[ https://issues.apache.org/jira/browse/WW-5238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17613079#comment-17613079 ]
Daniel Wu commented on WW-5238: ------------------------------- 1. The *_form-processing_* example has the following methods defined, which are *standard* or *whitelisted* methods. public String execute() throws Exception { //call Service class to store personBean's state in database return SUCCESS; } public String cancel() throws Exception { return SUCCESS; } 2. The package _basicstruts2_ uses default ({*}no namespace{*}) instead of specifying a {*}namespace{*}. <package name="basicstruts2" extends="struts-default"> 3. Below is the changes to replicate using the *form-processing* example >change _Register_ action class methods, and related _struts.xml_ configuration execute -> execute2 cancel -> cancel2 >change namespace to something other than "/" (ie. "/prod") >add namespace='/prod' to the url/form tags in the JSPs >build/deploy >from main page, click _Register_ link, then click _Cancel_ button 4. Below is the Struts 2 configuration file ({_}*struts.xml*{_}) for the _*form-processing*_ example. Switching to *_execute2_* and *_cancel2_* breaks the app for the Struts 2 v6.0.3. However, it works fine for Struts 2 v6.0.0. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.5//EN" "http://struts.apache.org/dtds/struts-2.5.dtd"> <struts> <constant name="struts.devMode" value="true" /> <constant name="struts.enable.DynamicMethodInvocation" value="true"/> <constant name="struts.mapper.action.prefix.enabled" value="true"/> <package name="basicstruts2" extends="struts-default" {*}namespace="/prod"{*}> <default-action-ref name="index"/> <!-- If no class attribute is specified the framework will assume success and render the result index.jsp --> <!-- If no name value for the result node is specified the success value is the default --> <action name="index"> <result>/WEB-INF/index.jsp</result> </action> <!-- If the URL is hello.action then call the execute method of class HelloWorldAction. If the result returned by the execute method is success render the HelloWorld.jsp --> <action name="hello" class="org.apache.struts.helloworld.action.HelloWorldAction" method="execute"> <result name="success">/WEB-INF/HelloWorld.jsp</result> </action> <action name="register" class="org.apache.struts.register.action.Register" method="input"> <result name="input">/WEB-INF/register.jsp</result> </action> <action name="register-cancel" class="org.apache.struts.register.action.Register" method="{*}cancel2{*}"> <result type="redirectAction">index</result> </action> <action name="register-submit" class="org.apache.struts.register.action.Register" method="{*}execute2{*}"> <result>/WEB-INF/thankyou.jsp</result> </action> </package> </struts> > Strict Method Invocation (SMI) too strict or wrong ActionMapping? > ----------------------------------------------------------------- > > Key: WW-5238 > URL: https://issues.apache.org/jira/browse/WW-5238 > Project: Struts 2 > Issue Type: Bug > Components: Core > Affects Versions: 6.0.3 > Reporter: Daniel Wu > Priority: Blocker > Fix For: 6.1.0 > > Attachments: ex1.PNG, ex2.PNG, form-processing.png, > results_after_clicking_add_button.PNG > > > Got the following error (Error No. 2) when trying to create one record. The > prompt method is not supposed to be invoked for aSbmt1. Before that, the > aSbmt1 was not accepted (Error No. 1). I tried several ways to try to > overwrite the regular expression without success. Was something strange > introduced into the Struts 2 version 6.0.3? Is Strict Method Invocation (SMI) > in a dead loop? I am surprised at that there is no issue reported for the > Struts 2 version 6.0.3 yet. > 1. com.opensymphony.xwork2.interceptor.ParametersInterceptor - > *{color:#ff0000}Parameter [action:aSbmt1] didn't match accepted > pattern{color}* > [[\w+((\.\w+)|(\[\d+])|((\d+))|(['(\w-?|[\u4e00-\u9fa5]{-}?){+}'])|(('(\w{+}{-}?|[\u4e00-\u9fa5]-?)')))*]]! > See Accepted / Excluded patterns at > [https://struts.apache.org/security/#accepted--excluded-patterns] > *{color:#ff0000}2. com.opensymphony.xwork2.config.ConfigurationException: > Method prompt for action aSbmt1 is not allowed!{color}* > at > com.opensymphony.xwork2.DefaultActionProxy.prepare(DefaultActionProxy.java:191) > ~[struts2-core-6.0.3.jar:6.0.3] > at > org.apache.struts2.factory.StrutsActionProxy.prepare(StrutsActionProxy.java:57) > ~[struts2-core-6.0.3.jar:6.0.3] > at > org.apache.struts2.factory.StrutsActionProxyFactory.createActionProxy(StrutsActionProxyFactory.java:32) > ~[struts2-core-6.0.3.jar:6.0.3] > at > com.opensymphony.xwork2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:60) > ~[struts2-core-6.0.3.jar:6.0.3] > at > org.apache.struts2.dispatcher.Dispatcher.createActionProxy(Dispatcher.java:673) > ~[struts2-core-6.0.3.jar:6.0.3] > at > org.apache.struts2.dispatcher.Dispatcher.prepareActionProxy(Dispatcher.java:658) > ~[struts2-core-6.0.3.jar:6.0.3] > at > org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:621) > ~[struts2-core-6.0.3.jar:6.0.3] > at > org.apache.struts2.dispatcher.ExecuteOperations.executeAction(ExecuteOperations.java:79) > ~[struts2-core-6.0.3.jar:6.0.3] > at > org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:140) > ~[struts2-core-6.0.3.jar:6.0.3] > at > weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) ~ -- This message was sent by Atlassian Jira (v8.20.10#820010)