Re: Security guideline

Very good. Cheers, Paul On Sat, Jun 18, 2016 at 1:25 AM, Lukasz Lenart wrote: > Hello > > Please take a look on this, we are constantly updating it based on > reported vulnerabilities. > http://struts.apache.org/docs/security.html > > > Regards > -- > Łukasz > + 48 606

Re: how to use ejb 3.1/3.2 in struts2?

Are you using an EE 7 server? I believe 7 integrates CDI and EJB so you can @Inject your remote bean interfaces. This may also be available in 6, but you'd have to research that. PS: @EJB is a specialized injection annotation that only deals with EJB. Obviously, but just wanted to point that out.

Re: Data Transfer Between Android and MySQL

Android is a remote client, and a web service is the common solution to transfer data back to the host. You are free to use whatever technology you want to implement the web service. You have (1) message standard and (2) technology standard to consider. The first are things like XML, SOAP, JSON,

Re: Remove Me

Fernando, removing is a self-service. Please see this: https://struts.apache.org/mail.html Cheers, Paul On Tue, Oct 13, 2015 at 10:15 AM, Fernando FLORES CORCOBA < fef.flo...@gmail.com> wrote: > Remove me from this list. > Thank you. > -- > > -- > *visite

Re: Struts1 Struts2 implementation

Do you have different extensions? For example, *.do goes to S1 and *.action goes to S2. Cheers, Paul On Mon, Feb 23, 2015 at 10:48 AM, Lilylove toshop lilylove2s...@yahoo.com.invalid wrote: Dear All, I want to use Strut1 Struts2 in my coexist application. I have both the

Re: Can't find utils.js

Okay. This means the two (no action extension and plugin script resources) are mutually incompatible at this time. I look forward to 2.5 to fixing this. Cheers, Paul On Thu, Nov 13, 2014 at 2:04 AM, Lukasz Lenart lukaszlen...@apache.org wrote: 2014-11-13 7:44 GMT+01:00 Paul Benedict pbened

Can't find utils.js

Using s:head outputs a link to utils.js: script src=/mycontext/struts/utils.js.../script But the file can't be found. FYI, I have no action extension and the filter processes /* Any idea why the file can't be found? Cheers, Paul

Re: Can't find utils.js

a comma. However, this doesn't satisfy me as it's clearly a hack :-) but at least it works. Cheers, Paul On Wed, Nov 12, 2014 at 2:45 PM, Paul Benedict pbened...@apache.org wrote: Using s:head outputs a link to utils.js: script src=/mycontext/struts/utils.js.../script But the file can't be found

Re: Can't find utils.js

FYI, I created an issue to track this: https://issues.apache.org/jira/browse/WW-4418 Cheers, Paul On Wed, Nov 12, 2014 at 3:27 PM, Paul Benedict pbened...@apache.org wrote: Okay, I solved it. I found a solution in the wee bottom of this page: http://stackoverflow.com/questions/12607075

Re: Can't find utils.js

Yes... but now it's , Cheers, Paul On Thu, Nov 13, 2014 at 12:40 AM, Lukasz Lenart lukaszlen...@apache.org wrote: 2014-11-12 21:45 GMT+01:00 Paul Benedict pbened...@apache.org: Using s:head outputs a link to utils.js: script src=/mycontext/struts/utils.js.../script But the file

Anyway to map properties to different request names?

Let's say I have a getter/setter for field personId. That means in my markup, I need to have a field named personId too. However, I am not really found of bleeding Java naming conventions into my web page. Shouldn't there be a way -- is there a way? -- of assigning another name to it? Hopeful

Re: Anyway to map properties to different request names?

field name=personId type=text/input You can even use a different Id, if you want to refer to the field in javascript. Why does it bother you? 2014-11-05 15:39 GMT-05:00 Paul Benedict pbened...@apache.org: Let's say I have a getter/setter for field personId. That means in my markup, I need

Re: Struts 1 Thread safe action classes

Your service classes should be thread-safe to begin with. You don't need multiple instances of a business service. Cheers, Paul On Tue, Nov 4, 2014 at 3:08 PM, Sekar, Sowmya sse...@ucsd.edu wrote: Hi, To invoke service classes from each method in the action classes, are there any other

Re: Struts 1 Thread safe action classes

To be thread safe, your services should never store user data in instance variables. That's all there is to it. Keep everything local. Cheers, Paul On Tue, Nov 4, 2014 at 3:14 PM, Sekar, Sowmya sse...@ucsd.edu wrote: How do I accomplish that? -Original Message- From: Paul Benedict

Re: Struts 1 Thread safe action classes

action for every request. It shot up the server memory by a bunch but who cares, memory is cheap compared to me re-writing all those classes. Regards, Eric -Original Message- From: Paul Benedict [mailto:pbened...@apache.org] Sent: Tuesday, November 04, 2014 4:16 PM To: Struts

Re: Is the email regex validator in Struts validation incorrect?

I looked up the RFC. The document lists itself as a proposed standard [1] so it's not really available yet for general use (but correct me if wrong). I propose that an enhancement should be made in JIRA to handle this. [1] http://tools.ietf.org/html/rfc6531 Cheers, Paul On Mon, Aug 25, 2014

Re: Is the email regex validator in Struts validation incorrect?

these characters). For documentation purposes, does anyone know what effective standard disallows these characters? Cheers! Miguel On Mon, 2014-08-25 at 10:51 -0500, Paul Benedict wrote: I looked up the RFC. The document lists itself as a proposed standard [1] so it's not really

Re: Fix security vulnerability

Yes, we have releases planned: https://issues.apache.org/jira/browse/STR/?selectedTab=com.atlassian.jira.jira-projects-plugin:roadmap-panel Cheers, Paul On Wed, Jul 9, 2014 at 4:08 PM, Dave Newton davelnew...@gmail.com wrote: I'm not sure. In the meantime:

Re: Struts1-Struts2 JSP tags

Use JSTL or the struts if tag Cheers, Paul On Wed, Jul 2, 2014 at 3:42 PM, Christopher Gokey cgo...@sesda2.com wrote: So I'm making progress in porting Struts1-Struts2, I've got a couple uses of Struts tags that I'd like to convert over as well: logic:iterate logic:equal logic:notEmpty

Re: Struts1 RequestProcessor

It sounds like what you want is to create a new result type. Cheers, Paul On Tue, Jul 1, 2014 at 4:08 PM, Christopher Gokey cgo...@sesda2.com wrote: We've got some pretty old code that I'm trying to port over to Struts2 and if someone could point me in the right direction in how I can

Re: dynamic interceptor insertion

I have asked for that feature myself :-) No, that's not possible today. But if you have the time, you can code the solution and share it with everyone! Cheers, Paul On Thu, Jun 26, 2014 at 9:51 AM, Gildas de Cadoudal gildas.de.cadou...@gmail.com wrote: Hi all, I would like to dynamically

Re: Issues in Struts2 unit testing

Go set a breakpoint in Struts where the ISE is being thrown and see what condition is being tested. If possible, take some time to determine when that condition is being set before your invocation. Cheers, Paul On Fri, Jun 13, 2014 at 8:25 AM, Krishnaraj A akrajmscjavaquest...@gmail.com

Re: Issues in Struts2 unit testing

I think you need to minimize your test case and start from something simpler to diagnose the problem. First try using the default stack alone. Let us know how that turns out. Cheers, Paul On Fri, Jun 13, 2014 at 8:25 AM, Krishnaraj A akrajmscjavaquest...@gmail.com wrote: Hi Team, Is any

Re: Issues in Struts2 unit testing

Put a breakpoint in your execute() and see if it's being called. The error message might be telling the truth: the action has already been executed. Cheers, Paul On Thu, Jun 12, 2014 at 10:15 AM, Dave Newton davelnew...@gmail.com wrote: Without knowing what's in your interceptor stack it's

Re: Required Info on Upgrading Struts 1.2.x to Struts 2.3.x

Struts 1 uses a DTD which doesn't allow custom elements in the configuration... or does it? I have never seen this before. Cheers, Paul On Tue, Jun 3, 2014 at 4:57 AM, Lukasz Lenart lukaszlen...@apache.org wrote: I have no idea if it is possible or not, but you can use param like this

Re: Struts2 iterator twice for select tag

Maybe you found a bug. Hopefully Struts cleans up its iterator when the tag finishes. Maybe you can look into the source code to find out for us. Cheers, Paul On Tue, Jun 3, 2014 at 12:17 PM, Matt Williams mattwms1998...@yahoo.com.invalid wrote: I am using struts 2.1.8. I am extending the

Re: Struts 1 Logging

Usha, I don't understand your response. So you have a log file and it's logging? Cheers, Paul On Fri, May 30, 2014 at 7:58 AM, Usha Ladkani ushaladk...@gmail.com wrote: property file is in classpath , As the log file is being created with trace. We are not using tomcat. we are using our

Re: Struts 1 Logging

Websphere is notorious for its poor logging support. I used Websphere for about 5 years. The server exposes Commons Logging in the parent class loader so it's already configured -- and not configurable by you. That was my experience, at least. I think you should google Websphere Struts Logging and

Re: Struts 1 Logging

Usha, what logging framework are you using? Cheers, Paul On Thu, May 29, 2014 at 10:28 PM, Usha Ladkani ushaladk...@gmail.com wrote: Hello , We are using Struts 1 , Can someone tell me how can I enable Struts logs in debug mode, Basically I am looking for statements as below - BeanUtils

Re: Struts 1 Logging

in our application. Regards Usha On Fri, May 30, 2014 at 9:02 AM, Paul Benedict pbened...@apache.org wrote: Usha, what logging framework are you using? Cheers, Paul On Thu, May 29, 2014 at 10:28 PM, Usha Ladkani ushaladk...@gmail.com wrote: Hello , We are using

Re: utf-8 characters and xslt result type

Your XSL (stylesheet) has the ability to set the output content encoding. Are you using that? And does that work? Cheers, Paul On Sat, May 24, 2014 at 2:05 PM, Lukasz Lenart lukaszlen...@apache.org wrote: Can you register a bug in JIRA? Then we can extend XSLTResult to set content-encoding

Re: No parameters set in action when file upload exceeds max size

https://issues.apache.org/jira/browse/WW-3025 Cheers, Paul On Fri, May 9, 2014 at 10:43 AM, Greg Lindholm greg.lindh...@gmail.comwrote: When I try to upload a file that exceeds the configured 2M max then no parameters get set on my action. I can't present the user with a pretty error

Struts2 Tiles deprecation warning

Struts 2.3.16.1 Tiles 2.2.2 Everytime my application boots, this shows up in the logs: DEPRECATION WARNING! You are using parameter-based initialization, that is no longer supported! Please see docs: http://tiles.apache.org/framework/tutorial/configuration.html I did some internet research; my

Re: No action instance for path /welcomeAction could be created

A 500 error means server error. I bet your configuration has a typo or something. Struts won't service anything until you review your logs and correct what's wrong. On Wed, Apr 9, 2014 at 1:15 PM, Lukasz Lenart lukaszlen...@apache.orgwrote: What's the problem? Do you see anything in the logs?

Re: Request parameters need corresponding getters/setters in action?

Can you please clarify where you're upgrading from. You said 2.8.1 ... but did you really mean Struts 1.2.8? On Thu, Mar 27, 2014 at 3:41 PM, Manuel López Blasi lopezbl...@conicet.gov.ar wrote: Hello everybody, i'm in the process or migrating our application from struts 2.8.1 to the latest

Re: Dispatcher attempts to write on the response after it has been commited

Lukasz, the ServletResponse interface does contain an isCommitted() method. We can avoid this situation by checking it first. On Tue, Mar 18, 2014 at 1:24 AM, Lukasz Lenart lukaszlen...@apache.orgwrote: 2014-03-18 7:01 GMT+01:00 Jose L Martinez-Avial jlm...@gmail.com: Well, that's a good

Re: Dispatcher attempts to write on the response after it has been commited

Yeah. It should be -- but let's also log the response code we couldn't set. Maybe debug()? On Tue, Mar 18, 2014 at 9:28 AM, Lukasz Lenart lukaszlen...@apache.orgwrote: 2014-03-18 15:21 GMT+01:00 Paul Benedict pbened...@apache.org: Lukasz, the ServletResponse interface does contain

Re: Why do I get this XHTML validation errors? (second attempt)

We need a JIRA ticket to solve this permanently. On Fri, Mar 7, 2014 at 2:37 PM, Lukasz Lenart lukaszlen...@apache.orgwrote: YooHoo! That's suppose to work template inheritance! 2014-03-07 21:03 GMT+01:00 Fredrik Andersson fredan...@hotmail.com: Hello guys! I think you solved it! I

Re: Why do I get this XHTML validation errors? (second attempt)

Please note the wrap attribute on textarea is new to (X)HTML5. So it definitely won't validate version = 4. Chris is right, you should remove it unless you want to validate at a higher HTML version. On Thu, Mar 6, 2014 at 10:48 AM, Chris Pratt thechrispr...@gmail.comwrote: Did you try moving

Re: Re: Why do I get this XHTML validation errors? (second attempt)

Very interesting. First, the validator is correct. The table tag does not accept input elements as a child -- obviously an error. This is a problem with the Struts output -- it isn't paying attention that it is rendering a table with its layout and thus emitting bad HTML. This sounds like a

[OT] Setting up mail server on Linux?

Anyone experienced with installing/configuring mail servers on Linux? I have chosen Postfix as my tool but I'll take any working solution. I don't need to receive any emails, only send emails from my domain from a Struts application. -- Cheers, Paul

Re: MESSAGE TO ADMINIISTRATOR: Unscribing from this mailing list

Email user-unsubscr...@struts.apache.org and wait for a message. When you receive the message, just respond to it and you'll be finished. On Tue, Jan 7, 2014 at 6:30 PM, Michel Prévost prevost_mic...@hotmail.comwrote: I have attempted to remove myself from this list at several occasions,

Re: Tiles with Annotations

Annotations usually help augment the class being annotated. I don't think annotating a Struts action with Tile definitions is very appropriate for this purpose. The purposes are just very different. XML seems more appropriate than annotations here. On Thu, Jan 2, 2014 at 10:02 AM, Christoph

Re: Token Session Interceptor and back button

at 14:59 -0600, Paul Benedict wrote: Make sure your back-button action refreshes the page. You can't reuse a token from the browser's cache. It needs to regenerated. On Thu, Dec 5, 2013 at 12:39 PM, semog12 semog1epi...@gmail.com wrote: Hi, I am using the token session interceptor

Re: Token Session Interceptor and back button

Make sure your back-button action refreshes the page. You can't reuse a token from the browser's cache. It needs to regenerated. On Thu, Dec 5, 2013 at 12:39 PM, semog12 semog1epi...@gmail.com wrote: Hi, I am using the token session interceptor for a form and I have this situation: 1) I am

Re: Concealing primary key in web application with struts 2 from security perspective?

intention of question is just to ask does struts 2 provide any kind of implementation off the shelf (some kind of interceptor or any other approach)to address this. Thanks in advance On Sat, Nov 30, 2013 at 12:16 PM, Paul Benedict pbened...@apache.org wrote: Exposing the primary key

Re: Concealing primary key in web application with struts 2 from security perspective?

Exposing the primary key is not a security issue; you always have to key off something. What you need is business logic that ensures that a user may only access what he may. That's not a Struts issue; it's logic that you need to add in your business services. On Fri, Nov 29, 2013 at 11:24 PM,

Re: can we avoid extension action?

In addition, make sure your web.xml is sending the new paths/extensions to the Struts 2 filter. On Tue, Nov 12, 2013 at 1:24 PM, Yaragalla Muralidhar yaragallamur...@gmail.com wrote: Thank you so much Dave. *Thanks and Regards,* Muralidhar Yaragalla. *http://yaragalla.blogspot.in/

Re: struts1 with Ajax using struts tags

When you do AJAX in S1, you are always responding directly to the browser. You need to write your data to the ServletOutputStream and return null. You do not need to use any ActionForward. Paul On Mon, Nov 11, 2013 at 9:35 PM, Narayana narayanareddy.inako...@gmail.comwrote: I have a

Re: can we avoid extension action?

/ http://yaragalla.blogspot.in/* On Wed, Nov 13, 2013 at 1:03 AM, Paul Benedict pbened...@apache.org wrote: In addition, make sure your web.xml is sending the new paths/extensions to the Struts 2 filter. On Tue, Nov 12, 2013 at 1:24 PM, Yaragalla Muralidhar yaragallamur...@gmail.com

Re: [ANNOUNCEMENT] Struts2-JSR303-Validation-Plugin available

JSR-303 validation should be the norm for Struts 3. On Fri, Oct 25, 2013 at 1:53 PM, bphill...@ku.edu bphill...@ku.edu wrote: Works now - thank you for the help and for creating a very useful plugin. Would you mind if I wrote an article about how to use this plugin for my blog

Re: Cancel button is not redirecting

If you want to do a redirect, you need your action mapping to handle cancel and use a redirectAction result. On Tue, Oct 15, 2013 at 12:53 PM, Antonio Sánchez juntandolin...@gmail.comwrote: Hi. Simple CRUD sample application, paramsPrepareParams, wildcard method selection. Cancel button

Re: S2: Using HTTPS, when I redirect, I get HTTP

Hmm. Well, there's a couple issues to consider here. 1) When you're behind a load balancer, the machine name (domain) you're running on may not be the domain that's fronted to the public. For example, the user might be accessing www.company.org but you're on host123.company.org. When you're

Re: Prevent Ajax Multi-Request in Struts 2

Alireza, use some sort of pre-authenticated token. Ignore requests that have a bad token. On Thu, Sep 26, 2013 at 7:43 AM, JOSE L MARTINEZ-AVIAL jlm...@gmail.comwrote: Hi, Since XHR request can not be cross-domain, you can not get a CSRF through XHR( the browser will not allow other page

Re: Value not persisting in domain object

: Hi All, Can anyone please help ? Thanks.. On Fri, Aug 30, 2013 at 10:23 PM, Srineel Mazumdar smaz19...@gmail.com wrote: Yes.. the same collection. On Wed, Aug 28, 2013 at 6:55 PM, Paul Benedict pbened...@apache.org wrote: Are you retrieving the same collection? On Wed

Re: Value not persisting in domain object

Are you retrieving the same collection? On Wed, Aug 28, 2013 at 8:22 AM, Srineel Mazumdar smaz19...@gmail.comwrote: Hi, I am creating a shopping cart application in Struts 2. I am updating a list in Cart domain object when the user selects some items in shopping list using checkboxes and

Re: Struts1 to Struts2 Migration Support Query

The Struts 1 plugin supports S1 Action classes only -- there is no view support. The S1 tag libraries won't be functional so you should convert your pages to use S2 tags. On Thu, Aug 15, 2013 at 6:10 AM, vijayalayan.selva...@cognizant.com wrote: Hi, Sincere Apologies for raising this issue

Re: Annotation Support for bypassing prepare

On Fri, Jul 26, 2013 at 4:44 PM, Paul Benedict pbened...@apache.org wrote: Have you thought of removing the implements Preparable from your action? That will do it. On Jul 26, 2013 6:12 AM, Sreekanth S. Nair sreekanth.n

Re: Annotation Support for bypassing prepare

Not an array of prepares, but an array of strings for which execute methods the Preaparable callback should be excluded. On Aug 7, 2013 11:09 PM, Sreekanth S. Nair sreekanth.n...@egovernments.org wrote: With all gratitude, I strongly disagree with that idea . That bring more clumsiness to big

Re: Annotation Support for bypassing prepare

Foundations www.egovernments.org Mob : 9980078913 On Thu, Aug 8, 2013 at 9:42 AM, Paul Benedict pbened...@apache.org wrote: Not an array of prepares, but an array of strings for which execute methods the Preaparable callback should be excluded. On Aug 7

Re: Apple sec breach.. Struts?

I'll voice my personal opinion. No matter what framework you choose (Struts, MyFaces, Tapestry, etc.), it is the responsibility of all IT shops to do a security vulnerability assessment before first releasing to production and after each update. That is Security 101 because there are multitude of

Re: Annotation Support for bypassing prepare

Why would you want to bypass it? On Jul 26, 2013 3:47 AM, Sreekanth S. Nair sreekanth.n...@egovernments.org wrote: Is there any annotation available to bypass prepare method while invoking certain methods, just like @skipvalidation -- Thanks Regards Srikanth

Re: Annotation Support for bypassing prepare

validation doesn't required to call prepare. -- Thanks Regards Srikanth Software Developer eGovernments Foundations www.egovernments.org Mob : 9980078913 On Fri, Jul 26, 2013 at 4:40 PM, Paul Benedict pbened...@apache.org

Re: Using Util class inside JSP

If you want to check if the user is in session, I would create for yourself a BaseAction class which all your Actions extend. In Base Action, expose a getter to do that calculation. It's sounds like you really have a case where you want this property on the Value Stack on each invocation. I use

Re: Actions now require INPUT result after installing struts2-spring plugin

I'd definitely would put a breakpoint in the ValidationInterceptor code and step through. Nothing in the Spring plugin is causing your issue; Spring just does dependency injection. On Thu, Jul 18, 2013 at 9:59 AM, David Greene da...@securelink.com wrote: How would I figure out what is failing

Re: Actions now require INPUT result after installing struts2-spring plugin

Yes, Dave's proposal is easier and faster. When validation fails, you should have one or several errors/messages. So dump those out or breakpoint in your input() to inspect them. On Thu, Jul 18, 2013 at 10:09 AM, Dave Newton davelnew...@gmail.com wrote: * Is there any validation set up on the

Re: Actions now require INPUT result after installing struts2-spring plugin

I just get my action stuff dumped out :) Dave On Thu, Jul 18, 2013 at 11:11 AM, Paul Benedict pbened...@apache.org wrote: Yes, Dave's proposal is easier and faster. When validation fails, you should have one or several errors/messages. So dump those out or breakpoint

Re: Actions now require INPUT result after installing struts2-spring plugin

is selected. Interestingly enough, I do not have setters for my @Autowired annotated Services. I'm guessing the autowire method uses both annotations and setters (if available) ?? Is this JIRA worthy or is this just a RTFM user error thing? On Thu, Jul 18, 2013 at 11:02 AM, Paul Benedict pbened

Trouble using getText() with parameter substitution

I have a global properties file with this key: emailSent=The email was sent to {0}. I add a message in my action: addActionMessage(getText(emailSent, Arrays.asList(email))); And the {0} stays in the output. Why is this? -- Cheers, Paul

Re: S2 custom authentication: remembering original request

Forwarding to another action means you want to do chaining: http://struts.apache.org/release/2.3.x/docs/action-chaining.html result type=chain param name=actionNameautenticar/param /result On Wed, Jul 10, 2013 at 10:00 AM, Antonio Sánchez juntandolin...@gmail.comwrote: Can't forward even

Re: How to make interceptor to be invoked only for HTTP Request not for Response

Agreed. What you want is a Servlet filter, not a Struts interceptor. On Tue, Jul 9, 2013 at 9:54 AM, Sreekanth S. Nair sreekanth.n...@egovernments.org wrote: I doubt struts2 interceptor work like a filter, just like in ur pseudo code. In filter we can specify what to do with request and

Re: ServletResponseAware - request can be null?

Do this test. Put a breakpoint in the setter that is storing the response. You either have the case where the interceptor is not being fired (and thus your method is not being called) or you have found a null somehow being passed in. I bet the former is the case, but you'll have to test to find

Re: Actions as welcome files

It's not possible at the moment. It's a feature that I would like to have too. On Fri, May 31, 2013 at 1:17 PM, Antonio Sánchez inganto...@gmail.comwrote: Hello. My name is Antonio, I'm beginning with Struts2 and this is my first post. Where should store struts.xml if I need to use an

How to process HTTP HEAD requests?

In one particular action, I need to handle HTTP HEAD requests. Is this possible using Struts 2? What must I customize if it doesn't work out of the box? PS: I am not using the REST plugin. This isn't a web service either. :-) Paul

Re: Why Ajax calls don't renew session timeout on Tomcat server?

You don't give enough information to diagnose the problem, but I imagine you're not passing the session information (e.g., jsessionid cookie) back to the server. On Wed, May 15, 2013 at 12:30 PM, Norah Jones nh.jone...@gmail.com wrote: Hi, I have a web application which is deployed on a

Re: struts 2 ajax choice

Please note the Dojo plugin is deprecated. On Mon, May 13, 2013 at 4:42 PM, john lee sh_thorn_b...@yahoo.com wrote: from the document, Struts 2 support both DoJo plugin and JSON plugin, which one is easy to plugin and use? which one is more powerful? thanks in advance john

Re: Strategy for navigation in struts 1.2

There's nothing wrong with storing the search criteria in the session. On Mon, Apr 15, 2013 at 2:23 PM, Ashish ashi...@samarthinfo.com wrote: Hi I can save it in session, just dont want to add all the search criteria's in session, but will have to do some thing like save only last search

Re: struts2 (2.2.1) adds field error and doesn't return input!!

Correct. Return true to submit; false to cancel the event. On Tue, Mar 26, 2013 at 1:10 PM, Maurizio Cucchiara mcucchi...@apache.orgwrote: I could be wrong, but if you don't return true on submit event, the form will never get submitted. Twitter :http://www.twitter.com/m_cucchiara G+

Re: common validator

Do not use UI validation to defend against SQL Injection Attacks. That's the job of JDBC Prepared Statements. Paul On Tue, Mar 26, 2013 at 5:15 PM, J.V. jvsr...@gmail.com wrote: I have to add checking each and every form field in my application for sql injection attacks (I need a method that

Re: Struts 1.3 : Validating forms / password field

The best approach is to make validate() deal with syntax validation. At the beginning of your execute() method, run business logic validation and construct ActionErrors if your business logic fails. You really shouldn't be trying to stuff business logic in the validate() method -- keep that for

Re: Struts 1.3 : Preventing SQL Injection (form.field validation)

If you use JDBC prepared statements, you will not have to worry about SQL injection. Paul On Fri, Mar 22, 2013 at 6:36 PM, J.V. jvsr...@gmail.com wrote: Does anyone out there have a method I could use to pass a form field variable that would check for all known SQL injection vulnerabilities

Re: Exception thrown because of struts-config.xml

What is the exception? And if you're on Struts 1.3, you should fix your 1.2 version in the DOCTYPE. On Thu, Mar 21, 2013 at 3:27 PM, J.V. jvsr...@gmail.com wrote: I have the following struts-config.xml below (a sample from the file). I am well versed in well formatted XML and DTD's ( I have

Re: DynaValidatorActionForm (using Apache Commons Validator project)

DynaValidatorActionForm validates by looking for the matching URI in the Struts Config. Paul On Thu, Mar 21, 2013 at 3:57 PM, J.V. jvsr...@gmail.com wrote: Is DynaValidatorActionForm.java intended for use in extending Action classes or for use in extending Form classes? Does anyone have a

Re: DynaValidatorActionForm (using Apache Commons Validator project)

As I said, DynaValidatorActionForm validates by looking for the matching URI in the Struts Config. If you want to continue using that superclass, your Validator XML contents must change to this: form name=/your_context/your_executing_action Otherwise, switch your base class to DynaValidatorForm

Re: DynaValidatorActionForm (using Apache Commons Validator project)

Ooops. You shouldn't need your_context -- just the URI after the context. On Thu, Mar 21, 2013 at 4:32 PM, Paul Benedict pbened...@apache.org wrote: As I said, DynaValidatorActionForm validates by looking for the matching URI in the Struts Config. If you want to continue using that superclass

Re: DynaValidatorActionForm (using Apache Commons Validator project)

Struts looks for the Validator configuration based on a key. The key is selected by the form. The key can either be the URI (DynaValidatorActionForm) or the Form Name (DynaValidatorForm). Your config file is obviously using bean names: form name=loginFormBean So you need the correct Form

Re: Default action behaviour with convention plugin change in 2.3.12

What I've suggested before -- but haven't done anything about it -- is to allow the struts.xml packages to have an index action. This will execute if the package is specified but no action. This is different than a default action. Paul On Wed, Mar 20, 2013 at 9:02 AM, Dave Newton

Re: problem with regex validator

[^lt;gt;] means any character that is not the angled brackets. This is correct syntax for XML encoding. Try also using the beginning and ending meta-characters: ^[^lt;gt;]$ Paul On Tue, Mar 19, 2013 at 3:35 PM, Muralidhar Yaragalla java.yaraga...@gmail.com wrote: Hi Chris, I tried with the

Re: problem with regex validator

? but then I am good with my custom validator for regex. One note is that xwork classes dont use log4j for logging. On Wed, Mar 20, 2013 at 2:09 AM, Paul Benedict pbened...@apache.org wrote: [^lt;gt;] means any character that is not the angled brackets. This is correct syntax for XML encoding

Re: problem with regex validator

What input value are you testing against the regex? On Tue, Mar 19, 2013 at 4:28 PM, Muralidhar Yaragalla java.yaraga...@gmail.com wrote: As far as i remember commons logging is one of the implementation of log4j. but xworks classes does not use log4j. I am saying this because i have used

Re: how can i retain the field values when there is validation error in field

You retain those values by doing a forward to a view (JSP, freemarker, etc.) whose view knows how to render the appropriate model object in the action. Paul On Tue, Mar 19, 2013 at 4:32 PM, Muralidhar Yaragalla java.yaraga...@gmail.com wrote: Hi when there is validation error in the farm the

Re: problem with regex validator

Did you add the ^ and $ like I suggested? On Tue, Mar 19, 2013 at 4:34 PM, Muralidhar Yaragalla java.yaraga...@gmail.com wrote: something like apple (without quotes). On Wed, Mar 20, 2013 at 3:02 AM, Paul Benedict pbened...@apache.org wrote: What input value are you testing against

S2 annotations to limit HTTP methods?

Does S2 have annotations, which can be applied to an action method, to explicitly specify which HTTP methods are allowed? Thus returning a 405 otherwise? Paul

Re: S2 annotations to limit HTTP methods?

that allows a list of methods being defined. Is that a better choice? My use case is that I want S2 AJAX actions that submit data to only be accessed via POST. Paul On Mon, Mar 18, 2013 at 1:25 PM, Lukasz Lenart lukaszlen...@apache.orgwrote: 2013/3/18 Paul Benedict pbened...@apache.org: Does S2 have

Re: Struts 1.1 and Tiles 2 compatability

Tiles 2 is not compatible with Struts 1. You must use Tiles 1. Paul On Mon, Mar 11, 2013 at 3:01 PM, Sekar, Sowmya sse...@ucsd.edu wrote: Hi, I am in the process of upgrading from Tiles 1 to Tiles 2.2.2 combined with Struts 1.1. I have the following configuration in struts-config.xml

Re: Struts 1.1 and Tiles 2 compatability

...@gmail.com] On Behalf Of Paul Benedict Sent: Monday, March 11, 2013 1:15 PM To: Struts Users Mailing List Subject: Re: Struts 1.1 and Tiles 2 compatability Tiles 2 is not compatible with Struts 1. You must use Tiles 1. Paul On Mon, Mar 11, 2013 at 3:01 PM, Sekar, Sowmya sse...@ucsd.edu wrote

Re: Legacy struts 1 dtd's gone?

If your application server is going out to the Internet to get the DTDs, that most likely means you have a configuration issue. The DTDs are part of the library; your application server should be able to load them locally. Paul On Tue, Feb 12, 2013 at 5:36 PM, Eric Rank ericr...@lo-fi.net wrote:

Re: Struts 1.x and Strtus2.x With Tiles 2.x

Can't be done. Struts 1 needs Tiles 1 and Struts 2 needs Tiles 2. On Aug 29, 2012 7:17 PM, vsendhil vsend...@gmail.com wrote: Hi, Hi, I have a application in Struts1.x and want to use struts2.x simultaneously. I followed the steps from the threads and now I am getting

Re: behavior of form fields with disabled status

Correct. This is part of the HTML spec. You would have this problem if you used Struts or not. Disabled fields are not submitted to the server. On Sun, Aug 26, 2012 at 10:49 PM, umeshawas...@gmail.com wrote: As per HTML spec if you have made the field disabled they will not be submited to the

Re: behavior of form fields with disabled status

I question why you would want to submit any data that's readonly or disabled. What's the point? If the user can't enter it, there's probably a good chance you don't need to receive it -- especially a password field. Paul On Sun, Aug 26, 2012 at 11:41 PM, al so volks...@gmail.com wrote: looks

  1   2   3   4   5   6   7   >