I would like to offer my help to improve the website performance. Do you
use the "standard" version of the wiki or should I checkout the code
from somewhere else?
Best Regards / Viele Grüße
First - The seam examples that are linked off of seamframwork.org's "See
Seam in Action..." section: where are they hosted? where can I find
more information on them (seam version?, persistence config? etc...)?
and how can we change/update them?
The main reason I ask is because it appears the DVD example is having
some sort of persistence config issue. Selecting "Start Shopping"
throws a JDBC error. A user reported it, but I thought I remember Pete
saying that those demos were a little out of date.
Second - The user wanted to send me an email because he thought he saw a
security issue (see below) where previous users information was
displayed in one of the text fields. I asked him to put a jira in and
that we would look into it. Does this sound familiar to anyone?
-------- Original Message --------
Subject: Re: Adam R. SeamFramework.org
Date: Mon, 25 Feb 2008 10:48:25 -0500
From: Jay Balunas <jbalunas(a)redhat.com>
To: A R <adamr_98(a)yahoo.com>
Thanks for providing this information - I will take a look at the example.
But - if you could enter a jira with this information (and any other
info about it) that would be great. That way this can be tracked and
When you say "other user sessions" do you mean other users that are
currently logged in, or a user that you had previously been logged in
as? If it is the latter - Does it appear that you are logged in as the
user now and can access things as that user?
A R wrote:
> Adam R. SeamFramework.org
> Hi Jay,
> The on-line dvd store demo has some database
> configuration issues.
> However, an apparent security related issue has been
> Nutshell description: The Username text input box in
> the Login panel displays information entered from
> other users’ sessions.
> I’ve been able to reproduce this observation on
> numerous attempts typically in less than five (5)
> minutes of “banging” on the application.
> At first I thought it was just browser caching and
> indeed anybody else will ignore it because they will
> see things like “User1”, “User2” etc. And make the
> assumption that it is the way the app is supposed to
> run because the instructions hint to that behavior.
> I am able to consistently duplicate a test that
> consists of visiting the site from a connection in San
> Jose California, and entering the Username “sanjose”.
> I’m then able to visit the site from a different
> connection, computer, and browser in Berkeley
> California and see “sanjose” in the Username field.
> I do not have a recipe for reproducing the result. My
> test consists of miscellaneous “banging” on the
> following few items (in no order):
> -Entering Username and then failing the app (Start
> -Many fast reloads (sometimes around 50).
> -Clicking on the Login and/or Create Account buttons.
> -Multiple tabbed sessions.
> My personal concern is that, the above
> misconfiguration is not the reason for the security
> violation. It is however exposing an unexpected
> failure mode that might otherwise be hidden. My
> recommendation is not to fix the configuration issues
> until this failure is understood.
> Let me know if I can provide any additional
documentation seems to have a little bug.
25.3.1. Boostrapping Hibernate in Seam
After answering a post where someone is asking "who uses seam in production"
it dawned on me that we need a page for people to highlight there own
projects and success stories with seam. The new website would be a great
place for it.
I'm pretty sure the guys from Big lots (JBW presenter) would be happy to get
a free plug to start things off.
Plus I'm sure others would also like to list projects. you know - short
description, tech used, deployments, etc...
What do you think add a "Seam in production" page with a example template at
the top and place for people to add their own?
It appears that it is not possible to edit forum posts. I agree that
it is a good idea for record purposes not be possible to go in and
edit any post ever made. However, I like the approach that dzone takes
here. As long as there are no replies to the post, it is possible to
edit that post. 99.9% of the time, you want to edit a post because you
clicked "Save" and then immediately realized something was wrong. This
gives you a grace period to fix it. A timeout would be an easier
Registered Linux User #231597
Mojavelinux.com: Open Source Advocacy
While I make a strong effort to keep up with my email on a daily basis,
life and work come first and, at times, keep me away from my mail for a
while. If you contact me and then don't hear back for more than a week,
it is very likely that I am excessively backlogged or the message was
caught in the filters. Please don't hesitate to resend a message if
you feel that it did not reach my attention.
Hi Eelco, Frank
Apologies for being slow in getting back in contact with you.
If you take a look at Seam trunk (we did an alpha release as Seam
2.1.0.A1) you can find my work on Seam-Wicket integration. I followed
a slightly different approach to both of you ;-)
1) I used Eelco's approach to support injection (my backend code
needs rewriting for this). The major issue I ran into here is that we
need to "disinject" Seam components after the request as Seam manages
their lifecycle, not Wicket. I currently don't have a good way of
doing this, and am using a proxy to do a lookup on each call to Seam
component (which is slow). I also corrected the logic so that it
followed Seam standards (Seam doesn't do injection based on type).
2) I created a base SeamWebPage class for users to extend. This
essentially sets up the Seam integration code, enables Seam Security,
enables conversation propagation etc. We can probably try to factor
out some this code into other integration points
3) Ported the booking example across to run on wicket rather than JSF
(see examples/wicket in Seam distro)
4) Wrote integration for model based validation
My future ideas
1) Improve integration code (including better way of doing injection)
2) Support outjection
3) Support annotations like @Begin, @End, @BeginTask, @EndTask,
@RaiseEvent inside Wicket components (if you are familiar with Seam
+JSF, this is what pages.xml does)
4) Finer grained Seam Security (currently @Restrict only works on the
5) Port another example
6) Support for "facesMessages" to transport messages from the
business layer to the view layer
My major obstacle is lack of interceptors in Wicket (it makes it hard
to hook into Wicket at the correct points) - any ideas? For example,
it would be good to do
public void onClick()
But actually @RaiseEvent could go on any method.