You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Lukasz Lenart <lu...@apache.org> on 2013/10/17 22:25:52 UTC
[ANN] Struts 2.3.15.3 GA release available - security fix
The Apache Struts group is pleased to announce that Struts 2.3.15.3 is
available as a "General Availability" release.The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.
This release includes important security fixes:
- S2-018 - Broken Access Control Vulnerability in Apache Struts2
- solved problem with action: prefix broken in 2.3.15.2
All developers are strongly advised to update existing Struts 2
applications to Struts 2.3.15.3
Struts 2.3.15.3 is available in a full distribution, or as separate
library, source, example and documentation distributions, from the
releases page.
* http://struts.apache.org/download.cgi#struts23153
The release is also available from the central Maven repository under
Group ID "org.apache.struts".
The 2.3.x series of the Apache Struts framework has a minimum
requirement of the following specification versions:
* Java Servlet 2.4 and JavaServer Pages (JSP) 2.0
* Java 2 Standard Platform Edition (J2SE) 5
The release notes are available online at:
* http://struts.apache.org/release/2.3.x/docs/version-notes-23153.html
Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list, and, if
appropriate, file a tracking ticket.appropriate, file a tracking
ticket:
* https://issues.apache.org/jira/browse/WW
- The Apache Struts group.
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [ANN] Struts 2.3.15.3 GA release available - security fix
Posted by Alireza Fattahi <af...@yahoo.com>.
I am creating a new tag in jsp, named `RequiredLabel` , but I can not pass tag attribute to struts label ( The css are based on YAML)
The tag will be used as:
<myTag:RequiredLabel name="amount"/>
The label should be get from struts as it must be localized.
<%@tag description="Renders a label with required css and error label" pageEncoding="UTF-8"%>
<%@attribute name="name" required="true" %>
<%@taglib prefix="s" uri="/struts-tags"%>
<!--Here ${name} works fine -->
<p class="ym-message" id="${name}Error" />
<!-- Here I can not pass the name to s:label tag -->
<s:label key="form.label.%{name}" cssClass="ym-required" />
I tried `#attr.name` and `#param.name` but none of them worked!
Do you know any solution ?!
~Regards,
~~Alireza Fattahi
Re: Action failed for Struts 2.3.15.3 GA release
Posted by Lukasz Lenart <lu...@apache.org>.
2013/10/18 Emi Lu <em...@encs.concordia.ca>:
> (2) Failed version(struts2.3.15.3 + tiles3.0.1)
> struts.xml
> ============
> <constant name="struts.enable.DynamicMethodInvocation" value="true"/>
> <constant name="struts.mapper.action.prefix.enabled" value="true"/>
>
> web.xml
> =======
> <listener-class>org.apache.tiles.extras.complete.CompleteAutoloadTilesListener</listener-class>
>
>
> struts-login.xml
> ==================
> <package name="Login" namespace="/Login" extends="tiles-default">
> <result-types>
> <result-type name="tiles"
> class="org.apache.struts2.views.tiles.TilesResult" />
> </result-types>
>
>
> <action name="*ProcessLoginAction" method="{1}"
> class="ProcessLoginAction">
> <result name="success" type="tiles">login_main_page</result>
> <result name="error" type="tiles">login_main_page</result>
>
> <result name="main_menu" type="redirectAction">
> <param name="actionName">ProcessMenuAction</param>
> <param name="namespace">/Menu</param>
> </result>
>
> <result name="ajax_check">
> /WEB-INF/pages/errorinfo/ajax_error_check.jsp
> </result>
> </action>
> ......
And have you used Tiles 3 jars? Maybe try to use some dependency
management tool - Maven?
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Action failed for Struts 2.3.15.3 GA release
Posted by Emi Lu <em...@encs.concordia.ca>.
On 10/18/2013 12:28 PM, Lukasz Lenart wrote:
> 2013/10/18 Emi Lu <em...@encs.concordia.ca>:
>> Good morning,
>>
>>
>> Tried the new version15.3, but failed:
>>
>> login() method is not called at all.
>>
>> (1) login.jsp
>> ================
>> <s:submit value="Login"
>> theme="simple"
>> action="loginProcessLoginAction" />
>
> Struts 2.3.15.3 disables support for action: prefix by default [1], to
> enable it you must set struts.mapper.action.prefix.enabled to true.
> Instead action: you can use method: prefix (but you must enable
> struts.enable.DynamicMethodInvocation to true [2])
>
> [1] http://struts.apache.org/release/2.3.x/docs/s2-018.html
> [2] http://struts.apache.org/release/2.3.x/docs/s2-019.html
Thank you very much for your help! Here are what I tried:
(1) Success version (struts2.3.15.3 + tiles2.2.2 )
struts.xml
============
<constant name="struts.enable.DynamicMethodInvocation" value="true"/>
<constant name="struts.mapper.action.prefix.enabled" value="true"/>
web.xml
=======
<listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class>
(2) Failed version(struts2.3.15.3 + tiles3.0.1)
struts.xml
============
<constant name="struts.enable.DynamicMethodInvocation" value="true"/>
<constant name="struts.mapper.action.prefix.enabled" value="true"/>
web.xml
=======
<listener-class>org.apache.tiles.extras.complete.CompleteAutoloadTilesListener</listener-class>
struts-login.xml
==================
<package name="Login" namespace="/Login" extends="tiles-default">
<result-types>
<result-type name="tiles"
class="org.apache.struts2.views.tiles.TilesResult" />
</result-types>
<action name="*ProcessLoginAction" method="{1}"
class="ProcessLoginAction">
<result name="success" type="tiles">login_main_page</result>
<result name="error" type="tiles">login_main_page</result>
<result name="main_menu" type="redirectAction">
<param name="actionName">ProcessMenuAction</param>
<param name="namespace">/Menu</param>
</result>
<result name="ajax_check">
/WEB-INF/pages/errorinfo/ajax_error_check.jsp
</result>
</action>
......
>> Got the following exception:
>> ====================================
>> java.lang.NoSuchMethodError: org.apache.tiles.access.**
>> TilesAccess.getContainer(**Ljava/lang/Object;)Lorg/**
>> apache/tiles/TilesContainer;
>> at org.apache.struts2.views.**tiles.TilesResult.doExecute(**
>> TilesResult.java:100)
>> at
org.apache.struts2.dispatcher.**StrutsResultSupport.execute(**
>> StrutsResultSupport.java:186)
>> at com.opensymphony.xwork2.**DefaultActionInvocation.**
>> executeResult(**DefaultActionInvocation.java:**371)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**275)
>> at org.apache.struts2.**interceptor.debugging.**
>> DebuggingInterceptor.**intercept(**DebuggingInterceptor.java:256)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at com.opensymphony.xwork2.**interceptor.**
>> DefaultWorkflowInterceptor.**doIntercept(**DefaultWorkflowInterceptor.**
>> java:167)
>> at com.opensymphony.xwork2.**interceptor.**
>> MethodFilterInterceptor.**intercept(**MethodFilterInterceptor.java:**98)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at
com.opensymphony.xwork2.**validator.**ValidationInterceptor.**
>> doIntercept(**ValidationInterceptor.java:**265)
>> at org.apache.struts2.**interceptor.validation.**
>> AnnotationValidationIntercepto**r.doIntercept(**
>> AnnotationValidationIntercepto**r.java:68)
>> at com.opensymphony.xwork2.**interceptor.**
>> MethodFilterInterceptor.**intercept(**MethodFilterInterceptor.java:**98)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at com.opensymphony.xwork2.**interceptor.**
>> ConversionErrorInterceptor.**intercept(**ConversionErrorInterceptor.**
>> java:138)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at
com.opensymphony.xwork2.**interceptor.**ParametersInterceptor.*
>> *doIntercept(**ParametersInterceptor.java:**239)
>> at com.opensymphony.xwork2.**interceptor.**
>> MethodFilterInterceptor.**intercept(**MethodFilterInterceptor.java:**98)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at
com.opensymphony.xwork2.**interceptor.**ParametersInterceptor.*
>> *doIntercept(**ParametersInterceptor.java:**239)
>> at com.opensymphony.xwork2.**interceptor.**
>> MethodFilterInterceptor.**intercept(**MethodFilterInterceptor.java:**98)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at com.opensymphony.xwork2.**interceptor.**
>> StaticParametersInterceptor.**intercept(**StaticParametersInterceptor.**
>> java:191)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at org.apache.struts2.**interceptor.**MultiselectInterceptor.**
>> intercept(**MultiselectInterceptor.java:**73)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at org.apache.struts2.**interceptor.**
>> CheckboxInterceptor.intercept(**CheckboxInterceptor.java:91)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at org.apache.struts2.**interceptor.**FileUploadInterceptor.**
>> intercept(**FileUploadInterceptor.java:**252)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at
com.opensymphony.xwork2.**interceptor.**ModelDrivenInterceptor.
>> **intercept(**ModelDrivenInterceptor.java:**100)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at com.opensymphony.xwork2.**interceptor.**
>>
ScopedModelDrivenInterceptor.**intercept(**ScopedModelDrivenInterceptor.**
>> java:141)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at com.opensymphony.xwork2.**interceptor.**
>> ChainingInterceptor.intercept(**ChainingInterceptor.java:145)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at
com.opensymphony.xwork2.**interceptor.**PrepareInterceptor.**
>> doIntercept(**PrepareInterceptor.java:171)
>> at com.opensymphony.xwork2.**interceptor.**
>> MethodFilterInterceptor.**intercept(**MethodFilterInterceptor.java:**98)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at com.opensymphony.xwork2.**interceptor.I18nInterceptor.**
>> intercept(I18nInterceptor.**java:161)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at
org.apache.struts2.**interceptor.**ServletConfigInterceptor.**
>> intercept(**ServletConfigInterceptor.java:**164)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at com.opensymphony.xwork2.**interceptor.AliasInterceptor.**
>> intercept(AliasInterceptor.**java:193)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at com.opensymphony.xwork2.**interceptor.**
>> ExceptionMappingInterceptor.**intercept(**ExceptionMappingInterceptor.**
>> java:189)
>> at
com.opensymphony.xwork2.**DefaultActionInvocation.**invoke(**
>> DefaultActionInvocation.java:**246)
>> at org.apache.struts2.impl.**StrutsActionProxy.execute(**
>> StrutsActionProxy.java:54)
>> at org.apache.struts2.dispatcher.**Dispatcher.serviceAction(**
>> Dispatcher.java:563)
>> at org.apache.struts2.dispatcher.**ng.ExecuteOperations.**
>> executeAction(**ExecuteOperations.java:77)
>> at org.apache.struts2.dispatcher.**ng.filter.**
>>
StrutsPrepareAndExecuteFilter.**doFilter(**StrutsPrepareAndExecuteFilter.*
>> *java:99)
>> at org.apache.catalina.core.**ApplicationFilterChain.**
>> internalDoFilter(**ApplicationFilterChain.java:**235)
>> at
org.apache.catalina.core.**ApplicationFilterChain.**doFilter(**
>> ApplicationFilterChain.java:**206)
>> at org.displaytag.filter.**ResponseOverrideFilter.**doFilter(**
>> ResponseOverrideFilter.java:**125)
>> at org.apache.catalina.core.**ApplicationFilterChain.**
>> internalDoFilter(**ApplicationFilterChain.java:**235)
>> at
org.apache.catalina.core.**ApplicationFilterChain.**doFilter(**
>> ApplicationFilterChain.java:**206)
>> at org.displaytag.filter.**ResponseOverrideFilter.**doFilter(**
>> ResponseOverrideFilter.java:**125)
>> at org.apache.catalina.core.**ApplicationFilterChain.**
>> internalDoFilter(**ApplicationFilterChain.java:**235)
>> at
org.apache.catalina.core.**ApplicationFilterChain.**doFilter(**
>> ApplicationFilterChain.java:**206)
>> at org.apache.catalina.core.**StandardWrapperValve.invoke(**
>> StandardWrapperValve.java:233)
>> at org.apache.catalina.core.**StandardContextValve.invoke(**
>> StandardContextValve.java:191)
>> at org.apache.catalina.core.**StandardHostValve.invoke(**
>> StandardHostValve.java:127)
>> at org.apache.catalina.valves.**ErrorReportValve.invoke(**
>> ErrorReportValve.java:103)
>> at org.apache.catalina.core.**StandardEngineValve.invoke(**
>> StandardEngineValve.java:109)
>> at org.apache.catalina.connector.**CoyoteAdapter.service(**
>> CoyoteAdapter.java:293)
>> at org.apache.coyote.http11.**Http11Processor.process(**
>> Http11Processor.java:861)
>> at org.apache.coyote.http11.**Http11Protocol$**
>> Http11ConnectionHandler.**process(Http11Protocol.java:**606)
>> at org.apache.tomcat.util.net.**JIoEndpoint$Worker.run(**
>> JIoEndpoint.java:489)
>> at java.lang.Thread.run(Thread.**java:662)
>>
>> Could someone tell which jar missing please?
>>
>> Struts2.3.15.3 + tiles3.01.
Posted to tiles list as well.
The above exception shows when I did not load tiles*2.0.6.jars. If I
load them, another exception will be shown.
Any help about how to fix the exception?
Thanks a lot!
Emi
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Action failed for Struts 2.3.15.3 GA release
Posted by Emi Lu <em...@encs.concordia.ca>.
On 10/21/2013 07:03 PM, Greg Lindholm wrote:
> If you use struts.mapper.action.prefix.enabled to enable action: prefix
> support are you opening up a security whole?
> What is the liability?
No comments from users. Could consider no security issues, I guess?
> On Fri, Oct 18, 2013 at 12:28 PM, Lukasz Lenart <lu...@apache.org>wrote:
>
>> 2013/10/18 Emi Lu <em...@encs.concordia.ca>:
>>> Good morning,
>>>
>>>
>>> Tried the new version15.3, but failed:
>>>
>>> login() method is not called at all.
>>>
>>> (1) login.jsp
>>> ================
>>> <s:submit value="Login"
>>> theme="simple"
>>> action="loginProcessLoginAction" />
>>
>> Struts 2.3.15.3 disables support for action: prefix by default [1], to
>> enable it you must set struts.mapper.action.prefix.enabled to true.
>> Instead action: you can use method: prefix (but you must enable
>> struts.enable.DynamicMethodInvocation to true [2])
>>
>> [1] http://struts.apache.org/release/2.3.x/docs/s2-018.html
>> [2] http://struts.apache.org/release/2.3.x/docs/s2-019.html
>>
>>
>> Regards
>> --
>> Łukasz
>> + 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Action failed for Struts 2.3.15.3 GA release
Posted by Greg Lindholm <gr...@gmail.com>.
If you use struts.mapper.action.prefix.enabled to enable action: prefix
support are you opening up a security whole?
What is the liability?
On Fri, Oct 18, 2013 at 12:28 PM, Lukasz Lenart <lu...@apache.org>wrote:
> 2013/10/18 Emi Lu <em...@encs.concordia.ca>:
> > Good morning,
> >
> >
> > Tried the new version15.3, but failed:
> >
> > login() method is not called at all.
> >
> > (1) login.jsp
> > ================
> > <s:submit value="Login"
> > theme="simple"
> > action="loginProcessLoginAction" />
>
> Struts 2.3.15.3 disables support for action: prefix by default [1], to
> enable it you must set struts.mapper.action.prefix.enabled to true.
> Instead action: you can use method: prefix (but you must enable
> struts.enable.DynamicMethodInvocation to true [2])
>
> [1] http://struts.apache.org/release/2.3.x/docs/s2-018.html
> [2] http://struts.apache.org/release/2.3.x/docs/s2-019.html
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
Re: Action failed for Struts 2.3.15.3 GA release
Posted by Lukasz Lenart <lu...@apache.org>.
2013/10/18 Emi Lu <em...@encs.concordia.ca>:
> Good morning,
>
>
> Tried the new version15.3, but failed:
>
> login() method is not called at all.
>
> (1) login.jsp
> ================
> <s:submit value="Login"
> theme="simple"
> action="loginProcessLoginAction" />
Struts 2.3.15.3 disables support for action: prefix by default [1], to
enable it you must set struts.mapper.action.prefix.enabled to true.
Instead action: you can use method: prefix (but you must enable
struts.enable.DynamicMethodInvocation to true [2])
[1] http://struts.apache.org/release/2.3.x/docs/s2-018.html
[2] http://struts.apache.org/release/2.3.x/docs/s2-019.html
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Action failed for Struts 2.3.15.3 GA release
Posted by Lukasz Lenart <lu...@apache.org>.
2013/10/18 Emi Lu <em...@encs.concordia.ca>:
> One more comment:
> =====================
> Tiles 3.0.1 is used in the new struts package, but it will cause
> "java.lang.NoClassDefFoundError: org/apache/tiles/web/startup/TilesListener"
> exception.
>
> So, I could only use 2.2.2.2.
Have you read the docs? You can choose either the Tiles 2 Plugin [1]
or the Tiles 3 plugin [2]- each requires different configuration and
you cannot mix them in one app.
[1] http://struts.apache.org/release/2.3.x/docs/tiles-2-plugin.html
[1] http://struts.apache.org/release/2.3.x/docs/tiles-3-plugin.html
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Action failed for Struts 2.3.15.3 GA release
Posted by Emi Lu <em...@encs.concordia.ca>.
One more comment:
=====================
Tiles 3.0.1 is used in the new struts package, but it will cause
"java.lang.NoClassDefFoundError:
org/apache/tiles/web/startup/TilesListener" exception.
So, I could only use 2.2.2.2.
login() method is not called in the action class - this is the problem.
Any help?
> Good morning,
>
>
> Tried the new version15.3, but failed:
>
> login() method is not called at all.
>
> (1) login.jsp
> ================
> <s:submit value="Login"
> theme="simple"
> action="loginProcessLoginAction" />
>
>
> (2) ProcessLoginAction.java
> ============================
> public class ProcessLoginAction extends ActionSupport
> {
> private static final long serialVersionUID = -2334484448186776413L;
>
> public String login() throws Exception
> {
> ......
> return SUCCESS;
> }
> }
>
>
> (3) web.xml
> ==============
> <filter>
> <filter-name>ResponseOverrideFilter</filter-name>
>
> <filter-class>org.displaytag.filter.ResponseOverrideFilter</filter-class>
> </filter>
>
> <filter-mapping>
> <filter-name>ResponseOverrideFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> <filter-mapping>
> <filter-name>ResponseOverrideFilter</filter-name>
> <url-pattern>*.action</url-pattern>
> </filter-mapping>
>
> <filter-mapping>
> <filter-name>ResponseOverrideFilter</filter-name>
> <url-pattern>*.jsp</url-pattern>
> </filter-mapping>
>
> <filter>
> <filter-name>struts2</filter-name>
>
> <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
>
> <init-param>
> <param-name>actionPackages</param-name>
> <param-value>action</param-value>
> </init-param>
> </filter>
>
>
>
> <filter-mapping>
> <filter-name>AuthenticatedFilter</filter-name>
> <url-pattern>/Action/*</url-pattern>
> </filter-mapping>
>
>
> <filter-mapping>
> <filter-name>struts2</filter-name>
> <url-pattern>/*</url-pattern>
> <dispatcher>REQUEST</dispatcher>
> <dispatcher>INCLUDE</dispatcher>
> </filter-mapping>
>
> ...
> <listener>
>
> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
>
> </listener>
>
> <listener>
>
> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
>
> </listener>
> ...
>
> <listener>
> <listener-class>
> org.apache.struts2.tiles.StrutsTilesListener
> </listener-class>
> </listener>
>
> (4) libs used shown in the attached libs.txt file
> ===========================
>
>
> (5) struts.xml
> ===============
> <package name="Login" namespace="/Login" extends="tiles-default">
> <result-types>
> <result-type name="tiles"
> class="org.apache.struts2.views.tiles.TilesResult" />
> </result-types>
>
> <action name="*ProcessLoginAction" method="{1}"
> class="ProcessLoginAction">
> <result name="success" type="tiles">login_main_page</result>
> ......
> </action>
> .....
>
>
> Can someone help why login() method is not called ?
>
> Thanks a lot!
> Emi
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Action failed for Struts 2.3.15.3 GA release
Posted by Emi Lu <em...@encs.concordia.ca>.
Good morning,
Tried the new version15.3, but failed:
login() method is not called at all.
(1) login.jsp
================
<s:submit value="Login"
theme="simple"
action="loginProcessLoginAction" />
(2) ProcessLoginAction.java
============================
public class ProcessLoginAction extends ActionSupport
{
private static final long serialVersionUID = -2334484448186776413L;
public String login() throws Exception
{
......
return SUCCESS;
}
}
(3) web.xml
==============
<filter>
<filter-name>ResponseOverrideFilter</filter-name>
<filter-class>org.displaytag.filter.ResponseOverrideFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ResponseOverrideFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ResponseOverrideFilter</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ResponseOverrideFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
<init-param>
<param-name>actionPackages</param-name>
<param-value>action</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>AuthenticatedFilter</filter-name>
<url-pattern>/Action/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
...
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
...
<listener>
<listener-class>
org.apache.struts2.tiles.StrutsTilesListener
</listener-class>
</listener>
(4) libs used shown in the attached libs.txt file
===========================
(5) struts.xml
===============
<package name="Login" namespace="/Login" extends="tiles-default">
<result-types>
<result-type name="tiles"
class="org.apache.struts2.views.tiles.TilesResult" />
</result-types>
<action name="*ProcessLoginAction" method="{1}"
class="ProcessLoginAction">
<result name="success" type="tiles">login_main_page</result>
......
</action>
.....
Can someone help why login() method is not called ?
Thanks a lot!
Emi
Re: [ANN] Struts 2.3.15.3 GA release available - security fix
Posted by Lukasz Lenart <lu...@apache.org>.
2013/10/19 Christian Grobmeier <gr...@gmail.com>:
> Great idea from Dave. I am putting a beer-coin into this too.
>
> But I believe a beer alone is not enough for what Lukasz does for us :-)
> Unfortunately I don't know what he likes besides computer programming!
A lot of other things but I prefer to keep them in secret (mean not
Internet wide ;-)
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: [ANN] Struts 2.3.15.3 GA release available - security fix
Posted by Christian Grobmeier <gr...@gmail.com>.
Great idea from Dave. I am putting a beer-coin into this too.
But I believe a beer alone is not enough for what Lukasz does for us :-)
Unfortunately I don't know what he likes besides computer programming!
On 19 Oct 2013, at 18:52, Rene Gielen wrote:
> I'll step up first - I'll buy you a beer in Antwerp, given you will be
> attending Devoxx ;)
>
> Am 19.10.13 17:33, schrieb Lukasz Lenart:
>> 2013/10/19 Dave Newton <da...@gmail.com>:
>>> Definitely.
>>>
>>> We should do something nice for him. Ideas?
>>
>> Wat? ;-)
>>
>>
>> Regards
>>
>
>
> --
> René Gielen
> http://twitter.com/rgielen
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
---
http://www.grobmeier.de
@grobmeier
GPG: 0xA5CC90DB
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: [ANN] Struts 2.3.15.3 GA release available - security fix
Posted by Lukasz Lenart <lu...@apache.org>.
Not this time, maybe next year ;-)
2013/10/19 Rene Gielen <re...@gmail.com>:
> I'll step up first - I'll buy you a beer in Antwerp, given you will be
> attending Devoxx ;)
>
> Am 19.10.13 17:33, schrieb Lukasz Lenart:
>> 2013/10/19 Dave Newton <da...@gmail.com>:
>>> Definitely.
>>>
>>> We should do something nice for him. Ideas?
>>
>> Wat? ;-)
>>
>>
>> Regards
>>
>
>
> --
> René Gielen
> http://twitter.com/rgielen
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: [ANN] Struts 2.3.15.3 GA release available - security fix
Posted by Rene Gielen <re...@gmail.com>.
I'll step up first - I'll buy you a beer in Antwerp, given you will be
attending Devoxx ;)
Am 19.10.13 17:33, schrieb Lukasz Lenart:
> 2013/10/19 Dave Newton <da...@gmail.com>:
>> Definitely.
>>
>> We should do something nice for him. Ideas?
>
> Wat? ;-)
>
>
> Regards
>
--
René Gielen
http://twitter.com/rgielen
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: [ANN] Struts 2.3.15.3 GA release available - security fix
Posted by Lukasz Lenart <lu...@apache.org>.
2013/10/19 Dave Newton <da...@gmail.com>:
> Definitely.
>
> We should do something nice for him. Ideas?
Wat? ;-)
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: [ANN] Struts 2.3.15.3 GA release available - security fix
Posted by Dave Newton <da...@gmail.com>.
Definitely.
We should do something nice for him. Ideas?
On Oct 17, 2013 5:48 PM, "Christian Grobmeier" <gr...@gmail.com> wrote:
> On 17 Oct 2013, at 22:52, Rene Gielen wrote:
>
> Great job, Lukasz!
>>
>
> big +1.
>
> Recently I was telling somebody that without you Struts would have a big,
> big problem.
> Thanks for keeping up the project!
>
>
>>
>>
>> Lukasz Lenart <lu...@apache.org> schrieb:
>>
>>> The Apache Struts group is pleased to announce that Struts 2.3.15.3 is
>>> available as a "General Availability" release.The GA designation is
>>> our highest quality grade.
>>>
>>> Apache Struts 2 is an elegant, extensible framework for creating
>>> enterprise-ready Java web applications. The framework is designed to
>>> streamline the full development cycle, from building, to deploying, to
>>> maintaining applications over time.
>>>
>>> This release includes important security fixes:
>>> - S2-018 - Broken Access Control Vulnerability in Apache Struts2
>>> - solved problem with action: prefix broken in 2.3.15.2
>>>
>>> All developers are strongly advised to update existing Struts 2
>>> applications to Struts 2.3.15.3
>>>
>>> Struts 2.3.15.3 is available in a full distribution, or as separate
>>> library, source, example and documentation distributions, from the
>>> releases page.
>>> * http://struts.apache.org/**download.cgi#struts23153<http://struts.apache.org/download.cgi#struts23153>
>>>
>>> The release is also available from the central Maven repository under
>>> Group ID "org.apache.struts".
>>>
>>> The 2.3.x series of the Apache Struts framework has a minimum
>>> requirement of the following specification versions:
>>> * Java Servlet 2.4 and JavaServer Pages (JSP) 2.0
>>> * Java 2 Standard Platform Edition (J2SE) 5
>>>
>>> The release notes are available online at:
>>> * http://struts.apache.org/**release/2.3.x/docs/version-**
>>> notes-23153.html<http://struts.apache.org/release/2.3.x/docs/version-notes-23153.html>
>>>
>>> Should any issues arise with your use of any version of the Struts
>>> framework, please post your comments to the user list, and, if
>>> appropriate, file a tracking ticket.appropriate, file a tracking
>>> ticket:
>>> * https://issues.apache.org/**jira/browse/WW<https://issues.apache.org/jira/browse/WW>
>>>
>>>
>>> - The Apache Struts group.
>>>
>>>
>>> Regards
>>> --
>>> Łukasz
>>> + 48 606 323 122 http://www.lenart.org.pl/
>>>
>>> ------------------------------**------------------------------**
>>> ---------
>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.**org<de...@struts.apache.org>
>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>
>>
>> --
>> Sent from my mobile phone
>>
>
>
> ---
> http://www.grobmeier.de
> @grobmeier
> GPG: 0xA5CC90DB
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.**org<de...@struts.apache.org>
> For additional commands, e-mail: dev-help@struts.apache.org
>
>
Re: [ANN] Struts 2.3.15.3 GA release available - security fix
Posted by Christian Grobmeier <gr...@gmail.com>.
On 17 Oct 2013, at 22:52, Rene Gielen wrote:
> Great job, Lukasz!
big +1.
Recently I was telling somebody that without you Struts would have a
big, big problem.
Thanks for keeping up the project!
>
>
>
> Lukasz Lenart <lu...@apache.org> schrieb:
>> The Apache Struts group is pleased to announce that Struts 2.3.15.3
>> is
>> available as a "General Availability" release.The GA designation is
>> our highest quality grade.
>>
>> Apache Struts 2 is an elegant, extensible framework for creating
>> enterprise-ready Java web applications. The framework is designed to
>> streamline the full development cycle, from building, to deploying,
>> to
>> maintaining applications over time.
>>
>> This release includes important security fixes:
>> - S2-018 - Broken Access Control Vulnerability in Apache Struts2
>> - solved problem with action: prefix broken in 2.3.15.2
>>
>> All developers are strongly advised to update existing Struts 2
>> applications to Struts 2.3.15.3
>>
>> Struts 2.3.15.3 is available in a full distribution, or as separate
>> library, source, example and documentation distributions, from the
>> releases page.
>> * http://struts.apache.org/download.cgi#struts23153
>>
>> The release is also available from the central Maven repository under
>> Group ID "org.apache.struts".
>>
>> The 2.3.x series of the Apache Struts framework has a minimum
>> requirement of the following specification versions:
>> * Java Servlet 2.4 and JavaServer Pages (JSP) 2.0
>> * Java 2 Standard Platform Edition (J2SE) 5
>>
>> The release notes are available online at:
>> *
>> http://struts.apache.org/release/2.3.x/docs/version-notes-23153.html
>>
>> Should any issues arise with your use of any version of the Struts
>> framework, please post your comments to the user list, and, if
>> appropriate, file a tracking ticket.appropriate, file a tracking
>> ticket:
>> * https://issues.apache.org/jira/browse/WW
>>
>>
>> - The Apache Struts group.
>>
>>
>> Regards
>> --
>> Łukasz
>> + 48 606 323 122 http://www.lenart.org.pl/
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>
> --
> Sent from my mobile phone
---
http://www.grobmeier.de
@grobmeier
GPG: 0xA5CC90DB
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: [ANN] Struts 2.3.15.3 GA release available - security fix
Posted by Rene Gielen <gi...@it-neering.net>.
Great job, Lukasz!
Lukasz Lenart <lu...@apache.org> schrieb:
>The Apache Struts group is pleased to announce that Struts 2.3.15.3 is
>available as a "General Availability" release.The GA designation is
>our highest quality grade.
>
>Apache Struts 2 is an elegant, extensible framework for creating
>enterprise-ready Java web applications. The framework is designed to
>streamline the full development cycle, from building, to deploying, to
>maintaining applications over time.
>
>This release includes important security fixes:
>- S2-018 - Broken Access Control Vulnerability in Apache Struts2
>- solved problem with action: prefix broken in 2.3.15.2
>
>All developers are strongly advised to update existing Struts 2
>applications to Struts 2.3.15.3
>
>Struts 2.3.15.3 is available in a full distribution, or as separate
>library, source, example and documentation distributions, from the
>releases page.
>* http://struts.apache.org/download.cgi#struts23153
>
>The release is also available from the central Maven repository under
>Group ID "org.apache.struts".
>
>The 2.3.x series of the Apache Struts framework has a minimum
>requirement of the following specification versions:
>* Java Servlet 2.4 and JavaServer Pages (JSP) 2.0
>* Java 2 Standard Platform Edition (J2SE) 5
>
>The release notes are available online at:
>* http://struts.apache.org/release/2.3.x/docs/version-notes-23153.html
>
>Should any issues arise with your use of any version of the Struts
>framework, please post your comments to the user list, and, if
>appropriate, file a tracking ticket.appropriate, file a tracking
>ticket:
>* https://issues.apache.org/jira/browse/WW
>
>
>- The Apache Struts group.
>
>
>Regards
>--
>Łukasz
>+ 48 606 323 122 http://www.lenart.org.pl/
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>For additional commands, e-mail: dev-help@struts.apache.org
--
Sent from my mobile phone