Re: getOutputStream() has already been called for this response
Hi, I am also facing the same problem while trying to download to excel. Plz let me know what code u have added to solve this problem -- View this message in context: http://struts.1045723.n5.nabble.com/Cannot-forward-after-response-has-been-committed-tp5710573p5711663.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Cannot forward after response has been committed...
Hi S S, i am solved this problem by changeing return stream .hope this helps to you File file=null; file = new File(path); return FileStreamInfo object instead of ResourceStreamInfo and pass content type and File class object. return new FileStreamInfo(contentType, file); -- View this message in context: http://struts.1045723.n5.nabble.com/Cannot-forward-after-response-has-been-committed-tp5710573p5711664.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Java security issue vs. struts?
Thank you Chris. Moreover, if I call jfreechart to generate reports through web applications, it will not be affected, I believe? As long as you do not use Applets to output JFreechart data you should be fine (saying: if you generate images with JFreechart) (1) My jsp: img src=jfreechart_reportProcessReport.action (2) struts.xml action name=jfreechart_reportProcessReport method=jfreechart_report class=ProcessReport result name=success type=chart param name=chartchart/param param name=width1000/param param name=height500/param /result /action (3) My struts java action class (server side): do: ChartFactory.createBarChart3D(){... ...} As a result, due to (1) ~(3) I am safe I believe. Thanks a lot for all your comments! Emi - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Java security issue vs. struts?
Hello Martin, I did not find bug report under struts JIRA related to jfreechart. More details about how I use jfreechart: (1) jsp img src=.action (2) JAVA Action class, generated jsp (3) struts.xml specify img size Hope this info will help others have the same concern :-) Bon week-end! Emi On 01/16/2013 05:39 PM, Martin Gainty wrote: Hi Chris This issue came up on another apache users list I believe there was open access issue to Remote Context Object by OGNL (but i think Lukasz or Dave addressed the issue)..emi..did you see this in Struts Jira? Bon chance, Martin __ Note de déni et de confidentialitéCe message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Original Message Subject: Re: Java security issue vs. struts? Date: Fri, 18 Jan 2013 12:00:31 -0500 From: Emi Lu em...@encs.concordia.ca Reply-To: em...@encs.concordia.ca To: Christian Grobmeier grobme...@gmail.com CC: Struts Users Mailing List user@struts.apache.org, Chris Pratt thechrispr...@gmail.com Thank you Chris. Moreover, if I call jfreechart to generate reports through web applications, it will not be affected, I believe? As long as you do not use Applets to output JFreechart data you should be fine (saying: if you generate images with JFreechart) (1) My jsp: img src=jfreechart_reportProcessReport.action (2) struts.xml action name=jfreechart_reportProcessReport method=jfreechart_report class=ProcessReport result name=success type=chart param name=chartchart/param param name=width1000/param param name=height500/param /result /action (3) My struts java action class (server side): do: ChartFactory.createBarChart3D(){... ...} As a result, due to (1) ~(3) I am safe I believe. Thanks a lot for all your comments! Emi mailto:user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org mailto:user-h...@struts.apache.org -- Emi Lu, ENCS, Concordia University, Montreal H3G 1M8 em...@encs.concordia.ca+1 514 848-2424 x5884 - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Emi Lu, ENCS, Concordia University, Montreal H3G 1M8 em...@encs.concordia.ca+1 514 848-2424 x5884 - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
[S1] Validator does not respect locale when validating double value?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm running Struts 1.3.10 (with commons-validator 1.3.1), and I'm trying to validate (and subsequently parse) a floating-point value as a double. My validator configuration looks like this (I apologize for it's potential unreadability): field property=maxAgeMonths page=3 depends=required,maxlength,double,doubleRange arg position=1 name=maxlength key=${var:maxlength} resource=false / varvar-namemaxlength/var-namevar-value8/var-value/var varvar-namemin/var-namevar-value-10.0/var-value/var varvar-namemax/var-namevar-value11.99/var-value/var msg name=doubleRange bundle=Staff key=error.age-out-of-range / /field In my session, the value of org.apache.struts.action.LOCALE is es, so Spanish. My UI is coming-up in Spanish, too. When I try to submit 3,77 as the max age, I get a message that the field value is not a valid double. If I change the value to 3.77, I get no errors, and of course my code (somewhat) correctly parses the value to 377 months because, in Spanish, the period means a grouping separator and not a decimal point. I have not altered the standard definition of the double validator: I'm using whatever comes in /org/apache/struts/validator/validator-rules.xml. Before I go digging-through the code Struts/commons-validator to find out exactly what might be wrong, can anyone give me any suggestions at to what I might be missing? Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlD5ji0ACgkQ9CaO5/Lv0PAMmACfWNa2HW7HZbcZpttLjNzHfZXk R8cAn1+cSyS2l85kXndju57zz037OBmE =Kpsg -END PGP SIGNATURE- - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 1/18/13 1:02 PM, Christopher Schultz wrote: Before I go digging-through the code Struts/commons-validator to find out exactly what might be wrong, can anyone give me any suggestions at to what I might be missing? Actually, it didn't take a lot of digging: http://svn.apache.org/viewvc/struts/struts1/tags/STRUTS_1_3_10/core/src/main/java/org/apache/struts/validator/FieldChecks.java?view=markup The method validateDouble() totally ignores the user's Locale and calls commons-validator's formatDouble(String) method instead of the formatDouble(String,Locale) method. The same seems to be true for all the validate[NumberType] methods and validate[NumberType]Range methods. This seems to be an i18n bug to me. Am I missing something? Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlD5mq4ACgkQ9CaO5/Lv0PC8eACeLQwIIKTeKRovTsVjQL5J0Xzk VygAoJUjB9SIHmSjI3PuYIw5kJhbQjc3 =REQ5 -END PGP SIGNATURE- - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
2013/1/18 Christopher Schultz ch...@christopherschultz.net: The method validateDouble() totally ignores the user's Locale and calls commons-validator's formatDouble(String) method instead of the formatDouble(String,Locale) method. The same seems to be true for all the validate[NumberType] methods and validate[NumberType]Range methods. This seems to be an i18n bug to me. Am I missing something? Looks like... Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
Łucaz, On Jan 18, 2013, at 16:00, Lukasz Lenart lukaszlen...@apache.org wrote: 2013/1/18 Christopher Schultz ch...@christopherschultz.net: The method validateDouble() totally ignores the user's Locale and calls commons-validator's formatDouble(String) method instead of the formatDouble(String,Locale) method. The same seems to be true for all the validate[NumberType] methods and validate[NumberType]Range methods. This seems to be an i18n bug to me. Am I missing something? Looks like... Thanks for the sanity check. It's a simple patch, one that I am more than willing to provide. Honestly, I'm shocked that struts 1, which is at least 10 years old, still has a glaring internationalization bug like this. -chris - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
2013/1/18 Christopher Schultz ch...@christopherschultz.net: Honestly, I'm shocked that struts 1, which is at least 10 years old, still has a glaring internationalization bug like this. It isn't actively developed any more, that's the problem :-) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
-chris -- Christopher Schultz Chief Technology Officer, Total Child Health Inc. Technical Director, Center for Promotion of Child Development through Primary Care tel: +1.410.807.4500 x20 tel: +1.888.4CHADIS (+1.888.424.2347) email: cschu...@chadis.com On Jan 18, 2013, at 16:38, Lukasz Lenart lukaszlen...@apache.org wrote: 2013/1/18 Christopher Schultz ch...@christopherschultz.net: Honestly, I'm shocked that struts 1, which is at least 10 years old, still has a glaring internationalization bug like this. It isn't actively developed any more, that's the problem :-) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
-chris -- Christopher Schultz Chief Technology Officer, Total Child Health Inc. Technical Director, Center for Promotion of Child Development through Primary Care tel: +1.410.807.4500 x20 tel: +1.888.4CHADIS (+1.888.424.2347) email: cschu...@chadis.com On Jan 18, 2013, at 16:38, Lukasz Lenart lukaszlen...@apache.org wrote: 2013/1/18 Christopher Schultz ch...@christopherschultz.net: Honestly, I'm shocked that struts 1, which is at least 10 years old, still has a glaring internationalization bug like this. It isn't actively developed any more, that's the problem :-) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
Łucaz, On Jan 18, 2013, at 16:38, Lukasz Lenart lukaszlen...@apache.org wrote: 2013/1/18 Christopher Schultz ch...@christopherschultz.net: Honestly, I'm shocked that struts 1, which is at least 10 years old, still has a glaring internationalization bug like this. It isn't actively developed any more, that's the problem :-) I *did* know that, but I figured it would have been fixed while ago :-) I've got an old web app that has used S1 for years, so that's why I'm using it. Don't worry, I'm not trying to launch a brand-new project using struts one. -chris - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
2013/1/18 Christopher Schultz ch...@christopherschultz.net: I've got an old web app that has used S1 for years, so that's why I'm using it. Don't worry, I'm not trying to launch a brand-new project using struts one. :D Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: Java security issue vs. struts?
1)The open access created via OGNL expression request to Context is a minor breach..contact Dave or Lukasz for solution (at least one of them will plug the hole) 2)If you're a security guy (or gal) start subscribing to CVE bulletins Oracle *usually* addresses these issues right away and you can read about the latest vulnerability and ways to mitigate the breach at http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html Bon Chance,Martin Date: Fri, 18 Jan 2013 12:21:28 -0500 From: em...@encs.concordia.ca To: user@struts.apache.org CC: mgai...@hotmail.com; thechrispr...@gmail.com Subject: Re: Java security issue vs. struts? Hello Martin, I did not find bug report under struts JIRA related to jfreechart. More details about how I use jfreechart: (1) jsp img src=.action (2) JAVA Action class, generated jsp (3) struts.xml specify img size Hope this info will help others have the same concern :-) Bon week-end! Emi On 01/16/2013 05:39 PM, Martin Gainty wrote: Hi Chris This issue came up on another apache users list I believe there was open access issue to Remote Context Object by OGNL (but i think Lukasz or Dave addressed the issue)..emi..did you see this in Struts Jira? Bon chance, Martin __ Note de déni et de confidentialitéCe message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Original Message Subject: Re: Java security issue vs. struts? Date: Fri, 18 Jan 2013 12:00:31 -0500 From: Emi Lu em...@encs.concordia.ca Reply-To: em...@encs.concordia.ca To: Christian Grobmeier grobme...@gmail.com CC: Struts Users Mailing List user@struts.apache.org, Chris Pratt thechrispr...@gmail.com Thank you Chris. Moreover, if I call jfreechart to generate reports through web applications, it will not be affected, I believe? As long as you do not use Applets to output JFreechart data you should be fine (saying: if you generate images with JFreechart) (1) My jsp: img src=jfreechart_reportProcessReport.action (2) struts.xml action name=jfreechart_reportProcessReport method=jfreechart_report class=ProcessReport result name=success type=chart param name=chartchart/param param name=width1000/param param name=height500/param /result /action (3) My struts java action class (server side): do: ChartFactory.createBarChart3D(){... ...} As a result, due to (1) ~(3) I am safe I believe. Thanks a lot for all your comments! Emi mailto:user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org mailto:user-h...@struts.apache.org -- Emi Lu, ENCS, Concordia University, Montreal H3G 1M8 em...@encs.concordia.ca+1 514 848-2424 x5884 - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Emi Lu, ENCS, Concordia University, Montreal H3G 1M8 em...@encs.concordia.ca+1 514 848-2424 x5884 - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org