Hi,
you have no result named success for your user action defined in
struts.xml, but you return success in your execute method.
also check the case sensitivity of login.jsp and Login.jsp defined
as result.
Markus
Markus
Am 03.07.2012 20:31, schrieb Avinash:
login.jsp
%@ page
An interesting article that I found:
http://websec.wordpress.com/2012/01/04/multiple-vulnerabilities-in-apache-struts2-and-property-oriented-programming-with-java/
In struts2 it is pretty easy to set attribute values of any bean field when
a form is posted, even if the field is not in the form.
By removing setter for it ?
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
2012/7/4 J. Garcia jogaco...@gmail.com:
An interesting article that I found:
Lukas: that's not always viable though. You might need a setter for your
model object elsewhere, but don't want that action to set that property.
On Wed, 2012-07-04 at 14:57 +0200, Lukasz Lenart wrote:
By removing setter for it ?
Regards
You can always implement ParameterNameAware interface and boolean
acceptableParameterName(String parameterName);
Regards
--
Łukasz
mobile +48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/
Then whitelist/blacklist.
Or don't expose sensitive data directly to the user.
Dave
(pardon brevity, typos, and top-quoting; on cell)
On Jul 4, 2012 8:49 AM, J. Garcia jogaco...@gmail.com wrote:
My action would have:
public void setMyBean( MyBean myBean) {...}
and I would like to avoid an
Hi,
Can we define @TypeConversion annotation of the nested property at the parent
level.
For Example I have a bean
public class Bike {
private Name name;
public Name getName() {
return this.name;
}
public void setName(Name name) {
this.name = name;
}
Implementing the ParameterNameAware interface with white/black list seems
the best solution.
Thanks,
J.
On Wed, Jul 4, 2012 at 3:51 PM, Dave Newton davelnew...@gmail.com wrote:
Then whitelist/blacklist.
Or don't expose sensitive data directly to the user.
Dave
(pardon brevity, typos, and
You could implement a class that delegates to your bean but only exposes
setters and getters that are appropriate, so in the case of the id then you
could let the user view it (getter) but not allow the setter.
A perhaps even better approach would be to devise a proxying mechanism (perhaps
Spring security allows to protect method calls via annotacions like
@Secured, @PreAuthorize, @PostFilter, but I was interested in something
lighter.
On Wed, Jul 4, 2012 at 4:29 PM, Marcus Bond mar...@marcusbond.me.uk wrote:
You could implement a class that delegates to your bean but only
Dear all,
I have got a performance issue on a nested iterator, running Struts
2.3.1.1.
Consider the code below, (the example is a Book with chapters and
subchapters and we're displaying the book index - bookIndex is a
MapChapter,ListSubchapter.
This takes several seconds to load (map has size
Could you post somewhere (GitHub) the whole code base ?
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail:
12 matches
Mail list logo
