The forward happens only to LoginAction. In some cases a PostBack will work but
in cases where we have given the end user a choice of applications PostBack
will not work as browser has to post back
the 1st request information rather than the second request information.
Agree I guess we have to m
On 5/16/2018 11:51 PM, Prasanth wrote:
> Would struts2 call this setRequest method even if the class is implementing
> just ServletRequestAware?
No. Additionally Struts RequestAware method signature is
setRequest(Map request); i.e. it's parameter is Map not
ServletRequest.
> Any insights as to
Another update, the LoginAction in Context2 had the below methods, two methods
to set the request. May be I have done RequestAware and then realized it should
be ServletRequestAware and did not
delete the setRequest method. I think having the setRequest is the culprit for
the invalid session ex
We use the path as / for the cookie path that allows the session to be shared
between context1 and context2. The JSESSIONID also remains the same when the
request is forwarded.
Martin asked me if we the action is session aware. It was not implementing
SessionAware interface even though session
On 5/16/2018 7:23 PM, Prasanth Pasala wrote:
> Exception: java.lang.IllegalStateException: UT10: Session is invalid
> r4yb7BtBx7fwmGbzMhgeyhvSFb3sAp6FhW6m-5Op
> at
> io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:481
> at
> i
; M-
> NB: I once contracted to the company that bought wildfly..we had to figure
> configuration by ourselves
>
> ----
> *From:* Prasanth Pasala
> *Sent:* Tuesday, May 15, 2018
Below is a complete stack trace.
Exception: java.lang.IllegalStateException: UT10: Session is invalid
r4yb7BtBx7fwmGbzMhgeyhvSFb3sAp6FhW6m-5Op
at
io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:481
at
io.undertow.servlet.spec.H
On 5/16/2018 6:59 AM, Prasanth Pasala wrote:
> We have two applications (websites) to make it easier for users we have a
> third site that acts as a common login place. Once the user enters the
> username and password it determines the right site to use and does a forward
> to that context (ap
ate in this community. Not a
>> member? Join Now!
>>
>>
>> jaikiran is a good resource that i met on a different userlist..i
>> would definitely ping him
>> stay in touch/let me know if setting session-cookie in
>standalone.xml
>> works
>>
&g
---
*From:* Prasanth Pasala
*Sent:* Tuesday, May 15, 2018 11:42 AM
*To:* user@struts.apache.org
*Subject:* Re: Struts2 login action class seems to be reused
See below the header information when the exception occurred. Strange
thing is JMeter is
11:42 AM
To: user@struts.apache.org
Subject: Re: Struts2 login action class seems to be reused
See below the header information when the exception occurred. Strange thing is
JMeter is saying it did not send any cookie (which is want I would except in
this case as it is just requesting the login
p
s Application Server JBossAS
> version Ships with Tomcat Servlet Spec JSP Spec 3.2.3 4.1.29 2.3
>
>
> MG>personally i wouldnt muck with TC i would suggest upgrading wildfly and
> getting jboss-web container
>
> hth
> martin
> __
>
>
>
>
>
> From: Norbert
t ships with JBoss Application Server JBossAS
> version Ships with Tomcat Servlet Spec JSP Spec 3.2.3 4.1.29 2.3
>
>
> MG>personally i wouldnt muck with TC i would suggest upgrading wildfly and
> getting jboss-web container
>
> hth
> martin
> ___
2.3 4.1.29 2.3
MG>personally i wouldnt muck with TC i would suggest upgrading wildfly and
getting jboss-web container
hth
martin
__
From: Norbert Hirneisen
Sent: Friday, March 2, 2018 6:55 PM
To: user@struts.apa
On 5/15/2018 12:45 AM, Prasanth Pasala wrote:
> A different issue is coming up now after the get methods are removed.
> Getting the below exception some times when you request the login page, at
> which point the browser doesn't have the session id
> yet, the session id mentioned would be a se
A different issue is coming up now after the get methods are removed. Getting
the below exception some times when you request the login page, at which point
the browser doesn't have the session id
yet, the session id mentioned would be a session id from a previous request
(from another thread,
I have removed the get methods from the LoginAction of /Context2 and that seems
to solve the problem. So seems like the LoginAction objects created because of
FORWARD some how are in the stack while a
LoginAction is created due to a REQUEST. Wondering if this can be replicated
without having two
On 4/23/2018 11:50 PM, Prasanth Pasala wrote:
> Get rid of the get methods in LoginAction, is this in /Context2 (application
> where the issue is occurring) or /Context1 (which forwards the requests to
> /Context2)?
>
That contexts who forwards request (Context1 I think) but you may do for
al
Get rid of the get methods in LoginAction, is this in /Context2 (application
where the issue is occurring) or /Context1 (which forwards the requests to
/Context2)?
Yes exactly. The new log shows, your previous contexts actions
(LoginAction@7f716c46 and LoginAction@35224c2f) are also present in
On 4/23/2018 10:12 PM, Prasanth Pasala wrote:
> The user is inputting username and password in /Context1, if I send a
> redirect they would have to enter username/password again in /Context2.
>
No, you already have them. I think you can use Struts PostbackResult [1]
in /Context1/LoginAction li
The two LoginAction classes below are from the same context (/Context2).
Context1 LoginAction would have a different package name. The issue occurs when
a user is requesting /Context2 directly rather
than when the request is forwarded, if the request is forwarded from /Context1
it would have the
On 4/23/2018 8:04 PM, Prasanth Pasala wrote:
> Found this one also but for almost all, the root size was 3. Below one was
> anomaly.
> Root Size: 4
> Result: null
> Object: com.opensymphony.xwork2.DefaultTextProvider@4d36d73d
> Object: com.nqadmin.webaccess.LoginAction@7f716c46
> Object: com.nqa
Found this one also but for almost all, the root size was 3. Below one was
anomaly.
Root Size: 4
Result: null
Object: com.opensymphony.xwork2.DefaultTextProvider@4d36d73d
Object: com.nqadmin.webaccess.LoginAction@7f716c46
Object: com.nqadmin.webaccess.LoginAction@35224c2f
Also found that the issu
Below is the result of the new logging.
Root Size: 3
Result: null
Object: com.opensymphony.xwork2.DefaultTextProvider@4d36d73d
Object: com.xx.webaccess.LoginAction@40c80ce8
Thanks,
Prasanth
On 04/21/2018 05:09 AM, Yasser Zamani wrote:
>
> On 4/19/2018 4:39 PM, Prasanth Pasala wrote:
>> There
On 4/19/2018 4:39 PM, Prasanth Pasala wrote:
> There is a index.jsp which is defined as default page in web.xml it just
> forwards the request to Login.action. There is no chaining of actions in
> struts itself. We do have a LoginFilter which verifies
> if a user is logged in.
>
So maybe ther
There is a index.jsp which is defined as default page in web.xml it just
forwards the request to Login.action. There is no chaining of actions in struts
itself. We do have a LoginFilter which verifies
if a user is logged in.
Thanks,
Prasanth
On 04/19/2018 03:26 AM, Yasser Zamani wrote:
>
> On 4
On 4/19/2018 7:21 AM, Prasanth Pasala wrote:
>
> com.opensymphony.xwork2.interceptor.ChainingInterceptor.copyStack(ChainingInterceptor.java:153)
>
> com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:143)
Thanks! These lines show Struts doesn't set use
Below is the stack trace for setting of username. So struts2 has set the
username, but that name doesn't exist in the request object.
Struts Data: Username: jsmith Action: Login
Request Data: Username: null Action: null
java.lang.Thread.getStackTrace(Thread.java:1559)
com.x.webaccess.LoginA
On 4/16/2018 7:19 PM, Prasanth Pasala wrote:
> So I am wondering where did these values come from into the instance
> variables?
Great! Please also get the current stack trace inside your action's
setUsername method and save it in a private string field inside your
action. Then when action and
Finally we redeployed the code with an added check to make sure the instance
variables populated by struts match the request parameters. With in few hours
of deployments we got emails indicating that
the values populated into the instance variables don't match those in request
parameters. Below
On 3/16/2018 11:00 PM, Prasanth Pasala wrote:
> There is only one reference to Util.authenticate in the project and that is
> in LoginAction.
>
If (those log record insertions are only possible via
LoginAction.execute method && IP field value of them are different and
are consistent with acces
There is only one reference to Util.authenticate in the project and that is in
LoginAction.
On 03/16/2018 02:13 PM, Yasser Zamani wrote:
> And you confirm that those log record insertions are only possible via
> LoginAction.execute method? Right? Or util.authenticate are called elsewhere
> also
And you confirm that those log record insertions are only possible via
LoginAction.execute method? Right? Or util.authenticate are called elsewhere
also?
On Mar 16, 2018, at 9:45PM, Prasanth Pasala
mailto:ppas...@pangburngroup.com>> wrote:
We have a pretty standard struts.xml just declaration o
We have a pretty standard struts.xml just declaration of action and the class
along with the results (tiles results). Nothing other than that.
On 03/16/2018 11:55 AM, Yasser Zamani wrote:
>
> On 3/16/2018 1:49 AM, Prasanth Pasala wrote:
>> We do have login time, using that and the IP to correlate
On 3/16/2018 1:49 AM, Prasanth Pasala wrote:
> We do have login time, using that and the IP to correlate that with the
> access logs. Not all login entries have corresponding POST entries in access
> log, so those would be our problems occurrences.
> They actual correspond to a GET entry from a
We do have login time, using that and the IP to correlate that with the access
logs. Not all login entries have corresponding POST entries in access log, so
those would be our problems occurrences.
They actual correspond to a GET entry from a user.
IP of the GET request of User1 matches with the
On 3/15/2018 5:21 PM, Prasanth Pasala wrote:
> User2 would have logged in some time before that, some times with in a minute
> before that. I haven't seen any requests from User2 exactly at the time of
> GET request from User1.
It's strange :)
Are login log records have same field values for
User2 would have logged in some time before that, some times with in a minute
before that. I haven't seen any requests from User2 exactly at the time of GET
request from User1.
Thanks,
Prasanth
On 03/15/2018 04:45 AM, Yasser Zamani wrote:
>
> On 3/14/2018 5:43 PM, Prasanth Pasala wrote:
>> We h
On 3/14/2018 5:43 PM, Prasanth Pasala wrote:
> We had a user report it soon after the deployment. After that we started
> looking into the specific user who reported (User1) and the user (whose
> information was seen by the reporting user) say User2.
> We realized there are login entries from s
We had a user report it soon after the deployment. After that we started
looking into the specific user who reported (User1) and the user (whose
information was seen by the reporting user) say User2.
We realized there are login entries from same IP for both of these users. In
the access log of t
On 3/10/2018 1:22 AM, Prasanth Pasala wrote:
> Ran tests with 1000 users logging in in 60sec while simultaneously 1000 users
> just requesting login page in 60 sec to see if any of them would get in with
> out username/password. No luck. System seems
> to be working properly. Also tried increas
Ran tests with 1000 users logging in in 60sec while simultaneously 1000 users
just requesting login page in 60 sec to see if any of them would get in with
out username/password. No luck. System seems
to be working properly. Also tried increasing it to 2000 it still worked as it
should with out t
On 3/8/2018 6:42 PM, Prasanth Pasala wrote:
> Wish I was able to consistently reproduce it. I have two thread groups in
> JMeter one thread group requests login page then logs in. Another thread
> group just requests login page. I have tried this
> with 100 users, 250 users in each thread group
Wish I was able to consistently reproduce it. I have two thread groups in
JMeter one thread group requests login page then logs in. Another thread group
just requests login page. I have tried this
with 100 users, 250 users in each thread group. I have varied the ramp up times
from 60sec to 300se
On 3/7/2018 11:23 PM, Prasanth Pasala wrote:
> If it is a session crossover we would display another user information
> without making a login entry. In the cases where we had issue the code
> recognized that there is no active session and went to the
> authentication part, authenticated the us
Thanks for looking into this Yasser. In the current setup we have, we don't
have a cluster, it is the only server handling all requests.
If it is a session crossover we would display another user information without
making a login entry. In the cases where we had issue the code recognized that
On 3/7/2018 7:34 PM, Prasanth wrote:
> I can't say that 2 percent of users were able to get in without
> username/password. As I have ran the JMeter tests a lot of times (each run
> with 100 users). Only during one of those runs of JMeter I
> had 2 requests get users home page when Login.action
/context1 is used just for directing users to the right application (or
context). Session is really maintained by /context2. Users can login directly
in /context2 or they can input username and
password in /context1 and they will be forwarded to the right context on of
which is /context2. So the
On 3/6/2018 9:42 PM, Prasanth Pasala wrote:
> In StrutsPrepareAndExecuteFilter below is the line that gets the action
> mapping, since the forceLookup is set to true the PrepareOperations class
> might be creating it again.
> ActionMapping mapping = prepare.findActionMapping(request, response,
On 3/5/2018 7:48 PM, Prasanth wrote:
> For replicating the issue I was directly accessing /context2/Login.action. So
> /context1 was not used in testing.
Please let me repeat what I understood; When some users are signed in
into /context1, you browses /context2/Login.action via JMeter empty
req
I am not defining any default action.
I would get the below exception if I set the ActionMapping to null. For some
reason the object doesn't go away, if I set it to null. After setting it to
null using
request.setAttribute("struts.actionMapping", null); I can get it using
getAttribute. The o
I am not using Spring. Using Struts1, Struts 2 (2.3.34), tiles 2.0.4
On 03/05/2018 11:57 AM, Adam Brin wrote:
> What are the annotations on the class? Is it possible that you're using
> Spring, and not declaring "prototype" scope. eg:
>
> @Scope("prototype")
>
> On Mon, Mar 5, 2018 at 10:49 AM, Y
What are the annotations on the class? Is it possible that you're using
Spring, and not declaring "prototype" scope. eg:
@Scope("prototype")
On Mon, Mar 5, 2018 at 10:49 AM, Yasser Zamani
wrote:
>
>
> On 3/5/2018 7:48 PM, Prasanth wrote:
> > But the Login filter had the below lines to make sur
On 3/5/2018 7:48 PM, Prasanth wrote:
> But the Login filter had the below lines to make sure forwarded requests from
> /context1
> would work.
>
> request.setAttribute("struts.actionMapping", new ActionMapping());
Please let me discuss this line first of all. I'm still surprised how
context2 a
Yes, login page is accessible always. Direct jsp access is not allowed, it has
to go through the actions. When a user requests /Login.action login jsp page is
displayed. When the user submits username
and password (Post to Login.action) the user is authenticated and home page is
displayed by Log
On 3/3/2018 12:37 AM, Prasanth Pasala wrote:
> I was able to replicate the issue today. Asked few users to keep logging in
> and ran jmeter to access login page, with out putting any username or
> password. Out of the 100 attempts 2 attempts were
> successful in getting in with out username/pas
Hi Norbert,
Struts1 actions are thread safe (no instance variables). The login
action has been moved to Struts2 with instance variables for username,
password and the issue is coming up with this new struts2 action. Which
is used for both displaying login page and also taking username/password
Hi Prasanth,
are you sure all your struts1 code is thread safe ? I had some similiar
problems in a struts1 application. After removing all action class
properties the problem was solved. Struts2 should be thread safe. But
your problems looks to me like a problem with thread safety.
Best regards,
I was able to replicate the issue today. Asked few users to keep logging in and
ran jmeter to access login page, with out putting any username or password. Out
of the 100 attempts 2 attempts were
successful in getting in with out username/password. I am seeing database login
entries for these tw
Hi,
I have an application which uses both struts1 & struts2. The login action was
recently moved to struts2. Immediately after the deployment we were notified
that one user is seeing a different user
information, so we had to move to older war files. I am not able to replicate
it. But after inv
60 matches
Mail list logo