Do not give up, the game is not still over ..... (you can still do sth about it)
As an alternative, you can import the source code of xwork into ur workspace and remove xwork the jar file, run your code in debug mode, find the culprit, fix it. Then you can replace the class file in xwork jar file with the one fixed. That is what I usually do on the last resort, and it is garuanteed to work. ----- Original Message ---- From: Bobby Mitch <[EMAIL PROTECTED]> To: Struts Users Mailing List <user@struts.apache.org> Sent: Wednesday, September 10, 2008 5:01:14 PM Subject: Re: JBoss 5 RC1 and Struts 2 : Simple validation error (URI scheme is not "file") Thanks. Applying the workaround with Struts 2.0.11.1 and XWorks 2.0..4, and modifying struts.xml by adding the interceptor-ref tag does not work: 22:58:02,671 ERROR [[default]] Servlet.service() for servlet default threw exception java.lang.IllegalArgumentException: URI scheme is not "file" at java.io.File.<init>(Unknown Source) at com..opensymphony.xwork2.validator.ValidatorFactory.parseValidators(ValidatorFactory.java:314) at com.opensymphony.xwork2.validator.ValidatorFactory.<clinit>(ValidatorFactory.java:224) at com.opensymphony.xwork2.validator.AnnotationValidationConfigurationBuilder.processRequiredFieldValidatorAnnotation(AnnotationValidationConfigurationBuilder.java:575) at com.opensymphony.xwork2.validator.AnnotationValidationConfigurationBuilder.processAnnotations(AnnotationValidationConfigurationBuilder..java:149) at com.opensymphony.xwork2.validator.AnnotationValidationConfigurationBuilder.buildAnnotationClassValidatorConfigs(AnnotationValidationConfigurationBuilder.java:783) at com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.buildClassValidatorConfigs(AnnotationActionValidatorManager.java:254) at com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.buildValidatorConfigs(AnnotationActionValidatorManager.java:340) at com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.getValidators(AnnotationActionValidatorManager.java:69) at com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.validate(AnnotationActionValidatorManager.java:138) at com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.validate(AnnotationActionValidatorManager.java:113) at com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.validate(AnnotationActionValidatorManager.java:100) at com.opensymphony.xwork2.validator.ValidationInterceptor.doBeforeInvocation(ValidationInterceptor.java:142) at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:148) at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:48) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:86) at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224) at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:223) at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221) I guess it is game over until a new working release comes out .... --- On Wed, 9/10/08, Struts Two <[EMAIL PROTECTED]> wrote: From: Struts Two <[EMAIL PROTECTED]> Subject: Re: JBoss 5 RC1 and Struts 2 : Simple validation error (URI scheme is not "file") To: "Struts Users Mailing List" <user@struts.apache.org> Date: Wednesday, September 10, 2008, 9:09 AM I believe the issue should be fixed on 2.1.2 (for Websphere at least), but it still remains an issue for Struts 2.0.11.2 (for Websphere users). See the email below: ----- Original Message ---- From: Rene Gielen <[EMAIL PROTECTED]> To: Struts Users Mailing List <user@struts.apache.org> Sent: Wednesday, July 16, 2008 2:40:38 AM Subject: [ANN] Struts 2.0.11.2 General Availability Release with Important Security Fix Apache Struts 2.0..11.2 is now available from <http://struts.apache.org/download.cgi#struts20112>. This release is a fast track security fix release, including a security fixed version 2.0.5 of XWork, which corrects a serious vulnerability in ParametersInterceptor allowing malicious users to remotely change server side context objects. For more information about the exploit, visit our security bulletins page at <http://struts.apache.org/2.0.11.2/docs/s2-003.html>. IMPORTANT ADDITIONAL NOTES: There are two known issues with this release: 1. the integrated XWork 2.0.5 jar may cause problems when used in a combination of WebSphere 6.1 runtime environments with validation configuration via XML files. Possible Workarounds: - use annotation based validation definition instead XML based - stay with Struts 2.0..11.1 including XWork 2.0.4, applying the following exclude rule to your parameter interceptor refs in struts.xml <interceptor-ref name="params"> <param name="excludeParams">.*[[^\\p{Graph}][\\\\#:=]].*</param> </interceptor-ref> 2. the filtering mechanism implemeted in XWork's ParametersInterceptor to fix the described security issue does not completely avoid any possible malicious parameter name. Possible Workaround: - apply the following exclude rule to your parameter interceptor refs in struts.xml to avoid the usage of backslash characters in parameter names <interceptor-ref name="params"> <param name="excludeParams">.*\\.*</param> </interceptor-ref> Both issues will be addressed in a soon upcoming XWork 2..0.6 release, followed by a new Struts 2.0 GA release including this new XWork version. * All developers are advised to either update Struts 2 applications to Struts 2.0.11.2 or manually exchange usages of xwork-2.0.x.jar with the fixed xwork-2.0.5.jar to prevent remotety induced context manipulations. For the complete release notes for Struts 2.0.11.2, see <http://struts.apache.org/2.0.11.2/docs/release-notes-20112.html>. - The Apache Struts Team. __________________________________________________________________ Connect with friends from any web browser - no download required. Try the new Yahoo! Canada Messenger for the Web BETA at http://ca.messenger.yahoo.com/webmessengerpromo.php --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __________________________________________________________________ Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites. Download it now at http://ca.toolbar.yahoo.com.. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
