Jon Pulice created WW-5498:
------------------------------
Summary: <s:token /> with devMode enabled causes actionError
Key: WW-5498
URL: https://issues.apache.org/jira/browse/WW-5498
Project: Struts 2
Issue Type: Bug
Affects Versions: 6.7.0
Reporter: Jon Pulice
When we upgraded Struts to 6.7.0, any form with a <s:token /> field now fails
to submit as a result of an actionError only when devMode is enabled
We see the following error in the logs:
{noformat}
ERROR org.apache.struts2.interceptor.parameter.ParametersInterceptor -
Developer Notification (set struts.devMode to false to disable this message):
Unexpected Exception caught setting 'token' on 'class com.example.TestAction:
Error setting expression 'token' with value
['XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', ]
{noformat}
And the following actionError
{noformat}
Developer Notification (set struts.devMode to false to disable this message):
Unexpected Exception caught setting 'token' on 'class com.example.TestAction:
Error setting expression 'token' with value
['XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', ]
{noformat}
If devMode is disabled, then no exception is logged and there are no issues.
In Struts 6.4.0, the behaviour was different. The exception is still reported
in the logs when devMode is enabled, but instead of an actionError being added
that prevents form submission, an actionMessage is created:
{noformat}
[Error setting expression 'token' with value
['XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', ]]
{noformat}
I don't think the Action need to be aware of the token value since the
TokenInterceptor is handling the validation/logic.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
