[
https://issues.apache.org/jira/browse/WW-4310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15724541#comment-15724541
]
Tran Anh Tung edited comment on WW-4310 at 12/9/16 4:32 AM:
------------------------------------------------------------
Struts version: 2.3.16.3
Filters:
AuthorizationFilter
StatisticFilter
{code:xml|title=web.xml}
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns="http://java.sun.com/xml/ns/javaee";
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; id="WebApp_ID" version="3.0"
metadata-complete="true">
<display-name>app</display-name>
<context-param>
<param-name>
org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG
</param-name>
<param-value>
/WEB-INF/tiles-def.xml
</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/spring/applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.apache.struts2.tiles.StrutsTilesListener
</listener-class>
</listener>
<filter>
<filter-name>EncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<filter>
<!-- Web form data log here -->
<filter-name>AuthorizationFilter</filter-name>
<filter-class>
com.app.filter.AuthorizationFilter
</filter-class>
</filter>
<filter>
<!-- Access log -->
<filter-name>StatisticFilter</filter-name>
<filter-class>com.app.filter.StatisticLogFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>StatisticFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>EncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<error-page>
<error-code>404</error-code>
<location>/jsp/error/error.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/jsp/error/error.jsp</location>
</error-page>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
{code}
I add Filters source code:
AuthorizationFilter
{code:java|title=AuthorizationFilter.java}
package com.app.filter;
import java.io.IOException;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import co.jp.nej.hsiharai.common.HsiharaiConstant;
import co.jp.nej.hsiharai.dto.UserInfoDto;
import co.jp.nej.hsiharai.framework.utils.CommonUtil;
import org.apache.log4j.Logger;
public class AuthorizationFilter implements Filter {
private Logger logger = Logger.getLogger(AuthorizationFilter.class);
/** Declare authoration filter name object */
private static final String INSTANCE_NAME = "authorizationFilter";
/** Declare page access denied uri */
private static final String PAGE_ACCESS_DENIED = "accessDeniedAct";
/** Declare role map object */
private Map userRoleMap;
/** Declare delegate filter object */
private AuthorizationFilter delegate;
/** Declare filter config */
private FilterConfig filterConfig;
/** Declare css extension character */
private static final String CSS_SUFFIX = ".css";
/** Declare js extension character */
private static final String JS_SUFFIX = ".js";
/** Declare png extension character */
private static final String PNG_SUFFIX = ".png";
/** Declare png extension character */
private static final String GIF_SUFFIX = ".gif";
/** Declare html extension character */
private static final String HTML_SUFFIX = ".html";
/** Declare html extension character */
private static final String JSP_SUFFIX = ".jsp";
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException
{
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpServletRequest httpRequest = (HttpServletRequest) request;
// Get current uri
String uri = httpRequest.getRequestURI();
String requestUrl = httpRequest.getRequestURL().toString();
logger.info("RequestURL : " + requestUrl);
if (!requestUrl.endsWith(CSS_SUFFIX)
&& !requestUrl.endsWith(JS_SUFFIX)
&& !requestUrl.endsWith(PNG_SUFFIX)
&& !requestUrl.endsWith(GIF_SUFFIX)
&& !requestUrl.endsWith(HTML_SUFFIX)
)
{
HttpSession session = httpRequest.getSession();
UserInfoDto userInfoDto = (UserInfoDto)
session.getAttribute(HsiharaiConstant.Context.USERINFO);
String userId = "NOT_LOGIN_USER";
if (userInfoDto != null)
{
userId = userInfoDto.getLoginId();
}
StringBuilder sb = new StringBuilder();
httpRequest.setCharacterEncoding("UTF-8");
Enumeration<String> headerNames = httpRequest.getParameterNames();
while (headerNames.hasMoreElements())
{
String key = (String) headerNames.nextElement();
String value = httpRequest.getParameter(key);
sb.append("\"" + key + "\" : \"" + "\"" + value + "\",");
}
logger.info(userId + " _ " + "Webform data: {" + sb.toString() +
"}");
}
// Declare access boolean
boolean isAccess = false;
if (uri.endsWith("menuAct")){
String[] back = httpRequest.getParameterMap().get("back");
if (back != null && back.length > 0 && "true".equals(back[0])){
HttpSession session = httpRequest.getSession();
UserInfoDto userInfoDto = (UserInfoDto)
session.getAttribute(HsiharaiConstant.Context.USERINFO);
if (CommonUtil.isNull(userInfoDto)) {
httpResponse.sendRedirect(HsiharaiConstant.Action.TIMEOUT_ACTION);
return;
}
}
}
if (!uri.endsWith("menuAct") &&
!uri.endsWith("/Hsiharai/") &&
!uri.endsWith("login") &&
!uri.endsWith("home") &&
!uri.endsWith(CSS_SUFFIX) &&
!uri.endsWith(JS_SUFFIX) &&
!uri.endsWith(PNG_SUFFIX) &&
!uri.endsWith(HTML_SUFFIX) &&
!uri.endsWith(GIF_SUFFIX) &&
!uri.endsWith(PAGE_ACCESS_DENIED) &&
!uri.endsWith(JSP_SUFFIX) &&
!uri.endsWith(HsiharaiConstant.Action.TIMEOUT_ACTION)) {
// If not load delegate then load
if (delegate == null) {
initDelegate();
}
HttpSession session = httpRequest.getSession();
// Check session and userRoleMap valid
if (CommonUtil.isNull(session)) {
throw new ServletException("Session is invalid");
}
// Get user information.
UserInfoDto userInfoDto = (UserInfoDto)
session.getAttribute(HsiharaiConstant.Context.USERINFO);
if (CommonUtil.isNull(userInfoDto)) {
httpResponse.sendRedirect(HsiharaiConstant.Action.TIMEOUT_ACTION);
return;
} else {
UserInfoDto userContext = (UserInfoDto)
delegate.getUserRoleMap().get(userInfoDto.getProfileName());
if (CommonUtil.isNull(userContext)) {
processAccessDenied(httpRequest, (HttpServletResponse)
response);
return;
}
// Check access page by profile.
if (!CommonUtil.isNull(this.getUserRoleMap())) {
List<String> listPageAccess =
userContext.getListPageAccess();
int listPageAccessSize = listPageAccess.size();
for (int i = 0; i < listPageAccessSize; i++) {
if (uri.endsWith(listPageAccess.get(i))) {
isAccess = true;
break;
}
}
}
if (!isAccess) {
processAccessDenied(httpRequest, (HttpServletResponse)
response);
return;
}
}
}
chain.doFilter(request, response);
if (!CommonUtil.isNull(httpResponse.getContentType()) &&
!httpResponse.isCommitted() &&
!httpResponse.getContentType().equals("application/vnd.ms-excel")) {
httpResponse.setHeader("Cache-Control", "no-cache"); // HTTP 1.1
httpResponse.setHeader("Pragma", "no-cache"); // HTTP 1.0
httpResponse.setHeader("Expires", "-1"); // Prevents caching at the
proxy server
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
// If not load delegate then load
if (delegate == null) {
initDelegate();
}
}
/**
* Init delegate and properties values
*
* @throws ServletException
*/
private final void initDelegate() throws ServletException {
WebApplicationContext wac =
WebApplicationContextUtils.getRequiredWebApplicationContext(this.filterConfig
.getServletContext());
this.delegate = (AuthorizationFilter) wac.getBean(INSTANCE_NAME);
this.setUserRoleMap(delegate.getUserRoleMap());
}
/**
* Process when user don't have permission access this page
*
* @param httpRequest
* @throws IOException
* @throws ServletException
*/
private void processAccessDenied(HttpServletRequest httpRequest,
HttpServletResponse httpResponse)
throws ServletException, IOException {
httpResponse.sendRedirect(PAGE_ACCESS_DENIED);
}
/**
* @return the userRoleMap
*/
public Map getUserRoleMap() {
return userRoleMap;
}
/**
* @param userRoleMap
* the userRoleMap to set
*/
public void setUserRoleMap(Map userRoleMap) {
this.userRoleMap = userRoleMap;
}
}
{code}
StatisticLogFilter
{code:java|title=StatisticLogFilter.java}
package com.app.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import co.jp.nej.hsiharai.common.HsiharaiConstant;
import co.jp.nej.hsiharai.dto.UserInfoDto;
/**
* Class implement statistic log filter when access to page
*
*/
public class StatisticLogFilter implements Filter {
/** Declare logger object */
private Logger logger = Logger.getLogger(StatisticLogFilter.class);
/** Declare access page name character */
private static final String ACCESS_PAGE = "[ACCESS] Page name:";
/** Declare css extension character */
private static final String CSS_SUFFIX = ".css";
/** Declare js extension character */
private static final String JS_SUFFIX = ".js";
/** Declare png extension character */
private static final String PNG_SUFFIX = ".png";
/** Declare png extension character */
private static final String GIF_SUFFIX = ".gif";
/** Declare html extension character */
private static final String HTML_SUFFIX = ".html";
/**
* Destroy.
*/
public void destroy() {
}
/**
* Do filter.
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException,
ServletException {
// Get url.
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpSession session = httpRequest.getSession();
UserInfoDto userInfoDto = (UserInfoDto)
session.getAttribute(HsiharaiConstant.Context.USERINFO);
String userId = "NOT_LOGIN_USER";
if (userInfoDto != null)
{
userId = userInfoDto.getLoginId();
}
// Write log
String requestUrl = httpRequest.getRequestURL().toString();
if (!requestUrl.endsWith(CSS_SUFFIX)
&& !requestUrl.endsWith(JS_SUFFIX)
&& !requestUrl.endsWith(PNG_SUFFIX)
&& !requestUrl.endsWith(GIF_SUFFIX)
&& !requestUrl.endsWith(HTML_SUFFIX)
)
{
logger.info( userId + ":" + ACCESS_PAGE + requestUrl);
}
chain.doFilter(request, response);
}
/**
* Initialize filter.
*/
public void init(FilterConfig chain) throws ServletException {
}
}
{code}
And one more thing, in Action file have this null check
{code:java|title=Action.java}
if (isNullOrEmpty(this.getActionType())) {
//do some logic
}
public static boolean isNullOrEmpty(String str) {
return str == null ? true : (str.equals("" ? true : false);
}
{code}
{{this.getActionType()}} is null, but when i read the log, it show that {{some
logic}} still was executed.
was (Author: trananhtung30):
Struts version: 2.3.16.3
Filters:
AuthorizationFilter
StatisticFilter
{code:xml|title=web.xml}
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns="http://java.sun.com/xml/ns/javaee";
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; id="WebApp_ID" version="3.0"
metadata-complete="true">
<display-name>app</display-name>
<context-param>
<param-name>
org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG
</param-name>
<param-value>
/WEB-INF/tiles-def.xml
</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/spring/applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.apache.struts2.tiles.StrutsTilesListener
</listener-class>
</listener>
<filter>
<filter-name>EncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<filter>
<!-- Web form data log here -->
<filter-name>AuthorizationFilter</filter-name>
<filter-class>
com.app.filter.AuthorizationFilter
</filter-class>
</filter>
<filter>
<!-- Access log -->
<filter-name>StatisticFilter</filter-name>
<filter-class>com.app.filter.StatisticLogFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>StatisticFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>EncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<error-page>
<error-code>404</error-code>
<location>/jsp/error/error.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/jsp/error/error.jsp</location>
</error-page>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
{code}
> All form submission failed due to ognl.OgnlException: target is null for
> setProperty
> ------------------------------------------------------------------------------------
>
> Key: WW-4310
> URL: https://issues.apache.org/jira/browse/WW-4310
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors, Expression Language, Integration
> Affects Versions: 2.3.15.1
> Environment: IBM AIX 6.1.0.0
> Websphere Application server 7.0.0.21
> Websphere Portal server 7.0.0.2
> Reporter: chenlin
> Fix For: Future
>
>
> Hi Lukasz Lenart ,
> We are using struts-portlet framework in Websphere Portal server clustering (
> 1 Deploy Manager and 4 Portal servers instances) in production.
> Currently there is one issue happen in one of 4 servers randomly. The
> exception is showing login form in set Property is null in one server, but at
> that time other 3 servers are working fine. This issue can happen in any one
> of 4 servers in our production environment. We have also raised few PMR to
> IBM team for this issue. But IBM said it is not caused by them. We need
> your help to check if any possible way to cause this issue in struts.
> If possible, pls share us your avaliable timing and contact, we would like to
> have a call with you and IBM support to identify root cause.
>
> ===IBM response=============
> When I refer the past PMR ( 18484,000,834) we shared on all the findings and
> waiting for your Application team feedback, as such I don't think any
> further action pending on IBM Support end. do check with Application team
> and can we ask Application team not using
> the code what Application team using is not an IBM API / service code "
>
> com.opensymphony.xwork2.util.logging.commons.CommonsLogger" , good to
> check with Application team to discuss with respective vender.
>
> The above error code from strut's application code, check with Application
> support and ask them to explore further.
> As I hope we all are in same page now, as PMR 20364,000,834 & PMR
> 18184,000,834 - findings Pointing same struts2 loging function, even
> application team explore why they enabled this log ? ,how this impacted the
> Application Interface page with user login error.
> =====Error Log========
> [3/18/14 1:58:12:142 GMT+08:00] 00000062 OgnlValueStac W
> com.opensymphony.xwork2.util.logging.commons.CommonsLogger warn Error setting
> expression 'loginForm.userId' with value '[Ljava.lang.String;@1560156'
> ognl.OgnlException: target is null for
> setProperty(null, "userId", [Ljava.lang.String;@1560156)
> at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:2326)
> at ognl.ASTProperty.setValueBody(ASTProperty.java:127)
> at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220)
> at ognl.SimpleNode.setValue(SimpleNode.java:301)
> at ognl.ASTChain.setValueBody(ASTChain.java:227)
> at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220)
> at ognl.SimpleNode.setValue(SimpleNode.java:301)
> at ognl.Ognl.setValue(Ognl.java:737)
> at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:234)
> at
> com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:183)
> at
> com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:170)
> at
> com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:148)
> at
> com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:318)
> at
> com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:231)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
