mere technology …its all just ones and zeros


Great article on Spring Security 2.0

Came across a really excellent article on the ACL (Access Control List) side of Spring Security. This covers Spring Security 2.0.x which is the project formerly known as Acegei. There isnt a lot of documentation around for the ACL side of Spring Security 2.0 and the whole area  in not easy to navigate without some sort of guide.

The chaps at Denksoft Blog really went the extra mile on this one.

Update: Found another useful discussion. There really isnt much out there documenting the nuances of this, so I reckon anything like this is gold for the intrepid developer


W3C friendly links with JSTL Core URL tag

The JSTL Core tag library offers a really useful url tag for generating URLs for html links from within JSP. This is particularly useful when there are one or request parameters that need to be carried along with the URI.  They can be specified like this:

<a href="<c:url value="/next.htm">
<c:param name="personId" value="${}"/>
<c:param name="preferredTitle" value="Mr"/>

In this example there are two request parameters. The first (personId) is resolved from an in scope variable, and the second (preferredTitle) is supplied directly to the tag. This would produce something like the following:

<a href="/next.htm?personId=5&preferredTitle=Mr" />

The problem
Whilst this may work in your browser, by default, (at least with JSTL 1.1) the URL produced does not validate with respect to the W3C standards. This is because the produced link contains an unescaped ampersand to separate the request parameters:


The problem of course is not so much the ampersand itself, as the fact that it has been left unescaped when the link was rendered.

One possible solution
... is to use the JSTL Core out tag when producing the href link like this:

<c:url var="nextLink" value="/next.htm">
<c:param name="personId" value="${}"/>
<c:param name="preferredTitle" value="Mr"/>

<a href="<c:out value="${nextLink}" escapeXml="true" />">

Adding the var attribute assigns the generated URL to the in scope variable nextLink. This allows the subsequent c:out to access the generated URL. Because c:out supports the escape of XML characters, the ampersand separating the request parameters is resolved to its escaped format &amp;

- which makes Mr W3C very happy indeed!

Tagged as: , , 2 Comments

Blueprint framework for CSS

Came across an interesting CSS framework recently.  Blueprint provides some standard stylesheets for addressing browser standardisation (ie IE taming), out of the box typology and a grid based layout model. There are some good tutorials around the place also, such as this one, which also give a quick overview of what this is all about.

There are some fairly obvious arguments for and against frameworks like this and depending on your level of expertise with CSS and front end web development in general would generally say a lot about where you likely fall on these issues. Generally, being a framework they provide you out of the box with a lot more styles than you are ever going to need on a site with a clear prior design. The counter argument is that few sites, particularly highly functional ones, have a clear concept design during the early stages.

There also comes the tendancy to 'pollute' markup with layout semantics as can be seen using Blueprint's span classes which directly imply layout semantics. The counter argument here seems to be that such frameworks are there to get one up an running quickly and easily, and that any final styes for the site would require distilling down the framework classses into semantically correct ones for that site.

Personally, I think that unless you are a specialist fontend developer Blueprint and others (like 960gs or Yahoo YUI Grids) are a useful addition to the toolbox, particularly when you really want to be spending your time on what it does, rather than how it looks

Filed under: Tools, Web Design No Comments