[ANN] Struts 2.0.11.2 General Availability Release with Important Security Fix

2008-07-15 Thread Rene Gielen
Apache Struts 2.0.11.2 is now available from . This release is a fast track security fix release, including a security fixed version 2.0.5 of XWork, which corrects a serious vulnerability in ParametersInterceptor allowing malicious users to remote

Re: [VOTE] Bring Convention plugin into trunk and deprecate Zero Config

2008-07-15 Thread Musachy Barroso
I was trying to find how if it was a different problem. After we started using ASM only classes that match either the package name or the "*Action" are loaded. Sometimes there are errors, for example, the eclipse jar files have a bunch of "*Action" classes in packages that have ".actions." in the

Re: [VOTE] Bring Convention plugin into trunk and deprecate Zero Config

2008-07-15 Thread Brian Pontarelli
Just to update this thread quick... The error is occurs mostly because the perm size is filling up or the loading of a specific class is causing the ClassLoader to error out. This the primary reason why I added the exclusions list. The other reason is that scanning the entire classpath and

Re: [VOTE] Bring Convention plugin into trunk and deprecate Zero Config

2008-07-15 Thread Musachy Barroso
> I did use Toplink Essentials and in its jar there is a package > called "persistence.antlr.actions". So the locators matched. Don't know why > it comes to an error, but I think it is the same reason Brian excluded > hibernate and some other packages by default. > Yes, that could be tricky, yet t

Re: [VOTE] Bring Convention plugin into trunk and deprecate Zero Config

2008-07-15 Thread Piero Sartini
> Yes, the wiki needs to be updated, I think the most common use case > will be that people will have their actions in their classes folder, > instead of jar files, so I changed it, but we can talk about it. I don't really care because its just one line of config. Personally I am with Brian and t

Re: [VOTE] Bring Convention plugin into trunk and deprecate Zero Config

2008-07-15 Thread Musachy Barroso
Yes, the wiki needs to be updated, I think the most common use case will be that people will have their actions in their classes folder, instead of jar files, so I changed it, but we can talk about it. musachy On Tue, Jul 15, 2008 at 10:43 AM, Piero Sartini <[EMAIL PROTECTED]> wrote: >> Then the

Re: [VOTE] Bring Convention plugin into trunk and deprecate Zero Config

2008-07-15 Thread Piero Sartini
> Then the classes that match the actionPackages > (named packages like "com.my.package") will be queued for processing, > as well as classes whose package matches one of the locators > ("action", "actions", etc). If you name your packages using > actionPackages, the plugin will find the classes i

Re: [VOTE] Bring Convention plugin into trunk and deprecate Zero Config

2008-07-15 Thread Musachy Barroso
the important code is this PackageBasedActionConfigBuilder:findActions: ClassFinder finder = new ClassFinder(getClassLoader(), buildUrlSet().getUrls(), true); // named packages if (actionPackages != null) { for (String packageName

Re: [VOTE] Bring Convention plugin into trunk and deprecate Zero Config

2008-07-15 Thread Piero Sartini
> yes, the locators. We could have an option like a "jar locators" which > would limit the jars scanned, it would be really easy to implement > with the URLSets. This could be a solution, but I can't imagine how to find a restriction that is useful We had to enforce a naming scheme on the mod

Re: [VOTE] Bring Convention plugin into trunk and deprecate Zero Config

2008-07-15 Thread Musachy Barroso
yes, the locators. We could have an option like a "jar locators" which would limit the jars scanned, it would be really easy to implement with the URLSets. musachy On Tue, Jul 15, 2008 at 3:51 AM, Piero Sartini <[EMAIL PROTECTED]> wrote: > Am Dienstag, 15. Juli 2008 09:44:52 schrieb Piero Sartini

Re: [s2] Struts 2 OSGi Plugin

2008-07-15 Thread Musachy Barroso
yeah, it was so elegant that when I finished it, I said to myslef, "now this is some some piece of work" and deleted it :). Then I though of maybe borrowing the code from tomcat for the jsp parser/compiler, and that was a no-go also. musachy On Tue, Jul 15, 2008 at 12:40 AM, alvins <[EMAIL PROTEC

Re: [VOTE] Bring Convention plugin into trunk and deprecate Zero Config

2008-07-15 Thread Piero Sartini
Am Dienstag, 15. Juli 2008 09:44:52 schrieb Piero Sartini: > The modules may be deployed in their own JAR file. If we disable global > scanning they would be ignored, right? JARScanning of course, not global scanning. - To unsubs

Re: [VOTE] Bring Convention plugin into trunk and deprecate Zero Config

2008-07-15 Thread Piero Sartini
Am Dienstag, 15. Juli 2008 03:53:26 schrieb Musachy Barroso: > The jars excluded from the scan will never have actions, like > freemarker, velocity, jdk jars, etc. You can completely disable the > scanning of jar files, and the plugin will scan only the specified > packages, wouldn't that cover the