One of the attributes that attracted me to the Stripes MVC framework was its ease of use and short learning curve. The latest release of Stripes, version 1.5, preserves this nature by enhancing many of its existing features without requiring extra work or adding complexity. This article highlights the main enhancements in Stripes 1.5, including simplified configuration and added support for security and AJAX. The accompanying code download is a simple contact-manager application .war file that demonstrates some of these enhancements.

Let’s begin with Stripes 1.5’s simpler configuration.

Smaller Configuration Footprint
This version of Stripes has reduced what was already a small configuration footprint. Now you can configure most applications with only two initialization parameters and a couple of filter and servlet mappings. The ActionResolver.Packages and Extension.Packages replace the ActionResolver.UrlFilters and ActionResolver.PackageFilters parameters. The new Extension.Packages parameter lets you place references to any custom extensions in your application, including the ActionBeanContext, formatters, converters, and exception handlers. (See Listing 1 for a Web.xml configuration.)

Improved Type Conversion
Version 1.5 also improves on Stripes’ already strong type conversion capabilities. Now you can load formatters and type converters using autodiscovery, employing the Extensions.Packages mentioned above. Stripes’ default formatter now supports inheritance and interfaces, and the DateTypeConverter for converting Java dates into HTML and vice versa has been made more robust.

Introducing Clean URLS
The Stripes team has added features that help you create cleaner, more compact URLs. Clean URLs is an advanced binding format for ActionBeans that allows you to embed events and parameters into the URL in a more compact manner than the classic CGI parameter=value pattern.

The following example shows how you can annotate an ActionBean to bind one or more parameter values, as well as an event name, to an ActionBean:

@UrlBinding("/action/User/{$event}/{contact.id}")public class UserActionBean extends BaseActionBean {}

The UrlBinding annotation associates the “action/User” path with an event, {$event}, and the contact.id parameter. A valid URL might look like this: http://myhost/action/User/view/12122.

You can then output that parameter value into URLs in your JSPs using the Stripes link and URL tags. Upon return to the ActionBean, the event will be used to route the request to the proper ActionBean resolution in the controller, while all parameters will be validated?if needed?and bound to their associated properties in the ActionBean. The corresponding Stripes link tag for the above example would look like this:

${contact.lastName}, ${contact.firstName}

Added Security Features
One of Stripes’ strengths is its ability to map complex Java objects to parameters in the HTML view. However, if misused, this capability can risk unwanted manipulation of the values in the backend. Imagine a banking application, for example. You certainly want to show customer their balances, but want them to be able to manipulate these values only through very controlled processes such as verifiable deposits or transfers (i.e., not by pasting a new and higher value into their URL). The Stripes team has added the @StrictBinding annotation to let you restrict binding to only those properties that you want the end user to be able to change.

Stripes 1.5 also adds support for transparent encryption of variables, which makes URLs in your application less susceptible to manipulation. Just set your own encryption key in the web.xml file’s Stripes.EncryptionKey initialization parameter, and then mark up any parameters you want encrypted using the @Validate annotation in your ActionBean. Those parameters are encrypted and written into Stripes’ form, link, and URL tags for display. These values are then decrypted on the return trip to the ActionBean, validated, and finally, bound to their target properties?-all automatically.

The following is an example of encrypting an ActionBean property with the Validate annotation:

@ValidateNestedProperties({         @Validate(field="id", encrypted=true),     })     private Contact contact = new Contact();

You can create your own encryption key in the web.xml file as follows:

     StripesFilter     net.sourceforge.stripes.controller.StripesFilter                    ActionResolver.Packages          com.datarabia.example.stripes                    Extension.Packages          com.datarabia.example.stripes                    Stripes.EncryptionKey          1234567890     

Finally, the Stripes team has encrypted the _sourcePage parameter?the breadcrumb placed in all Stripes forms?which is used to return viewers to their previous views when errors occur. This is one more way that sensitive internal workings of a Stripes application can be abstracted.

New AJAX Support
In previous versions, Stripes included AJAX-friendly classes for transforming Java objects into JavaScript and streaming them to the browser. This version has added more support for AJAX-type implementations by adding a partial attribute in the Stripes form tag. Now you can include snippets of Stripes forms from other JSP pages in a larger form and refresh those areas with AJAX calls. With earlier versions, you had to use generic HTML controls to accomplish this task, sacrificing some of the power of the framework’s data binding and conversion.

The following example shows how to set partial forms to true to allow your form snippets to be nested inside another Stripes form tag:

partial="true">Address:
City:
State:
Zip:
Phone:

Upgrading from Earlier Stripes Versions
Stripes 1.5 is the first Stripes release that’s not completely backward compatible with earlier versions. Nevertheless, upgrading most Stripes applications to 1.5 is pretty easy:

1. Drop the new stripes.jar into your application’s lib directory.
2. Update the commons-logging.jar that ships with Stripes 1.5.

You may need to make some further changes as well:

• If you used ActionResolver.UrlFilters or ActionResolver.PackageFilters to pinpoint the location of the ActionBeans in your web.xml, you’ll need to update those settings to the ActionResolver.Packages.
• If you are using the commons-fileupload.jar, you should get the latest version at the Apache site.
• If you’re using any custom extensions in your application, make sure that you now initialize them with the Extension.Packages parameter.

These changes will bring most existing Stripes applications up to speed with version 1.5, but you should still check out the upgrading.txt file that ships with this release for a full list of incompatibilities.

In addition to the enhancements discussed in this article, the Stripes framework continues to benefit from superb documentation and an active and helpful developer community.