Acegi Security for Spring Framework

Acegi Security provides comprehensive security services for J2EE-based enterprise software applications. There is a particular emphasis on supporting projects built using The Spring Framework, which is the leading J2EE solution for enterprise software development. If you're not using Spring for developing enterprise applications, we warmly encourage you to take a closer look at it. Some familiarity with Spring - and in particular dependency injection principles - will help you get up to speed with Acegi Security more easily.

People use Acegi Security for many reasons, but most are drawn to the project after finding the security features of J2EE's Servlet Specification or EJB Specification lack the depth required for typical enterprise application scenarios. Whilst mentioning these standards, it's important to recognise that they are not portable at a WAR or EAR level. Therefore, if you switch server environments, it is typically a lot of work to reconfigure your application's security in the new target environment. Using Acegi Security overcomes these problems, and also brings you dozens of other useful, entirely customisable security features.

As you probably know, security comprises two major operations. The first is known as "authentication", which is the process of establishing a principal is who they claim to be. A "principal" generally means a user, device or some other system which can perform an action in your application. "Authorization" refers to the process of deciding whether a principal is allowed to perform an action in your application. To arrive at the point where an authorization decision is needed, the identity of the principal has already been established by the authentication process. These concepts are common, and not at all specific to Acegi Security.

At an authentication level, Acegi Security supports a wide range of authentication models. Most of these authentication models are either provided by third parties, or are developed by relevant standards bodies such as the Internet Engineering Task Force. In addition, Acegi Security provides its own set of authentication features. Specifically, Acegi Security currently supports authentication with all of these technologies:

• HTTP BASIC authentication headers (an IEFT RFC-based standard)

• HTTP Digest authentication headers (an IEFT RFC-based standard)

• HTTP X.509 client certificate exchange (an IEFT RFC-based standard)

• LDAP (a very common approach to cross-platform authentication needs, especially in large environments)

• Form-based authentication (for simple user interface needs)

• Computer Associates Siteminder

• JA-SIG Central Authentication Service (otherwise known as CAS, which is a popular open source single sign on system)

• Transparent authentication context propagation for Remote Method Invocation (RMI) and HttpInvoker (a Spring remoting protocol)

• Automatic "remember-me" authentication (so you can tick a box to avoid re-authentication for a predetermined period of time)

• Anonymous authentication (allowing every call to automatically assume a particular security identity)

• Run-as authentication (which is useful if one call should proceed with a different security identity)

• Java Authentication and Authorization Service (JAAS)

• Container integration with JBoss, Jetty, Resin and Tomcat (so you can still use Container Manager Authentication if desired)

• Your own authentication systems (see below)

Many independent software vendors (ISVs) adopt Acegi Security because of this rich choice of authentication models. Doing so allows them to quickly integrate their solutions with whatever their end clients need, without undertaking a lot of engineering or requiring the client to change their environment. If none of the above authentication mechanisms suit your needs, Acegi Security is an open platform and it is quite simple to write your own authentication mechanism. Many corporate users of Acegi Security need to integrate with "legacy" systems that don't follow any particular security standards, and Acegi Security is happy to "play nicely" with such systems.

Sometimes the mere process of authentication isn't enough. Sometimes you need to also differentiate security based on the way a principal is interacting with your application. For example, you might want to ensure requests only arrive over HTTPS, in order to protect passwords from eavesdropping or end users from man-in-the-middle attacks. Or, you might want to ensure that an actual human being is making the requests and not some robot or other automated process. This is especially helpful to protect password recovery processes from brute force attacks, or simply to make it harder for people to duplicate your application's key content. To help you achieve these goals, Acegi Security fully supports automatic "channel security", together with JCaptcha integration for human user detection.

Irrespective of how authentication was undertaken, Acegi Security provides a deep set of authorization capabilities. There are three main areas of interest in respect of authorization, these being authorizing web requests, authorizing methods can be invoked, and authorizing access to individual domain object instances. To help you understand the differences, consider the authorization capabilities found in the Servlet Specification web pattern security, EJB Container Managed Security and file system security respectively. Acegi Security provides deep capabilities in all of these important areas, which we'll explore later in this reference guide.

Source: Official Reference Guide

The Dojo 1.0 release will be available in October

PALO ALTO, Sep 17, 2007: The open source Dojo Toolkit is receiving a new grid widget thanks to the generous support and collaboration of the Dojo Community. The Dojo Grid is a key component for Ajax and web application developers because it is able to handle large amounts of information efficiently and intuitively. The companies in this relationship are making a financial and/or engineering contribution to improve and update the grid in time for the Dojo 1.0 release in October.

“We determined that Dojo needed a new grid widget and rather than starting from scratch, we approached the TurboAjax Group about making its feature-rich grid open source and part of the Dojo Toolkit,” said Dylan Schiemann, CEO of SitePen, Inc. "This grid benefits SitePen’s clients and is a great way to advance the Open Web."

TurboGrid is a high-performance grid widget that was originally created to work with the 0.4 version of the Dojo Toolkit. The grid is being updated to work with the latest Dojo features and will now be an official part of the Dojo Toolkit.

“We couldn’t be more thrilled about moving TurboGrid to the Dojo Foundation. This is a unique opportunity where a collection of companies have come together to open source a quality component that is the key to building data-rich applications,” said Scott Miles of the TurboAjax Group.

The Dojo Grid Widget features integration with Dojo’s flexible dojo.data infrastructure, which allows multiple widgets and visualization components to efficiently access large volumes of data. The donated grid supports advanced features such as virtual scrolling, row and column locking, complex cell and row formatting and custom cell editors. The Dojo Grid will also include full accessibility and internationalization support.

“We’re both users of the Dojo Toolkit and supporters of the Dojo Foundation. TurboGrid is a great opportunity for the community to work together in moving Dojo to the next level,” said Coach Wei, CTO and founder of Nexaweb. “Being a strong supporter as well as adopter of open source and open standards, Nexaweb is pleased to contribute to this effort in making Ajax development more efficient, structured, and maintainable for the web 2.0 community.”

“Mozilla and the Dojo Foundation share a commitment to advancing the Open Web,” said Mike Shaver, chief evangelist at the Mozilla Corporation. “We’re glad for the opportunity to join with other contributors to ensure that there are great tools for building accessible, robust applications for the web.”

“Redfin had been looking for a grid widget that worked with Dojo for the new version of our real estate web application,” said Sasha Aickin, engineering manager, Redfin. “The opportunity to contribute to an effort and share development risk across the community is a key benefit of building our application with open source technology including the Dojo Toolkit.”

“This new Grid, coupled with the underlying dojo.data AJAX infrastructure enables an entirely new class of Rich Information Applications,” said Chris Marino, CEO of SnapLogic. “Our users are looking for ways to build applications on top of their SnapLogic data services that can more easily access and present their data, and Dojo 1.0 is a giant step forward.”

“This is excellent code and an amazing show of generosity from the organizations who made it happen,” said Alex Russell, President of the Dojo Foundation. “This is the most capable Open Source web-based grid component available anywhere, and it will form the backbone of applications for years to come. We couldn’t be happier that this donation is happening in time to include the Grid in Dojo’s upcoming 1.0 release.”

The Dojo Grid will be available in October.

CMP-EJB vs. Hibernate

The J2EE field is agog with excitement about a very popular Open Source technology - Hibernate. This technology being elevated to the status of JCP standard. Feedback from J2EE programmers in industry says that knowledge of Hibernate is mandatory for all J2EE aspirants.

Hibernate is an ORM Object-Relational-Mapping technology. It is an Open-Source and free technology, developed in SourceForge. net. There have been a number of such ORM technologies,in recent past. . TopLink is one such tool, subsequently adopted by Oracle and so proprietary. Hibernate from SourceForge and OJB(Object-Relational-Bridge) from Apache are two well known ORM tools, open-source and free. JDO, also falls within the same category.

Gavin King is the lead for Hibernate and Craig Russell & David Jordan, the lead authors for SUN-sponsored JDO effort. Due to some technical problems, it appears that the majority in JCP favours Hibernate today instead of JDO. At first reading though, the difference is not, all that apparent. The syntax and the approach appear to be almost same, but Hibernate syntax is easier to learn.  

It is interesting to note that Craig Russell works for SUN and Gavin King is now with JBoss. It shows that JCP is a democratic community and SUN is not dictating terms except to protect the language and its enterprise-level users.

EJB-3, is the latest version and it is heavily influenced by Hibernate. Some readers equate EJB-3 with Hibernate. Oracle supports EJB-3 proposals and as it is the main Database company in j2ee world, EJB-3 has bright future. J2EE by its very name is an Enterprise level technology, and as EJB is the essence of such Enterprise applications, because of the built-in container services offered, the significance of the surging interest in Hibernate can be really appreciated only in association with EJB and hence a detour into EJB is inevitable.

EJB has three types. One type is the SESSION BEAN, residing in ENTERPRISE container, which can be thought of as a function-bean, invoked in RMI-IIOP style. Such session-bean, may be either stateless or stateful. The stateless bean working in Enterprise container has an exact counter-part in Microsoft COM+(MTS), but the other types are said to be available in MS platform only through third-party extensions.

ORM tools have been sometimes used along with Session beans. The only problem till recently was that they were proprietory and rather costly. But nowadays, very reliable open-source ORM tools are available, and even Richard Monson Haefel approves this method as a safe and productive alternative to Entity beans.

The other branch, the ENTITY BEAN has been less lucky. EJB-1. 1, EJB-2. 0 and then EJB-2. 1, have meant a number of changes in the specification relating to Entity Beans.
We can say that an Entity bean is an 'Attribute bean' or 'property-bean', with setter and getter methods, invoked in RMI-IIOP style and persisted in Enterprise container. The pattern of defining a typical Javabean is a recurring theme in Java. The same style occurs in BDK, EJB-Entity beans, Struts, JSF and now in Hibernate too. So, it is very important and elegant.

The third branch is Messaging paradigm and MDB. An Enterprise by its very name implies huge number of customers and concurrent transactions, RPC style being like telephone call, could result in 'line-engaged!' problem. If the call involves the called person referring to some records before replying, it leads to line- blocking. But, messaging style, as in email, atleast ensures that the message has been sent. It is evident that dubbing RPC( read 'telephone') as unsuitable, is over-statement. Sometimes, we desire immediate response,too. By the same token, even XML webservice, if it is really serious, should adopt messaging style and it does. MDB (Message-Driven bean) has weathered the storm and is in fact gaining more and more acceptance.

So, why is it that Entity beans alone were found wanting and the specification keeps on changing?
Entity beans are of two types. CMP & BMP.
CMP stands for Container-Managed Persistence and BMP stands for Bean-managed persistence. Theoretically, the EJB specification does not say anything about the method to be adopted in persisting objects for permanent storage and retrieval. It could be simple object serialization. The database may be object-database or Object-relational database or XML. In practice, however, a database has always meant a Relational Database and its SQL.

In CMP, the coder deals with objects, only in memory. He creates new objects, modifies them, deletes them and views them, all in memory. The task of saving these objects in memory ,to the relational database table is done by the container, automatically. The coder does not write any sql-related code for this.

In BMP, the coder has to write the sql to persist the object in memory to the relational database.

CMP in EJB1. 1 was suitable for simple tables, without complex relationships to other tables. CMP avoids all references to the underlying database. So, it is more portable. There is no vendor-lock-in. CMP can persist data to Object- databases also, besides Relational databases.

But, CMP is not always suitable. If the database is some legacy type, which cannot be used with SQL, the database company gives a proprietory code for persistence and such code has to be used in our program to persist data. The facilities given in CMP originally were found to be too elementary and there were complaints.

But, what matters is that CMP makes use of ORM concepts, though the implementation left much to be desired. It did not expose how the EJB vendor implements it. Weblogic, Oracle, IBM WebSphere, SUN , JBoss, each may implement CMP in any way that they deem fit. Except in special circumstances, it will be better to use CMP, not merely because, it makes the code more portable & is easy to write. Much more important reason is that the EJB container can optimize the performace dramatically, if we adopt CMP. So the developer community wanted to adopt CMP but found it unsuitable for really complex jobs.

Even with all these improvements, CMP was found to be less than the ultimate solution. There was no spossibility for Inheritance.  

Though the container services provided by the EJB container are indispensable in a truly large enterprise application, the J2EE camp is almost vertically split into WebTier & EJB-Tier votaries. The WebTier supporters claim that EJB with its steep learning curve and error prone development environment for developers is not really necessary for most applications. And they would like to have an ORM tool, built into the J2EE specification. For afterall, ORM task is not specific to EJB alone. Even Servlets and JSP could use them. In fact, they have been using them, though the J2EE specification was silent about it. ORM tools like OJB, JDO and Hibernate can be used not only in EJB containers but in webcontainer and even in standalone containers. Gavin King makes it a special point in favour of Hibernate. Making such a tool, a J2EE standard, would make development tasks far easier ,to develop either web-tier application or ejb-tier application. saving us from the medley of classpath to required jars.

In a scathing attack on the complexity and questionable performance of EJB Entity beans, Rod Johnson, prophesies, that in a few years time, J2EE will cease to include EJB. Whether, we agree or not, it is worth looking into the criticisms against EJB Entity beans, raised by him. ( 'J2EE Development without EJB' - Wrox/Wiley/DreamTech-2004). For, he is proposing the Spring Framework as an alternative to EJB container and the idea is gaining ground. J2EE developers and students may have to re-orient themselves rather abruptly, to remain relevant to industry.

Source: in.geocities.com/rsramsam

What is Java technology?

Java technology is both a high-level, object-oriented programming language and a platform. Java technology is based on the concept of a single Java Virtual Machine (JVM) -- a translator between the language and the underlying software and hardware. All implementations of the programming language must emulate the JVM, enabling Java programs to run on any system that has a version of the JVM.

The Java programming language is unusual because Java programs are both compiled (translated into an intermediate language called Java bytecode) and interpreted (bytecode parsed and run by the JVM). Compilation occurs once, and interpretation happens each time the program runs. Compiled bytecode is a form of optimized machine code for the JVM; the interpreter is an implementation of the JVM.

The Java platform is a software-only platform that runs on top of various hardware-based platforms. It comes in three versions. It consists of the JVM and the Java Application Programming Interface (API), a large collection of ready-made software components (classes) that ease the development and deployment of applets and applications, including robust, secure, and interoperable enterprise applications. It spans everything from basic objects to networking and security and XML generation and Web services. The Java API is grouped into libraries of related classes and interfaces; the libraries are known as packages.

Along with the Java API, every full implementation of the Java platform includes:

• Development tools for compiling, running, monitoring, debugging, and documenting applications.
• Standard mechanisms for deploying applications to users.
• User interface toolkits that make it possible to create sophisticated graphical user interfaces (GUIs).
• Integration libraries that enable database access and manipulation of remote objects.

Java technology was developed by Sun Microsystems. The Java Community Process (JCP), an open organization of international Java developers and licensees, develops and revises Java technology specifications, reference implementations, and technology compatibility kits. In 2007, Sun made the bulk of its core Java technology available as open-source software under the GNU general public license version 2 (GPLv2).

The main benefit of the Java language is the portability of Java applications across hardware platforms and operating systems -- possible because the JVM installed on each platform understands the same bytecode.

The Java language and platform are impressively scalable. At the low end, existing applications can easily be adapted for devices with limited-memory resources. Scaling up, the language is an ideal framework for server-side Web programming. Because it was designed to run in a secure manner over networks, it affords this level of security when operating over the Internet. In essence, Java technology extends a user's computing power from the desktop to the resources of the Web. Web components are supported by runtime platforms called Web containers, whose services include request dispatching, security, concurrency, life-cycle management, and access to APIs such as naming, transactions, and e-mail. At the high end, Java application servers serve as Web containers for Java components, XML, and Web services that can interact with databases and provide dynamic Web content; they also provide an application-deployment environment for enterprise applications, with capabilities for transaction management, security, clustering, performance, availability, connectivity, and scalability.

The Java language was one of the first technologies to support open standards in the enterprise, opening the door to using XML and Web services to help share information and applications across business lines.

Multiple editions of the Java platform

Three editions of the Java platform make it easier for software developers, service providers, and device manufacturers to target specific markets:

• Java SE (Java Platform, Standard Edition). Formerly called J2SE, Java SE lets you develop and deploy Java applications on desktops and servers, as well as embedded and real-time environments. Java SE includes classes that support the development of Java Web services and provides the foundation for Java Platform, Enterprise Edition (Java EE). Java SE 6 ("Mustang") is the current major release of the Java SE platform. Many Java developers use Java SE 5, also known as Java 5.0 or "Tiger."
  
• Java EE (Java Platform, Enterprise Edition). Formerly called J2EE, the enterprise version assists in the development and deployment of portable, robust, scalable, and secure server-side Java applications. Building on the foundation of Java SE, Java EE provides Web services, component-model, management, and communications APIs for implementing enterprise class SOA and Web 2.0 applications.
  
• Java ME (Java Platform, Micro Edition). Formerly called J2ME, Java ME provides a robust, flexible environment for applications running on a broad range of mobile and embedded devices, such as mobile phones, PDAs, TV set-top boxes, and printers. The Java ME platform includes flexible user interfaces, a robust security model, a broad range of built-in network protocols, and extensive support for networked and offline applications that can be downloaded dynamically. Applications based on Java ME specifications are written once for a wide range of devices yet exploit each device's native capabilities.

DBMS_METADATA Package in Oracle

All SQL statements are devided into two main categories:
DDL - data definition language;
DML - data manipulation languauge.
DML is used to change the data in the database tables. Instructions of DML are well-known for everyone: insert, update, delete. In order to save changes to database (so, the other users will see them), you need to execute commit operator. To discard all of your changes you have to execute rollback operator.
All database objects (triggers, tables, indices, etc.) have their definitions. DDL-expressions (metadata) of these objects can be extracted from the database schema. DDL-expressions will help you during database analysis and optimization.
This article will teach you, how objects’ definitions can be extracted from the Oracle database instance.

Previous versions of Oracle provide no specialized ways for DDL extraction. The only way is to execute some SQL-statements or simply export database schema and parse it. These methods have both limitations and disadvantages.
Oracle 9i (and higher) brings us a powerful package - DBMS_METADATA. Functions from DBMS_METADATA package provide an easy way to get objects’ definitions either in XML representation or in DDL one.
The main function you are going to use is get_ddl. There are two ways of calling it:

• with two parameters - object’s type and object’s name;
• with three parameters - object’s type, object’s name and schema’s name.

For example, in order to get metadata for TRIGGER1 trigger form schema SCHEMA1 you have to use this call:

select dbms_metadata.get_ddl('TRIGGER','TRIGGER1', 'SCHEMA1') from dual.

While working with your own schema, you can ommit the third parameter. The valid objects’ types are PROCEDURE, TABLE, CONSTRAINT, INDEX, etc.
You might have noticed the dual table in the SQL statement. This is auxiliary Oracle’s table. It consists of one column (name - “DUMMY”) and one record (value - “X”). Try to execute

select * from dual

and you will see it.
The owner of “dual” table is SYS, but every user of database can use it. While trying to execute valid SQL statement over the “dual” table we will get no more then one record in the result set (just believe me :)). Of course, you can modify the definition of “dual” table but I strongly recommend you not to do so.
Sometimes you will not be informed about the objects’ names. In order to get objects’ names for the current schema you can execute this sort of statement:

select * from USER_TABLES;
select * from USER_TAB_COLUMNS;
select * from USER_INDEXES;

and so on.
So, we did it. From now you can use metadata where ever you wish.
Best regards.

Familiarity with Stripes

Taken from the official site Stipes.

---

Stripes is a presentation framework for building web applications using the latest Java technologies. The main driver behind Stripes is that web application development in Java is just too much work! It seems like every existing framework requires gobs of configuration. Struts is pretty feature-light and has some serious architectural issues. Others, like WebWork 2 and Spring-MVC are much better, but still require a lot of configuration, and seem to require you to learn a whole new language just to get started.

Stripes was born out of ongoing frustration with the lack of a high quality, easy to use web framework. Sure, Struts has its good points, but there are a lot of small things that really add up. A lot of small things that you learn to work around, and live with, without realizing how unproductive it's making you.

Up until recently it would have been difficult to create a framework that was better-enough to warrant competing with Struts. And with JSF on the horizon (perpetually?), and other web frameworks in play (WebWork, Tapestry, Wicket) some might question the rationale behind yet another framework. But with Java 1.5 and Servlet 2.4 I think the time has come. The rationale is plain and simple - I wanted a web framework that made it easy, no, fun, to write web applications in Java. The best way to demonstrate is perhaps by a comparison with Struts.

Number of artifacts

One of prime frustrations with Struts is the fact that just to implement a single page/form, I have to write or edit so many files. And I have to keep them in sync, or else things start going horribly wrong. With Struts I have to write JSP, Action, Form, a form-bean stanza in the struts-config.xml, an action stanza in the struts-config.xml, and if I'm going to do it the Struts way, a bunch of forward stanzas. And let's not go into the fact that since this is all stored in one xml file I'm continually facing merge conflicts with team mates. Yes, there are annotations for Struts, but they are just literal translations of what's in the XML file, and they don't feel natural to me.

Compare this with Stripes. I write JSP. I write ActionBean and annotate it with a @UrlBinding to specify the URL it should respond to, and one or more @HandlesEvent annotations to map events to methods. I'm done. All the information about the form and the action is in the same place.

Incremental development

Write a JSP with a Struts <html:form> tag on it and try to preview it in your container before you write your form-bean. Boom! You can't. Exception! Could not find form bean! Now write your form bean. Wait - that's still not good enough. Since everything is hooked together through the action stanza in the XML you better have an action, and edit that too.

Maybe it's just me, but I like to be able to write JSP, see if it looks ok, then go and write the back end components to go with it. It's not brain surgery, and Stripes lets you do it.

Property binding

Struts lets you use nested properties, and that's great. But say you have a property on your Form 'person.address.line1'. Struts will try and set it for you, but if person or address is null, you'll be very sad indeed. So you have to pre-instantiate any objects on which you want to use nested properties. This just seems like too much work.

Stripes will instantiate just about anything for you. Just so long as 'person' and 'address' have no-arg constructors Stripes will build them, join them together, set them on your ActionBean and then set the 'line1' property. It'll even instantiate implementations for any of the Collections interfaces, which leads us to...

Indexed Properties

The JavaBean specification is great for the most part, but it is clearly a child of the Java GUI side of the house. Struts' implementation of indexed properties matches the JavaBean specification. But in a disconnected web model, your Action won't know (and shouldn't have to know) how many indexed properties are coming back. To make it work you end up coding "smart" indexed getter and setter methods that extend lists and insert objects just to keep Struts happy.

Stripes does it all for you. You provide a getter and setter that use a List or Map type, using generics to inform Stripes what type of thing should be in the List or Map. Stripes will instantiate the List or Map for you if necessary, extend it when needed, manufacture new objects and put them in the list and, you know, set properties of objects in the list.

Validation

Other frameworks take shots at Struts for Validation. It's just fundamentally in the wrong place. Forget that the Struts Validator requires yet another XML file with yet more information about your Form that has to be kept in sync. Validation in Struts is divorced from Type Conversion. This is just plain wrong. Why validate that something is a well formed date, then spend a whole bunch more effort converting it to one? Well Struts almost does that. It expends a lot of effort validating it, tosses it all away and then performs some pretty weak type conversion. It's inefficient, and a pain to use. Which is why most of the Struts projects I've seen steer clear of Struts Validator.

In Stripes validation is tied closely to type conversion. A number of commonly used validations can be applied pre-conversion using a simple annotation. This includes things like required field checks, length checks, regex checking etc. Then type conversion happens, or tries to. If it fails, type converters produce validation errors that can be displayed to the user. So you can put your effort into creating good type converters (if the built in ones don't cover your needs) and be done.

Null mean Null (or does it)

Ask yourself this. You have an int property in your form bean and the user doesn't enter a value in a text box. What should your property be set to? Zero sounds like a sensible default right? Now, what if you have an Integer property? If the user doesn't submit anything I'd say that means null wouldn't you? Apparently Struts thinks it means zero again. And if there are validation errors, the form will even repopulate with the value zero! The only way to get around this is to declare your number properties as Strings and do your own conversion (which is a lot of effort if your dealing with multiple Locales).

Stripes takes the position that the HTML specification is a little inconsistent, and does what it can to make it more consistent for application developers. As a result, empty strings are treated the same as if the field didn't get submitted. The user didn't enter a value, so why should your ActionBean receive one and have to figure out what it means?

Formatting

The Struts FAQ says this (among other things) in answer to why the Struts tags provide so little formatting:

Great. JSTL doesn't have form tags, so while JSTL is great, it doesn't really help here. JSF and Struts don't mix so well even now, and that's a reason to leave people without formatting for years? And the last is just a cop-out. I want to be able to format data in the right way for each page. And it needs to be localizable etc.

Stripes provides high quality formatting support using the same java.text APIs that the JSTL formatting is built on. It's as similar to JSTL formatting as it can be, while being constrained to living on form tags (i.e. we can't have a separate tag for formatting a date vs. a number and so on).

Multi-Event Actions

If you want to have a form that submits multiple different events in Struts you have to either extend the DispatchAction or write your own support for it. And since the DispatchAction requires all buttons to have the same name, and uses the value to determine the method to invoke, it's a huge pain if you're using localized or even just externalized values for your buttons.

Stripes uses the name of the button itself, and has built in support for multi-event Actions. You can localize to your heart's content, and Stripes will detect which button was pressed and invoke the right method for you.

JSP / View Helpers

Struts doesn't really provide a good pattern for providing dynamic data to JSPs that are not the result of another Action. This leaves you with the options of writing a pre-action for the page or doing something outside of Struts. Then, what if another Action wants to forward to your page after it's completed processing. Do you chain the actions? Do you make the second action meet the dependencies of the page also?

Stripes has a neat way of handling this. A custom tag allows the use of ActionBeans as view helpers. It works similarly to the jsp:useBean tag in that if the ActionBean already exists it just gives you a reference to it. If it doesn't exist, the tag will bring it into existence, bind data out of the request on to it, and get it ready for use.

"HTML" Tags

Maybe it's just me who could never get used to it, but why do the Struts form input tags use 'property' instead of 'name'? And why is it 'styleClass' instead of 'class'? It also makes it hard to change a tag back and forth from a plain HTML tag to a Struts tag.

Stripes takes pains to make all the form input tags as close to (if not identical to) their HTML counterparts as possible.

---

Who had experience with Stripes? Does it make sense to use it? Your comments are welcome.

Technorati Tags: Java, Overview, Frameworks, Stripes, Struts, Spring