Aw: Re: Struts 7: error when "s:action" is used on jsp page and jsp is invoked directly in browser
Done: https://issues.apache.org/jira/browse/WW-5475 Best regards Wolfgang > Gesendet: Sonntag, 20. Oktober 2024 um 11:17 > Von: "Lukasz Lenart" > An: "Struts Users Mailing List" > Betreff: Re: Struts 7: error when "s:action" is used on jsp page and jsp is invoked directly in browser > > niedz., 20 paź 2024 o 11:14 Wolfgang Knauf > napisał(a): > > > > OK, I see. Thanks for the clarification. > > > > Is there any chance to improve the error message or detect this > > situation? You wrote that this is a recommendation, and it worked with > > the old version. But the exception does not point to anything helpful > > for analysing this. > > Sure, feel free to register a bug, I can add a better error message > when direct access to JSP is detected > > > Cheers > Łukasz > > - > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: Struts 7: error when "s:action" is used on jsp page and jsp is invoked directly in browser
niedz., 20 paź 2024 o 11:14 Wolfgang Knauf napisał(a): > > OK, I see. Thanks for the clarification. > > Is there any chance to improve the error message or detect this > situation? You wrote that this is a recommendation, and it worked with > the old version. But the exception does not point to anything helpful > for analysing this. Sure, feel free to register a bug, I can add a better error message when direct access to JSP is detected Cheers Łukasz - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: Struts 7: error when "s:action" is used on jsp page and jsp is invoked directly in browser
OK, I see. Thanks for the clarification.
Is there any chance to improve the error message or detect this
situation? You wrote that this is a recommendation, and it worked with
the old version. But the exception does not point to anything helpful
for analysing this.
Best regards
Wolfgang
Am 20.10.24 um 11:02 schrieb Lukasz Lenart:
sob., 19 paź 2024 o 15:18 Wolfgang Knauf
napisał(a):
I have a "index.jsp" and invoke an action using "s:action" tag, then render data from this action.
In the browser I navigate to this jsp direcly ("http://localhost/index.jsp"; instead of browsing to
".../index.action").
This is against our security recommendations and acceccing JSPs
directly won't be supported because in such case all the framework
guards are omitted
https://struts.apache.org/security/#never-expose-jsp-files-directly
Cheers
Łukasz
-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Re: Struts 7: error when "s:action" is used on jsp page and jsp is invoked directly in browser
sob., 19 paź 2024 o 15:18 Wolfgang Knauf
napisał(a):
> I have a "index.jsp" and invoke an action using "s:action" tag, then render
> data from this action. In the browser I navigate to this jsp direcly
> ("http://localhost/index.jsp"; instead of browsing to ".../index.action").
This is against our security recommendations and acceccing JSPs
directly won't be supported because in such case all the framework
guards are omitted
https://struts.apache.org/security/#never-expose-jsp-files-directly
Cheers
Łukasz
-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Struts 7: error when "s:action" is used on jsp page and jsp is invoked directly in browser
I have a "index.jsp" and invoke an action using "s:action" tag, then render
data from this action. In the browser I navigate to this jsp direcly
("http://localhost/index.jsp"; instead of browsing to ".../index.action").
Snippet from my JSP:
...
This works with Struts 2. But when migrating this to Struts 7M7, this error is
reported:
15:02:27,233 ERROR [io.undertow.request] (default task-1) UT005023: Exception
handling request to /Struts7Sample/: org.apache.jasper.JasperException:
java.lang.NullPointerException: Cannot invoke
"com.opensymphony.xwork2.ActionInvocation.getProxy()" because "invocation" is
null
at
[email protected]//org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:461)
at
[email protected]//org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:403)
at
[email protected]//org.apache.jasper.servlet.JspServlet.service(JspServlet.java:347)
at
[email protected]//jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614)
at
[email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at
[email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
deployment.Struts7Sample.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.handleRequest(StrutsPrepareAndExecuteFilter.java:160)
at
deployment.Struts7Sample.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.tryHandleRequest(StrutsPrepareAndExecuteFilter.java:146)
at
deployment.Struts7Sample.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:134)
at
[email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
at
[email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
[email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
[email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
[email protected]//io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
at
[email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at
[email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
[email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68)
at
[email protected]//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103)
at
[email protected]//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161)
at
[email protected]//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73)
at
[email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67)
at
[email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at
[email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
at
[email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
[email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
[email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
[email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
[email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
org.wildfly.security.elytron-web.undertow-server-servlet@4.1.0.Final//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
at
io.under
