Re: New warning message with V6.1.1 - SecurityMemberAccess...
śr., 4 sty 2023 o 19:53 Ralph Grove napisał(a): > > Could you try to use the simple theme? > > When I change it to theme=“simple”, the warning messages do not appear. It can be related to this fix https://github.com/struts-community-plugins/struts2-bootstrap/pull/51 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: New warning message with V6.1.1 - SecurityMemberAccess...
> On Jan 4, 2023, at 12:53 PM, Lukasz Lenart wrote: > > śr., 4 sty 2023 o 18:19 Ralph Grove napisał(a): >>> cssClass="form-vertical"> > > Could you try to use the simple theme? When I change it to theme=“simple”, the warning messages do not appear. > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: New warning message with V6.1.1 - SecurityMemberAccess...
śr., 4 sty 2023 o 18:19 Ralph Grove napisał(a): > cssClass="form-vertical"> Could you try to use the simple theme? Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: New warning message with V6.1.1 - SecurityMemberAccess...
I stripped the code down for further testing - this is what the minimal action
and jsp look like.
package org.personalitypad.action;
import com.opensymphony.xwork2.ActionSupport;
import java.util.Map;
import java.util.HashMap;
/** in struts.xml:
*
* /WEB-INF/jsp/test.jsp
*
*/
public class TestSetupAction extends ActionSupport {
private char status;
private Map statuses;
@Override
public String execute() {
final char ACTIVE = 'A', INACTIVE = 'I';
statuses = new HashMap<>();
statuses.put(ACTIVE, "Active");
statuses.put(INACTIVE, "Inactive");
status = ACTIVE;
return SUCCESS;
}
public char getStatus() {
return status;
}
public void setStatus(char status) {
this.status = status;
}
public Map getStatuses() {
return statuses;
}
public void setStatuses(Map statuses) {
this.statuses = statuses;
}
}
— test.jsp —
<%@page contentType=“text/html" pageEncoding="UTF-8" errorPage="error.jsp" %>
<%@taglib prefix="s" uri="/struts-tags" %>
<%@taglib prefix="sj" uri="/struts-jquery-tags" %>
<%@taglib prefix="sb" uri="/struts-bootstrap-tags" %>
http://www.w3.org/1999/xhtml;>
Personality Pad | Test
Test Page
> On Jan 4, 2023, at 11:39 AM, Lukasz Lenart wrote:
>
> wt., 3 sty 2023 o 20:40 Ralph Grove napisał(a):
>> The message is a result of the execution of this tag:
>> >name="status"
>>label="Status"
>>list="statuses" />
>
> Does any value on the list "statuses" have the value "disabled"?
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: New warning message with V6.1.1 - SecurityMemberAccess...
> On Jan 4, 2023, at 11:39 AM, Lukasz Lenart wrote:
>
> wt., 3 sty 2023 o 20:40 Ralph Grove napisał(a):
>> The message is a result of the execution of this tag:
>> >name="status"
>>label="Status"
>>list="statuses" />
>
> Does any value on the list "statuses" have the value "disabled"?
No, the list contains only two values:
public static final char ACTIVE = 'A', INACTIVE = 'I';
public static HashMap getStatusMap() {
HashMap statusMap = new HashMap<>();
statusMap.put(User.ACTIVE, "Active");
statusMap.put(User.INACTIVE, "Inactive");
return statusMap;
}
I searched the project for the string “.disabled” - it was not found anywhere.
I also searched for “disabled”, which was found once only, in a different jsp
(different from the one that triggers the warning messages):
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: New warning message with V6.1.1 - SecurityMemberAccess...
wt., 3 sty 2023 o 20:40 Ralph Grove napisał(a): > The message is a result of the execution of this tag: >name="status" > label="Status" > list="statuses" /> Does any value on the list "statuses" have the value "disabled"? Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: New warning message with V6.1.1 - SecurityMemberAccess...
You would have .disabled somewhere in your own app code ognl
expressions, I would guess. Could you please search for .disabled there?
Or put a break-point at [1] and see what ognl, how and why are trying to
access UIBean.disabled non-public member!
Regards
[1]
https://github.com/apache/struts/blob/master/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java#L99
On 1/3/2023 11:09 PM, Ralph Grove wrote:
I just upgraded from Struts2 2.5.3 to 6.1.1 . After a few tweaks (mostly
related to Bootstrap5), the application is running correctly, but it’s
generating a new warning message (always 4 times):
[WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess
- Access to non-public [protected java.lang.String
org.apache.struts2.components.UIBean.disabled] is blocked!
[WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess
- Access to non-public [protected java.lang.String
org.apache.struts2.components.UIBean.disabled] is blocked!
[WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess
- Access to non-public [protected java.lang.String
org.apache.struts2.components.UIBean.disabled] is blocked!
[WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess
- Access to non-public [protected java.lang.String
org.apache.struts2.components.UIBean.disabled] is blocked!
The message is a result of the execution of this tag:
The variables are setup by the action class shown below, which forwards to the
JSP containing the s:radio tag.
It seems to be working correctly, but the warning messages are puzzling. Does
anyone know why the warnings are appearing?
Thanks,
Ralph Grove
--
public class UserSetupAction extends ActionSupport {
private static final Logger logger =
LogManager.getLogger(UserSetupAction.class);
private String userId;
private String firstName;
private String lastName;
private Calendar lastActivity;
private Boolean projectAdmin;
private Boolean systemAdmin;
private char status;
private Calendar statusDate;
private Map statuses;
@Override
public String execute() throws SQLException {
try {
User user = UserPersistence.getUser(userId);
firstName = user.getFirstName();
lastName = user.getLastName();
lastActivity = user.getLastActivity();
projectAdmin = user.getProjectAdmin();
systemAdmin = user.getSystemAdmin();
status = user.getStatus();
statusDate = user.getStatusDate();
statuses = User.getStatusMap();
return SUCCESS;
} catch (Exception e) {
logger.error("USA.execute(): ", e);
return ERROR;
}
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public Calendar getLastActivity() {
return lastActivity;
}
public void setLastActivity(Calendar lastActivity) {
this.lastActivity = lastActivity;
}
public Boolean getProjectAdmin() {
return projectAdmin;
}
public void setProjectAdmin(Boolean projectAdmin) {
this.projectAdmin = projectAdmin;
}
public Boolean getSystemAdmin() {
return systemAdmin;
}
public void setSystemAdmin(Boolean systemAdmin) {
this.systemAdmin = systemAdmin;
}
public char getStatus() {
return status;
}
public void setStatus(char status) {
this.status = status;
}
public Calendar getStatusDate() {
return statusDate;
}
public void setStatusDate(Calendar statusDate) {
this.statusDate = statusDate;
}
public Map getStatuses() {
return statuses;
}
public void setStatuses(Map statuses) {
this.statuses = statuses;
}
}
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
New warning message with V6.1.1 - SecurityMemberAccess...
I just upgraded from Struts2 2.5.3 to 6.1.1 . After a few tweaks (mostly
related to Bootstrap5), the application is running correctly, but it’s
generating a new warning message (always 4 times):
[WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess
- Access to non-public [protected java.lang.String
org.apache.struts2.components.UIBean.disabled] is blocked!
[WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess
- Access to non-public [protected java.lang.String
org.apache.struts2.components.UIBean.disabled] is blocked!
[WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess
- Access to non-public [protected java.lang.String
org.apache.struts2.components.UIBean.disabled] is blocked!
[WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess
- Access to non-public [protected java.lang.String
org.apache.struts2.components.UIBean.disabled] is blocked!
The message is a result of the execution of this tag:
The variables are setup by the action class shown below, which forwards to the
JSP containing the s:radio tag.
It seems to be working correctly, but the warning messages are puzzling. Does
anyone know why the warnings are appearing?
Thanks,
Ralph Grove
--
public class UserSetupAction extends ActionSupport {
private static final Logger logger =
LogManager.getLogger(UserSetupAction.class);
private String userId;
private String firstName;
private String lastName;
private Calendar lastActivity;
private Boolean projectAdmin;
private Boolean systemAdmin;
private char status;
private Calendar statusDate;
private Map statuses;
@Override
public String execute() throws SQLException {
try {
User user = UserPersistence.getUser(userId);
firstName = user.getFirstName();
lastName = user.getLastName();
lastActivity = user.getLastActivity();
projectAdmin = user.getProjectAdmin();
systemAdmin = user.getSystemAdmin();
status = user.getStatus();
statusDate = user.getStatusDate();
statuses = User.getStatusMap();
return SUCCESS;
} catch (Exception e) {
logger.error("USA.execute(): ", e);
return ERROR;
}
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public Calendar getLastActivity() {
return lastActivity;
}
public void setLastActivity(Calendar lastActivity) {
this.lastActivity = lastActivity;
}
public Boolean getProjectAdmin() {
return projectAdmin;
}
public void setProjectAdmin(Boolean projectAdmin) {
this.projectAdmin = projectAdmin;
}
public Boolean getSystemAdmin() {
return systemAdmin;
}
public void setSystemAdmin(Boolean systemAdmin) {
this.systemAdmin = systemAdmin;
}
public char getStatus() {
return status;
}
public void setStatus(char status) {
this.status = status;
}
public Calendar getStatusDate() {
return statusDate;
}
public void setStatusDate(Calendar statusDate) {
this.statusDate = statusDate;
}
public Map getStatuses() {
return statuses;
}
public void setStatuses(Map statuses) {
this.statuses = statuses;
}
}
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
