdesc.xsd -b xml_binding_test.xml -b xml_binding_test_2.xml -b xml_binding_test_3.xml parsing a schema... compiling a schema... [ERROR] A class/interface with the same name "uis.jaxb.ComplexType" is already in use. Use a class customization to resolve this conflict. line 612 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] (Relevant to above error) another "ComplexType" is generated from here. line 440 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] A class/interface with the same name "uis.jaxb.Attribute" is already in use. Use a class customization to resolve this conflict. line 364 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] (Relevant to above error) another "Attribute" is generated from here. line 1020 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] A class/interface with the same name "uis.jaxb.SimpleType" is already in use. Use a class customization to resolve this conflict. line 2278 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] (Relevant to above error) another "SimpleType" is generated from here. line 2222 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] A class/interface with the same name "uis.jaxb.Group" is already in use. Use a class customization to resolve this conflict. line 930 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] (Relevant to above error) another "Group" is generated from here. line 727 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] A class/interface with the same name "uis.jaxb.AttributeGroup" is already in use. Use a class customization to resolve this conflict. line 1062 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] (Relevant to above error) another "AttributeGroup" is generated from here. line 1026 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] A class/interface with the same name "uis.jaxb.Element" is already in use. Use a class customization to resolve this conflict. line 721 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] (Relevant to above error) another "Element" is generated from here. line 647 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] Two declarations cause a collision in the ObjectFactory class. line 1020 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] (Related to above error) This is the other declaration. line 364 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] Two declarations cause a collision in the ObjectFactory class. line 2278 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] (Related to above error) This is the other declaration. line 2222 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] Two declarations cause a collision in the ObjectFactory class. line 930 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] (Related to above error) This is the other declaration. line 727 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] Two declarations cause a collision in the ObjectFactory class. line 440 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] (Related to above error) This is the other declaration. line 612 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] Two declarations cause a collision in the ObjectFactory class. line 1026 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] (Related to above error) This is the other declaration. line 1062 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] Two declarations cause a collision in the ObjectFactory class. line 647 of "http://www.w3.org/2001/XMLSchema.xsd" [ERROR] (Related to above error) This is the other declaration. line 721 of "http://www.w3.org/2001/XMLSchema.xsd" Failed to produce code.

    Read the article

  • Regex | validation error

    - by MMRUser
    I'm trying to validate a USA mobile number, since I'm using pre-built javascript validation library I just replaced this regex validation with the previous one which comes with the validation library. previous validation regex: "telephone":{ "regex":"/^[0-9\-\(\)\ ]{10,10}$/", "alertText":"* Invalid phone number"}, This works like 2126661234 but not in USA standard. After I changed: "telephone":{ "regex":"/^[2-9]\d{2}-\d{3}-\d{4}$/", "alertText":"* Invalid phone number"}, Now every entry I get an error even if I enter 212-666-1234 I really don't know what is the wrong, so I'm expecting some help.

    Read the article

  • FBML + jquery Validation + Rails

    - by user359467
    Hi all, In my local machine i have a scaffold that uses Jquery Validation plugin for the field's validation. Now i want to add that to a fbml facebook application, but i'm haven't been able to load the jquery javascript and the jquery Validation plugin into the app, does anybody now how to do that? or maybe someone could suggest me a better way of doing validation inside a facebook application. Thanks in Advance Ernesto Carrión

    Read the article

  • Data Annotations validation Built into model

    - by Josh
    I want to build an object model that automatically wires in validation when I attempt to save an object. I am using DataAnnotations for my validation, and it all works well, but I think my inheritance is whacked. I am looking here for some guidance on a better way to wire in my validation. So, to build in validation I have this interface public interface IValidatable { bool IsValid { get; } ValidationResponse ValidationResults { get; } void Validate(); } Then, I have a base class that all my objects inherit from. I did a class because I wanted to wire in the validation calls automatically. The issue is that the validation has to know the type of the class is it validating. So I use Generics like so. public class CoreObjectBase<T> : IValidatable where T : CoreObjectBase<T> { #region IValidatable Members public virtual bool IsValid { get { // First, check rules that always apply to this type var result = new Validator<T>().Validate((T)this); // return false if any violations occurred return !result.HasViolations; } } public virtual ValidationResponse ValidationResults { get { var result = new Validator<T>().Validate((T)this); return result; } } public virtual void Validate() { // First, check rules that always apply to this type var result = new Validator<T>().Validate((T)this); // throw error if any violations were detected if (result.HasViolations) throw new RulesException(result.Errors); } #endregion } So, I have this circular inheritance statement. My classes look like this then: public class MyClass : CoreObjectBase<MyClass> { } But the problem occurs when I have a more complicated model. Because I can only inherit from one class, when I have a situation where inheritance makes sense I believe the child classes won't have validation on their properties. public class Parent : CoreObjectBase<Parent> { //properties validated } public class Child : Parent { //properties not validated? } I haven't really tested the validation in these cases yet, but I am pretty sure that anything in child with a data annotation on it will not be automatically validated when I call Child.Validate(); due to the way the inheritance is configured. Is there a better way to do this?

    Read the article

  • How to add request validation errors to ModelStateDictionary in ASP.NET MVC?

    - by Morten Christiansen
    Investigating the security of a system I'm building with ASP.NET MVC 2 led me to discover the request validation feature of ASP.NET - a very neat feature, indeed. But obviously I don't just want to present the users with the Yellow Screen of Death when they enter data with HTML in, so I'm out to find a better solution. My idea is to find all the fields that have invalid data and add them to the ModelStateDictionary before invoking the action such that they automatically appear in the UI as error messages. After googling this a bit it appears that no one have implemented this before which I find puzzling since it seems so obvious. Does anyone here have a suggestion on how to do this? My own idea is to supply a custom ControllerActionInvoker to the controller, as described here, that somehow checks for this and modifies the ModelStateDictionary but I'm stuck on how to do this last bit. Just catching HttpRequestValidationException exceptions does not seem a useful approach since it does not actually contain all the information I need.

    Read the article

  • Jquery validation, step by step validate on click function.

    - by Alex
    Trying to get jquery validation plugin work with my step by step form and here is the function i made. It works but only with first step. Any other step or final submit wont work in that case. If anyone could have a look whats wrong with my code i would appreciate the most. Thank you. function StepByStep(){ var a = { rules: { fieldname1: "required", fieldname2: "required", } } var b = { rules: { fieldname3:"required" } } var aStep = $("form").validate(a); var bStep = $("form").validate(b); $('input.nextStep').click(function(){ if (aStep.form()) { //open step 2 function } return false }); $('input.submit').click(function(){ if (bStep.form()) { $('form').submit(); } return false }); }

    Read the article

  • Codeigniter Form Validation - how to unset form values after success?

    - by BrynJ
    I realise this request goes against the example provided in the CI documentation (which advises a separate 'success' page view), but I would like to reutilise a given form view after a form has been successfully submitted - displaying a success message then displaying a blank form. I've tried a few ways unsuccessfully to clear the validation set values (unsetting $_POST, setting rules / fields to an empty array and rerunning validatio). I could redirect to the same page, but then I'd have to set a session variable to display a success message - which is a messy approach. Any ideas how to achieve the above?

    Read the article

  • How to handle set based consistency validation in CQRS?

    - by JD Courtoy
    I have a fairly simple domain model involving a list of Facility aggregate roots. Given that I'm using CQRS and an event-bus to handle events raised from the domain, how could you handle validation on sets? For example, say I have the following requirement: Facility's must have a unique name. Since I'm using an eventually consistent database on the query side, the data in it is not guaranteed to be accurate at the time the event processesor processes the event. For example, a FacilityCreatedEvent is in the query database event processing queue waiting to be processed and written into the database. A new CreateFacilityCommand is sent to the domain to be processed. The domain services query the read database to see if there are any other Facility's registered already with that name, but returns false because the CreateNewFacilityEvent has not yet been processed and written to the store. The new CreateFacilityCommand will now succeed and throw up another FacilityCreatedEvent which would blow up when the event processor tries to write it into the database and finds that another Facility already exists with that name.

    Read the article

  • Standard way of allowing general XML data

    - by Greg Jackson
    I'm writing a data gathering and reporting application that takes XML files as input, which will then be read, processed, and stored in a strongly-typed database. For example, an XML file for a "Job" might look like this: <Data type="Job"> <ID>12345</ID> <JobName>MyJob</JobName> <StartDate>04/07/2012 10:45:00 AM</StartDate> <Files> <File name="a.jpeg" path="images\" /> <File name="b.mp3" path="music\mp3\" /> </Files> </Data> I'd like to use a schema to have a standard format for these input files (depending on what type of data is being used, for example "Job", "User", "View"), but I'd also like to not fail validation if there is extra data provided. For example, perhaps a Job has additional properties such as "IsAutomated", "Requester", "EndDate", and so on. I don't particularly care about these extra properties. If they are included in the XML, I'll simply ignore them when I'm processing the XML file, and I'd like validation to do the same, without having to include in the schema every single possible property that a customer might provide me with. Is there a standard way of providing such a schema, or of allowing such a general XML file that can still be validated without resorting to something as naïve (and potentially difficult to deal with) as the below? <Data type="Job"> <Data name="ID">12345</Data> . . . <Data name="Files"> <Data name="File"> <Data name="Filename">a.jpeg</Data> <Data name="path">images</Data> . . . </Data> </Data>

    Read the article

  • Page_BlockSubmit - reset it to False, if there is a scenario when page doesn't postback on validation error

    - by Vipin
    Recently, I was facing a problem where if there was a validation error, and if I changed the state of checkbox it won't postback on first attempt. But when I uncheck and check again , it postbacks on second attempt...this is some quirky behaviour in .ASP.Net platform. The solution was to reset Page_BlockSubmit flag to false and it works fine. The following explanation is from http://lionsden.co.il/codeden/?p=137&cpage=1#comment-143   Submit button on the page is a member of vgMain, so automatically it will only run the validation on that group. A solution is needed that will run validation on multiple groups and block the postback if needed. Solution Include the following function on the page: function DoValidation() { //validate the primary group var validated = Page_ClientValidate('vgPrimary ');   //if it is valid if (validated) { //valid the main group validated = Page_ClientValidate('vgMain'); }   //remove the flag to block the submit if it was raised Page_BlockSubmit = false;   //return the results return validated; } Call the above function from the submit button’s OnClientClick event. <asp:Button runat="server" ID="btnSubmit" CausesValidation="true" ValidationGroup="vgMain" Text="Next" OnClick="btnSubmit_Click" OnClientClick="return DoValidation();" /> What is Page_BlockSubmit When the user clicks on a button causing a full post back, after running Page_ClientValidate ASP.NET runs another built in function ValidatorCommonOnSubmit. Within Page_ClientValidate, Page_BlockSubmit is set based on the validation. The postback is then blocked in ValidatorCommonOnSubmit if Page_BlockSubmit is true. No matter what, at the end of the function Page_BlockSubmit is always reset back to false. If a page does a partial postback without running any validation and Page_BlockSubmit has not been reset to false, the partial postback will be blocked. In essence the above function, RunValidation, acts similar to ValidatorCommonOnSubmit. It runs the validation and then returns false to block the postback if needed. Since the built in postback is never run, we need to reset Page_BlockSubmit manually before returning the validation result.

    Read the article

  • ASP.NEt MVC 2 Client validation function in Ajax form

    - by user295541
    Hello, My problem is the following: I'm using client validation function of the MVC 2.0 framework. Everything is nice, when I use the validation in a simple form. But when I use an Ajax form, and I update the fields of the ajax form. After the client validation dosen't work. Exactly: the ajax postback is not fired, but the validation message is not shown. I think about, I have to refresh the validation after the ajax call but I dont know how I should do it. Anybody can help me?

    Read the article

  • Can't seem to get Prototype AJAX form validation to work in conjunction with Codeigniter

    - by MattB
    Is there some kind of trick involved? Here's how I would envision it working: 1) User tries submitting the form 2) Event.observe captures this and sends an AJAX request to a special validation URL (PHP using Codeigniter) 3) If no errors were returned, continue submitting the original form 4) If errors were found, cancel form submission and display Mostly, I can't seem to get a separate AJAX validation request to work as the form continues submitting. I could use Event.stop(event), but have not found a way to re-start the process if no validation errors exist from the validation call. I'd post code, but I have about 15 examples of things I've tried and it would just clutter this question. Any ideas? :-( I didn't think form validation would be this difficult. Many thanks, - Matt

    Read the article

  • Implementing a post-notification function to perform custom validation

    - by Alejandro Sosa
    Introduction Oracle Workflow Notification System can be extended to perform extra validation or processing via PLSQL procedures when the notification is being responded to. These PLSQL procedures are called post-notification functions since they are executed after a notification action such as Approve, Reject, Reassign or Request Information is performed. The standard signature for the post-notification function is     procedure <procedure_name> (itemtype  in varchar2,                                itemkey   in varchar2,                                actid     in varchar2,                                funcmode  in varchar2,                                resultout in out nocopy varchar2); Modes The post-notification function provides the parameter 'funcmode' which will have the following values: 'RESPOND', 'VALIDATE, and 'RUN' for a notification is responded to (Approve, Reject, etc) 'FORWARD' for a notification being forwarded to another user 'TRANSFER' for a notification being transferred to another user 'QUESTION' for a request of more information from one user to another 'QUESTION' for a response to a request of more information 'TIMEOUT' for a timed-out notification 'CANCEL' when the notification is being re-executed in a loop. Context Variables Oracle Workflow provides different context information that corresponds to the current notification being acted upon to the post-notification function. WF_ENGINE.context_nid - The notification ID  WF_ENGINE.context_new_role - The new role to which the action on the notification is directed WF_ENGINE.context_user_comment - Comments appended to the notification   WF_ENGINE.context_user - The user who is responsible for taking the action that updated the notification's state WF_ENGINE.context_recipient_role - The role currently designated as the recipient of the notification. This value may be the same as the value of WF_ENGINE.context_user variable, or it may be a group role of which the context user is a member. WF_ENGINE.context_original_recipient - The role that has ownership of and responsibility for the notification. This value may differ from the value of the WF_ENGINE.context_recipient_role variable if the notification has previously been reassigned.  Example Let us assume there is an EBS transaction that can only be approved by a certain people thus any attempt to transfer or delegate such notification should be allowed only to users SPIERSON or CBAKER. The way to implement this functionality would be as follows: Edit the corresponding workflow definition in Workflow Builder and open the notification. In the Function Name enter the name of the procedure where the custom code is handled, for instance, TEST_PACKAGE.Post_Notification In PLSQL create the corresponding package TEST_PACKAGE with a procedure named Post_Notification, as follows:     procedure Post_Notification (itemtype  in varchar2,                                  itemkey   in varchar2,                                  actid     in varchar2,                                  funcmode  in varchar2,                                  resultout in out nocopy varchar2) is     l_count number;     begin       if funcmode in ('TRANSFER','FORWARD') then         select count(1) into l_count         from WF_ROLES         where WF_ENGINE.context_new_role in ('SPIERSON','CBAKER');               --and/or any other conditions         if l_count<1 then           WF_CORE.TOKEN('ROLE', WF_ENGINE.context_new_role);           WF_CORE.RAISE('WFNTF_TRANSFER_FAIL');         end if;       end if;     end Post_Notification; Launch the workflow process with the changed notification and attempt to reassign or transfer it. When trying to reassign the notification to user CBROWN the screen would like like below: Check the Workflow API Reference Guide, section Post-Notification Functions, to see all the standard, seeded WF_ENGINE variables available for extending notifications processing. 

    Read the article

  • Excel table column validation next row

    - by Kamlesh Doctor
    I made a table with first column formatted to DATE. In the first row I entered the date manually. In SECOND column I entered validation of date = previous date. I copied this table 8 times. In 5 tables when row is added the validation also appears in the next cell, but in 3 tables it does not. How can I correct this? I tried making a similar new table but the validation condition does not appear in the new row. Please reply.

    Read the article

  • how get validation messages from mangomapper using rails console ?

    - by Alex
    Hi, I am basically teaching myself how to use RoR and MongoDB at the same time. I am following the very good book / tutorial : http://railstutorial.org/ I decided to replace Sqlite3 by MongoDB using the mongomapper gem. Everything works out about alright, but I am having some non-blocking little issues that I truly wish I could get rid of. In chapter 6, when working with validation I got 2 issues: - I don't know how to get the validations messages back like with Sqlite3. The "standard" code is: $ rails console --sandbox >> user = User.new(:name => "", :email => "[email protected]") >> user.save => false >> user.valid? => false >> user.errors.full_messages => ["Name can't be blank"] but if I try to do the same with MongoMapper, it throws an error saying that errors is undefined function. So does it mean that this is simply not implemented in mongomapper / mongo driver ? Or is there some other clever way to do this that I could not figure ? Additional, 2 things here: - I following the exemple in the book to the line, so I was expecting to be able to use the console in sandbox mode, but apparently that does not work either: (...)ruby-1.9.2-p136@rails3/gems/railties-3.0.3/lib/rails/console/sandbox.rb:1:in `<top (required)>': uninitialized constant ActiveRecord (NameError) from /Users/Alex/.rvm/gems/ruby-1.9.2-p136@rails3/gems/railties-3.0.3/lib/rails/application.rb:226:in `initialize_console' from /Users/Alex/.rvm/gems/ruby-1.9.2-p136@rails3/gems/railties-3.0.3/lib/rails/application.rb:153:in `load_console' from /Users/Alex/.rvm/gems/ruby-1.9.2-p136@rails3/gems/railties-3.0.3/lib/rails/commands/console.rb:26:in `start' from /Users/Alex/.rvm/gems/ruby-1.9.2-p136@rails3/gems/railties-3.0.3/lib/rails/commands/console.rb:8:in `start' from /Users/Alex/.rvm/gems/ruby-1.9.2-p136@rails3/gems/railties-3.0.3/lib/rails/commands.rb:23:in `<top (required)>' from script/rails:6:in `require' from script/rails:6:in `<main>' Also, in the book they call "user" but I need to call "User" (note the capital U) why is that ? Is it like mangomapper does not follow the Ruby naming convention or something ? And finally, I am trying to validate the field email with a regex as shown in the tutorial. It does not throws any errors at the code, but whenever I try to insert it just won't ever accept it unless I comment out the :format option... class User include MongoMapper::Document key :name, String, :required => true, :length => { :maximum => 50 } key :email, String, :required => true, # :format => { :with => email_regex }, :uniqueness => { :case_sentitive => false} timestamps! end Any advices you can provide on those topics would help me a lot ! Thanks, Alex

    Read the article

  • Glassfish4 throw exception when I declare validation.xml file on classpath

    - by Rafael Ruiz Tabares
    I've tried to declare a custom validator for @NotNull constraint and Glassfish4 throw this exception when find /META-INF/validation.xml. Project works fine if I omit this file. Exception while dispatching an event java.lang.IllegalStateException: Singleton not set for WebappClassLoader(delegate=true; repositories=WEB-INF/classes/) at org.glassfish.weld.ACLSingletonProvider$ACLSingleton.get(ACLSingletonProvider.java:110) at org.jboss.weld.Container.instance(Container.java:54) at org.jboss.weld.bootstrap.WeldBootstrap.shutdown(WeldBootstrap.java:644) at org.glassfish.weld.WeldDeployer.doBootstrapShutdown(WeldDeployer.java:309) at org.glassfish.weld.WeldDeployer.event(WeldDeployer.java:220) at org.glassfish.kernel.event.EventsImpl.send(EventsImpl.java:131) at org.glassfish.internal.data.ApplicationInfo.load(ApplicationInfo.java:328) at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:493) at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:219) at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:491) at com.sun.enterprise.v3.admin.CommandRunnerImpl$2$1.run(CommandRunnerImpl.java:527) at com.sun.enterprise.v3.admin.CommandRunnerImpl$2$1.run(CommandRunnerImpl.java:523) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at com.sun.enterprise.v3.admin.CommandRunnerImpl$2.execute(CommandRunnerImpl.java:522) at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:546) at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1423) at com.sun.enterprise.v3.admin.CommandRunnerImpl.access$1500(CommandRunnerImpl.java:108) at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1762) at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1674) at org.glassfish.admin.rest.resources.admin.CommandResource.executeCommand(CommandResource.java:396) at org.glassfish.admin.rest.resources.admin.CommandResource.execCommandSimpInMultOut(CommandResource.java:234) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:125) at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:91) at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:346) at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:341) at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:101) at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:224) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) at org.glassfish.jersey.internal.Errors.process(Errors.java:315) at org.glassfish.jersey.internal.Errors.process(Errors.java:297) at org.glassfish.jersey.internal.Errors.process(Errors.java:267) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:198) at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:946) at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:331) at org.glassfish.admin.rest.adapter.JerseyContainerCommandService$3.service(JerseyContainerCommandService.java:165) at org.glassfish.admin.rest.adapter.RestAdapter.service(RestAdapter.java:181) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:246) at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:191) at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:168) at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:189) at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206) at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136) at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114) at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77) at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838) at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544) at java.lang.Thread.run(Thread.java:744) ]] [2014-06-09T19:37:52.476+0200] [glassfish 4.0] [SEVERE] [AS-WEB-CORE-00108] [javax.enterprise.web.core] [tid: _ThreadID=32 _ThreadName=admin-listener(1)] [timeMillis: 1402335472476] [levelValue: 1000] [[ ContainerBase.addChild: start: org.apache.catalina.LifecycleException: java.lang.IllegalArgumentException: javax.servlet.ServletException: com.sun.enterprise.container.common.spi.util.InjectionException: Error creating managed object for class: class org.jboss.weld.servlet.WeldListener at org.apache.catalina.core.StandardContext.start(StandardContext.java:5864) at com.sun.enterprise.web.WebModule.start(WebModule.java:691) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:1041) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:1024) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:747) at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:2278) at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1924) at com.sun.enterprise.web.WebApplication.start(WebApplication.java:139) at org.glassfish.internal.data.EngineRef.start(EngineRef.java:122) at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:291) at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:352) at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:497) at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:219) at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:491) at com.sun.enterprise.v3.admin.CommandRunnerImpl$2$1.run(CommandRunnerImpl.java:527) at com.sun.enterprise.v3.admin.CommandRunnerImpl$2$1.run(CommandRunnerImpl.java:523) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at com.sun.enterprise.v3.admin.CommandRunnerImpl$2.execute(CommandRunnerImpl.java:522) at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:546) at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1423) at com.sun.enterprise.v3.admin.CommandRunnerImpl.access$1500(CommandRunnerImpl.java:108) at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1762) at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1674) at org.glassfish.admin.rest.resources.admin.CommandResource.executeCommand(CommandResource.java:396) at org.glassfish.admin.rest.resources.admin.CommandResource.execCommandSimpInMultOut(CommandResource.java:234) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:125) at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:91) at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:346) at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:341) at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:101) at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:224) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) at org.glassfish.jersey.internal.Errors.process(Errors.java:315) at org.glassfish.jersey.internal.Errors.process(Errors.java:297) at org.glassfish.jersey.internal.Errors.process(Errors.java:267) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:198) at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:946) at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:331) at org.glassfish.admin.rest.adapter.JerseyContainerCommandService$3.service(JerseyContainerCommandService.java:165) at org.glassfish.admin.rest.adapter.RestAdapter.service(RestAdapter.java:181) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:246) at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:191) at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:168) at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:189) at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206) at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136) at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114) at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77) at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838) at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544) at java.lang.Thread.run(Thread.java:744) Caused by: java.lang.IllegalArgumentException: javax.servlet.ServletException: com.sun.enterprise.container.common.spi.util.InjectionException: Error creating managed object for class: class org.jboss.weld.servlet.WeldListener at org.apache.catalina.core.StandardContext.addListener(StandardContext.java:3270) at org.apache.catalina.core.StandardContext.addApplicationListener(StandardContext.java:2476) at com.sun.enterprise.web.TomcatDeploymentConfig.configureApplicationListener(TomcatDeploymentConfig.java:251) at com.sun.enterprise.web.TomcatDeploymentConfig.configureWebModule(TomcatDeploymentConfig.java:110) at com.sun.enterprise.web.WebModuleContextConfig.start(WebModuleContextConfig.java:266) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:486) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:163) at org.apache.catalina.core.StandardContext.start(StandardContext.java:5861) ... 66 more Caused by: javax.servlet.ServletException: com.sun.enterprise.container.common.spi.util.InjectionException: Error creating managed object for class: class org.jboss.weld.servlet.WeldListener at org.apache.catalina.core.StandardContext.createListener(StandardContext.java:3391) at org.apache.catalina.core.StandardContext.loadListener(StandardContext.java:5414) at com.sun.enterprise.web.WebModule.loadListener(WebModule.java:1788) at org.apache.catalina.core.StandardContext.addListener(StandardContext.java:3268) ... 73 more Caused by: com.sun.enterprise.container.common.spi.util.InjectionException: Error creating managed object for class: class org.jboss.weld.servlet.WeldListener at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl.createManagedObject(InjectionManagerImpl.java:329) at com.sun.enterprise.web.WebContainer.createListenerInstance(WebContainer.java:1015) at com.sun.enterprise.web.WebModule.createListenerInstance(WebModule.java:2158) at org.apache.catalina.core.StandardContext.createListener(StandardContext.java:3389) ... 76 more Caused by: java.lang.NullPointerException at org.jboss.weld.bootstrap.WeldBootstrap.getManager(WeldBootstrap.java:435) at org.glassfish.weld.services.JCDIServiceImpl.createManagedObject(JCDIServiceImpl.java:320) at org.glassfish.weld.services.JCDIServiceImpl.createManagedObject(JCDIServiceImpl.java:263) at com.sun.enterprise.container.common.impl.managedbean.ManagedBeanManagerImpl.createManagedBean(ManagedBeanManagerImpl.java:485) at com.sun.enterprise.container.common.impl.managedbean.ManagedBeanManagerImpl.createManagedBean(ManagedBeanManagerImpl.java:439) at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl.createManagedObject(InjectionManagerImpl.java:313) ... 79 more This is constraint xml file <constraint-definition annotation="org.hibernate.validator.constraints.NotNull"> <validated-by include-existing-validators="true"> <value>es.project.validator.customConstraint.NotEmptyValidator</value> </validated-by> </constraint-definition> And validation.xml <validation-config xmlns="http://jboss.org/xml/ns/javax/validation/configuration" xsi:schemaLocation="http://jboss.org/xml/ns/javax/validation/configuration validation-configuration-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <constraint-mapping>META-INF/validation/mapping.xml</constraint-mapping> Project's structure WEB-INF +----\classes +-------\META-INF ------- validation.xml ----------\validation +----------\mapping.xml Validator code import javax.validation.ConstraintValidator; import javax.validation.ConstraintValidatorContext; import javax.validation.constraints.NotNull; import org.hibernate.validator.constraintvalidation.HibernateConstraintValidatorContext; public class NotEmptyValidator implements ConstraintValidator<NotNull,Object> { @Override public void initialize(NotNull constraintAnnotation) { } @Override public boolean isValid(Object value, ConstraintValidatorContext context) { if(value.toString().isEmpty()){ ........... ........... ........... } return true; } }

    Read the article

  • Django inlineformset validation and delete

    - by Andrew Gee
    Hi, Can someone tell me if a form in an inlineformset should go through validation if the DELETE field is checked. I have a form that uses an inlineformset and when I check the DELETE box it fails because the required fields are blank. If I put data in the fields it will pass validation and then be deleted. Is that how it is supposed to work, I would have thought that if it is marked for delete it would bypass the validation for that form. Regards Andrew Follow up - but I would still appreciate some others opinions/help What I have figured out is that for validation to work the a formset form must either be empty or complete(valid) otherwise it will have errors when it is created and will not be deleted. As I have a couple of hidden fields in my formset forms and they are pre-populated when the page loads via javascript the form fails validation on the other required fields which might still be blank. The way I have gotten around this by adding in a check in the add_fields that tests if the DELETE input is True and if it is it makes all fields on the form not required, which means it passes validation and will then delete. def add_fields(self, form, index) #add other fields that are required.... deleteValue = form.fields['DELETE'].widget.value_from datadict(form.data, form.files, form.add_prefix('DELETE')) if bool(deleteValue) or deleteValue == '': for name, field in form.fields.items(): form.fields[name].required= False This seems to be an odd way to do things but I cannot figure out another way. Is there a simpler way that I am missing? I have also noticed that when I add the new form to my page and check the Delete box, there is no value passed back via the request, however an existing form (one loaded from the database) has a value of on when the Delete box is checked. If the box is not checked then the input is not in the request at all. Thanks Andrew

    Read the article

  • How can I get jQuery validation plugin Ketchup to stop an Ajax form submission when validation fails?

    - by Marshall Sontag
    I'm using Ruby on Rails, Formtastic gem, jQuery and ketchup to validate my form. I'm submitting the form created by Formtastic inside a modal box using ajax: <% semantic_form_remote_for @contact_form, :url => '/request/contact' do |f| %> I have a validation plugin verifying the fields on the form: $(document).ready(function() { $("#new_contact_form").ketchup(); }); The problem is that semantic_form_remote_for generates an onSubmit ajax request that the jQuery validation plugins won't prevent, since it's not a normal form submission. One question on stackoverflow suggests using :condition on the remote form declaration to fire a javascript function, but I can't do that since I'm not using a function, but rather relying on a jQuery handler. I also tried putting ketchup within a submit event handler: $(document).ready(function() { $("#new_contact_form").submit(function() { $('#new_contact_form').ketchup(); }); }); No luck. Form still submits. I also tried using the beforeSend option of jQuery.ajax: $(document).ready(function() { jQuery.ajax( { beforeSend: function(){ $('#new_contact_form').ketchup(); } }); }); Validation fires off, but form is still submitted. I switched to jQuery Validation plugin just to see if it was due to some limitation in Ketchup. It turns out that Validation has a submitHandler option: $(document).ready(function() { $('#new_contact_form').validate({ submitHandler: function(form) { jQuery.ajax({ data:jQuery.param(jQuery('#new_contact_form').serializeArray()), dataType:'script', type:'post', url:'/request/contact' }); return false; } }); }); This works when I use a regular semantic_form_for instead of semantic_form_remote_for, but alas, I would rather use Ketchup. Is Ketchup just woefully lacking? Am I forced to use jQuery Validation?

    Read the article

  • JSF 2 - clearing component attributes on page load?

    - by jamiebarrow
    Hi, The real question: Is there a way to clear certain attributes for all components on an initial page load? Background info: In my application, I have a JSF 2.0 frontend layer that speaks to a service layer (the service layer is made up of Spring beans that get injected to the managed beans). The service layer does its own validation, and I do the same validation in the frontend layer using my own validator classes to try and avoid code duplication somehow. These validator classes aren't JSF validators, they're just POJOs. I'm only doing validation on an action, so in the action method, I perform validation, and only if it's valid do I call through to the service layer. When I do my validation, I set the styleClass and title on the UIComponents using reflection (so if the UIComponent has the setStyleClass(:String) or setTitle(:String) methods, then I use them). This works nicely, and on a validation error I see a nicely styled text box with a popup containing the error message if I hover over it. However, since the component is bound to a Session Scoped Managed Bean, it seems that these attributes stick. So if I navigate away and come back to the same page, the styleClass and title are still in the error state. Is there a way to clear the styleClass and title attributes on each initial page load? Thanks, James P.S. I'm using the action method to validate because of some issues I had before with JSF 1.2 and it's validation methods, but can't remember why... so that's why I'm using the action method to validate.

    Read the article

  • JQuery validation not working for checkbox group

    - by Chris Halcrow
    I'm having trouble getting JQuery validation to work with a set of checkboxes. I'm generating the checkboxes using an ASP.NET checkboxlist, and I've used JQuery to set the 'name' attribute to the same thing for each checkbox in the list. Here's the code that gets written to the browser. I'm setting the 'validate' attribute on the 1st checkbox to set the rule that at least one checkbox must be selected. The JQuery validation works for all other elements on the form, but not for the checkbox list. I'm also using a JQuery form wizard on the page which triggers validation for each 'page' of the form, so I don't have control over how the validation is called. <input id="ContentPlaceHolder1_MainContent_AreaOfInterest_0" class="ui-wizard-content ui-helper-reset ui-state-default" type="checkbox" value="Famine" name="hello[]" validate="required:true, minlength:1"> <label for="ContentPlaceHolder1_MainContent_AreaOfInterest_0">Famine</label> <br> <input id="ContentPlaceHolder1_MainContent_AreaOfInterest_1" class="ui-wizard-content ui-helper-reset ui-state-default" type="checkbox" value="Events Volunteer" name="hello[]"> <label for="ContentPlaceHolder1_MainContent_AreaOfInterest_1">Events Volunteer</label> Any ideas on what's going wrong? There are lots of examples of JQuery scripts that will do the validation, however I'm trying to avoid this as I'm generating the checkboxlist server side by a custom control so that it can be re-used across different pages that may or may not have JQuery enabled. I'm trying to enable the JQuery validation whilst being as unobtrusive as possible, so that pages will still work even if JQuery is disabled. Here are the relevant JQuery inclusions and JQuery initialisation script for the form wizard. I'm not using any initialisation code for JQuery validation: <script type="text/javascript" src="../js/formwizard/js/bbq.js"></script> <script type="text/javascript" src="../js/formwizard/js/jquery.form.js"></script> <script type="text/javascript" src="../js/formwizard/js/jquery.form.wizard.js"></script> <script type="text/javascript" src="../js/formwizard/js/jquery.validate.js"></script> <script type="text/javascript"> $(document).ready(function () { $("#form1").formwizard({ validationEnabled: true, focusFirstInput: true }); }); </script>

    Read the article

  • Guarding against CSRF Attacks in ASP.NET MVC2

    - by srkirkland
    Alongside XSS (Cross Site Scripting) and SQL Injection, Cross-site Request Forgery (CSRF) attacks represent the three most common and dangerous vulnerabilities to common web applications today. CSRF attacks are probably the least well known but they are relatively easy to exploit and extremely and increasingly dangerous. For more information on CSRF attacks, see these posts by Phil Haack and Steve Sanderson. The recognized solution for preventing CSRF attacks is to put a user-specific token as a hidden field inside your forms, then check that the right value was submitted. It's best to use a random value which you’ve stored in the visitor’s Session collection or into a Cookie (so an attacker can't guess the value). ASP.NET MVC to the rescue ASP.NET MVC provides an HTMLHelper called AntiForgeryToken(). When you call <%= Html.AntiForgeryToken() %> in a form on your page you will get a hidden input and a Cookie with a random string assigned. Next, on your target Action you need to include [ValidateAntiForgeryToken], which handles the verification that the correct token was supplied. Good, but we can do better Using the AntiForgeryToken is actually quite an elegant solution, but adding [ValidateAntiForgeryToken] on all of your POST methods is not very DRY, and worse can be easily forgotten. Let's see if we can make this easier on the program but moving from an "Opt-In" model of protection to an "Opt-Out" model. Using AntiForgeryToken by default In order to mandate the use of the AntiForgeryToken, we're going to create an ActionFilterAttribute which will do the anti-forgery validation on every POST request. First, we need to create a way to Opt-Out of this behavior, so let's create a quick action filter called BypassAntiForgeryToken: [AttributeUsage(AttributeTargets.Method, AllowMultiple=false)] public class BypassAntiForgeryTokenAttribute : ActionFilterAttribute { } Now we are ready to implement the main action filter which will force anti forgery validation on all post actions within any class it is defined on: [AttributeUsage(AttributeTargets.Class, AllowMultiple = false)] public class UseAntiForgeryTokenOnPostByDefault : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { if (ShouldValidateAntiForgeryTokenManually(filterContext)) { var authorizationContext = new AuthorizationContext(filterContext.Controller.ControllerContext);   //Use the authorization of the anti forgery token, //which can't be inhereted from because it is sealed new ValidateAntiForgeryTokenAttribute().OnAuthorization(authorizationContext); }   base.OnActionExecuting(filterContext); }   /// <summary> /// We should validate the anti forgery token manually if the following criteria are met: /// 1. The http method must be POST /// 2. There is not an existing [ValidateAntiForgeryToken] attribute on the action /// 3. There is no [BypassAntiForgeryToken] attribute on the action /// </summary> private static bool ShouldValidateAntiForgeryTokenManually(ActionExecutingContext filterContext) { var httpMethod = filterContext.HttpContext.Request.HttpMethod;   //1. The http method must be POST if (httpMethod != "POST") return false;   // 2. There is not an existing anti forgery token attribute on the action var antiForgeryAttributes = filterContext.ActionDescriptor.GetCustomAttributes(typeof(ValidateAntiForgeryTokenAttribute), false);   if (antiForgeryAttributes.Length > 0) return false;   // 3. There is no [BypassAntiForgeryToken] attribute on the action var ignoreAntiForgeryAttributes = filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassAntiForgeryTokenAttribute), false);   if (ignoreAntiForgeryAttributes.Length > 0) return false;   return true; } } The code above is pretty straight forward -- first we check to make sure this is a POST request, then we make sure there aren't any overriding *AntiForgeryTokenAttributes on the action being executed. If we have a candidate then we call the ValidateAntiForgeryTokenAttribute class directly and execute OnAuthorization() on the current authorization context. Now on our base controller, you could use this new attribute to start protecting your site from CSRF vulnerabilities. [UseAntiForgeryTokenOnPostByDefault] public class ApplicationController : System.Web.Mvc.Controller { }   //Then for all of your controllers public class HomeController : ApplicationController {} What we accomplished If your base controller has the new default anti-forgery token attribute on it, when you don't use <%= Html.AntiForgeryToken() %> in a form (or of course when an attacker doesn't supply one), the POST action will throw the descriptive error message "A required anti-forgery token was not supplied or was invalid". Attack foiled! In summary, I think having an anti-CSRF policy by default is an effective way to protect your websites, and it turns out it is pretty easy to accomplish as well. Enjoy!

    Read the article

  • Verification of requirements question

    - by user970696
    Doing a lot of reading about V&V, I would need to clarify the following. A lot of definitons (less formal ones found in books) define verification like that: Verification: The software should conform to its specification. But then they speak about requirement verification, design verification etc. If I say that these items are "software" in terms of applying the definitons, what should I checked them against, what specification should requirements, which is the basic information, conform to? And one more thing: shouldnt be requirements also validated? To make sure they meets the customer needs? All texts I have speak only about SW validation on the end of the dev.process..

    Read the article

  • ASP.NET MVC 2 JQuery POST not displaying the model state errors

    - by Oshan
    Hello, I have been using asp.net mvc for a bit (but I'm still a beginer). I want to have the ability to update two views as a result of a jquery postback. Basically I have a list and a details view. The details view is presented using a jquery popup (using jquery-UI popup). I only want to update the list if the details save is successful (i.e. there are no validation errors on the details view). However, if there are any validation errros in the details view, I want to update the details view so that the user sees the validation errors. so I thought in my controller, I return a JsonResult instead of a View. [HttpPost] public ActionResult SavePersonInfo(Person p) { if(ModelState.Valid) { return View("PersonList"); } return Json({Error = true, View = PartialView("PersonDetails", p)}); } As you can see if there are no errors I return the person list view, but if there are any validation errors, I have return the details view. The reason that I'm returning a JsonResult is I need to tell my view there is an error so that the view (jquery) knows which section to update (as in whether to update the person list 'div' or the popup dialog 'div'). So, in my view, the jquery is as follows (please assume that there is a form for entering in the person details and "SubmitPersonForm();" function is called upon clicking on the "Save" button): <script type="text/javascript> $('#btnSave').click(function (event) { onBegin(); $.ajax( { type: "POST", url: "/Person/Save", data: $('form').serialize(), success: function (result) { if(result.Error) { $('#dvDetails').html($(result).View)); } else { $('#dvPersonList').html($result); } } }); }); </script> So the problem that I have now, is that when there is a validation error, I do see the correct, 'div' being updated, but I lose the asp.net mvc validation messages. I do not see any validation errors in red, as if ASP.NET MVC is completely ignored them. However, my ModelState does have those errros, just not displayed in the details view. I do have valication summary and Html.ValidationFor(m = ...) statements put in my details view. Could someone tell me why I'm not seeing the validation errors? although I'm using a JSonResult, I do use the right property which is a valid view when I render the 'dvDetails'. Am I doing something that I'm not suppose to in asp.net mvc? Btw I'm using asp.net mvc2 RC with Visual Studio 2010 RC. Thank you.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37  | Next Page >