Sunday, April 24, 2011

Proxy Error (502) caused by Tomcat Http Proxy Setting When Using Struts2

In Tomcat (my version is 5.5 +), the default http port is 8080. In your server.xml connector setting, you may have the following line:

The default Catalina connetor setting for HTTP proxy is pointing to port 80.
By doing so, the HttpRequest Object resides in your session will contain two port values:
  • port=8080
  • proxy port = 80
. This may cause problem when Struts2 is in use. If you use Struts2 UrlHelper to generate the current request URL (which you may save the url as last saved location) the url generated will not contain the 8080 port because proxy port is 80 and Struts use the HttpServletRequest.getServerPort() method to get the request port. So if your url was
http://mydomain.com:8080/some.action
The generated url is actually
http://mydomain.com/some.action
If you didn't setup your web server right or you don't have one, the request is going to failed for a 502 (bad gateway) error.
So double check your sever.xml connector setting in Tomcat if you are getting a 502 error.
The simple solution here is to change proxyPort to 8080 (same as your application port).


Monday, April 18, 2011

Spring Parent Class Member Not Injected When Loading Child Class

If Class B extends Class A where B calls a method in parent A that will access propertyOfA, the assumption is that when B is loaded all property of parent A will be injected automatically because B extends A.
However, that' s not the case.  If you do not inject A's property in child class B, they will not be injected and you will get NullPointerException...
Thus, you should always inject parent's member if you are going to access them either directly or indirectly.... that sounds awkward.  Am I missing something here?
[July 27, 2011 Thanks to Luca for the correction] 
In fact, in order to have the inheritance happen in Spring bean declaration, you must explicitly declare the parent class in the bean definition.

Example: Class B extends Class A, in order to access A's property, B must inject in its definition as well.

// Parent Class
public class ClazzA {
  private Clazz propertyOfA;

  protected void methodOfA(){
    propertyOfA.invokeSomething();
  }
  public Clazz getPropertyOfA(){
    return this.propertyOfA;
  }
  public void setPropertyOfA(Clazz propertyOfA){
    this.propertyOfA = propertyOfA;
}

// ClazzB is sub-class of ClazzA
public class ClazzB extends ClazzA{
  protected void methodOfB(){
    methodOfA();
  }
}

// Member property type for ClazzA
public class Clazz{
  public void invokeSomething(){
    System.out.println("Invoke Clazz to do something!");
  }
}


In order for B to access parent A's property, B must declare parent="classA" in its definition.


 




Note that:

This line must be injected.

Please correct me if I'm missing something basic. It seems strange that Spring does not automatically inject parent's properties....

Thursday, April 7, 2011

Modify iFrame Content Using JavaScript - Not Possible

It is not possible to modify the data loaded using iFrame. This is a security protection mechanism that disallow the user to do cross site scripting (XSS).
Imagine that if you are able to load a bank login page and then alter the form action to point to your own server? You cannot do that.
I saw some comments online said that it is possible to alter the content loaded by iFrame from the same domain. I tried today and it's not possible neither. Maybe someone can correct me and show me how.

What I did is I added a button to show the iFrame's innerHTML when clicked using jQuery. The theory is if I can retrieve the content of the iframe, I will be able to modify the content shown to the user.

<script language="JavaScript" type="text/javascript">
  $(document).ready(function(){ 
    $("#btn_show").click(function(event){
      event.preventDefault();
      alert($("#iframe_window")[0].innerHTML);
    });
  });
</script>
<input type="button" id="btn_show" value="show me"/>
<div class="ContentDetail" id="biIFrame" style="float: left; width: 100%;">
<iframe src="EXTERNAL_URL" height="800" id="iframe_window" width="100%">
  Content before loading the iframe
</iframe>
</div>

After the iFrame is completely loaded, I clicked the "show me" link and the alert box shows "Content before loading the iframe". Doesn't matter the 'EXTERNAL_URL' is from same domain or not, the iframe content retrieved by javascript is always the initial value. This demo shows that javascript engine is preventing user modifying the iFrame content. Sorry guys, it is just not safe to allow it.