Re: Keeping current locale after logging out
2013/7/31 Antonio Sánchez : > At logging out, session is invalidated and redirected page is displayed in > default language. > > Say: default language: Spanish; current language: English; logging out and > resulted page is in Spanish, but should be English. . > > This is not working (code in action class): > > public String closeSession() { > Locale currentLocale = ActionContext.getContext().getLocale(); > request.getSession().invalidate(); > ActionContext.getContext().setLocale(currentLocale); > return SUCCESS; > } > > How to maintain the current language? Redefine redirect to include request_locale parameter, ie: ${currentLocale} and add getter to action with closeSession() public String getCurrentLocale() { return CURRENT_LOCALE.toString(); } Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Keeping current locale after logging out
The closeSession redirects to a new page? In that case the setLocale is lost (it only lives during the request) and the new local is picked up from the browser language, or from the default language you have setup. 2013/7/31 Antonio Sánchez > At logging out, session is invalidated and redirected page is displayed in > default language. > > Say: default language: Spanish; current language: English; logging out and > resulted page is in Spanish, but should be English. . > > This is not working (code in action class): > > public String closeSession() { > Locale currentLocale = ActionContext.getContext().getLocale(); > request.getSession().invalidate(); > ActionContext.getContext().setLocale(currentLocale); > return SUCCESS; > } > > How to maintain the current language? > > Thanks. > > >
Keeping current locale after logging out
At logging out, session is invalidated and redirected page is displayed in default language. Say: default language: Spanish; current language: English; logging out and resulted page is in Spanish, but should be English. . This is not working (code in action class): public String closeSession() { Locale currentLocale = ActionContext.getContext().getLocale(); request.getSession().invalidate(); ActionContext.getContext().setLocale(currentLocale); return SUCCESS; } How to maintain the current language? Thanks.
Re: Translating submit tag
Forgot to say: theme is default. El Miércoles, 31 de julio de 2013 11:07:42 usted escribió: Sorry, what do you mean with Submit class? Use case is simple login. The exception is thrown when the form does not pass validation and "results" in "input". Displayed is: Developer Notification (set struts.devMode to false to disable this message): Unexpected Exception caught setting 'entrar' on 'class es.juntandolineas.laboratoriostruts2.sesionConS2.control.Sesion: Error setting expression 'entrar' with value ['Entrar', ] Initially I thought there was some problem with a custom interceptor and custom interceptor stack, but I get the same using default interceptor stack. Stacktrace: jul 31, 2013 10:34:50 AM com.opensymphony.xwork2.interceptor.ParametersInterceptor error SEVERE: Developer Notification (set struts.devMode to false to disable this message): Unexpected Exception caught setting 'entrar' on 'class es.juntandolineas.laboratoriostruts2.sesionConS2.control.Sesion: Error setting expression 'entrar' with value ['Entrar', ] Error setting expression 'entrar' with value ['Entrar', ] - [unknown location] at com.opensymphony.xwork2.ognl.OgnlValueStack.handleRuntimeException(OgnlValueStack.java:197) at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:174) at com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:148) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:318) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:231) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:239) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:161) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:193) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:189) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54) at org.apache.struts2.dispatcher.Dispa
s:select - option appears with no displayed value w/html brackets
We just discovered that if a Map gets passed to a select-tag where the entry's key/value pair are ""/"" that the option's value attribute contains "" as one would have expected, but the body of the option-tag is empty as seen here There isn't a clean way to scrub this data to eliminate the HTML-brackets under these test cases and was curious whether there was an undocumented way to get this to work by setting escape="false" or something of the sorts? I realize we can iterate the map and do a replace before passing it to the select-tag, but this isn't ideal for all scenarios because of the business requirements and use cases. The ideal solution is to be able to present "" as a valid option in the drop down to accurately map to the customer's stored data. Thanks Chris - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Issue with parameters with Struts 2.3.15.1
Hi Struts users, I am having problems migrating from version 2.3.1.2 to version 2.3.15.1. This upgrade seems pretty important as it fixes a known security issue. The problem I am having is the that apparently, I can no longer check if a property has been given to my Struts component (using s:component and s:param) by testing that the value associated to the parameter key in the "parameters" is equal to null. Test This is the code of the component that I call: Param items Radom param name Here is the call to the component: And here is the produced output (without html marking) Param items java.lang.Object #Output of Radom param name java.lang.Object #Output of java.lang.Object@3c0e5477 #Output of java.lang.Object@3c0e5477 #Output of (the second one) java.lang.Object@e91824 #Output of test#Output of Note: test is a property of the action that should return the "test" string. OK. I Environment Java 6 struts-javatemplate-plugin (same version as struts) JRebel Tomcat (restarted and cleaned), Eclipse(restarted & project recompiled) Analysis Action properties are acting as before (I've checked with the debugger, and the non existence of an action property result in a null value) The Component "parameters" object will always return a value (even if it is an object) By using the debugger, we can see that accessing an unexisting "parameters" key will result in the creation of this "parameters" key and its association to an object of type Object. 2 unexisting "parameters" key will result in the association of 2 distinct objects of type Object. (as illustrated in the output of the Test) What I have tried I hope I provided enough information and that you will be able to tell me what I do wrong, how I could get out of this mess or that there is a bug ;). Best regards, and thanks to the Team for all the good work, -- Thim Anneessens IT Department
Re: Apple sec breach.. Struts?
I'll voice my personal opinion. No matter what framework you choose (Struts, MyFaces, Tapestry, etc.), it is the responsibility of all IT shops to do a security vulnerability assessment before first releasing to production and after each update. That is "Security 101" because there are multitude of attack vectors that can be exploited through any inadvertent mistake here and there. Sometimes the mistake will be in your code, sometimes it will be in third party dependencies, but you own the final product so you must take responsibility for the entire product. Did a company like Apple, who sits on billions of cash, do that? I don't know. I hope they did because that would be performing due diligence. They are not poor by any means. I'll hope for the best here. Lastly, it cannot be ignored that Struts is a free product built by volunteers. The work done here is long, arduous, and passionate -- and on a budget of $0. There is no money coming in to fund anything expensive. Unlike some other Apache projects where corporations (like IBM) are funding development, no one is funding Struts. You get the best that volunteers can do without them receiving a dime. The obvious implication is that you, who consume volunteer work for free, must take the product "as is" and do your part of making sure your application is secure. PS: If you find a security vulnerability in Struts, please privately report it to secur...@apache.org so it can be fixed. Cheers, Paul
RE: Apple sec breach.. Struts?
Frans if you want to throw darts at Frameworks Im amazed that nobody mentioned the vulnerability from Struts Ajax Framework Rival "IceFaces IntervalRenderer not supporting isUserInRole() " https://www.owasp.org/index.php/Java_Server_Faces (you can integrate ACEGI but that's an afterthought) J2EE Containers usually front-end their app with a redirect to Apache w/mod_ssl (or possibly SingleSignOnPortal) The most basic Java Security (JSSE) would implement Java Key Exchange with the user supplied key once JSSE Handshake is completed the authenticated User (selected from ADS, LDAP or other NameServer) is assigned predefined Roles (consequent access would be granted or denied by testing if isUserInRole()) Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Wed, 31 Jul 2013 14:10:23 +0100 > Subject: Re: Apple sec breach.. Struts? > From: gkogk...@tcd.ie > To: user@struts.apache.org > > Hi Vicky, > > the .action by itself in the Urls is a good hint. Furthermore, if you check > the html source you'll probably find struts written somewhere e.g., dojodivs > Antonios > > > On 31 July 2013 14:04, vicky b wrote: > > > I browsed through apple site i could not find any clue that it was made in > > struts, can you please let me know how did the hacker recognized that it > > was developed in struts, secondly how could he exactly hiek , sorry if this > > is out of scope for this forum > > > > > > On Wed, Jul 31, 2013 at 6:08 PM, Frans Thamura wrote: > > > > > Any apple guy here? > > > > > > I.just want to.know.how.struts.use there. > > > > > > I just know they use .action means struts apps. > > > On Jul 31, 2013 7:22 PM, "Christian Grobmeier" > > > wrote: > > > > > > > I read that. I don't think we should do anything. > > > > > > > > The blog post is speculative. Nobody from Apple did tell us if it was > > > > really a Struts problem or not. If it is, then well, we can't do > > > > anything. This doesn't make Struts a dangerous framework at all, it > > > > just highlights you should update when your framework provider > > > > recommends it. It also highlights we are taking security issues > > > > serious. > > > > > > > > Also it should be mentioned that no company (to my knowledge) is in > > > > any way supporting the development of Struts. Apple got a lot of > > > > money, they could fund the development of the framework of their > > > > choice. At least they should be able to roll out new security patches. > > > > > > > > Maybe others think different, but except with continuing to improve > > > > struts, we cannot do anything bout it. > > > > > > > > > > > > On Wed, Jul 31, 2013 at 2:13 PM, Frans Thamura > > > wrote: > > > > > Anyone read this? > > > > > > > > > > http://java.dzone.com/articles/was-struts-responsible-apples > > > > > > > > > > How we handle this? > > > > > > > > > > F > > > > > > > > > > > > > > > > -- > > > > http://www.grobmeier.de > > > > https://www.timeandbill.de > > > > > > > > - > > > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > > > > > > > > > > > > > > -- > > *Thanks & Regards > > Vickyb > > > > * > >
Re: Apple sec breach.. Struts?
On Jul 31, 2013, at 9:25 AM, Dave Newton wrote: > I'm not convinced OGNL itself is the issue, but > rather its unfettered access into internals. An intermediate, sandbox-y > layer might resolve that. It's only partially what data ognl can fetch/modify, it's also what it can do. System.exit() is clearly something undesirable to execute unexpectedly (although probably less harmful than other actions). -Dale - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Apple sec breach.. Struts?
The blog post is speculative, but the Hacker News post was by Patrick Lightbody, a WW founder. I'm not convinced OGNL itself is the issue, but rather its unfettered access into internals. An intermediate, sandbox-y layer might resolve that. Dave On Jul 31, 2013 8:22 AM, "Christian Grobmeier" wrote: > I read that. I don't think we should do anything. > > The blog post is speculative. Nobody from Apple did tell us if it was > really a Struts problem or not. If it is, then well, we can't do > anything. This doesn't make Struts a dangerous framework at all, it > just highlights you should update when your framework provider > recommends it. It also highlights we are taking security issues > serious. > > Also it should be mentioned that no company (to my knowledge) is in > any way supporting the development of Struts. Apple got a lot of > money, they could fund the development of the framework of their > choice. At least they should be able to roll out new security patches. > > Maybe others think different, but except with continuing to improve > struts, we cannot do anything bout it. > > > On Wed, Jul 31, 2013 at 2:13 PM, Frans Thamura wrote: > > Anyone read this? > > > > http://java.dzone.com/articles/was-struts-responsible-apples > > > > How we handle this? > > > > F > > > > -- > http://www.grobmeier.de > https://www.timeandbill.de > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: Apple sec breach.. Struts?
You can't rely on anyone's code for security, not a .jar, not struts, not anything. To guarantee security you need to go through every single entry point and fuzz it yourself. This is a major pain and headache and only .001% of devs do this but don't blame the developers that are providing a free framework. This seems like a pretty easy exploit and I would upgrade any applications open on the net. >>> Antonios Gkogkakis 7/31/2013 9:10 AM >>> Hi Vicky, the .action by itself in the Urls is a good hint. Furthermore, if you check the html source you'll probably find struts written somewhere e.g., dojodivs Antonios On 31 July 2013 14:04, vicky b wrote: > I browsed through apple site i could not find any clue that it was made in > struts, can you please let me know how did the hacker recognized that it > was developed in struts, secondly how could he exactly hiek , sorry if this > is out of scope for this forum > > > On Wed, Jul 31, 2013 at 6:08 PM, Frans Thamura wrote: > > > Any apple guy here? > > > > I.just want to.know.how.struts.use there. > > > > I just know they use .action means struts apps. > > On Jul 31, 2013 7:22 PM, "Christian Grobmeier" > > wrote: > > > > > I read that. I don't think we should do anything. > > > > > > The blog post is speculative. Nobody from Apple did tell us if it was > > > really a Struts problem or not. If it is, then well, we can't do > > > anything. This doesn't make Struts a dangerous framework at all, it > > > just highlights you should update when your framework provider > > > recommends it. It also highlights we are taking security issues > > > serious. > > > > > > Also it should be mentioned that no company (to my knowledge) is in > > > any way supporting the development of Struts. Apple got a lot of > > > money, they could fund the development of the framework of their > > > choice. At least they should be able to roll out new security patches. > > > > > > Maybe others think different, but except with continuing to improve > > > struts, we cannot do anything bout it. > > > > > > > > > On Wed, Jul 31, 2013 at 2:13 PM, Frans Thamura > > wrote: > > > > Anyone read this? > > > > > > > > http://java.dzone.com/articles/was-struts-responsible-apples > > > > > > > > How we handle this? > > > > > > > > F > > > > > > > > > > > > -- > > > http://www.grobmeier.de > > > https://www.timeandbill.de > > > > > > - > > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > > > > > > > -- > *Thanks & Regards > Vickyb > > * > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Apple sec breach.. Struts?
I read through the blog i confused at this statement "n Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code"' it would be helpful for me if some code explain , thanks in advance. On Wed, Jul 31, 2013 at 6:40 PM, Antonios Gkogkakis wrote: > Hi Vicky, > > the .action by itself in the Urls is a good hint. Furthermore, if you check > the html source you'll probably find struts written somewhere e.g., > dojodivs > Antonios > > > On 31 July 2013 14:04, vicky b wrote: > > > I browsed through apple site i could not find any clue that it was made > in > > struts, can you please let me know how did the hacker recognized that it > > was developed in struts, secondly how could he exactly hiek , sorry if > this > > is out of scope for this forum > > > > > > On Wed, Jul 31, 2013 at 6:08 PM, Frans Thamura > wrote: > > > > > Any apple guy here? > > > > > > I.just want to.know.how.struts.use there. > > > > > > I just know they use .action means struts apps. > > > On Jul 31, 2013 7:22 PM, "Christian Grobmeier" > > > wrote: > > > > > > > I read that. I don't think we should do anything. > > > > > > > > The blog post is speculative. Nobody from Apple did tell us if it was > > > > really a Struts problem or not. If it is, then well, we can't do > > > > anything. This doesn't make Struts a dangerous framework at all, it > > > > just highlights you should update when your framework provider > > > > recommends it. It also highlights we are taking security issues > > > > serious. > > > > > > > > Also it should be mentioned that no company (to my knowledge) is in > > > > any way supporting the development of Struts. Apple got a lot of > > > > money, they could fund the development of the framework of their > > > > choice. At least they should be able to roll out new security > patches. > > > > > > > > Maybe others think different, but except with continuing to improve > > > > struts, we cannot do anything bout it. > > > > > > > > > > > > On Wed, Jul 31, 2013 at 2:13 PM, Frans Thamura > > > wrote: > > > > > Anyone read this? > > > > > > > > > > http://java.dzone.com/articles/was-struts-responsible-apples > > > > > > > > > > How we handle this? > > > > > > > > > > F > > > > > > > > > > > > > > > > -- > > > > http://www.grobmeier.de > > > > https://www.timeandbill.de > > > > > > > > - > > > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > > > > > > > > > > > > > > -- > > *Thanks & Regards > > Vickyb > > > > * > > > -- *Thanks & Regards Vickyb *
Re: Apple sec breach.. Struts?
Hi Vicky, the .action by itself in the Urls is a good hint. Furthermore, if you check the html source you'll probably find struts written somewhere e.g., dojodivs Antonios On 31 July 2013 14:04, vicky b wrote: > I browsed through apple site i could not find any clue that it was made in > struts, can you please let me know how did the hacker recognized that it > was developed in struts, secondly how could he exactly hiek , sorry if this > is out of scope for this forum > > > On Wed, Jul 31, 2013 at 6:08 PM, Frans Thamura wrote: > > > Any apple guy here? > > > > I.just want to.know.how.struts.use there. > > > > I just know they use .action means struts apps. > > On Jul 31, 2013 7:22 PM, "Christian Grobmeier" > > wrote: > > > > > I read that. I don't think we should do anything. > > > > > > The blog post is speculative. Nobody from Apple did tell us if it was > > > really a Struts problem or not. If it is, then well, we can't do > > > anything. This doesn't make Struts a dangerous framework at all, it > > > just highlights you should update when your framework provider > > > recommends it. It also highlights we are taking security issues > > > serious. > > > > > > Also it should be mentioned that no company (to my knowledge) is in > > > any way supporting the development of Struts. Apple got a lot of > > > money, they could fund the development of the framework of their > > > choice. At least they should be able to roll out new security patches. > > > > > > Maybe others think different, but except with continuing to improve > > > struts, we cannot do anything bout it. > > > > > > > > > On Wed, Jul 31, 2013 at 2:13 PM, Frans Thamura > > wrote: > > > > Anyone read this? > > > > > > > > http://java.dzone.com/articles/was-struts-responsible-apples > > > > > > > > How we handle this? > > > > > > > > F > > > > > > > > > > > > -- > > > http://www.grobmeier.de > > > https://www.timeandbill.de > > > > > > - > > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > > > > > > > -- > *Thanks & Regards > Vickyb > > * >
Re: Apple sec breach.. Struts?
I browsed through apple site i could not find any clue that it was made in struts, can you please let me know how did the hacker recognized that it was developed in struts, secondly how could he exactly hiek , sorry if this is out of scope for this forum On Wed, Jul 31, 2013 at 6:08 PM, Frans Thamura wrote: > Any apple guy here? > > I.just want to.know.how.struts.use there. > > I just know they use .action means struts apps. > On Jul 31, 2013 7:22 PM, "Christian Grobmeier" > wrote: > > > I read that. I don't think we should do anything. > > > > The blog post is speculative. Nobody from Apple did tell us if it was > > really a Struts problem or not. If it is, then well, we can't do > > anything. This doesn't make Struts a dangerous framework at all, it > > just highlights you should update when your framework provider > > recommends it. It also highlights we are taking security issues > > serious. > > > > Also it should be mentioned that no company (to my knowledge) is in > > any way supporting the development of Struts. Apple got a lot of > > money, they could fund the development of the framework of their > > choice. At least they should be able to roll out new security patches. > > > > Maybe others think different, but except with continuing to improve > > struts, we cannot do anything bout it. > > > > > > On Wed, Jul 31, 2013 at 2:13 PM, Frans Thamura > wrote: > > > Anyone read this? > > > > > > http://java.dzone.com/articles/was-struts-responsible-apples > > > > > > How we handle this? > > > > > > F > > > > > > > > -- > > http://www.grobmeier.de > > https://www.timeandbill.de > > > > - > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > -- *Thanks & Regards Vickyb *
Re: Apple sec breach.. Struts?
Any apple guy here? I.just want to.know.how.struts.use there. I just know they use .action means struts apps. On Jul 31, 2013 7:22 PM, "Christian Grobmeier" wrote: > I read that. I don't think we should do anything. > > The blog post is speculative. Nobody from Apple did tell us if it was > really a Struts problem or not. If it is, then well, we can't do > anything. This doesn't make Struts a dangerous framework at all, it > just highlights you should update when your framework provider > recommends it. It also highlights we are taking security issues > serious. > > Also it should be mentioned that no company (to my knowledge) is in > any way supporting the development of Struts. Apple got a lot of > money, they could fund the development of the framework of their > choice. At least they should be able to roll out new security patches. > > Maybe others think different, but except with continuing to improve > struts, we cannot do anything bout it. > > > On Wed, Jul 31, 2013 at 2:13 PM, Frans Thamura wrote: > > Anyone read this? > > > > http://java.dzone.com/articles/was-struts-responsible-apples > > > > How we handle this? > > > > F > > > > -- > http://www.grobmeier.de > https://www.timeandbill.de > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: Apple sec breach.. Struts?
I read that. I don't think we should do anything. The blog post is speculative. Nobody from Apple did tell us if it was really a Struts problem or not. If it is, then well, we can't do anything. This doesn't make Struts a dangerous framework at all, it just highlights you should update when your framework provider recommends it. It also highlights we are taking security issues serious. Also it should be mentioned that no company (to my knowledge) is in any way supporting the development of Struts. Apple got a lot of money, they could fund the development of the framework of their choice. At least they should be able to roll out new security patches. Maybe others think different, but except with continuing to improve struts, we cannot do anything bout it. On Wed, Jul 31, 2013 at 2:13 PM, Frans Thamura wrote: > Anyone read this? > > http://java.dzone.com/articles/was-struts-responsible-apples > > How we handle this? > > F -- http://www.grobmeier.de https://www.timeandbill.de - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Apple sec breach.. Struts?
Anyone read this? http://java.dzone.com/articles/was-struts-responsible-apples How we handle this? F
Re: Translating submit tag
Sorry, what do you mean with Submit class? Use case is simple login. The exception is thrown when the form does not pass validation and "results" in "input". Displayed is: Developer Notification (set struts.devMode to false to disable this message): Unexpected Exception caught setting 'entrar' on 'class es.juntandolineas.laboratoriostruts2.sesionConS2.control.Sesion: Error setting expression 'entrar' with value ['Entrar', ] Initially I thought there was some problem with a custom interceptor and custom interceptor stack, but I get the same using default interceptor stack. Stacktrace: jul 31, 2013 10:34:50 AM com.opensymphony.xwork2.interceptor.ParametersInterceptor error SEVERE: Developer Notification (set struts.devMode to false to disable this message): Unexpected Exception caught setting 'entrar' on 'class es.juntandolineas.laboratoriostruts2.sesionConS2.control.Sesion: Error setting expression 'entrar' with value ['Entrar', ] Error setting expression 'entrar' with value ['Entrar', ] - [unknown location] at com.opensymphony.xwork2.ognl.OgnlValueStack.handleRuntimeException(OgnlValueStack.java:197) at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:174) at com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:148) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:318) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:231) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:239) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:161) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:193) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:189) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54) at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:563) at org.apache.struts2.dispatcher.ng.ExecuteOpe
Re: missing action
This is a well know problem with Eclipse - it stop deploying new version at some point. Try to Clean and Deploy (that how it was in NetBeans - I don't have Eclipse) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: missing action
I am not familiar with the "Run As" options of the IDE as I use command line for such tasks, but basically you are expected to create a war file and deploy it to your container when something changes. Personally I am using the mvn jetty plugin and Jrebel (when doing open source work) for that. Can you check if the class file is actually existent in your container? Also you try to re-create a war file and see if it works. Cheers On Wed, Jul 31, 2013 at 4:10 AM, Tommy Pham wrote: > Hi Dave, > > I right click on the project > "Run As" > Run on server. It worked OK > when for the previous tutorial: > > http://struts.apache.org/release/2.3.x/docs/create-struts-2-web-application-using-maven-to-manage-artifacts-and-to-build-the-application.html > > Am I supposed to build a war and deploy it that way even though I have > Tomcat on my dev system? > > Thanks, > Tommy > > > On Tue, Jul 30, 2013 at 6:43 PM, Dave Newton wrote: > >> How are you deploying the app? >> On Jul 30, 2013 6:28 PM, "Tommy Pham" wrote: >> >> > Hi, >> > >> > I'm trying to follow the tutorial: >> > >> > >> http://struts.apache.org/release/2.3.x/docs/hello-world-using-struts-2.html >> > >> > to create a Struts 2 application with maven and eclipse but encountering >> a >> > 404 error with missing action with this error in the console: >> > >> > Jul 30, 2013 3:24:41 PM >> com.opensymphony.xwork2.util.logging.jdk.JdkLogger >> > error >> > SEVERE: Dispatcher initialization failed >> > Unable to load configuration. - action - >> > >> > >> file:/D:/data/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/sample_app/WEB-INF/classes/struts.xml:17:80 >> > at >> > >> > >> com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:70) >> > at >> > >> > >> org.apache.struts2.dispatcher.Dispatcher.init_PreloadConfiguration(Dispatcher.java:446) >> > at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:490) >> > at >> > >> > >> org.apache.struts2.dispatcher.ng.InitOperations.initDispatcher(InitOperations.java:74) >> > at >> > >> > >> org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.init(StrutsPrepareAndExecuteFilter.java:57) >> > at >> > >> > >> org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:281) >> > at >> > >> > >> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:262) >> > at >> > >> > >> org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:107) >> > at >> > >> > >> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4746) >> > at >> > >> > >> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5399) >> > at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) >> > at >> > >> > >> org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559) >> > at >> > >> > >> org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549) >> > at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) >> > at java.util.concurrent.FutureTask.run(Unknown Source) >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) >> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) >> > at java.lang.Thread.run(Unknown Source) >> > Caused by: Action class >> > [org.apache.struts.tutorial.action.HelloWorldAction] not found - action - >> > >> > >> file:/D:/data/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/sample_app/WEB-INF/classes/struts.xml:17:80 >> > at >> > >> > >> com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.verifyAction(XmlConfigurationProvider.java:482) >> > at >> > >> > >> com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.addAction(XmlConfigurationProvider.java:426) >> > at >> > >> > >> com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.addPackage(XmlConfigurationProvider.java:552) >> > at >> > >> > >> com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadPackages(XmlConfigurationProvider.java:292) >> > at >> > >> > >> org.apache.struts2.config.StrutsXmlConfigurationProvider.loadPackages(StrutsXmlConfigurationProvider.java:112) >> > at >> > >> > >> com.opensymphony.xwork2.config.impl.DefaultConfiguration.reloadContainer(DefaultConfiguration.java:250) >> > at >> > >> > >> com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:67) >> > ... 17 more >> > >> > Jul 30, 2013 3:24:41 PM org.apache.catalina.core.StandardContext >> > filterStart >> > SEVERE: Exception starting filter struts2 >> > Unable to load configuration. - action - >> > >> > >> file:/D:/data/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/sample_app/WEB-INF/classes/struts.xml:17:80 >> > at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:502) >> > at >> > >> > >> org.apache.struts2.dispatcher.ng.InitOperations.