Hi everyone, I have just upgraded a web application from Struts 2.3.15.1 to Struts 2.3.15.2 (running on Tomcat 7.0.27). Now, for any button using the "action:" prefix as described in S2-018, the action mapping does not working anymore. I.e., Backward Compatibility for the "action:" prefix is not given, at least not in my use case.
Example: Clicking the following button... > <button type="submit" name="action:createsubmit" > id="..." value="..." class="...">Create</button> ...yields this 404 report: > HTTP Status 404 - /my-server/user/createsubmit.action > > type: Status report > > message: /my-server/user/createsubmit.action > > description: The requested resource (/my-server/user/createsubmit.action) is > not available. > > Apache Tomcat/7.0.27 while with Struts 2.3.15.1 this was working okay. (I'm attaching the struts.xml section for reference, although it's obvious that that must be okay since it hasn't unchanged for the update.) Is there a way to fix this other than to write a custom ActionMapper as proposed in the Security Bulletin for S2-018 (see link below)? Any advice muchly appreciated, since I would like to get the securtiy threat out of the way. Markus http://struts.apache.org/release/2.3.x/docs/s2-018.html struts.xml: <package name="usermanagement" extends="my-server" namespace="/user" strict-method-invocation="true"> <action name="createsubmit" method="createsubmit" class="de.knipp.telnic.nsp.web.action.user.UserAction"> <result name="success" type="freemarker"> /user/create_success.ftl </result> <result name="error" type="freemarker"> /user/create.ftl </result> <result name="input" type="freemarker"> /user/create.ftl </result> <result name="noaccess" type="freemarker"> /user/error.ftl </result> </action> </package> <!-- end of package usermanagement --> --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
