You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Konstantinos (JIRA)" <ji...@apache.org> on 2018/09/04 14:08:04 UTC

[jira] [Created] (WW-4957) Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used intead.

Konstantinos created WW-4957:
--------------------------------

             Summary: Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used intead.
                 Key: WW-4957
                 URL: https://issues.apache.org/jira/browse/WW-4957
             Project: Struts 2
          Issue Type: Bug
          Components: Core
    Affects Versions: 2.5.17
            Reporter: Konstantinos
             Fix For: 2.5.10.1


I have an application that uses struts version 2.5.10.1. i want to update it to version 2.5.17 after the announcement of the Apache Software Foundation that Struts 2.5 to 2.5.16 versions are vulnerable to remote attackers. In my current version i use a struts-core library class called LocalizedTextUtil to load messages from the global message bundle. My code below:
{code:java}
private void initialiseMessageBundle() throws InitializationError{
    LOG.info("Loading global messages from " + DEFAULT_RESOURCE);
    URL[] urls;
    try {
        String resourceFolder = PropertiesManager.get(Constants.PROP_RESOURCES_FOLDER);
        File file = new File(resourceFolder);
        if (!file.exists() || !file.isDirectory()){
            LOG.error("file not found: path(" + Constants.PROP_RESOURCES_FOLDER + ") = " + resourceFolder);
            throw new InitializationError("External resource not found file not found");
        } else {
            LOG.debug("resources file: " + file.toURI().toURL());
        }
        URL url = file.toURI().toURL();
        urls = new URL[]{url};
        ClassLoader cl = new URLClassLoader(urls);
        LocalizedTextUtil.setDelegatedClassLoader(cl);
        LocalizedTextUtil.addDefaultResourceBundle(DEFAULT_RESOURCE);
    } catch (MalformedURLException e) {
        throw new InitializationError("MalformedURLException occured during the messageBundle initialisation", e);
    }
    LOG.info("Global messages loaded.");
}
{code}
 

After updating the struts version to 2.5.17 the *LocalizedTextUtil* class is removed. Although i create a new instance of class *GlobalLocalizedTextProvider* and *StrutsLocalizedTextProvider* and used the same methods (*setDelegatedClassLoader*,*addDefaultResourceBundle*) my messages are not been loaded. Also i create a bean of these classes on struts.xml and tried to inject it but again without success. Do you have any thought how can i replace the LocalizedTextUtil in my code above?

Thank you.

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)