This document contains the release notes for the latest full release of Expresso 5.5. This release is a major release and represents nearly a year of feature updates and enhancements to the project. Since the initial release, several early access and release candidate releases have been put in production over the past year offering significant improvments to stability and performance.
This document will as brief you about new features available in Expresso 5.5. Use the Table of contents to jump to different versions of Expresso for examination. While it is unlikely that this is a complete document, the goal here is to get people up to date with how Expresso 5.5 has progressed.
For more information on the history of releases please see the Expresso History Releases documentation (releasehistory.html).
If you are already using Expresso in production, we highly recommend upgrading to the Expresso 5.5 release to correct a some security issues which have been fixed including:
sql injection bugs in adding and updating fixed: Non-text data typed fields where open to sql injection when adding or updating.
sql injection bugs in searching fixed: When building a where clause, the fields will now be validated against field masks with default masks being set according to the data type.
also bugs in SecuredDBObject fixed that were security problems
It has been approximately 10 months since the Expresso 5.05 release. Throughout the Expresso 5.x series, many bugs have been fixed and experimental features tested. Meanwhile, the core developers and major contributors to Expresso have been hard at work refactoring Expresso, preparing new APIs for review, and adding a host of other new features.
For the full details on the release changes please see the Change Log including API Changes, Schema Changes, New/Changed Features, Bugs Fixed, Performance Improvements, Miscellaneous Changes, and Package Changes.
Expresso is now up to date with Struts 1.1. Struts 1.1 brings a lot of new features which are now integrated with Expresso:
Better XML configuration
Plug-ins
Request Processor
Global Exceptions
Dynamic Form Beans and Dyna Beans
Struts Validation
Commons Beans Utils Introspection
Action Messages
Modules (or subapplications)
As well as the Struts Action and Action Form, among others.
LogManager has been updated to use only one file for configuration and provide runtime reconfiguration of the logging environment. To best use this, you need to add the context parameter logDir to your web.xml file. Also, check the default expressoLogging.xml file to see changes, most notably the use of ${expresso.logDir} to signify the new logging directory rather than the %LogDir% syntax. This is more compatible with traditional log4j configuration files. Be sure to check Chapter 4 in EDG titled " Configuration" for more information on how to work with the new LogManager
Now the process of running Junit is even easier then before, simple run the bat file runJunit.bat and Junit starts up with all of the correct parameter values; added target for running junit tests via Ant.
Kris Thompson was hard at work re-engineering the Login and Registration Controllers. They now can find each other via classhandlers, and the most notable difference is that the default login controller is now called SimpleLogin which is a concrete subclass of LoginController. This refactoring more easily allows you to customize Login and Registration workflows to better process your needs.
When DBMaint displays the Add or Update page, locations where user ids would normally be entered are now entered by login name. This only takes place in here and only affects code that depends on DefaultAutoElement. The key of it is the introduction of a new interface called Mappable [located in com.jcorporate.expresso.core.dataobjects] that marks an object as having one field map to one value. Now when rendering fields, if a lookup object implements mappable, then the default renderer looks to resolve the key to the friendly name. Similar to the concept behind valid values, but this uses single objects only, not dropdown boxes.
Included in the Expresso 5.5 release is the beginnings of a new API library to help reorganize and refactor Expresso as well as provide better management capabilities to the library.
A basic minimalistic API for the new DataObjects has been created and succesfully used in several areas of the Expresso framework. The goal here is to provide a unified API for all DBObject-like classes including ones that don't even rely on Databases as back ends.
This API has been used in the infamous DBMaint controller. Its interfaces have now been also used to create a new object called the JoinedDataObject. Read below for information on the JoinedDataObject. A documented introduction to the DataObject API is now located in the EDG chapter on DBObjects including UML diagrams and description locations.
The full use of the DataObject API has come to fruition in this class. It is basically a ground-up rewrite of MultiDBObject to allow XML-based definitions of database joins. By utilizing the DataObject API, it enables DBMaint to work with database joins across several tables. It also refactored MultiDBObject to be considerably faster and less memory intensive.
DBMaint can now handle uploading and downloading of BLOB data types. Because the MIME types cannot be determined normally the items are uploaded and downloaded with application/x-unknown unless you set the MIMETYPE attribute for the DBObject.
DBMaint now based upon DataObjects, Smarter with User object, can now update/view BLOB fields for database joins directly, new DBObject Metadata factory method, now properly supports nestable data objects when rendering BLOB view icons.
To cope with the deficiencies that BLOB dbmaint may have, there is a new DBObject called MediaDBObject located in com.jcorporate.expresso.services.dbobj. To utilize this class derive your object from this class, and where you need BLOB fields call addBlobField(). This will automatically create fields describing file size, file name, and file mime type. These values are automatically set when a file is uploaded to them via DBMaint.
To have a Controller response forwarded to an XML Stylesheet (XSL/XSLT) all you now need to do is add the path to the stylesheet in the ActionForward part of your struts-config.xml definitions. Expresso will send your stylesheet to the XMLViewHandler and automatically have the system process the result through your defined stylesheet.
Range modifiers. [eg: DBObject.setField("ExpUid","BETWEEN 500 AND 1000")] are now correctly processed, but more importantly, they are hand parsed to ensure protection against potential SQL injection attacks.
New Italian Translation, i18n at DBObject Metadata level, and ISO ValidValues. Peter Pilgrim was hard at work creating a version of ValidValues that allows for canonization, or resolving for various languages and locales. This allows for dynamic descriptions on ValidValues objects that are compatible with multiple languages.
Using %ANT_HOME%\bin\ant generatefromdb allows you to generate DBObjects from existing database tables without all the difficulties of including all the other jar files in the classpath.
You can now issue an update where only the changed fields have been updated. This allows for better compatibility with triggers, and better JDBC performance.
If you check out the eForum's build.xml, you'll see that it, in-turn can drive the expresso's build-xml to create a component built with expresso and all deployed and assembled into a single war file.
Many chapters have been fleshed out since Expresso 5.05 including updates on the DataObject API, updated configuration information, and a chapter describing the use of the Expresso tag libaries.
Emphasis has been placed on removing javadoc warnings and fleshing out the Javadocs that come with Expresso. Several classes now have examples in javadocs on how to use them.
Controller to show the updated Reporting API. Includes one sample report with Expresso.
Now have source-forge-like 'view notes' and Autodetection of DownloadFile MimeTypes.
Status page now has add link to cache management for each cached object in status report, using JSTL
There is an article on TheServerSide called "Getting The Most Out Of Expresso 5.0". It attempts to follow the scope of this article and describe what has happened since Expresso 4.0
Copyright � 2001-2004 Jcorporate Ltd. All rights reserved.