Re: PropertyPlaceholderConfigurer can't read file properties
On Fri, 2011-07-01 at 08:46 -0500, Paul Benedict wrote: Can you clarify? You spoke about reloading -- are you trying to change property files on the fly? Agree: as far as I know, you can't do that with PropertyPlaceholderConfigurer. Also agree with previous mail: this is Spring, not Struts.
Can Struts Junit plugin be used to test the redirect result of an action
I am using the Struts Junit plugin (http://struts.apache.org/2.2.3.1/docs/struts-2-junit-plugin-tutorial.html ), extending the StrutsSpringTestCase for a regression test of an action in my application. (Optional reading: Long story short on the problem, the action adds a record to a database via hibernate. The result is a redirect to execute() of the same class, whose prepare() populates a ListRecord object with all the records available. For some reason, the prepare fires as it should, but returns the old number of items. Only a refresh shows the page with the correct results. For an odd reason, sleeping the thread before calling the dao's code that retrieves the list for 1 second also makes the result to be correctly updated.) The action result is a redirectAction, that, well, redirects to another action. The test doesn't call this second method, though. Is it possible with this base test case to make it call the 2nd action? Regards, Miguel Almeida
Re: Unit Test Struts2 Action - Custom type converters not being run?
On Wed, 2011-09-21 at 17:55 +0200, Carl Ballantyne wrote:
How can I try the nightly build if using Maven? I do not see it listed as an
option.
Would be nice if Struts released SNAPSHOT versions into maven. Does it?
Be aware that you can write your test as follow:
public void testValidationRequired() throws Exception {
request.setParameter(user.roles, );
executeAction(/your_package/your_action.action);
// asserts to check errors etc..
}
}
Maurizio: you can't use this if you have to set objects (eg:
action.setSession(session );), does it? In my sessioned test I need:
action.setSession(session );
actionProxy.getInvocation().getInvocationContext().setSession(session);
perhaps the first could be replaced with request.setParameter() (can
it?), but I need the second - otherwise I'll have a nullpointerexception
in my action's session.get() method (because ServletConfigInterceptor's
((SessionAware) action).setSession(context.getSession()); (line 146)
will set it to null and override the action.setSession(session)
instruction)
Miguel
Message lookup (from key) in Test
Dear all, I am unit-testing an application under the skin using SpringStrutsTestCase as base (actually, things are a bit more complicated because I'm doing it from Cucumber, but that's another story). How do you get the value of your message from within the test? The assertion I'm trying is: assertEquals(expectedMessage, action.getActionErrors().iterator().next()); But actionErrors() contains the key (error.authorisation) and not the value (you cannot do this). What's the cleanest way to retrieve the value from the test? Cheers, Miguel Almeida
Maven archetypes not working?
Hi, I added the http://struts.apache.org/ Archetype catalog to my maven (actually, in Eclipse) but I haven't been able to create a new project with any of the archetypes provided: I get the error: Unable to create project from archetype [org.apache.struts:struts2-archetype-starter:2.3.1.1 - https://repository.apache.org/content/groups/public/] The defined artifact is not an archetype While I've just added the catalog to my workspace, I have used maven archetypes before. Is there something not working with the archetypes at the moment? Cheers, Miguel Almeida
Testing with StrutsTestCase in a Tiles application - NullPointerException
Hi there, I trying to test an application with the help of StrutsTestCase (a class that extends from StrutsSpringTestCase, to be more precise). StrutsTestCase (which is in the struts junit plugin) involves proxied actions to make tests more light. I have used the same method in another application that doesn't have tiles successfully. Here, however, I am running into an exception when running the actionProxy.execute() : java.lang.NullPointerException at org.apache.struts2.views.tiles.TilesResult.doExecute(TilesResult.java:105) at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186) I found a user that described the problem very well on stackOverflow: http://stackoverflow.com/questions/5823709/npe-in-strutstestcase-after-enabling-tiles There is also a 2008 question on the mailing list (http://www.mail-archive.com/user@struts.apache.org/msg77582.html ). Petrelli tried to answer, but no solution was posted. From these resources, do you know what the problem might be and if it is possible to use StrutsTestCase to test an application that has Tiles enabled through the StrutsTilesListener? Cheers, Miguel Almeida
Re: Testing with StrutsTestCase in a Tiles application - NullPointerException
For future reference, I found the answer in
http://depressedprogrammer.wordpress.com/2007/06/18/unit-testing-struts-2-actions-spring-junit/
Basically, you need to initialize the tiles listener. As I already used
setupBeforeInitDispatcher to set the applicationContext attribute, I
added the code there (inside the if(tilesApplication) segment):
/** Overrides the previous in order to skip applicationContext
assignment: context is @autowired
* @see
org.apache.struts2.StrutsSpringTestCase#setupBeforeInitDispatcher()
**/
@Override
protected void setupBeforeInitDispatcher() throws Exception {
//init context
servletContext.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE,
applicationContext);
if(tilesApplication){
servletContext.addInitParameter(BasicTilesContainer.DEFINITIONS_CONFIG,
WEB-INF/tiles.xml);
final StrutsTilesListener tilesListener = new
StrutsTilesListener();
final ServletContextEvent event = new
ServletContextEvent(servletContext);
tilesListener.contextInitialized(event);
}
}
Miguel Almeida
On Fri, 2012-01-27 at 17:35 +, Miguel Almeida wrote:
Hi there,
I trying to test an application with the help of StrutsTestCase (a class
that extends from StrutsSpringTestCase, to be more precise).
StrutsTestCase (which is in the struts junit plugin) involves proxied
actions to make tests more light.
I have used the same method in another application that doesn't have
tiles successfully. Here, however, I am running into an exception when
running the actionProxy.execute() :
java.lang.NullPointerException
at
org.apache.struts2.views.tiles.TilesResult.doExecute(TilesResult.java:105)
at
org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
I found a user that described the problem very well on stackOverflow:
http://stackoverflow.com/questions/5823709/npe-in-strutstestcase-after-enabling-tiles
There is also a 2008 question on the mailing list
(http://www.mail-archive.com/user@struts.apache.org/msg77582.html ).
Petrelli tried to answer, but no solution was posted.
From these resources, do you know what the problem might be and if it is
possible to use StrutsTestCase to test an application that has Tiles
enabled through the StrutsTilesListener?
Cheers,
Miguel Almeida
Does the StrutsTestCase test filters defined in web.xml?
Dear all, I am using StrutsSpringTestCase (which extends StrutsTestCase) to perform some acceptance tests (under the skin). I am also using Displaytag (www.displaytag.org/1.2/ ) to build some tables in the view. This tag supports excel/pdf export, which uses a filter you configure in web.xml [1] The way the filter works is, in short: a (odd looking, numerical) parameter is added to the request. The filter checks for the existence of that parameter and, if it exists, creates the pdf/excel. I want to test the creation of this file (and its contents). However, when I debug the StrutsSpringTestCase test with a breakpoint on that filter it does not stop there, so my questions are: 1) Does the StrutsTestCase not pass through other filters in your web.xml, and only goes through the struts filter? 2) If so, is there anything else in the struts tests that could help me out? How do you suggest I perform this test? Thank you, Miguel Almeida [1]- see http://www.displaytag.org/1.2/export_filter.html
RE: Does the StrutsTestCase test filters defined in web.xml?
Hi Steve, On Mon, 2012-05-14 at 11:09 +0100, Steve Higham wrote: Hi Miguel, I haven't used the StrutsSpringTestCase however I have made use of the StrutsTestCase. This only tests the interceptor stack / Action / Result. There is no web server involved and no attempt to render the resulting page. Yes, that's what I thought. You could try looking at Apache Cactus or Apache HttpClient to test this behaviour? Alternatively if you generate the file within Struts then the StrutsTestCase will suffice. I've generated exports from Struts this way. Both are no longer maintained (I guess httpclient got replaced with Apache http components (http://hc.apache.org/ ) but I haven't explored this yet. For this case (testing the pdf output created by the displaytag) I don't think it'll be worth it to invest in a new testing setup: this is the only thing that is produced outside the scope of struts and a manual inspection might suffice. However, I do want to explore other tools that are available to test the http request/response, so I'll look into this further. Cheers, Miguel Almeida Cheers, Steve -Original Message- From: Miguel Almeida [mailto:mig...@almeida.at] Sent: 14 May 2012 10:16 To: user@struts.apache.org Subject: Does the StrutsTestCase test filters defined in web.xml? Dear all, I am using StrutsSpringTestCase (which extends StrutsTestCase) to perform some acceptance tests (under the skin). I am also using Displaytag (www.displaytag.org/1.2/ ) to build some tables in the view. This tag supports excel/pdf export, which uses a filter you configure in web.xml [1] The way the filter works is, in short: a (odd looking, numerical) parameter is added to the request. The filter checks for the existence of that parameter and, if it exists, creates the pdf/excel. I want to test the creation of this file (and its contents). However, when I debug the StrutsSpringTestCase test with a breakpoint on that filter it does not stop there, so my questions are: 1) Does the StrutsTestCase not pass through other filters in your web.xml, and only goes through the struts filter? 2) If so, is there anything else in the struts tests that could help me out? How do you suggest I perform this test? Thank you, Miguel Almeida [1]- see http://www.displaytag.org/1.2/export_filter.html - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Using Spring proxied Session Beans with the ExecAndWaitInterceptor
Following up on your suggestion, Lukasz: is concurrency an issue even if you scope the interceptor itself as prototype (or request) ? I was under the impression you could scope the interceptors like this (removing concurrency issues), but actually the previous issue makes me wonder if they're singleton (in spring beans terms) to the entire application. As for the repackaging you suggest, I'm not sure I follow your suggestion. Do you mean getting the ActionContext in the interceptor to get to the HttpSession and HttpRequest and populate the variable from there? I ask you this due to the motivation behind the request scoped bean in my case: I basically want to populate it in an interceptor so it is available elsewhere (on an hibernate interceptor/event listener - don't let the name trick you, this has nothing to do with Struts interceptors. It also doesn't know anything about http sessions or requests and should really be http agnostic). Could you clear me up on you meant by your approach? Thanks, Miguel Almeida On 05/14/2012 08:11 PM, Łukasz Lenart wrote: I think it's better to repackage what you need and pass as a context variables instead inject session aware beans. It can produce concurrency issues. Regards - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Using Spring proxied Session Beans with the ExecAndWaitInterceptor
Regarding this issue - and considering any interceptor, not just the ExecAndWaitInterceptor: 1) My issue was, in fact, that I was accessing the request/session scoped bean in my init method. The init method was being called at app startup, where no such context exists 2) If we remove that access, you can use the request/session scoped bean. 3) You can also get the meaning with Spring's ApplicationContext inside the intercept() method, with the call context.getBean(myBean); As me and Lukasz were discussing this, we realised the init() method of the interceptor is only being called at app startup - even if you define it with, say, a prototype scope in spring. This means that apparently Struts disregards spring's scope for interceptors, which has thread safety implications (and you might be better off using the approach in 3) ). Miguel On Tue, 2012-05-15 at 09:00 +0200, Łukasz Lenart wrote: What I mean is that injecting something in ExecAndWaitInterceptor which has brought scope can rise concurrency issue because the same bean can be used in two different threads (ExecAndWaitInterceptor thread and request thread). I would rather pack whatever is needed by ExecAndWaitInterceptor and pass to it as a value object and inject just stateless services. That's what I mean by repackaging - to have my own context (a map of values, a value bean, etc) that will be passed to ExecAndWaitInterceptor and used by it in separation from other threads. And interceptors are singletons per package (package/ tag in struts.xml) and even worst ExecAndWaitInterceptor creates its own thread ;-) Regards
Can we use the decorator pattern in Actions?
Imagine the scenario where you have security implemented at the action
method level with an annotation:
@Secured(someRole) restricts that action to that role (and it is
checked with an interceptor).
Discussing this on the TDD mailing list a while back, a decorator
approach was suggested
To separate concerns and ease up testing, authorization is implemented
as a decorator (a-la GoF decorator pattern) adding authorization to the
underlying (decorated) MVC app.
The technique to getting there (see pseudo code in [1])
1. Extract an interface from your main class with all the public methods
2. Implement a decorator which adds authorization rules to a decorated
underlying object. The decorator implements the authorization rules
using annotations
3. in your tests, test the decorator providing a mock underlying
decorated object, asserting in each test that given a request with a
user that has certain roles the underlying method should or should not
be called.
As you see, tests would have a simple setup as you wouldn't be calling
the real, possible complicated action code, but the fake decorated
one.
The problem arises when you have superclasses (and maybe also when you
implement interfaces). I exemplify with both.
Imagine this:
RealAction extends CommonAction implements IAction(){
...}
CommonAction implements ServletRequestAware(){
...
}
AuthorizingDecorator implements IAction(){
//injected decorated IAction, see [1]
...
}
Now, on a regular RealAction implementation, the request object exists:
RealAction extends CommonAction, so the request is injected through its
ServletRequestAware.
If you're using the AuthorizingDecorator, however, the request will be
null: RealAction will be injected, so Struts won't kick in to populate
RealAction's request object.
My question is: how would you go on and solve this? Or is the decorator
approach impractical in Struts? I haven't even consider the necessity to
implement every getter/setter on the IAction, which would also make this
approach a bit cumbersome. The simplicity for testing, however, is
great!
Cheers,
Miguel Almeida
[1] The code might end up like this (semi-pseudo code)
Tests:
test_admin_can_call_method_a()
{
// setup a fake request with admin role:
httpRequest = buildRequestWithRole(admin);
// setup a mock app decorated with an authorzation decorator:
MockApp app = new MockApp();
AuthorizationDecorator authorizer = new
AuthorizationDecorator(app);
// act - try calling method A in the decorator:
authorizer.MethodA(httpRequest);
// assert - underlaying method a should have been called:
Assert(app.MethodA.WasCalled==true);
}
test_regularUser_cannot_call_method_a()
{
// setup a fake request with regular user role:
httpRequest = buildRequestWithRole(regular user);
// setup a mock app decorated with an authorzation decorator:
MockApp app = new MockApp();
AuthorizationDecorator authorizer = new
AuthorizationDecorator(app);
// act - try calling method A in the decorator:
authorizer.MethodA(httpRequest);
// assert - underlaying method a should not have been called:
Assert(app.MethodA.WasCalled==false);
}
In the SUT:
interface IAction
{
String MethodA()
String MethodB()
...
}
// this is the real action implementing methodA, methodB etc
class RealAction: IAction
{
String MethodA()
String MethodB()
...
}
// this is responsible for authorization
class AuthorizingDecoratorAction : IAction
{
private IAction _decorated;
public AuthorizationDecorator(IAction decorated)
{
_decorated = decorated;
}
// each method is implemented using annotations and calling the
underlying decorated object
@SecuredRoles(admin, manager)
public void MethodA()
{
_decorated.MethodA();
}
@SecuredRoles(regular user)
public void MethodB()
{
_decorated.MethodB();
}
}
Can you define variables as the value in struts.properties?
Lets say I have the following files in my app:
- app-DEV.properties
- app-PROD.properties
- app-TEST.properties
I use Spring's jee:jndi-lookup and PropertyPlaceholderconfigurer (see
[1]) to achieve a multi-environment setup. All files are in the
classpath, but because on each environment I set the capitalized part
differently (eg: IDE has an environment variable defined to DEV, while
the production container has it set to PROD) only one file is loaded,
setting up Spring configuration correctly.
Enter Struts: I wanted to take advantage of these existing properties
further to the UI level.
Eg:
1) have a jsp with s:text name=app.client/
2) have in your struts.properties the entry
struts.custom.i18n.resources=a,...,environments/app-DEV
3) if you have app.client on the file app-DEV.properties, set to FOO,
you'll see it on the web page
Question: Having multiple environments files, what I really need is
struts.custom.i18n.resources=environments/app-${envName}. Can one have
this, so only the file that makes sense for that environment is loaded?
[1] https://gist.github.com/2948672
Cheers,
Miguel Almeida
Re: data injection attack
Lukas: that's not always viable though. You might need a setter for your model object elsewhere, but don't want that action to set that property. On Wed, 2012-07-04 at 14:57 +0200, Lukasz Lenart wrote: By removing setter for it ? Regards
Performance issue with nested iterator
Dear all,
I have got a performance issue on a nested iterator, running Struts
2.3.1.1.
Consider the code below, (the example is a Book with chapters and
subchapters and we're displaying the book index - bookIndex is a
MapChapter,ListSubchapter.
This takes several seconds to load (map has size 10, each list is no
more than 15 items). I tried a lot of different approaches (mainly
regarding the database). However, what really surprised me was the
contents of the innermost td (6th row from the end): if I replace the
s:a with anything else (a xx, or just an axx/a) the page will load
much faster (ie, page load drops from 8 to 2 seconds).
Looking at http://struts.apache.org/2.x/docs/performance-tuning.html, I
double checked the OGNL version loaded in maven and indeed I have 3.0.3.
Is there any obvious reason why I'm getting such a slow performance?
Thanks for the input!
Miguel Almeida
Example code:
s:iterator value=%{#bookIndex} status=row var=chapterIndex
s:set var=chapter value=%{#bookIndex.key}/
s:set var=subchapters value=%{#chapterIndex.value}/
br
s:url id=url action=chapterloadPage
s:param name=page${chapter.firstPage}/s:param
/s:url
s:a href=%{url}${chapter.name}/s:a
table
s:iterator value=%{#subchapters} status=ind
var=subchapter
s:url id=url
action=chapterloadPage
s:param name=pages:property
value=%{#subchapter.page}//s:param
/s:url
tr
td
s:a
href=%{url}s:property
value=%{#subchapter.title}//s:a
/td
/tr
/s:iterator
/table
/s:iterator
Re: Performance issue with nested iterator
Sure, Lukas: https://github.com/mmalmeida/struts-performance On Thu, 2012-07-05 at 06:48 +0200, Lukasz Lenart wrote: Could you post somewhere (GitHub) the whole code base ? Regards
Re: Performance issue with nested iterator
Sorry, I sent the email before explaining. The repo has a maven project that I stripped down to the most basic to show the issue. Notice the iterator in index.jsp. I tried to remove every unused configuration, file and dependency to make the project as simple as possible. The original project is using tiles, so I kept it there. However, I don't think it's being used in the web workflow I created (which just goes to index.jsp). Is there anything there that might explain this slowness? Cheers, Miguel Almeida On Thu, 2012-07-05 at 13:05 +0100, Miguel Almeida wrote: Sure, Lukas: https://github.com/mmalmeida/struts-performance On Thu, 2012-07-05 at 06:48 +0200, Lukasz Lenart wrote: Could you post somewhere (GitHub) the whole code base ? Regards
Re: Performance issue with nested iterator
I believe I've found the culprit. While the problem is present in commit https://github.com/mmalmeida/struts-performance/commit/aba93098174c8c8c1684ffdd9bf332b212a893a , it's not present in the latest commit if you turn devMode to false. The issue was the freemarker version 2.3.9 in that commit. Updating to 2.3.19 makes performance normal again (the complete project needed freemarker, hence the direct dependency reference in the pom). While I don't know what changed between these freemarker versions, apparently the problem was there. Miguel Almeida On Thu, 2012-07-05 at 13:16 +0100, Miguel Almeida wrote: Sorry, I sent the email before explaining. The repo has a maven project that I stripped down to the most basic to show the issue. Notice the iterator in index.jsp. I tried to remove every unused configuration, file and dependency to make the project as simple as possible. The original project is using tiles, so I kept it there. However, I don't think it's being used in the web workflow I created (which just goes to index.jsp). Is there anything there that might explain this slowness? Cheers, Miguel Almeida On Thu, 2012-07-05 at 13:05 +0100, Miguel Almeida wrote: Sure, Lukas: https://github.com/mmalmeida/struts-performance On Thu, 2012-07-05 at 06:48 +0200, Lukasz Lenart wrote: Could you post somewhere (GitHub) the whole code base ? Regards
OGNL error in log - Error setting expression
I noticed some OGNL warnings in my log that I show below [1]. User scenario: 1) go to form. no warnings 2) submit form - page is reloaded. warnings appear. The warning is for property which is being used on a key: s:submit key=geral.save /. The key is defined in globalmessages.properties. It seems the question of whether or not these warnings should appear has been discussed in the mailing list before. What I couldn't find is this: should there even be a warning in this case, given that the property should be searched for in the i18n resources and not the action? Thank you, Miguel Almeida [1] 2012-07-27 18:28:12,879 WARN [CommonsLogger.java:60] : Error setting expression 'geral.save' with value '[Ljava.lang.String;@5b36cbd0' ognl.OgnlException: target is null for setProperty(null, save, [Ljava.lang.String;@5b36cbd0) at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:2309) at ognl.ASTProperty.setValueBody(ASTProperty.java:127) at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220) at ognl.SimpleNode.setValue(SimpleNode.java:301) at ognl.ASTChain.setValueBody(ASTChain.java:227) at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220) at ognl.SimpleNode.setValue(SimpleNode.java:301) at ognl.Ognl.setValue(Ognl.java:737) at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:217) at com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:186) at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:173) at com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:151) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:292) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:203) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:75) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:90) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:256) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:176) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:192) at com.opensymphony.xwork2
Re: OGNL error in log - Error setting expression
Answering my own question: apparently you need to define a name property for the submit tag. Thanks to http://www.coderanch.com/t/487063/Struts/Internationalization Miguel On Fri, 2012-07-27 at 18:33 +0100, Miguel Almeida wrote: I noticed some OGNL warnings in my log that I show below [1]. User scenario: 1) go to form. no warnings 2) submit form - page is reloaded. warnings appear. The warning is for property which is being used on a key: s:submit key=geral.save /. The key is defined in globalmessages.properties. It seems the question of whether or not these warnings should appear has been discussed in the mailing list before. What I couldn't find is this: should there even be a warning in this case, given that the property should be searched for in the i18n resources and not the action? Thank you, Miguel Almeida [1] 2012-07-27 18:28:12,879 WARN [CommonsLogger.java:60] : Error setting expression 'geral.save' with value '[Ljava.lang.String;@5b36cbd0' ognl.OgnlException: target is null for setProperty(null, save, [Ljava.lang.String;@5b36cbd0) at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:2309) at ognl.ASTProperty.setValueBody(ASTProperty.java:127) at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220) at ognl.SimpleNode.setValue(SimpleNode.java:301) at ognl.ASTChain.setValueBody(ASTChain.java:227) at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220) at ognl.SimpleNode.setValue(SimpleNode.java:301) at ognl.Ognl.setValue(Ognl.java:737) at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:217) at com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:186) at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:173) at com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:151) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:292) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:203) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:75) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:90) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:256) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:176) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept
Type conversion on a Map
Dear all, Considering: 1) the action property MapCodeProperty, String complexMap; 2) CodeProperty has an int id property How would you configure type conversion and refer to it on the JSP to populate it? I am currently trying the following -conversion configuration: KeyProperty_complexMap=id Element_complexMap=java.lang.String Key_complexMap=persist.model.CodeProperty CreateIfNull_complexMap=true However, a simple jUnit test where I populate the request with getRequest().setParameter(complexMap[ + String.valueOf(33) + ],test) doesn't populate the map as expected. Is the -conversion file wrong, the parameter set in the unit test, or both? Cheers, Miguel Almeida
RE: Type conversion on a Map
On Fri, 2012-09-21 at 09:04 -0400, Martin Gainty wrote:
a stupid question but i have to ask
If you mean where is the initialisation of simpleMap e.g. simpleMap=new
java.util.HashMap(); - it's not there. I don't think you need to,
Struts initializes it. (see below)
public class TypeConversionAction extends ActionSupport
{
private MapEntity, String simpleMap; //where is the initialisation of
simpleMap e.g. simpleMap=new java.util.HashMap();
public MapEntity, String getSimpleMap() { return simpleMap; }
public void setSimpleMap(MapEntity, String simpleMap) {
this.simpleMap = simpleMap; }
public String execute() { return SUCCESS; }
}
//then the test-harness:
package test.example;
import java.util.Map;
import org.apache.struts2.StrutsTestCase;
import org.junit.Test;
import com.opensymphony.xwork2.ActionProxy;
import com.opensymphony.xwork2.ActionSupport;
public class TypeConversionTest extends StrutsTestCase
{
private ActionProxy actionProxy;
private ActionSupport action;
@Test
public void test() throws Exception{
Entity entity = new Entity();
entity.setId(1);
super.setUp();
request.setParameter(simpleMap[1], value);
createAction(/example/Convesion.action);
executeProxy();
MapEntity, String complexMap = ((TypeConversionAction)
action).getSimpleMap();
assertNotNull(complexMap); //getSimpleMap is NULL in the Action so it
would always be NULL here
No. The test fails below, not here. executeProxy executed the action and
initialized the map. If you run the test you'll see it fails on the last
assertEquals, not here.
assertFalse(complexMap.isEmpty()); //FAIL it is empty
assertEquals(value, complexMap.get(entity)); //Never initialised so
this would fail as well
This is where it is failing. Not because it hasn't been initialized, but
because it doesn't have that key.
Miguel Almeida
Re: Can we use the decorator pattern in Actions?
I was speaking with Lukasz today about this, so I'm resurrecting this
old thread.
The underlying question in my (rather extensive) post is:
How can you perform the following decorator pattern:
public OriginalAction implements Preparable,
SessionAware,OriginalActionInterface{
public String someFunctionality(){
}
}
Decorate like:
public DecoratedAction implements Preparable, SessionAware,etc{
private OriginalActionInterface originalAction; //inject
OriginalAction here
@Secured
public String someFunctionality(){
// do new stuff
orignalAction.someFunctionality();
}
}
Issues:
1) Your OriginalAction will probably rely on some objects injected by
struts (eg: session will probably be used). However, because
OriginalAction is now only decorating DecoratedAction...those objects
won't be automatically populated by Struts.
The only way I see it is to use Spring IoC to define these needed
objects in OriginalAction. But it would be neat if that was performed by
Struts.
What are your thoughts on this?
Miguel Almeida
On Wed, 2012-05-16 at 11:22 +0100, Miguel Almeida wrote:
Imagine the scenario where you have security implemented at the action
method level with an annotation:
@Secured(someRole) restricts that action to that role (and it is
checked with an interceptor).
Discussing this on the TDD mailing list a while back, a decorator
approach was suggested
To separate concerns and ease up testing, authorization is implemented
as a decorator (a-la GoF decorator pattern) adding authorization to the
underlying (decorated) MVC app.
The technique to getting there (see pseudo code in [1])
1. Extract an interface from your main class with all the public methods
2. Implement a decorator which adds authorization rules to a decorated
underlying object. The decorator implements the authorization rules
using annotations
3. in your tests, test the decorator providing a mock underlying
decorated object, asserting in each test that given a request with a
user that has certain roles the underlying method should or should not
be called.
As you see, tests would have a simple setup as you wouldn't be calling
the real, possible complicated action code, but the fake decorated
one.
The problem arises when you have superclasses (and maybe also when you
implement interfaces). I exemplify with both.
Imagine this:
RealAction extends CommonAction implements IAction(){
...}
CommonAction implements ServletRequestAware(){
...
}
AuthorizingDecorator implements IAction(){
//injected decorated IAction, see [1]
...
}
Now, on a regular RealAction implementation, the request object exists:
RealAction extends CommonAction, so the request is injected through its
ServletRequestAware.
If you're using the AuthorizingDecorator, however, the request will be
null: RealAction will be injected, so Struts won't kick in to populate
RealAction's request object.
My question is: how would you go on and solve this? Or is the decorator
approach impractical in Struts? I haven't even consider the necessity to
implement every getter/setter on the IAction, which would also make this
approach a bit cumbersome. The simplicity for testing, however, is
great!
Cheers,
Miguel Almeida
[1] The code might end up like this (semi-pseudo code)
Tests:
test_admin_can_call_method_a()
{
// setup a fake request with admin role:
httpRequest = buildRequestWithRole(admin);
// setup a mock app decorated with an authorzation decorator:
MockApp app = new MockApp();
AuthorizationDecorator authorizer = new
AuthorizationDecorator(app);
// act - try calling method A in the decorator:
authorizer.MethodA(httpRequest);
// assert - underlaying method a should have been called:
Assert(app.MethodA.WasCalled==true);
}
test_regularUser_cannot_call_method_a()
{
// setup a fake request with regular user role:
httpRequest = buildRequestWithRole(regular user);
// setup a mock app decorated with an authorzation decorator:
MockApp app = new MockApp();
AuthorizationDecorator authorizer = new
AuthorizationDecorator(app);
// act - try calling method A in the decorator:
authorizer.MethodA(httpRequest);
// assert - underlaying method a should not have been called:
Assert(app.MethodA.WasCalled==false);
}
In the SUT:
interface IAction
{
String MethodA()
String MethodB()
...
}
// this is the real action implementing methodA, methodB etc
class RealAction: IAction
{
String MethodA()
String MethodB()
...
}
// this is responsible for authorization
class AuthorizingDecoratorAction : IAction
{
private IAction _decorated;
public
Issue with maven archetypes - jetty plugin version 8 not refreshing JSPs
Dear all, As I was upgrading the maven jetty plugin in a struts archetype, I noticed a difference in behaviour between versions 6 and 8 of the plugin. While this might be due to a change in jetty's configuration, I thought we should check this and probably update the archetypes accordingly. Essentially, with version 6, changes in a JSP are automatically seen (without redeployment) by refreshing the broswer. In version 8, you need to redeploy the jetty container to see the changes. Steps to replicate (in either an IDE or command line): 1) Create a maven project with the struts2-blank-archetype 2) Edit the pom.xml file so the plugin section matches [1] 3) Run the jetty:run maven goal. 4) Open the browser and see the welcome page 5) Edit the file /src/main/webapp/WEB-INF/content/hello.jsp 6) Refresh the browser. You should see the changes immediately 7) Repeat 1-6, but update the plugin section in 2 to the contents listed below [2] Expected: Same result as before Actual: You no longer see the jsp changes upon refreshing the bowser. You need to restart jetty! [1] - Version 6 of the plugin. The scantarget element was removed because we don't want a complete server redeployment when we just change a JSP. plugin groupIdorg.mortbay.jetty/groupId artifactIdmaven-jetty-plugin/artifactId version6.1.21/version configuration scanIntervalSeconds10/scanIntervalSeconds /configuration /plugin [2] - Version 8 of the plugin. Exact same configuration (except for the artifact's name and version) plugin groupIdorg.mortbay.jetty/groupId artifactIdjetty-maven-plugin/artifactId version8.1.7.v20120910/version configuration scanIntervalSeconds10/scanIntervalSeconds /configuration /plugin Does anyone know what configuration change is needed so you get the same behaviour as before? Miguel Almeida
Re: Issue with maven archetypes - jetty plugin version 8 not refreshing JSPs
Hey Lukasz, Does your jetty configuration match the ones I provided? More specifically, did you remove the scanTargets element? With scanTargets you will see the JSP changes, but only after the automatic container reload (so, worse case scenario in 10 seconds, as defined in the scanIntervalSeconds element. If you remove scanTargets, the page will not be refreshed on JSP change in jetty 8 but will be refreshed in jetty 6! And reloading the entire container for every JSP change seems like an overkill (and slows down development process considerably when your webapp has session variables and security). Could you try the configuration without scanTargets for jetty 6 and 8? Miguel Almeida On Tue, 2012-10-30 at 21:57 +0100, Lukasz Lenart wrote: Hi, I've tested with apps/blank and it works as expected, the same with an app created base on struts2-archetype-blank (mvn archetype:generate - 307) and base on struts2-archetype-convention (308). No problems spotted :-) Kind regards
Re: Issue with maven archetypes - jetty plugin version 8 not refreshing JSPs
A follow-up on this. I was able to identify the root cause of this issue. While this is a bit specific to our use case, I share this with the community nonetheless. This was basically caused by the timestamps of the files. My work directory is an NFS mount of another server. For some strange reason* the clock on that server is delayed. This means that if it's 9:00 and I change the JSP file, the file will be timestamped with 8:40. There might have been a change in Jetty from 6 to 8 regarding the strategy used for JSP file reloading - while Jetty 6 does not seem to care about the file's timestamp and refreshes anyway, Jetty 8 is more sensitive and does not reload the file. So the solution here was simply to update the remote NFS server's clock. Why the NTP-aware server is having trouble with the time is another issue... Miguel Almeida On Tue, 2012-11-06 at 13:12 +0100, Lukasz Lenart wrote: 2012/10/31 Miguel Almeida mig...@almeida.at Hey Lukasz, Does your jetty configuration match the ones I provided? More specifically, did you remove the scanTargets element? With scanTargets you will see the JSP changes, but only after the automatic container reload (so, worse case scenario in 10 seconds, as defined in the scanIntervalSeconds element. If you remove scanTargets, the page will not be refreshed on JSP change in jetty 8 but will be refreshed in jetty 6! And reloading the entire container for every JSP change seems like an overkill (and slows down development process considerably when your webapp has session variables and security). Could you try the configuration without scanTargets for jetty 6 and 8? Yes, I did that and even committed the change [1], there was no Jetty restarts when I've been changing jsp file. [1] https://issues.apache.org/jira/browse/WW-3916 Regards
Private setter method breaking application in Tomcat7
Following a chat with Lukasz on IRC, I post a weird behaviour I got this
morning.
Example:
- QueryAction class with a int selectedParent property
- url on a webpage pointing to:
QueryqueryConversation.action?selectedParent=2
- an action mapping action name=Query* method={1}
class=queryAction
- Application packaged in .war and deployed in two containers: tomcat6
and tomcat7
Problem:
1) In tomcat7 the selectedParent int was 0 when entering the
queryConversation method. in tomcat6 the variable was correctly set to
2.
2) Get request had the correct string:
GET /edc-test/QueryqueryConversation.action?selectedParent=2 HTTP/1.1
3) Params interceptor was picking up the parameter: DEBUG
ParametersInterceptor:68 - Setting params selectedParent = [ 2 ]
Resolution:
I found out the issue was related to the fact that we had two
setSelectedParent methods in the Action class:
- public void setSelectedParent(int selectedParent)
- private void setSelectedParent(ObjectX anotherObjectType)
Renaming the second method (I've always said naming methods with get/set
prefix should be reserved to..well, getters/setters) solved the problem.
Questions:
Two questions remain a mystery to me thought:
1) Why is Tomcat7 the only container complaining? Neither tomcat6 nor
our embedded jetty containers complain about this
2) Even though the method's name should be changed, I also find it
strange that this is a problem when the 2nd method is private.
Any thoughts appreciated,
Miguel Almeida
Re: Struts application
Or, if you already use Maven, use the Maven archetypes available at http://struts.apache.org/ Miguel Almeida On Wed, 2013-02-20 at 22:31 +0530, Umesh Awasthi wrote: download sample application from S2 official download section and you will be able to see how things are being configured and how things are working. This is a good place to start and get overview of the structure On Wed, Feb 20, 2013 at 10:27 PM, Brajesh Patel brajeshpate...@gmail.comwrote: Hi all, I am looking for an application that provide detail about struts 2 app directory structure and detail about action, and other thing. that will help lot to me. -- Thanks Brajesh Patel skype: brajesh.patel11 Cell:- +91 8750709907
How to set the name parameter on a multiple s:select
Dear all,
Imagine you have the following scenario:
- a property in your action: private Entity entity;
- Entity has a ListEntity2 entity2List
- Entity2 has a Entity3 entity3
Now, you need an s:select with multiple=true to populate entity3. This
corresponds to having a request in the form
entity.entity2List[n].entity3.id (n=0,1,2...depending on how many items
are selected).
Question: how should the name parameter of the s:select be like to
achieve this?
Me and Lukasz have tried the following without success (meaning
entity.entity2List has is empty):
s:select key=centre.choose multiple=true
name=%{entity.entity2List[].entity3.id} list=#someList listKey=id
listValue=code/
s:select key=centre.choose multiple=true
name=entity.entity2List[].entity3.id list=#someList listKey=id
listValue=code/
Thank you for your help!
Miguel Almeida
Re: How to set the name parameter on a multiple s:select
I've also posted this on
http://stackoverflow.com/questions/16812357/how-to-set-the-name-parameter-on-a-multiple-sselect
so the knowledge can be shared once the answer is known.
I also plan to add this to struts' documentation!
Miguel
On Wed, 2013-05-29 at 11:27 +0100, Miguel Almeida wrote:
Imagine you have the following scenario:
- a property in your action: private Entity entity;
- Entity has a ListEntity2 entity2List
- Entity2 has a Entity3 entity3
Now, you need an s:select with multiple=true to populate entity3.
This
corresponds to having a request in the form
entity.entity2List[n].entity3.id (n=0,1,2...depending on how many
items
are selected).
Question: how should the name parameter of the s:select be like to
achieve this?
Me and Lukasz have tried the following without success (meaning
entity.entity2List has is empty):
s:select key=centre.choose multiple=true
name=%{entity.entity2List[].entity3.id} list=#someList
listKey=id
listValue=code/
s:select key=centre.choose multiple=true
name=entity.entity2List[].entity3.id list=#someList listKey=id
listValue=code/
Re: How to set the name parameter on a multiple s:select
Thanks for the feedback Dale.
A couple of thoughts below.
On Wed, 2013-05-29 at 08:18 -0400, Dale Newfield wrote:
I would have a setter on my action class that takes an array of ids. Then
the action does the appropriate lookups, and sets the hydrated objects on the
appropriate models.
That's an alternative, yes. I do tend to prefer having the model objects
in my actions though, to keep the number of objects to a minimum - it
makes more sense to have a ListSomeObject objects than an Integer[]
ids, but maybe that's personal preference.
You do recognize that the data you provided is ambiguous, though, right?
Nothing you stated is sufficient to know *which* entity2 objects should be
set on entity, just which entity3 objects you want those entity2 objects to
have. In fact, if you don't happen to get a number of entity3 ids that
matches the number of entity2s on entity, you've left yourself no way of
knowing how to proceed. (Remember, all you get is a (potentially unordered)
list of ids from the form submission, not tuples.)
I'm not sure where the ambiguity is. Take the following request
parameters:
entity.entity2List[0].entity3.id=10
entity.entity2List[1].entity3.id=20
There is no ambiguity in how the Object should be populated - one
entity, which has two Entity2 on the entity2List object: the first
entity2 has an Entity3.id=10 and the second Entity2 has an
Entity3.id=20.
In fact, this request works as expected (as evidenced by the test case
[1]). The challenge is to create an s:select that generates that request
parameters!
Miguel
[1] Unit Test snippet
request.setParameter(entity.entity2List[0].entity3.id, 2);
request.setParameter(entity.entity2List[1].entity3.id, 11);
createAction(/example/Conversion.action);
executeProxy();
Entity entity = ((TypeConversionAction) action).getEntity();
assertNotNull(entity);
assertNotNull(entity.getEntity2List());
assertEquals(2, entity.getEntity2List().size());
assertEquals(2,
entity.getEntity2List().get(0).getEntity3().getId());
assertEquals(11,
entity.getEntity2List().get(1).getEntity3().getId());
-Dale
On May 29, 2013, at 6:27 AM, Miguel Almeida mig...@almeida.at wrote:
Dear all,
Imagine you have the following scenario:
- a property in your action: private Entity entity;
- Entity has a ListEntity2 entity2List
- Entity2 has a Entity3 entity3
Now, you need an s:select with multiple=true to populate entity3. This
corresponds to having a request in the form
entity.entity2List[n].entity3.id (n=0,1,2...depending on how many items
are selected).
Question: how should the name parameter of the s:select be like to
achieve this?
Me and Lukasz have tried the following without success (meaning
entity.entity2List has is empty):
s:select key=centre.choose multiple=true
name=%{entity.entity2List[].entity3.id} list=#someList listKey=id
listValue=code/
s:select key=centre.choose multiple=true
name=entity.entity2List[].entity3.id list=#someList listKey=id
listValue=code/
Thank you for your help!
Miguel Almeida
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2.3.15.1 How to read external properties files or conf files
Without any code it's hard to know what's happening. I do ask you to seriously reconsider refactoring database access out of the action or you'll end up with a huge, very hard to test action class. Miguel Almeida On Fri, 2013-09-06 at 10:50 +0100, Chris wrote: Where : server side , in action , like ActionSupport First example : Login.java ( like in struts-2.3.15.1-blank ) class Login extends com.opensymphony.xwork2.ActionSupport to check and validate user/password ( I need access to LDAP or database ) Second Example: A User Request After success login, a web user need to access data ( from LDAP or Database ) java.io.FileNotFoundException : jdbc.properties or java.io.FileNotFoundException : ldapconfiguration.conf Regards De : umeshawas...@gmail.com umeshawas...@gmail.com À : Struts Users Mailing List user@struts.apache.org; Chris christal...@yahoo.fr Envoyé le : Vendredi 6 septembre 2013 10h50 Objet : Re: Struts 2.3.15.1 How to read external properties files or conf files Log4j file will be ready by Log4j framework and not exactly by struts2 Can you define where and how you want to read your property files? Sent from BlackBerry® on Airtel -Original Message- From: Chris christal...@yahoo.fr Date: Fri, 6 Sep 2013 09:40:03 To: Struts Users Mailing Listuser@struts.apache.org Reply-To: Struts Users Mailing List user@struts.apache.org Subject: Struts 2.3.15.1 How to read external properties files or conf files Using log4j.properties instead of log4j.xml is not a problem with Struts 2.3.15.1 ( or should it be ? ) But with my own properties files ( jdbc.properties ) or configuration files ( ldap.conf ) it doesn't work. Is there any example with external files . Not an upload file by input forms. . Or do we have to use another java classes ?
s:token doesn't accept data- attributes, cssClass ignored
Hi, I am creating an ajax call for a method which is protected by the TokenSessionStoreInterceptor. This means I need to pass the token onto the request. I was expecting the s:token tag to accept data-foo=bar attributes (they'd be passed along to the corresponding hidden elements), but this is not happening (I'd use this so I could retrieve the inputs with a simple jquery select .find(:input[data-scope='save'], which retrieves me all the needed inputs as long as I mark them with that data-scope ). My 2nd attempt was also unsuccessful - while s:token cssClass=someclass/ doesn't break rendering, the class is not passed onto the hidden input elements. Is there a reason for this? While in the case of data-foo this seems to be a missing feature, in the case of cssClass it's also misleading - you can set the property, but it doesn't have any consequence. Miguel
Re: security impact after enabling back the action: prefix in Struts 2.3.15.3
Picking up on this topic, I noticed that disabling this feature will break any JSPs where you've set the action in the s:submit tag instead of the s:form tag. This is particularly problematic in situations where for some reason you have one form with two submit tags, since the submit is the only place where you can distinguish the actions. This can also be related with a similar situation in s2-019, where the disabling of the DMI makes the method= parameter of the tags unusable. I've learnt that this will be better handled in a future version of struts, so my assumption is that the normal behaviour will return in both situations on a future non-security release - hopefully the next one! Maybe someone from the dev team can share their input with us? Kind regards, Miguel Almeida On Wed, 2013-11-20 at 04:33 +0100, Krassen Deltchev wrote: Dear Struts2 mailing list, i have the following question(s)/ i need the following advice: by default the action: prefix is set to false in Struts2 v2.3.15.3 as to: http://struts.apache.org/release/2.3.x/docs/s2-018 for security reasons, but i need to set it back to true(i.e. the struts.mapper.action.prefix.enabled) because my actions do not work after the library update and if i decide to go another way to solve this issue, i need to do a lot of refactoring on my code; So my question is: if i enable the action: prefix, does it mean that, i automatically compromise/expose my application to the security issues discussed in s2-16, s2-17 and s2-18? Is there a workaround for my scenario, that i can enable the prefix, but still maintain the security level of my application considering the enumerated above issues?(can i achieve better results if i tweak properly the struts.mapper.action.prefix.crossNamespaces) many thanks for your opinions and support! Best, krassen
Re: Sending email on uncought exception problems
The first thought I had was also that this might be better suited on an
interceptor. You'll also have more control over the desired behaviour
since interceptors are more easily testable than JSPs.
Miguel
On Tue, 2013-11-26 at 09:43 -0500, Dave Newton wrote:
Why not use an interceptor?
Dave
On Tue, Nov 26, 2013 at 7:44 AM, Lukasz Lichota
lukasz.lich...@ocado.comwrote:
hello,
I'd like to run some java code on any uncought exception but so far I
cannot find a solution.
Under this link I found the exactly same question but I do not know how to
apply solution.
http://markmail.org/search/?q=global+exception+redirect+list%3Aorg.apache.struts.users%2F#query:global%20exception%20redirect%20list%3Aorg.apache.struts.users%2F+page:1+mid:wmzqlmfqpzd57dhg+state:results
Namely if I have
s:if test=notifyAdmin(exception)/s:if
then in which class this method should be? Error.jsp is not associated with
any action. The author says he has this method in any Action class but for
me it doesn't work (how could it work anyway? how error.jsp know about any
Action class?
I tried also s:action element like that:
s:action name=default-error!notifyAdmin executeResult=false
s:param%{exception}/s:param
/s:action
and having java class with method like that:
@Action(default-error)
public boolean notifyAdmin(Exception exception)
but it fails with no error message so I even do not know what is happening
(by failing I mean nothing is invoked when rendering the error page)
I also found this
http://www.mkyong.com/struts/struts-global-custom-exception-example/ but
it
looks like exception handler was removed in struts 2.0
Can you offer any hint?
Thanks
Lukasz
--
Notice: This email is confidential and may contain copyright material of
Ocado Limited (the Company). Opinions and views expressed in this message
may not necessarily reflect the opinions and views of the Company.
If you are not the intended recipient, please notify us immediately and
delete all copies of this message. Please note that it is your
responsibility to scan this message for viruses.
Company reg. no. 3875000.
Ocado Limited
Titan Court
3 Bishops Square
Hatfield Business Park
Hatfield
Herts
AL10 9NE
Re: S2 - custom tag with Spring
If you @Autowire something into your class you're essentially doing the same as retrieving the resources from ApplicationContext. Once you define your class as a Spring bean in Spring's configuration (either by explicitly defining it in an XML or because it's in a classpath which you've told Spring to scan) it is managed by spring - so you'll be able to inject whatever you want onto the bean. Beware of the scope you give to that bean, though. If it's in a tag, you might want to give it a request scope. Miguel On Wed, 2013-12-04 at 11:00 +0800, Steven Yang wrote: Hi I am writing some custom tags. I want to access some resource from Spring. Is there a clean way of doing it, instead of getting the ApplicationContext in the Components? Will @Inject work for non-Struts values? Or @Autowire will work as well? I am using the spring plugin. Thanks
Re: Token Session Interceptor and back button
Paul, I was thinking about this example...what did you have in mind as a way to achieve that, tough, i.e., that a browser back refreshes the page? I can only see some javascript method/hack for that. Were you thinking of something else? Miguel On Thu, 2013-12-05 at 14:59 -0600, Paul Benedict wrote: Make sure your back-button action refreshes the page. You can't reuse a token from the browser's cache. It needs to regenerated. On Thu, Dec 5, 2013 at 12:39 PM, semog12 semog1epi...@gmail.com wrote: Hi, I am using the token session interceptor for a form and I have this situation: 1) I am in the form page; 2) I leave the form page; 3) Go back to the form page by the back button; 4) Submit the form; And of course the form is not submitted and the token returns invalid.token but do not adds no actionError. It will not be interesting to add an action error? Ok, I can resend to a page with a message but I already have a error page that presents the action errors when necessary. Thanks, André Gomes -- View this message in context: http://struts.1045723.n5.nabble.com/Token-Session-Interceptor-and-back-button-tp5714861.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Is Struts 2.3.15.2 affected by the security vulnerability S2-018?
Lukasz, Just to be sure, does that mean that if you use 2.3.15.3 and you set the flag to enable the action: prefix it means you'll get the old behaviour (and vulnerability) back? Miguel On Mon, 2013-12-16 at 08:27 +0100, Lukasz Lenart wrote: 2.3.15.2 and 2.3.15.3 address the same issue, but 2.3.15.2 breaks support for action: prefix, that's why we released 2.3.15.3 as well - even if you don't use action: prefix functionality it will be better upgrade to 2.3.15.3 and use the new flag to disable action: prefix which is safer option. Regards
Re: Is Struts 2.3.15.2 affected by the security vulnerability S2-018?
On Tue, 2013-12-17 at 11:40 +0100, Lukasz Lenart wrote: 2013/12/17 Miguel Almeida mig...@almeida.at: Lukasz, Just to be sure, does that mean that if you use 2.3.15.3 and you set the flag to enable the action: prefix it means you'll get the old behaviour (and vulnerability) back? As I cannot answer your question directly on public forum, I will say that there is one more option you should keep false when you enabled support for action: prefix. Anyway, right now I'm working on two most important things: better DMI and action: support :-) Great to hear that. BTW, you've been missed on IRC's #struts, drop by some time! Regards
Re: minimal set of jar files for struts 2.3
Lukasz, Incidentally, is this list compiled by hand or is it built automatically using a (which?) maven plugin? Miguel On Sat, 2014-01-04 at 13:18 +0100, Lukasz Lenart wrote: The first section compile and optional No http://struts.apache.org/release/2.3.x/xwork-core/dependencies.html http://struts.apache.org/release/2.3.x/struts2-core/dependencies.html 2014/1/4 Dave Evans dsevan...@gmail.com: Hello, I have a couple of old struts 2 apps that are using 2.2.1. I want to upgrade them to 2.3. What is the minimal set of jar files I need in WEB-INF/lib? I currently have: commons-beanutils-1.7.jar commons-collections-2.1.jar commons-digester-1.7.jar commons-fileupload-1.2.1.jar commons-io-1.4.jar commons-javaflow-20060411.jar commons-lang-2.5.jar commons-logging-1.0.4.jar freemarker-2.3.16.jar ibatis-2.3.2.715.jar itext-1.3.1.jar jasperreports-2.0.5.jar javamail.jar javassist-3.8.0.GA.jar jdt-compiler-3.1.1.jar jstl.jar jxl-2.6.jar log4j-1.2.14.jar ognl-3.0.jar poi-3.0.1-FINAL-20070705.jar spring.jar standard.jar struts2-core-2.2.1.jar struts2-jasperreports-plugin-2.0.11.1.jar urlrewrite-3.2.0.jar xalan.jar xercesImpl.jar xwork-core-2.2.1.jar Thanks, Dave - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Best book reference for struts 2
I've found Dave Newton's Apache Struts to be one of the best Struts books out there. Miguel On Thu, 2014-01-16 at 14:17 +0530, Arvind Gupta wrote: Struts2 by Vincent is really good for starting out. Also have a look at this one from infoq http://www.infoq.com/minibooks/starting-struts2 On Thu, Jan 16, 2014 at 1:56 PM, Christoph Nenning christoph.nenn...@lex-com.net wrote: Hi, I am new to this forum. Just wanted to ask which book is best to follow Struts 2. I am planning to purchase Struts 2 black book. Please advice if any other book will be nice to get in touch with Struts 2. Regards, Saju In my company we have 'struts2 in action'. I think it's OK. Don't know the black book so I cannot compare them. regards, Christoph This Email was scanned by Sophos Anti Virus
Re: Best book reference for struts 2
You're welcome! I like to give credit when credit is due, and your book helped me a lot when I started out, in 2007/2008, knowing virtually nothing about web development and very little about programming. Speaking of which, are you thinking about creating a new edition for 2.x or 3.x ? Miguel On Thu, 2014-01-16 at 08:01 -0500, Dave Newton wrote: Thank you! I'd add that the book covers Struts 2.1 (e.g., annotations), and includes sections on JavaScript and development in general. http://packtlib.packtpub.com/apache-struts-2-web-application-development-beginners-guide/book On Thu, Jan 16, 2014 at 7:35 AM, Miguel Almeida mig...@almeida.at wrote: I've found Dave Newton's Apache Struts to be one of the best Struts books out there. Miguel On Thu, 2014-01-16 at 14:17 +0530, Arvind Gupta wrote: Struts2 by Vincent is really good for starting out. Also have a look at this one from infoq http://www.infoq.com/minibooks/starting-struts2 On Thu, Jan 16, 2014 at 1:56 PM, Christoph Nenning christoph.nenn...@lex-com.net wrote: Hi, I am new to this forum. Just wanted to ask which book is best to follow Struts 2. I am planning to purchase Struts 2 black book. Please advice if any other book will be nice to get in touch with Struts 2. Regards, Saju In my company we have 'struts2 in action'. I think it's OK. Don't know the black book so I cannot compare them. regards, Christoph This Email was scanned by Sophos Anti Virus
Is the email regex validator in Struts validation incorrect?
This is the regex for email validation in Struts:
\\b^['_a-z0-9-\\+]+(\\.['_a-z0-9-\\+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)\*
\.([a-z]{2}|aero|arpa|asia|biz|com|coop|edu|gov|info|int|jobs|mil|mobi|
museum|name|nato|net|org|pro|tel|travel|xxx)$\\b
I had a report of this failing for a user with an umlaut email
( shläg...@example.com ). My regex is not very good, but the above
mentioned regex doesn't seem to allow said characters.
However, International characters above U+007F are permitted by RFC
6531 :
http://sphinx.mythic-beasts.com/~pdw/cgi-bin/emailvalidate
What is your view on this? Could this regex be incorrect and miss out
any special characters?
Miguel Almeida
Re: Is the email regex validator in Struts validation incorrect?
I have added it to the JIRA -
https://issues.apache.org/jira/browse/WW-4389
I can't seem to find the actual standard though (i.e., the one in place
that essentially doesn't allow these characters). For documentation
purposes, does anyone know what effective standard disallows these
characters?
Cheers!
Miguel
On Mon, 2014-08-25 at 10:51 -0500, Paul Benedict wrote:
I looked up the RFC. The document lists itself as a proposed standard [1]
so it's not really available yet for general use (but correct me if wrong).
I propose that an enhancement should be made in JIRA to handle this.
[1] http://tools.ietf.org/html/rfc6531
Cheers,
Paul
On Mon, Aug 25, 2014 at 10:46 AM, Miguel Almeida mig...@almeida.at wrote:
This is the regex for email validation in Struts:
\\b^['_a-z0-9-\\+]+(\\.['_a-z0-9-\\+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)\*
\.([a-z]{2}|aero|arpa|asia|biz|com|coop|edu|gov|info|int|jobs|mil|mobi|
museum|name|nato|net|org|pro|tel|travel|xxx)$\\b
I had a report of this failing for a user with an umlaut email
( shläg...@example.com ). My regex is not very good, but the above
mentioned regex doesn't seem to allow said characters.
However, International characters above U+007F are permitted by RFC
6531 :
http://sphinx.mythic-beasts.com/~pdw/cgi-bin/emailvalidate
What is your view on this? Could this regex be incorrect and miss out
any special characters?
Miguel Almeida
Re: Is the email regex validator in Struts validation incorrect?
Note: I pasted the wrong JIRA issue. The correct one is:
https://issues.apache.org/jira/browse/WW-4395
On Mon, 2014-08-25 at 12:22 -0400, Dave Newton wrote:
http://tools.ietf.org/html/rfc2822
IIRC http://tools.ietf.org/html/rfc2047 discusses non-0-127 chars in
headers, I'm not sure if that extends to addresses.
The bottom line is that any realistic email regex will miss a lot of edge
cases, and some fairly normal use cases as well. Email regexes are
generally good enough and that's about it. Regexes isn't the right
solution for completely-spec-compliant email address validation.
Note that other email validators can be plugged in fairly easily.
Dave
On Mon, Aug 25, 2014 at 12:11 PM, Miguel Almeida mig...@almeida.at wrote:
I have added it to the JIRA -
https://issues.apache.org/jira/browse/WW-4389
I can't seem to find the actual standard though (i.e., the one in place
that essentially doesn't allow these characters). For documentation
purposes, does anyone know what effective standard disallows these
characters?
Cheers!
Miguel
On Mon, 2014-08-25 at 10:51 -0500, Paul Benedict wrote:
I looked up the RFC. The document lists itself as a proposed standard
[1]
so it's not really available yet for general use (but correct me if
wrong).
I propose that an enhancement should be made in JIRA to handle this.
[1] http://tools.ietf.org/html/rfc6531
Cheers,
Paul
On Mon, Aug 25, 2014 at 10:46 AM, Miguel Almeida mig...@almeida.at
wrote:
This is the regex for email validation in Struts:
\\b^['_a-z0-9-\\+]+(\\.['_a-z0-9-\\+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)\*
\.([a-z]{2}|aero|arpa|asia|biz|com|coop|edu|gov|info|int|jobs|mil|mobi|
museum|name|nato|net|org|pro|tel|travel|xxx)$\\b
I had a report of this failing for a user with an umlaut email
( shläg...@example.com ). My regex is not very good, but the above
mentioned regex doesn't seem to allow said characters.
However, International characters above U+007F are permitted by RFC
6531 :
http://sphinx.mythic-beasts.com/~pdw/cgi-bin/emailvalidate
What is your view on this? Could this regex be incorrect and miss out
any special characters?
Miguel Almeida
S:url and s:param and character encoding
I had an issue recently with a download action not finding the
corresponding file and you might be able to help me with it. The
filename (on disk) was Calendário (á is the focus here).
I am using the following s:url (Calendário is within the variable
#answer):
s:url encode=true var=downloadUrl
action=Filedownload
s:param
name=answer.id${entityId}/s:param
s:param name=fileNames:property
value=%{#answer}//s:param
/s:url
s:a theme=simple
href=%{downloadUrl}s:property
value=%{#answer}//s:a
If I use a plain-old a and s:properties I get the normal behaviour:
a
href=Filedownload.action?answer.id=s:property
value=%{#entityId}/fileName=s:property
value=%{#answer}/s:property value=%{#answer}//a
Is there something missing from s:url?
I also found https://issues.apache.org/jira/browse/WW-2414 which seems
to mention something similar, but marked as solved in 2.0.x.
Cheers,
Miguel
Re: S:url and s:param and character encoding
On Mon, 2014-09-01 at 10:20 +0200, Lukasz Lenart wrote:
2014-08-29 18:11 GMT+02:00 Miguel Almeida mig...@almeida.at:
I had an issue recently with a download action not finding the
corresponding file and you might be able to help me with it. The
filename (on disk) was Calendário (á is the focus here).
I am using the following s:url (Calendário is within the variable
#answer):
s:url encode=true var=downloadUrl
action=Filedownload
s:param
name=answer.id${entityId}/s:param
s:param
name=fileNames:property value=%{#answer}//s:param
/s:url
s:a theme=simple
href=%{downloadUrl}s:property
value=%{#answer}//s:a
It can be an issue in DefaultUrlHelper as it uses
paramValue.toString() (which means it uses server's locale), did you
try to use s:param name=fileName${answer}/s:param instead of
s:param name=fileNames:property value=%{#answer}//s:param ?
I actually had s:param name=fileName${answer}/s:param and it
worked corretly. I had to change to the s:property alternative due to
an issue with a JSP page with a grouped view - somewhere in the code the
variable #answer is probably being set differently, so with ${answer} I
would get an array [id1,id2...] whereas with s:property
value=%{#answer}/ I would get the correct fileName.
Regards
Can you use type conversion with JSONInterceptor?
Imagine SearchAction{
private List evaluatedRecords;
}
Record is an interface so to get auto-wiring to work you'd usually
set-up a
SearchAction-conversion.properties:
KeyProperty_evaluatedRecords=id
Element_evaluatedRecords=com.bibliovigilance.model.RecordImpl
CreateIfNull_evaluatedRecords=true
I now want to create an Ajax post on this action. I tried the following:
var evaluatedRecords = [
{"id": "10672"}
]
var json_parameters = {evaluatedRecords:
evaluatedRecords};
$.ajax({
url: 'SearchmarkSelectedArticlesJSON.action',
cache: false,
contentType: 'application/json',
data: JSON.stringify(json_parameters),
type: "POST"
});
I believe I need to set-up the JSON interceptor on my action, so I
added:
The problem is that this interceptor doesn't seem to be using the
-conversion.properties, so it throws an error when it tries to
instantiate the Record class:
java.lang.InstantiationException: com.bibliovigilance.model.Record
at java.lang.Class.newInstance(Class.java:368)
at
org.apache.struts2.json.JSONPopulator.convertToCollection(JSONPopulator.java:250)
I also tried removing the Record type in the List ( List
evaluatedRecords). But in this case the JSON deserialization of the
above mentioned ajax call will create a List evaluatedRecords with 1
element, but that element is a Map (I didn't investigate, but I suppose
it'll have id in the key and 10672 in the value).
How would we configure this correctly? Is it possible for the JSON
interceptor to be aware of the -conversion.properties? If not, what
alternatives do you envision?
Thanks!
Miguel
Re: Can you use type conversion with JSONInterceptor?
Thank you Lukasz! I will check if/how we can inject the converter there. If we manage to get it working in a way that helps the ticket resolution I'll also post the information there. On Sex, 2016-12-02 at 09:50 +0100, Lukasz Lenart wrote: > Hi, > > JSON plugin uses its own conversation mechanism, check JSONPopulator > but I think it should be possible to inject XWorkConverter and use it > to convert objects - this requires implementing your own > JSONPopulator. > > There is a task to do it so it should happen in Struts 2.5 ;-) > https://issues.apache.org/jira/browse/WW-3364 > > > Regards
Re: Can we use the decorator pattern in Actions?
I am resurrecting this very old thread to ask if there have been any
updates to struts itself to solve this.
I was reading some comments on this subject on stackoverflow and
recalled our discussion.
Lukasz - do you know of any developments within Struts in this area?
With regards to your original suggestion, I'm not sure I followed, since
"Thus must be implemented in each interceptor which interacts with
action base on interface (Preparable, ValidationAware, SessionAware,
etc)." sounded like all (or most) Struts interceptors would need to be
re-written.
Miguel
On Qui, 2012-10-04 at 08:05 +0200, Lukasz Lenart wrote:
> 2012/10/3 Miguel Almeida <mig...@almeida.at>:
> > I was speaking with Lukasz today about this, so I'm resurrecting this
> > old thread.
> >
> > The underlying question in my (rather extensive) post is:
> >
> > How can you perform the following decorator pattern:
> >
> > public OriginalAction implements Preparable,
> > SessionAware,OriginalActionInterface{
> >
> > public String someFunctionality(){
> >
> > }
> > }
> >
> > Decorate like:
> >
> > public DecoratedAction implements Preparable, SessionAware,etc{
> > private OriginalActionInterface originalAction; //inject
> > OriginalAction here
> > @Secured
> > public String someFunctionality(){
> > // do new stuff
> > orignalAction.someFunctionality();
> > }
> > }
> >
> > Issues:
> > 1) Your OriginalAction will probably rely on some objects injected by
> > struts (eg: session will probably be used). However, because
> > OriginalAction is now only decorating DecoratedAction...those objects
> > won't be automatically populated by Struts.
> >
> >
> > The only way I see it is to use Spring IoC to define these needed
> > objects in OriginalAction. But it would be neat if that was performed by
> > Struts.
> >
> > What are your thoughts on this?
> >
> >
> > Miguel Almeida
> >
> >
> > On Wed, 2012-05-16 at 11:22 +0100, Miguel Almeida wrote:
> >
> >> Imagine the scenario where you have security implemented at the action
> >> method level with an annotation:
> >>
> >> @Secured("someRole") restricts that action to that role (and it is
> >> checked with an interceptor).
> >>
> >> Discussing this on the TDD mailing list a while back, a decorator
> >> approach was suggested
> >>
> >> To separate concerns and ease up testing, authorization is implemented
> >> as a decorator (a-la GoF decorator pattern) adding authorization to the
> >> underlying (decorated) MVC app.
> >>
> >> The technique to getting there (see pseudo code in [1])
> >> 1. Extract an interface from your main class with all the public methods
> >> 2. Implement a decorator which adds authorization rules to a decorated
> >> underlying object. The decorator implements the authorization rules
> >> using annotations
> >> 3. in your tests, test the decorator providing a mock underlying
> >> decorated object, asserting in each test that given a request with a
> >> user that has certain roles the underlying method should or should not
> >> be called.
> >>
> >>
> >> As you see, tests would have a simple setup as you wouldn't be calling
> >> "the real, possible complicated action code", but the fake decorated
> >> one.
> >> The problem arises when you have superclasses (and maybe also when you
> >> implement interfaces). I exemplify with both.
> >>
> >> Imagine this:
> >> RealAction extends CommonAction implements IAction(){
> >> ...}
> >>
> >> CommonAction implements ServletRequestAware(){
> >> ...
> >> }
> >>
> >> AuthorizingDecorator implements IAction(){
> >> //injected decorated IAction, see [1]
> >> ...
> >> }
> >>
> >> Now, on a regular RealAction implementation, the request object exists:
> >> RealAction extends CommonAction, so the request is injected through its
> >> ServletRequestAware.
> >> If you're using the AuthorizingDecorator, however, the request will be
> >> null: RealAction will be injected, so Struts won't kick in to populate
> >> RealAction's request object.
> >>
> >>
> >> My question is: how would you go on and solve this? Or is the decorator
> >> approach impractical in Struts? I haven't even consider the necessity to
> >> implement every getter/setter on the
Apache Struts 2.3.35 Upgrade - backward incompatibility in s:if
We upgraded from 2.3.34 to 2.3.35 in one of our applications, but although the upgrade is described as backwards compatible, we found a problem in the UI. The simplified example is as follows. *Given* a JSP with: foo bar *And *scopesValues was previously set (, where scopes is a Listscopes in the action) *When* the List scopes has [Portuguese Things, XXX] *Then *the JSP will print: bar[Portuguese Things, XXX] If I revert to 2.3.34: *Then *the JSP will print: foo[Portuguese Things, XXX] What could be causing this? Since this breaks one of our pages we are now hesitant on what other places could break after the upgrade. Kind regards, Miguel
Re: Apache Struts 2.3.35 Upgrade - backward incompatibility in s:if
Thanks Lukasz, On Thu, Aug 30, 2018 at 10:03 AM Lukasz Lenart wrote: > czw., 30 sie 2018 o 10:40 Miguel Almeida > napisał(a): > > Out of curiosity, is the problem the conversion from List to XWorkList > > mentioned > > by Yasser > > < > https://issues.apache.org/jira/browse/WW-4954?focusedCommentId=16593382=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16593382 > > > > ? > > Yes, XWorkList lays in a excluded package that cannot be used directly > in OGNL expressions. > > > Follow up questions: > > > > 1. What is the expected impact of this change? On our previous upgrade > from > > 34 to 35 our risk assessment determined no risk, based on the assumption > > that the change was backwards compatible. Since it is not (and we need to > > perform the additional change in struts.xml), can you tell us if there is > > any area we should worry about when upgrading? > > Hard to say, we extended the excluded packages to prevent unknown > feature vulnerabilities that can use those classes. It wasn't caused > by any security report. So changing struts.xml shouldn't be a problem. > > > 2. Should the logs have shown this? With devMode=true, I see no > difference > > in the logs from 34 to 35 > > You should see a WARN from the SecurityMemberAccess class (devMode is > not needed) > > > 3. Is it possible to change the release notes to tell about this > > incompatibility? Going forward, is there a way to improve the > compatibility > > assessments? > > Yes, we can change them and not sure what do you mean improving the > compatibility assessments? > I mean being able to provide some more information in the release notes that allows to spot backward incompatibilities more easily. I know this is a lot easier said than done, but the end goal is to improve accuracy of the backward compatibility assessments. Regards, Miguel > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: Apache Struts 2.3.35 Upgrade - backward incompatibility in s:if
Hi Lukasz, Thanks for your answer. Yes, it seems related, adding this constant works around the issue. Out of curiosity, is the problem the conversion from List to XWorkList mentioned by Yasser <https://issues.apache.org/jira/browse/WW-4954?focusedCommentId=16593382=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16593382> ? Follow up questions: 1. What is the expected impact of this change? On our previous upgrade from 34 to 35 our risk assessment determined no risk, based on the assumption that the change was backwards compatible. Since it is not (and we need to perform the additional change in struts.xml), can you tell us if there is any area we should worry about when upgrading? 2. Should the logs have shown this? With devMode=true, I see no difference in the logs from 34 to 35 3. Is it possible to change the release notes to tell about this incompatibility? Going forward, is there a way to improve the compatibility assessments? Kind regards, Miguel On Thu, Aug 30, 2018 at 7:21 AM Lukasz Lenart wrote: > śr., 29 sie 2018 o 19:04 Miguel Almeida > napisał(a): > > *And *scopesValues was previously set ( > value="scopes">, where scopes is a Listscopes in the > action) > > It is probably related to this issue > > https://issues.apache.org/jira/browse/WW-4954?focusedCommentId=16593403=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16593403 > > You can temporary use the posted workaround but we will fix that in > incoming two minor releases. > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
