[
https://issues.apache.org/jira/browse/WW-5194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart updated WW-5194:
------------------------------
Fix Version/s: 6.0.1
> UIBean.evaluateParams() throws an IllegalStateException when getting the
> nonce out of a session that has been invalidated.
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: WW-5194
> URL: https://issues.apache.org/jira/browse/WW-5194
> Project: Struts 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 6.0.0
> Reporter: Joseph Wolschon
> Priority: Minor
> Labels: UIBean
> Fix For: 6.0.1
>
>
> h2. Summary
> UIBean.evaluateParams() grabs the nonce out of the session without first
> checking that it exists, causing an IllegalStateException to be thrown if the
> session has been invalidated. This breaks our use case where we invalidate a
> session, but still want to use ActionError to convey information to the user.
> It doesn't appear that this change relates to removing double evaluations, so
> I would consider this a regression.
> h2. Triage
> This was introduced when [refactoring to fix double
> evaluations|https://github.com/apache/struts/commit/b2bfdc5c88a13e82d647e7ae836089a12ce001fe#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caL900]:
> {noformat}
> Object nonceValue = session != null ? session.get("nonce") : null;
> if (nonceValue != null){
> addParameter("nonce", nonceValue.toString());
> }{noformat}
> The previous previous revision first checks that the key exists before
> attempting to pull it out:
> {noformat}
> if (session.containsKey("nonce")) {
> String nonceValue = session.get("nonce").toString();
> addParameter("nonce", nonceValue);
> }
> {noformat}
> h2. Proposed Fix
> Revert to the previous revision and first check that the session contains the
> nonce before getting it from the session.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
