jakartaee / mvc Goto Github PK
View Code? Open in Web Editor NEWJakarta MVC Specification
Home Page: https://projects.eclipse.org/projects/ee4j.mvc
License: Eclipse Public License 2.0
Jakarta MVC Specification
Home Page: https://projects.eclipse.org/projects/ee4j.mvc
License: Eclipse Public License 2.0
14e2b27ee76cd8d0e2c8b506dd83deffff365187d76b909795cf530842853a67
Chapters
The copyright date still points to 2020. It has to be updated to 2022.
Issue by erdlet
Monday Sep 02, 2019 at 15:14 GMT
Originally opened as mvc-spec/mvc-spec#219
Hi all,
a few months ago, a feature to was added to Krazo which enables developers to override the HTTP method used in HTML forms by setting a hidden field that is evaluated while the request is processed. This way, developers can implement controllers which are using the full power of HTTP verbs what results in clearer and more understandable APIs.
Therefore I wanted to ask what you think about standardizing this functionality in the MVC API to ensure every person using an MVC implementation can profit from it. Also, this is something which nearly all MVC frameworks I know support (e.g. Spring MVC, Rails, Grails, Django) very successfully.
Issue by mvcbot
Tuesday Jan 13, 2015 at 18:01 GMT
Originally opened as mvc-spec/mvc-spec#35
Original issue MVC_SPEC-23 created by Santiago Pericas-Geertsen:
JAX-RS 2.1 is likely to support a redirect call (just like servlet). This issue is recorded to track if whatever support is added to JAX-RS is sufficient for MVC.
Issue by mvcbot
Monday Jan 05, 2015 at 18:23 GMT
Originally opened as mvc-spec/mvc-spec#25
Original issue MVC_SPEC-13 created by Santiago Pericas-Geertsen:
Consider adding support for a non-declarative API. This is currently not supported by JAX-RS, but may be useful for MVC.
If I mixed Jaxrs and MVC in the same application, I hope the application paths can be declared respectively and also allow apply different config(default media type, and external security config etc) on both application paths.
eg.
/api
for RESTful APIs.
application/json
/web
for MVC web pages.
text/html
Issue by mscharhag
Saturday May 26, 2018 at 15:08 GMT
Originally opened as mvc-spec/mvc-spec#161
Hello,
I am wondering why @MvcBinding
can only be used on fields, methods and parameters. (Probably because JAX-RS binding annotations can only be used on this types?)
Annotating all fields of a JAX-RS bean parameter with @MvcBinding
looks way more common to me than annotating some fields and some not. Wouldn't it be convenient if a class could be annotated with @MvcBinding
instead of annotating each field separately?
Maybe I am missing something here?
Issue by graemerocher
Wednesday Nov 14, 2018 at 14:01 GMT
Originally opened as mvc-spec/mvc-spec#206
Reading the spec, it seems that the pattern that is encouraged is this:
@Inject
private User user;
@GET
@Controller
public String hello(@QueryParam("name") String name) {
user.setName(name);
return "hello.jsp";
}
IMO this is a mistake looking to the future. There are several problems with this:
User user
using a field based approach onlyFields should be used for dependency injected components and not the model. It would be better written as:
@GET
@Controller
public String hello(@Model User user, @QueryParam("name") String name) {
user.setName(name);
return "hello.jsp";
}
This has the advantages:
This also aligns closer with how the most popular MVC (Spring MVC) works.
Relates to #16
27a09b18169e46571898375d2eb1d05000301828c5d16dfc5d56e882690d55ed
openjdk version "11.0.11" 2021-04-20
OpenJDK Runtime Environment AdoptOpenJDK-11.0.11+9 (build 11.0.11+9)
OpenJDK 64-Bit Server VM AdoptOpenJDK-11.0.11+9 (build 11.0.11+9, mixed mode)
Linux basic-7b0jn 5.12.7-300.fc34.x86_64 #1 SMP Wed May 26 12:58:58 UTC 2021 x86_64 GNU/Linux
It seems there is some error in the order of the Spec's chapters. Chapter 9 occurs after Appendix B. This is wrong and the order must be fixed.
Jakarta MVC 2.1 targets Jakarta EE 10, so we need to adapt the APIs we use.
Issue by chkal
Sunday Jul 08, 2018 at 08:41 GMT
Originally opened as mvc-spec/mvc-spec#173
I would be nice to have something like getJavaType()
on ParamError
. The actual type of the parameter on the Java side is very important, especially in the context of binding errors.
Actually this would be very easy to implement in Ozark for BindingError
. But adding support for ValidationError
would require quite some work. Therefore, I'm assigning this to "Future".
Since a while I ask myself, why the specification defines explicit CSRF protection as a default instead of the implicit one.
From a security point of view, IMO every web application should use CSRF protection by default, because nobody wants an per default enabled attack point. I think, the specification should help users to build secure web applications and let them think about what they are doing, in case they really want to disable this security feature.
Would be great to get an explanation for this design decision :)
27a09b18169e46571898375d2eb1d05000301828c5d16dfc5d56e882690d55ed
Issue by ngriffin7a
Thursday May 02, 2019 at 19:32 GMT
Originally opened as mvc-spec/mvc-spec#213
As discussed in a related Google Groups thread, I recommend that the org.eclipse.krazo.defaultViewFileExtension
feature be standardized as javax.mvc.engine.defaultViewFileExtension
.
I recognized that the specs are moving into the jakartaee GitHub orga. Think we shall do it too, @ivargrimstad?
Issue by mvcbot
Friday Aug 07, 2015 at 10:04 GMT
Originally opened as mvc-spec/mvc-spec#63
Original issue MVC_SPEC-51 created by beryozkin_sergey:
@Controller
@View("book.jsp")
public Book getBook() {}
{code}
I.e, if it is non-void, non-Viewable response with View then the response is treated as the content to be processed by the view engine.
The simplest and safe way to bind Book to HTTP request attribute is to assume a convention that a class name (Book.class.getName()) is used as a key.
Additionally (or alternatively) an extra optional attribute can be added to @View:
{code:java}
@Controller
@View(value="book.jsp", name="book")
public Book getBook() {}
{code}
Furthermore the above style can also support:
@Controller
@View("book.jsp")
@Produces({"application/xml", "application/json", "text/html"})
public Book getBook() {}
given that it is very typical in JAX-RS to have a single method with multiple Produces values.
I think this style is very important to support because it is more natural to write than having to use a @nAmed sync such as Greetings in the spec example or dealing with Models directly, in both cases the application directly having to be aware of the MVC semantics.
IMHO it is not difficult to support it at a spec level. It is also another good example why a strict CDI binding requirement may need to be relaxed and limited to a subset of styles.
Follow the conventions published by the Jakarta EE Platform project
https://github.com/eclipse-ee4j/jakartaee-platform/wiki/Modularized-Jars
Issue by mvcbot
Sunday Oct 25, 2015 at 19:01 GMT
Originally opened as mvc-spec/mvc-spec#70
Original issue MVC_SPEC-58 created by kito75:
It'd be nice to opt out of implicit CSRF protection, maybe with an annotation like @CsrfValidDisabled,
Is it possible to get the value of javax.ws.rs.core.UriInfo.getAbsolutePath()
of the current request in a view (e.g. a JSP page)? A typical use case would be to style a navigation link differently if the request URI matches the link URI.
It would be nice to be able to do something like this:
<nav>
<a class="${mvc.requestUri eq mvc.uri('MyController#home') ? 'active' : ''}" href="${mvc.uri('MyController#home')}">Home</a>
</nav>
14e2b27ee76cd8d0e2c8b506dd83deffff365187d76b909795cf530842853a67
14e2b27ee76cd8d0e2c8b506dd83deffff365187d76b909795cf530842853a67
I have a highly dynamic application which makes use of JAX-RS sub-resource locators. Unfortunately, those are not supported by default with MVC.
I could work around this limitation with a custom interceptor on my locator method (@ControllerLocator
) which intercepts the result of the method and decorates the sub-resource with an InterceptionFactory
to apply the interceptors needed for @Controller
to work. This workaround depends on vendor-specific (krazo) classes like AroundController
and ValidationInterceptorBinding
. If the interceptors had been bound to @Controller
(which could be turned into an InterceptorBinding
via BeforeBeanDiscovery.addQualifier()
) instead of specific annotations then it could have been implemented without relying on krazo classes.
971bb7886f9126b2adace32e30d9f71d71a79930eacd2bf6c68d010b803de6b1
Issue by mvcbot
Thursday Oct 16, 2014 at 17:01 GMT
Originally opened as mvc-spec/mvc-spec#16
Original issue MVC_SPEC-4 created by Santiago Pericas-Geertsen:
Data binding in MVC will likely take advantage of injection in general, and parameter in injection in particular. Will CDI.next be able to handle the kind of parameter injection that MVC needs?
Tasks to complete the MVC 2.0 release:
Prosed syntax:
<filename>::<elementId>
Example: Add a row to a table in the view
14e2b27ee76cd8d0e2c8b506dd83deffff365187d76b909795cf530842853a67
Since #72 it is possible to add a hidden form field to overwrite the form's HTTP method. The field's name is customizable, but unfortunately there is no easy access to get the name for e.g. adding it to the form field. So even if the field's name is declared in the Application#getProperties
Map as e. g. _hiddenMethod
instead of the default _method
, the API user needs to add _hiddenMethod
to each single hidden input field. This may lead to errors and less user experience.
To avoid the need for this copy-and-paste an additional method, which returns the field's name, in MvcContext
would be helpful, e.g. MvcContext#getFormMethodOverwriteParam
.
27a09b18169e46571898375d2eb1d05000301828c5d16dfc5d56e882690d55ed
I recognized that we're not specifying exception handling in MVC applications or, at least, how the existing approaches shall be used. In my opinion, we should add some section about how MVC implementations should handle the response from jakarta.ws.rs.ext.ExceptionMapper
implementations, because at the moment there is the need to use Krazo-specific API (Viewable
).
@Provider
@Priority(Interceptor.Priority.APPLICATION + 999)
public class GeneralExceptionMapper implements ExceptionMapper<Exception> {
@Override
public Response toResponse(final Exception exception) {
return Response.serverError().entity(new org.eclipse.krazo.engine.Viewable("serverError.jsp")).build();
}
}
I think the implementations should ensure, that we can return the same values as in @Controller
annotated resources, so we have a consistent and clear behavior. The example posted above would then look like this:
@Provider
@Priority(Interceptor.Priority.APPLICATION + 999)
public class GeneralExceptionMapper implements ExceptionMapper<Exception> {
@Override
public Response toResponse(final Exception exception) {
return Response.serverError().entity("serverError.jsp").build();
}
}
Please add your feedback or possible Jakarta REST limitations which I'm not aware of.
We would need to get GitHub pages set up and convert the source to be able to run here with the jekyll-jakartaee-theme
This will enable us to get the site published on https://mvc.jakarta.ee along with the other specs
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.