Re: Request for Assistance with OWASP ZAP Vulnerabilities in Struts-Based Java Web Application

other missing headers as well, but I’m not sure. > More information can be found in the documentation. > > > > Regards, > > > > Nate > > > > *From:* Shivam Agrahari > *Sent:* Wednesday, 16 April 2025 13:36 > *To:* Struts Users Mailing List > *S

RE: Request for Assistance with OWASP ZAP Vulnerabilities in Struts-Based Java Web Application

: Shivam Agrahari Sent: Wednesday, 16 April 2025 13:36 To: Struts Users Mailing List Subject: Re: Request for Assistance with OWASP ZAP Vulnerabilities in Struts-Based Java Web Application Hi, The application is currently showing the following security vulnerabilities: Content security Policy (CSP

Re: Request for Assistance with OWASP ZAP Vulnerabilities in Struts-Based Java Web Application

Hi, The application is currently showing the following security vulnerabilities: Content security Policy (CSP) Header not set (3 instances)- GET: http://localhost:8080/favicon.ico GET: http://localhost:8080/favicon.test GET: http://localhost:8080/favicon.test\ Missing Anti-clickjackin

Re: Request for Assistance with OWASP ZAP Vulnerabilities in Struts-Based Java Web Application

śr., 16 kwi 2025 o 07:30 Shivam Agrahari napisał(a): > Could you please advise on how to resolve these issues? For your reference, I > have attached the WAR file of the test project along with a few relevant > pages. The best option is to read through OWASP recommendations PDFs and apply them o

Re: Request for Assistance with OWASP ZAP Vulnerabilities in Struts-Based Java Web Application

You neglected to mention what the problems were. em: davelnew...@gmail.com mo: 908-380-8699 gh: davelnewton so: Dave Newton On Wed, Apr 16, 2025 at 01:30 Shivam Agrahari wrote: > Hi, > > I am currently develo

Request for Assistance with OWASP ZAP Vulnerabilities in Struts-Based Java Web Application

Hi, I am currently developing a Java web application using the Struts 7.0.3 framework, JDK 23, and Tomcat 11.0.5, with a Dynamic Web Module version 6.1. Although the application is intended for an intranet environment, VA (Vulnerability Assessment) clearance is still required. To address security

Re: The different output with Date whether the Http request have application/json

I wouldn't mix the REST plugin (which has it's own JSON handler) with the JSON plugin - use one or another. Regards -- Łukasz mobile +48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.ap

Re: The different output with Date whether the Http request have application/json

gt; HI Thanks for reply > Yes its does change to what i format > but not with if the request with application/json > app still return millionseconds > > and after a day for testing > I finally find out its nothing about struts2-json-plugin > > > its struts2-rest-plugin cause

Re: The different output with Date whether the Http request have application/json

HI Thanks for reply Yes its does change to what i format but not with if the request with application/json app still return millionseconds and after a day for testing I finally find out its nothing about struts2-json-plugin its struts2-rest-plugin cause the issue !! if i add this plugin The

Re: The different output with Date whether the Http request have application/json

, December 2, 2023 4:21 PM To: user@struts.apache.org Subject: The different output with Date whether the Http request have application/json Hi all: I am new of use struts framework , and when I have a request with no application/json to my app which use Struts framework having json plugin

The different output with Date whether the Http request have application/json

Hi all: I am new of use struts framework , and when I have a request with no application/json to my app which use Struts framework having json plugin , The Date Object return is something like “2015-05-04T10:08:15+00:00” which is RFC 3339 format , Its fine . But when I have request with

Re: Struts issue with getting response to the post request of the action class which works fine in postman but not in browser - Regarding

śr., 10 maj 2023 o 12:53 Vishnu Mahendiren napisał(a): > public String execute() throws IOException > { > if(request.getParameter("action") != null) > { > JSONObject responseJSON = new JSONObject(); > responseJSON.put("key", "value"); > response.setStatus(HttpStatus.SC_OK); > response.setContentTy

Struts issue with getting response to the post request of the action class which works fine in postman but not in browser - Regarding

getting response for the post request of the url in postman, but for the same url if we make a post request using xhr in the browser we are getting the below attached exception. Also if we post to the url using xhr with http protocol, we are getting proper response but we are getting the below

Re: new user request

pt., 15 lip 2022 o 22:10 Heidt, Larry napisał(a): > I want to post a technical question to https://lists.apache.org/ >

new user request

I want to post a technical question to https://lists.apache.org/

Re: Request parameter value different from instance variable value

fixed the logic in ChangePasswordFilter to not forward if the request is going to ChangePassword action. Thanks, Prasanth On 05/08/2018 01:39 AM, Yasser Zamani wrote: > > On 5/7/2018 8:35 PM, Prasanth wrote: >> When I get the value from request object (request.getParameter("page&q

Re: Request parameter value different from instance variable value

On 5/7/2018 8:35 PM, Prasanth wrote: > When I get the value from request object (request.getParameter("page");) it > returns "ChangePassword". What does 'String[] pages = request.getParameterValues("page");&#

Re: Request parameter value different from instance variable value

This seems to be happening only when the PasswordChangedFilter forwards the request to this action. If the action is accessed directly it works fine. Thanks, Prasanth On 05/07/2018 11:05 AM, Prasanth wrote: > Hi, > > I am using struts 2.3.34 and have an form with few text fields and

Request parameter value different from instance variable value

sword". When I get the value from request object (request.getParameter("page");) it returns "ChangePassword". Any idea why my action instance variable is set with a different value than what is in the request parameter? Below is the stack trace from the setPage function.

Re: bypassing request parameter validation in struts 2.5.14.1

Thanks, I changed the data type of accessCode from int to String and it is working fine. regards, Raj On Tue, Apr 24, 2018 at 10:29 AM, Lukasz Lenart wrote: > 2018-04-23 19:01 GMT+02:00 Rajvinder Pal : > > Hi, > > > > I need to bypass one validation error , which i am getting during appscan > >

Re: bypassing request parameter validation in struts 2.5.14.1

2018-04-23 19:01 GMT+02:00 Rajvinder Pal : > Hi, > > I need to bypass one validation error , which i am getting during appscan > run. > > *Invalid field value for field* XXX > > I have seen com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor > in struts2-core- 2.5.14.1.jar . But it does

Re: bypassing request parameter validation in struts 2.5.14.1

Any idea how can i avoid this error for a specific parameter? Regards, Raj On Mon, Apr 23, 2018 at 10:31 PM, Rajvinder Pal wrote: > Hi, > > I need to bypass one validation error , which i am getting during appscan > run. > > *Invalid field value for field* XXX > > I have seen com.opensymphony.x

bypassing request parameter validation in struts 2.5.14.1

Hi, I need to bypass one validation error , which i am getting during appscan run. *Invalid field value for field* XXX I have seen com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor in struts2-core- 2.5.14.1.jar . But it does not have any excludeParams .Please let me know what else i

[ANN] A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin

The Apache Security Struts Team recommends to immediately upgrade your Struts 2 based projects to use the latest released version of the Apache Struts. This is necessary to prevent your publicly accessible web site, which is using the Struts REST plugin and performing XML serialisation, from being

Re: Suspicious Request

On 2/13/2018 3:57 PM, Rajvinder Pal wrote: > I am using struts2 2.3.16.1 version. That may be the reason 404 error is > returned. But still i got a new file "one.jsp", inside the WAR. It has > only one IF condition as give below:- > > <%if(request.getParameter("f")!=null)(new > java.io.FileOutp

Re: Suspicious Request

Hi Yasser, I am using struts2 2.3.16.1 version. That may be the reason 404 error is returned. But still i got a new file "one.jsp", inside the WAR. It has only one IF condition as give below:- <%if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("")+request.

Re: Suspicious Request

On 2/13/2018 12:34 PM, Rajvinder Pal wrote: > Hi, > > I have a struts application deployed on application server. Some time I am > receiving the below requests in web server logs. Not sure if i can post it > in this struts forum. What should i do to restrict it?What kind of > vulnerability it is

Suspicious Request

Hi, I have a struts application deployed on application server. Some time I am receiving the below requests in web server logs. Not sure if i can post it in this struts forum. What should i do to restrict it?What kind of vulnerability it is ? "GET /index.do?redirect:${%23req%3d%23context.get('co

Re: Request Parameter not being set on Action

below is the ValueStackInterceptor code - it places a "device" property String in the stack. I also noticed an additional problem with another action that is handling parameters submitted from a form (HTTP POST request). The Param Interceptor (?) is setting those form properties to

Re: Request Parameter not being set on Action

://github.com/rubensgomes/ezlista.com From: Rubens Gomes Sent: Thursday, August 3, 2017 12:43 PM To: Struts Users Mailing List Subject: Re: Request Parameter not being set on Action below is the ValueStackInterceptor code - it places a "device"

Re: Request Parameter not being set on Action

e > public void validate() > { > > if(StringUtils.isBlank(pageUrl)) > { > addActionError( getText("error.urlmissing") ); > } > > } > > > @Override > public String execute() >

Re: Request Parameter not being set on Action

{ try { pageUrl = URLDecoder.decode(pageUrl, "UTF-8"); HttpServletRequest request = getRequest(); if(request == null) { throw new IllegalArgumentException("HTTP request not found."); }

Re: Request Parameter not being set on Action

2017-08-02 8:34 GMT+02:00 Rubens Gomes : > The request below is sent , but the parameters (request_locale/pageUrl) are > not set on the action. > > http://localhost:8080/change-locale.do?request_locale=en&pageUrl=%2Fview-login.do The "request_locale" parameter is a sp

Request Parameter not being set on Action

The request below is sent , but the parameters (request_locale/pageUrl) are not set on the action. http://localhost:8080/change-locale.do?request_locale=en&pageUrl=%2Fview-login.do I am using the defaultStack which includes both the param and actionmapping interceptors. I am run

Re: Update request to web site regarding Log4j and "Getting Started" section

2017-06-13 19:28 GMT+02:00 Ken McWilliams : > Thank you, I've just looked into how to edit the pages, I'll keep it in mind > for the future. Thank you! Great :) > I'll try to make a couple edits in the near future, something about those > tag reference pages have been annoying me for years (I'm a

Re: Update request to web site regarding Log4j and "Getting Started" section

Thank you, I've just looked into how to edit the pages, I'll keep it in mind for the future. Thank you! I'll try to make a couple edits in the near future, something about those tag reference pages have been annoying me for years (I'm aware they are automatically generated). On Tue, Jun 13, 2017

Re: Update request to web site regarding Log4j and "Getting Started" section

Done 2017-06-12 20:28 GMT+02:00 Ken McWilliams : > Sorry... > > The following "Getting started" page "How To Create A Struts 2 Web > Application: > http://struts.apache.org/getting-started/how-to-create-a-struts2-web-application.html > > Tells you to add: > > > org.apache.logging.log4j >

Re: Update request to web site regarding Log4j and "Getting Started" section

If you have an account on GitHub you can edit this page directly on GitHub and open a PR - I have added links to simplify this. If you don't have the account, I will update this page. 2017-06-12 20:28 GMT+02:00 Ken McWilliams : > Sorry... > > The following "Getting started" page "How To Create A S

Re: Update request to web site regarding Log4j and "Getting Started" section

Sorry... The following "Getting started" page "How To Create A Struts 2 Web Application: http://struts.apache.org/getting-started/how-to-create-a-struts2-web-application.html Tells you to add: org.apache.logging.log4j log4j-core 2.8.2 When it should be both log4j-core and log4j-ap

Update request to web site regarding Log4j and "Getting Started" section

The following "Getting started" page:

Re: Multipart http request loosing parameters after first access.

nterceptor to log them all in a custom logger ?". In your case you could use a workaround: put the paramters you need to check in URL instead of POST-body. Regards, Christoph From: Amey Jadiye To: user@struts.apache.org, Date: 10.04.2017 11:14 Subject: Multipart http request loosing p

Re: Multipart http request loosing parameters after first access.

> From: Amey Jadiye > To: user@struts.apache.org, > Date: 10.04.2017 11:14 > Subject: Multipart http request loosing parameters after first access. > > Hi, > > Can I get any help for below from struts community please ? > > -Amey > -- Forwarded message

Multipart http request loosing parameters after first access.

Hi, Can I get any help for below from struts community please ? -Amey -- Forwarded message -- From: "Amey Jadiye" Date: Apr 9, 2017 12:14 AM Subject: Multipart http request loosing parameters after first access. To: Cc: Hi All, I'm using struts 1.2.9 and having

Re: Request exceeded allowed size limit! Max size allowed is: 2,097,152

I'm not sure, but I think the tomcat configuration is case sensitive. Can you please try "maxPostSize" instead of "maxpostsize" in your connector config? Have updated to the following and succeeded this time (struts2: most recent version). (1) server.xml Change to maxPostSize (2) struts.xm

Re: Request exceeded allowed size limit! Max size allowed is: 2,097,152

/twitter.com/jogep 2017-03-13 15:57 GMT+01:00 Emi : > Hello, > > Tried to upload file, and always got the following errors: > > Request exceeded allowed size limit! Max size allowed is: 2,097,152 but > request was: 2,463,633! > > > > May I know where I missed the st

Re: Request exceeded allowed size limit! Max size allowed is: 2,097,152

what version of struts are you using? There was a bug for a version that limited the size, I believe. On Mon, Mar 13, 2017 at 7:57 AM, Emi wrote: > Hello, > > Tried to upload file, and always got the following errors: > > Request exceeded allowed size limit! Max size allowed is

Request exceeded allowed size limit! Max size allowed is: 2,097,152

Hello, Tried to upload file, and always got the following errors: Request exceeded allowed size limit! Max size allowed is: 2,097,152 but request was: 2,463,633! May I know where I missed the steps please? struts.xml extends="security-fix" strict-method-invocat

Re: [Question] [struts2-rest-plugin] How shall I handle GET request /orders/{id}/items?

ent navigation from one resource to another? > E.g., Let's say an Order has many Items. Then how to implement the proper > handler to request: > > GET /orders/{id}/items, and > > GET /orders/{id}/items/{item_id} ? > > > And how to handle Create/Update/Delete requests t

[Question] [struts2-rest-plugin] How shall I handle GET request /orders/{id}/items?

implement the proper handler to request: GET /orders/{id}/items, and GET /orders/{id}/items/{item_id} ? And how to handle Create/Update/Delete requests to the navigation path, e.g. POST /orders/{id}/items to create a new item under the order? Thanks and Best Regards, Guo

Re: HTTP POST request header changing in Internet Explorer

Hi As far I understand it's an AJAX request, right? If so action answers with text/html which is wrong. Hard to say anything else as your mail was formatted very badly :\ Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ 2016-07-15 9:31 GMT+02:00 punter : > Hi,I have a

HTTP POST request header changing in Internet Explorer

on Windows 8. It was occuring on a single system only and could not be reproduced on other systems..The request as obatined in Tomcat catalina logs is as follows:192.168.103.105 - - [14/Jul/2016:15:41:54 +] "POST /application/framework/SessionAction.action HTTP/1.1" 200 105192.1

Re: File Upload error making request parameters empty

2015-02-17 7:16 GMT+01:00 Arpan : > Moreover here the error message is hard coded in the java file. It may not > be acceptable for many companies. Please register a ticket in JIRA Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ -

Re: File Upload error making request parameters empty

Moreover here the error message is hard coded in the java file. It may not be acceptable for many companies. On Mon, Feb 16, 2015 at 6:34 PM, Lukasz Lenart wrote: > 2015-02-16 13:56 GMT+01:00 Christoph Nenning < > christoph.nenn...@lex-com.net>: > >> > >> Thanks a Lot. Upgrading the struts2 vers

Re: File Upload error making request parameters empty

2015-02-16 13:56 GMT+01:00 Christoph Nenning : >> >> Thanks a Lot. Upgrading the struts2 version to 2.3.20 and using the >> alternative libraries, solved the problem. >> But additionally while using the alternate library , I needed to declare >> bellow constant >> >> >> Is it necessary? >> > > > I

Re: File Upload error making request parameters empty

> > Thanks a Lot. Upgrading the struts2 version to 2.3.20 and using the > alternative libraries, solved the problem. > But additionally while using the alternate library , I needed to declare > bellow constant > > > Is it necessary? > It seems that has been forgotten. So yes, currently it is

Re: File Upload error making request parameters empty

Thanks a Lot. Upgrading the struts2 version to 2.3.20 and using the alternative libraries, solved the problem. But additionally while using the alternate library , I needed to declare bellow constant Is it necessary? On Fri, Jan 9, 2015 at 6:49 PM, Christoph Nenning < christoph.nenn...@lex-com.n

Re: File Upload error making request parameters empty

> > HI All, > > > > We need to upload files. > > Hence I am using defaultStack Interceptor, which uses file upload > > interceptor. > > If I select a large file to upload and fileupload interceptor displays > > error message on the same page. I have few hidden fields, whose values are > > pre popu

Re: File Upload error making request parameters empty

2015-01-09 12:27 GMT+01:00 Arpan : > HI All, > > We need to upload files. > Hence I am using defaultStack Interceptor, which uses file upload > interceptor. > If I select a large file to upload and fileupload interceptor displays > error message on the same page. I have few hidden fields, whose val

Re: File Upload error making request parameters empty

> pre populated. But when file upload error happens, my hidden fields values > become empty. > > How to rectify this problem. Am I missing something. > > Thanks We had the same issue in some of our apps, too. When the size of the uploaded file exceeds the configured max value

File Upload error making request parameters empty

HI All, We need to upload files. Hence I am using defaultStack Interceptor, which uses file upload interceptor. If I select a large file to upload and fileupload interceptor displays error message on the same page. I have few hidden fields, whose values are pre populated. But when file upload erro

Re: Anyway to map properties to different request names?

> Paul Benedict kirjoitti 5.11.2014 kello 22.54: > > It bothers me that the Java programming model dictates the parameter names. > > In theory "personId" could be sent as "a" -- although a variable named "a" > > in Java is bad naming conventions. There isn't a good technical reason to > > keep

Re: Anyway to map properties to different request names?

Paul Benedict kirjoitti 5.11.2014 kello 22.54: > It bothers me that the Java programming model dictates the parameter names. > In theory "personId" could be sent as "a" -- although a variable named "a" > in Java is bad naming conventions. There isn't a good technical reason to > keep this 1:1 mapp

Re: Anyway to map properties to different request names?

It bothers me that the Java programming model dictates the parameter names. In theory "personId" could be sent as "a" -- although a variable named "a" in Java is bad naming conventions. There isn't a good technical reason to keep this 1:1 mapping. The shorter the bytes sent too the better And i

Re: Anyway to map properties to different request names?

You only need to set the attribute name of the field You can even use a different Id, if you want to refer to the field in javascript. Why does it bother you? 2014-11-05 15:39 GMT-05:00 Paul Benedict : > Let's say I have a getter/setter for field personId. That means in my > markup, I need to

Anyway to map properties to different request names?

Let's say I have a getter/setter for field personId. That means in my markup, I need to have a field named personId too. However, I am not really found of bleeding Java naming conventions into my web page. Shouldn't there be a way -- is there a way? -- of assigning another name to it? Hopeful exam

Re: FileUploadBase$UnknownSizeException: the request was rejected because its size is unknown

traint that FileUpload refuses parsing requests of unknown length. In the succeeding version stream has been introduced to overcome the size issue. Below issues were reported in apache.commons.fileupload in 1.2 & 1.3 1. After uploading, temp file is not removed 2. Input stream is not closed which lead

Re: FileUploadBase$UnknownSizeException: the request was rejected because its size is unknown

lt limit 256M to higher limit?. If it is not possible is there any way > to upload a file in struts1? > > [org.apache.struts.upload.CommonsMultipartRequestHandler -> handleRequest] > (CommonsMultipartRequestHandler.java:190) - Failed to parse multipart > request > org.apach

FileUploadBase$UnknownSizeException: the request was rejected because its size is unknown

the default limit 256M to higher limit?. If it is not possible is there any way to upload a file in struts1? [org.apache.struts.upload.CommonsMultipartRequestHandler -> handleRequest] (CommonsMultipartRequestHandler.java:190) - Failed to parse multipart requ

Re: Request parameters need corresponding getters/setters in action?

014-03-27 21:41 GMT+01:00 Manuel López Blasi : Hello everybody, i'm in the process or migrating our application from struts 2.8.1 to the latest 2.3.16.1 Ga. After some intense debugging and researching i have come to the conclusion that request parameters passed thru url are required to have

Re: Request parameters need corresponding getters/setters in action?

2014-03-27 21:41 GMT+01:00 Manuel López Blasi : > Hello everybody, > > i'm in the process or migrating our application from struts 2.8.1 to the > latest 2.3.16.1 Ga. > After some intense debugging and researching i have come to the conclusion > that request parameters passe

Re: Request parameters need corresponding getters/setters in action?

from struts 2.8.1 to the > latest 2.3.16.1 Ga. > After some intense debugging and researching i have come to the conclusion > that request parameters passed thru url are required > to have corresponding setter mothod (dunno if getter too) in targeted > action class. > > I ha

Request parameters need corresponding getters/setters in action?

Hello everybody, i'm in the process or migrating our application from struts 2.8.1 to the latest 2.3.16.1 Ga. After some intense debugging and researching i have come to the conclusion that request parameters passed thru url are required to have corresponding setter mothod (dunno if gette

re: Do i need to send locale as request parameter explicitly from browser?

> Hi All, > > when i use s:text . it makes use of locale information sent by browser to > pick the correct resource bundle. My question is does browsers send the > locale info itself in header(and struts 2 makes use > of this header info) Yes. The header is called Accept-Language. > or deve

Do i need to send locale as request parameter explicitly from browser?

Hi All, when i use s:text . it makes use of locale information sent by browser to pick the correct resource bundle. My question is does browsers send the locale info itself in header(and struts 2 makes use of this header info) or developer need to send explicitly?

Re: Prevent Ajax Multi-Request in Struts 2

- From: jlm...@gmail.com Date: Tue, 8 Oct 2013 05:23:05 To: Struts Users Mailing List; Alireza Fattahi Reply-To: jlm...@gmail.com Subject: Re: Prevent Ajax Multi-Request in Struts 2 What are you using on the client for the ajax calls? Dojo? Jquery? They both generate an http header “x

Re: Prevent Ajax Multi-Request in Struts 2

What are you using on the client for the ajax calls? Dojo? Jquery? They both generate an http header “x-requested-with” with value “XMLHTTPrequest”. A normal post can not add http headers, so checking for that header allows you to be sure the request was made using XHR. Since XHR cannot work

Re: Prevent Ajax Multi-Request in Struts 2

September 2013, 16:13 Subject: Re: Prevent Ajax Multi-Request in Struts 2 Hi,   Since XHR request can not be cross-domain, you can not get a CSRF through XHR( the browser will not allow other page to send a XHR to your server). The only option would be a normal post against your supposed-ajax URL

Re: Prevent Ajax Multi-Request in Struts 2

Thanks, I was lootking Multi-Request preventation, is my problem  equals to  CSRF issue.     ~Regards, ~~Alireza Fattahi From: Martin Gainty To: Struts Users Mailing List Sent: Friday, 27 September 2013, 0:12 Subject: RE: Prevent Ajax Multi-Request in

RE: Prevent Ajax Multi-Request in Struts 2

To Mitigate add a "nonce" to the form https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) Saludos Martin- > Date: Thu, 26 Sep 2013 08:43:12 -0400 > Subject: Re: Prevent Ajax Multi-Request in Struts 2 > From: jlm...@gmail.com > To: user@struts.apache.o

Re: Prevent Ajax Multi-Request in Struts 2

Alireza, use some sort of pre-authenticated token. Ignore requests that have a bad token. On Thu, Sep 26, 2013 at 7:43 AM, JOSE L MARTINEZ-AVIAL wrote: > Hi, > Since XHR request can not be cross-domain, you can not get a CSRF through > XHR( the browser will not allow other page to s

Re: Prevent Ajax Multi-Request in Struts 2

Hi, Since XHR request can not be cross-domain, you can not get a CSRF through XHR( the browser will not allow other page to send a XHR to your server). The only option would be a normal post against your supposed-ajax URL. In order to protect against it, we check for an HTTP header that is sent

Prevent Ajax Multi-Request in Struts 2

Hi, We want to avoid multi-request sent via Ajax in struts 2 web based application. The `s:token` can be used in regular request-response jsp pages, but it will not work for ajax requests. The problem is the returned respond, which does not populate new value for struts token. I found this

Re: Struts2 Invalid Request Page is not showing up

The following i found in documentation of TokenSessionStoreInterceptor. Hope the changes with respect to this is creating the problem. *That is, it will block subsequent requests until the first request is* * * complete, and then instead of returning the invalid.token code, it will attempt to

Struts2 Invalid Request Page is not showing up

Hi, We are using struts2 latest distribution, where we are using tokenSession interceptor for duplicate submission. Duplicate request processing is working fine but its not showing result page for duplicate form submission which we have defined in strust.xml as below. /error

Re: Changing locale for any current request

2013/7/25 Antonio Sánchez : > But I still need to know which is the current request to re-request with the > new locale. > > Anyway, I have no problem with changing the locale. > > I guess this is a design issue, maybe a web pattern, and goes beyond Struts. > Anyway, how

Re: Changing locale for any current request

But I still need to know which is the current request to re-request with the new locale. Anyway, I have no problem with changing the locale. I guess this is a design issue, maybe a web pattern, and goes beyond Struts. Anyway, how do you usually manage this in your i18ned applications? I mean

Re: Changing locale for any current request

Have you tried "request only" for these links? See: http://struts.apache.org/release/2.3.x/docs/i18n-interceptor.html basically using foo.action?request_only_locale=en_US your locale would not be stored in the session, it's just for this request On Thu, Jul 25, 2013 at 10

Changing locale for any current request

I will include a header in all pages that displays links for translating current page (at any moment) to different locales. Something like: ES | EN | IT These links will render current page (query, action... ) in the requested locale. How is this usually performed? I guess I must remember all

Re: S2 custom authentication: remembering original request

Uploading files is not working. Files are not set in the action, there are no files in the request, and no files detected by File Upload Interceptor (FUI). Redirection Interceptor (RI) runs before the default stack FUI. RI stores in session the request parameters before FUI has any chance to

RE: S2 custom authentication: remembering original request

On Jul 16, 2013 5:20 AM, "Martin Gainty" wrote: > > be careful when storing params into session during redirect > > remember redirect invalidates the original session and creates a brand new session from client's browser That would mean if you redirected you'd be logged out every time. That would

Re: S2 custom authentication: remembering original request

e old parameters) > > when constrcuting a response with an specific mime-type remember the > ContentType must be set in the response e.g: > response.setContentType("application/octet-stream"); > > then pass to filters in your chain: > chain.doFilter(request, respon

Re: S2 custom authentication: remembering original request

El Martes, 16 de julio de 2013 09:59:27 Antonios Gkogkakis escribió: > You don't have to store text, you can store Object or even the File itself. > it depend on where/when you extract the params from the original request In the interceptor. But the interceptor is not responsible of u

RE: S2 custom authentication: remembering original request

e new action (appending the old parameters) when constrcuting a response with an specific mime-type remember the ContentType must be set in the response e.g: response.setContentType("application/octet-stream"); then pass to filters in your chain: chain.doFilter(request, response);

Re: S2 custom authentication: remembering original request

You don't have to store text, you can store Object or even the File itself. it depend on where/when you extract the params from the original request Antonios On 16 July 2013 09:51, Antonio Sánchez wrote: > El Martes, 16 de julio de 2013 09:16:12 Antonios Gkogkakis escribió: > &

Re: S2 custom authentication: remembering original request

The potential problem I see is that I am only saving in session text parameters. I don't know how binary data is transported in the request. I headers are involved then they need to be saved too. > > >>One more question: What should I do in case the original request is a &g

Re: S2 custom authentication: remembering original request

Hi Antonio, I don't see anything different with the multipart requests, are you experiencing issues? >>One more question: What should I do in case the original request is a multipart request? For instance: select picture -> click upload -> >>authentication -> upload ac

Re: S2 custom authentication: remembering original request

ember the original request if Login.jsp result breaks the chain and, at the end of the day, I have to code for remembering the original parameters (in the interceptor). I'm using redirectAction. One more question: What should I do in case the original request is a multipart request? For i

Re: S2 custom authentication: remembering original request

Hi Antonio, You can't modify the parameter map from the Servlet request, but you can pass the extra params from your first request to your action by putting them in the struts parameters map by calling invocation. getInvocationContext().getParameters().#put. So to recap, you have

Re: S2 custom authentication: remembering original request

remember the original request parameters? When the flow is forwarded to Login.jsp the original request is lost. I can save the parameters map in session but when the time comes for the originally requested action (dynamic result) I don't know how to pass the original request parameters. I

Re: S2 custom authentication: remembering original request

If I use "redirections" I will lose the original request(parameters, uploading binary data ...). But I am unable to make it work using forwards (chaining actions). I give up. I can't do his with S2. I guess this use case requires some external approach: servlet filter (as D

  1   2   3   4   5   6   7   8   9   10   >