After upgrade to 2.3.32 and S2-045 attacks
I've upgraded to Struts 2.3.32. Our site is still getting bombarded with S2-045 attacks. The application logs are filled with stack traces from these. I notices that one request is often generating two stack traces. The first is expected and second isn't. First exception (with most of the attack crap obscured): 2017-05-16 06:18:22,022 WARN org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest:68 - Unable to parse request org.apache.commons.fileupload.FileUploadBase$InvalidContentTypeException: the request doesn't contain a multipart/form-data or multipart/mixed stream, content type header is %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS ).XX} at org.apache.commons.fileupload.FileUploadBase$FileItemIteratorImpl.(FileUploadBase.java:948) at org.apache.commons.fileupload.FileUploadBase.getItemIterator(FileUploadBase.java:310) at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:334) at org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parseRequest(JakartaMultiPartRequest.java:192) at org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.processUpload(JakartaMultiPartRequest.java:131) at org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse(JakartaMultiPartRequest.java:92) at org.apache.struts2.dispatcher.multipart.MultiPartRequestWrapper.(MultiPartRequestWrapper.java:84) at org.apache.struts2.dispatcher.Dispatcher.wrapRequest(Dispatcher.java:849) ... Second exception: 2017-05-16 06:18:22,024 WARN org.apache.struts2.dispatcher.Dispatcher:68 - Could not find action or result: /index.action No result defined for action com.opensymphony.xwork2.ActionSupport and result input - action - file:/xxx/webapps/Resolution/webroot/WEB-INF/classes/struts.xml:24:26 at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:276) at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265) at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:76) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.google.inject.struts2.Struts2Factory$ProvidedInterceptor.intercept(Struts2Factory.java:216) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:138) at com.google.inject.struts2.Struts2Factory$ProvidedInterceptor.intercept(Struts2Factory.java:216) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:229) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.google.inject.struts2.Struts2Factory$ProvidedInterceptor.intercept(Struts2Factory.java:216) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:229) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.google.inject.struts2.Struts2Factory$ProvidedInterceptor.intercept(Struts2Factory.java:216) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) ... In the Tomcat access logs I see the a "GET /index.action HTTP/1.1" but this doesn't log headers etc. so I don't have the full request (with all the attack code). My app doesn't have a "/index.action" but it does have a catchAll [ action name="*" ] which normally works but apparently not in this scenario. I'm not able to reproduce this on my development machine. Is anyone else seeing similar things happening? Is there anything here to worry about? Any changes I should be making? Greg
Disable file uploads
I have a Struts2 app that does not support any sort for file upload. Is there any steps I could/should take to ensure file uploads are disabled? Greg
Re: Empty parameters with the tag
Sure. Added https://issues.apache.org/jira/browse/WW-4631 Greg On Tue, May 3, 2016 at 4:45 AM, Christoph Nenning < christoph.nenn...@lex-com.net> wrote: > > I discovered a problem with the tag when attempting to pass > an > > empty parameter. > > > > > > > > > > > > > > I was attempting to pass an empty parameter using the "p1" syntax above > and > > the parameter was being suppressed. > > > > Using the "p2" syntax it works correctly, and the empty parameter is > > included. > > > > The doc http://struts.apache.org/docs/param.html says that > > "suppressEmptyParameters" defaults to false but the p1 parameter was > always > > suppressed even if I added suppressEmptyParameters="false". > > > > Also the doc http://struts.apache.org/docs/param.html has an incorrect > > example on how to use the suppressEmptyParameters option. > > > > > > > > Greg > > > Thanks for reporting. Could you please create a jira issue for that? > > > https://issues.apache.org/jira/browse/WW/ > > > Regards, > Christoph > > This Email was scanned by Sophos Anti Virus >
Empty parameters with the tag
I discovered a problem with the tag when attempting to pass an empty parameter. I was attempting to pass an empty parameter using the "p1" syntax above and the parameter was being suppressed. Using the "p2" syntax it works correctly, and the empty parameter is included. The doc http://struts.apache.org/docs/param.html says that "suppressEmptyParameters" defaults to false but the p1 parameter was always suppressed even if I added suppressEmptyParameters="false". Also the doc http://struts.apache.org/docs/param.html has an incorrect example on how to use the suppressEmptyParameters option. Greg
S2: How to tell if a response has been committed from an interceptor?
Inside an Interceptor I'm getting an exception java.lang.IllegalStateException: Cannot create a session after the response has been committed I have access to the ActionInvocation as this is passed into doIntercept() public String doIntercept(ActionInvocation invocation) throws Exception My question is: from the ActionInvocation how do I find out if the response has been committed? Can I get the HttpServletResponse? So I can call response.isCommitted() ? How? Thanks, Greg
URL Array parameter encoding arr[]=1arr[]=2arr[]=3
Using S2 2.3.16.3 My action wants to take an array of parameters, if they are passed like arr=1arr=2arr=3 then everything works fine. But by default JQuery encodes arrays as URL parameters like arr[]=1arr[]=2arr[]=3, the parameters get named arr[] instead of arr. My action has a setter like: public void setArr(String[] arr) This isn't matching the parameter arr[] so the setter never gets called. Is there a way to have Struts recognize that parameters arr[] is the same as array arr? If not, how do I construct a setting that will accept parameters named arr[]? Greg P.S. I know how to force jQuery to encode the traditional way but would be nice it just worked.
Re: Struts 2 support of Java 8
I'm using Java 8 with Struts 2 and have had no issues. On Wed, Dec 10, 2014 at 1:00 PM, Schlachter, Gary gary.schlach...@sensus.com wrote: Yes, it is a Spring 3.1. -Original Message- From: Dave Newton [mailto:davelnew...@gmail.com] Sent: Wednesday, December 10, 2014 12:58 PM To: Struts Users Mailing List Subject: Re: Struts 2 support of Java 8 Are you using Spring? This looks like the JavaBeans naming convention wasn't followed. On Wed, Dec 10, 2014 at 12:51 PM, Schlachter, Gary gary.schlach...@sensus.com wrote: That is what I was looking for.I upgraded Java 7 to 8 on my previously working Spring/Struts/Tomcat application and ran into the following exception: Unable to instantiate Action, com.sms.web.site.IndexAction, defined for 'Index' in namespace '/'Failed to obtain BeanInfo for class [com.sms.web.site.IndexAction]; nested exception is java.beans.IntrospectionException: type mismatch between read and write methods I was checking to see if there were any known issues and/or basic failures before I spent time digging deeper. Thanks, Gary -Original Message- From: Lukasz Lenart [mailto:lukaszlen...@apache.org] Sent: Wednesday, December 10, 2014 12:44 PM To: Struts Users Mailing List Subject: Re: Struts 2 support of Java 8 2014-12-10 18:37 GMT+01:00 Schlachter, Gary gary.schlach...@sensus.com : I have spent time searching and could not find a definitely answer on whether or not Struts 2.3 support Java 8. In what version of Struts is Java 8 supported? What you mean by supported? There are few issues that directly target JDK8 but S2 should work on Java8 without problems https://issues.apache.org/jira/browse/WW-4402 https://issues.apache.org/jira/browse/WW-4403 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- e: davelnew...@gmail.com m: 908-380-8699 s: davelnewton_skype t: @dave_newton https://twitter.com/dave_newton b: Bucky Bits http://buckybits.blogspot.com/ g: davelnewton https://github.com/davelnewton so: Dave Newton http://stackoverflow.com/users/438992/dave-newton
Re: No parameters set in action when file upload exceeds max size
Yes this is the issue. On Wed, May 14, 2014 at 1:05 AM, Lukasz Lenart lukaszlen...@apache.orgwrote: https://issues.apache.org/jira/browse/WW-3025 ? Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ 2014-05-09 17:43 GMT+02:00 Greg Lindholm greg.lindh...@gmail.com: When I try to upload a file that exceeds the configured 2M max then no parameters get set on my action. I can't present the user with a pretty error message since all context is missing without the rest of the parameters. The file upload is part of a form post that include a bunch of other parameters my app needs to understand the context of the request. I've spent all morning in the debugger, the ParametersInterceptor is being called but the ActionContext.getParameters() is returning null. It appears that when org.apache.commons.fileupload.servlet.ServletFileUpload throws SizeLimitExceededException all parameter parsing is aborted and the multi part request wrapper thinks there are no parameters. Is this expected behavior? Can anyone help? Greg Struts 2.3.16.3 2014-05-09 11:28:40,085 WARN org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest:64 - Request exceeded size limit! org.apache.commons.fileupload.FileUploadBase$SizeLimitExceededException: the request was rejected because its size (18652294) exceeds the configured maximum (2097152) at org.apache.commons.fileupload.FileUploadBase$FileItemIteratorImpl.init(FileUploadBase.java:965) at org.apache.commons.fileupload.FileUploadBase.getItemIterator(FileUploadBase.java:310) at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:334) at org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parseRequest(JakartaMultiPartRequest.java:189) at org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.processUpload(JakartaMultiPartRequest.java:127) at org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse(JakartaMultiPartRequest.java:92) at org.apache.struts2.dispatcher.multipart.MultiPartRequestWrapper.init(MultiPartRequestWrapper.java:81) at org.apache.struts2.dispatcher.Dispatcher.wrapRequest(Dispatcher.java:803) at org.apache.struts2.dispatcher.ng.PrepareOperations.wrapRequest(PrepareOperations.java:134) at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter.doFilter(StrutsPrepareFilter.java:88) - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
No parameters set in action when file upload exceeds max size
When I try to upload a file that exceeds the configured 2M max then no parameters get set on my action. I can't present the user with a pretty error message since all context is missing without the rest of the parameters. The file upload is part of a form post that include a bunch of other parameters my app needs to understand the context of the request. I've spent all morning in the debugger, the ParametersInterceptor is being called but the ActionContext.getParameters() is returning null. It appears that when org.apache.commons.fileupload.servlet.ServletFileUpload throws SizeLimitExceededException all parameter parsing is aborted and the multi part request wrapper thinks there are no parameters. Is this expected behavior? Can anyone help? Greg Struts 2.3.16.3 2014-05-09 11:28:40,085 WARN org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest:64 - Request exceeded size limit! org.apache.commons.fileupload.FileUploadBase$SizeLimitExceededException: the request was rejected because its size (18652294) exceeds the configured maximum (2097152) at org.apache.commons.fileupload.FileUploadBase$FileItemIteratorImpl.init(FileUploadBase.java:965) at org.apache.commons.fileupload.FileUploadBase.getItemIterator(FileUploadBase.java:310) at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:334) at org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parseRequest(JakartaMultiPartRequest.java:189) at org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.processUpload(JakartaMultiPartRequest.java:127) at org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse(JakartaMultiPartRequest.java:92) at org.apache.struts2.dispatcher.multipart.MultiPartRequestWrapper.init(MultiPartRequestWrapper.java:81) at org.apache.struts2.dispatcher.Dispatcher.wrapRequest(Dispatcher.java:803) at org.apache.struts2.dispatcher.ng.PrepareOperations.wrapRequest(PrepareOperations.java:134) at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter.doFilter(StrutsPrepareFilter.java:88)
Re: No parameters set in action when file upload exceeds max size
Has any encountered this? I've tried calling getParameter() on the request to see if I can manually extract the parameters I need but this always returns null. It seems that the MultiPartRequestWrapper believes it has processed parameters and there are none. Greg On Fri, May 9, 2014 at 11:43 AM, Greg Lindholm greg.lindh...@gmail.comwrote: When I try to upload a file that exceeds the configured 2M max then no parameters get set on my action. I can't present the user with a pretty error message since all context is missing without the rest of the parameters. The file upload is part of a form post that include a bunch of other parameters my app needs to understand the context of the request. I've spent all morning in the debugger, the ParametersInterceptor is being called but the ActionContext.getParameters() is returning null. It appears that when org.apache.commons.fileupload.servlet.ServletFileUpload throws SizeLimitExceededException all parameter parsing is aborted and the multi part request wrapper thinks there are no parameters. Is this expected behavior? Can anyone help? Greg Struts 2.3.16.3 2014-05-09 11:28:40,085 WARN org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest:64 - Request exceeded size limit! org.apache.commons.fileupload.FileUploadBase$SizeLimitExceededException: the request was rejected because its size (18652294) exceeds the configured maximum (2097152) at org.apache.commons.fileupload.FileUploadBase$FileItemIteratorImpl.init(FileUploadBase.java:965) at org.apache.commons.fileupload.FileUploadBase.getItemIterator(FileUploadBase.java:310) at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:334) at org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parseRequest(JakartaMultiPartRequest.java:189) at org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.processUpload(JakartaMultiPartRequest.java:127) at org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse(JakartaMultiPartRequest.java:92) at org.apache.struts2.dispatcher.multipart.MultiPartRequestWrapper.init(MultiPartRequestWrapper.java:81) at org.apache.struts2.dispatcher.Dispatcher.wrapRequest(Dispatcher.java:803) at org.apache.struts2.dispatcher.ng.PrepareOperations.wrapRequest(PrepareOperations.java:134) at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter.doFilter(StrutsPrepareFilter.java:88)
S2 how to determine if a session exists from an Interceptor
I have an Interceptor that wants to put something in the session after the action has executed. But if the session doesn't already exist I get an exception: java.lang.IllegalStateException: Cannot create a session after the response has been committed How can I determine if the session already exists from within an Interceptor? public String doIntercept(ActionInvocation invocation) throws Exception { String result = invocation.invoke(); MapString, Object session = invocation.getInvocationContext().getSession(); session.put(key, value); // throws exception if session doesn't exist return result; } Thanks Greg
Re: S2 how to determine if a session exists from an Interceptor
My Interceptor is expecting a session to exist, but I'm occasionally getting exceptions that say the session doesn't exist, and since this occurs after the action has executed and response has been committed it is too late to create a session. So my question is; From with an Interceptor is there a way to determine if a session already exists (or doesn't exist)? I realize I could just catch the exception but I would rather not cause the exception if I can avoid it. The object returned from invocation.getInvocationContext().getSession() is not really a map, it is a wrapper around the session that implements a map interface. Using the put() method above will create the session if it doesn't exist (and response hasn't already been committed.) I suppose I could get the HttpServletRequest object and do a getSession(false) if there isn't a more struts way of finding out. On Thu, Feb 6, 2014 at 12:28 PM, Ken McWilliams ken.mcwilli...@gmail.comwrote: The OP has abstracted away most of the details, he is working with MapString, Object! The session is not generally struts2s responsibility it, generally it is maintained by the web container. Tomcat/Glassfish, etc. And generally you would consider it in such an environment to always exist. What kind of container are you deploying your application in? I recall there being an interceptor that will attempt to create a session for light weight containers, however if struts needs to create such a session object it is doubtful that the container will be able to use it in a meaningful way. On Thu, Feb 6, 2014 at 9:58 AM, Maurizio Cucchiara mcucchi...@apache.org wrote: Hi Greg, I seem to recall that this is not the best way to handle the session and generally speaking, it always better to abstract as much as possible http's details I could be wrong, but It would be better if your action implements a specific interface (SessionAware or HttpSessionAware) Twitter :http://www.twitter.com/m_cucchiara G+ :https://plus.google.com/107903711540963855921 Linkedin:http://www.linkedin.com/in/mauriziocucchiara VisualizeMe: http://vizualize.me/maurizio.cucchiara?r=maurizio.cucchiara Maurizio Cucchiara On 6 February 2014 14:14, Greg Lindholm greg.lindh...@gmail.com wrote: I have an Interceptor that wants to put something in the session after the action has executed. But if the session doesn't already exist I get an exception: java.lang.IllegalStateException: Cannot create a session after the response has been committed How can I determine if the session already exists from within an Interceptor? public String doIntercept(ActionInvocation invocation) throws Exception { String result = invocation.invoke(); MapString, Object session = invocation.getInvocationContext().getSession(); session.put(key, value); // throws exception if session doesn't exist return result; } Thanks Greg
S2 - params on a redirect-result
I was attempting to add arbitrary parameter to a a result type of redirect as shown in the second example here http://struts.apache.org/development/2.x/docs/redirect-result.html and it doesn't seem to work. The parameters are never added. Is there some trick to make this work or is the example wrong? (or is it broken?) Using S2 version 2.3.15.2
Re: Action failed for Struts 2.3.15.3 GA release
If you use struts.mapper.action.prefix.enabled to enable action: prefix support are you opening up a security whole? What is the liability? On Fri, Oct 18, 2013 at 12:28 PM, Lukasz Lenart lukaszlen...@apache.orgwrote: 2013/10/18 Emi Lu em...@encs.concordia.ca: Good morning, Tried the new version15.3, but failed: login() method is not called at all. (1) login.jsp s:submit value=Login theme=simple action=loginProcessLoginAction / Struts 2.3.15.3 disables support for action: prefix by default [1], to enable it you must set struts.mapper.action.prefix.enabled to true. Instead action: you can use method: prefix (but you must enable struts.enable.DynamicMethodInvocation to true [2]) [1] http://struts.apache.org/release/2.3.x/docs/s2-018.html [2] http://struts.apache.org/release/2.3.x/docs/s2-019.html Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [ANN] Struts 2.3.15.2 GA release available - security fix
Is there any estimated time of release for 2.3.15.3? On Wed, Oct 16, 2013 at 9:23 AM, Markus Fischer markus.fisc...@knipp.dewrote: Hi Łukasz, The latest version is here: http://people.apache.org/builds/struts/2.3.15.3 thanks for the update and the quick turnaround on this. I can confirm that with Struts-2.3.15.3, my issues with action: buttons are fixed. I. e., Backward Compatibility for applications using the action: prefix as stated in S2-018 is restored. Many thanks! Markus http://struts.apache.org/release/2.3.x/docs/s2-018.html - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Which S2 features have ASM dependencies?
Which features of S2 use ASM? The S2 project dependencies (http://struts.apache.org/release/2.3.x/struts2-core/dependencies.html) shows that xworks depends on: - asm-3.3.jar - asm-commons-3.3.jar - asm-tree-3.3.jar These ASM jar don't seems to actually be needed by a project I have so I'm guessing they are only needed for some specific feature. Does anyone know which features need ASM? Thanks, Greg
Re: Which S2 features have ASM dependencies?
Thanks On Tue, Oct 15, 2013 at 11:08 AM, Dave Newton davelnew...@gmail.com wrote: The ClassFinder stuff in XWork; for annotation processing. On Tue, Oct 15, 2013 at 10:56 AM, Greg Lindholm greg.lindh...@gmail.com wrote: Which features of S2 use ASM? The S2 project dependencies (http://struts.apache.org/release/2.3.x/struts2-core/dependencies.html) shows that xworks depends on: - asm-3.3.jar - asm-commons-3.3.jar - asm-tree-3.3.jar These ASM jar don't seems to actually be needed by a project I have so I'm guessing they are only needed for some specific feature. Does anyone know which features need ASM? Thanks, Greg -- e: davelnew...@gmail.com m: 908-380-8699 s: davelnewton_skype t: @dave_newton https://twitter.com/dave_newton b: Bucky Bits http://buckybits.blogspot.com/ g: davelnewton https://github.com/davelnewton so: Dave Newton http://stackoverflow.com/users/438992/dave-newton
Re: S2-018, Struts 2.3.15.2: action: prefix for buttons not working after upgrade to Struts 2.3.15.2
So the statement about Backwards Compatibility on http://struts.apache.org/release/2.3.x/docs/s2-018.html is incorrect? *Backward Compatibility* After upgrading to Struts = 2.3.15.2, applications using the action: should still work as expected. This doesn't appear to be true. On Wed, Oct 9, 2013 at 5:10 AM, Markus Fischer markus.fisc...@knipp.dewrote: Do you have any idea when the a release fixing the issue can be available? And is there any chance to get more information about the specifics of the vulnerability behind S2-018? It should be soon, patch is under review. I cannot share any details now about the vulnerability. Many thanks, Lukasz. We are currently considering to filter out action:” elements via URL rewriting, but without knowing any further details we cannot be sure that that will prevent the potential exploit. I'm not sure what you mean by filter out by url rewriting but maybe you could share your solution here? And it looks like the right direction. I'll check if that is feasible and post here if I think it can be useful for someone else. Best regards, Markus - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Running Struts1 and Struts2 together?
Sorry, I don't know anything about UserPrincipal. On Mon, Sep 10, 2012 at 3:52 AM, vsendhil vsend...@gmail.com wrote: Hi, I followed the steps from the threads and have set up the application. But I have issues while getting UserPrincipal inside struts 2 action. (getServletRequest().getUserPrincipal()). The principal object is always null in struts 2 action. My existing application uses Struts 1.3 and WAS 7.0. We are using JSecurity for authentication. I am able to get the Principal object inside my struts 1 action. But the principal object is null inside the struts 2 action. Do we need to do any thing specific to expose the principal object to struts 2 action? Greg Lindholm-2 wrote OK, I successfully integrated Struts 2 into a Struts 1 application, it was actually pretty easy. The main thing I had to do was manually craft the links between the S1 and S2 sides using standard JSTL c:url value='/MyAction.do' /. All this meant was I have hardcoded extensions (.do and .action) in the jsp's. I also ended up cleaning up and removing an bunch of S1 logic:/ tags and replaced with std JSTL. On Mon, Aug 30, 2010 at 11:05 AM, Stephen Turner lt;sturner@gt; wrote: On Mon, 23 Aug 2010 14:22:54 -0400, Greg Lindholm lt;greg.lindholm@ gt; wrote: Is there any issues with running Struts1 and Struts2 together in the same application? I have a couple old Struts1 applications which I plan on converting to Struts2 over time, but would like to start doing new development in Struts2 immediately while converting the Struts1 screens and action over bit-by-bit as needed. How is this going Greg? I'm interested because I have a project that could use this solution, but I've no idea how big a job it is, what the pitfalls are etc. Thanks, Steve - To unsubscribe, e-mail: user-unsubscribe@.apache For additional commands, e-mail: user-help@.apache - To unsubscribe, e-mail: user-unsubscribe@.apache For additional commands, e-mail: user-help@.apache -- View this message in context: http://struts.1045723.n5.nabble.com/Running-Struts1-and-Struts2-together-tp3487943p5710606.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Help with problem: ThreadLocal left after stopping tomcat
I also get a boat-load of these ThreadLocal errors when I stop my app (using Tomcat 6). Tomcat 6 7 are now checking and reporting on all the debris that gets left behind when an app shuts down. I don't think the WW-560 addresses this problem. If I understand it correctly the problem is when the app shuts down it is failing to cleanup some ThreadLocal variables. To fix this issue something would need to keep track of these variables and remove them when the app terminates. It also means it would need to either be notified about the shutdown or explicitly called to cleanup during shutdown. Since these are ThreadLocal it could be a tricky problem. On Tue, Mar 6, 2012 at 11:57 AM, Tom K tkim...@yahoo.com wrote: Hello, When stopping or undeploying my struts 2 web app in Tomcat (7.0.23) I get several severe warnings from tomcat: SEVERE: The web application [/myapp] created a ThreadLocal with key of type [com.opensymphony.xwork2.inject.ContainerImpl$10] (value [com.opensymphony.xwork2.inject.ContainerImpl$10@1376afa]) and a value of type [java.lang.Object[]] (value [[Ljava.lang.Object;@15075f9]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. I've hunted all over the web and found this error repeated in several places, but I haven't yet found a solution. I then found some posts that lead me to believe this was a problem in the xwork libs but that it had been resolved in the latest version: http://jira.opensymphony.com/browse/XW-560 I also found a reference suggesting this could be a problem with using the deprecated FilterDispatcher rather than a StrutsPrepareAndExecuteFilter: https://issues.apache.org/jira/browse/WW-2167 I was originally using Struts 2.1.8.1 and upgraded to the latest (2.3.1.2) which didn't solve the problem, nor did switching back and forth between the FilterDispatcher and StrutsPrepareAndExecuteFilter (the following is from my web.xml): filter filter-nameaction2/filter-name filter-classorg.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter/filter-class /filter filter-mapping filter-namehttpResponseFilter/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-namespringSecurityFilterChain/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameaction2/filter-name url-pattern/*/url-pattern /filter-mapping I also tried an IntrospectorCleanupListener as a shot in the dark but to no avail. If I comment out the StrutsPrepareAndExecuteFilter and deploy/stop the web app, the severe warnings regarding ThreadLocal's go away (though obviously my web app no longer works). At this point I'm not sure what else to try - is there some additional cleanup I can perform via a ContextLoaderListener or otherwise on struts to shut it down properly when the web app is stopped? Or are there still bugs in struts 2/xwork causing this issue that haven't been resolved? Any suggestions or help much appreciated. Thanks, Tom - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Security Vulnerability When Using SessionAware and Best Practice For Mitigating It
A Best Practice for the Session is to only store Immutable object in the session. This would eliminate the SessionAware issue plus it can also be important for clustered servers. On Tue, Feb 21, 2012 at 9:09 AM, bphill...@ku.edu bphill...@ku.edu wrote: I was researching the SessionAware interface as I'm planning on adding a tutorial on how to use the HTTP Session object from within a Struts Action class to the tutorials at: https://cwiki.apache.org/confluence/display/WW/Getting+Started https://cwiki.apache.org/confluence/display/WW/Getting+Started . I ran across this http://codesecure.blogspot.com/2011/12/struts-2-session-tampering-via.html blog post and https://issues.apache.org/jira/browse/WW-3631 Struts 2 JIRA issue that discuss a security vulnerability when using SessionAware. I'd like to include in the tutorial the best practices for mitigating this vulnerability. Here is what I think programmers who use SessionAware in their Action class should do to mitigate this vulnerability: 1. Do not create a public MapString, Object getSession() method in the Action class 2. Also implement the ParameterNameAware interface and override its acceptableParameterName method as follows: public boolean acceptableParameterName(String parameterName) { boolean allowedParameterName = true ; if ( parameterName.contains(session) || parameterName.contains(request) ) { allowedParameterName = false ; } return allowedParameterName; } I'd certainly appreciate any feedback on best practices to follow when implementing the SessionAware interface and how to mitigate the security vulnerability. Thank You, Bruce Phillips -- View this message in context: http://struts.1045723.n5.nabble.com/Security-Vulnerability-When-Using-SessionAware-and-Best-Practice-For-Mitigating-It-tp5502292p5502292.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Security Vulnerability When Using SessionAware and Best Practice For Mitigating It
You can still do this with immutable objects, instead of changing the value of a session object you just replace it with a new object with the changed value. A few years back I encountered problems with clustered application servers where if you changed an object in the sessions those changes were not always replicated to the other servers in the cluster. Using only immutable objects solved the problem then and It's saved me on a couple other issues since, hence I consider it a best practice. On Mon, Feb 27, 2012 at 10:50 AM, Gabriel Belingueres belingue...@gmail.com wrote: I don't know if storing only immutable state in session is a Best Practice (if there exists such a thing as a best practice). Consider frameworks like JBoss Seam or Spring Web Flow with their support for conversations, which is basically mutable state stored in session scope. The case seems to be that people are using those sensible, managed by the framework, dependency injected objects (with their XXXAware interfaces) as first class properties of their actions (by implementing their corresponding getter). Combined with the power of the parameters interceptor, those unwanted aliases gets hard to manage. One way to solve the problem would require avoid getting direct references to those framework objects, however this requires that the framework do more stuff for us. For example, JBoss Seam has those @In @Out annotation for injection and outjection. These are handy because you no longer need to have the actual scope object reference in your actions. 2012/2/27 Greg Lindholm greg.lindh...@gmail.com: A Best Practice for the Session is to only store Immutable object in the session. This would eliminate the SessionAware issue plus it can also be important for clustered servers. On Tue, Feb 21, 2012 at 9:09 AM, bphill...@ku.edu bphill...@ku.edu wrote: I was researching the SessionAware interface as I'm planning on adding a tutorial on how to use the HTTP Session object from within a Struts Action class to the tutorials at: https://cwiki.apache.org/confluence/display/WW/Getting+Started https://cwiki.apache.org/confluence/display/WW/Getting+Started . I ran across this http://codesecure.blogspot.com/2011/12/struts-2-session-tampering-via.html blog post and https://issues.apache.org/jira/browse/WW-3631 Struts 2 JIRA issue that discuss a security vulnerability when using SessionAware. I'd like to include in the tutorial the best practices for mitigating this vulnerability. Here is what I think programmers who use SessionAware in their Action class should do to mitigate this vulnerability: 1. Do not create a public MapString, Object getSession() method in the Action class 2. Also implement the ParameterNameAware interface and override its acceptableParameterName method as follows: public boolean acceptableParameterName(String parameterName) { boolean allowedParameterName = true ; if ( parameterName.contains(session) || parameterName.contains(request) ) { allowedParameterName = false ; } return allowedParameterName; } I'd certainly appreciate any feedback on best practices to follow when implementing the SessionAware interface and how to mitigate the security vulnerability. Thank You, Bruce Phillips -- View this message in context: http://struts.1045723.n5.nabble.com/Security-Vulnerability-When-Using-SessionAware-and-Best-Practice-For-Mitigating-It-tp5502292p5502292.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: using property/constant placeholder in struts config file
You could also define a global result for success: global-results result name=success/templates/application/applicationframe.jsp/result /global-results On Mon, Dec 19, 2011 at 1:44 AM, aum strut aum.str...@gmail.com wrote: Thanks Łukasz, that's a perfect approach 2011/12/18 Łukasz Lenart lukasz.len...@googlemail.com Instead hardcoded result you can use expression action name=welcome class=welcomeAction result${actionFrame}/result /action And create a BaseAction (as a base action for all your actions) with getActionFrame() which will return /templates/application/applicationframe.jsp or whatever your want ;-) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: How to compare string reference variables using ognl?
On Mon, Dec 12, 2011 at 3:08 AM, mohan rao mohanara...@gmail.com wrote: Please delete my previous thread my query was not posted completely. s:set var=selectedOffer value=%{offers.dicountkey}/ s:iterator var =entry value = #session.eligibleEcOffersMap s:set var=queryString value=%{#entry.key}/ T/Fs:property value=selectedOffer.equals(queryString)/ Nothing is printing. T/Fs:property value=#selectedOffer== #queryString/ Always printing false even both are having same values. Thanks. -- You are using s:set so you need to use '#' to reference the variables and since I assume these are strings you are going to want to do .equals() not == (identity equals). My guess is you want to do this: s:property value=#selectedOffer.equals(#queryString)/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Why ActionSupport is Serializable?
I asked this question years ago and the answer I got was: There is no reason it should be Serializable. It was originally (mistakenly) created that way and because of compatibility it's too late to change it now. There is nothing magic about ActionSupport, you could always create your own custom version of ActionSupport which is not Serializable. Greg On Wed, Aug 24, 2011 at 10:57 AM, Ilya Kazakevich ilya.kazakev...@jetbrains.com wrote: Hello, Why ActionSupport is Serializable? Who wants to serialize the action? Ilya Kazakevich, Developer JetBrains Inc http://www.jetbrains.com Develop with pleasure! - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Where does the stdout of Actions go?
From catalina,sh # CATALINA_OUT(Optional) Full path to a file where stdout and stderr # will be redirected. # Default is $CATALINA_BASE/logs/catalina.out On Mon, May 23, 2011 at 1:23 PM, Dave Newton davelnew...@gmail.com wrote: Why would you use S.o.p anyway? Why not just use the logging framework that's already there? Dave On Mon, May 23, 2011 at 10:09 AM, Pankaj Shrivastava pankaj.shrivast...@techrica.com wrote: The catalina.out was getting the Struts messages through the logger. It was just not getting the SOP. I blew away all the log files, rolled back my code a few versions where I knew it was working. The messages started appearing. Again rolled forward and now they appear. Don't know what was wrong in between. Thanks for your help. -Pankaj -Original Message- From: Maurizio Cucchiara [mailto:maurizio.cucchi...@gmail.com] Sent: Monday, May 23, 2011 1:36 PM To: Struts Users Mailing List Subject: Re: Where does the stdout of Actions go? It should appear in catalina.out, I don't think T7 team made a such big changes. Ensure that the user which launch tomcat have the right access to the catalina.out. Another thing that it worth a try is to start tomcat in debug mode. Anyway it's not a S2 question, you'll probably be luckier on apache tomcat ML. On 23 May 2011 08:02, Pankaj Shrivastava pankaj.shrivast...@techrica.comwrote: Hi, While debugging my actions, I have put System.out.println in my Action code (in the validate() method). I know the code, including the SOP, is getting executed because the validation errors do show up. However, I can't see the SOP appearing in the catalina.out file of the Tomcat server. I am using 7.0.11 Apache Tomcat and starting it using the startup.sh script which ships with it. Thanks -Pankaj - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Maurizio Cucchiara - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
OT static resources, cache control, and versioning
I'm trying to find out what are the Best Practices and if there are any utilities available to assist with versioning of static resources and cache-control. I'm working on an application (written with Struts 2) that uses a filter to apply cache-control headers to the static resources, javascript, css, and image files. The problem is we are having frequent releases to production and user's browser's will have cached previous versions of the 'static' resources. Now it is possible for the developers to manually add a version number to each static resource file and update that version number before each release but that would be a very fragile and error prone procedure. To mitigate the problem we have turned down the cache-control down to 1 hour but his is still far from ideal and only helps if the browsers obey the max-age setting. So what are the Best Practices and are there any utilities to assist? Here is the scheme I was considering building: Use tags to generate the static resource paths so they will include a release number in the path. So instead of path /js/site.js as in this script tag: script type=text/javascript src=/js/site.js/script I would generate this with the path /v1.2.3/js/site.js where /v1.2.3/ represents the release number: script type=text/javascript src=/v1.2.3/js/site.js/script I would also write a Filter that would look for requests starting with the /v1.2.3/ release number. When it found one it would strip off the release from the path and forward it to the actual path and on return it would apply the cache-control headers. I think this would handle the cache-control problem as the browsers would cache using the path with the release version and this would change with each new release. Do any utilities like this exist already? (no need to reinvent the wheel if they do.) Greg - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Changing The Result Page
You could also add a btype (browser type) macro to your jsp paths like this... result/struts2/${btype}/Profile.jsp/result Your actions would have to have a getBtype() method that supplied that portion of the path. This assumes you keep the mobile jsp pages in a separate directory then the desktop. Another way is to create a custom result type ( extend org.apache.struts2.dispatcher.ServletDispatcherResult) have it mung with your paths and set it to be the default result-type. (One of the things I love about Struts 2 is number of options you have to solve a problem). On Tue, Feb 1, 2011 at 12:56 PM, Dave Newton davelnew...@gmail.com wrote: Interceptor w/ pre-result listener? Dave On Tue, Feb 1, 2011 at 12:50 PM, Richard Sayre richardsa...@gmail.comwrote: I am making a mobile site for my current web application. I have a huge number of actions that return to JSP pages. I have a mobile detection class written. Is there a way that I can change the result page if the user is on a mobile device? I want to avoid having to write this in all my actions: if(mobile) { return SUCCESS_MOBILE } else { return SUCCESS } If I could change the result page it would make it easier. For example if it is mobile then I replace the result page of /mydir/myPage.jsp to /mydir/myPage-m.jsp. Any suggestions? Thank you, Rich - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
S2 PrepareInterceptor is eating exceptions that occur in prepare{methodName} methods
The PrepareInterceptor seems to have a bug; any exceptions that occur in the prepare{MethoName} methods are being caught and ignored. It should be re-throwing the exception so that normal Exception handing logic will occur (in the Exception Interceptor). Exception that occur in prepare() are not caught which is correct but those that occur in prepare{MethodName} are being caught then ignored. I've created a JIRA issue WW-3559 https://issues.apache.org/jira/browse/WW-3559 which includes a patch to fix this. Greg - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 and Sitemesh basic configuration
Thanks Brain. Can anyone else give me a definitive answer about the struts2-sitemesh-plugin? Is it actually needed if you are using JSP decorators? I've done a few little tests and it doesn't appear to be needed. I've including struts tags in the decorator JSP file and I can access my action properties. Thanks On Tue, Nov 30, 2010 at 1:26 PM, Brian Thompson elephant...@gmail.com wrote: Hmm, I just took a second look. We do actually have struts2-sitemesh-plugin.jar in our classpath. OTOH, it doesn't seem to be used anywhere. From the documentation available ( http://struts.apache.org/2.x/docs/sitemesh-plugin.html), it sounds like the plugin is only important if you're using Velocity or Freemarker. I might be missing something here, but based on my project files, it seems to make sense. Someone more experienced with Sitemesh could probably give you a better answer than I can. -Brian On Tue, Nov 30, 2010 at 11:02 AM, Greg Lindholm greg.lindh...@gmail.comwrote: Brian, you are saying I can use struts tags and access the action etc in my JSP decorator without needing the struts2-sitemesh-plugin? (This would be great, but then what is the plugin for?) Thanks Dave, Brian for the clarification on the filter vs filter-mapping order. On Tue, Nov 30, 2010 at 10:53 AM, Brian Thompson elephant...@gmail.com wrote: Re: Question 1 - No, you can use other taglibs inside a decorator file. My user.jsp (decorator) has the following lines: %-- Include struts tag declaration --% %@ include file=/common/taglibs.jsp% titledecorator:title/ - s:text name=webapp.name//title (it also uses c:if in places. All you need to do is declare the taglib with e.g. %@ taglib uri=/struts-tags prefix=s % Simple!) Re: Question 4 - In my project, I have the filters mapped like this: filter-mapping filter-namestruts-cleanup/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-namesitemesh/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-namestruts/filter-name url-pattern/*/url-pattern /filter-mapping Hope this helps, Brian On Tue, Nov 30, 2010 at 9:35 AM, Greg Lindholm greg.lindh...@gmail.com wrote: I'm working on my first project that will use sitemesh and have some questions on basic configuration with Struts2. Info: struts 2.2.1 sitemesh 2.4.1 My decorators will be JSP files I'm looking at the struts2-sitemesh-plugin doc http://struts.apache.org/2.2.1/docs/sitemesh-plugin.html Question 1) If I want to access struts2 resources (from the action or value stack) and use struts2 tags from the decorator JSP then I need to use the sitemesh plugin, is that correct? Question 2) Do I need to configure the FreemarkerDecoratorServlet and VelocityDecoratorServlet since I'm only using JSP decorators? (I think not, but better ask.) Question 3) Do I need to configure the JspSupportServlet? It's listed under the Full Integration section with no mapping and no description? What does it do? Question 4) In the Example section of the doc the sitemesh filter appears after the two struts filters, is this correct? I was under the impression that the sitemesh filter must be declared between the struts-prepare and struts-execute filters. Is this the example wrong? Thanks - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 and Sitemesh basic configuration
Thanks Maurizio. To wrap this up; here are the changes I needed to make to web.xml to use Sitemesh with Struts 2.2.1: filter filter-namestruts2-prepare/filter-name filter-classorg.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter/filter-class /filter filter filter-namesitemesh/filter-name filter-classcom.opensymphony.sitemesh.webapp.SiteMeshFilter/filter-class /filter filter filter-namestruts2-execute/filter-name filter-classorg.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter/filter-class /filter filter-mapping filter-namestruts2-prepare/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-namesitemesh/filter-name url-pattern/*/url-pattern dispatcherREQUEST/dispatcher dispatcherFORWARD/dispatcher dispatcherINCLUDE/dispatcher /filter-mapping filter-mapping filter-namestruts2-execute/filter-name url-pattern/*/url-pattern /filter-mapping Thanks On Fri, Dec 3, 2010 at 12:45 PM, Maurizio Cucchiara maurizio.cucchi...@gmail.com wrote: You must include struts-sitemesh-plugin only if you need to use (Freemarker, Velocity)DecoratorServlet, otherwise you can use only sitemesh filter. 2010/12/3 Greg Lindholm greg.lindh...@gmail.com: Thanks Brain. Can anyone else give me a definitive answer about the struts2-sitemesh-plugin? Is it actually needed if you are using JSP decorators? I've done a few little tests and it doesn't appear to be needed. I've including struts tags in the decorator JSP file and I can access my action properties. Thanks On Tue, Nov 30, 2010 at 1:26 PM, Brian Thompson elephant...@gmail.com wrote: Hmm, I just took a second look. We do actually have struts2-sitemesh-plugin.jar in our classpath. OTOH, it doesn't seem to be used anywhere. From the documentation available ( http://struts.apache.org/2.x/docs/sitemesh-plugin.html), it sounds like the plugin is only important if you're using Velocity or Freemarker. I might be missing something here, but based on my project files, it seems to make sense. Someone more experienced with Sitemesh could probably give you a better answer than I can. -Brian On Tue, Nov 30, 2010 at 11:02 AM, Greg Lindholm greg.lindh...@gmail.comwrote: Brian, you are saying I can use struts tags and access the action etc in my JSP decorator without needing the struts2-sitemesh-plugin? (This would be great, but then what is the plugin for?) Thanks Dave, Brian for the clarification on the filter vs filter-mapping order. On Tue, Nov 30, 2010 at 10:53 AM, Brian Thompson elephant...@gmail.com wrote: Re: Question 1 - No, you can use other taglibs inside a decorator file. My user.jsp (decorator) has the following lines: %-- Include struts tag declaration --% %@ include file=/common/taglibs.jsp% titledecorator:title/ - s:text name=webapp.name//title (it also uses c:if in places. All you need to do is declare the taglib with e.g. %@ taglib uri=/struts-tags prefix=s % Simple!) Re: Question 4 - In my project, I have the filters mapped like this: filter-mapping filter-namestruts-cleanup/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-namesitemesh/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-namestruts/filter-name url-pattern/*/url-pattern /filter-mapping Hope this helps, Brian On Tue, Nov 30, 2010 at 9:35 AM, Greg Lindholm greg.lindh...@gmail.com wrote: I'm working on my first project that will use sitemesh and have some questions on basic configuration with Struts2. Info: struts 2.2.1 sitemesh 2.4.1 My decorators will be JSP files I'm looking at the struts2-sitemesh-plugin doc http://struts.apache.org/2.2.1/docs/sitemesh-plugin.html Question 1) If I want to access struts2 resources (from the action or value stack) and use struts2 tags from the decorator JSP then I need to use the sitemesh plugin, is that correct? Question 2) Do I need to configure the FreemarkerDecoratorServlet and VelocityDecoratorServlet since I'm only using JSP decorators? (I think not, but better ask.) Question 3) Do I need to configure the JspSupportServlet? It's listed under the Full Integration section with no mapping and no description? What does it do? Question 4) In the Example section of the doc the sitemesh filter appears after the two struts filters, is this correct? I was under the impression that the sitemesh filter must be declared between the struts-prepare and struts-execute filters. Is this the example wrong? Thanks - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
S2 and Sitemesh basic configuration
I'm working on my first project that will use sitemesh and have some questions on basic configuration with Struts2. Info: struts 2.2.1 sitemesh 2.4.1 My decorators will be JSP files I'm looking at the struts2-sitemesh-plugin doc http://struts.apache.org/2.2.1/docs/sitemesh-plugin.html Question 1) If I want to access struts2 resources (from the action or value stack) and use struts2 tags from the decorator JSP then I need to use the sitemesh plugin, is that correct? Question 2) Do I need to configure the FreemarkerDecoratorServlet and VelocityDecoratorServlet since I'm only using JSP decorators? (I think not, but better ask.) Question 3) Do I need to configure the JspSupportServlet? It's listed under the Full Integration section with no mapping and no description? What does it do? Question 4) In the Example section of the doc the sitemesh filter appears after the two struts filters, is this correct? I was under the impression that the sitemesh filter must be declared between the struts-prepare and struts-execute filters. Is this the example wrong? Thanks - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 and Sitemesh basic configuration
Brian, you are saying I can use struts tags and access the action etc in my JSP decorator without needing the struts2-sitemesh-plugin? (This would be great, but then what is the plugin for?) Thanks Dave, Brian for the clarification on the filter vs filter-mapping order. On Tue, Nov 30, 2010 at 10:53 AM, Brian Thompson elephant...@gmail.com wrote: Re: Question 1 - No, you can use other taglibs inside a decorator file. My user.jsp (decorator) has the following lines: %-- Include struts tag declaration --% %@ include file=/common/taglibs.jsp% titledecorator:title/ - s:text name=webapp.name//title (it also uses c:if in places. All you need to do is declare the taglib with e.g. %@ taglib uri=/struts-tags prefix=s % Simple!) Re: Question 4 - In my project, I have the filters mapped like this: filter-mapping filter-namestruts-cleanup/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-namesitemesh/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-namestruts/filter-name url-pattern/*/url-pattern /filter-mapping Hope this helps, Brian On Tue, Nov 30, 2010 at 9:35 AM, Greg Lindholm greg.lindh...@gmail.comwrote: I'm working on my first project that will use sitemesh and have some questions on basic configuration with Struts2. Info: struts 2.2.1 sitemesh 2.4.1 My decorators will be JSP files I'm looking at the struts2-sitemesh-plugin doc http://struts.apache.org/2.2.1/docs/sitemesh-plugin.html Question 1) If I want to access struts2 resources (from the action or value stack) and use struts2 tags from the decorator JSP then I need to use the sitemesh plugin, is that correct? Question 2) Do I need to configure the FreemarkerDecoratorServlet and VelocityDecoratorServlet since I'm only using JSP decorators? (I think not, but better ask.) Question 3) Do I need to configure the JspSupportServlet? It's listed under the Full Integration section with no mapping and no description? What does it do? Question 4) In the Example section of the doc the sitemesh filter appears after the two struts filters, is this correct? I was under the impression that the sitemesh filter must be declared between the struts-prepare and struts-execute filters. Is this the example wrong? Thanks - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Problem with Validation lifecycle
I wrote this to solve the problem of preserving messages across a redirect: http://glindholm.wordpress.com/2008/07/02/preserving-messages-across-a-redirect-in-struts-2/ On Fri, Nov 19, 2010 at 11:36 AM, Greg Akins angryg...@gmail.com wrote: Thanks for the response On Fri, Nov 19, 2010 at 11:28 AM, Maurizio Cucchiara maurizio.cucchi...@gmail.com wrote: As far I can remember actionError are stored in struts stack, so I guess they are per-request. That's what I thought. Also, redirect action create a new request, so you can share AE in a standard flow. I CAN share actionErrors in the standard flow, but if I use redirectAction I lose the original request, right? Can't you do without redirect for the input result? The problems is that when I create the jsp, I set values for whether the fields are to be displayed. Since those are set in the action, if I skip that action the fields are displayed. The only other thing I can think of is to set the display in the other action (the one that is redirecting from).. but since I'm falling out of the interceptor stack and not getting into the execute method on the action, I'm not sure of how I'd do that either. 2010/11/19 Greg Akins angryg...@gmail.com I've written an action, with validation, that uses a redirectAction instead of a .jsp for the INPUT result. When the final INPUT jsp is displayed, the actionErrors aren't present. I believe this is because the action I'm redirecting to clears the actions before the jsp is displayed. If I save an actionError on the session, I can retrieve it in the final error... but this seems less than ideal, and I'm not sure how to get to the annotation based validators ( I added a session.put() in the validate() method. Is there a way to carry the errors across actions in this case? The INPUT needs to redirect to an action because the action determines whether certain fields need displayed.. if the INPUT goes straight to a jsp, the jsp is blank because of the logic I'm using to display fields. Struts 2.2.1 -- Greg Akins http://insomnia-consulting.org http://www.pghcodingdojo.org http://pittjug.dev.java.net http://twitter.com/akinsgre http://www.linkedin.com/in/akinsgre - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Maurizio Cucchiara -- Greg Akins http://insomnia-consulting.org http://www.pghcodingdojo.org http://pittjug.dev.java.net http://twitter.com/akinsgre http://www.linkedin.com/in/akinsgre - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Interceptor attempt
Hi David, I've written a couple of these so let me give you some advice: Create an Interface HibernateAware that your actions will implement if they want a Hibernate Session and Transaction injected. public interface HibernateAware { } On Wed, Nov 10, 2010 at 3:45 PM, Altenhof, David Aron dalte...@iupui.edu wrote: Hello all, I'm trying to write my own interceptor, and have a question or two... I'd like to write a simple interceptor that will manage hibernate sessions for me. I know that there are more sophisticated ways to do this using Spring, etc. but this is mainly a learning experience. So, given the simple code below, my questions are: 1) Does it appear to be thread-safe? 2) Is there any condition, other than an unhandled exception elsewhere in the app, that would cause the transaction not to be committed? 3) Are there any better places to stash the session and transaction references other than the Action? I tried putting it on the value stack, but that wreaked havoc with the Params interceptor. Thanks! David public class HibernateInterceptor implements Interceptor { public String intercept(ActionInvocation actionInvocation) throws Exception { Session sess = HibernateUtil.getSession(); Transaction tx = sess.beginTransaction(); // Put sess, tx in Action Action action = (Action) actionInvocation.getAction(); if(action instanceof MyAction ) { ((MyAction)action).setHibSession(sess); ((MyAction)action).setHibTransaction(tx); } String rslt = actionInvocation.invoke(); try { // Try to commit: tx.commit(); } catch (Exception ex) { // Try to rollback and do other stuff here ... } return rslt; } public void destroy() {} public void init() {} } - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Interceptor attempt
(Sorry - premature post) Hi David, I've written a couple of these so let me give you some advice: Create an Interface HibernateAware that your actions will implement if they want a Hibernate Session and Transaction injected. public interface HibernateAware { void setSession(Session session); void setTransaction(Transaction tx); } Next, you only want to create a Session and Transaction if the Action implements HibernateAware, Object action = invocation.getAction(); if (action instanceof HibernateAware) { HibernateAware ha = (HibernateAware) action; ha.setSession(...) ha.setTransaction(...) ... } else { return invocation.invoke(); } Next and a bigger issue; I think it is a really bad idea to do the commit in the interceptor. If the commit fails it is too late to tell the user or do anything about it since your result and response has already been rendered. You need to understand how the interceptor stack works, but the key point is the first interceptor or action that returns a result string causes the result to be processed and the response (jsp page) to be rendered before the interceptor stack starts to unwind. SO if the commit fails, it's too late in the interceptor to do anything about it, you have already rendered the everything is OK page to the user. What I do is to commit the transaction in the Action then if it fails I can return a FAILURE result. Now if you need a Transaction open in order to allow lazy loading while rendering the jsp page what I will do is begin a second transaction. Then in the interceptor I will Rollback the transaction and close the session since nothing in the page rendering should modify any entities. Next; your interceptor needs to close the session. Your option instead of storing the session in the action is to store it and the transaction in ThreadLocal storage. In fact if you copied your HIbernateUtil from many of the examples it may already be storing the session in ThreadLocal storage as this is very common. One thing you need to be aware of regarding ThreadLocal storage and web servers; most web servers use a thread pool for executing requests and once your request is finished the thread gets put back into the pool for use on a future request. This can be a problem if you don't properly clean up all ThreadLocal storage, for example if you leave a session open and in ThreadLocal storage when the thread gets re-used for the next request it will already have a session in it and it will be reused. This usually happens when an exception occurs and the session doesn't get closed so chances are the session is corrupt or dead which will cause this later request to fail unexpectedly. I would put the call to invocation.action() in a try block with a finally block that closes the session and cleans up any other THreadLocal stuff you have so it doesn't pollute the thread pool. On Wed, Nov 10, 2010 at 4:44 PM, Greg Lindholm greg.lindh...@gmail.com wrote: Hi David, I've written a couple of these so let me give you some advice: Create an Interface HibernateAware that your actions will implement if they want a Hibernate Session and Transaction injected. public interface HibernateAware { } On Wed, Nov 10, 2010 at 3:45 PM, Altenhof, David Aron dalte...@iupui.edu wrote: Hello all, I'm trying to write my own interceptor, and have a question or two... I'd like to write a simple interceptor that will manage hibernate sessions for me. I know that there are more sophisticated ways to do this using Spring, etc. but this is mainly a learning experience. So, given the simple code below, my questions are: 1) Does it appear to be thread-safe? 2) Is there any condition, other than an unhandled exception elsewhere in the app, that would cause the transaction not to be committed? 3) Are there any better places to stash the session and transaction references other than the Action? I tried putting it on the value stack, but that wreaked havoc with the Params interceptor. Thanks! David public class HibernateInterceptor implements Interceptor { public String intercept(ActionInvocation actionInvocation) throws Exception { Session sess = HibernateUtil.getSession(); Transaction tx = sess.beginTransaction(); // Put sess, tx in Action Action action = (Action) actionInvocation.getAction(); if(action instanceof MyAction ) { ((MyAction)action).setHibSession(sess); ((MyAction)action).setHibTransaction(tx); } String rslt = actionInvocation.invoke(); try { // Try to commit
Re: Generic Question about Struts2 Interceptor
Every app I've written has custom interceptors (and of course custom interceptor stacks). Don't fear interceptors, they are your friends. On Tue, Oct 12, 2010 at 12:17 PM, aum strut aum.str...@gmail.com wrote: Hi All, I have a generic question about Struts2Interceptor,since Struts2 is itself in term of Interceptor and most of the required interceptors are there placed. My question is how many of us are using custom Interceptor which are there in production enviornment.my idea is to get some broad prespective about there usuage and practical implimentation in production Thanks in advance, Aum - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Generic Question about Struts2 Interceptor
Here are some that I've used in recent project: AuthenticationInterceptor to check if user is signed in. HibernateInterceptor to manage Hibernate session lifecycles LoggingInterceptor for custom logging HandsetPropertiesInterceptor for injecting properties into the request based on User-Agent settings TrimParametersInterceptor to trim whitespace off string parameters RedirectMessageInterceptor to handle preserving messages across redirects CookieMessageInterceptor to handle preserving message in cookies when not using sessions Interceptors are the place I will normally handle any cross-cutting concerns. On Tue, Oct 12, 2010 at 1:26 PM, aum strut aum.str...@gmail.com wrote: I am truely agree but can give me some example where you have applied them just to get me an idea may be lacing imagination this time :) On Tue, Oct 12, 2010 at 10:40 PM, Greg Lindholm greg.lindh...@gmail.comwrote: Every app I've written has custom interceptors (and of course custom interceptor stacks). Don't fear interceptors, they are your friends. On Tue, Oct 12, 2010 at 12:17 PM, aum strut aum.str...@gmail.com wrote: Hi All, I have a generic question about Struts2Interceptor,since Struts2 is itself in term of Interceptor and most of the required interceptors are there placed. My question is how many of us are using custom Interceptor which are there in production enviornment.my idea is to get some broad prespective about there usuage and practical implimentation in production Thanks in advance, Aum - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Reduce Java Script Depecency in Struts 2
I haven't used the jQuery plugin but I would highly recommend just using straight jQuery. I've been very impressed with how easy it is to use and how much you can accomplish with very little jQuery code. As far as the jQuery plugin goes; it appears to give you a bunch of snazzy UI elements via jsp tags without having to actually learn jQuery. If that is what you are looking for, great, but, IMHO you are missing out on the full power of jQuery and adding a dependency on a 3rd party plugin which is rapidly changing. Recall lessons learned from all those who went with the Dojo plugin. On Wed, Oct 6, 2010 at 2:15 AM, Yanto Bong yantob...@gmail.com wrote: Hi Hantsy, Jose, thanks, we'll take a look at the plug in. Best Regards Yanto On Wed, Oct 6, 2010 at 11:48 AM, Jose A. Corbacho mcco...@gmail.com wrote: I meant, yep, using the plugin provided for jQuery. On Wed, Oct 6, 2010 at 10:40 AM, Hantsy Bai han...@gmail.com wrote: There is a project which integrated JQuery into Struts2... http://code.google.com/p/struts2-jquery/ The dojo plugin shipped with Struts 2 is too old... Hantsy 于 2010/10/6 11:28, Jose A. Corbacho 写道: I changed to jQuery not long time ago and I have to say the system has improved its performance (I was using before the dojo plugin) as well as the code being cleaner. You'll still need to do some javascripting but using jQuery API that is, as said, cleaner. On Wed, Oct 6, 2010 at 10:05 AM, Yanto Bongyantob...@gmail.com wrote: Hi All, We've use Struts 2+Spring+Hibernate as our framework and use JSP as the UI. After we review the application, our application having quite a lot Java Script that cause certain form not working propertly in one of the browser. Any suggesstion how we can reduce Java Script in the JSP ? is the JQuery is a good option ? Best Regards Yanto - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: S2 overriding a Localization property
Martin, does your reply have anything to do with Struts 2 or my question or this thread? On Fri, Sep 24, 2010 at 8:41 PM, Martin Gainty mgai...@hotmail.com wrote: from the maven perspective package level localisation at the package (groupId) level is the easiest implementation introducing class-level filters implies the need for a class level filter (instead of applying localisation at the package level) same goes with Application.properties where the build utility would choose priority of language based on some external criteria (packageLevelLocalisation/classLevelLocalisation/versionLocalisation) there is a growing need for build engineers to build one package for english, one package for german and one package for french during RC (release-candidate) promotions http://maven.apache.org/plugins/maven-site-plugin/i18n.html maybe wes or paul benedict can offer some advice on their experience Martin - Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Ez az üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet ezen üzenet tartalma miatt. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Fri, 24 Sep 2010 11:17:06 -0400 Subject: Re: S2 overriding a Localization property From: greg.lindh...@gmail.com To: user@struts.apache.org Yes, a more explicit override mechanism would be a good idea as the Bundle Search Order mechanism seems to have some weaknesses. (This is all assuming I'm understanding it correctly.) How would I override properties that are in an class-level properties file since this seems to be the most specific location? The only way I can imagine would be to provide my own version of of class-level properties with the same name and ensure it is earlier on the Classpath. In this case it seems I would have to provide a full replacement with all properties not just the properties I'm interested in overriding (if it finds my class-level properties file will it look for others with the same name or just move up the chain?). Here is different situation that also seems weak; if i want to override a property that is in a package-level properties file I could provide a class-level properties file but if the properties are used by more then one action class I would need to provide multiple class-level properties files, one for each class that uses the property. I think a better mechanism would be a facility to configure a look here first properties file and if not found then continue up the Bundle Search Order. Essentially allow the developer to insert a bundle into the front of the search order. On Thu, Sep 23, 2010 at 5:05 PM, Dave Newton davelnew...@gmail.com wrote: Provide a more-specific location--so as long as they can create a package- or class-level properties file that's more specific there's no issue. Are you looking for a different mechanism than that? Dave On Thu, Sep 23, 2010 at 5:02 PM, Greg Lindholm greg.lindh...@gmail.comwrote: How do you override a Localization property that is bundled in a ActionClass.properties file? I'm planing on bundling up some common Action classes into a jar to be used by several projects. I plan on putting their properties in ActionClass.properties files that get bundled into the jar. I would like the individual projects to be able to override the supplied properties if they need to. I'm looking at the Resource Bundle Search Order and it appears that it will in the ActionClass.properties file and if it finds the property it will stop looking any further. So how do you override? Thanks
Re: S2 overriding a Localization property
Yes, a more explicit override mechanism would be a good idea as the Bundle Search Order mechanism seems to have some weaknesses. (This is all assuming I'm understanding it correctly.) How would I override properties that are in an class-level properties file since this seems to be the most specific location? The only way I can imagine would be to provide my own version of of class-level properties with the same name and ensure it is earlier on the Classpath. In this case it seems I would have to provide a full replacement with all properties not just the properties I'm interested in overriding (if it finds my class-level properties file will it look for others with the same name or just move up the chain?). Here is different situation that also seems weak; if i want to override a property that is in a package-level properties file I could provide a class-level properties file but if the properties are used by more then one action class I would need to provide multiple class-level properties files, one for each class that uses the property. I think a better mechanism would be a facility to configure a look here first properties file and if not found then continue up the Bundle Search Order. Essentially allow the developer to insert a bundle into the front of the search order. On Thu, Sep 23, 2010 at 5:05 PM, Dave Newton davelnew...@gmail.com wrote: Provide a more-specific location--so as long as they can create a package- or class-level properties file that's more specific there's no issue. Are you looking for a different mechanism than that? Dave On Thu, Sep 23, 2010 at 5:02 PM, Greg Lindholm greg.lindh...@gmail.comwrote: How do you override a Localization property that is bundled in a ActionClass.properties file? I'm planing on bundling up some common Action classes into a jar to be used by several projects. I plan on putting their properties in ActionClass.properties files that get bundled into the jar. I would like the individual projects to be able to override the supplied properties if they need to. I'm looking at the Resource Bundle Search Order and it appears that it will in the ActionClass.properties file and if it finds the property it will stop looking any further. So how do you override? Thanks - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
S2 overriding a Localization property
How do you override a Localization property that is bundled in a ActionClass.properties file? I'm planing on bundling up some common Action classes into a jar to be used by several projects. I plan on putting their properties in ActionClass.properties files that get bundled into the jar. I would like the individual projects to be able to override the supplied properties if they need to. I'm looking at the Resource Bundle Search Order and it appears that it will in the ActionClass.properties file and if it finds the property it will stop looking any further. So how do you override? Thanks - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: few questions
You can get the action name in a JSP with #context['struts.actionMapping'].name. What I do is to add a getActionName() to the action base class which returns ActionContext.getContext().getName() On Wed, Sep 15, 2010 at 5:45 PM, Daniel Rindt dri...@visetics.com wrote: Hello, i would like to know how to obtain the name of the current action inside the JSP code. I found code: s:property value=%{#action} / but this is showing me: action.regis...@ce41cc but its useless information for me. next question i had is i invoke a request to any action like this: ?request_locale=tr, the form i use on that page immediately changes the labels for the fields as expected. But it seems that the code inside the action is not understanding this. Because the prepare() method makes use of getText() and this translation is also not processed, it remains in the language what struts initially detected. Hopefully someone can give me a lil clue. TIA Daniel - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Running Struts1 and Struts2 together?
OK, I successfully integrated Struts 2 into a Struts 1 application, it was actually pretty easy. The main thing I had to do was manually craft the links between the S1 and S2 sides using standard JSTL c:url value='/MyAction.do' /. All this meant was I have hardcoded extensions (.do and .action) in the jsp's. I also ended up cleaning up and removing an bunch of S1 logic:/ tags and replaced with std JSTL. On Mon, Aug 30, 2010 at 11:05 AM, Stephen Turner stur...@mit.edu wrote: On Mon, 23 Aug 2010 14:22:54 -0400, Greg Lindholm greg.lindh...@gmail.com wrote: Is there any issues with running Struts1 and Struts2 together in the same application? I have a couple old Struts1 applications which I plan on converting to Struts2 over time, but would like to start doing new development in Struts2 immediately while converting the Struts1 screens and action over bit-by-bit as needed. How is this going Greg? I'm interested because I have a project that could use this solution, but I've no idea how big a job it is, what the pitfalls are etc. Thanks, Steve - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Managing code between Action Class and JSP.
I assumed from his example that he was using Strut1. Maybe he could tell us so we don't have to guess and give wrong info. On Thu, Sep 9, 2010 at 4:53 PM, Dale Newfield d...@newfield.org wrote: On 9/9/10 4:12 PM, anjibman wrote: What I am really struggling in is I have processing result in the form of List of objects. What would be the best practice to send such list to JSP ready to grab. Best practice is to store it inside the action, and add a getter to your action that returns the list: public ListFoo getResultObjects() Then in the jsp use tags like these: ul s:iterator value=%{resultObjects} var=aFoo lis:property value=%{#aFoo.propertyName} //li /s:iterator /ul The language used inside those %{} is called OGNL (Object Graph Navigation Language). It can access data held either in a named map (aFoo for example, addressed with a #) or by searching the value stack (which typically has the action as the top item, so resultObjects winds up calling your action's getResultObjects() method). http://struts.apache.org/2.2.1/docs/ognl.html http://www.opensymphony.com/ognl/html/LanguageGuide/index.html -Dale - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Problem with Struts 2 and browser cache
We typically use a simple little filter to add cache-control headers to results. Of course there is no guarantee the browser will respect it (although the spec say it must be obeyed http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9). In web.xml: filter descriptionCache-Control for Dynamic resources/description filter-nameNoCacheFilter/filter-name filter-classcom.mycompany.SetHeadersFilter/filter-class init-param param-nameCache-Control/param-name param-valuemax-age=0, must-revalidate/param-value /init-param /filter filter-mapping filter-nameNoCacheFilter/filter-name url-pattern*.action/url-pattern /filter-mapping public class SetHeadersFilter implements Filter { private FilterConfig _filterConfig; public SetHeadersFilter() { super(); } public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; for (Enumeration? e = _filterConfig.getInitParameterNames(); e.hasMoreElements();) { String header = (String) e.nextElement(); response.setHeader(header, _filterConfig.getInitParameter(header)); } filterChain.doFilter(req, res); } public void init(FilterConfig filterConfig) { this._filterConfig = filterConfig; } public void destroy() { this._filterConfig = null; } } On Tue, Sep 7, 2010 at 11:50 AM, Oscar oscar.kalde...@gmail.com wrote: Hi to all, i have a little requirement in my application. Clients need that, after logout, When they press the browser Back button, it shows that user doesn't have permission because he was already logged out. For example, if i'm inside the application and in that right moment i'm seeing some sensible info and press the logout button, when they press browser Back button they can't see that sensible info. For me, it looks like a situation where i have to reset the browser cache or something like that. I googled a lot about that and i find that delete cache is impossible, but i find some javascript scripts, or use response.setHeaders but none of that worked for me. I'm working with Struts 2.1.8 and i found that i can override the parameter struts.serve.static.browserCache in struts.xml to enable struts to add the necessary headers to all static content. But isn't working. I assured that struts.serve.static = true as says in the documentation: ### Used by FilterDispatcher ### This is good for development where one wants changes to the static content be ### fetch on each request. ### NOTE: This will only have effect if struts.serve.static=true ### If true - Struts will write out header for static contents such that they will ### be cached by web browsers (using Date, Cache-Content, Pragma, Expires) ### headers). ### If false - Struts will write out header for static contents such that they are ### NOT to be cached by web browser (using Cache-Content, Pragma, Expires ### headers) But it doesn't work. Somebody knows why doesn't work or another way to avoid cache after i logout from a Struts application (to avoid show cached content when user press Back button)? Thanks in advance. -- Oscar Calderón SCJP 6 http://javahowto.net - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Running Struts1 and Struts2 together?
Is there any issues with running Struts1 and Struts2 together in the same application? I have a couple old Struts1 applications which I plan on converting to Struts2 over time, but would like to start doing new development in Struts2 immediately while converting the Struts1 screens and action over bit-by-bit as needed. I haven't worked with Struts1 for many years. A quick look at the components makes me think I can run both 1 2 together. Java packages: s1) org.apache.struts s2) org.apache.struts2 web.xml s1) a Servlet (ActionServlet) mapped to *.do s2) a Filter mapped to *.action (and others) Action extensions: s1) *.do (from web.xml) s2) *.action (from we.xml) Config files: s1) /WEB-INF/struts-config.xml (from web.xml config param) s2) /WEB-INF/classes/struts.xml (can this be explicitly configured?) Questions: - Is there any know issues with running Struts1 and Struts2 together in the same application? - Has anyone done this successfully? Any advice? - S1 app uses /WEB-INF/validation.xml and validator-rules.xml, will these cause any conflict with S2? Greg - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Performance issues
I have found most the struts tags to be really slow but s:form seems to stick out. For really high performance pages I find I have to not use struts tags. See this old thread: http://old.nabble.com/S2-%3Cs%3Aform%3E-in-interator-really-slow-tc28073962.html On Wed, Aug 18, 2010 at 4:46 PM, Nathan Meeker nate.mee...@gmail.com wrote: I just enabled the cache (using the settings you suggested) and the time is down to 15 seconds (from 60-70). Is there anything else I should be doing? Thanks! On Wed, Aug 18, 2010 at 2:24 PM, Lukasz Lenart lukasz.len...@googlemail.com wrote: Did you enabled FreeMarker cache? http://struts.apache.org/2.x/docs/freemarker.html Cache sesction Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Kapituła Javarsovia 2010 http://javarsovia.pl - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Repopulating rich controls
What you are describing as odd behavior is actually normal and expected. With Struts the URL shown in the browser will always be the action name it will never be the jsp. You may wish to read up a little on how Servlets and forwarding works (just google servlet forward). Just replying I did what you said and it didn't work (this list get messages like this every day) doesn't provide any additional information that would allow someone to help you. Did you implement the Preparable interface? Did you run your app in the debugger and break in your prepare() method? What does you prepare method look like? The best way to get help is to provide a detailed description of what you actually did including code and configuration samples. The best way to help yourself (and learn) is to run your app in the debugger and find out what it is actually doing. On Mon, Jul 19, 2010 at 1:51 AM, Guy Thomas guy.tho...@vlaamsbrabant.be wrote: Hello Greg, I had tried to apply the instructions on the web page you sent me, but as explained in my mail, it did not work. I must have done something wrong. One of the symptoms of an odd behavior is that I'm taken back to the jsp page with the form (index.jsp) when I forget to fill in something in the search text field, but that the url still shows the target action of the form and ... the rich controls are not repopulated. Guy -Oorspronkelijk bericht- Van: Greg Lindholm [mailto:greg.lindh...@gmail.com] Verzonden: vrijdag 16 juli 2010 19:38 Aan: Struts Users Mailing List Onderwerp: Re: Repopulating rich controls From the Struts 2 FAQ http://struts.apache.org/2.1.8.1/docs/how-do-we-repopulate-controls-when-validation-fails.html On Fri, Jul 16, 2010 at 4:40 AM, Guy Thomas guy.tho...@vlaamsbrabant.be wrote: In a form I use the struts2 action tag to populate a drop down list: s:actionerror / s:form action=bookactiondispatcher namespace=/ theme=simple table tr tdSelect an action:/td tds:action name=bookactions namespace=/ executeResult=true //td /tr tr tdSpecify search terms:/td tds:textfield name=searchString size=44 required=true //td /tr tr tds:submit type=input value=Voer actie uit //td /tr /table /s:form The bookactions action refers to the following jsp (bookactions.jsp): %@ taglib prefix=s uri=/struts-tags% s:radio list=bookActions value=defaultBookAction name=bookAction onclick=setTextFieldVisibility (this.value) theme=simple / As long as I select the select action (there is also an index action) and enter search terms, there is no problem; the user is taken to the search result page. However, the code for the bookactiondispatcher action contains a validate method: @Override public void validate () { logger.debug (Validating an action dispatch ...); if (bookAction.equals (SEARCH) (searchString == null || searchString.equals ())) addActionError (getText (bookindexer.error.search.nosearchstring)); } When the user selects the search action and forgets to specify search terms, he/she is taken back to the page with the form: action name=bookactiondispatcher class=be.vlaamsbrabant.bookindexer.actions.BookActionDispatcher ... result name=input/index.jsp/result ... However: - On the input result page the rich control for the possible book actions is no longer filled up. - I see the contents of index.jsp (with the form), but the URL is http://.../bookindexer/bookactiondispatcher.action (the url for the form action.) I had exactly the same problem in another application. There I removed the validate method and used a specific error result to redirect the user to an error page. How I can still use struts2 validation and have my rich controls (re-)populated when being redirected through an input result? - Aan dit bericht kunnen geen rechten worden ontleend. Alle berichten naar dit professioneel e-mailadres kunnen door de werkgever gelezen worden. Ondernemingsnummer: 0253.973.219 - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - Aan dit bericht kunnen geen rechten worden ontleend. Alle berichten naar dit professioneel e-mailadres kunnen door de werkgever gelezen worden. Ondernemingsnummer: 0253.973.219 - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h
Re: [FRIDAY] Mime Type Validation
My experience is that you cannot trust the mime-type supplied by the browser on a file upload. The same file uploaded with FF or IE will give you different mime-types. It's also dependent on what plugins have been installed in the browser. The only truly reliable methods would be to examine the file, you can't trust the mime-type the client supplies. If you only allow a limited number of file types. e.g. only image files. you should be able to get a list of valid headers/magic numbers and check that the file matches. If you want to know what is the content of an untrusted file then I would look at one of the Apache indexing/searching projects as they likely have file type detection logic. On Fri, Jul 16, 2010 at 9:21 AM, Stephen Turner stur...@mit.edu wrote: We're using Struts 2 for file uploading, and we're filtering the types of files people can upload by checking the file's content type against a list of allowed mime types. This turns out not to be reliable enough. Firefox in particular seems to sometimes provide the wrong mime type, so some valid files are being rejected. My question is: has anyone come across a reliable way to detect a file's mime type? Thanks, Steve - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: jsp in WEB-INF
Add the following to your web.xml file and change the url-pattern's to catch any jsp files you do not want the user to have direct access to. security-constraint display-namePrevent access to raw pages./display-name web-resource-collection web-resource-nameRaw Pages/web-resource-name url-pattern/error.jsp/url-pattern url-pattern/struts/*/url-pattern url-pattern/META-INF/*/url-pattern /web-resource-collection auth-constraint descriptionNo roles, so no direct access/description /auth-constraint /security-constraint On Fri, Jul 16, 2010 at 7:57 AM, J_e_f_f jam0...@gmail.com wrote: Miguel-55 wrote: I use struts 2.1.81. and I don't want that my users access directly my .jsp, so I put them inside WEB-INF. You don't *have* to put your JSPs in WEB-INF to protect them from direct access. You can put them in folders under the web root named according to your package namespace and then add a security constraint to protect those folders in your web.xml. Regards, Jeff -- View this message in context: http://old.nabble.com/jsp-in-WEB-INF-tp29179165p29182852.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Repopulating rich controls
From the Struts 2 FAQ http://struts.apache.org/2.1.8.1/docs/how-do-we-repopulate-controls-when-validation-fails.html On Fri, Jul 16, 2010 at 4:40 AM, Guy Thomas guy.tho...@vlaamsbrabant.be wrote: In a form I use the struts2 action tag to populate a drop down list: s:actionerror / s:form action=bookactiondispatcher namespace=/ theme=simple table tr tdSelect an action:/td tds:action name=bookactions namespace=/ executeResult=true //td /tr tr tdSpecify search terms:/td tds:textfield name=searchString size=44 required=true //td /tr tr tds:submit type=input value=Voer actie uit //td /tr /table /s:form The bookactions action refers to the following jsp (bookactions.jsp): %@ taglib prefix=s uri=/struts-tags% s:radio list=bookActions value=defaultBookAction name=bookAction onclick=setTextFieldVisibility (this.value) theme=simple / As long as I select the select action (there is also an index action) and enter search terms, there is no problem; the user is taken to the search result page. However, the code for the bookactiondispatcher action contains a validate method: @Override public void validate () { logger.debug (Validating an action dispatch ...); if (bookAction.equals (SEARCH) (searchString == null || searchString.equals ())) addActionError (getText (bookindexer.error.search.nosearchstring)); } When the user selects the search action and forgets to specify search terms, he/she is taken back to the page with the form: action name=bookactiondispatcher class=be.vlaamsbrabant.bookindexer.actions.BookActionDispatcher ... result name=input/index.jsp/result ... However: - On the input result page the rich control for the possible book actions is no longer filled up. - I see the contents of index.jsp (with the form), but the URL is http://.../bookindexer/bookactiondispatcher.action (the url for the form action.) I had exactly the same problem in another application. There I removed the validate method and used a specific error result to redirect the user to an error page. How I can still use struts2 validation and have my rich controls (re-)populated when being redirected through an input result? - Aan dit bericht kunnen geen rechten worden ontleend. Alle berichten naar dit professioneel e-mailadres kunnen door de werkgever gelezen worden. Ondernemingsnummer: 0253.973.219 - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 remote commands execution
Thanks for pushing this, your right it is critical and needs to be fixed asap. On Sat, Jul 10, 2010 at 4:02 AM, Meder Kydyraliev mede...@gmail.com wrote: There's a critical remote commands execution vulnerability in XWork(used by Struts2), which fixed in 2.2.0, which isn't released yet but can be downloaded here: http://people.apache.org/builds/struts/2.2.0/ More details about this vulnerability can be found here: http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html Meder - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Display ActionMessage added from different action
Your own your own, you will have to track which action you were going to yourself. You can use the Preparable interface in your actions to store which action in the session. or... Maybe in the redirect you could pass the action name you came from. You can get the action name by adding a method like this to your base action class public String getActionName() { return ActionContext.getContext().getName(); } On Thu, Jul 8, 2010 at 12:18 AM, Franz Wong franzw...@gmail.com wrote: Hi, I am using Struts 2. I have a page which contains 2 forms. Each form corresponds to different Actions (Action B / C). The action adds ActionMessage and redirects back to the original page. I would like to display the ActionMessage in the form which triggered the Action. How do I perform this in Struts? As I see, addActionMessage method only accepts single string as parameter. Action A = Main JSP (Containing 2 Forms) = Action B / C (Both action adds ActionMessage) = Action A Thanks. Franz - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: GET method action current value encoding
Maybe this will help. The Page Encoding is separate and distinct from the URI encoding. On a GET the parameters are encoded according to the URI encoding (not the page encoding). If you are using Tomcat then you need to specify the URI encoding on the Connector in the server.xml file. Example: Connector port=80 protocol=HTTP/1.1 enableLookups=false redirectPort=443 connectionTimeout=2 URIEncoding=UTF-8/ If you are using a different container then you will need to lookup how URI encoding is configured for your container. 2010/7/5 Wataru Kou kou...@gmail.com: Dear Struts users. It reports because it investigated a little more. When StrutsPrepareAndExecuteFilter is used, the value passed with POST in GET at the end of the passed value , is handed over by switching off the district. Isn't does not it investigate with RFC when the same value is handed over with POST after the value is passed with GET, it nor correct operation that only the value of POST is handed over? Moreover, the operation of the METHOD type was investigated with processing in ValueStack. When GET is processed, it is stored with ISO-8859-1. When POST is processed, it is stored with UTF-8. Therefore, when the value is acquired with GET, it is necessary to convert it into UTF-8 from ISO-8859-1. However, ISO-8859-1 in POST afterwards + It becomes UTF-8. The sufficient result cannot be obtained. It devised, and I assumed to the value handed over I evaded this problem. Thank you. 2010年7月3日18:23 kou kou...@gmail.com: I've create GET method action Page with apache struts 2.1.8.1. I'm making a page in encoding UTF-8. struts action is setter value. POST method 's setter value is encoding UTF-8. but GET method 's value is encoding ISO-8859-1. This trouble resolved this Action setter. but When GET was performed and went on POST. The value is Incomplete. Fundamentally, would there be a way to correct a change in a character string besides this way? web.xml: filter-class org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter /filter-class java : action: public class SampleAction extends ActionSupport{ public String execute(){return SUCCESS;} public void setData(String data){ if(ServletActionContext.getRequest().getMethod().equals(GET)){ try { this._data = StringUtils.encoding(data); } catch (UnsupportedEncodingException e) { } }else{ this._data = data; } } public String getData(){return _data;} } class: public class StringUtils { static public String encoding(String str) throws UnsupportedEncodingException { return new String(str.getBytes(ServletActionContext.getResponse().getCharacterEncoding()),ServletActionContext.getRequest().getCharacterEncoding()); } } jsp Page: %@ page language=java contentType=text/html; charset=UTF-8 pageEncoding=UTF-8% !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN http://www.w3.org/TR/html4/loose.dtd; html body GET form method=GET input name=data value=日本語/ input type=submit / /form POST form method=POST input name=data value=日本語/ input type=submit / /formbr / s:property value=data/ /body /html thank you. -- kou kou...@gmail.com - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Weird problem with struts tags
Your basic problem is that having both getEmployee() and isEmployee() is a violation of the JavaBeans standard so you are asking for trouble. The Employee property is not a boolean so you really should rename isEmployee() to something else (maybe isTypeEmployee()). If you can't do this then you shouldn't use the OGNL dot style syntax, instead use explicit java method call style naming like Ken suggested. WRT the upper vs lower case 'E': The correct use is lowercase 'e'. I have heard reports that different versions of OGNL are tolerant of different cases but you may be causing it to do extra work and slowing down the evaluation of the expression. Better to just stick with the expected leading lowercase letter. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Passing parameters to getter methods?
Well technically it's not a getter since it takes a parameter but that doesn't matter you can call any method on your action just using the full name and calling it like in java. s:iterator value=getProducts(#index) var=product status=stat Now I'm not sure what you are trying to do with the #index syntax since getProducts() will be called once and should return a Collection or Array, it is not called on each loop of the iterator. You may need a different form of the iterator tag. http://struts.apache.org/2.1.8.1/docs/iterator.html On Fri, Jun 25, 2010 at 4:25 AM, Alex Rodriguez Lopez alo...@flordeutopia.pt wrote: You can do this without parameters. Write a setter for this index property (to save it), and then in the getter you grab the saved value. Hi, I want to call s:iterator and fetch a list by passing it an index. This list will be dynamically generated. s:iterator value=products[#index] var=product status=stat where I want getProducts(Integer index) to be called. Is this possible? Thanks Chris - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2 Browser Caching
We use Tomcat and have written a simple filter to set the cache control headers on static content. (see below) We handle the issue with changing JS and CSS files by versioning them on releases. So when we update a app to version 2 we rename the JS and CSS files to add a version number so the new pages wont get the old JS from a cache. Here is the filter to set headers: public class SetHeadersFilter implements Filter { private FilterConfig _filterConfig; public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; for (Enumeration? e = _filterConfig.getInitParameterNames(); e.hasMoreElements();) { String header = (String) e.nextElement(); response.setHeader(header, _filterConfig.getInitParameter(header)); } filterChain.doFilter(req, res); } public void init(FilterConfig filterConfig) { this._filterConfig = filterConfig; } public void destroy() { this._filterConfig = null; } } Here is how we use the filter in web.xml: filter descriptionCache-Control for static resources/description filter-nameStaticCacheControlFilter/filter-name filter-classcom.allmanint.common.servlet.SetHeadersFilter/filter-class init-param param-nameCache-Control/param-name param-valuemax-age=3600, must-revalidate/param-value /init-param /filter filter-mapping filter-nameStaticCacheControlFilter/filter-name url-pattern/images/*/url-pattern /filter-mapping filter-mapping filter-nameStaticCacheControlFilter/filter-name url-pattern/css/*/url-pattern /filter-mapping filter-mapping filter-nameStaticCacheControlFilter/filter-name url-pattern/js/*/url-pattern /filter-mapping filter-mapping filter-nameStaticCacheControlFilter/filter-name url-pattern*.ico/url-pattern /filter-mapping On Mon, Jun 14, 2010 at 9:14 AM, James Cook james.c...@wecomm.com wrote: Unfortunately they don't say how they managed it, it is mostly people complaining that when they change their JS file, without modification to the url that accesses the resource the user would have to ctrl+f5 it... Sorry :( -Original Message- From: RogerV [mailto:roger.var...@googlemail.com] Sent: 14 June 2010 12:57 To: user@struts.apache.org Subject: RE: Struts 2 Browser Caching James Cook-13 wrote: Nope, no misunderstanding. All I was saying was that people seem to experience the opposite to what you are experiencing. Like you said, they have what you want... I don't suppose that you happen to have one of your google searches to hand do you? I'm obviously using the wrong keywords :( Regards -- View this message in context: http://old.nabble.com/Struts-2---Browser-Caching-tp28876782p28878618.htm l Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Action redirect back to called actions
You can configure a dynamic result like this: result type=redirectAction param name=actionName${nextAction}/param /result In your action class you would then need a method String getNextAction() that returns the next action name. On Thu, Jun 17, 2010 at 1:19 AM, Amol Ghotankar ghotankaru...@gmail.com wrote: Hello. I am using struts 2.0.x and facing one issue mentioned below. I have actions x, y, z from these three actions I can call action A. Now what i want is whichever action calls A success of A must redirect to called action. x--- A --- x y--- A --- y z--- A --- z But I also do not want to use static binding here and it must be automatically done for some action means if tomorrow I decide n--- A --- n, it must work without any changes. Can I write such result type or something from where I can get the called action from value stack etc.. Please help me on the same. Regards, Amol Ghotankar cursivetech.com - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Action redirect back to called actions
Well you are need to track and supply which action name you want the redirect to go to. Here is a handy tip; to get the current action name from your action class you can add a method like this: public String getActionName() { ActionContext context = ActionContext.getContext(); String actionName = context.getName(); return actionName; } On Thu, Jun 17, 2010 at 9:55 AM, Amol Ghotankar ghotankaru...@gmail.com wrote: Dear Greg, I understood this of how to redirect to next action. But I want to get the previous action from the context which called this action. For eg. LoginAction calls LoadHomeAction, so can I get the details of which action called LoadHomeAction in it. Inshort *can the called Action get the details of calling action directly from the context *or value stack etc.. Please guide me. With regards, Amol Ghotankar cursivetech.com On Thu, Jun 17, 2010 at 7:17 PM, Amol Ghotankar ghotankaru...@gmail.comwrote: Dear Greg. Thanks for the information. Is this an inbuilt variable or we need to define it somewhere in the calling action. Can we also the namespace of the calling action in the called action directly. Regards, Amol Ghotankar cursivetech.com On Thu, Jun 17, 2010 at 6:31 PM, Greg Lindholm greg.lindh...@gmail.comwrote: You can configure a dynamic result like this: result type=redirectAction param name=actionName${nextAction}/param /result In your action class you would then need a method String getNextAction() that returns the next action name. On Thu, Jun 17, 2010 at 1:19 AM, Amol Ghotankar ghotankaru...@gmail.com wrote: Hello. I am using struts 2.0.x and facing one issue mentioned below. I have actions x, y, z from these three actions I can call action A. Now what i want is whichever action calls A success of A must redirect to called action. x--- A --- x y--- A --- y z--- A --- z But I also do not want to use static binding here and it must be automatically done for some action means if tomorrow I decide n--- A --- n, it must work without any changes. Can I write such result type or something from where I can get the called action from value stack etc.. Please help me on the same. Regards, Amol Ghotankar cursivetech.com - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Migrating from Struts 2.0.x to 2.1.8.x
It should be a pretty easy migration and all the issues are documented here https://cwiki.apache.org/confluence/display/S2WIKI/Troubleshooting+guide+migrating+from+Struts+2.0.x+to+2.1.x On Wed, Jun 16, 2010 at 2:36 AM, Amol Ghotankar ghotankaru...@gmail.com wrote: On Wed, Jun 16, 2010 at 12:05 PM, Amol Ghotankar ghotankaru...@gmail.comwrote: Dear user list, How difficult and risky it is to shift my project from struts 2.0.x to 2.1.8.x. I have a very huge erp project done 80% in struts 2.0.x, will you recommend to use new struts or complete the project without any major change. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [s2] broken documentation in web site
I've whined about this several times and nobody seems to care enough about it to fix it. So maybe it is a dying project. Blaming Confluence doesn't actually help the situation if no one is working with Confluence to fix it. If the 2.1.8 version of the docs is working then why isn't it hooked into the website? On Tue, Jun 15, 2010 at 10:08 AM, Lukasz Lenart lukasz.len...@googlemail.com wrote: 2010/6/15 hernan gonzalez hgonza...@gmail.com: More than 40 days passed, and still broken. http://struts.apache.org/2.1.8.1/docs/tag-reference.html This is getting depressing, it makes Struts2 look as an dying project. The problem isn't with Struts itself but with Confluence Autoexport plugin and the latest version of the Confluence, you can alwys use http://struts.apache.org/2.1.8/docs/tag-reference.html Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Kapituła Javarsovia 2010 http://javarsovia.pl - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 empty action extension help request
You need to change your filter-mapping in web.xml so that static resources like images, css, js etc do not get processed by the struts filter. This is what I use where all actions use the *.action extension. filter filter-namestruts2/filter-name filter-classorg.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter/filter-class /filter filter-mapping filter-namestruts2/filter-name url-pattern*.action/url-pattern /filter-mapping filter-mapping filter-namestruts2/filter-name url-pattern/struts/*/url-pattern /filter-mapping If you don't want to use an extension you can use a prefix that matches your namespace and you can have multiple filter-mapping definitions one for each namespace. filter-mapping filter-namestruts2/filter-name url-pattern/xxx/*/url-pattern /filter-mapping filter-mapping filter-namestruts2/filter-name url-pattern/yyy/*/url-pattern /filter-mapping The drawback with this is it doesn't work for the root (/) namespace and since filter-mapping does not support any exclude pattern you can't just exclude the images etc. You may be able to modify the struts filter to exclude certain patterns, assuming it doesn't already have this feature it sounds like a nice enhancement. On Thu, Jun 3, 2010 at 5:16 PM, Phil Davis texasp...@gmail.com wrote: Bummer, Even with two namespaces, / and /images it still wants to run the image file, /images/logo.gif, as an action under the /images namespace, it complains that there is no action mapped I also tried a single namespace for / and got the same error. So, I think this is a bug... one that probably will not occur very often, because I am not using struts in a normal way, but it does not provide the functionality that I need. There should be a way to specify URLs and files that are NOT actions, at least when using a blank extension. I absolutely need blank extension... I hate extensions! and no one will know what extension to goto to start the page the default page should be www.example.com, which is usually a static page, but I don't want a static page... I want to use some type of action. Sure I could do a redirect yuck! One more thing to try separate projects OK, when I create a separate project /images and change the URL in the JSP file to the absolute path /images/logo.gif ... it works! This is a separate project, not a namespace or anything within the defined project This is a HACK, but I can live with it for now! I still think it is a bug that empty extensions cause regular files to cease to work. Phil - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2: Referring to resources (images, stylesheets, ...)
Use the s:url tag to generate the URL to the css file, this will ensure it has the correct context. Like this: link rel=stylesheet type=text/css href=s:url value='/css/intrabib.css' / / This will generate the correct path even if you deploy your app in a context other then root. On Wed, Jun 2, 2010 at 9:36 AM, ch...@chrismiles.org wrote: It would make sense to use absolute links rather than relative ones. Your CSS folder you shoudl put on your root and always link to it with /css/blah.css and the same with images then you wont get into directory problems. Chris You should not call your page from a link but always go through an action. It is more secure and also it would solve your problem. Nevertheless, one solution is to use the s:url tag. Cimballi On Wed, Jun 2, 2010 at 3:12 AM, Guy Thomas guy.tho...@vlaamsbrabant.be wrote: Hallo, On a jsp page booksearchresult.jsp I have added a link to a stylesheet in the html-header: link href=css/intrabib.css ... This jsp page is sometimes displayed as the result of a struts action (case A): action name=boekzoekerresultaten class=bookSearch result name=success param name=location/apps/intrabib/booksearchresult.jsp/param /result ... /action sometimes as the result of a link (case B): http://localhost:8080/intrabib/apps/intrabib/booksearchresult.jsp?... The css folder is in the folder where the jsp pages are. The way the stylesheet is referred above, it only works in case B. I can change the stylesheet reference so that it works for case A, but then it doesn't work for case B anymore. I'm having similar problems with image references. The question is how I have to refer in a Struts2 environment to resources on a jsp page so that they are found whether this page that is the result of a Struts2 action or the result of a direct link. Thank you, Guy Thomas - Aan dit bericht kunnen geen rechten worden ontleend. Alle berichten naar dit professioneel e-mailadres kunnen door de werkgever gelezen worden. Ondernemingsnummer: 0253.973.219 -- Cimballi JAVA J2EE Freelance http://javajeeleader.elance.com/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts Form generation problem
Or... use simple theme and do all your own layout. 2010/5/30 Paweł Wielgus poulw...@gmail.com: Hi Chris, i don't know about any param or switch to turn 3 columns mode, but You can write your own template for it and make as many columns as You like and put inside cell or row anything You like. Best greetings, Paweł Wielgus. 2010/5/29 Chris Miles ch...@chrismiles.org: Hi folks. I am creating a Struts form using the default theme to generate the table data but I have a few issues. The table is only two columns. Is there a default way of setting more columns and rows on the form? How can I add extra information such as a span or an anchor within the form and have it automatically surrounded by the correct table tags? Thanks Chris - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Regular Expression Denial of Service Attacks and Defenses
Hi abhishek, The meaning of the expression is explained in the article; the point is not the usefulness of the expression but that it is badly formed so that the regex engine can take an extremely long time to determine that the test string does not match the expression (also explained in the article). The upshot is that regex expressions that fail slowly can be used by the bad guys to mount a Denial of Service attack against your site. The problem with the expression ^(\d+)+$ is that it is trying to match groups of digits and a string of digits can be grouped in many permutations. If you try to match it against a long sting of digits (say 30) followed by a non-digit the regex engine will attempt to match every possible permutation before it gives up and decides it doesn't match which can take a very long time. On Mon, May 31, 2010 at 7:43 AM, abhishek jain abhishek.netj...@gmail.com wrote: Hi Greg, just a doubt , on looking at first sight i dont understand what does the regex ^(\d+)+$ do additionally. As it should be equivalent to ^(\d+)$ I am more perlish (from perl) biased which says the regex is greedy and hence it will anyway to the maximum match, pl. clarify, thanks abhishek On Fri, May 28, 2010 at 12:42 AM, Greg Lindholm greg.lindh...@gmail.comwrote: This link is to an article that talks of how Denial of Service attacks can target vulnerable Regular Expressions. Regular Expression Denial of Service Attacks and Defenses http://msdn.microsoft.com/en-us/magazine/ff646973.aspx (Not sure if you need to login to see this page, I hope not.) A friend tested the example expression ^(\d+)+$ using the Java Regex library and discovered it is vulnerable and a badly formed 30 character string was taking over 2 minutes to determine that it didn't match. Struts 2 (and many other frameworks) use regular expressions in validation. I'm wondering if anyone has checked to see if any of the built in regex expressions are vulnerable, I'm thinking specifically of the email address validation? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Migration problem from 2.0.x to 2.1.6
Here is a link to the same page that is working https://cwiki.apache.org/confluence/display/S2WIKI/Troubleshooting+guide+migrating+from+Struts+2.0.x+to+2.1.x On Fri, May 28, 2010 at 4:35 AM, Gwen Harold Autencio gwenharol...@yahoo.com wrote: Ahh I see thanks .. i'll read on it .. --- On Thu, 5/27/10, Greg Lindholm greg.lindh...@gmail.com wrote: From: Greg Lindholm greg.lindh...@gmail.com Subject: Re: Migration problem from 2.0.x to 2.1.6 To: Struts Users Mailing List user@struts.apache.org Date: Thursday, May 27, 2010, 10:50 PM Check out the wiki entry for migrating https://cwiki.apache.org/S2WIKI/troubleshooting-guide-migrating-from-struts-20x-to-21x.html There is a section Filter Mapping, default Action extensions, and Servlets that should help. Unfortunately the docs seem to still be messed up. sigh On Thu, May 27, 2010 at 1:48 AM, Gwen Harold Autencio gwenharol...@yahoo.com wrote: Hi, I got a Servlet which doesn't extends to an action. Looking for a work around without extending the servlet to an action because it's already has extends another class. Any ideas ? I'm getting this in the logs 2010-05-27 13:46:44,962 [btpool0-8] WARN org.apache.struts2.dispatcher.Dispatcher - Could not find action or result There is no Action mapped for namespace / and action name repository/internal/. - [unknown location] at com.opensymphony.xwork2.DefaultActionProxy.prepare(DefaultActionProxy.java:177) at org.apache.struts2.impl.StrutsActionProxy.prepare(StrutsActionProxy.java:61) at org.apache.struts2.impl.StrutsActionProxyFactory.createActionProxy(StrutsActionProxyFactory.java:39) at com.opensymphony.xwork2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:47) at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:458) - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts url, a, and iterator tag behaviour
Use the href not the value attribute to specify the URL. Unless you are use the tag ajax support there is no reason to use the s:a tag just use the plain html a tag like a href=${companyId} On Thu, May 27, 2010 at 8:38 PM, Ken ken.mcwilli...@aerose.com wrote: I am trying to dynamically construct a url inside an iterator tag and use that result in an anchor. s:iterator value=next s:url id=companyId action=companyDetails.action namespace=/secure s:param name=group value=log.id.mlgroup/ s:param name=id value=log.id.mlid/ /s:url tr tds:property value=log.id.mlgroup//td tds:property value=log.id.mlid//td tds:property value=log.mlco//td tds:a value=%{companyId}s:property value=cur.mco//s:a/td /tr /s:iterator This is producing the following html: (Showing two iterations only) tr td01 /td td24737/td td TEST ** FOCUS INDUSTRIAL /td tda TEST ** FOCUS INDUSTRIAL /a/td /tr tr td01 /td td0/td td==+** THE TEST COMPANY **+/td tdaCASH ** THE TEST COMPANY ** /a/td /tr Any Ideas? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Migration problem from 2.0.x to 2.1.6
Check out the wiki entry for migrating https://cwiki.apache.org/S2WIKI/troubleshooting-guide-migrating-from-struts-20x-to-21x.html There is a section Filter Mapping, default Action extensions, and Servlets that should help. Unfortunately the docs seem to still be messed up. sigh On Thu, May 27, 2010 at 1:48 AM, Gwen Harold Autencio gwenharol...@yahoo.com wrote: Hi, I got a Servlet which doesn't extends to an action. Looking for a work around without extending the servlet to an action because it's already has extends another class. Any ideas ? I'm getting this in the logs 2010-05-27 13:46:44,962 [btpool0-8] WARN org.apache.struts2.dispatcher.Dispatcher - Could not find action or result There is no Action mapped for namespace / and action name repository/internal/. - [unknown location] at com.opensymphony.xwork2.DefaultActionProxy.prepare(DefaultActionProxy.java:177) at org.apache.struts2.impl.StrutsActionProxy.prepare(StrutsActionProxy.java:61) at org.apache.struts2.impl.StrutsActionProxyFactory.createActionProxy(StrutsActionProxyFactory.java:39) at com.opensymphony.xwork2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:47) at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:458) - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Now the wiki is also messed up
Come on guys... The docs have been messed up for a while and now the wiki is messed up. On this page https://cwiki.apache.org/S2WIKI/troubleshooting-guide-migrating-from-struts-20x-to-21x.html All the code samples are missing, they show up as a squiggly line. Even the home page links to the Wiki are broken https://cwiki.apache.org/S2WIKI/home.html takes you to a not found page and after a few seconds you are redirected to a folder listing. Docs are so important for a open source project, someone needs to work on getting them fixed. (Pretty please) - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Regular Expression Denial of Service Attacks and Defenses
This link is to an article that talks of how Denial of Service attacks can target vulnerable Regular Expressions. Regular Expression Denial of Service Attacks and Defenses http://msdn.microsoft.com/en-us/magazine/ff646973.aspx (Not sure if you need to login to see this page, I hope not.) A friend tested the example expression ^(\d+)+$ using the Java Regex library and discovered it is vulnerable and a badly formed 30 character string was taking over 2 minutes to determine that it didn't match. Struts 2 (and many other frameworks) use regular expressions in validation. I'm wondering if anyone has checked to see if any of the built in regex expressions are vulnerable, I'm thinking specifically of the email address validation? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: PRG pattern question
I don't believe there is any canned best practice solution for this issue. My apps do the same thing; on a successful post I redirect to a get, on a validation error they simply forward back to the jsp so as to preserve the input data. It is possible to manually include all your form fields data as parameters on the redirect but that is very tedious and error prone and on large forms you may hit url size limitations. For me I've just accepted that on a validation fail the back button will be un-friendly. If you want to take the route of passing all your fields back on the redirect when validation fails you could probably write a custom result type that would automatically append all the request parameters to the redirect url. I don't think this would be too hard to write. Your only other option would be to stuff the data into the session and then pull in out on the next get. I would not recommend this approach, it appears to me to be very error prone as there is no guarantee that the next request will be the one that wants the data or that the request will ever happen. You could end up filling up the session with data that never get retrieved. Just seems like a poor design. On Wed, May 26, 2010 at 8:45 AM, szerintedmi szerinte...@gmail.com wrote: Hi Everybody, I would like to ask some advice implementing PRG pattern with struts2 (using 2.0.14). I can easily handle a normal scenario : 1.GET showItem.action?itemId=1 result: showItem.jsp 2. POST saveItem.action result: redirect-action: success?itemId=1 3. GET success?itemId =1 result: success.jsp Browser back works perfectly with this workflow. However if there is a form error at step 2.: 1. GET showItem.action?itemId=1 result: showItem.jsp 2.1 POST saveItem.action result: showItem.jsp (with field/action errors) 2.2 POST saveItem.action (user fixed errors on form) result: redirect-action: success?itemId=1 3. GET success?itemId=1 result: success.jsp In this scenario if the user press back after the 3rd step he gets a page with saveItem.action url (without params) and with a re-submit browser alert. If a form validation error happens I could use a redirect-action result to showItem.action at step 2.1. But that way I'm loosing all the posted form data and the data field/action errors. Alternativelly I could use the same action to show and save, that way url would be showItem after 2.1 but still without url params. I could hack url query string to the reponse but still have re-submit alerts from browser after user press back button because that was a result of a post. What is the best practice to handle form errors with struts if I want to implement Post-Redirect-Get pattern? Thanks, Peter - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: ActionContext.getContext().getSession() vs. SessionAware injection (about servlet maps)
Writing unit tests are significantly easier when you have dependencies injected with the xxxAware Interfaces. On Thu, May 20, 2010 at 7:11 AM, Alex Rodriguez Lopez alo...@flordeutopia.pt wrote: Hi Struts users! I was wondering, after reading about the ServletConfigInterceptor, if there are differences in obtaining the session map via the method ActionContext.getContext().getSession() or have it injected through SessionAware. The map that I end up with is the same so... why have to implement any thing at all when it is easily obtainabe through ActionContext.getContext().getSession()? Same goes for application map... But obtaining the request map is confusing me a little bit. Through ActionContext I can only get a map of request parameters, the request attributes I can only get through requestAware injection. Wouldn't it be nice to have a method in ActionContext.getContext() to return a map of both request parameters and attributes? Does it make sense or am I missing something? Any comments on this doubts? Can someone elaborate a little bit on this subject or point out to references explaining this? Regards! - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Online docs messed up
It appears the online docs are messed up: http://struts.apache.org/2.x/docs/tag-reference.html Sorry if I'm repeating well know information. Or, is there a better URL to use? This URL looks about the same. http://struts.apache.org/2.1.8.1/docs/guides.html - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Online docs messed up
Still looks messed up. I've cleared my browsers cache and forced a reload. When I navigate in from http://struts.apache.org/ I get the 2.1.8.1 version of the docs: http://struts.apache.org/2.1.8.1/docs/tag-reference.html (messed up) Sometime earlier I had book-marked the 2.x docs: http://struts.apache.org/2.x/docs/tag-reference.html (messed up) If I manual type in the address the 2.1.8 version of the docs these look ok http://struts.apache.org/2.1.8/docs/tag-reference.html (ok) Greg On Fri, May 14, 2010 at 11:53 AM, Lukasz Lenart lukasz.len...@googlemail.com wrote: 2010/5/14 Greg Lindholm greg.lindh...@gmail.com: It appears the online docs are messed up: http://struts.apache.org/2.x/docs/tag-reference.html Sorry if I'm repeating well know information. Or, is there a better URL to use? This URL looks about the same. http://struts.apache.org/2.1.8.1/docs/guides.html Should be ok, I copied css file from 2.1.8 Regards -- Łukasz http://www.lenart.org.pl/ Kapituła Javarsovia 2010 http://javarsovia.pl - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Catch all method for actions?
You can add a default action to catch any random hits default-action-ref name=Unknown / action name=Unknown class=xxx.struts.UnknownAction interceptor-ref name=unknownActionStack / resultError.jsp/result /action On Tue, May 11, 2010 at 11:34 AM, Mitch Claborn mi...@claborn.net wrote: A security scan on our site is sending a request like /emailalink!XxXaXaXXaXaXxX.html which produces an exception com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor com.csc.mm.web.action.EmailLink.XxXaXaXXaXaXxX() java.lang.NoSuchMethodException: com.csc.mm.web.action.EmailLink.XxXaXaXXaXaXxX() at java.lang.Class.getMethod(Unknown Source) at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.getActionMethod(AnnotationValidationInterceptor.java:75) at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:47) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:122) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:195) etc I'd like to be able to somehow capture those requests into a catch-all or default method on the action so that I can do something intelligent, rather than just allowing an error page to show up. Is there a way to do this? Mitch - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: input fields with dynamic names
You are probably looking for ParameterAware http://struts.apache.org/2.x/struts2-core/apidocs/org/apache/struts2/interceptor/ParameterAware.html On Wed, Apr 28, 2010 at 12:47 PM, Mitch Claborn mi...@claborn.net wrote: I'm sure I've seen the answer to this somewhere, but darned if I can find it now when I need it! I have a page that allows edits of various options, the names of which are dynamically retrieved from the database. If I have the code in the JSP as below, the value displayed in the text field is always that from the database. If there is a validation error, the user's input value is not maintained as it would be if there were an explicit getter/setter for each option name. Is there a way to code the Action (or the JSP) so that the value shown is the user's input value if there is an error? s:iterator value=authorizedOptions id=o s:textfield size=10 name=${o.optionName} id=${o.optionName} value=${o.valueInt} / Mitch - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: previous action
I've added this method to my ActionBase class to get the action name. /** * Gets the action name. This is just the bare name without .action extension. * * This is equivalent to #context['struts.actionMapping'].name from in a JSP. * * @return the action name */ public String getActionName() { return ActionContext.getContext().getName(); } On Thu, Apr 15, 2010 at 5:44 AM, Robert Graf-Waczenski r...@lsoft.com wrote: lucas owen schrieb: thanks for the answer, but I'm completely sure you can obtain it from ActionContext or ActionInvocation or something similar... Not to my knowledge (i may be wrong, though). My understanding of the ActionContext and the ActionInvocation is that both are valid only per request. Anything you need beyond this is a session attribute that you have to maintain yourself, as per Kun Niu's suggestion. Robert - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: textfield with Date object
Don't get me wrong, I think Struts does the best it can, the problem is many developers who have never written an I18N app seem to expect it to just work auto-magically and it doesn't. One of the issues is the only automatic handling relies on the browsers accept-language header. An experience shows that you just cannot rely on the accept-language header always being present or set correctly. The developer may put a field on the screen and ask the user to enter a date yet the application may have no idea what locale that user is in and thus no idea what properly formatted date should look like. The best approach for getting a date from the user (if you can't use a javascript control) is to always specify the format you are expecting. Enter start date (mm/dd/): [ ] You can adjust the prompt based on the locale you think the user is in. So if you think the user is in Canada your en_CA bundle can specify the prompt like this: Enter start date (dd/mm/): [ ] My main point is the developer needs to manage the Locale and let the user know what is expected and that struts will not handle it automatically. On Wed, Mar 31, 2010 at 7:21 AM, Rene Gielen gie...@it-neering.net wrote: Hi, (copied from an earlier thread on numbers) see http://struts.apache.org/2.1.8.1/docs/formatting-dates-and-numbers.html It is important to know that Struts 2 has always a locale context request for each request, which affects both formating and parsing dates and numbers. The request locale is determined as follows: 1. Request parameter (http://struts.apache.org/2.1.8/docs/i18n-interceptor.html) 2. Session attribute (http://struts.apache.org/2.1.8/docs/i18n-interceptor.html) 3. Browser preference 4. Server side JVM default The first matching lookup wins. The type conversion mechanism tries to parse dates and numbers in the current locale context, thus you should be fine when you ensure that you have a consistent locale request setting both for the first request (rendering the form and the current value in the textfield) and the second request (processing the submitted form). - René Wick, Dan schrieb: I accept your answer, but Struts2 should just handle this! :-( I guess I'll write a number of helper methods like you did. -Original Message- From: Greg Lindholm [mailto:greg.lindh...@gmail.com] Sent: Tuesday, March 30, 2010 10:14 AM To: Struts Users Mailing List Subject: Re: textfield with Date object (Seems like I just answered this question... but here it is again this time for Dates) In my experience it's better to define number (and time) input fields as String and perform the conversion and validation in your action using java.text.NumberFormat (and java.text.DateFormat). This puts you in control of the process and let's you handle I18N issues that way you want to without fighting Struts. I typically have a couple of helper methods I put into the base Action class that simplify getting the users Locale and DateFormat. Depending on the app the users Locale may come from a Login object or the browser request (which Struts can retrieve) or from a cookie. On Tue, Mar 30, 2010 at 10:34 AM, Wick, Dan daniel.w...@donaldson.com wrote: Does anyone know how to change the format of dates coming in on a text input being backed by a java.util.Date in the Action? If I enter dates in US format (ex: 3/31/2010 for March 31, 2010) everything is fine. This requires a different style input though, using Day/Month/Year (31/3/2010). I suppose I could take in a string parse it for a date myself, but I'm wondering if there's a Right way to do it. --Dan -- Snip of jsp page -- Date Of Birth* s:textfield name=dob required=true tabindex=4 size=30 cssClass=staticBody cssErrorClass=formError/ -- End snip of jsp page -- -- Snip of Action -- private Date dob; public Date getDob() { return dob; } �...@requiredstringvalidator(message=Date of Birth is required., trim=true) public void setDob(Date dob) { this.dob = dob; } -- End snip of Action -- - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- René Gielen IT-Neering.net Saarstrasse 100, 52062 Aachen, Germany Tel: +49-(0)241-4010770 Fax: +49-(0)241-4010771 Cel: +49-(0)163-2844164 http://twitter.com/rgielen
Re: [s2] number format s:textfield tag
In my experience it's better to define number (and time) input fields as String and perform the conversion and validation in your action using java.text.NumberFormat . This puts you in control of the process and let's you handle I18N issues that way you want to without fighting Struts. I typically have a couple of helper methods I put into the base Action class that simplify getting the users Locale and NumberFormat. Depending on the app the users Locale may come from a Login object or the browser request (which Struts can retrieve) or from a cookie. On Tue, Mar 30, 2010 at 5:56 AM, Juanjo C jjcuadr...@gmail.com wrote: Any idea? 2007/10/23 Pedro Herrera pedro_herr...@hotmail.com Hi, I have a currency input field (BigDecimal). In my location the decimal point is comma, eg, 10,00(==10.00) must be permitted. Struts is throwing a message error : Invalid field value for field valor. Thanks Herrera -- View this message in context: http://www.nabble.com/-s2--number-format-s%3Atextfield-tag-tf4680318.html#a13373598 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Populate: Implement preparable or richer getter approach
I will typically retrieve everything I need to populate the fields in prepare() and try to do it within a single db transaction. One issue with doing db retrieval from within a getter is the getter may be called multiple times which would mean repeating db queries (inefficient) or doing lazy loading (adds complexity). In most cases you should know what data the page will need to populate controls etc. so better just get it all at once. Summary: I never to db retrieval in a getter, always use prepare(). On Tue, Mar 30, 2010 at 6:37 AM, Alex Rodriguez Lopez alo...@flordeutopia.pt wrote: Hi to all, as I learn more things about S2 some questions emerge about best practices more experiences users might know how to do best. I believe it is a common problem having to populate fields like selects first thing (with data from DB or stored in session) before any task is done. This is accomplished by the prepare() method, but I have been doing this too directly in getters, so when the form wants the list data they are called and if necessary retrieve data from session or DB (all in the getter from that property, usually lists for selects). So why sould I use prepare() to populate things or do it directly in getters? What do you use to accomplish this? Advantages of either method? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: textfield with Date object
(Seems like I just answered this question... but here it is again this time for Dates) In my experience it's better to define number (and time) input fields as String and perform the conversion and validation in your action using java.text.NumberFormat (and java.text.DateFormat). This puts you in control of the process and let's you handle I18N issues that way you want to without fighting Struts. I typically have a couple of helper methods I put into the base Action class that simplify getting the users Locale and DateFormat. Depending on the app the users Locale may come from a Login object or the browser request (which Struts can retrieve) or from a cookie. On Tue, Mar 30, 2010 at 10:34 AM, Wick, Dan daniel.w...@donaldson.com wrote: Does anyone know how to change the format of dates coming in on a text input being backed by a java.util.Date in the Action? If I enter dates in US format (ex: 3/31/2010 for March 31, 2010) everything is fine. This requires a different style input though, using Day/Month/Year (31/3/2010). I suppose I could take in a string parse it for a date myself, but I'm wondering if there's a Right way to do it. --Dan -- Snip of jsp page -- Date Of Birth* s:textfield name=dob required=true tabindex=4 size=30 cssClass=staticBody cssErrorClass=formError/ -- End snip of jsp page -- -- Snip of Action -- private Date dob; public Date getDob() { return dob; } �...@requiredstringvalidator(message=Date of Birth is required., trim=true) public void setDob(Date dob) { this.dob = dob; } -- End snip of Action -- - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
S2 s:form in interator really slow
Struts 2.1.8 I had one page in the application I'm working on which was really really slow... it was taking 4-5 seconds to render the jsp page. It's a very simple page, just a list of 10 to 15 items that are iterated over and each one gets a form with one hidden field and a button. It appears it's the s:form tag that is is culprit. Here is the original: s:iterator value=#action.userConnectionsPaged s:if test=typeNoConnection div class=section s:form action=AddConnection theme=simple s:hidden name=userId value=%{userId} theme=simple/ s:submit cssClass=button key=FindConnections.action.addConnection theme=simple/ /s:form /div /s:if /s:iterator Here what I replaced it with to make it run fast: s:iterator value=#action.userConnectionsPaged s:if test=typeNoConnection div class=section form action='s:url action=AddConnection /' input type=hidden name=userId value='${userId}' / input type=submit name=FindConnections.action.addConnection value='s:text name=FindConnections.action.addConnection/' class=button/ /form /div /s:if /s:iterator That was the only change I made to the page and now there is no noticeable delay in rendering the page. Anyone have any idea what would cause the s:form tag to take so long? Is there a bug or something with it? Is there any additional information I can provide to help someone figure out what is going on? I've seen reports on this mailing list of slow rendering of jsp pages but never encountered myself before. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: struts.xml vs struts.properties which takes a precedence?
This page shows the search order: http://struts.apache.org/2.x/docs/constant-configuration.html - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Form values getting empty After validation failure
Does this FAQ entry help? http://struts.apache.org/2.x/docs/how-do-we-repopulate-controls-when-validation-fails.html - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [Struts2] Retrieve parameter scope variables with OGNL
This seems to be a common problem that has been asked about many times on this list (see search for include + param): http://old.nabble.com/forum/Search.jtp?forum=206local=yquery=include+param I've never seen a definitive answer (but maybe it's buried in the above search). In my latest project we decided to switch to using Tag files instead of includes and they work great, I'll never go back to includes. With tag files you can pass type-safe parameters (called attributes) and they are easy to access in struts tags with #attr. Here are a couple references on Tag files. http://java.sun.com/j2ee/1.4/docs/tutorial/doc/JSPTags5.html http://onjava.com/pub/a/onjava/excerpt/jserverpages3_ch11/index.html On Thu, Mar 25, 2010 at 9:04 AM, poof65 poo...@gmail.com wrote: No i didn't try this syntax because param is a special EL variable that contain request parameter and i don't have a variable named param. I've just tried to be sure and it didn't work either. I thought it was contained in the ognl #parameters special variable but apparently it's not the case. On Thu, Mar 25, 2010 at 12:20 PM, Hoying, Ken ken_hoy...@premierinc.com wrote: If you can display it with ${ param.blocSource }, did you try #attr.param.blocSource? -Original Message- From: poof65 [mailto:poo...@gmail.com] Sent: Thursday, March 25, 2010 6:01 AM To: user@struts.apache.org Subject: [Struts2] Retrieve parameter scope variables with OGNL Hi, i'm using jsp:include to include a jsp from another but i've a problem to get the value set in the jsp:param tag. jsp:include page=../include/blocs/blocEnteteDossier.jsp jsp:param name=blocSource value=depeche / /jsp:include I can display the value with EL (${ param.blocSource }) but my goal is to test it in a s:if tag. I've tried many solutions but none of them give me the correct result. s:property value=blocSource/ s:property value=#blocSource/ s:property value=#attr.blocSource/ s:property value=#request.blocSource/ s:property value=#session.blocSource/ s:property value=#application.blocSource/ s:property value=#parameters.blocSource/ My question is, are the struts scopes compatbiles with standards jsp/servlets scopes ? Thanks for reading :-) - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - ***Note:The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the Sender immediately by replying to the message and deleting it from your computer. Thank you. Premier Inc. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Nabble and mailing list archives
http://www.mail-archive.com/user@struts.apache.org/ Thanks that archive works fine. Nabble must have just had a hiccup, my bookmark took me into the 'new' nabble site where I couldn't fine anything on struts, I then found the old.nabble.com but the struts user thread had had no updates for several days, and was missing a post that I was trying to find to follow up on. I see that http://old.nabble.com/Struts---User-f206.html is now getting updates but is still missing threads from a couple days ago. Again, must have just been an hiccup. On Fri, Feb 26, 2010 at 6:28 AM, Alex Rodriguez Lopez alo...@flordeutopia.pt wrote: Em 25-02-2010 18:54, Greg Lindholm escreveu: This mailing list on Nabble seems to be gone, at least I can't find it. Nabble switched over to a new system and old system is now at old.nabble.com but doesn't seem to be getting updates anymore. Anyone working to get this mailing list archived on the New and Improved nabble or is there a better place to search the mail archives? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org Don't know exaclty what your problem is, but I'm able to read and search this list at: http://www.mail-archive.com/user@struts.apache.org/ -- Alex Lopez - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Nabble and mailing list archives
This mailing list on Nabble seems to be gone, at least I can't find it. Nabble switched over to a new system and old system is now at old.nabble.com but doesn't seem to be getting updates anymore. Anyone working to get this mailing list archived on the New and Improved nabble or is there a better place to search the mail archives? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Problem reloading Struts 2 app in Tomcat and Eclipse
1) the correct JDK (think 5.5.28 runs with 1.5, doesn't it ?) Running with JDK 1.6.0_16 2) the correct xerces - libraries in your classpath I've got xercesImpl.jar (2.9.1) in my WEB-INF/lib folder and as far as I know that is the only SAXParser. 3) not any other libraries in your classpath that provide a SaxParser. Not that I'm aware of but how would I know? I have Struts 2 and Hibernate and all there dependent jars but nothing else that looks like it's an XML parser. regarding your reloading problem I have another idea. Look here, if you have the next problem :) http://tomcat.apache.org/tomcat-5.5-doc/config/context.html I not finding anything that looks like a problem off this link. Again, everything works when I launch Tomcat fresh or restart it from within Eclipse. I only get the error when Tomcat attempts to reload the application. Here seems to be the core issue: Caused by: java.lang.ClassCastException: org.apache.xerces.parsers.XIncludeAwareParserConfiguration cannot be cast to org.apache.xerces.xni.parser.XMLParserConfiguration Any ideas on how to figure out what is going on? On Thu, Feb 25, 2010 at 4:13 PM, Volker Karlmeier vol...@magiccode.eu wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi again, regarding your reloading problem I have another idea. Look here, if you have the next problem :) http://tomcat.apache.org/tomcat-5.5-doc/config/context.html regards Volker Am 24.02.2010 16:33, schrieb Greg Lindholm: I decided to finally ask about this problem I've been seeing for several years. During development I will run my Struts 2 (2.1.8) apps in Tomcat (5.5.25) from Eclipse (3.5.1). I've included the current versions I'm using but this problem goes way back over many different versions over a couple years. Here's the problem, if I make any changes while the app is running like change a properties file of change a class, Eclipse will push the changes to the deploy area and Tomcat will see the change and attempt to reload the application (that's all good and expected). However the reload always fails with the exception stack below and I have to manually stop and restart Tomcat to get it to load successfully and see the updates. I never had this problem with Struts 1 or even JSF, Tomcat was always able to reload the apps automatically. Anyone have any idea why the reload is failing and how to fix? Here is the stack dump: Feb 24, 2010 10:15:44 AM org.apache.catalina.loader.WebappClassLoader findResourceInternal INFO: Illegal access: this web application instance has been stopped already. Could not load META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration. The eventual following stack trace is caused by an error thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access, and has no functional impact. 2010-02-24 10:15:44,081 ERROR org.apache.struts2.dispatcher.Dispatcher:27 - Dispatcher initialization failed Unable to load configuration. - [unknown location] at com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:58) at org.apache.struts2.dispatcher.Dispatcher.init_PreloadConfiguration(Dispatcher.java:374) at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:418) at org.apache.struts2.dispatcher.ng.InitOperations.initDispatcher(InitOperations.java:69) at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.init(StrutsPrepareAndExecuteFilter.java:51) at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221) at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302) at org.apache.catalina.core.ApplicationFilterConfig.init(ApplicationFilterConfig.java:78) at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222) at org.apache.catalina.core.StandardContext.reload(StandardContext.java:3025) at org.apache.catalina.loader.WebappLoader.backgroundProcess(WebappLoader.java:432) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1278) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1570) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1579) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1579) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1559) at java.lang.Thread.run(Thread.java:619) Caused by: Caught exception while loading file struts-default.xml - [unknown location] at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadConfigurationFiles(XmlConfigurationProvider.java:902) at com.opensymphony.xwork2
Problem reloading Struts 2 app in Tomcat and Eclipse
I decided to finally ask about this problem I've been seeing for several years. During development I will run my Struts 2 (2.1.8) apps in Tomcat (5.5.25) from Eclipse (3.5.1). I've included the current versions I'm using but this problem goes way back over many different versions over a couple years. Here's the problem, if I make any changes while the app is running like change a properties file of change a class, Eclipse will push the changes to the deploy area and Tomcat will see the change and attempt to reload the application (that's all good and expected). However the reload always fails with the exception stack below and I have to manually stop and restart Tomcat to get it to load successfully and see the updates. I never had this problem with Struts 1 or even JSF, Tomcat was always able to reload the apps automatically. Anyone have any idea why the reload is failing and how to fix? Here is the stack dump: Feb 24, 2010 10:15:44 AM org.apache.catalina.loader.WebappClassLoader findResourceInternal INFO: Illegal access: this web application instance has been stopped already. Could not load META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration. The eventual following stack trace is caused by an error thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access, and has no functional impact. 2010-02-24 10:15:44,081 ERROR org.apache.struts2.dispatcher.Dispatcher:27 - Dispatcher initialization failed Unable to load configuration. - [unknown location] at com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:58) at org.apache.struts2.dispatcher.Dispatcher.init_PreloadConfiguration(Dispatcher.java:374) at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:418) at org.apache.struts2.dispatcher.ng.InitOperations.initDispatcher(InitOperations.java:69) at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.init(StrutsPrepareAndExecuteFilter.java:51) at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221) at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302) at org.apache.catalina.core.ApplicationFilterConfig.init(ApplicationFilterConfig.java:78) at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222) at org.apache.catalina.core.StandardContext.reload(StandardContext.java:3025) at org.apache.catalina.loader.WebappLoader.backgroundProcess(WebappLoader.java:432) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1278) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1570) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1579) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1579) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1559) at java.lang.Thread.run(Thread.java:619) Caused by: Caught exception while loading file struts-default.xml - [unknown location] at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadConfigurationFiles(XmlConfigurationProvider.java:902) at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadDocuments(XmlConfigurationProvider.java:143) at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.init(XmlConfigurationProvider.java:110) at com.opensymphony.xwork2.config.impl.DefaultConfiguration.reloadContainer(DefaultConfiguration.java:168) at com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:55) ... 17 more Caused by: java.lang.ClassCastException: org.apache.xerces.parsers.XIncludeAwareParserConfiguration cannot be cast to org.apache.xerces.xni.parser.XMLParserConfiguration at org.apache.xerces.parsers.DOMParser.init(Unknown Source) at org.apache.xerces.parsers.DOMParser.init(Unknown Source) at org.apache.xerces.jaxp.DocumentBuilderImpl.init(Unknown Source) at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.newDocumentBuilder(Unknown Source) at com.sun.org.apache.xalan.internal.xsltc.trax.SAX2DOM.createDocument(SAX2DOM.java:326) at com.sun.org.apache.xalan.internal.xsltc.trax.SAX2DOM.init(SAX2DOM.java:85) at com.sun.org.apache.xalan.internal.xsltc.runtime.output.TransletOutputHandlerFactory.getSerializationHandler(TransletOutputHandlerFactory.java:187) at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.getOutputHandler(TransformerImpl.java:392)
problem with the site docs - Bad link to the Struts 2 Wiki.
Bad link to the Struts 2 Wiki. On page http://struts.apache.org/2.x/docs/home.html Scroll down to Quick Links: The link name Struts 2 Wiki space doesn't work. It is pointed to http://struts.apache.org/2.x/S2WIKI/welcome-to-apache-struts2.html where the earlier link above is pointed to http://cwiki.apache.org/S2WIKI/home.html which works. I got permission denied when I tried to edit it. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: XSS vulnerability with s:text
A slightly cleaner way would be like this: s:text name=resource.key s:params:property value=param1//s:param/s:text I think in most cases s:text is used for displaying safe text that the app either supplies or generates. Obviously if you do use it to echo user supplied data you need to be careful. It would be nice to have a flag like you suggest however it might be difficult to get the behavior exactly right since the text may contain formatting tags and what you really want is to just escape the parameters. On Thu, Feb 18, 2010 at 5:25 PM, John Orr webskate...@googlemail.com wrote: This is my first posting to this list, so excuse me if this is an issue that's already been addressed. My concern is with the XSS vulnerability in the following use case: s:text name=resource.key s:param value=param1/ /s:text It seems (Struts 2.1.8.1) that there is no mechanism in s:text or s:param to do HTML escaping. If param1 contains user input then this opens the door to XSS attacks. The easiest solution I can see is to modify the code to s:text var=v name=resource.key s:param value=param1/ /s:text s:property value=v/ This works, but it is a lot of work. It seems to me it would be better if Struts2 supported s:text name=resource.key escape=true s:param value=param1/ /s:text or, better yet, had escape=true as its default. Is there another way round this problem which I am missing? Thanks, John - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: How to prevent JSP files from being publicly directly accessible?
Using a security constraint is the better way to go. Here is a slightly different configuration we use because there are some jsp files that are not part of the struts app portion which we want to allow access. What we do is put all out struts jsp's in to folder /struts then use this url-pattern/struts/*/url-pattern in the security constraint to prevent access. This works to prevent access because we don't declare any Roles, no roles mean no access. security-constraint display-namePrevent access to raw pages./display-name web-resource-collection web-resource-nameRaw Pages/web-resource-name url-pattern/error.jsp/url-pattern url-pattern/struts/*/url-pattern url-pattern/META-INF/*/url-pattern /web-resource-collection auth-constraint descriptionNo roles, so no direct access/description /auth-constraint /security-constraint On Thu, Feb 18, 2010 at 2:41 AM, Lukasz Lenart lukasz.len...@googlemail.com wrote: 2010/2/18 Cimballi cimballi.cimba...@gmail.com: The default pattern is to put all JSPs under WEB-INF and so you force the call to an action to access them. As I know, it works only under Tomcat - it isn't standard. Better solution is to use security constraint section in web.xml security-constraint display-nameAccess to JSP files/display-name web-resource-nameJSP/web-resource-name web-resource-collection url-pattern*.jsp/url-pattern /web-resource-collection auth-constraint/ /security-constraint Regards -- Łukasz http://www.lenart.org.pl/ Kapituła Javarsovia 2010 http://javarsovia.pl - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Problem with Exception Interceptor
It's Nabble that removes the param tags On Thu, Feb 4, 2010 at 5:10 PM, Cimballi cimballi.cimba...@gmail.com wrote: :D Ok, I just noticed than the mailing list engine, or maybe google, removes the param tag... Cimballi - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: struts 2 and servlets, how to exclude servlet url patterns from struts filter
Check out the Filter Mapping, default Action extensions, and Servlets section on this wiki page: http://cwiki.apache.org/confluence/display/S2WIKI/Troubleshooting+guide+migrating+from+Struts+2.0.x+to+2.1.x#TroubleshootingguidemigratingfromStruts2.0.xto2.1.x-FilterMapping%2CdefaultActionextensions%2CandServlets On Sun, Jan 31, 2010 at 9:12 AM, Jake Vang vangj...@googlemail.com wrote: i am using servlets (HttpServlet) and struts 2. my mapping in web.xml for the struts filter maps to the url pattern, /*. my servlet maps to something like this, /test. however, when i try to access my servlet, http://localhost:8080/myapp/test, i get the following message: There is no Action mapped for namespace / and action name test can i make exceptions for the servlet mapping so that the struts filter won't try to map it? here's a snippet from my web.xml. filter filter-namestruts2/filter-name filter-classorg.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter/filter-class /filter filter-mapping filter-namestruts2/filter-name url-pattern/*/url-pattern /filter-mapping servlet servlet-nametestServlet/servlet-name servlet-classmypackage.web.servlets.TestServlet/servlet-class /servlet servlet-mapping servlet-nametestServlet/servlet-name url-pattern/test/url-pattern /servlet-mapping servlet-mapping servlet-nametestServlet/servlet-name url-pattern/test/*/url-pattern /servlet-mapping - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Modifying action mapping per device type
I've got the same situation and plan on handling by making the the result location dynamic by adding a ${device} to the path. action name=login class=mypackage.LoginAction result name=success/${device}/index.jsp/result /action In my actions I will have a getDevice() which will return a string (e.g. iPhone or blackberry etc.) based on the User-Agent or x-wap-profile. I will use an interceptor that reads the user-agent etc and determines the device type and injects that into my actions. On Fri, Jan 29, 2010 at 5:57 AM, Marcus Bond mar...@marcusbond.me.uk wrote: Thanks for the info Andy, the interceptor seems an appropriate thing although it does mean there are multiple mappings in struts.xml. This seems at least a way that allows a site to grow in terms of new views without impacting upon the application code or exisiting views. Thinking about it this could be made generic with a little design such that this result modification could be defined in (yet) another xml file, all it would really need in my case (as there are not any security checks to do and it is just a mapping) is to know for each action / result pair an alternative result to return. New class (say UserAgentResultListener) and a config file something along the lines of that shown below, perhaps allowing use of regular expressions for user agents.. result-intercept action=myaction result value=success alternative user-agent*blackberry*/user-agent resultsuccess_blackberry/result /alternative alternative user-agentmobile6*/user-agent resultsuccess_windowsmobile/result /alternative alternative user-agentfoo/user-agent resultbar/result /alternative /result /result-intercept I can imagine others have had to do something similar in terms of delivering different views to the same action depending upon user agent so it would be good to get some community involvement.. I'd happily code it up. Marcus Andrew Sykes wrote: There are couple of ways I can think of to do this, but they're ugly: - JSP level logic to render the page differently - dont want it, I'd rather individual jsp's for each supported device (or family) as this allows developers who are working on targeting a site to a specific device to concentrate on that device. - Tiles template level logic - again not ideal as I would like to be able to use specific templates for device types. As you rightly say, this is a maintenance nightmare. Better but not perfect would be some sort of post action result modifying interceptor such that in the struts.xml I could define a number of different result mappings such as success, success_winmob, success_blackberry_storm and have the result string that has been returned from the action (success) modified by some sort of interceptor (e.g. appending the suffix prior to struts mapping it off to a view) - the filter itself could be configured as to whether or not to alter result strings based on the action and the user device. - Is it possible to modify the result string post action but prior to struts resolving the mapping? And if so would I have access to the the name of the action? You can attach PreResultListeners[1] onto interceptor action stack executions. These execute after an action is executed, but before the result is rendered. At this point, you are free to reach in and fiddle with the action's returned result code. You can get the action's name if you require, and manipulate the action in any way - it can be fetched from the ActionInvocation. I've used this feature in the past to perform a final security checkpoint on any item being pulled from a database - the PreResultListener examines the action (by reflection or otherwise) to find the object, and checks the user is allowed to retrieve it. Your idea is probably the sanest way to do it. Write an interceptor[2] that gets the HttpRequest[3] object, and examines the user agent to determine what kind of device is making the request. Then it attaches an appropriate PreResultListener to the stack (for example, you could have individual subclasses for each device type, and maybe configure them with a string representing the version, which the PreResultListener uses in its internal logic). The PreResultListeners examine the action's result, and if it's success they modify it to success_devicetype_version, which corresponds to the JSP /WEB-INF/jsp/devicetype/version/success.jsp, for example. The only ugly part of this is you'll have lots of results defined for each action in struts.xml, but at least you have sane separation of your JSPs. HTH, Andy. [1] http://struts.apache.org/2.1.8.1/docs/can-we-access-an-actions-result.html [2] http://struts.apache.org/2.1.8.1/docs/interceptors.html [3] http://struts.apache.org/2.1.8.1/docs/how-can-we-access-the-httpservletrequest.html
Re: Redirect List Parameter
If you are using a result type of redirectAction you don't explicitly code the url just give it the action name and let the result construct the correct url. To pass parameters with a redirectAction you do it like this: result name=success type=redirectAction param name=actionNameCompleteConfirmation/ param param name=orderNumbers${orderNumbers}/ param /result (hopefully the above param tags come thru correctly, some mailing list readers like nabble muck-up param tags.) You will need to ensure the ${orderNumbers} can be converted to a meaningful string so that it can be encoded as a url parameter. And the target action will need to be able to convert the string back into a collection. You will also need to be aware that there are length limits to url's so if orderNumbers is too big you can have problems. It may be a a better idea to just save the orderNumbers in the session (or some other cache) instead of passing it as a parameter. On Fri, Jan 29, 2010 at 1:25 PM, Timothy Orme to...@genome.med.harvard.edu wrote: Right, this is similar to what I want, but it would have to be dynamically generated, as I don't know the size of the list. For instance, in this case, the user would have selected 4 orders, but in the next case could select 10. The problem isnt passing parameters, it's passing a parameter thats a list. On 1/29/2010 1:22 PM, Eric Rich wrote: Sorry the line result should be like this: result name=success type=redirectAction stest/CompleteConfirmation.action?orderNumbers=${ordernumber1}amp;orderNumbers=${ordernumber2}amp;orderNumbers=${ordernumber3}amp;orderNumbers=${ordernumber4}/result Eric Rich Data System Administrator Murray State University Address: 226 Alexander Hall Murray, KY 42071-3340 TEL : 270-809-3358 FAX: 270-809-5359 On 01/29/2010 12:14 PM, Eric Rich wrote: Timothy, If I understand you correctly you want to redirect and pass values. I have done this by encoding my url with proper html syntax. action name=CompleteOrders class=test.CompleteOrdersAction result name=success type=redirectAction stest/CompleteConfirmation.action?orderNumberamp;${orderNumbers}/result /action I hope this helps. Eric Rich Data System Administrator Murray State University Address: 226 Alexander Hall Murray, KY 42071-3340 TEL : 270-809-3358 FAX: 270-809-5359 On 01/29/2010 11:12 AM, Timothy Orme wrote: Hello All, I have a typical scenario: 1. User is presented a list of orders, and can select some of them to complete. A list of order numbers is sent to the next action. (ViewOrders.action) 2. Struts action completes the order by iterating through the list of passed order numbers. (CompleteOrders.action) 3. The user is redirected to a confirmation action, listing the orders that were completed. (CompleteConfirmation.action) The question I have is getting from step 2 to 3. This is a fairly standard redirect-after-post setup, but I want to be able to redirect to a confirmation action and pass a parameter list. Essentially what I want is: action name=CompleteOrders class=test.CompleteOrdersAction result name=success type=redirectAction param name=actionNameCompleteConfirmation/param param name=namespace/test/param param name=orderNumbers${orderNumbers}/param /result /action Resulting in a redirect to: test.com/test/CompleteConfirmation.action?orderNumbers=1orderNumbers=2orderNumbers=3orderNumbers=4 However, this doesn't seem to work. Has anyone found a way to do this? I realize there are ways to do this by using the session, but Id prefer to pass this through the URL if possible. Thanks, Tim - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: How to do programatic validation?
Hibernate Validator 4.0 [1] is the RI for JSR 303 but Oval [2] does look very cool. [1] https://www.hibernate.org/459.html [2] http://oval.sourceforge.net/ On Fri, Jan 15, 2010 at 12:37 PM, Wes Wannemacher w...@wantii.com wrote: Before you tie yourself to commons-validator, take a look at Oval. I could be wrong, but I think there is a bean validation JSR and Oval is the reference implementation (or at least it is JSR compatible). -Wes On Fri, Jan 15, 2010 at 11:21 AM, doahh ga...@prodia.co.uk wrote: Don't worry about this. It looks like the commons-validator will be fine and I think thats what the struts2 framework uses underneath anyway. doahh wrote: I have a Flex app that is sending data to the server and I would like to validate the Objects being passed on the server side. The Flex app passes the information over an AMF channel and so it does not go through the Struts2 framework. So far, I have found classes such as: com.opensymphony.xwork2.validator.validators.StringLengthFieldValidator but I get lost on what happens when I should call: stringLengthFieldValidator.validate(myObject); as it doesn't return anything and needs a non-null ValidatorContext - which I don't know how to setup correctly. Can anyone provide a link or advice on how to do this please? -- View this message in context: http://old.nabble.com/How-to-do-programatic-validation--tp27179164p27179568.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- Wes Wannemacher Head Engineer, WanTii, Inc. Need Training? Struts, Spring, Maven, Tomcat... Ask me for a quote! - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: write a test which tests an interceptor
I'm biased, but I think this one works pretty well, and I use it to test interceptors. http://glindholm.wordpress.com/2008/06/30/unit-testing-struts-2-actions looks promising. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
[S2] Where do you place Initialization and Startup logic?
I'm working on a new Struts 2 application and wondering where to put startup and initialization logic? In previous projects I've always had other servlets that were part of the applications and would put the logic in the Servlet init() method but I don't have a servlet this time and there is no struts servlet just the filter. I want the startup logic to run when the application starts up (tomcat starts) or when the application gets deployed, it needs to run as early as possible, I definitely do not want to wait for the first action request to come in. How do you do this? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org