Fwd: [ANN] Struts 2.3.14.1 GA (fast track | security)
FYI -- Forwarded message -- From: Lukasz Lenart Date: Thu, May 23, 2013 at 9:00 AM Subject: [ANN] Struts 2.3.14.1 GA (fast track | security) To: Struts Users Mailing List The Apache Struts group is pleased to announce that Struts 2.3.14.1 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed to streamline the full development cycle, from building, to deploying, to maintaining applications over time. Two security issues were solved with this release: * Showcase app vulnerability allows remote command execution * A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.14.1. Struts 2.3.14.1 is available in a full distribution or as separate library, source, example and documentation distributions, from the releases page. The release is also available through the central Maven repository under Group ID "org.apache.struts". The release notes are available online. The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions: Servlet API 2.4, JSP API 2.0, and Java 5. Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, and, if appropriate, file a tracking ticket. - The Apache Struts group. Kind regards -- Łukasz - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Fwd: [appfuse-dev] [ANN] AppFuse 2.2.1 Released!
FYI: AppFuse 2.2.1 released. You can choose among a number of web frameworks, one of them being Struts2 in its latest release version. Cheers, J. -- Forwarded message -- From: Matt Raible Date: Tue, Dec 11, 2012 at 11:24 PM Subject: [appfuse-dev] [ANN] AppFuse 2.2.1 Released! To: "us...@appfuse.java.net" Cc: "d...@appfuse.java.net Developers" The AppFuse team is pleased to announce the release of AppFuse 2.2.1! AppFuse 2.2.1 is available as a Maven archetype. For information on creating a new project using this release, please see the QuickStart Guide: http://appfuse.org/display/APF/AppFuse+QuickStart The 2.2.x series of AppFuse has a minimum requirement of the following specification versions: • Java Servlet 3.0 • Java SE 6.0 (we recommend Java 7) The release notes are available online at: • http://appfuse.org/display/APF/Release+Notes+2.2.1 Also posted an announcement on my blog: http://raibledesigns.com/rd/entry/appfuse_2_2_1_released Thanks to all the developers that helped with this release. We hope you enjoy it!
Re: Struts2 String ThreadSafe?
This is definitely wrong. You can mix data from two different concurrent sessions! On Thu, Nov 29, 2012 at 4:42 PM, Rohit Gupta wrote: > So given the fact that my beans are not prototype, there is a chance that > the same action class may be used for two consecutive requests. > > Regards, > > > On 29/11/12 9:02 PM, "Umesh Awasthi" wrote: > > >First and foremost for using spring with Struts2 make your action bean > >scope prototype > >and is not be ready for the weird issues > > > >Struts2 itself create a new request instance as well other objects > >associated with itself to make it thread safe. > > > > > > > >On Thu, Nov 29, 2012 at 8:59 PM, rohit wrote: > > > >> Hi, > >>We are using Struts2-Spring integration and all my action classes > >> implement SessionAware, sample code to action class and their spring > >> definition is given below, > >> public class IRXxxxAction extends ActionSupport implements > >>SessionAware { > >> private Map session; public String execute() {//} public void > >> setSession(Mapsession) { this.session = session; > >>} } > >> Spring Configuration > >> If I understand > >> correctly, each auto-wired property will be a singleton, so if the > >>above is > >> true, is there anyway that the session map get shared between two > >> simultaneous requests? > >> Regards, > >> > >> > >> > >> > >> > >> > > > > > >-- > >With Regards > >Umesh Awasthi > >http://www.travellingrants.com/ > > > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > >> name="adminDAO" ref="adminDAO" />
release date for new version?
Will version 2.3.7 be released any time soon? https://issues.apache.org/jira/browse/WW/fixforversion/12323448 Cheers, J.
Re: 回复:[struts2] 's method attribute doesn't work
Good! On Sun, Nov 18, 2012 at 10:39 PM, Lukasz Lenart wrote: > 2012/11/14 J. Garcia : > > Beware of this vulnerability: > > > > > http://www.brucephillips.name/blog/index.cfm/2011/2/19/Struts-2-Security-Vulnerability--Dynamic-Method-Invocation > > I've added additional note about that to the docs > > https://cwiki.apache.org/confluence/display/WW/submit > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: 回复:[struts2] 's method attribute doesn't work
Beware of this vulnerability: http://www.brucephillips.name/blog/index.cfm/2011/2/19/Struts-2-Security-Vulnerability--Dynamic-Method-Invocation Cheers, J. On Tue, Nov 13, 2012 at 4:41 PM, Wu Ming wrote: > Hi, > > Never mind, I had found the solution: you have to set > "struts.enable.DynamicMethodInvocation" to true. > > > On Tue, Nov 13, 2012 at 7:52 PM, yang shoujun wrote: > > Your form action shoud be employAction!doSearch.do > > > > Wu Ming 编写: > > > >>Hi, > >> > >>I'm using struts-2.3.4 and running apache tomcat 7. > >> > >>I have a form in search.jsp. There are two submit buttons: "Search" > >>and "Add New" button. I had set each button with their own method > >>attribute: > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >>In struts.xml: > >> > >> > >> >>"-//Apache Software Foundation//DTD Struts Configuration 2.3//EN" > >>"http://struts.apache.org/dtds/struts-2.3.dtd";> > >> > >> > >> > >> /> > >> > >> > >> > >> > >> > >>/error.jsp > >> > >> > >> > >> result="error"/> > >> > >> > >> > >> > >> > >> > >> > >> /example/search.jsp > >> /example/add.jsp > >> > >> > >> > >> > >> > >> > >>In EmployeeAction class: > >> > >>public class EmployeeAction extends ActionSupport { > >> > >>private static final Logger logger = > >>Logger.getLogger(EmployeeAction.class);//log4j > >> > >>@Override > >>public String execute() throws Exception { > >> > >>logger.info("Calling execute!"); > >> > >>return SUCCESS; > >>} > >> > >>public String doSearch() throws Exception { > >> > >>logger.info("Calling doSearch!"); > >> > >>return "search"; > >>} > >> > >>public String doAddNew() throws Exception { > >> > >>logger.info("Calling doAddNew!"); > >> > >>return "add"; > >>} > >>} > >> > >>The problem is when I clicked "Search" or "Add New" button in jsp, the > >>method doSearch() or doAddNew() was never called, instead execute() > >>method was called. > >> > >>What is wrong with my code above? Anyone know? > >> > >>- > >>To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >> > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: quick WebApp start
+1 for AppFuse. Try the SNAPSHOT version. It features bootstrap-style UI and other goodies. J. On Sun, Nov 11, 2012 at 11:55 AM, Maurizio Cucchiara wrote: > AFAIU AppFuse should be the right choice for your use case. > Did you try write on AppFuse ML in order to solve your issues? > > AFAIK there are no other starting point like AppFuse... another move would > be to start from S2 blank webapp and add everything you need on top of > that. > > Twitter :http://www.twitter.com/m_cucchiara > G+ :https://plus.google.com/107903711540963855921 > Linkedin:http://www.linkedin.com/in/mauriziocucchiara > VisualizeMe: http://vizualize.me/maurizio.cucchiara?r=maurizio.cucchiara > > Maurizio Cucchiara > > > On 11 November 2012 11:22, Giovanni Azua wrote: > > > Hi, > > > > > > > > It is a while I haven't seen Struts 2 and would like to quickly build a > > simple WebApp, I need only very basic functionality. Is there a quick > start > > sample WebApp I could build upon? While my needs are very basic i.e. > > authentication, user registration etc I would like to have a consistent > > design look and feel and I remember we had at least two choices for this: > > Tiles or Sitemesh and many Ajax frameworks to choose from. Is there a > quick > > start WebApp ready for customization where these choices have been made > to > > sensible defaults e.g. simply take Sitemesh for the L&F. > > > > > > > > I have been meantime trying to use AppFuse and bumped into some > > installation > > issues. So far AppFuse is the closest match to what I am looking for > except > > that I don't prefer code generators but reusable components instead. > > > > > > > > Many TIA, > > > > Best regards, > > > > Giovanni > > > > >
Re: getText in error messages: resource bundle or bean value?
You are right! On Fri, Oct 19, 2012 at 2:54 PM, Hoying, Ken wrote: > I believe that your problem is that the field names are the same as your > label names and with the validator both are in the stack. > ${getText(user.password)} is first evaluating user.password and finding the > field value "1234". getText is then trying to locate an entry for "1234" > and cannot find one so it is just return "1234". > > It might work if you try ${getText('user.password')}. Otherwise, you may > need to rename it. > > -Original Message- > From: J. Garcia [mailto:jogaco...@gmail.com] > Sent: Friday, October 19, 2012 8:10 AM > To: Struts Users Mailing List > Subject: getText in error messages: resource bundle or bean value? > > Hi, > I'm having a problem with getText(). > I have the following xml validator: > > > > > > > > (user.confirmPassword.equals(user.password)) > > > > > > And the error message is defined in a bundle like this: > errors.confirmPassSame=The ${getText(user.confirmPassword)} field has to > have the same value as the ${getText(user.password)} field. > ... > user.confirmPassword=Confirm Password > user.password=Password > > I would expect a message like: > The Confirm Password field has to have the same value as the Password > field. > > However, when the error message is shown, instead of the text from the > resource bundle, what is shown are the actual values of the bean, like > this: > The abcd field has to have the same value as the 1234 field. > > Is this a bug in getText()? > > Cheers, > J. Garcia > > - > ***Note:The information contained in this message may be privileged and > confidential and protected from disclosure. If the reader of this message > is not the intended recipient, or an employee or agent responsible for > delivering this message to the intended recipient, you are hereby notified > that any dissemination, distribution or copying of this communication is > strictly prohibited. If you have received this communication in error, > please notify the Sender immediately by replying to the message and > deleting it from your computer. Thank you. Premier Inc. > > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: getText in error messages: resource bundle or bean value?
Mi mistake. Sorry. The resource error message I was using is in fact: errors.confirmPassSame=The ${user.confirmPassword} field has to have the same value as the ${user.password} field. whereas it should be: errors.confirmPassSame=The ${getText("user.confirmPassword")} field has to have the same value as the ${getText("user.password")} field. Solved! On Fri, Oct 19, 2012 at 2:10 PM, J. Garcia wrote: > Hi, > I'm having a problem with getText(). > I have the following xml validator: > > > > > > > > (user.confirmPassword.equals(user.password)) > > > > > > And the error message is defined in a bundle like this: > errors.confirmPassSame=The ${getText(user.confirmPassword)} field has to > have the same value as the ${getText(user.password)} field. > ... > user.confirmPassword=Confirm Password > user.password=Password > > I would expect a message like: > The Confirm Password field has to have the same value as the Password > field. > > However, when the error message is shown, instead of the text from the > resource bundle, what is shown are the actual values of the bean, like this: > The abcd field has to have the same value as the 1234 field. > > Is this a bug in getText()? > > Cheers, > J. Garcia >
getText in error messages: resource bundle or bean value?
Hi, I'm having a problem with getText(). I have the following xml validator: (user.confirmPassword.equals(user.password)) And the error message is defined in a bundle like this: errors.confirmPassSame=The ${getText(user.confirmPassword)} field has to have the same value as the ${getText(user.password)} field. ... user.confirmPassword=Confirm Password user.password=Password I would expect a message like: The Confirm Password field has to have the same value as the Password field. However, when the error message is shown, instead of the text from the resource bundle, what is shown are the actual values of the bean, like this: The abcd field has to have the same value as the 1234 field. Is this a bug in getText()? Cheers, J. Garcia
additional params for tags in JSP
Hi, If I want to have an additinal attribute, say, in a textfield tag, in a JSP, and use it in the freemarker template for the corresponding tag, text.ftl: - can it be done without extending the tag library? - how are the additional attributes passed in the JSP? - how are they retrieved in the corresponding freemarker template? Cheers, J. Garcia
Re: Getting following exception while trying validation mechanism in struts2
For date formatting, a converter is not considered a good practice. Date/number formatting should be done following this guide: http://struts.apache.org/2.3.4/docs/formatting-dates-and-numbers.html A jira related to this is already fixed and hopefully will soon be availabe as release: https://issues.apache.org/jira/browse/WW-3833 Cheers, J. On Tue, Aug 7, 2012 at 8:40 AM, prasad.th16 < dattaprasad_tha...@syntelinc.com> wrote: > I could resolve the error. Actually problem was with my converter. It was > throwing the null pointer exception in the coverter I wrote to convert the > String to date. Thank you very much for the cooperation. > > Regards, > Prasad > > > > -- > View this message in context: > http://struts.1045723.n5.nabble.com/Getting-following-exception-while-trying-validation-mechanism-in-struts2-tp5710310p5710387.html > Sent from the Struts - User mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: PreffixMapper for language
Does not sound bad. Just try it. Another option worth trying-out is urlrewrite: http://tuckey.org/urlrewrite/ With urlrewrite filter, you could set locale and forward to /mypackage/myaction. Saludos, J. On Mon, Jul 9, 2012 at 9:27 PM, JOSE L MARTINEZ-AVIAL wrote: > Last try: > Hello, > I have a requisite to provide multilanguage in my app using a preffix in > the action. So the URLs would be > > http://myserver/mypackage/myaction (for the default language) > > http://myserver/en/mypackage/myaction (for english) > > http://myserver/pt/mypackage/myaction< > http://myserver/en/mypackage/myaction>(for > portuguese) > > The actions will not change, so I was thinking of using the PreffixMapper > (slightly modified to pass the language as a parameter for a interceptor > that will take care of the Locale). Has somebody done something like this? > Is there a better approach? > > Thanks. > > JL > > > 2012/7/9 > > > Sorry, It went through too early > > > > > > Sent via BlackBerry from T-Mobile > > > > -Original Message- > > From: jlm...@gmail.com > > Date: Mon, 9 Jul 2012 18:56:43 > > To: Struts Users Mailing List > > Reply-To: jlm...@gmail.com > > Subject: PreffixMapper for language > > > > Hello, > > I have a requisite to provide multilanguage in my app using a preffix > in > > the action. So the URLs would be > > > > http://myserver/mypackage/myaction (for the default language) > > > > http://myserver/en/mypackage/myaction (for english) > > > > > > > > > > Sent via BlackBerry from T-Mobile > > >
Re: Struts CRUD generator
This is the one that generates crud app from database, as posted here weeks ago: http://struts2builder.sourceforge.net J. On Fri, Jul 6, 2012 at 6:42 PM, Oscar Alvarez wrote: > Take a look at AppFuse. > > http://appfuse.org/display/APF/Home > > 2012/7/5 Mitch Claborn > > > I thought I saw a reference fairly recently to a Struts CRUD generator - > > generates a complete struts application for database manipulations. Can > > someone point me in the right direction? > > > > mitch > > > > --**--**- > > To unsubscribe, e-mail: user-unsubscribe@struts.**apache.org< > user-unsubscr...@struts.apache.org> > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > > -- > Atentamente > Óscar >
Re: data injection attack
Spring security allows to protect method calls via annotacions like @Secured, @PreAuthorize, @PostFilter, but I was interested in something lighter. On Wed, Jul 4, 2012 at 4:29 PM, Marcus Bond wrote: > You could implement a class that delegates to your bean but only exposes > setters and getters that are appropriate, so in the case of the id then you > could let the user view it (getter) but not allow the setter. > > A perhaps even better approach would be to devise a proxying mechanism > (perhaps configured via annotations) and have a security layer be > responsible for which methods can be called - this not only would prevent > url parameters being set but also prevent restricted fields of any object > being updated. > > Marcus. > > > > -Original Message- > From: J. Garcia [mailto:jogaco...@gmail.com] > Sent: 04 July 2012 14:49 > To: Struts Users Mailing List; lukasz.len...@gmail.com > Subject: Re: data injection attack > > My action would have: > > public void setMyBean( MyBean myBean) {...} > > and I would like to avoid an injection on myBean.field3. This field could > be the owner id for instance! > > On Wed, Jul 4, 2012 at 3:34 PM, Łukasz Lenart > wrote: > > > Another way is to use AnnotationParameterFilterIntereptor (name > > contains typo) and @Allowed and @Blocked annotations > > > > > > Regards > > -- > > Łukasz > > mobile +48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG > > conference - Confitura http://confitura.pl/ > > > > - > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: data injection attack
Implementing the ParameterNameAware interface with white/black list seems the best solution. Thanks, J. On Wed, Jul 4, 2012 at 3:51 PM, Dave Newton wrote: > Then whitelist/blacklist. > > Or don't expose sensitive data directly to the user. > > Dave > > (pardon brevity, typos, and top-quoting; on cell) > On Jul 4, 2012 8:49 AM, "J. Garcia" wrote: > > > My action would have: > > > > public void setMyBean( MyBean myBean) {...} > > > > and I would like to avoid an injection on myBean.field3. This field could > > be the owner id for instance! > > > > On Wed, Jul 4, 2012 at 3:34 PM, Łukasz Lenart > > wrote: > > > > > Another way is to use AnnotationParameterFilterIntereptor (name > > > contains typo) and @Allowed and @Blocked annotations > > > > > > > > > Regards > > > -- > > > Łukasz > > > mobile +48 606 323 122 http://www.lenart.org.pl/ > > > Warszawa JUG conference - Confitura http://confitura.pl/ > > > > > > - > > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > > > >
Re: data injection attack
My action would have: public void setMyBean( MyBean myBean) {...} and I would like to avoid an injection on myBean.field3. This field could be the owner id for instance! On Wed, Jul 4, 2012 at 3:34 PM, Łukasz Lenart wrote: > Another way is to use AnnotationParameterFilterIntereptor (name > contains typo) and @Allowed and @Blocked annotations > > > Regards > -- > Łukasz > mobile +48 606 323 122 http://www.lenart.org.pl/ > Warszawa JUG conference - Confitura http://confitura.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
data injection attack
An interesting article that I found: http://websec.wordpress.com/2012/01/04/multiple-vulnerabilities-in-apache-struts2-and-property-oriented-programming-with-java/ In struts2 it is pretty easy to set attribute values of any bean field when a form is posted, even if the field is not in the form. For instance, in my struts2 jsp form I have fields such as: - mybean.id, hidden - mybean.field1, - mybean.field2 With Firebug, I can easily add a mybean.field3 and set it to any value when the form is posted. I've seen that Spring MVC has the concept of allowed fields to prevent data injection attack. How can this be done in Struts2? J.
Re: Struts2 : formatting and entering doubles consistently through the whole application not depending on locale
According to the Java formatting api, the French locale for integers would look something like this: 345 987,246 http://docs.oracle.com/javase/tutorial/i18n/format/numberFormat.html As I have been working on integer l10n, I have tested this, and if I set French locale and enter an integer like this: 345 987, I get a conversion error. J. On Mon, Jun 18, 2012 at 5:28 PM, Chris Pratt wrote: > I think the problem is that the French locale specifies that it should be > written as "445.000,00" not "445,000.00". The parser expects localized > input. > (*Chris*) > > On Mon, Jun 18, 2012 at 7:06 AM, Łukasz Lenart < > lukasz.len...@googlemail.com > > wrote: > > > I think the problem is related to primitive converter which doesn't > > include Locale in conversion, take a look on that bug and related > > > > https://issues.apache.org/jira/browse/WW-3171 > > > > > > Regards > > -- > > Łukasz > > mobile +48 606 323 122 http://www.lenart.org.pl/ > > Warszawa JUG conference - Confitura http://confitura.pl/ > > > > - > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > >
Re: simplest web program with struts
Maven archetypes are a good starting point as well. http://struts.apache.org/2.3.4/docs/struts-2-maven-archetypes.html You may want to have a look at AppFuse Java RAD. It has several frameworks to choose from, among them struts2: appfuse.org. J. On Sun, Jun 10, 2012 at 11:38 PM, bphill...@ku.edu wrote: > See the Struts tutorials here: > http://struts.apache.org/2.3.4/docs/getting-started.html > > -- > View this message in context: > http://struts.1045723.n5.nabble.com/simplest-web-program-with-struts-tp5709961p5709962.html > Sent from the Struts - User mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: Struts 2 losing timestamp in java.util.Date when validation failed
Sorry, my mistake. Done: https://issues.apache.org/jira/browse/WW-3841 On Mon, Jun 11, 2012 at 9:41 AM, J. Garcia wrote: > Done: > https://issues.apache.org/jira/browse/WW-3833 > > > > On Mon, Jun 11, 2012 at 9:32 AM, Łukasz Lenart < > lukasz.len...@googlemail.com> wrote: > >> Probably, please register an issue and assign the test app. >> >> >> Regards >> -- >> Łukasz >> mobile +48 606 323 122 http://www.lenart.org.pl/ >> Warszawa JUG conference - Confitura http://confitura.pl/ >> >> 2012/6/11 J. Garcia : >> > A full example based on struts2 blank archetype attached. >> > Run with maven2: mvn jetty:run >> > Url: http://localhost:8080/struts-test/example/Login >> > >> > Enter as year of birth a bad integer: 1980aaa >> > You'll see the timestamp still there, BUT the milliseconds are set to >> zero. >> > Is this a bug? >> > >> > J. >> > >> > On Fri, Jun 8, 2012 at 8:47 PM, s wrote: >> >> >> >> Tried with Struts 2.3.4 and still having the issue. >> >> >> >> Look at "View Source" in the browsee and note down value of field >> >> student.createdTimestmp. It will have both date & time. >> >> >> >> Remove Name (make it blank) and click on Save button. >> >> >> >> Error will be displayed "Student Name is required". Now again take a >> look >> >> at "View Source". >> >> Field student.createdTimestmp will only have date and time will be >> >> MISSING. >> >> >> >> >> >> >> >> -Original Message- >> >> From: "J. Garcia" [jogaco...@gmail.com] >> >> Date: 06/08/2012 05:15 AM >> >> To: "Struts Users Mailing List" >> >> Subject: Re: Struts 2 losing timestamp in java.util.Date when >> validation >> >> failed >> >> >> >> With 2.3.3, it is working for me, in my own app. >> >> When input is returned, I can still see the timestamp value in the >> form. >> >> Haven't tried with your example. >> >> >> >> >> >> On Thu, Jun 7, 2012 at 7:39 PM, s wrote: >> >> >> >> > Yep..That's what I did >> >> > >> >> > But the question is, why it retains time information, if there is no >> >> > validation error...? >> >> > >> >> > >> >> > >> >> > -Original Message- >> >> > From: "J. Garcia" [jogaco...@gmail.com] >> >> > Date: 06/07/2012 12:21 PM >> >> > To: "Struts Users Mailing List" >> >> > Subject: Re: Struts 2 losing timestamp in java.util.Date when >> validation >> >> > failed >> >> > >> >> > Try using date formatting like this: >> >> > >> >> > >> >> > >> >> > J. >> >> > >> >> > On Wed, Jun 6, 2012 at 11:08 PM, s wrote: >> >> > >> >> > > Here's an JSPs, action class and struts.xml >> >> > > >> >> > > http://localhost:8080/Sample/student_edit.action calls >> form/jsp >> >> > > studentDetails. >> >> > > >> >> > > Erase name and submit form, this will result in validation being >> >> > > failed. >> >> > > >> >> > > This will erase timestamp from hidden field >> >> > > >> >> > > >> >> > > If not validation error occurs, then it retains time. >> >> > > >> >> > > >> >> > > >> >> > > -Original Message- >> >> > > From: "Dave Newton" [davelnew...@gmail.com] >> >> > > Date: 06/06/2012 12:57 PM >> >> > > To: "Struts Users Mailing List" >> >> > > Subject: Re: Struts 2 losing timestamp in java.util.Date when >> >> > > validation >> >> > > failed >> >> > > >> >> > > On Wed, Jun 6, 2012 at 12:54 PM, s wrote: >> >> > > >> >> > > > I found following work around. >> >> > > > Sorry can't attach source JSP, because of client restrictions. >> >> > > >> >> > > >> >> > > Here's the trivial workaround: >> >> > > >> >> > > * Create a minimally-failing example containing essentially >> identical >> >> > JSP. >> >> > > * Post it. >> >> > > >> >> > > Whether or not your client wishes to admit it, it's unlikely any >> sort >> >> > > of >> >> > IP >> >> > > law would protect the usage of a hidden field and date render in an >> >> > example >> >> > > JSP. >> >> > > >> >> > > Dave >> >> > > >> >> > > >> >> > > >> - >> >> > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> >> > > For additional commands, e-mail: user-h...@struts.apache.org >> >> > > >> >> > >> >> > >> >> > - >> >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> >> > For additional commands, e-mail: user-h...@struts.apache.org >> >> > >> >> > >> >> >> >> - >> >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> >> For additional commands, e-mail: user-h...@struts.apache.org >> >> >> > >> > >> > >> > - >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> > For additional commands, e-mail: user-h...@struts.apache.org >> >> - >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> >
Re: Struts 2 losing timestamp in java.util.Date when validation failed
Done: https://issues.apache.org/jira/browse/WW-3833 On Mon, Jun 11, 2012 at 9:32 AM, Łukasz Lenart wrote: > Probably, please register an issue and assign the test app. > > > Regards > -- > Łukasz > mobile +48 606 323 122 http://www.lenart.org.pl/ > Warszawa JUG conference - Confitura http://confitura.pl/ > > 2012/6/11 J. Garcia : > > A full example based on struts2 blank archetype attached. > > Run with maven2: mvn jetty:run > > Url: http://localhost:8080/struts-test/example/Login > > > > Enter as year of birth a bad integer: 1980aaa > > You'll see the timestamp still there, BUT the milliseconds are set to > zero. > > Is this a bug? > > > > J. > > > > On Fri, Jun 8, 2012 at 8:47 PM, s wrote: > >> > >> Tried with Struts 2.3.4 and still having the issue. > >> > >> Look at "View Source" in the browsee and note down value of field > >> student.createdTimestmp. It will have both date & time. > >> > >> Remove Name (make it blank) and click on Save button. > >> > >> Error will be displayed "Student Name is required". Now again take a > look > >> at "View Source". > >> Field student.createdTimestmp will only have date and time will be > >> MISSING. > >> > >> > >> > >> -Original Message- > >> From: "J. Garcia" [jogaco...@gmail.com] > >> Date: 06/08/2012 05:15 AM > >> To: "Struts Users Mailing List" > >> Subject: Re: Struts 2 losing timestamp in java.util.Date when validation > >> failed > >> > >> With 2.3.3, it is working for me, in my own app. > >> When input is returned, I can still see the timestamp value in the form. > >> Haven't tried with your example. > >> > >> > >> On Thu, Jun 7, 2012 at 7:39 PM, s wrote: > >> > >> > Yep..That's what I did > >> > > >> > But the question is, why it retains time information, if there is no > >> > validation error...? > >> > > >> > > >> > > >> > -Original Message- > >> > From: "J. Garcia" [jogaco...@gmail.com] > >> > Date: 06/07/2012 12:21 PM > >> > To: "Struts Users Mailing List" > >> > Subject: Re: Struts 2 losing timestamp in java.util.Date when > validation > >> > failed > >> > > >> > Try using date formatting like this: > >> > > >> > > >> > > >> > J. > >> > > >> > On Wed, Jun 6, 2012 at 11:08 PM, s wrote: > >> > > >> > > Here's an JSPs, action class and struts.xml > >> > > > >> > > http://localhost:8080/Sample/student_edit.action calls > form/jsp > >> > > studentDetails. > >> > > > >> > > Erase name and submit form, this will result in validation being > >> > > failed. > >> > > > >> > > This will erase timestamp from hidden field > >> > > > >> > > > >> > > If not validation error occurs, then it retains time. > >> > > > >> > > > >> > > > >> > > -Original Message- > >> > > From: "Dave Newton" [davelnew...@gmail.com] > >> > > Date: 06/06/2012 12:57 PM > >> > > To: "Struts Users Mailing List" > >> > > Subject: Re: Struts 2 losing timestamp in java.util.Date when > >> > > validation > >> > > failed > >> > > > >> > > On Wed, Jun 6, 2012 at 12:54 PM, s wrote: > >> > > > >> > > > I found following work around. > >> > > > Sorry can't attach source JSP, because of client restrictions. > >> > > > >> > > > >> > > Here's the trivial workaround: > >> > > > >> > > * Create a minimally-failing example containing essentially > identical > >> > JSP. > >> > > * Post it. > >> > > > >> > > Whether or not your client wishes to admit it, it's unlikely any > sort > >> > > of > >> > IP > >> > > law would protect the usage of a hidden field and date render in an > >> > example > >> > > JSP. > >> > > > >> > > Dave > >> > > > >> > > > >> > > > - > >> > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >> > > For additional commands, e-mail: user-h...@struts.apache.org > >> > > > >> > > >> > > >> > - > >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >> > For additional commands, e-mail: user-h...@struts.apache.org > >> > > >> > > >> > >> - > >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >> For additional commands, e-mail: user-h...@struts.apache.org > >> > > > > > > > > - > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: Struts 2 losing timestamp in java.util.Date when validation failed
With 2.3.3, it is working for me, in my own app. When input is returned, I can still see the timestamp value in the form. Haven't tried with your example. On Thu, Jun 7, 2012 at 7:39 PM, s wrote: > Yep..That's what I did > > But the question is, why it retains time information, if there is no > validation error...? > > > > -----Original Message- > From: "J. Garcia" [jogaco...@gmail.com] > Date: 06/07/2012 12:21 PM > To: "Struts Users Mailing List" > Subject: Re: Struts 2 losing timestamp in java.util.Date when validation > failed > > Try using date formatting like this: > > > > J. > > On Wed, Jun 6, 2012 at 11:08 PM, s wrote: > > > Here's an JSPs, action class and struts.xml > > > > http://localhost:8080/Sample/student_edit.action calls form/jsp > > studentDetails. > > > > Erase name and submit form, this will result in validation being failed. > > > > This will erase timestamp from hidden field > > > > > > If not validation error occurs, then it retains time. > > > > > > > > -Original Message- > > From: "Dave Newton" [davelnew...@gmail.com] > > Date: 06/06/2012 12:57 PM > > To: "Struts Users Mailing List" > > Subject: Re: Struts 2 losing timestamp in java.util.Date when validation > > failed > > > > On Wed, Jun 6, 2012 at 12:54 PM, s wrote: > > > > > I found following work around. > > > Sorry can't attach source JSP, because of client restrictions. > > > > > > Here's the trivial workaround: > > > > * Create a minimally-failing example containing essentially identical > JSP. > > * Post it. > > > > Whether or not your client wishes to admit it, it's unlikely any sort of > IP > > law would protect the usage of a hidden field and date render in an > example > > JSP. > > > > Dave > > > > > > - > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: Struts 2 losing timestamp in java.util.Date when validation failed
Try using date formatting like this: J. On Wed, Jun 6, 2012 at 11:08 PM, s wrote: > Here's an JSPs, action class and struts.xml > > http://localhost:8080/Sample/student_edit.action calls form/jsp > studentDetails. > > Erase name and submit form, this will result in validation being failed. > > This will erase timestamp from hidden field > > > If not validation error occurs, then it retains time. > > > > -Original Message- > From: "Dave Newton" [davelnew...@gmail.com] > Date: 06/06/2012 12:57 PM > To: "Struts Users Mailing List" > Subject: Re: Struts 2 losing timestamp in java.util.Date when validation > failed > > On Wed, Jun 6, 2012 at 12:54 PM, s wrote: > > > I found following work around. > > Sorry can't attach source JSP, because of client restrictions. > > > Here's the trivial workaround: > > * Create a minimally-failing example containing essentially identical JSP. > * Post it. > > Whether or not your client wishes to admit it, it's unlikely any sort of IP > law would protect the usage of a hidden field and date render in an example > JSP. > > Dave > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: conversion error repopulation not working
This works nicely. Thanks! Cheers, J. On Thu, May 31, 2012 at 3:07 PM, Łukasz Lenart wrote: > Can be reduced to this: > > public String getFormatted(String key, String fieldName, List args) { > if (getFieldErrors().isEmpty()) { > return getText(key, args); > } else { > return > ActionContext.getContext().getValueStack().findString(defaultValue); > } > } > > and it works just for one field ;-) There should check if there is a > error for given fieldName > > > Regards > -- > Łukasz > mobile +48 606 323 122 http://www.lenart.org.pl/ > Warszawa JUG conference - Confitura http://confitura.pl/ >
Re: Action inheritance and value automatic injection failure
I guess you're using Spring. If you use Spring injection via an xml file, you must use inheritance: Cheers, J. On Tue, May 29, 2012 at 2:31 PM, Dionis Argiri wrote: > Hi! > > I'm using struts 2.3.3. And I have marked following problem. When I have > some hierarchy of inheritance, then value is not automatically injected in > inherited action. Example: > > abstract class BaseAction extends ActionSupport { > ... > } > > class NewItem extends BaseAction { > ... > } > > class ItemDetails extends BaseAction { > protected BigInteger itemId; > public BigInteger getItemId(){return itemId;} > public void setItemId(BigInteger itemId){this.itemId=itemId;} > ... > } > > class SaveItem extends ItemDetails { > ... > } > > I submit form to action "SaveItem" and (surprise-surprise) value is not > injected into itemId. And I see OGNL exception, that there's no method > SaveItem.setItemId(BigInteger). > Only working work-around is to explicitly create setter in SaveItem action. > But I hate this approach, because it forces me to create stupid code. > > The same stuff is even if I try to make field public. Anyway, it's not seen > by framework and value is not injected. > > Is it a known issue? Or probably I'm just using struts2 actions somehow > strange? > > BR, > Dionis >
Re: conversion error repopulation not working
Integer. On Mon, May 28, 2012 at 10:04 AM, Łukasz Lenart < lukasz.len...@googlemail.com> wrote: > Is it int either Integer ? > > > Regards > -- > Łukasz > mobile +48 606 323 122 http://www.lenart.org.pl/ > Warszawa JUG conference - Confitura http://confitura.pl/ >
Re: conversion error repopulation not working
Thanks Lukasz for your reply. While preparing a minimal example, I got the reason of it all. The real situation is: - The input form has an int field - The value already available should be formatted and localized: 43,000 / 43.000 - In order to achive l10n, the input field tag is like this: In such a situation, the TextProviderHelper.getText() method is run, which obtains the value from the bean, rather than obtaining it from the wrong user input which was not possible to convert into the bean. It would be nice if there was a specific method which would check if the value to obtain is from an input field with conversion error. In such a case, it would obtain the value from the user input. If no error, the value would be from the bean. Does it make sense? Cheers, J. On Thu, May 24, 2012 at 8:10 AM, Łukasz Lenart wrote: > Could you add some code example ? > > > Regards > -- > Łukasz > mobile +48 606 323 122 http://www.lenart.org.pl/ > Warszawa JUG conference - Confitura http://confitura.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
conversion error repopulation not working
Hi, In order to implement a good user experience, I am trying to put into practice the conversion validator, as documented here: http://struts.apache.org/2.3.3/docs/conversion-validator.html The ideal would be: a form with one integer field. If the user enters a non valid integer, the value remains in the input field and the user is informed of the error like this: Invalid value '198o' for field 'Year'. (notice the letter at the end). For this, I declare the conversion-validator, and have to remove the conversionError from the interceptors stack. While debugging, the class ConversionErrorFieldValidator builds a map, with the full fieldName and the entered value. The method repopulateField from RepopulateConversionErrorFieldValidatorSupport is run, which in theory repopulates the stack with this code: if (doExprOverride) { invocation.addPreResultListener(new PreResultListener() { public void beforeResult(ActionInvocation invocation, String resultCode) { ValueStack stack = ActionContext.getContext().getValueStack(); stack.setExprOverrides(fakeParams); } }); } However, when showing the jsp for user input, the invalid value is not in the form input field. It does not seem to work as documented in the mentioned url. Cheers, J.
Re: Does the StrutsTestCase test filters defined in web.xml?
I recommend you use canoo webtest. This is not a unit test tool, but integration test tool. This is the tool used for instance in AppFuse. It has specific pdf verification steps. Cheers, J. On Mon, May 14, 2012 at 5:33 PM, Miguel Almeida wrote: > Hi Steve, > > On Mon, 2012-05-14 at 11:09 +0100, Steve Higham wrote: > > > Hi Miguel, > > > > I haven't used the StrutsSpringTestCase however I have made use of the > StrutsTestCase. > > > > This only tests the interceptor stack / Action / Result. There is no web > server involved and no attempt to render the resulting page. > > Yes, that's what I thought. > > > You could try looking at Apache Cactus or Apache HttpClient to test this > behaviour? Alternatively if you generate the file within Struts then the > StrutsTestCase will suffice. I've generated exports from Struts this way. > > > > Both are no longer maintained (I guess httpclient got replaced with > Apache http components (http://hc.apache.org/ ) but I haven't explored > this yet. > > For this case (testing the pdf output created by the displaytag) I don't > think it'll be worth it to invest in a new testing setup: this is the > only thing that is produced outside the scope of struts and a manual > inspection might suffice. > > However, I do want to explore other tools that are available to test the > http request/response, so I'll look into this further. > > Cheers, > > Miguel Almeida > > > Cheers, > > > > Steve > > > > -Original Message- > > From: Miguel Almeida [mailto:mig...@almeida.at] > > Sent: 14 May 2012 10:16 > > To: user@struts.apache.org > > Subject: Does the StrutsTestCase test filters defined in web.xml? > > > > Dear all, > > > > I am using StrutsSpringTestCase (which extends StrutsTestCase) to > perform some acceptance tests (under the skin). I am also using Displaytag ( > www.displaytag.org/1.2/ ) to build some tables in the view. > > This tag supports excel/pdf export, which uses a filter you configure in > web.xml [1] > > > > The way the filter works is, in short: a (odd looking, numerical) > parameter is added to the request. The filter checks for the existence of > that parameter and, if it exists, creates the pdf/excel. > > > > I want to test the creation of this file (and its contents). However, > when I debug the StrutsSpringTestCase test with a breakpoint on that filter > it does not stop there, so my questions are: > > > > 1) Does the StrutsTestCase not pass through other filters in your > web.xml, and only goes through the struts filter? > > 2) If so, is there anything else in the struts tests that could help me > out? How do you suggest I perform this test? > > > > Thank you, > > > > Miguel Almeida > > > > > > > > [1]- see http://www.displaytag.org/1.2/export_filter.html > > > > > > - > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > >