[jira] [Commented] (WW-4934) Redirect to wrong port after upgrade from 2.3.24 to 2.3.32

Wed, 18 Apr 2018 09:09:25 -0700 

    [ 
https://issues.apache.org/jira/browse/WW-4934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16442762#comment-16442762
 ] 

Yasser Zamani commented on WW-4934:
-----------------------------------

That access is excluded due to security. Instead, could you try

{code:java}
//add this to your action
public string getReferer(){
return getRequete().getHeader("referer");
}
{code}

then

{code:xml}
<result type="redirect">${referer}</result>
{code}

> Redirect to wrong port after upgrade from 2.3.24 to 2.3.32
> ----------------------------------------------------------
>
>                 Key: WW-4934
>                 URL: https://issues.apache.org/jira/browse/WW-4934
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core Results, Other, XML Configuration
>    Affects Versions: 2.3.32
>         Environment: Java : 1.5
> Server : Websphere 6.1
>            Reporter: Shailesh
>            Priority: Blocker
>              Labels: struts2
>
> Recently we upgraded our struts version from 2.3.24 to 2.3.32, as old version 
> has some vulnerabilities. After upgration there were some issues, but we 
> manage to fix them somehow. But there is still one issue pending that it is 
> for redirect.
> {code:java}
> <action name="multisiteChangeAction" 
> class="com.inetpsa.aga.web.actions.PdvAction" method="multisiteChangeAction">
> <result type="redirect">${requete.getHeader("referer")}</result>
> </action>{code}
> where requete is HttpServletRequest object, it has getter method also.
> Before upgradtion this thing was working fine. But now its not working, after 
> redirect, *port is getting added in url,* so it fails.
> e.g. 
> [http://agenda.host.com|http://agenda.host.com/] redirects to 
> http://agenda.host.com:9082
> In logs we found 
>  
> {code:java}
> [17/04/18 11:14:46:238 CEST] 0000002f SystemErr     R 2018-04-17 11:14:46,238 
>  WARN (com.opensymphony.xwork2.ognl.SecurityMemberAccess:64) - Package of 
> target [org.apache.struts2.dispatcher.StrutsRequestWrapper@79f979f9] or 
> package of member [public java.lang.String 
> javax.servlet.http.HttpServletRequestWrapper.getHeader(java.lang.String)] are 
> excluded!{code}
>  
> We also tried 
> {code:java}
> <action name="multisiteChangeAction" 
> class="com.inetpsa.aga.web.actions.PdvAction" method="multisiteChangeAction">
> <result type="redirect">/planningReceptionnaire.action</result>
> </action>{code}
> In this case, above warn is not printed in log, but it didnt worl
> So plewase can you help me to fix this issue.
> Thank you.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to