Re: ?statusCode=303 get appended to url when using rest plugin
Which struts2 version are we talking about? 2010/12/20 Gena Ganebnyi gganeb...@nebulent.com: I have the following annotations placed on my controller to assure redirect-after-post: @Results({ �...@result(name=create, type=redirect, location=/schedule/), �...@result(name=update, type=redirect, location=/schedule/), �...@result(name=destroy, type=redirect, location=/schedule/) }) When redirect is performed ?statusCode=303 is appended to url. Is there any way to avoid this? Genadii -- Maurizio Cucchiara - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Dependancy Madness: Struts 2.2.1 spring 2.5 (preferably later ie: 3) and JPA2 backed with Hibernate
It looks like there is a spring library conflict. Though at first glance would seem a spring issue, could you post the list of the lib directory (probably there will be more than one spring library version) 2010/12/20 Ken McWilliams ken.mcwilli...@aerose.com: I'm experiencing issues upgrading the struts2-spring-2-jpa-ajax demo found here http://struts.apache.org/2.2.1/docs/struts-2-spring-2-jpa-ajax.html I've set up quite a few 2.2.1 projects I've just had a hard time understanding the spring/hibernate dependencies. I don't suppose anyone has an updated version of this demo (Struts 2.2.1, jpa 2, spring (anything that works) =) With the above project I followed: http://struts.apache.org/2.2.1/docs/create-struts-2-web-application-using-maven-to-manage-artifacts-and-to-build-the-application.html So I removed struts2-core and struts2-spring-plugin and added back the 2.2.1 version of the struts2-spring-plugin (because it adds back struts2-core) and added javasssist (although there is still an older version because of the hibernate dependency) added log4j dependency and xml file and switched to using the org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter filter. I'm getting at this moment: * HERE DOWN IS EXCEPTIONS ** SEVERE: PWC1306: Startup of context /quickstart_upgrade-0.1-SNAPSHOT failed due to previous errors SEVERE: PWC1305: Exception during cleanup after start failed org.apache.catalina.LifecycleException: PWC2769: Manager has not yet been started at org.apache.catalina.session.StandardManager.stop(StandardManager.java:892) at org.apache.catalina.core.StandardContext.stop(StandardContext.java:5456) at com.sun.enterprise.web.WebModule.stop(WebModule.java:530) at org.apache.catalina.core.StandardContext.start(StandardContext.java:5284) at com.sun.enterprise.web.WebModule.start(WebModule.java:499) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:928) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:912) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:694) at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1947) at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1619) at com.sun.enterprise.web.WebApplication.start(WebApplication.java:90) at org.glassfish.internal.data.EngineRef.start(EngineRef.java:126) at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:241) at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:236) at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:339) at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:183) at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:272) at com.sun.enterprise.v3.admin.CommandRunnerImpl $1.execute(CommandRunnerImpl.java:305) at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:320) at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1176) at com.sun.enterprise.v3.admin.CommandRunnerImpl.access $900(CommandRunnerImpl.java:83) at com.sun.enterprise.v3.admin.CommandRunnerImpl $ExecutionContext.execute(CommandRunnerImpl.java:1235) at com.sun.enterprise.v3.admin.CommandRunnerImpl $ExecutionContext.execute(CommandRunnerImpl.java:1224) at com.sun.enterprise.v3.admin.AdminAdapter.doCommand(AdminAdapter.java:365) at com.sun.enterprise.v3.admin.AdminAdapter.service(AdminAdapter.java:204) at com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:166) at com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:100) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:245) at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791) at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693) at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954) at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170) at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135) at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102) at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88) at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76) at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53) at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57) at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
Image type submit
Hello Everyone, I encounter a problem with the s:submit type=image src= taglib in my forms. So I downloaded the struts2 samples 2.2.1 and modified the form submit tag in struts2-showcase-2.2.1/conversion/enterPersonsInfo.jsp to be a submit of type image. and it generates the same error message: Rendering template /template/simple/submit 16:56:40,862 BUG kerTemplateEngine Rendering template /template/simple/submit.ftl 16:56:40,862 BUG pPropertyAccessor Entering getProperty (ognl.ognlcont...@1c8ed8be,{templateDir=template, theme=simple, dynamicAttributes={}, label=Continuer, onclick=$('textChatFormModalBox').action ='desactivateTextChat.do';, title=Continuer, nameValue=Submit, id=proceed, type=image, align=right, src=ihm/images/fr/btn_proceed_fr.gif},body) 16:56:40,862 BUG ectTypeDeterminer Error while retrieving generic property class for property=parameters java.lang.NullPointerException at com.opensymphony.xwork2.conversion.impl.DefaultObjectTypeDeterminer.getClass(DefaultObjectTypeDeterminer.java:314) at com.opensymphony.xwork2.conversion.impl.DefaultObjectTypeDeterminer.getKeyClass(DefaultObjectTypeDeterminer.java:93) at com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor.getProperty(XWorkMapPropertyAccessor.java:93) at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2230) at ognl.ASTProperty.getValueBody(ASTProperty.java:114) at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) at ognl.SimpleNode.getValue(SimpleNode.java:258) at ognl.ASTChain.getValueBody(ASTChain.java:141) at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) at ognl.SimpleNode.getValue(SimpleNode.java:258) at ognl.Ognl.getValue(Ognl.java:494) at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:217) at com.opensymphony.xwork2.ognl.OgnlValueStack.getValue(OgnlValueStack.java:342) at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:331) at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:307) at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:293) at org.apache.struts2.components.Property.start(Property.java:162) at org.apache.struts2.views.freemarker.tags.CallbackWriter.onStart(CallbackWriter.java:73) at freemarker.core.Environment.visit(Environment.java:296) at freemarker.core.UnifiedCall.accept(UnifiedCall.java:130) at freemarker.core.Environment.visit(Environment.java:210) at freemarker.core.MixedContent.accept(MixedContent.java:92) at freemarker.core.Environment.visit(Environment.java:210) ... Could you tell me if it's reproducable on your side with the struts2-showcase sample? Tested with struts2.2.1 on Jonas4.10.3 Thanks, Olivier Sagit osagit@orange-ftgroup.com * This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Parameter manipulation
Hi All, adding just one note to what Marcus already said, will You be able to update your whitelist every time User class (or any other viewable) gains new field? And again *ViewAction is for view only - it should be technically impossible to change viewed object state. One simple way to do it is loading this object in execute method. Best greetings, Paweł Wielgus. 2010/12/18 Marcus Bond mar...@marcusbond.me.uk: David, didn't your original post say that this is an action that loads an object to display it rather than to modify it? In which case I'm not sure why you even need to use Preparable (as I'm guessing it's during prepare that the instance is initialised which makes it available for struts to populate during the second params setting). At a guess you're setting an id in the initial params phase which then is used to load the instance? Why not just load it during execute (or whatever other method is being called by the action mapping) so it isn't there for any params to be applied earlier? Regards, Marcus On 17/12/2010 20:02, Altenhof, David Aron wrote: One approach I've through of is to create an interceptor that would parse through your -validation.xml (assuming one uses them) and then only allow parameters that have an associated validator. This would actually serve two goals: 1) Preventing parameter fiddling 2) Mandating the wise practice of validating all incoming data. Now if I could only find a few spare cycles to work on it... -David -Original Message- From: Chris Pratt [mailto:thechrispr...@gmail.com] Sent: Friday, December 17, 2010 1:08 PM To: Struts Users Mailing List Subject: Re: Parameter manipulation Maybe if the OP moves the bean creation out of the prepare() method (so the bean isn't available during parameter injection) and then retrieves it at the start of validate() or execute() that might solve the problem. (*Chris*) On Fri, Dec 17, 2010 at 10:05 AM, Chris Prattthechrispr...@gmail.comwrote: If the bean already exists, struts doesn't have to set it. It just has to modify the retrieved bean. (*Chris*) On Fri, Dec 17, 2010 at 9:48 AM,stanl...@gmail.com wrote: I agree S2 will create the bean (if null) but it can't set a property that is private and has no accessible setter method. P.S. What am I missing here? Scott On Fri, Dec 17, 2010 at 11:45 AM, Maurizio Cucchiara maurizio.cucchi...@gmail.com wrote: This happens because bean is null, otherwise struts will populate. 2010/12/17stanl...@gmail.com: Guys -- If the action has no setter and the property is private, S2 will not populate it. Scott On Fri, Dec 17, 2010 at 11:10 AM, Maurizio Cucchiara maurizio.cucchi...@gmail.com wrote: David, I get your point. Scott is right, you could overwrite PI or maybe write your custom interceptor (though I think you should consider to file an issue on JIRA). Maybe it would use java annotations to hide/expose fields, or alternately it could behave as you supposed (expose only field with write accessors). 2010/12/17 Altenhof, David Arondalte...@iupui.edu: The model objects are initialized in prepare() ... other techniques just aren't as practical for our application. I'm just going to keep doing lots of whitelisting with ParameterNameAware... -David -Original Message- From: Steven Yang [mailto:kenshin...@gmail.com] Sent: Friday, December 17, 2010 1:10 AM To: Struts Users Mailing List Subject: Re: Parameter manipulation is your user object initialized when the param interceptor is run? here i might be wrong, but what i know is if your object is initialized then Struts or OGNL will call getUser().setEmail(...) otherwise create a new User then setEmail then setUser then the second case should fail for you again, i might be wrong on the behavior On Thu, Dec 16, 2010 at 12:39 AM, Altenhof, David Aron dalte...@iupui.eduwrote: I've been getting more and more concerned about the possibility of parameter manipulation attacks with Struts2. I've started doing strict whitelists using the ParameterNameAware interface on all of my forms pages. However, today I tried to code a display-only page that shows information about a particular user. I thought that by simply creating a getter and no setter, it would be impossible to inject parameters. For example, my action only contains the following getter for a JPA model object: public User getUser() { return user; } However, by sending a simple query parameter, it is *still* possible to change values in user. For example, you can send: http://localhost:8080/MySite/userdisplay.action?user.email=newemail @ad dress.com ... and it works. The email will become newem...@address.com Is there any way to shut this down other than whitelisting every single action in your site using ParameterNameAware? (Or simply never put model objects on your stack?) This is getting
Re: ?statusCode=303 get appended to url when using rest plugin
2.2.1 On Tue, Dec 21, 2010 at 10:48 AM, Maurizio Cucchiara maurizio.cucchi...@gmail.com wrote: Which struts2 version are we talking about? 2010/12/20 Gena Ganebnyi gganeb...@nebulent.com: I have the following annotations placed on my controller to assure redirect-after-post: @Results({ @Result(name=create, type=redirect, location=/schedule/), @Result(name=update, type=redirect, location=/schedule/), @Result(name=destroy, type=redirect, location=/schedule/) }) When redirect is performed ?statusCode=303 is appended to url. Is there any way to avoid this? Genadii -- Maurizio Cucchiara - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: ?statusCode=303 get appended to url when using rest plugin
Ok, I've got the point (I wrongly thought was a convention issue). The answer is: no (AFAIK), there is no-way to get rid of the statusCode param, I mean nothing simple (You should extend class, handling xml-configuration file, and so on). The good news is that it would be possible to insert into the ProhibitedResultParams of ServletRedirectResult. Is it really so annoying? If the answer is yes, the next step would be opening an issue, could you file an issue for this? 2010/12/21 Gena Ganebnyi gganeb...@nebulent.com: 2.2.1 On Tue, Dec 21, 2010 at 10:48 AM, Maurizio Cucchiara maurizio.cucchi...@gmail.com wrote: Which struts2 version are we talking about? 2010/12/20 Gena Ganebnyi gganeb...@nebulent.com: I have the following annotations placed on my controller to assure redirect-after-post: @Results({ �...@result(name=create, type=redirect, location=/schedule/), �...@result(name=update, type=redirect, location=/schedule/), �...@result(name=destroy, type=redirect, location=/schedule/) }) When redirect is performed ?statusCode=303 is appended to url. Is there any way to avoid this? Genadii -- Maurizio Cucchiara - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Maurizio Cucchiara - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: ?statusCode=303 get appended to url when using rest plugin
Is it really so annoying? in case you are trying to achive clean urls looks quite awkward If the answer is yes, the next step would be opening an issue, could you file an issue for this? will do On Tue, Dec 21, 2010 at 1:45 PM, Maurizio Cucchiara maurizio.cucchi...@gmail.com wrote: Ok, I've got the point (I wrongly thought was a convention issue). The answer is: no (AFAIK), there is no-way to get rid of the statusCode param, I mean nothing simple (You should extend class, handling xml-configuration file, and so on). The good news is that it would be possible to insert into the ProhibitedResultParams of ServletRedirectResult. Is it really so annoying? If the answer is yes, the next step would be opening an issue, could you file an issue for this? 2010/12/21 Gena Ganebnyi gganeb...@nebulent.com: 2.2.1 On Tue, Dec 21, 2010 at 10:48 AM, Maurizio Cucchiara maurizio.cucchi...@gmail.com wrote: Which struts2 version are we talking about? 2010/12/20 Gena Ganebnyi gganeb...@nebulent.com: I have the following annotations placed on my controller to assure redirect-after-post: @Results({ @Result(name=create, type=redirect, location=/schedule/), @Result(name=update, type=redirect, location=/schedule/), @Result(name=destroy, type=redirect, location=/schedule/) }) When redirect is performed ?statusCode=303 is appended to url. Is there any way to avoid this? Genadii -- Maurizio Cucchiara - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Maurizio Cucchiara - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Calculate module of index in Struts2 iterator
You can put the following debug code in your jsp: s:property value=#fieldNameStatus.index / s:property value=#fieldNameStatus.index % 10 / s:property value=#fieldNameStatus.index % 10 ==0 / It may help you find out what the result of expression is. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: Parameter manipulation
Yes ... loading in execute is exactly what I needed. Thanks! Is ViewAction a pattern, or is there an implementation? -David -Original Message- From: Paweł Wielgus [mailto:poulw...@gmail.com] Sent: Tuesday, December 21, 2010 5:09 AM To: Struts Users Mailing List Subject: Re: Parameter manipulation Hi All, adding just one note to what Marcus already said, will You be able to update your whitelist every time User class (or any other viewable) gains new field? And again *ViewAction is for view only - it should be technically impossible to change viewed object state. One simple way to do it is loading this object in execute method. Best greetings, Paweł Wielgus. 2010/12/18 Marcus Bond mar...@marcusbond.me.uk: David, didn't your original post say that this is an action that loads an object to display it rather than to modify it? In which case I'm not sure why you even need to use Preparable (as I'm guessing it's during prepare that the instance is initialised which makes it available for struts to populate during the second params setting). At a guess you're setting an id in the initial params phase which then is used to load the instance? Why not just load it during execute (or whatever other method is being called by the action mapping) so it isn't there for any params to be applied earlier? Regards, Marcus On 17/12/2010 20:02, Altenhof, David Aron wrote: One approach I've through of is to create an interceptor that would parse through your -validation.xml (assuming one uses them) and then only allow parameters that have an associated validator. This would actually serve two goals: 1) Preventing parameter fiddling 2) Mandating the wise practice of validating all incoming data. Now if I could only find a few spare cycles to work on it... -David -Original Message- From: Chris Pratt [mailto:thechrispr...@gmail.com] Sent: Friday, December 17, 2010 1:08 PM To: Struts Users Mailing List Subject: Re: Parameter manipulation Maybe if the OP moves the bean creation out of the prepare() method (so the bean isn't available during parameter injection) and then retrieves it at the start of validate() or execute() that might solve the problem. (*Chris*) On Fri, Dec 17, 2010 at 10:05 AM, Chris Prattthechrispr...@gmail.comwrote: If the bean already exists, struts doesn't have to set it. It just has to modify the retrieved bean. (*Chris*) On Fri, Dec 17, 2010 at 9:48 AM,stanl...@gmail.com wrote: I agree S2 will create the bean (if null) but it can't set a property that is private and has no accessible setter method. P.S. What am I missing here? Scott On Fri, Dec 17, 2010 at 11:45 AM, Maurizio Cucchiara maurizio.cucchi...@gmail.com wrote: This happens because bean is null, otherwise struts will populate. 2010/12/17stanl...@gmail.com: Guys -- If the action has no setter and the property is private, S2 will not populate it. Scott On Fri, Dec 17, 2010 at 11:10 AM, Maurizio Cucchiara maurizio.cucchi...@gmail.com wrote: David, I get your point. Scott is right, you could overwrite PI or maybe write your custom interceptor (though I think you should consider to file an issue on JIRA). Maybe it would use java annotations to hide/expose fields, or alternately it could behave as you supposed (expose only field with write accessors). 2010/12/17 Altenhof, David Arondalte...@iupui.edu: The model objects are initialized in prepare() ... other techniques just aren't as practical for our application. I'm just going to keep doing lots of whitelisting with ParameterNameAware... -David -Original Message- From: Steven Yang [mailto:kenshin...@gmail.com] Sent: Friday, December 17, 2010 1:10 AM To: Struts Users Mailing List Subject: Re: Parameter manipulation is your user object initialized when the param interceptor is run? here i might be wrong, but what i know is if your object is initialized then Struts or OGNL will call getUser().setEmail(...) otherwise create a new User then setEmail then setUser then the second case should fail for you again, i might be wrong on the behavior On Thu, Dec 16, 2010 at 12:39 AM, Altenhof, David Aron dalte...@iupui.eduwrote: I've been getting more and more concerned about the possibility of parameter manipulation attacks with Struts2. I've started doing strict whitelists using the ParameterNameAware interface on all of my forms pages. However, today I tried to code a display-only page that shows information about a particular user. I thought that by simply creating a getter and no setter, it would be impossible to inject parameters. For example, my action only contains the following getter for a JPA model object: public User getUser() { return user; } However, by sending a simple query parameter, it is *still* possible to change values in user. For example, you can send:
Re: Image type submit
OK, I remember, we were talking about on dev list last week. At first glance, body parameter would seem unnecessary, so I think is a good candidate for removal, though it don't cause any side effect (except for the exception in debug mode). So, my suggestion is file a issue on JIRA [1]. I attached submit.ftl file. You could publish in your WEB-INF/classes/template/simple/submit.ftl (or whatever is your classpath dir) while waiting for patch. [1] https://issues.apache.org/jira/browse/WW 2010/12/21 osagit@orange-ftgroup.com: Hello Everyone, I encounter a problem with the s:submit type=image src= taglib in my forms. So I downloaded the struts2 samples 2.2.1 and modified the form submit tag in struts2-showcase-2.2.1/conversion/enterPersonsInfo.jsp to be a submit of type image. and it generates the same error message: Rendering template /template/simple/submit 16:56:40,862 BUG kerTemplateEngine Rendering template /template/simple/submit.ftl 16:56:40,862 BUG pPropertyAccessor Entering getProperty (ognl.ognlcont...@1c8ed8be,{templateDir=template, theme=simple, dynamicAttributes={}, label=Continuer, onclick=$('textChatFormModalBox').action ='desactivateTextChat.do';, title=Continuer, nameValue=Submit, id=proceed, type=image, align=right, src=ihm/images/fr/btn_proceed_fr.gif},body) 16:56:40,862 BUG ectTypeDeterminer Error while retrieving generic property class for property=parameters java.lang.NullPointerException at com.opensymphony.xwork2.conversion.impl.DefaultObjectTypeDeterminer.getClass(DefaultObjectTypeDeterminer.java:314) at com.opensymphony.xwork2.conversion.impl.DefaultObjectTypeDeterminer.getKeyClass(DefaultObjectTypeDeterminer.java:93) at com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor.getProperty(XWorkMapPropertyAccessor.java:93) at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2230) at ognl.ASTProperty.getValueBody(ASTProperty.java:114) at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) at ognl.SimpleNode.getValue(SimpleNode.java:258) at ognl.ASTChain.getValueBody(ASTChain.java:141) at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) at ognl.SimpleNode.getValue(SimpleNode.java:258) at ognl.Ognl.getValue(Ognl.java:494) at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:217) at com.opensymphony.xwork2.ognl.OgnlValueStack.getValue(OgnlValueStack.java:342) at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:331) at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:307) at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:293) at org.apache.struts2.components.Property.start(Property.java:162) at org.apache.struts2.views.freemarker.tags.CallbackWriter.onStart(CallbackWriter.java:73) at freemarker.core.Environment.visit(Environment.java:296) at freemarker.core.UnifiedCall.accept(UnifiedCall.java:130) at freemarker.core.Environment.visit(Environment.java:210) at freemarker.core.MixedContent.accept(MixedContent.java:92) at freemarker.core.Environment.visit(Environment.java:210) ... Could you tell me if it's reproducable on your side with the struts2-showcase sample? Tested with struts2.2.1 on Jonas4.10.3 Thanks, Olivier Sagit osagit@orange-ftgroup.com * This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Maurizio Cucchiara - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Parameter manipulation
I think that Paweł meant action where you must show only data, without any user interaction (edit, delete and so on). 2010/12/21 Altenhof, David Aron dalte...@iupui.edu: Yes ... loading in execute is exactly what I needed. Thanks! Is ViewAction a pattern, or is there an implementation? -David -Original Message- From: Paweł Wielgus [mailto:poulw...@gmail.com] Sent: Tuesday, December 21, 2010 5:09 AM To: Struts Users Mailing List Subject: Re: Parameter manipulation Hi All, adding just one note to what Marcus already said, will You be able to update your whitelist every time User class (or any other viewable) gains new field? And again *ViewAction is for view only - it should be technically impossible to change viewed object state. One simple way to do it is loading this object in execute method. Best greetings, Paweł Wielgus. 2010/12/18 Marcus Bond mar...@marcusbond.me.uk: David, didn't your original post say that this is an action that loads an object to display it rather than to modify it? In which case I'm not sure why you even need to use Preparable (as I'm guessing it's during prepare that the instance is initialised which makes it available for struts to populate during the second params setting). At a guess you're setting an id in the initial params phase which then is used to load the instance? Why not just load it during execute (or whatever other method is being called by the action mapping) so it isn't there for any params to be applied earlier? Regards, Marcus On 17/12/2010 20:02, Altenhof, David Aron wrote: One approach I've through of is to create an interceptor that would parse through your -validation.xml (assuming one uses them) and then only allow parameters that have an associated validator. This would actually serve two goals: 1) Preventing parameter fiddling 2) Mandating the wise practice of validating all incoming data. Now if I could only find a few spare cycles to work on it... -David -Original Message- From: Chris Pratt [mailto:thechrispr...@gmail.com] Sent: Friday, December 17, 2010 1:08 PM To: Struts Users Mailing List Subject: Re: Parameter manipulation Maybe if the OP moves the bean creation out of the prepare() method (so the bean isn't available during parameter injection) and then retrieves it at the start of validate() or execute() that might solve the problem. (*Chris*) On Fri, Dec 17, 2010 at 10:05 AM, Chris Prattthechrispr...@gmail.comwrote: If the bean already exists, struts doesn't have to set it. It just has to modify the retrieved bean. (*Chris*) On Fri, Dec 17, 2010 at 9:48 AM,stanl...@gmail.com wrote: I agree S2 will create the bean (if null) but it can't set a property that is private and has no accessible setter method. P.S. What am I missing here? Scott On Fri, Dec 17, 2010 at 11:45 AM, Maurizio Cucchiara maurizio.cucchi...@gmail.com wrote: This happens because bean is null, otherwise struts will populate. 2010/12/17stanl...@gmail.com: Guys -- If the action has no setter and the property is private, S2 will not populate it. Scott On Fri, Dec 17, 2010 at 11:10 AM, Maurizio Cucchiara maurizio.cucchi...@gmail.com wrote: David, I get your point. Scott is right, you could overwrite PI or maybe write your custom interceptor (though I think you should consider to file an issue on JIRA). Maybe it would use java annotations to hide/expose fields, or alternately it could behave as you supposed (expose only field with write accessors). 2010/12/17 Altenhof, David Arondalte...@iupui.edu: The model objects are initialized in prepare() ... other techniques just aren't as practical for our application. I'm just going to keep doing lots of whitelisting with ParameterNameAware... -David -Original Message- From: Steven Yang [mailto:kenshin...@gmail.com] Sent: Friday, December 17, 2010 1:10 AM To: Struts Users Mailing List Subject: Re: Parameter manipulation is your user object initialized when the param interceptor is run? here i might be wrong, but what i know is if your object is initialized then Struts or OGNL will call getUser().setEmail(...) otherwise create a new User then setEmail then setUser then the second case should fail for you again, i might be wrong on the behavior On Thu, Dec 16, 2010 at 12:39 AM, Altenhof, David Aron dalte...@iupui.eduwrote: I've been getting more and more concerned about the possibility of parameter manipulation attacks with Struts2. I've started doing strict whitelists using the ParameterNameAware interface on all of my forms pages. However, today I tried to code a display-only page that shows information about a particular user. I thought that by simply creating a getter and no setter, it would be impossible to inject parameters. For example, my action only contains the following getter for a JPA model object: public User
web application response time is too large.
Hi All I have developed one web application in struts 1, database as MS SQL server and it is deployed on tomcat 6 server (Window OS). For certain pages response time is too large. Test case: (content on web page is too large like text box, buttons, images.) Total Number of records: 284 total Columns in single table : 168 I need your help in finding actual cause of problem. Whether Problem is at database side Or while building a actual page (HTML Content). How can i resolve this problem ?? is there any utility Or any software to test web application response time ? Thanks in advance Sameer - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: web application response time is too large.
The problem could be *anywhere*. How are you going to start tracking it down? You must have *some* ideas of where/how to look? Dave On Tue, Dec 21, 2010 at 12:19 PM, onlysameer_no1else sameer.pa...@gmail.com wrote: Hi All I have developed one web application in struts 1, database as MS SQL server and it is deployed on tomcat 6 server (Window OS). For certain pages response time is too large. Test case: (content on web page is too large like text box, buttons, images.) Total Number of records: 284 total Columns in single table : 168 I need your help in finding actual cause of problem. Whether Problem is at database side Or while building a actual page (HTML Content). How can i resolve this problem ?? is there any utility Or any software to test web application response time ? Thanks in advance Sameer - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Dependancy Madness: Struts 2.2.1 spring 2.5 (preferably later ie: 3) and JPA2 backed with Hibernate
I took your advice, there were to different versions of spring. Then did the rest of the hacking needed to upgrade struts 2.0.6 with dojo to 2.2.1. Now on my list: 1) Change the demo to use jQuery + stuts2-json-plugin 2) Upgrade spring to 3+ 3) Upgrade Hibernate and jpa to support JPA 2. 4) See if I can get the demo put back up on the struts wiki (saving someone like me a lot of time!) Again thank you so much! On Tue, 2010-12-21 at 10:04 +0100, Maurizio Cucchiara wrote: It looks like there is a spring library conflict. Though at first glance would seem a spring issue, could you post the list of the lib directory (probably there will be more than one spring library version) 2010/12/20 Ken McWilliams ken.mcwilli...@aerose.com: I'm experiencing issues upgrading the struts2-spring-2-jpa-ajax demo found here http://struts.apache.org/2.2.1/docs/struts-2-spring-2-jpa-ajax.html I've set up quite a few 2.2.1 projects I've just had a hard time understanding the spring/hibernate dependencies. I don't suppose anyone has an updated version of this demo (Struts 2.2.1, jpa 2, spring (anything that works) =) With the above project I followed: http://struts.apache.org/2.2.1/docs/create-struts-2-web-application-using-maven-to-manage-artifacts-and-to-build-the-application.html So I removed struts2-core and struts2-spring-plugin and added back the 2.2.1 version of the struts2-spring-plugin (because it adds back struts2-core) and added javasssist (although there is still an older version because of the hibernate dependency) added log4j dependency and xml file and switched to using the org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter filter. I'm getting at this moment: * HERE DOWN IS EXCEPTIONS ** SEVERE: PWC1306: Startup of context /quickstart_upgrade-0.1-SNAPSHOT failed due to previous errors SEVERE: PWC1305: Exception during cleanup after start failed org.apache.catalina.LifecycleException: PWC2769: Manager has not yet been started at org.apache.catalina.session.StandardManager.stop(StandardManager.java:892) at org.apache.catalina.core.StandardContext.stop(StandardContext.java:5456) at com.sun.enterprise.web.WebModule.stop(WebModule.java:530) at org.apache.catalina.core.StandardContext.start(StandardContext.java:5284) at com.sun.enterprise.web.WebModule.start(WebModule.java:499) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:928) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:912) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:694) at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1947) at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1619) at com.sun.enterprise.web.WebApplication.start(WebApplication.java:90) at org.glassfish.internal.data.EngineRef.start(EngineRef.java:126) at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:241) at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:236) at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:339) at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:183) at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:272) at com.sun.enterprise.v3.admin.CommandRunnerImpl $1.execute(CommandRunnerImpl.java:305) at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:320) at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1176) at com.sun.enterprise.v3.admin.CommandRunnerImpl.access $900(CommandRunnerImpl.java:83) at com.sun.enterprise.v3.admin.CommandRunnerImpl $ExecutionContext.execute(CommandRunnerImpl.java:1235) at com.sun.enterprise.v3.admin.CommandRunnerImpl $ExecutionContext.execute(CommandRunnerImpl.java:1224) at com.sun.enterprise.v3.admin.AdminAdapter.doCommand(AdminAdapter.java:365) at com.sun.enterprise.v3.admin.AdminAdapter.service(AdminAdapter.java:204) at com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:166) at com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:100) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:245) at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791) at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693) at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954) at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170) at
RE: web application response time is too large.
What sort of validation mechanism and actions you are putting on your web form? Anyway, you can try Jmeter to performance test your application. Regards Amit Oberoi Sent from my Nokia E72. -Original Message- From: onlysameer_no1else Sent: 22/12/2010, 02:02 To: struts-u...@jakarta.apache.org Subject: web application response time is too large. Hi All I have developed one web application in struts 1, database as MS SQL server and it is deployed on tomcat 6 server (Window OS). For certain pages response time is too large. Test case: (content on web page is too large like text box, buttons, images.) Total Number of records: 284 total Columns in single table : 168 I need your help in finding actual cause of problem. Whether Problem is at database side Or while building a actual page (HTML Content). How can i resolve this problem ?? is there any utility Or any software to test web application response time ? Thanks in advance Sameer - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at a href=http://www.techmahindra.com/Disclaimer.html;http://www.techmahindra.com/Disclaimer.html/a externally and a href=http://tim.techmahindra.com/Disclaimer.html;http://tim.techmahindra.com/Disclaimer.html/a internally within Tech Mahindra. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: web application response time is too large.
Hi, Are you sure that database is normalised as well.. Thanks regards, Manu Francis Mathew, 9742260423. Team Lead - Accenture. www.accenture.com From: Amit Oberoi [aobe...@techmahindra.com] Sent: Wednesday, December 22, 2010 7:59 AM To: struts-u...@jakarta.apache.org Subject: RE: web application response time is too large. What sort of validation mechanism and actions you are putting on your web form? Anyway, you can try Jmeter to performance test your application. Regards Amit Oberoi Sent from my Nokia E72. -Original Message- From: onlysameer_no1else Sent: 22/12/2010, 02:02 To: struts-u...@jakarta.apache.org Subject: web application response time is too large. Hi All I have developed one web application in struts 1, database as MS SQL server and it is deployed on tomcat 6 server (Window OS). For certain pages response time is too large. Test case: (content on web page is too large like text box, buttons, images.) Total Number of records: 284 total Columns in single table : 168 I need your help in finding actual cause of problem. Whether Problem is at database side Or while building a actual page (HTML Content). How can i resolve this problem ?? is there any utility Or any software to test web application response time ? Thanks in advance Sameer - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at a href=http://www.techmahindra.com/Disclaimer.html;http://www.techmahindra.com/Disclaimer.html/a externally and a href=http://tim.techmahindra.com/Disclaimer.html;http://tim.techmahindra.com/Disclaimer.html/a internally within Tech Mahindra. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: web application response time is too large.
Hi, You can do something like this, take the queries that in pages takes longer time to load, then write a simple java programs to execute those queries, 1. print the time before it executes the query 2. print the time after it executed. 3. compare the values you get, 4. if its higher then your query is wrong. if its very low then the problem is at your JSP pages, it takes longer time to build up the pages. then you have to change the way you have constructed your JSP pages and should do it in efficient way. Hope this will help. :) -- Regards Kushan Jayathilake On Tue, Dec 21, 2010 at 10:49 PM, onlysameer_no1else sameer.pa...@gmail.com wrote: Hi All I have developed one web application in struts 1, database as MS SQL server and it is deployed on tomcat 6 server (Window OS). For certain pages response time is too large. Test case: (content on web page is too large like text box, buttons, images.) Total Number of records: 284 total Columns in single table : 168 I need your help in finding actual cause of problem. Whether Problem is at database side Or while building a actual page (HTML Content). How can i resolve this problem ?? is there any utility Or any software to test web application response time ? Thanks in advance Sameer - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: web application response time is too large.
On Tue, Dec 21, 2010 at 11:56 PM, wrote: Are you sure that database is normalised as well.. Normalization can often *increase* response time, particularly for some types of operations, because of the join overhead. The DB needs to be correct for what it's being used for, and sometimes normalization isn't the best approach. (Although I try to isolate that kind of stuff behind triggers and a reporting table since that's where I often run in to it. But over-normalization can be a performance drag under some circumstances.) Dave
Re: web application response time is too large.
Good points. However, I'd caution people to be careful of denormalization -- if you don't normalize in the first place, you run the risk of degrading performance in *other* ways ... not to mention opening the door for some ugly data-consistency issues. Like all things, there's a balance somewhere. Sometimes, a fully-normalized table structure is the best approach, and sometimes, it isn't. -Brian On Tue, Dec 21, 2010 at 11:03 PM, Dave Newton davelnew...@gmail.com wrote: On Tue, Dec 21, 2010 at 11:56 PM, wrote: Are you sure that database is normalised as well.. Normalization can often *increase* response time, particularly for some types of operations, because of the join overhead. The DB needs to be correct for what it's being used for, and sometimes normalization isn't the best approach. (Although I try to isolate that kind of stuff behind triggers and a reporting table since that's where I often run in to it. But over-normalization can be a performance drag under some circumstances.) Dave
Re: web application response time is too large.
Addition to this, you can track response time with Firebug (Third party plugin for Firefox) once it installed, open it's Net tab, and click or do whatever action in your JSP page, after the browser received it's response you can see how long it has taken to load the content, even It will show how long it has taken to load each images of your web application :) On Wed, Dec 22, 2010 at 10:32 AM, Kushan Jayathilake kusha...@gmail.comwrote: Hi, You can do something like this, take the queries that in pages takes longer time to load, then write a simple java programs to execute those queries, 1. print the time before it executes the query 2. print the time after it executed. 3. compare the values you get, 4. if its higher then your query is wrong. if its very low then the problem is at your JSP pages, it takes longer time to build up the pages. then you have to change the way you have constructed your JSP pages and should do it in efficient way. Hope this will help. :) -- Regards Kushan Jayathilake On Tue, Dec 21, 2010 at 10:49 PM, onlysameer_no1else sameer.pa...@gmail.com wrote: Hi All I have developed one web application in struts 1, database as MS SQL server and it is deployed on tomcat 6 server (Window OS). For certain pages response time is too large. Test case: (content on web page is too large like text box, buttons, images.) Total Number of records: 284 total Columns in single table : 168 I need your help in finding actual cause of problem. Whether Problem is at database side Or while building a actual page (HTML Content). How can i resolve this problem ?? is there any utility Or any software to test web application response time ? Thanks in advance Sameer - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Regards Kushan Jayathilake
Re: web application response time is too large.
I love Firebug. It's quite possibly the single best tool in my web development toolbox. -Brian On Tue, Dec 21, 2010 at 11:15 PM, Kushan Jayathilake kusha...@gmail.comwrote: Addition to this, you can track response time with Firebug (Third party plugin for Firefox) once it installed, open it's Net tab, and click or do whatever action in your JSP page, after the browser received it's response you can see how long it has taken to load the content, even It will show how long it has taken to load each images of your web application :) On Wed, Dec 22, 2010 at 10:32 AM, Kushan Jayathilake kusha...@gmail.com wrote: Hi, You can do something like this, take the queries that in pages takes longer time to load, then write a simple java programs to execute those queries, 1. print the time before it executes the query 2. print the time after it executed. 3. compare the values you get, 4. if its higher then your query is wrong. if its very low then the problem is at your JSP pages, it takes longer time to build up the pages. then you have to change the way you have constructed your JSP pages and should do it in efficient way. Hope this will help. :) -- Regards Kushan Jayathilake On Tue, Dec 21, 2010 at 10:49 PM, onlysameer_no1else sameer.pa...@gmail.com wrote: Hi All I have developed one web application in struts 1, database as MS SQL server and it is deployed on tomcat 6 server (Window OS). For certain pages response time is too large. Test case: (content on web page is too large like text box, buttons, images.) Total Number of records: 284 total Columns in single table : 168 I need your help in finding actual cause of problem. Whether Problem is at database side Or while building a actual page (HTML Content). How can i resolve this problem ?? is there any utility Or any software to test web application response time ? Thanks in advance Sameer - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Regards Kushan Jayathilake
Re: web application response time is too large.
Yep. me too.. especially the facility to inspect and debugging Javascripts :) On Wed, Dec 22, 2010 at 10:57 AM, Brian Thompson elephant...@gmail.comwrote: I love Firebug. It's quite possibly the single best tool in my web development toolbox. -Brian On Tue, Dec 21, 2010 at 11:15 PM, Kushan Jayathilake kusha...@gmail.com wrote: Addition to this, you can track response time with Firebug (Third party plugin for Firefox) once it installed, open it's Net tab, and click or do whatever action in your JSP page, after the browser received it's response you can see how long it has taken to load the content, even It will show how long it has taken to load each images of your web application :) On Wed, Dec 22, 2010 at 10:32 AM, Kushan Jayathilake kusha...@gmail.com wrote: Hi, You can do something like this, take the queries that in pages takes longer time to load, then write a simple java programs to execute those queries, 1. print the time before it executes the query 2. print the time after it executed. 3. compare the values you get, 4. if its higher then your query is wrong. if its very low then the problem is at your JSP pages, it takes longer time to build up the pages. then you have to change the way you have constructed your JSP pages and should do it in efficient way. Hope this will help. :) -- Regards Kushan Jayathilake On Tue, Dec 21, 2010 at 10:49 PM, onlysameer_no1else sameer.pa...@gmail.com wrote: Hi All I have developed one web application in struts 1, database as MS SQL server and it is deployed on tomcat 6 server (Window OS). For certain pages response time is too large. Test case: (content on web page is too large like text box, buttons, images.) Total Number of records: 284 total Columns in single table : 168 I need your help in finding actual cause of problem. Whether Problem is at database side Or while building a actual page (HTML Content). How can i resolve this problem ?? is there any utility Or any software to test web application response time ? Thanks in advance Sameer - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Regards Kushan Jayathilake -- Regards Kushan Jayathilake
[ANN] Struts 2.2.1.1 GA release available
The Apache Struts group is pleased to announce that Struts 2.2.1.1 is available as a General Availability release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed to streamline the full development cycle, from building, to deploying, to maintaining applications over time. This release includes one important security fix regarding Dynamic Method Invocation in the REST Plugin. In the previous versions DMI wasn't under control in the REST Plugin and even setting struts.enable.DynamicMethodInvocation to false didn't block DMI in the REST Plugin. All developers are strongly advised to update existing Struts 2 applications to Struts 2.2.1.1. Struts 2.2.1.1 is available in a full distribution, or as separate library, source, example and documentation distributions, from the releases page. * http://struts.apache.org/download.cgi#struts2211 The release is also available through the central Maven repository under Group ID org.apache.struts. The release notes are available online. * http://struts.apache.org/2.2.1.1/docs/version-notes-2211.html The 2.2.x series of the Apache Struts framework has a minimum requirement of the following specification versions: Servlet API 2.4, JSP API 2.0, and Java 5. Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, and, if appropriate, file a tracking ticket.appropriate, file a tracking ticket: * https://issues.apache.org/struts/secure/Dashboard.jspa -- The Apache Struts group. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org