Re: [VOTE] Apache Struts 6.6.0
Works great for me. Thanks. [x] General Availability (GA) B On 06/08/2024 05:47, Lukasz Lenart wrote: Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA)
Re: [TEST] Apache Struts 6.6.0 test build is ready
Sorry, please ignore previous emails, I went back in my logs and found the same errors. Fixed it by updating my crusty code.😳 <%@ include file="/WEB-INF/jsps/taglibs-struts2.jsp" %> <% pageContext.setAttribute("version",my.model.MyFactory.getMe().getVersion()); pageContext.setAttribute("revision",my.model.MyFactory.getMe().getRevision()); pageContext.setAttribute("",my.model.MyFactory.getMe().getCurrentYear());%> Copyright © value="#attr." />value="#attr.revision" /> On 20/07/2024 07:52, Lukasz Lenart wrote: Hello, This is another minor version of Struts 6.x series. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_6_6_0 Staging Maven repo https://repository.apache.org/content/groups/staging/ Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/6.6.0/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.6.0 Kind regards -- Łukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 6.6.0 test build is ready
May have been some formatting on previous mail, here it is again 2024-07-20 09:39:59,406 WARN org.apache.struts2.interceptor.TokenSessionStoreInterceptor TokenSessionStoreInterceptor:handleInvalidToken - testHandleInvalidToken 2024-07-20 09:39:59,535 WARN com.opensymphony.xwork2.ognl.OgnlValueStack OgnlValueStack:logLookupFailure - Caught an exception while evaluating expression '#request.' against value stack java.lang.IllegalStateException: The request object has been recycled and is no longer associated with this facade at org.apache.catalina.connector.RequestFacade.checkFacade(RequestFacade.java:856) ~[catalina.jar:9.0.91] at org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:245) ~[catalina.jar:9.0.91] at javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) ~[servlet-api.jar:4.0.FR] at javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) ~[servlet-api.jar:4.0.FR] at javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) ~[servlet-api.jar:4.0.FR] at javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) ~[servlet-api.jar:4.0.FR] at org.apache.struts2.dispatcher.StrutsRequestWrapper.getAttribute(StrutsRequestWrapper.java:81) ~[classes/:?] at org.apache.struts2.dispatcher.RequestMap.get(RequestMap.java:102) ~[classes/:?] at ognl.MapPropertyAccessor.getProperty(MapPropertyAccessor.java:76) ~[ognl-3.3.5.jar:?] at com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor.getProperty(XWorkMapPropertyAccessor.java:79) ~[classes/:?] at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:3354) ~[ognl-3.3.5.jar:?] at ognl.ASTProperty.getValueBody(ASTProperty.java:121) ~[ognl-3.3.5.jar:?] at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) ~[ognl-3.3.5.jar:?] at ognl.SimpleNode.getValue(SimpleNode.java:258) ~[ognl-3.3.5.jar:?] at ognl.ASTChain.getValueBody(ASTChain.java:141) ~[ognl-3.3.5.jar:?] at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) ~[ognl-3.3.5.jar:?] at ognl.SimpleNode.getValue(SimpleNode.java:258) ~[ognl-3.3.5.jar:?] at ognl.Ognl.getValue(Ognl.java:586) ~[ognl-3.3.5.jar:?] at com.opensymphony.xwork2.ognl.OgnlUtil.ognlGet(OgnlUtil.java:596) ~[classes/:?] at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:576) ~[classes/:?] at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:412) ~[classes/:?] at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:346) [classes/:?] at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:333) [classes/:?] at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:313) [classes/:?] at org.apache.struts2.components.Component.findValue(Component.java:302) [classes/:?] at org.apache.struts2.components.Param.end(Param.java:126) [classes/:?] at org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:38) [classes/:?] at org.apache.jsp.WEB_002dINF.jsps.tiles.footer_jsp._jspx_meth_s_005fparam_005f0(footer_jsp.java:228) [work/:?] at org.apache.jsp.WEB_002dINF.jsps.tiles.footer_jsp._jspx_meth_s_005ftext_005f0(footer_jsp.java:190) [work/:?] at org.apache.jsp.WEB_002dINF.jsps.tiles.footer_jsp._jspService(footer_jsp.java:149) [work/:?] at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:67) [jasper.jar:9.0.91] at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) [servlet-api.jar:?] footer.jsp <%@ include file="/WEB-INF/jsps/taglibs-struts2.jsp" %> <% request.setAttribute("version",my.model.MyFactory.getMe().getVersion()); request.setAttribute("revision",my.model.MyFactory.getMe().getRevision()); request.setAttribute("",my.model.MyFactory.getMe().getCurrentYear()); %> Copyright © value="#request." />value="#request.revision" /> On 20/07/2024 07:52, Lukasz Lenart wrote: Hello, This is another minor version of Struts 6.x series. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_6_6_0 Staging Maven repo https://repository.apache.org/content/groups/staging/ Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/6.6.0/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.6.0 Kind regards -- Łukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 6.6.0 test build is ready
I am looking into duplicate session postings (circular nulls in TokenSessionStoreInterceptor by refresh post) in my app, and noticed this now in the tomcat log 2024-07-20 09:39:59,406 WARN org.apache.struts2.interceptor.TokenSessionStoreInterceptor TokenSessionStoreInterceptor:handleInvalidToken - testHandleInvalidToken 2024-07-20 09:39:59,535 WARN com.opensymphony.xwork2.ognl.OgnlValueStack OgnlValueStack:logLookupFailure - Caught an exception while evaluating expression '#request.' against value stack java.lang.IllegalStateException: The request object has been recycled and is no longer associated with this facade at org.apache.catalina.connector.RequestFacade.checkFacade(RequestFacade.java:856) ~[catalina.jar:9.0.91] at org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:245) ~[catalina.jar:9.0.91] at javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) ~[servlet-api.jar:4.0.FR] at javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) ~[servlet-api.jar:4.0.FR] at javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) ~[servlet-api.jar:4.0.FR] at javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) ~[servlet-api.jar:4.0.FR] at org.apache.struts2.dispatcher.StrutsRequestWrapper.getAttribute(StrutsRequestWrapper.java:81) ~[classes/:?] at org.apache.struts2.dispatcher.RequestMap.get(RequestMap.java:102) ~[classes/:?] at ognl.MapPropertyAccessor.getProperty(MapPropertyAccessor.java:76) ~[ognl-3.3.5.jar:?] at com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor.getProperty(XWorkMapPropertyAccessor.java:79) ~[classes/:?] at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:3354) ~[ognl-3.3.5.jar:?] at ognl.ASTProperty.getValueBody(ASTProperty.java:121) ~[ognl-3.3.5.jar:?] at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) ~[ognl-3.3.5.jar:?] at ognl.SimpleNode.getValue(SimpleNode.java:258) ~[ognl-3.3.5.jar:?] at ognl.ASTChain.getValueBody(ASTChain.java:141) ~[ognl-3.3.5.jar:?] at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) ~[ognl-3.3.5.jar:?] at ognl.SimpleNode.getValue(SimpleNode.java:258) ~[ognl-3.3.5.jar:?] at ognl.Ognl.getValue(Ognl.java:586) ~[ognl-3.3.5.jar:?] at com.opensymphony.xwork2.ognl.OgnlUtil.ognlGet(OgnlUtil.java:596) ~[classes/:?] at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:576) ~[classes/:?] at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:412) ~[classes/:?] at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:346) [classes/:?] at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:333) [classes/:?] at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:313) [classes/:?] at org.apache.struts2.components.Component.findValue(Component.java:302) [classes/:?] at org.apache.struts2.components.Param.end(Param.java:126) [classes/:?] at org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:38) [classes/:?] at org.apache.jsp.WEB_002dINF.jsps.tiles.footer_jsp._jspx_meth_s_005fparam_005f0(footer_jsp.java:228) [work/:?] at org.apache.jsp.WEB_002dINF.jsps.tiles.footer_jsp._jspx_meth_s_005ftext_005f0(footer_jsp.java:190) [work/:?] at org.apache.jsp.WEB_002dINF.jsps.tiles.footer_jsp._jspService(footer_jsp.java:149) [work/:?] The footer.jsp />/> Are there any changes made on this version that would cause this? On 20/07/2024 07:52, Lukasz Lenart wrote: Hello, This is another minor version of Struts 6.x series. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_6_6_0 Staging Maven repo https://repository.apache.org/content/groups/staging/ Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/6.6.0/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.6.0 Kind regards -- Łukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M7 test build is ready
Going through my parameters, as I share alot of screens in various parts with different requirements, a struts.xml version on the action, similar to save,publish,expire would work well here ie path,filter public String getPath() { return path; } public String getFilter() { return filter; } Just an idea. On 18/06/2024 08:57, Kusal Kithul-Godage wrote: Yeah good call I'll look into it On Tue, Jun 18, 2024 at 5:54 PM Greg Huber wrote: OK thanks. Can the logging be the same others - Developer Notification rather than changing the debug level? ie for a bad date I get 024-06-18 08:24:53,696 WARN org.apache.struts2.components.Date Date:end - Developer Notification (set struts.devMode to false to disable this message): Expression [bean.created] passed to tag which was evaluated to [null](null) isn't supported! On 18/06/2024 08:34, Kusal Kithul-Godage wrote: Good questions The log messages for these are at the debug level so you will need to enable logging at the debug level to see these. This was a deliberate decision as otherwise bad actors would be able to flood your application logs. The annotations should only target Action class methods. If you are using a bean (also known as a form DTO), you only need to annotate the getter method on the Action class that returns that bean (and with an appropriate depth limit). If you add `@StrutsParameter(depth = 99)` to every getter/setter method on every Action class, it is indeed equivalent to disabling the capability entirely. So the annotation exists to prevent your application users from invoking any arbitrary getter/setter on your Action classes as they have been able to do in Struts 6 and earlier. Also feel free to have a read of this section if you haven't had a chance too: https://struts.apache.org/security/#defining-and-annotating-your-action-parameters On Tue, Jun 18, 2024 at 5:22 PM Greg Huber wrote: For the |struts.parameters.requireAnnotations=||true| If I test my action, there are no log messages for these. ie missing @StrutsParameter. It also says Action class, what if I have a bean in the action class, do I need to do these also? If I add them to every field/bean is this the same as setting it false? ie what does @StrutsParameter do? On 18/06/2024 07:44, Kusal Kithul-Godage wrote: I've fleshed out the Security section of the migration guide. Open to any feedback on anything that is still unclear. https://cwiki.apache.org/confluence/x/wYp3EQ On Mon, Jun 17, 2024 at 8:14 PM Kusal Kithul-Godage wrote: Ah right - yep no objections here Based on the feedback in this thread, I'm working on a minor enhancement for the allowlisting capability which will allow it to continue working at a lesser strictness in environments where Hibernate entities are used. I'll target M8 for this as well as the updated documentation On Mon, Jun 17, 2024 at 8:07 PM Lukasz Lenartwrote: pon., 17 cze 2024 o 11:00 Kusal Kithul-Godage napisał(a): When you say release officially do you mean as the final Struts 7.0.0? I meant release -> publish as M7 in the Maven Central - in such a case we can spread testing to other users as they can use official artifacts. Regards Lukasz - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org For additional commands,e-mail:dev-h...@struts.apache.org - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org For additional commands,e-mail:dev-h...@struts.apache.org - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org For additional commands,e-mail:dev-h...@struts.apache.org - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M7 test build is ready
OK thanks. Can the logging be the same others - Developer Notification rather than changing the debug level? ie for a bad date I get 024-06-18 08:24:53,696 WARN org.apache.struts2.components.Date Date:end - Developer Notification (set struts.devMode to false to disable this message): Expression [bean.created] passed to tag which was evaluated to [null](null) isn't supported! On 18/06/2024 08:34, Kusal Kithul-Godage wrote: Good questions The log messages for these are at the debug level so you will need to enable logging at the debug level to see these. This was a deliberate decision as otherwise bad actors would be able to flood your application logs. The annotations should only target Action class methods. If you are using a bean (also known as a form DTO), you only need to annotate the getter method on the Action class that returns that bean (and with an appropriate depth limit). If you add `@StrutsParameter(depth = 99)` to every getter/setter method on every Action class, it is indeed equivalent to disabling the capability entirely. So the annotation exists to prevent your application users from invoking any arbitrary getter/setter on your Action classes as they have been able to do in Struts 6 and earlier. Also feel free to have a read of this section if you haven't had a chance too: https://struts.apache.org/security/#defining-and-annotating-your-action-parameters On Tue, Jun 18, 2024 at 5:22 PM Greg Huber wrote: For the |struts.parameters.requireAnnotations=||true| If I test my action, there are no log messages for these. ie missing @StrutsParameter. It also says Action class, what if I have a bean in the action class, do I need to do these also? If I add them to every field/bean is this the same as setting it false? ie what does @StrutsParameter do? On 18/06/2024 07:44, Kusal Kithul-Godage wrote: I've fleshed out the Security section of the migration guide. Open to any feedback on anything that is still unclear. https://cwiki.apache.org/confluence/x/wYp3EQ On Mon, Jun 17, 2024 at 8:14 PM Kusal Kithul-Godage wrote: Ah right - yep no objections here Based on the feedback in this thread, I'm working on a minor enhancement for the allowlisting capability which will allow it to continue working at a lesser strictness in environments where Hibernate entities are used. I'll target M8 for this as well as the updated documentation On Mon, Jun 17, 2024 at 8:07 PM Lukasz Lenart wrote: pon., 17 cze 2024 o 11:00 Kusal Kithul-Godage napisał(a): When you say release officially do you mean as the final Struts 7.0.0? I meant release -> publish as M7 in the Maven Central - in such a case we can spread testing to other users as they can use official artifacts. Regards Lukasz - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org For additional commands,e-mail:dev-h...@struts.apache.org - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org For additional commands,e-mail:dev-h...@struts.apache.org - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M7 test build is ready
For the |struts.parameters.requireAnnotations=||true| If I test my action, there are no log messages for these. ie missing @StrutsParameter. It also says Action class, what if I have a bean in the action class, do I need to do these also? If I add them to every field/bean is this the same as setting it false? ie what does @StrutsParameter do? On 18/06/2024 07:44, Kusal Kithul-Godage wrote: I've fleshed out the Security section of the migration guide. Open to any feedback on anything that is still unclear. https://cwiki.apache.org/confluence/x/wYp3EQ On Mon, Jun 17, 2024 at 8:14 PM Kusal Kithul-Godage wrote: Ah right - yep no objections here Based on the feedback in this thread, I'm working on a minor enhancement for the allowlisting capability which will allow it to continue working at a lesser strictness in environments where Hibernate entities are used. I'll target M8 for this as well as the updated documentation On Mon, Jun 17, 2024 at 8:07 PM Lukasz Lenart wrote: pon., 17 cze 2024 o 11:00 Kusal Kithul-Godage napisał(a): When you say release officially do you mean as the final Struts 7.0.0? I meant release -> publish as M7 in the Maven Central - in such a case we can spread testing to other users as they can use official artifacts. Regards Lukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M7 test build is ready
These work for me also: Looks good. On 16/06/2024 17:58, Kusal Kithul-Godage wrote: Hi Burton The migration guide incorrectly stated struts.disallowProxyMemberAccess - I've corrected this now (thanks Lukasz for the permission). The options you need to set are: struts.disallowProxyObjectAccess=false struts.allowlist.enable=false As for struts.parameters.requireAnnotations, this has no relation to proxy objects. You will of course need to add the necessary annotations throughout your codebase but much of it can be scripted. I'd recommend starting here to understand how the annotation works: https://struts.apache.org/security/#defining-and-annotating-your-action-parameters The transition mode option is also available which should make keeping this option enabled even less laborious. On Mon, Jun 17, 2024 at 2:16 AM Burton Rhodes wrote: I am having the same issue because many of our JSPs access Hibernate proxy objects. However, setting [struts.disallowProxyMemberAccess=false] is not working for me. I am still receiving "Access to proxy is blocked!" errors. Correcting this issue properly (by changing our JSPs) will take significant time so I would prefer to initially take the security risk. Below is an example of a log entry plus the "non-secure" struts.xml settings. Log Entry Example com.opensymphony.xwork2.ognl.SecurityMemberAccess - Access to proxy is blocked! Target [--data here--], proxy class [com.afs.core.entity.Folder$HibernateProxy$OVniT9Ol] struts.xml -- Original Message -- From "Kusal Kithul-Godage" To "Struts Developers List" Date 6/16/2024 9:51:36 AM Subject Re: [TEST] Apache Struts 7.0.0-M7 test build is ready So the allowlist configuration is usually just informed by the warnings logged during runtime. For most applications this will either be nothing or some Pojo packages. So for the example log warning you've provided that would be: struts.allowlist.packageNames=my.pojo However, the main issue you're having here is that your Pojos are actually Hibernate entities, and you are then accessing them directly using OGNL - which is not recommended. The allowlist capability is also not compatible with any type of proxy object, Hibernate entities included. So you've 2 options here: a) Disable both the proxy block and the allowlist using the following options and accept the increased security risk. struts.disallowProxyObjectAccess=false struts.allowlist.enable=false b) Invest some time introducing an intermediary layer which provides proper separation between your database entities and view layer. This will completely eliminate the risk of exploits targeting your view layer being escalated to the persistence layer. I obviously recommend the latter but we are not going to force this upon anyone as I understand it can take some effort and resources you may not have. Thank you for reporting this though as I expect yours won't be the only Struts application with this issue. I'll update the documentation to better acknowledge this case as well as the options I outlined above. Lukasz if you could give me edit permission for the Struts 7.x migration guide, I'll add a quick note there too. On Sun, Jun 16, 2024 at 8:21 PM Greg Huber wrote: 2024-06-16 11:06:39,002 WARN com.opensymphony.xwork2.ognl.SecurityMemberAccess SecurityMemberAccess:isAccessible - Access to proxy is blocked! Target The docs don't give any hints on what the list should be. my.pojo.Pojo$HibernateProxy$tEzkTVrG] This is an inquiry screen. On 16/06/2024 10:51, Kusal Kithul-Godage wrote: > So you've got 2 separate issues here: > * Pojos that are not allowlisted > * OGNL executions against Spring/Hibernate proxied objects > > If you have genuine Pojos that need allowlisting, you can do so by > following the documentation: > https://struts.apache.org/security/#ognl-member-access > Allowlisting Pojos is perfectly fine and will not reduce security. > > As for manipulating Spring/Hibernate objects via OGNL - this is a > security risk as it means in the event of an SSTI vulnerability, > attackers may also be able to manipulate Spring/Hibernate objects. I'd > first review why your application is relying on this behaviour. > > On Sun, Jun 16, 2024 at 7:39 PM Greg Huber wrote: >> I use both spring and hibernate v6 testing, I would not want to make any >> drastic changes to these as they are painful. >> >> Here is one (of many) >> >> 2024-06-16 09:26:21,419 WARN >> com.opensymphony.xwork2.ognl.SecurityMemberAccess >> SecurityMemberAccess:checkAllowlist - Declaring class [class >> my.pojo.Pojo] of member type [public java.lang.String >> my.pojo.Pojo.getUserName()] is not allowlisted! >> 2024-06-16 09:26:21,41
Re: [TEST] Apache Struts 7.0.0-M7 test build is ready
2024-06-16 11:06:39,002 WARN com.opensymphony.xwork2.ognl.SecurityMemberAccess SecurityMemberAccess:isAccessible - Access to proxy is blocked! Target The docs don't give any hints on what the list should be. my.pojo.Pojo$HibernateProxy$tEzkTVrG] This is an inquiry screen. On 16/06/2024 10:51, Kusal Kithul-Godage wrote: So you've got 2 separate issues here: * Pojos that are not allowlisted * OGNL executions against Spring/Hibernate proxied objects If you have genuine Pojos that need allowlisting, you can do so by following the documentation: https://struts.apache.org/security/#ognl-member-access Allowlisting Pojos is perfectly fine and will not reduce security. As for manipulating Spring/Hibernate objects via OGNL - this is a security risk as it means in the event of an SSTI vulnerability, attackers may also be able to manipulate Spring/Hibernate objects. I'd first review why your application is relying on this behaviour. On Sun, Jun 16, 2024 at 7:39 PM Greg Huber wrote: I use both spring and hibernate v6 testing, I would not want to make any drastic changes to these as they are painful. Here is one (of many) 2024-06-16 09:26:21,419 WARN com.opensymphony.xwork2.ognl.SecurityMemberAccess SecurityMemberAccess:checkAllowlist - Declaring class [class my.pojo.Pojo] of member type [public java.lang.String my.pojo.Pojo.getUserName()] is not allowlisted! 2024-06-16 09:26:21,419 WARN com.opensymphony.xwork2.ognl.SecurityMemberAccess SecurityMemberAccess:isAccessible - Access to non-public [private java.lang.String my.pojo.Pojo.userName] is blocked! public class Pojo { private String userName; public String getUserName() { return userName; } } On 16/06/2024 10:33, Kusal Kithul-Godage wrote: That suggests the target is proxied by Spring or Hibernate, which Pojos should not be by definition. You'll need to attach a debugger to investigate why this is the case On Sun, Jun 16, 2024 at 7:19 PM Greg Huber wrote: The text looks ok, but I get this in the log also: 2024-06-16 10:15:12,587 WARN com.opensymphony.xwork2.ognl.SecurityMemberAccess SecurityMemberAccess:isAccessible - Access to proxy is blocked! Target [][ Where the target is my pojo, which I have alot of. On 16/06/2024 10:15, Kusal Kithul-Godage wrote: I didn't do much testing with the Struts JSP integration beyond the examples in the showcase app so it's possible I've missed some packages/classes that should be allowed by default. Could you share the warnings you are receiving? Perhaps deduplicate the warnings first if there are many repetitive ones On Sun, Jun 16, 2024 at 7:10 PM Greg Huberwrote: Sorry checked the wrong log file, it was this one, needed to be false. Is there any docs on this? ie and example of what would go in the list, as its excluding struts default stuff. On 16/06/2024 10:01, Kusal Kithul-Godage wrote: All of the mentioned options should log issues at warn level or greater, except for 'struts.parameters.requireAnnotations' which will log at debug level. Using the following PR as a reference, you can revert settings to their previous value one by one, to isolate which option may be causing your application issues. https://github.com/apache/struts/pull/919/files Once you have isolated and corrected any issues, please re-enable the options as they offer significant protection against vulnerabilities. On Sun, Jun 16, 2024 at 6:39 PM Greg Huber wrote: I tried this and there is alot of text missing on my jsp pages it mentions these: |struts.ognl.allowStaticFieldAccess=||false| |struts.ognl.expressionMaxLength=||150| |struts.disallowDefaultPackageAccess=||true| |struts.disallowProxyMemberAccess=||true| |struts.parameters.requireAnnotations=||true| |struts.ognl.disallowCustomOgnlMap=||true| |struts.allowlist.enable=||true| | | |I tried | | | |struts.ognl.allowStaticFieldAccess=true | | | |but it made no difference.| | | |There are no warning in the logs. | On 12/06/2024 07:12, Lukasz Lenart wrote: Hello, This is another milestone of Struts 7.x series, which is based on JakartaEE 6. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Please read the Migration guide as this version includes stronger security options https://cwiki.apache.org/confluence/display/WW/Struts+6.x.x+to+7.x.x+migration Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M7 Staging Maven repo https://repository.apache.org/content/groups/staging/ * please read our guideline how to setup your Maven build to include the Staging repository https://struts.apache.org/builds.html#test-builds Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/7.0.0-M7/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M7 Have fun! Łukasz ---
Re: [TEST] Apache Struts 7.0.0-M7 test build is ready
I use both spring and hibernate v6 testing, I would not want to make any drastic changes to these as they are painful. Here is one (of many) 2024-06-16 09:26:21,419 WARN com.opensymphony.xwork2.ognl.SecurityMemberAccess SecurityMemberAccess:checkAllowlist - Declaring class [class my.pojo.Pojo] of member type [public java.lang.String my.pojo.Pojo.getUserName()] is not allowlisted! 2024-06-16 09:26:21,419 WARN com.opensymphony.xwork2.ognl.SecurityMemberAccess SecurityMemberAccess:isAccessible - Access to non-public [private java.lang.String my.pojo.Pojo.userName] is blocked! public class Pojo { private String userName; public String getUserName() { return userName; } } On 16/06/2024 10:33, Kusal Kithul-Godage wrote: That suggests the target is proxied by Spring or Hibernate, which Pojos should not be by definition. You'll need to attach a debugger to investigate why this is the case On Sun, Jun 16, 2024 at 7:19 PM Greg Huber wrote: The text looks ok, but I get this in the log also: 2024-06-16 10:15:12,587 WARN com.opensymphony.xwork2.ognl.SecurityMemberAccess SecurityMemberAccess:isAccessible - Access to proxy is blocked! Target [][ Where the target is my pojo, which I have alot of. On 16/06/2024 10:15, Kusal Kithul-Godage wrote: I didn't do much testing with the Struts JSP integration beyond the examples in the showcase app so it's possible I've missed some packages/classes that should be allowed by default. Could you share the warnings you are receiving? Perhaps deduplicate the warnings first if there are many repetitive ones On Sun, Jun 16, 2024 at 7:10 PM Greg Huber wrote: Sorry checked the wrong log file, it was this one, needed to be false. Is there any docs on this? ie and example of what would go in the list, as its excluding struts default stuff. On 16/06/2024 10:01, Kusal Kithul-Godage wrote: All of the mentioned options should log issues at warn level or greater, except for 'struts.parameters.requireAnnotations' which will log at debug level. Using the following PR as a reference, you can revert settings to their previous value one by one, to isolate which option may be causing your application issues. https://github.com/apache/struts/pull/919/files Once you have isolated and corrected any issues, please re-enable the options as they offer significant protection against vulnerabilities. On Sun, Jun 16, 2024 at 6:39 PM Greg Huberwrote: I tried this and there is alot of text missing on my jsp pages it mentions these: |struts.ognl.allowStaticFieldAccess=||false| |struts.ognl.expressionMaxLength=||150| |struts.disallowDefaultPackageAccess=||true| |struts.disallowProxyMemberAccess=||true| |struts.parameters.requireAnnotations=||true| |struts.ognl.disallowCustomOgnlMap=||true| |struts.allowlist.enable=||true| | | |I tried | | | |struts.ognl.allowStaticFieldAccess=true | | | |but it made no difference.| | | |There are no warning in the logs. | On 12/06/2024 07:12, Lukasz Lenart wrote: Hello, This is another milestone of Struts 7.x series, which is based on JakartaEE 6. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Please read the Migration guide as this version includes stronger security options https://cwiki.apache.org/confluence/display/WW/Struts+6.x.x+to+7.x.x+migration Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M7 Staging Maven repo https://repository.apache.org/content/groups/staging/ * please read our guideline how to setup your Maven build to include the Staging repository https://struts.apache.org/builds.html#test-builds Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/7.0.0-M7/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M7 Have fun! Łukasz - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org For additional commands,e-mail:dev-h...@struts.apache.org - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org For additional commands,e-mail:dev-h...@struts.apache.org - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org For additional commands,e-mail:dev-h...@struts.apache.org - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M7 test build is ready
The text looks ok, but I get this in the log also: 2024-06-16 10:15:12,587 WARN com.opensymphony.xwork2.ognl.SecurityMemberAccess SecurityMemberAccess:isAccessible - Access to proxy is blocked! Target [][ Where the target is my pojo, which I have alot of. On 16/06/2024 10:15, Kusal Kithul-Godage wrote: I didn't do much testing with the Struts JSP integration beyond the examples in the showcase app so it's possible I've missed some packages/classes that should be allowed by default. Could you share the warnings you are receiving? Perhaps deduplicate the warnings first if there are many repetitive ones On Sun, Jun 16, 2024 at 7:10 PM Greg Huber wrote: Sorry checked the wrong log file, it was this one, needed to be false. Is there any docs on this? ie and example of what would go in the list, as its excluding struts default stuff. On 16/06/2024 10:01, Kusal Kithul-Godage wrote: All of the mentioned options should log issues at warn level or greater, except for 'struts.parameters.requireAnnotations' which will log at debug level. Using the following PR as a reference, you can revert settings to their previous value one by one, to isolate which option may be causing your application issues. https://github.com/apache/struts/pull/919/files Once you have isolated and corrected any issues, please re-enable the options as they offer significant protection against vulnerabilities. On Sun, Jun 16, 2024 at 6:39 PM Greg Huber wrote: I tried this and there is alot of text missing on my jsp pages it mentions these: |struts.ognl.allowStaticFieldAccess=||false| |struts.ognl.expressionMaxLength=||150| |struts.disallowDefaultPackageAccess=||true| |struts.disallowProxyMemberAccess=||true| |struts.parameters.requireAnnotations=||true| |struts.ognl.disallowCustomOgnlMap=||true| |struts.allowlist.enable=||true| | | |I tried | | | |struts.ognl.allowStaticFieldAccess=true | | | |but it made no difference.| | | |There are no warning in the logs. | On 12/06/2024 07:12, Lukasz Lenart wrote: Hello, This is another milestone of Struts 7.x series, which is based on JakartaEE 6. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Please read the Migration guide as this version includes stronger security options https://cwiki.apache.org/confluence/display/WW/Struts+6.x.x+to+7.x.x+migration Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M7 Staging Maven repo https://repository.apache.org/content/groups/staging/ * please read our guideline how to setup your Maven build to include the Staging repository https://struts.apache.org/builds.html#test-builds Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/7.0.0-M7/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M7 Have fun! Łukasz - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org For additional commands,e-mail:dev-h...@struts.apache.org - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org For additional commands,e-mail:dev-h...@struts.apache.org - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M7 test build is ready
Sorry checked the wrong log file, it was this one, needed to be false. Is there any docs on this? ie and example of what would go in the list, as its excluding struts default stuff. On 16/06/2024 10:01, Kusal Kithul-Godage wrote: All of the mentioned options should log issues at warn level or greater, except for 'struts.parameters.requireAnnotations' which will log at debug level. Using the following PR as a reference, you can revert settings to their previous value one by one, to isolate which option may be causing your application issues. https://github.com/apache/struts/pull/919/files Once you have isolated and corrected any issues, please re-enable the options as they offer significant protection against vulnerabilities. On Sun, Jun 16, 2024 at 6:39 PM Greg Huber wrote: I tried this and there is alot of text missing on my jsp pages it mentions these: |struts.ognl.allowStaticFieldAccess=||false| |struts.ognl.expressionMaxLength=||150| |struts.disallowDefaultPackageAccess=||true| |struts.disallowProxyMemberAccess=||true| |struts.parameters.requireAnnotations=||true| |struts.ognl.disallowCustomOgnlMap=||true| |struts.allowlist.enable=||true| | | |I tried | | | |struts.ognl.allowStaticFieldAccess=true | | | |but it made no difference.| | | |There are no warning in the logs. | On 12/06/2024 07:12, Lukasz Lenart wrote: Hello, This is another milestone of Struts 7.x series, which is based on JakartaEE 6. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Please read the Migration guide as this version includes stronger security options https://cwiki.apache.org/confluence/display/WW/Struts+6.x.x+to+7.x.x+migration Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M7 Staging Maven repo https://repository.apache.org/content/groups/staging/ * please read our guideline how to setup your Maven build to include the Staging repository https://struts.apache.org/builds.html#test-builds Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/7.0.0-M7/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M7 Have fun! Łukasz - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org For additional commands,e-mail:dev-h...@struts.apache.org - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M7 test build is ready
I tried this and there is alot of text missing on my jsp pages it mentions these: |struts.ognl.allowStaticFieldAccess=||false| |struts.ognl.expressionMaxLength=||150| |struts.disallowDefaultPackageAccess=||true| |struts.disallowProxyMemberAccess=||true| |struts.parameters.requireAnnotations=||true| |struts.ognl.disallowCustomOgnlMap=||true| |struts.allowlist.enable=||true| | | |I tried | | | |struts.ognl.allowStaticFieldAccess=true | | | |but it made no difference.| | | |There are no warning in the logs. | On 12/06/2024 07:12, Lukasz Lenart wrote: Hello, This is another milestone of Struts 7.x series, which is based on JakartaEE 6. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Please read the Migration guide as this version includes stronger security options https://cwiki.apache.org/confluence/display/WW/Struts+6.x.x+to+7.x.x+migration Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M7 Staging Maven repo https://repository.apache.org/content/groups/staging/ * please read our guideline how to setup your Maven build to include the Staging repository https://struts.apache.org/builds.html#test-builds Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/7.0.0-M7/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M7 Have fun! Łukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: Struts2 7.x official release
I am not sure there is a date, but M6 is quite good and stable. On 17/05/2024 10:55, Sai Charan Teja Pratti wrote: Hi, Inorder to upgrade to tomcat 10.x, we have dependency with struts2 7.x Can you please let us know when can we expect the struts2 7.x official release Thanks, Sai On Tue, May 14, 2024 at 2:18 PM Sai Charan Teja Pratti wrote: Hi, Inorder to upgrade to tomcat 10.x, we have dependency with struts2 7.x When can we expect the struts2 7.x official release Thanks, Sai This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
Re: [TEST] Apache Struts 7.0.0-M6 test build is read
7.0.0-M7-SNAPSHOT Thanks it worked, maybe it was a timing thing as they are in snapshots now. M7 works ok. File upload also works OK, but Without the in UploadedFile now I must do the cast manually: for (UploadedFile uploadedFile : uploads) { ... new FileInputStream((File) uploadedFile.getContent()) ... } On 22/04/2024 05:45, Lukasz Lenart wrote: niedz., 21 kwi 2024 o 20:11 Greg Huber napisał(a): I run my ide directly from git, and it is the struts project that won't build. I was following the previous modification changing the struts pom 3x -jakarta entries which was previously 7.0.0-M3-SNAPSHOT and it worked then ok. So you can use 7.0.0-M7-SNAPSHOT instead, but also any other SNAPSHOT version should work https://repository.apache.org/content/groups/snapshots/org/apache/struts/struts2-freemarker-jakarta/ Cheers Lukasz - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M6 test build is read
I run my ide directly from git, and it is the struts project that won't build. I was following the previous modification changing the struts pom 3x -jakarta entries which was previously 7.0.0-M3-SNAPSHOT and it worked then ok. On Sun, 21 Apr 2024 at 12:10, Lukasz Lenart wrote: > niedz., 21 kwi 2024 o 11:12 Greg Huber napisał(a): > > > > Using 7.0.0-M6 I still get > > > > The POM for org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M6 is > > missing, no dependency information available > > Do you specify "struts2-freemarker-jakarta" as a seperated dependency? > Or is it just "struts2-core" in your pom? > > Regards > Lukasz > > - > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
Re: [TEST] Apache Struts 7.0.0-M6 test build is read
Using 7.0.0-M6 I still get The POM for org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M6 is missing, no dependency information available #Sun Apr 21 10:00:20 BST 2024 apache.snapshots|https\://repository.apache.org/snapshots|javadoc=1713690020922 central|https\://repo.maven.apache.org/maven2|sources=1713690019219 central|https\://repo.maven.apache.org/maven2|javadoc=1713690020922 apache.snapshots|https\://repository.apache.org/snapshots|sources=1713690019219 The jars are in staging? https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-freemarker-jakarta/7.0.0-M6/ On 20/04/2024 14:25, Lukasz Lenart wrote: sob., 20 kwi 2024 o 13:20 Burton Rhodes napisał(a): It should be 7.0.0-M6 I released M4 & M5 but there was a problem with standalone ZIP packages, so I had to prepare another release. I think it would be good to push this into Maven Central to allow others to test it as well. Regards Lukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M6 test build is read
What would be the pom fix value we need to use? 7.0.0-M6-SNAPSHOT org.apache.struts struts2-velocity-tools-view-jakarta 7.0.0-M6-SNAPSHOT On 20/04/2024 08:45, Lukasz Lenart wrote: Hello, This is a third milestone of Struts 7.x series, which is based on JakartaEE 6. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M6 Staging Maven repo https://repository.apache.org/content/groups/staging/ * please read our guideline how to setup your Maven build to include the Staging repository https://struts.apache.org/builds.html#test-builds Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/7.0.0-M6/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M6 Have fun! Łukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [VOTE] Apache Struts 6.4.0
Works great for me. Thanks. [x] General Availability (GA) B On 18/04/2024 06:23, Lukasz Lenart wrote: The Apache Struts 6.4.0 test build is available. With this release the following issues were addressed: Bug [WW-5192] - Radio tag not setting enum key values [WW-5319] - StrutsUtils is not defined in validation.js [WW-5357] - Struts anchor tag doesn't support "disabled" even though docs indicate it does [WW-5365] - Radio tag does not support value objects of type Boolean when setting the default value [WW-5373] - CspReportAction JavaDoc wrong [WW-5382] - Stale configuration persists after configuration reload [WW-5387] - ApplicationMap.remove does not remove the entry from the ServletContext [WW-5392] - Tiles-Plugin unable to load tiles definition XML if the file names are specified with wild char [WW-5396] - Javatemplates s:file shows server/file location [WW-5403] - Struts 2.5 to 6.x migration issues caused by removal of deprecated code within a minor release New Feature [WW-5402] - Auto loading the Tiles definition files from the classpath dependent JAR Improvement [WW-5225] - add accessor to the original filename into JakartaMultiPartRequest & MultiPartRequestWrapper [WW-5328] - Removes deprecated methods from SecurityMemberAccess & MemberAccessValueStack [WW-5333] - Refactor AttributeMap [WW-5338] - Remove deprecated OgnlTool [WW-5339] - Mitigate against custom class ASTMap node construction [WW-5340] - Introduce optional AST node exclusion list [WW-5341] - Ensure exclusion list applies to objects from all ClassLoaders [WW-5342] - Block classes in default package [WW-5343] - Make SecurityMemberAccess extensible and a prototype bean [WW-5346] - CDI Plugin: Replace deprecated BeanManager::createInjectionTarget [WW-5348] - Allow overriding of logging behaviour in DefaultAcceptedPatternsChecker [WW-5349] - Remove core dependency on ognl.ASTVarRef [WW-5350] - Implement optional strict class/package allowlist for OGNL [WW-5352] - Implement annotation mechanism for injectable fields via parameters [WW-5354] - Add actionErrors, actionMessages, fieldErrors to parameter excluded patterns [WW-5355] - Integrate and use WTLFU cache by default [WW-5358] - Expand exclusion list [WW-5359] - Improved the StrutsUrlDecoder so that charset retrieval is performed only once [WW-5360] - Struts 2 and JDK 17 numbers of iterator tag when using different locale [WW-5362] - Remove type attribute out of tag [WW-5363] - Look up Stack last in Velocity context [WW-5364] - Automatically populate OGNL allowlist [WW-5369] - Re-define a minimal library set for Struts 6.x [WW-5370] - Make HttpParameters case-insensitive [WW-5371] - Use action based callback to transfer information about uploaded files [WW-5374] - CspInterceptor reportUri with context [WW-5377] - trouble with Struts tags nested within one [WW-5378] - Add option to not fallback to context lookup when finding value in OgnlValueStack [WW-5379] - Implement alternative mechanism for Velocity directives to obtain stack [WW-5381] - Introduce extension points for CompoundRootAccessor and MethodAccessor [WW-5383] - Exclude JAR files by default when scanning for actions on JDK9+ [WW-5391] - Add interface for VelocityManager extension point [WW-5401] - Adds more logging statements around validating and accepting MultiPartRequest Task [WW-5394] - Use request encoding in rest plugin Dependency [WW-5344] - Un-deprecate the Sitemesh plugin and upgrade Sitemesh to ver. 2.5.0 [WW-5347] - Upgrade to commons-digester3 version 3.2 [WW-5389] - Upgrade Log4j to version 2.21.1 [WW-5395] - Upgrade commons-logging:commons-logging from 1.2 to 1.3.0 [WW-5397] - Upgrade net.sf.jasperreports:jasperreports from 6.20.6 to 6.21.0 [WW-5398] - Upgrade commons-validator:commons-validator from 1.6 to 1.8.0 [WW-5399] - Upgrade org.apache.commons:commons-compress from 1.25.0 to 1.26.0 [WW-5404] - Bump log4j2.version from 2.21.1 to 2.23.1 Release notes: * https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.4.0 Github release * https://github.com/apache/struts/releases/tag/STRUTS_6_4_0 Distribution: * https://dist.apache.org/repos/dist/dev/struts/6.4.0/ Maven 2 staging repository: * https://repository.apache.org/content/repositories/staging/ Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. The vote will remain open for at least 72 hours, longer upon request. A vote can be amended at any time to upgrade or downgrade the quality of the release based on future experience. If an initial vote designates the build as "Beta", the release will be submitted for mirroring and announced to the user list. Once released as a public beta, subsequent quality votes on a build may be held on the user list.
Re: Unable to load configuration: /struts2-core-6.4.0.jar!/struts-beans.xml:39:72
Debugging StrutsWildcardServletApplicationContext and what gets loaded : context.getResourcePaths("/") folders only and files (ie index.jsp, robots.txt etc) webapp/ and getClass().getClassLoader().getResources("/") webapp/WEB-INF/classes webapp/WEB-INF/lib/*jars Not sure the pattern is going to work as there are no files to compare, than from webapp/ Just the filter TILES_DEFAULT_PATTERNS tiles*.xml Will load from webapp/WEB-INF/tiles1.xml On 18/04/2024 10:17, i...@flyingfischer.ch wrote: This resolves the issue, as Greg points out: org.apache.struts2.tiles.StrutsTilesListener org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG /WEB-INF/tiles.xml However, this still seems to be a breaking change, which at least should be documented. Maybe is was wong by not specifying tiles.xml specifically in the first place... Thanks! Markus Am 18.04.24 um 11:08 schrieb i...@flyingfischer.ch: I simply use org.apache.struts2.tiles.StrutsTilesListener without any further params. Is this incomplete? Markus Am 18.04.24 um 10:29 schrieb Greg Huber: How do you load your tiles from web.xml? ..For my setup this works. org.apache.struts2.tiles.StrutsTilesListener org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG /WEB-INF/tiles.xml On 18/04/2024 08:47, i...@flyingfischer.ch wrote: Am 18.04.24 um 09:27 schrieb Lukasz Lenart: czw., 18 kwi 2024 o 09:05 i...@flyingfischer.ch napisał(a): My tiles definition remains unchanged under /WEB-INF/tiles.xml If I see this correctly, these changes do not include this situation? https://github.com/apache/struts/pull/896/commits/c7ae614824b4c158b9998575294d94fe9a746c41 @Deprecated String TILES_DEFAULT_PATTERN = "/WEB-INF/**/tiles*.xml,classpath*:META-INF/**/tiles*.xml"; public static final Set TILES_DEFAULT_PATTERNS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList( "/WEB-INF/**/tiles*.xml", "classpath*:META-INF/**/tiles*.xml" ))); This seems to be a breaking change? Looks like, I assumed that ** should match any folder and even no-folder, could you move your tiles.xml into the "config" subfolder to see if this will fix the problem? hmm, I now tried the following versions, without success, moving /WEB-INF/tiles.xml to /WEB-INF/tiles2.xml /WEB-INF/conf/tiles.xml /WEB-INF/conf/tiles2.xml reverting back to struts-6.3.0 does not show the issue. There is option to use but I assume you do not use servlet config tiles org.apache.tiles.web.startup.TilesServlet org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG /WEB-INF/tiles.xml 2 No, I do not use this option. Thanks in advance Lukasz - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Unable to load configuration: /struts2-core-6.4.0.jar!/struts-beans.xml:39:72
..what would the pattern be? /WEB-INF/tiles*.xml On 18/04/2024 09:35, Łukasz Lenart wrote: Yes, this works but it doesn't support wildcards org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG /WEB-INF/tiles.xml czw., 18 kwi 2024 o 10:30 Greg Huber napisał(a): How do you load your tiles from web.xml? ..For my setup this works. org.apache.struts2.tiles.StrutsTilesListener org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG /WEB-INF/tiles.xml On 18/04/2024 08:47, i...@flyingfischer.ch wrote: Am 18.04.24 um 09:27 schrieb Lukasz Lenart: czw., 18 kwi 2024 o 09:05 i...@flyingfischer.ch napisał(a): My tiles definition remains unchanged under /WEB-INF/tiles.xml If I see this correctly, these changes do not include this situation? https://github.com/apache/struts/pull/896/commits/c7ae614824b4c158b9998575294d94fe9a746c41 @Deprecated String TILES_DEFAULT_PATTERN = "/WEB-INF/**/tiles*.xml,classpath*:META-INF/**/tiles*.xml"; public static final Set TILES_DEFAULT_PATTERNS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList( "/WEB-INF/**/tiles*.xml", "classpath*:META-INF/**/tiles*.xml" ))); This seems to be a breaking change? Looks like, I assumed that ** should match any folder and even no-folder, could you move your tiles.xml into the "config" subfolder to see if this will fix the problem? hmm, I now tried the following versions, without success, moving /WEB-INF/tiles.xml to /WEB-INF/tiles2.xml /WEB-INF/conf/tiles.xml /WEB-INF/conf/tiles2.xml reverting back to struts-6.3.0 does not show the issue. There is option to use but I assume you do not use servlet config tiles org.apache.tiles.web.startup.TilesServlet org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG /WEB-INF/tiles.xml 2 No, I do not use this option. Thanks in advance Lukasz - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Unable to load configuration: /struts2-core-6.4.0.jar!/struts-beans.xml:39:72
How do you load your tiles from web.xml? ..For my setup this works. org.apache.struts2.tiles.StrutsTilesListener org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG /WEB-INF/tiles.xml On 18/04/2024 08:47, i...@flyingfischer.ch wrote: Am 18.04.24 um 09:27 schrieb Lukasz Lenart: czw., 18 kwi 2024 o 09:05 i...@flyingfischer.ch napisał(a): My tiles definition remains unchanged under /WEB-INF/tiles.xml If I see this correctly, these changes do not include this situation? https://github.com/apache/struts/pull/896/commits/c7ae614824b4c158b9998575294d94fe9a746c41 @Deprecated String TILES_DEFAULT_PATTERN = "/WEB-INF/**/tiles*.xml,classpath*:META-INF/**/tiles*.xml"; public static final Set TILES_DEFAULT_PATTERNS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList( "/WEB-INF/**/tiles*.xml", "classpath*:META-INF/**/tiles*.xml" ))); This seems to be a breaking change? Looks like, I assumed that ** should match any folder and even no-folder, could you move your tiles.xml into the "config" subfolder to see if this will fix the problem? hmm, I now tried the following versions, without success, moving /WEB-INF/tiles.xml to /WEB-INF/tiles2.xml /WEB-INF/conf/tiles.xml /WEB-INF/conf/tiles2.xml reverting back to struts-6.3.0 does not show the issue. There is option to use but I assume you do not use servlet config tiles org.apache.tiles.web.startup.TilesServlet org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG /WEB-INF/tiles.xml 2 No, I do not use this option. Thanks in advance Lukasz - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Apache Struts Master 15
Builds ok for me. [x] General Availability (GA) On 06/04/2024 18:14, Lukasz Lenart wrote: The Struts Master 15 test build is now available as a Maven artifact. https://repository.apache.org/content/groups/staging/org/apache/struts/struts-master/15/ Release notes: * uses the latest version of the Apache Parent POM version 31 If you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. The vote will remain open for at least 72 hours, longer upon request. Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Apache Struts Master 15
What is the correct way to test this? Do a project build? On 06/04/2024 18:14, Lukasz Lenart wrote: The Struts Master 15 test build is now available as a Maven artifact. https://repository.apache.org/content/groups/staging/org/apache/struts/struts-master/15/ Release notes: * uses the latest version of the Apache Parent POM version 31 If you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. The vote will remain open for at least 72 hours, longer upon request. Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: improve documentation for UploadedFilesAware
OK great. More of a chance of it being read 🙂. I guess this new version includes all the "old versions" security stuff from past issues, and is not a new code base. As the old one is deprecated, and we all rush and upgrade, their may be more resources put in trying to break it. Maybe better to wait a bit before upgrading? On 24/03/2024 20:47, Lukasz Lenart wrote: pon., 18 mar 2024 o 14:42 Greg Huber napisał(a): OK...I did not spot the link in the text. I repeated the links in the Examples sections of both Cheers Lukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: improve documentation for UploadedFilesAware
OK...I did not spot the link in the text. On Mon, 18 Mar 2024 at 12:59, Łukasz Lenart wrote: > pon., 18 mar 2024 o 13:05 Greg Huber napisał(a): > > > > > See [this page] for more examples and advanced configuration. > > > > Which page? > > On these pages, a very first sentence > > https://struts.staged.apache.org/core-developers/action-file-upload-interceptor > https://struts.staged.apache.org/core-developers/file-upload-interceptor > > > > I reverted this idea and UploadedFile isn't generic. > > > > that would be in 7.0.0_M4? I used _M3 to test it. > > Yes, I need to reverse merge master and push M4 > > > Cheers > Lukasz > > - > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
Re: improve documentation for UploadedFilesAware
See [this page] for more examples and advanced configuration. Which page? I reverted this idea and UploadedFile isn't generic. that would be in 7.0.0_M4? I used _M3 to test it. On 18/03/2024 11:56, Lukasz Lenart wrote: pon., 18 mar 2024 o 08:21 Greg Huber napisał(a): Rechecking these : Could not see the link from from the interceptor pages to these detailed help pages. Add a link after Examples? File Upload Interceptor Parameters Extending the Interceptor Examples Or at the bottom of the page? The links are in the very first sentence: See [this page] for more examples and advanced configuration. There is a UploadedFile is a raw type. References to generic type UploadedFile should be parameterized warning I reverted this idea and UploadedFile isn't generic. Cheers Łukasz - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: improve documentation for UploadedFilesAware
Rechecking these : Could not see the link from from the interceptor pages to these detailed help pages. Add a link after Examples? File Upload Interceptor Parameters Extending the Interceptor Examples Or at the bottom of the page? # There is a UploadedFile is a raw type. References to generic type UploadedFile should be parameterized warning private List uploadedFiles = new ArrayList<>(); private List> uploadedFiles = new ArrayList<>(); |@Override public void withUploadedFiles(List uploads) { }| @Override public void withUploadedFiles(List> arg0) { } On 17/03/2024 16:46, Lukasz Lenart wrote: Added :) Also adjusted the Showcasehttps://github.com/apache/struts/pull/895 niedz., 17 mar 2024 o 12:29 Greg Huber napisał(a): Looks good, but what happened to the examples with the stream stuff? Something like this for MultipleFileUploadUsingArrayActionusing arrays example? public class MultipleFileUploadUsingArrayAction extends ActionSupport implements UploadedFilesAware { private List> uploads = null; public String upload() throws Exception { System.out.println("\n\n upload2"); System.out.println("files:"); for (UploadedFile uploadedFile : this.uploads) { System.out.println("*** " + uploadedFile.getOriginalName() + "\t" + uploadedFile.getContentType() + "\t" + uploadedFile.length()); } System.out.println("filenames:"); String[] uploadFileNames = getUploadedFilesFileNames(); for (String n : uploadFileNames) { System.out.println("*** " + n); } System.out.println("content types:"); String[] uploadContentTypes = getUploadedFilesContentType(); for (String c : uploadContentTypes) { System.out.println("*** " + c); } System.out.println("\n\n"); return SUCCESS; } @Override public void withUploadedFiles(List> uploadedFiles) { this.uploads = uploadedFiles; } private String[] getUploadedFilesFileNames() { return this.uploads.stream().map(UploadedFile::getOriginalName) .toArray(size -> new String[size]); } private String[] getUploadedFilesContentType() { return this.uploads.stream().map(UploadedFile::getContentType) .toArray(size -> new String[size]); } } On 17/03/2024 09:33, Lukasz Lenart wrote: Better? https://struts.staged.apache.org/core-developers/action-file-upload https://struts.staged.apache.org/core-developers/file-upload czw., 14 mar 2024 o 15:29 Greg Huber napisał(a): Sorry, I meant we need to copy/duplicate this page : https://struts.apache.org/core-developers/file-upload.html to an *action* version: https://struts.apache.org/core-developers/action-file-upload.html and modify it for the new interceptor methods/logic On Thu, 14 Mar 2024 at 12:42, Łukasz Lenart wrote: Done https://github.com/apache/struts-site/pull/231 czw., 14 mar 2024 o 11:35 Greg Huber napisał(a): There is a really good page for the old upload https://struts.apache.org/core-developers/file-upload.html But the << back to Core Developers Guide does not make it easy to find it again. ## https://struts.apache.org/core-developers/action-file-upload-interceptor would benefit a similar detail page, updated and with the stream stuff. return this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray(); otherwise without streams List>uploads =this.uploadedFiles; if(uploads !=null&&uploads.size()>0){ for(inti =0;i pon., 26 lut 2024 o 12:08 Greg Hubernapisał(a): The documentation only lists one file |public void withUploadedFiles(List uploadedFiles) { if (!uploadedFiles.isEmpty()) { this.uploadedFile = uploadedFiles.get(0); this.fileName = uploadedFile.getName(); this.contentType = uploadedFile.getContentType(); this.originalName = uploadedFile.getOriginalName(); } }| For multiple files these need populating privateFile[]uploadedFiles=null; privateString[]uploadedFilesContentType=null; privateString[]uploadedFilesFileName=null; We have to loop and do it ourselves now? Basically it would be better to stop using additional fields if not needed. You can achieve the same behaviour just exposing getters extracting what's needed from "uploadedFiles", eg: public void withUploadedFiles(List uploadedFiles) { this.uploadedFiles = uploadedFiles; } public String[] getUploadedFilesContentType() { return this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray(); } etc. Cheers Lukasz - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
Re: improve documentation for UploadedFilesAware
Looks good, but what happened to the examples with the stream stuff? Something like this for MultipleFileUploadUsingArrayActionusing arrays example? public class MultipleFileUploadUsingArrayAction extends ActionSupport implements UploadedFilesAware { private List> uploads = null; public String upload() throws Exception { System.out.println("\n\n upload2"); System.out.println("files:"); for (UploadedFile uploadedFile : this.uploads) { System.out.println("*** " + uploadedFile.getOriginalName() + "\t" + uploadedFile.getContentType() + "\t" + uploadedFile.length()); } System.out.println("filenames:"); String[] uploadFileNames = getUploadedFilesFileNames(); for (String n : uploadFileNames) { System.out.println("*** " + n); } System.out.println("content types:"); String[] uploadContentTypes = getUploadedFilesContentType(); for (String c : uploadContentTypes) { System.out.println("*** " + c); } System.out.println("\n\n"); return SUCCESS; } @Override public void withUploadedFiles(List> uploadedFiles) { this.uploads = uploadedFiles; } private String[] getUploadedFilesFileNames() { return this.uploads.stream().map(UploadedFile::getOriginalName) .toArray(size -> new String[size]); } private String[] getUploadedFilesContentType() { return this.uploads.stream().map(UploadedFile::getContentType) .toArray(size -> new String[size]); } } On 17/03/2024 09:33, Lukasz Lenart wrote: Better? https://struts.staged.apache.org/core-developers/action-file-upload https://struts.staged.apache.org/core-developers/file-upload czw., 14 mar 2024 o 15:29 Greg Huber napisał(a): Sorry, I meant we need to copy/duplicate this page : https://struts.apache.org/core-developers/file-upload.html to an *action* version: https://struts.apache.org/core-developers/action-file-upload.html and modify it for the new interceptor methods/logic On Thu, 14 Mar 2024 at 12:42, Łukasz Lenart wrote: Done https://github.com/apache/struts-site/pull/231 czw., 14 mar 2024 o 11:35 Greg Huber napisał(a): There is a really good page for the old upload https://struts.apache.org/core-developers/file-upload.html But the << back to Core Developers Guide does not make it easy to find it again. ## https://struts.apache.org/core-developers/action-file-upload-interceptor would benefit a similar detail page, updated and with the stream stuff. return this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray(); otherwise without streams List>uploads =this.uploadedFiles; if(uploads !=null&&uploads.size()>0){ for(inti =0;i pon., 26 lut 2024 o 12:08 Greg Huber napisał(a): The documentation only lists one file |public void withUploadedFiles(List uploadedFiles) { if (!uploadedFiles.isEmpty()) { this.uploadedFile = uploadedFiles.get(0); this.fileName = uploadedFile.getName(); this.contentType = uploadedFile.getContentType(); this.originalName = uploadedFile.getOriginalName(); } }| For multiple files these need populating privateFile[]uploadedFiles=null; privateString[]uploadedFilesContentType=null; privateString[]uploadedFilesFileName=null; We have to loop and do it ourselves now? Basically it would be better to stop using additional fields if not needed. You can achieve the same behaviour just exposing getters extracting what's needed from "uploadedFiles", eg: public void withUploadedFiles(List uploadedFiles) { this.uploadedFiles = uploadedFiles; } public String[] getUploadedFilesContentType() { return this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray(); } etc. Cheers Lukasz - To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org For additional commands,e-mail:dev-h...@struts.apache.org - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: improve documentation for UploadedFilesAware
Sorry, I meant we need to copy/duplicate this page : https://struts.apache.org/core-developers/file-upload.html to an *action* version: https://struts.apache.org/core-developers/action-file-upload.html and modify it for the new interceptor methods/logic On Thu, 14 Mar 2024 at 12:42, Łukasz Lenart wrote: > Done > https://github.com/apache/struts-site/pull/231 > > czw., 14 mar 2024 o 11:35 Greg Huber napisał(a): > > > > There is a really good page for the old upload > > > > https://struts.apache.org/core-developers/file-upload.html > > > > But the << back to Core Developers Guide does not make it easy to find > > it again. > > > > ## > > > > https://struts.apache.org/core-developers/action-file-upload-interceptor > > > > would benefit a similar detail page, updated and with the stream stuff. > > > > return > this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray(); > > > > otherwise without streams > > > > List>uploads =this.uploadedFiles; > > > > if(uploads !=null&&uploads.size()>0){ > > > > for(inti =0;i > > > String file uploads.get(i).getOriginalName(); > > > > // destroy the temporary file created > > > > uploads.get(i).delete(); > > > > } > > > > } > > > > On 12/03/2024 19:48, Lukasz Lenart wrote: > > > pon., 26 lut 2024 o 12:08 Greg Huber napisał(a): > > >> The documentation only lists one file > > >> > > >> |public void withUploadedFiles(List uploadedFiles) { if > > >> (!uploadedFiles.isEmpty()) { this.uploadedFile = uploadedFiles.get(0); > > >> this.fileName = uploadedFile.getName(); this.contentType = > > >> uploadedFile.getContentType(); this.originalName = > > >> uploadedFile.getOriginalName(); } }| > > >> > > >> For multiple files these need populating > > >> > > >> privateFile[]uploadedFiles=null; > > >> > > >> privateString[]uploadedFilesContentType=null; > > >> > > >> privateString[]uploadedFilesFileName=null; > > >> > > >> We have to loop and do it ourselves now? > > > Basically it would be better to stop using additional fields if not > > > needed. You can achieve the same behaviour just exposing getters > > > extracting what's needed from "uploadedFiles", eg: > > > > > > public void withUploadedFiles(List uploadedFiles) { > > >this.uploadedFiles = uploadedFiles; > > > } > > > > > > public String[] getUploadedFilesContentType() { > > >return > this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray(); > > > } > > > > > > etc. > > > > > > > > > Cheers > > > Lukasz > > > > > > - > > > To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org > > > For additional commands, e-mail:dev-h...@struts.apache.org > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
Re: improve documentation for UploadedFilesAware
There is a really good page for the old upload https://struts.apache.org/core-developers/file-upload.html But the << back to Core Developers Guide does not make it easy to find it again. ## https://struts.apache.org/core-developers/action-file-upload-interceptor would benefit a similar detail page, updated and with the stream stuff. return this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray(); otherwise without streams List>uploads =this.uploadedFiles; if(uploads !=null&&uploads.size()>0){ for(inti =0;i pon., 26 lut 2024 o 12:08 Greg Huber napisał(a): The documentation only lists one file |public void withUploadedFiles(List uploadedFiles) { if (!uploadedFiles.isEmpty()) { this.uploadedFile = uploadedFiles.get(0); this.fileName = uploadedFile.getName(); this.contentType = uploadedFile.getContentType(); this.originalName = uploadedFile.getOriginalName(); } }| For multiple files these need populating privateFile[]uploadedFiles=null; privateString[]uploadedFilesContentType=null; privateString[]uploadedFilesFileName=null; We have to loop and do it ourselves now? Basically it would be better to stop using additional fields if not needed. You can achieve the same behaviour just exposing getters extracting what's needed from "uploadedFiles", eg: public void withUploadedFiles(List uploadedFiles) { this.uploadedFiles = uploadedFiles; } public String[] getUploadedFilesContentType() { return this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray(); } etc. Cheers Lukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M3 test build is ready
selecting "Maven > Disable Workspace Resolution" I need eclipse to build the target/classes folder otherwise I cannot run tomcat. Hopefully this will be fixed once the *-jakarta.jars are released as they are not snapshot? On 28/02/2024 00:01, James Dyer wrote: I agree the best long-term solution to this problem is to move the "*-jakarta" subprojects so they are not children of the parent pom. That way, when you import your projects into your IDE, these projects will not be automatically imported with everything else. Having them in a separate repo completely isolates them and is the most complete solution of all. With the projects isolated, the IDE will get the artifacts from the maven repository and not look for the missing code in these projects. In Eclipse anyhow, you can work around the issue immediately by right clicking on the projects having the errors and selecting "Maven > Disable Workspace Resolution". Then you can run the unit tests within Eclipse. On 2024/02/25 10:57:34 Greg Huber wrote: Also building in eclipse I get these strange errors Missing artifact org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 Missing artifact org.apache.struts:struts2-velocity-tools-jsp-jakarta:jar:7.0.0-M3 Missing artifact org.apache.struts:struts2-velocity-tools-view-jakarta:jar:7.0.0-M3 [ERROR] Failed to execute goal on project [36mstruts2-core[m: [1;31mCould not resolve dependencies for project org.apache.struts:struts2-core:jar:7.0.0-M3: The following artifacts could not be resolved: org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 (present, but unavailable): org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 was not found in https://repo.maven.apache.org/maven2 during a previous attempt. This failure was cached in the local repository and resolution is not reattempted until the update interval of central has elapsed or updates are forced[m-> [1m[Help 1][m Caused by: org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal on project [36mstruts2-core[m: [1;31mCould not resolve dependencies for project org.apache.struts:struts2-core:jar:7.0.0-M3: The following artifacts could not be resolved: org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 (present, but unavailable): org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 was not found in https://repo.maven.apache.org/maven2 during a previous attempt. This failure was cached in the local repository and resolution is not reattempted until the update interval of central has elapsed or updates are forced I have deleted my ~.m2 and it makes no difference. On 24/02/2024 08:46, Lukasz Lenart wrote: Hello, This is a third milestone of Struts 7.x series, which is based on JakartaEE 6. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M3 Staging Maven repo https://repository.apache.org/content/groups/staging/ * please read our guideline how to setup your Maven build to include the Staging repository https://struts.apache.org/builds.html#test-builds Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/7.0.0-M3/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M3 Have fun! Łukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
improve documentation for UploadedFilesAware
The documentation only lists one file |public void withUploadedFiles(List uploadedFiles) { if (!uploadedFiles.isEmpty()) { this.uploadedFile = uploadedFiles.get(0); this.fileName = uploadedFile.getName(); this.contentType = uploadedFile.getContentType(); this.originalName = uploadedFile.getOriginalName(); } }| For multiple files these need populating privateFile[]uploadedFiles=null; privateString[]uploadedFilesContentType=null; privateString[]uploadedFilesFileName=null; We have to loop and do it ourselves now?
Re: [TEST] Apache Struts 7.0.0-M3 test build is ready
This fixes it, seems it needs the getOriginalName() rather than getName()? org.apache.struts2.dispatcher.multipart.AbstractMultiPartRequest original public String[] getFileNames(String fieldName) { return uploadedFiles.getOrDefault(fieldName, Collections.emptyList()).stream() .map(file -> getCanonicalName(file.getName())) .toArray(String[]::new); } fixed public String[] getFileNames(String fieldName) { return uploadedFiles.getOrDefault(fieldName, Collections.emptyList()).stream() .map(file -> getCanonicalName(file.getOriginalName())) .toArray(String[]::new); } This .map stuff is not good for debugging🙁. On 26/02/2024 06:26, Łukasz Lenart wrote: niedz., 25 lut 2024 o 09:42 Greg Huber napisał(a): Testing the file upload and it now does not work. I get an error where its using the wrong file name ie upload5549a568d9794ef5b654da83d07961350045.tmp rather than the actual file name. Which file upload do you use? Old FileuploadInterceptor or ActionFileuploadInterceptor? Do you mean the error message is wrong and it displays the wrong file name? I put back the mods I did, and it still does not work. Were there any other changes? Herehttps://github.com/apache/struts/pull/873 Regards Łukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M3 test build is ready
The old version. The pom change to snapshot worked so I will have a look now. On 26/02/2024 06:26, Łukasz Lenart wrote: niedz., 25 lut 2024 o 09:42 Greg Huber napisał(a): Testing the file upload and it now does not work. I get an error where its using the wrong file name ie upload5549a568d9794ef5b654da83d07961350045.tmp rather than the actual file name. Which file upload do you use? Old FileuploadInterceptor or ActionFileuploadInterceptor? Do you mean the error message is wrong and it displays the wrong file name? I put back the mods I did, and it still does not work. Were there any other changes? Herehttps://github.com/apache/struts/pull/873 Regards Łukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M3 test build is ready
Why does it work then for the other artifacts? org.apache.struts struts2-freemarker-jakarta ${project.version} org.apache.struts struts2-core ${project.version} org.apache.struts struts2-spring-plugin ${project.version} Seems to be the newer jars, are the maven details correct? On 26/02/2024 06:28, Lukasz Lenart wrote: niedz., 25 lut 2024 o 11:57 Greg Huber napisał(a): Also building in eclipse I get these strange errors Missing artifact org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 It's because the artifacts are transformed during build and the IDE doesn't see them. Here is an example how to overcome this problem to run unit tests from within the IDE https://github.com/apache/struts/pull/871 Regards Łukasz - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M3 test build is ready
Also building in eclipse I get these strange errors Missing artifact org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 Missing artifact org.apache.struts:struts2-velocity-tools-jsp-jakarta:jar:7.0.0-M3 Missing artifact org.apache.struts:struts2-velocity-tools-view-jakarta:jar:7.0.0-M3 [ERROR] Failed to execute goal on project [36mstruts2-core[m: [1;31mCould not resolve dependencies for project org.apache.struts:struts2-core:jar:7.0.0-M3: The following artifacts could not be resolved: org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 (present, but unavailable): org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 was not found in https://repo.maven.apache.org/maven2 during a previous attempt. This failure was cached in the local repository and resolution is not reattempted until the update interval of central has elapsed or updates are forced[m-> [1m[Help 1][m Caused by: org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal on project [36mstruts2-core[m: [1;31mCould not resolve dependencies for project org.apache.struts:struts2-core:jar:7.0.0-M3: The following artifacts could not be resolved: org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 (present, but unavailable): org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 was not found in https://repo.maven.apache.org/maven2 during a previous attempt. This failure was cached in the local repository and resolution is not reattempted until the update interval of central has elapsed or updates are forced I have deleted my ~.m2 and it makes no difference. On 24/02/2024 08:46, Lukasz Lenart wrote: Hello, This is a third milestone of Struts 7.x series, which is based on JakartaEE 6. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M3 Staging Maven repo https://repository.apache.org/content/groups/staging/ * please read our guideline how to setup your Maven build to include the Staging repository https://struts.apache.org/builds.html#test-builds Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/7.0.0-M3/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M3 Have fun! Łukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M3 test build is ready
Testing the file upload and it now does not work. I get an error where its using the wrong file name ie upload5549a568d9794ef5b654da83d07961350045.tmp rather than the actual file name. I put back the mods I did, and it still does not work. Were there any other changes? I did not test M2 so maybe there was something in that. Everything else works, so I think I have got everything setup correctly in my ide. On 24/02/2024 08:46, Lukasz Lenart wrote: Hello, This is a third milestone of Struts 7.x series, which is based on JakartaEE 6. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M3 Staging Maven repo https://repository.apache.org/content/groups/staging/ * please read our guideline how to setup your Maven build to include the Staging repository https://struts.apache.org/builds.html#test-builds Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/7.0.0-M3/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M3 Have fun! Łukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: [7.0.0-M3] Error message
What happened to M3? There is no tag on https://github.com/apache/struts On 16/02/2024 07:27, Lukasz Lenart wrote: I'm going to prepare another M4 which will contain the latest fixes around file upload and changes from the master branch pt., 9 lut 2024 o 16:53 Burton Rhodes napisał(a): Lastly, I am also finding a ton of these log entries below. I'm not sure why they are happening either, but to be honest, I haven't had much time to investigate. "upload" is the form field name, BTW. I will try to do some more investigating on these over the weekend. Feb 08 09:29:12 lb-group-web-app-v1d2-dqsv afs-site: WARN o.a.s.i.ActionFileUploadInterceptor: Could not find a Filename for upload. Verify that a valid file was submitted. Feb 08 09:29:12 lb-group-web-app-v1d2-dqsv afs-site: WARN o.a.s.i.FileUploadInterceptor: Could not find a Content-Type for upload. Verify that a valid file was submitted. Feb 08 09:33:39 lb-group-web-app-v1d2-dqsv afs-site: WARN o.a.s.i.ActionFileUploadInterceptor: Could not find a Filename for upload. Verify that a valid file was submitted. Feb 08 09:33:39 lb-group-web-app-v1d2-dqsv afs-site: WARN o.a.s.i.FileUploadInterceptor: Could not find a Content-Type for upload. Verify that a valid file was submitted. -- Original Message -- From "Burton Rhodes" To "Struts Developers List" Date 2/9/2024 9:43:18 AM Subject Re: [7.0.0-M3] Error message Also, I am finding quite a few of these "generic" errors in my logs (Error uploading: {0}!), and I believe it's happening when the upload fails either through a broken pipe/connection or client abort. I haven't had the time to test it though to be sure why these are being generated in my error logs. -- Original Message -- >From "Burton Rhodes" To "Struts Developers List" Date 2/9/2024 9:38:12 AM Subject Re: [7.0.0-M3] Error message The easiest example is when a custom "saveDir" is not accessible. (e.g. no security access). This will throw a generic FileUploadException with no identifiable file. -- Original Message -- >From "Lukasz Lenart" To "Struts Developers List" Date 2/9/2024 9:34:36 AM Subject Re: [7.0.0-M3] Error message pt., 9 lut 2024 o 16:21 Burton Rhodes napisał(a): I haven't had time yet, but I will try this weekend. Could you share a use case when it can happen? Cheers Lukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: file uploading
Yes, only in the java templates plugin. Will do a PR. On Tue, 13 Feb 2024 at 15:18, Łukasz Lenart wrote: > I noticed your ticket in JIRA, so this problem is only related to the > Java templates plugin? > > pon., 12 lut 2024 o 16:56 Greg Huber napisał(a): > > > > This is happening on the current version. > > > > I was just looking at what I need to do for the > ActionFileUploadInterceptor. > > > > On Mon, 12 Feb 2024 at 15:52, Lukasz Lenart > wrote: > > > > > pon., 12 lut 2024 o 16:48 Greg Huber napisał(a): > > > > > > > > Current version 6.3.0.2. > > > > > > This version doesn't contain a new file upload interceptor, it's a > > > part of 6.4.0 & 7.0.0 > > > https://issues.apache.org/jira/browse/WW-5371 > > > > > > > > > Regards > > > Lukasz > > > > > > - > > > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > > > For additional commands, e-mail: dev-h...@struts.apache.org > > > > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
Re: file uploading
This is happening on the current version. I was just looking at what I need to do for the ActionFileUploadInterceptor. On Mon, 12 Feb 2024 at 15:52, Lukasz Lenart wrote: > pon., 12 lut 2024 o 16:48 Greg Huber napisał(a): > > > > Current version 6.3.0.2. > > This version doesn't contain a new file upload interceptor, it's a > part of 6.4.0 & 7.0.0 > https://issues.apache.org/jira/browse/WW-5371 > > > Regards > Lukasz > > - > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
Re: file uploading
Current version 6.3.0.2. On Mon, 12 Feb 2024 at 15:45, Lukasz Lenart wrote: > pon., 12 lut 2024 o 16:36 Greg Huber napisał(a): > > > > Was looking at switching to the new FileUploadInterceptor. > > > > But testing the current version, I noticed that after the upload it gives > > details of the webapp location in the value attribute. > > > > > > > > > ..value="/dev/apache-tomcat/apache-tomcat-9.0.85/work/Catalina/localhost/ROOT##/upload_52c5bcff_6363_4414_b23e_fe49bb3f3af7_0462.tmp" > > . > > > > To clear this I have to set value="" > > > > ie > > > > Is this intentional? I like to try and hide such info. > > Rather a mistake, which version have you been using? > > > Regards > Łukasz > > - > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
file uploading
Was looking at switching to the new FileUploadInterceptor. But testing the current version, I noticed that after the upload it gives details of the webapp location in the value attribute. ..value="/dev/apache-tomcat/apache-tomcat-9.0.85/work/Catalina/localhost/ROOT##/upload_52c5bcff_6363_4414_b23e_fe49bb3f3af7_0462.tmp" . To clear this I have to set value="" ie Is this intentional? I like to try and hide such info.
Re: [7.0.0-M1] Actions not setting parameters with Multi-part forms
I use the default which is struts.multipart.parser=org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest What would the jakarta-stream do that is different? On 23/01/2024 03:12, Burton Rhodes wrote: The biggest issue I'm having at the moment is with all of my multi-part forms that include parameter data and a file. The action does receive the file, but the parameter "team.company" is set to the String value of stream, for example: "org.apache.commons.fileupload2.core.MultipartInput$ItemInputStream@1afaa502" Am I missing something obvious? To add, it actually doesn't matter if I have a file field in the form. Any form with [enctype="multipart/form-data"] never sets the action fields properly. Is there a different parser I should be referencing? Or are my interceptors not correct? Example Form method="post" enctype="multipart/form-data" accept-charset="utf-8"> Parser Interceptor Stack input,back,cancel,browse input,back,cancel,browse - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [TEST] Apache Struts 7.0.0-M1 test build is ready
Seems to pass all my tests and runs good. Upload seems to work OK, both my ajax and struts version. Stack: zulu17.42.19-ca-crac-jdk17.0.7-linux_x64 Spring framework 6.1.3 Spring Security 6.2.1 apache-tomcat-10.1.18 On 20/01/2024 11:12, Lukasz Lenart wrote: Hello, This is the first version of Struts 7.x series, this a very first release based on JakartaEE. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M1 Staging Maven repo https://repository.apache.org/content/groups/staging/ * please read our guideline how to setup your Maven build to include the Staging repository https://struts.apache.org/builds.html#test-builds Standalone artifacts https://nightlies.apache.org/struts/snapshot/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M1 Kind regards -- Łukasz - To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org For additional commands, e-mail:dev-h...@struts.apache.org
Re: tooltip on
Great, thanks. ...whilst the iron is hot, I was looking at the tooltip template code for theme simple. There is a template form-close-tooltips.ftl that includes the domTT.js and domTT.css, but I cannot see how it actually adds the tool tip. Possibly this needs to be removed as it looks like it is not supported (on the simple theme), # Could modify common-attributes.ftl to include the tooltip stuff as a title: <#if parameters.accesskey?has_content> accesskey="${parameters.accesskey}"<#rt/> <#rt/> <#if parameters.tooltip??> title="${parameters.tooltip}"<#rt/> <#rt/> ...but then should use the title rather than the tooltip on the component. On 10/10/2023 14:20, Lukasz Lenart wrote: wt., 10 paź 2023 o 11:50 Greg Huber napisał(a): My bad the filter mapping has changed from /struts/*. struts2 /static/* Although the docs don't mention this, if you app is bigger and only filter on the .action you need to map the static. struts2 *.action struts2 /static/* Great! I extended the description to match your case, is this clear enough? https://github.com/apache/struts-site/pull/206 Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: tooltip on
My bad the filter mapping has changed from /struts/*. struts2 /static/* Although the docs don't mention this, if you app is bigger and only filter on the .action you need to map the static. struts2 *.action struts2 /static/* On 08/10/2023 12:30, Łukasz Lenart wrote: Maybe serving static content is disabled https://struts.apache.org/core-developers/static-content (mobile) W dniu niedz., 8.10.2023 o 13:23 Greg Huber napisał(a): All I get is a 404 Loading failed for the
Re: tooltip on
All I get is a 404 Loading failed for the
Re: tooltip on
Not to sure what you mean? Its auto generated by /core/src/main/resources/template/simple/form-close-tooltips.ftl <#if (parameters.hasTooltip!false)><#t/> <#lt/> <#lt/><@s.script type="text/javascript" src="${base}${parameters.staticContentPath}/domTT.js" /> <#lt/><@s.link rel="stylesheet" type="text/css" href="${base}${parameters.staticContentPath}/domTT.css" /> <#t/> On 08/10/2023 11:44, Lukasz Lenart wrote: niedz., 8 paź 2023 o 12:08 Greg Huber napisał(a): How is this supposed to work? I get this at the bottom of the form, but for me it maps to an invalid url? http://www.xx.xx/static/domTT.js Is there some js that is supposed to take care of this? https://struts.apache.org/tag-developers/textfield-tag does not mention anything. Try to use Regards
tooltip on
How is this supposed to work? I get this at the bottom of the form, but for me it maps to an invalid url? http://www.xx.xx/static/domTT.js Is there some js that is supposed to take care of this? https://struts.apache.org/tag-developers/textfield-tag does not mention anything.
Re: Struts 2.5.x EOL
Spring 5 Framework has an EOL of 2024-12-31, and 6 is Java 17+. * Spring Framework 6.1.x: Jakarta EE 9-11 (jakarta namespace) * Spring Framework 6.0.x: Jakarta EE 9-10 (jakarta namespace) * Spring Framework 5.3.x: Java EE 7-8 (javax namespace) On 04/10/2023 05:32, Lukasz Lenart wrote: Hi, I would like to announce that we end support for Struts 2.5.x branch. Is setting this date to the 1st of the new year ok? Not too short a period of time? Regards
Re: Struts 2.5.x EOL
+1. If we are going to create a plugin for the Jakarta changes, would make it easier. On 04/10/2023 05:32, Lukasz Lenart wrote: Hi, I would like to announce that we end support for Struts 2.5.x branch. Is setting this date to the 1st of the new year ok? Not too short a period of time? Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Apache Struts 6.3.0
Works great for me. Thanks. [x] General Availability (GA) On 01/09/2023 07:44, Lukasz Lenart wrote: Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Apache Struts 6.3.0
Is this vote still open? On 30/08/2023 12:01, Lukasz Lenart wrote: There is a blocker [1] discovered by Kusal, should I merge the PR into the master branch and roll a new release -> 6.3.1 or rather clean up everything and start over with 6.3.0. Some uses get confused if there is there is a patch release without having a minor release (having 6.3.1 without releasing 6.3.0) [1] https://github.com/apache/struts/pull/744 Regards Łukasz śr., 30 sie 2023 o 10:50 Lukasz Lenart napisał(a): The Apache Struts 6.3.0 test build is available. With this release the following issues were addressed: Improvement [WW-5233] - Include Apache Tiles code base in the Tiles plugin [WW-5321] - notify / document about new maxStringLength limitation [WW-5327] - Stop using JavaBeans notation for setters in SecurityMemberAccess & MemberAccessValueStack [WW-5332] - Validate excluded package name list for missing commas [WW-5334] - Misc VelocityManager code cleanup [WW-5336] - Merge OgnlTool class into StrutsUtil class [WW-5337] - Improve performance of excluded classes and packages Bug [WW-5330] - Issue when submitting a form with a textarea containing more than 4000 characters. [WW-5331] - Access to request attributes via tags is broken Dependency [WW-5315] - Upgrades ASM to version 9.5 [WW-5316] - Upgrades commons-io to version 2.13.0 [WW-5317] - Upgrades log4j-api to version 2.20.0 [WW-5318] - Upgrades slf4j-api to version 2.0.7 [WW-5320] - finish Reproducible Builds [WW-5322] - Upgrade Jackson version to 2.15.2 [WW-5323] - Upgrade JasperReports to version 6.20.5 [WW-5325] - Upgrade commons-lang3 to version 2.13.0 [WW-5329] - Upgrade xstream to version 1.4.20 Release notes: * https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.3.0 Github release * https://github.com/apache/struts/releases/tag/STRUTS_6_3_0 Distribution: * https://dist.apache.org/repos/dist/dev/struts/6.3.0/ Maven 2 staging repository: * https://repository.apache.org/content/repositories/staging/ Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. The vote will remain open for at least 72 hours, longer upon request. A vote can be amended at any time to upgrade or downgrade the quality of the release based on future experience. If an initial vote designates the build as "Beta", the release will be submitted for mirroring and announced to the user list. Once released as a public beta, subsequent quality votes on a build may be held on the user list. As always, the act of voting carries certain obligations. A binding vote not only states an opinion, but means that the voter is agreeing to help do the work. Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: tiles taglib
Whichever.If any kind of custom velocity and use tiles, please give the rc a spin. On 19/07/2023 16:39, Lukasz Lenart wrote: Yet this can break backward compatibility, users will have to switch to the new tags uri. Not sure if this is a good idea. Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ pon., 17 lip 2023 o 13:03 Greg Huber napisał(a): ...if we do change it, it is built with pom build-autotags Changed in BuildAutotags.java String taglibURI = "/struts-tiles"; and copied over from target. On 17/07/2023 10:47, Lukasz Lenart wrote: pon., 17 lip 2023 o 11:44 Greg Huber napisał(a):> I now get this pesky error (eclipse) using this <%@ taglib uri="http://tiles.apache.org/tags-tiles"; prefix="tiles" %> Maybe we are missing something for this? Probably we should change that to a Struts related uri Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: tiles taglib
...if we do change it, it is built with pom build-autotags Changed in BuildAutotags.java String taglibURI = "/struts-tiles"; and copied over from target. On 17/07/2023 10:47, Lukasz Lenart wrote: pon., 17 lip 2023 o 11:44 Greg Huber napisał(a):> I now get this pesky error (eclipse) using this <%@ taglib uri="http://tiles.apache.org/tags-tiles"; prefix="tiles" %> Maybe we are missing something for this? Probably we should change that to a Struts related uri Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: tiles taglib
A good idea. ./struts-tiles ### I guess an eclipse thing. Every thing looks ok. On 17/07/2023 10:47, Lukasz Lenart wrote: pon., 17 lip 2023 o 11:44 Greg Huber napisał(a):> I now get this pesky error (eclipse) using this <%@ taglib uri="http://tiles.apache.org/tags-tiles"; prefix="tiles" %> Maybe we are missing something for this? Probably we should change that to a Struts related uri Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
tiles taglib
I now get this pesky error (eclipse) using this <%@ taglib uri="http://tiles.apache.org/tags-tiles"; prefix="tiles" %> Maybe we are missing something for this? - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [TEST] Apache Struts 6.3.0-RC1 test build is read
Work great for me.😁 Thanks. On 16/07/2023 09:23, Lukasz Lenart wrote: Hello, This is another minor version of Struts 6.x series, yet it includes the Apache Struts tiles code base instead of depending on the outdated libraries. Please take the time and test the bits - any help is appreciated. Please report any problems you will spot. Here are the changes from the previous version: https://github.com/apache/struts/releases/tag/STRUTS_6_3_0_RC1 Staging Maven repo https://repository.apache.org/content/groups/staging/ * please read our guideline how to setup your Maven build to include the Staging repository https://struts.apache.org/builds.html#test-builds Standalone artifacts https://dist.apache.org/repos/dist/dev/struts/6.3.0-RC1/ Release notes https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.3.0 Kind regards -- Łukasz - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Apache Struts 6.2.0
Work great for me. Thanks. On 05/07/2023 11:25, Lukasz Lenart wrote: [x] General Availability (GA) (B) - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
blog post not helpful
I noticed on searching, that it shows "a people ask", If I click on the link, Is Struts 2 outdated? People also ask Is Struts 2 outdated? Yes, you can be surprised but *after almost 18 years on the market the Apache Struts project is still maintained and under active development*.10 Sept 2018 It links to this https://blog.softwaremill.com/the-apache-struts-still-alive-b7ea7bc7b7ed Can the block post be changed, asit has taken the text out of context, and is not helpful.
Re: String variable with a number s:if test
Ah, ok not to use .equals(). Think here the type started of as "type1" "type2".. "typeA" "typeB" etc and got refactored to 1,2...A,B etc so had an impact. ### May be it would be faster also to use == rather than .equals()? I do alot of !bean.imageSource.equals('') Thanks! On 25/05/2023 08:17, Lukasz Lenart wrote: czw., 25 maj 2023 o 09:12 Greg Huber napisał(a): Thanks, need to try and remembered this! Would explain why some of my item types don't select/work as expected. I would use "==" to be sure, as documented in https://ognl.orphan.software/language-guide#operators "e1 == e2"; e1 eq e2 - Equality test Equality is tested for as follows. If either value is null, they are equal if and only if both are null. If they are the same object or the equals() method says they are equal, they are equal. If they are both Numbers, they are equal if their values as double-precision floating point numbers are equal. Otherwise, they are not equal. These rules make numbers compare equal more readily than they would normally, if just using the equals method. So the final version is: Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: String variable with a number s:if test
Thanks, need to try and remembered this! Would explain why some of my item types don't select/work as expected. On 24/05/2023 12:26, Lukasz Lenart wrote: śr., 24 maj 2023 o 11:23 Greg Huber napisał(a): If I have a bean with a variable of type of String ie public String getType() { return type; } AND it has a number, eg 2. In my jsp Does not work: I must use this: Is this how it should work? Some old code uses .equals('2'), as the bean is a string, and is not working as expected.🙁 Maybe it has always been wrong? Did you try to use: ? As '*' indicates a char Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
String variable with a number s:if test
If I have a bean with a variable of type of String ie public String getType() { return type; } AND it has a number, eg 2. In my jsp Does not work: I must use this: Is this how it should work? Some old code uses .equals('2'), as the bean is a string, and is not working as expected.🙁 Maybe it has always been wrong? - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Struts 6.2.0
Maybe a separate release immediately after 6.2.0? It is only a refactor, with no code changes, but might have missed something especially if using velocity heavily. On 16/05/2023 19:56, Lukasz Lenart wrote: Hi, I think it's time to release a new version which addresses over 50 issues [1] and I want to merge two more PRs [2] I wonder if we should include Tiles codebase [3] in 6.2.0 or rather makes this a dedicated release just narrowed to replacing Tiles dependency with the copied code. [1] https://issues.apache.org/jira/projects/WW/versions/12352403 [2] https://github.com/apache/struts/pulls [3] https://github.com/apache/struts/pull/608 Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
action="%{tmp}" on other tags
The form tag does this : On 19/04/2023 08:25, Lukasz Lenart wrote: śr., 19 kwi 2023 o 09:19 Greg Huber napisał(a): clickById("entry_%{#mainAction}!publish") This patch fixes the format by calculating the action first: https://github.com/apache/struts/commit/d7cf72c92eb84437eb9794b56c2525b389cf7900 This is really a hack to satisfy Roller requirements, but looks like this clearly explains the expectations: calculate ID based on action AND method at the same time, is that correct? Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: looking at roller upgrade again
hack to satisfy Roller requirements Well I don't think its a hack, to have the variable name as part of the id does not seem correct to me eg entryEdit ie the name would be : entry___tmp__saveDraft vs entry_entryEdit_saveDraft calculate ID based on action AND method at the same time, is that correct? yes, other tags must be doing this already? On 19/04/2023 08:25, Lukasz Lenart wrote: śr., 19 kwi 2023 o 09:19 Greg Huber napisał(a): clickById("entry_%{#mainAction}!publish") This patch fixes the format by calculating the action first: https://github.com/apache/struts/commit/d7cf72c92eb84437eb9794b56c2525b389cf7900 This is really a hack to satisfy Roller requirements, but looks like this clearly explains the expectations: calculate ID based on action AND method at the same time, is that correct? Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: looking at roller upgrade again
@Greg Huber is the current approach ok? https://github.com/apache/struts/pull/678 This works but not really related to this formatting issue. As there is nothing wrong with Struts, it never formatted it correctly in the first place, which can be seen from the test clickById : clickById("entry_%{#mainAction}!publish") This patch fixes the format by calculating the action first: https://github.com/apache/struts/commit/d7cf72c92eb84437eb9794b56c2525b389cf7900 Maybe there is another approach that other tags use? I will have another look. On 19/04/2023 07:51, Lukasz Lenart wrote: I'm sorry Yasser if you took this personally - escape logic has changed and on first thought that was the cause. After investigating the thing deeper I found it isn't just this but also missing support for evaluation of ID which bases on action or method. Previously ID was evaluated on set (in the setter) to overcome some problems, yet it was too early and I have changed this logic sometime ago, yet still this affected only tags with ID defined. @Greg Huber is the current approach ok? https://github.com/apache/struts/pull/678 Cheers -- Łukasz - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: looking at roller upgrade again
I think it was always wrong as the test is checking for : entry_%{#mainAction}!publish clickById("entry_%{#mainAction}!publish") On 14/04/2023 19:17, Yasser Zamani wrote: Thank you for the explanation Greg. Yes I agree that previously it was looking better. Currently am wondering how previous Struts was generating the id from an evaluated name! Because as you see below, Struts is and was keeping name property unchanged via introducing a local var named name: String name = findString(this.name); // previous version String translatedName = findString(this.name); // current version You see. I just renamed local var name to translatedName to not confuse name with this.name. So am wondering how _tmp_id = ...escape(name)...; uses an evaluated name in previous versions! Regards. On 4/12/2023 7:13 PM, Greg Huber wrote: There is nothing wrong with struts. There is a selenium test in roller that checks on the id clickById("entry_%{#mainAction}!publish"); it now has: entrymainAction__publish ie it escapes %{#}! with spaces. To match other tags, it should evaluate %{#mainAction} ie using the form below: entryEdit entry_entryEdit_publish Whether this is is needed or not is debatable, although it looks better. But, it is just as easy to change the test to be: entrymainAction__publish. On Wed, 12 Apr 2023 at 14:27, Yasser Zamani wrote: Sorry I didn't get what the problem exactly is. 1. Was your app depended to Struts internal behavior of id generation and so your app is broken now? 2. Or no, Struts itself is broken now by my change? On 4/11/2023 10:16 AM, Greg Huber wrote: More housekeeping, the id on the form tag never supported %{..} on the action attribute. ie action="%{#mainAction}!saveDraft" On 10/04/2023 20:37, Yasser Zamani wrote: Hi there, please see inline... On 4/3/2023 11:18 AM, Lukasz Lenart wrote: The change has been introduced here [1] and the problem is that it replaces any non-alphanumeric character with "_". Also it works on an unevaluated version of the "name" attribute (in case if the "id" attribute is not defined). I think this is a bug and I'm not sure why the "escape" method has been changed in case of fixing double evaluations (its main purpose was JavaScript-friendliness) Because it was also reported in same report by our last security report. It's required and is a common practice to avoid XSS. If some plugin has a problem with it, then it also need to be fixed (i.e. replace any non-alpha with _) because it's only for Struts internal usage and users shouldn't depend on Struts internal behavior. Best Regards, Yasser [1] https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ sob., 1 kwi 2023 o 12:43 Greg Huber napisał(a): Maybe a user question (sorry) Using action like this : action="%{#mainAction}!saveDraft"/> struts seems to get the "id" wrong? ...but the "name" correct. eg: entryEdit renders: id="entrymainAction__saveDraft" name="action:entryAdd!saveDraft" class="btn btn-warning"> Should be # If I try it on my app it does the same thing action="%{myConfigz}!save" accesskey="s" /> renders: should be - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: looking at roller upgrade again
There is nothing wrong with struts. There is a selenium test in roller that checks on the id clickById("entry_%{#mainAction}!publish"); it now has: entrymainAction__publish ie it escapes %{#}! with spaces. To match other tags, it should evaluate %{#mainAction} ie using the form below: entryEdit entry_entryEdit_publish Whether this is is needed or not is debatable, although it looks better. But, it is just as easy to change the test to be: entrymainAction__publish. On Wed, 12 Apr 2023 at 14:27, Yasser Zamani wrote: > Sorry I didn't get what the problem exactly is. > > 1. Was your app depended to Struts internal behavior of id generation > and so your app is broken now? > > 2. Or no, Struts itself is broken now by my change? > > > On 4/11/2023 10:16 AM, Greg Huber wrote: > > More housekeeping, the id on the form tag never supported %{..} on the > > action attribute. ie action="%{#mainAction}!saveDraft" > > > > On 10/04/2023 20:37, Yasser Zamani wrote: > >> Hi there, please see inline... > >> > >> On 4/3/2023 11:18 AM, Lukasz Lenart wrote: > >>> The change has been introduced here [1] and the problem is that it > >>> replaces any non-alphanumeric character with "_". Also it works on an > >>> unevaluated version of the "name" attribute (in case if the "id" > >>> attribute is not defined). I think this is a bug and I'm not sure why > >>> the "escape" method has been changed in case of fixing double > >>> evaluations (its main purpose was JavaScript-friendliness) > >> > >> Because it was also reported in same report by our last security > >> report. It's required and is a common practice to avoid XSS. > >> > >> If some plugin has a problem with it, then it also need to be fixed > >> (i.e. replace any non-alpha with _) because it's only for Struts > >> internal usage and users shouldn't depend on Struts internal behavior. > >> > >> Best Regards, > >> Yasser > >> > >>> > >>> [1] > >>> > https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897 > >>> > >>> > >>> Regards > >>> -- > >>> Łukasz > >>> + 48 606 323 122 http://www.lenart.org.pl/ > >>> > >>> sob., 1 kwi 2023 o 12:43 Greg Huber napisał(a): > >>>> > >>>> Maybe a user question (sorry) > >>>> > >>>> Using action like this : action="%{#mainAction}!saveDraft"/> struts > >>>> seems to get the "id" wrong? ...but the "name" correct. > >>>> > >>>> eg: > >>>> > >>>> entryEdit > >>>> > >>>> >>>> value="%{getText('weblogEdit.save')}" > >>>> action="%{#mainAction}!saveDraft"/> > >>>> > >>>> renders: > >>>> > >>>> >>>> id="entrymainAction__saveDraft" name="action:entryAdd!saveDraft" > >>>> class="btn btn-warning"> > >>>> > >>>> > >>>> Should be > >>>> > >>>> >>>> id="entry_entryAdd_saveDraft" > >>>> name="action:entryAdd!saveDraft" class="btn btn-warning"> > >>>> > >>>> > >>>> # > >>>> > >>>> If I try it on my app it does the same thing > >>>> > >>>> >>>> method="post"> > >>>> > >>>> > >>>> >>>> accesskey="s" /> > >>>> > >>>> > >>>> > >>>> renders: > >>>> > >>>> >>>> id="myConfig___myConfigz__save" accesskey="s"> > >>>> > >>>> > >>>> should be > >>>> > >>>> >>>> id="myConfig_myConfig_save" accesskey="s"> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> - > >>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > >>>> For additional commands, e-mail: dev-h...@struts.apache.org > >>>> > >>> > >>> - > >>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > >>> For additional commands, e-mail: dev-h...@struts.apache.org > >>> > >> > >> - > >> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > >> For additional commands, e-mail: dev-h...@struts.apache.org > >> > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > > For additional commands, e-mail: dev-h...@struts.apache.org > > > > - > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
Re: looking at roller upgrade again
More housekeeping, the id on the form tag never supported %{..} on the action attribute. ie action="%{#mainAction}!saveDraft" On 10/04/2023 20:37, Yasser Zamani wrote: Hi there, please see inline... On 4/3/2023 11:18 AM, Lukasz Lenart wrote: The change has been introduced here [1] and the problem is that it replaces any non-alphanumeric character with "_". Also it works on an unevaluated version of the "name" attribute (in case if the "id" attribute is not defined). I think this is a bug and I'm not sure why the "escape" method has been changed in case of fixing double evaluations (its main purpose was JavaScript-friendliness) Because it was also reported in same report by our last security report. It's required and is a common practice to avoid XSS. If some plugin has a problem with it, then it also need to be fixed (i.e. replace any non-alpha with _) because it's only for Struts internal usage and users shouldn't depend on Struts internal behavior. Best Regards, Yasser [1] https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ sob., 1 kwi 2023 o 12:43 Greg Huber napisał(a): Maybe a user question (sorry) Using action like this : action="%{#mainAction}!saveDraft"/> struts seems to get the "id" wrong? ...but the "name" correct. eg: entryEdit renders: Should be id="entry_entryAdd_saveDraft" name="action:entryAdd!saveDraft" class="btn btn-warning"> # If I try it on my app it does the same thing renders: should be - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: looking at roller upgrade again
Modified version here https://github.com/gregh3269/struts/tree/WW-5302-unevaluated-id myConfig action="%{#mainAction}!save" /> method="save" /> id="myConfig_myConfig_save"> On 09/04/2023 15:16, Lukasz Lenart wrote: niedz., 9 kwi 2023 o 12:20 Greg Huber napisał(a): Testing the branch it is still the same? Please try now Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: looking at roller upgrade again
branch WW-5302-unevaluated-id Seems the same to me. Note the action has a variable: %{#mainAction}!save All it seems to be doing is escaping action: %{#mainAction}!save : %{#mainAction}!save ___mainAction}_save On 09/04/2023 15:16, Lukasz Lenart wrote: niedz., 9 kwi 2023 o 12:20 Greg Huber napisał(a): Testing the branch it is still the same? Please try now Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: looking at roller upgrade again
Testing the branch it is still the same? myConfig id="myConfigmainAction__save" > What we want is: id="myConfig_myConfig_save" > ## It needs this from previous email // determine actual action ActionMapping mapping = new ActionMapping(); mapping.setName(findString(action)); if (method != null) { mapping.setMethod(findString(method)); } mapping.setExtension(""); String tmp = actionMapper.getUriFromActionMapping(mapping); _tmp_id = _tmp_id + escape(tmp); On 09/04/2023 10:52, Lukasz Lenart wrote: PR is ready https://github.com/apache/struts/pull/678 - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: looking at roller upgrade again
I guess what we want. ### In the FormButton populateComponentHtmlId(Form form) it evaluates the action based on the text rather than the "actual" action. If the action is determined from the mapping it renders correctly. See "// determine actual action" in code below entryEdit renders: # org.apache.struts2.components.FormButton protected void populateComponentHtmlId(Form form) { String _tmp_id = ""; if (id != null) { // this check is needed for backwards compatibility with 2.1.x _tmp_id = findString(id); } else { if (form != null && form.getParameters().get("id") != null) { _tmp_id = _tmp_id + form.getParameters().get("id").toString() + "_"; } if (name != null) { _tmp_id = _tmp_id + escape(name); } else if (action != null || method != null) { if (action != null) { //_tmp_id = _tmp_id + escape(tmp); // determine actual action ActionMapping mapping = new ActionMapping(); mapping.setName(findString(action)); if (method != null) { mapping.setMethod(findString(method)); } mapping.setExtension(""); String tmp = actionMapper.getUriFromActionMapping(mapping); _tmp_id = _tmp_id + escape(tmp); } //if (method != null) { //_tmp_id = _tmp_id + "_" + escape(method); //} } else { // if form is null, this component is used, without a form, i guess // there's not much we could do then. if (form != null) { _tmp_id = _tmp_id + form.getSequence(); } } } addParameter("id", _tmp_id); addParameter("escapedId", escape(_tmp_id)); } On 08/04/2023 20:00, Lukasz Lenart wrote: What about such an approach? The ID is generated based on the evaluated version of the name attribute. Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: looking at roller upgrade again
Thanks. There is a selenium test in roller that checks on the id clickById("entry_%{#mainAction}!publish"); it now has: entrymainAction__publish" I guess its a matter of modifying the test, as %{ characters etc may not be desirable the id field? On 03/04/2023 08:48, Lukasz Lenart wrote: The change has been introduced here [1] and the problem is that it replaces any non-alphanumeric character with "_". Also it works on an unevaluated version of the "name" attribute (in case if the "id" attribute is not defined). I think this is a bug and I'm not sure why the "escape" method has been changed in case of fixing double evaluations (its main purpose was JavaScript-friendliness) [1] https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ sob., 1 kwi 2023 o 12:43 Greg Huber napisał(a): Maybe a user question (sorry) Using action like this : action="%{#mainAction}!saveDraft"/> struts seems to get the "id" wrong? ...but the "name" correct. eg: entryEdit renders: Should be # If I try it on my app it does the same thing renders: should be - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
looking at roller upgrade again
Maybe a user question (sorry) Using action like this : action="%{#mainAction}!saveDraft"/> struts seems to get the "id" wrong? ...but the "name" correct. eg: entryEdit renders: id="entrymainAction__saveDraft" name="action:entryAdd!saveDraft" class="btn btn-warning"> Should be name="action:entryAdd!saveDraft" class="btn btn-warning"> # If I try it on my app it does the same thing method="post"> accesskey="s" /> renders: id="myConfig___myConfigz__save" accesskey="s"> should be id="myConfig_myConfig_save" accesskey="s"> - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Fwd: Struts2-bootstrap-plugin
This may not be an issue. So please ignore the previous email. ..dependency stuff linked with using the plugin. Forwarded Message Subject:Struts2-bootstrap-plugin Date: Thu, 23 Mar 2023 10:02:55 + From: Greg Huber To: Struts Developers List I was looking at apache roller which uses the struts2-bootstrap-plugin. When I check the generated id's they seem to have extra underscores? id="entrymainAction__publish" name="action:entryEdit!publish" class="btn btn-success"> Is this intentional? ### When I look at "normal" tags only see one underscore: name="action:myAdd!save">
Struts2-bootstrap-plugin
I was looking at apache roller which uses the struts2-bootstrap-plugin. When I check the generated id's they seem to have extra underscores? id="entrymainAction__publish" name="action:entryEdit!publish" class="btn btn-success"> Is this intentional? ### When I look at "normal" tags only see one underscore: name="action:myAdd!save"> - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Apache tiles
Dave, BTW, Struts devs are planning to merge the tiles code base into the Struts Tiles Plugin to eliminate the dependency on the now Attic project. https://github.com/apache/struts/tree/WW-5233-tiles/plugins/tiles On 20/03/2023 21:38, Dave wrote: Hi Laurent and PJ, The Apache Roller project still uses Struts, Tiles and Velocity and I would like to see the projects continue and move into Jakarta land. I have some limited time to help out. What do y'all need help with? Dave On Sun, Mar 19, 2023 at 8:01 AM PJ Fanning wrote: Hi Laurent, I don't want to write off the possibility of a Jakarta variant of Tiles joining the Apache Incubator - but the fact that Apache Tiles doesn't have an active community around it is going to be a major impediment. For Apache projects and podlings to succeed, they need a number of contributors to get involved. Could you start by putting your code up on Github or somewhere similar and adding documentation that highlights that you are looking for collaborators? Maybe there are some forums where some remaining users of Tiles can be contacted? There is no impediment to you simply releasing your Jakarta variant of Tiles yourself or via some organisation that you are involved with (e.g. a company that you work with). If you go this route, the ASF would look like to see that you remove all the ASF branding and ideally, change the package names. If you want to avoid having to do all the branding changes and see the new project join/rejoin the ASF, then I think that you'll need to come back to us with more collaborators and probably some indication that they are bought into keeping the project going over the foreseeable future. Regards, PJ On Sat, 18 Mar 2023 at 06:32, Laurent Schoelens wrote: Hi everyone, I’m working on Apache Tiles porting to Jakarta EE (without support of freemarker and velocity, since both of them are still going with javax API) and my work is going to reach it’s end – all builds are successful, jdk17 baseline and updated dependencies (as far as I know) – but still uncommited to my personal github account. I know Tiles is in Attic land of Apache but I’d which to make this first step (Jakarta migration) go to open-source world, without creating new projects out of the box. Tiles is a framework I use on a project, with Spring and since Spring 6 has migrated to Jakarta API, I’m stuck to Spring 5.X if I stay on this. Changing technology is an option for frontend application but not until a good rework that may take months (or years, depending on time we have to do that migration). Having a Tiles Jakarta port would be great since the technology itself is working well on my project. Do you know what can I do to make this properly, according to Apache work ? Thanks in advance for your help. Regards. L. SCHOELENS - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Apache tiles
Maybe tiles will live on. On 20/03/2023 21:38, Dave wrote: Hi Laurent and PJ, The Apache Roller project still uses Struts, Tiles and Velocity and I would like to see the projects continue and move into Jakarta land. I have some limited time to help out. What do y'all need help with? Dave On Sun, Mar 19, 2023 at 8:01 AM PJ Fanning wrote: Hi Laurent, I don't want to write off the possibility of a Jakarta variant of Tiles joining the Apache Incubator - but the fact that Apache Tiles doesn't have an active community around it is going to be a major impediment. For Apache projects and podlings to succeed, they need a number of contributors to get involved. Could you start by putting your code up on Github or somewhere similar and adding documentation that highlights that you are looking for collaborators? Maybe there are some forums where some remaining users of Tiles can be contacted? There is no impediment to you simply releasing your Jakarta variant of Tiles yourself or via some organisation that you are involved with (e.g. a company that you work with). If you go this route, the ASF would look like to see that you remove all the ASF branding and ideally, change the package names. If you want to avoid having to do all the branding changes and see the new project join/rejoin the ASF, then I think that you'll need to come back to us with more collaborators and probably some indication that they are bought into keeping the project going over the foreseeable future. Regards, PJ On Sat, 18 Mar 2023 at 06:32, Laurent Schoelens wrote: Hi everyone, I’m working on Apache Tiles porting to Jakarta EE (without support of freemarker and velocity, since both of them are still going with javax API) and my work is going to reach it’s end – all builds are successful, jdk17 baseline and updated dependencies (as far as I know) – but still uncommited to my personal github account. I know Tiles is in Attic land of Apache but I’d which to make this first step (Jakarta migration) go to open-source world, without creating new projects out of the box. Tiles is a framework I use on a project, with Spring and since Spring 6 has migrated to Jakarta API, I’m stuck to Spring 5.X if I stay on this. Changing technology is an option for frontend application but not until a good rework that may take months (or years, depending on time we have to do that migration). Having a Tiles Jakarta port would be great since the technology itself is working well on my project. Do you know what can I do to make this properly, according to Apache work ? Thanks in advance for your help. Regards. L. SCHOELENS - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Struts Maven Archetypes 6.0.0
+1 It works OK. [ ] Leave at test build [ ] Alpha [ ] Beta [x] General Availability (GA) (B) On 13/03/2023 12:54, Lukasz Lenart wrote: One more binding vote is needed :) pt., 10 mar 2023 o 09:09 Johannes Geppert napisał(a): +1 (binding) [ ] Leave at test build [ ] Alpha [ ] Beta [X] General Availability (GA) # web: http://www.jgeppert.com twitter: http://twitter.com/jogep Am Fr., 24. Feb. 2023 um 08:51 Uhr schrieb Lukasz Lenart < lukaszlen...@apache.org>: The Apache Struts Maven Archetypes 6.0.0 test build is now available. It includes support for the latest Struts version. Changes: * https://github.com/apache/struts-archetypes/releases/tag/STRUTS_ARCHETYPES_6_0_0 Maven 2 staging repository: * https://repository.apache.org/content/repositories/orgapachestruts-1126 To test them you must specify a new profile in settings.xml: struts-archetypes archetype https://repository.apache.org/content/repositories/orgapachestruts-1126 true fail false warn Now you can run the command: mvn archetype:generate -Pstruts-archetypes -Dfilter=org.apache.struts:struts2 and select each archetype, please select version 6.0.0 to test the current test release Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. - The Apache Struts group. Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [CLOSED] [VOTE] [FASTTRACK] Apache Struts 6.1.2
From here: https://markmail.org/search/?q=6.1.2%20list%3Aorg.apache.struts.users#query:6.1.2%20list%3Aorg.apache.struts.users+page:1+mid:fexjsvlz3u6uwdt5+state:results Subject: [ANN] Apache Struts *6.1.2* <http://markmail.org/message/fexjsvlz3u6uwdt5> permalink <http://markmail.org/message/fexjsvlz3u6uwdt5> From: Lukasz Lenart (luka...@apache.org) Date: Mar 9, 2023 10:59:12 pm List: *org.apache.struts.user* Can the dev list be added also? On 13/03/2023 10:27, Lukasz Lenart wrote: pon., 13 mar 2023 o 10:56 Greg Huber napisał(a): OK thanks. I checked my spam/bin folder, maybe the email did not get sent? I have no idea how to check that :) Regards
Re: [CLOSED] [VOTE] [FASTTRACK] Apache Struts 6.1.2
OK thanks. I checked my spam/bin folder, maybe the email did not get sent? On 13/03/2023 09:50, Lukasz Lenart wrote: pon., 13 mar 2023 o 10:46 Greg Huber napisał(a): Was there an email of the official release? May have missed it. Yes, it was https://lists.apache.org/thread/5rsp3r0p6sxtqk6yr592txx7lgcd3qnv Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [CLOSED] [VOTE] [FASTTRACK] Apache Struts 6.1.2
Was there an email of the official release? May have missed it. On 10/03/2023 06:18, Lukasz Lenart wrote: Vote passed with result: GA +1 x3 (binding) GA +1 x2 (non-binding) Thanks & regards Łukasz śr., 8 mar 2023 o 21:10 Lukasz Lenart napisał(a): - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] [FASTTRACK] Apache Struts 6.1.2
Works for me. Thanks. [ ] Leave at test build [ ] Alpha [ ] Beta [x] General Availability (GA) (B) On 08/03/2023 20:10, Lukasz Lenart wrote: The Apache Struts 6.1.2 test build is now available. It includes the latest security patch which fixes potential security vulnerability: * missing max files upload limit in Commons FileUpload, CVE-2023-24998 https://github.com/apache/commons-fileupload/pull/185 Release notes: * https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.1.2 Distribution: * https://dist.apache.org/repos/dist/dev/struts/6.1.2/ Maven 2 staging repository: * https://repository.apache.org/content/repositories/staging/ Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. This is a "fast-track" release vote. If we have a positive vote after 24 hours (at least three binding +1s and more +1s than -1s), the release may be submitted for mirroring and announced to the usual channels. Regards Łukasz - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Fileupload on JakartaEE
..probably right, but its always good to have a backup to dependencies. On 28/02/2023 07:29, Lukasz Lenart wrote: I think this is not the way to handle the file upload with Servlet API 3.1 - we must wait on upgrading commons-fileupload to version supporting Jakarta API (btw. Tomcat is using it right now). I will try to help make this happen :) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ niedz., 1 sty 2023 o 10:38 Greg Huber napisał(a): I rechecked tomcats work folder to see what the parts are, there are no files with zero size, only the the hidden fields, submit button (Upload) and the image. The two extra parts could be these as they have the name uploadedFiles and match FieldName=uploadedFiles ## Bulk Upload Upload Upload Files On 01/01/2023 08:32, Lukasz Lenart wrote: sob., 31 gru 2022 o 08:18 Greg Huber napisał(a): Seems there is more going on, as without it there are two extra parts with no StoreLocation. "Without it" - what does that mean? name=, StoreLocation=null, size=0 bytes, isFormField=false, FieldName=uploadedFiles name=myimage.jpg, StoreLocation=/home/dev/git/myapp/myapp/work/upload_0f8323e4_9dd9_4972_8305_6b7c31911f47_0033.tmp, size=1050531 bytes, isFormField=false, FieldName=uploadedFiles name=, StoreLocation=null, size=0 bytes, isFormField=false, FieldName=uploadedFiles Could you share your html form? I would like to test locally what's going on. Maybe I should ignore files with 0 size https://stackoverflow.com/questions/2422468/how-can-i-upload-files-to-a-server-using-jsp-servlet/2424824#2424824 Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Fileupload on JakartaEE
I rechecked tomcats work folder to see what the parts are, there are no files with zero size, only the the hidden fields, submit button (Upload) and the image. The two extra parts could be these as they have the name uploadedFiles and match FieldName=uploadedFiles id="uploadFiles_uploadedFiles" multiple="multiple"> id="uploadFiles_uploadedFiles" multiple="multiple"> ## action="/user/Resources.action" enctype="multipart/form-data" method="POST"> id="uploadFiles_check"> id="uploadFiles_pageNum"> id="uploadFiles_path"> id="uploadFiles_type"> id="uploadFiles_rowSize"> id="uploadFiles_resize"> id="uploadFiles_overwrite"> href="#tab1">Bulk Upload Upload Upload Files multiple="multiple" title="Upload Files" class="ga-upload-button"> style="width:80%;display:none;"> id="uploadFiles_uploadedFiles" multiple="multiple"> id="uploadFiles_uploadedFiles" multiple="multiple"> value="Upload" id="uploadFiles_resources_upload"> value="Cancel" id="uploadFiles_resources_cancel"> On 01/01/2023 08:32, Lukasz Lenart wrote: sob., 31 gru 2022 o 08:18 Greg Huber napisał(a): Seems there is more going on, as without it there are two extra parts with no StoreLocation. "Without it" - what does that mean? name=, StoreLocation=null, size=0 bytes, isFormField=false, FieldName=uploadedFiles name=myimage.jpg, StoreLocation=/home/dev/git/myapp/myapp/work/upload_0f8323e4_9dd9_4972_8305_6b7c31911f47_0033.tmp, size=1050531 bytes, isFormField=false, FieldName=uploadedFiles name=, StoreLocation=null, size=0 bytes, isFormField=false, FieldName=uploadedFiles Could you share your html form? I would like to test locally what's going on. Maybe I should ignore files with 0 size https://stackoverflow.com/questions/2422468/how-can-i-upload-files-to-a-server-using-jsp-servlet/2424824#2424824 Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Fileupload on JakartaEE
Seems there is more going on, as without it there are two extra parts with no StoreLocation. name=, StoreLocation=null, size=0 bytes, isFormField=false, FieldName=uploadedFiles name=myimage.jpg, StoreLocation=/home/dev/git/myapp/myapp/work/upload_0f8323e4_9dd9_4972_8305_6b7c31911f47_0033.tmp, size=1050531 bytes, isFormField=false, FieldName=uploadedFiles name=, StoreLocation=null, size=0 bytes, isFormField=false, FieldName=uploadedFiles On 30/12/2022 09:18, Lukasz Lenart wrote: pt., 30 gru 2022 o 10:06 Greg Huber napisał(a): Also need an extra check || "".equals(part.getSubmittedFileName() for (Part part : parts) { if (part.getSubmittedFileName() == null || "".equals(part.getSubmittedFileName()) ) { // normal field Empty getSubmittedFileName() means the file was uploaded but with empty "filename" attribue in the Content-Disposition header https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition#as_a_header_for_a_multipart_body Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Fileupload on JakartaEE
Also need an extra check || "".equals(part.getSubmittedFileName() for (Part part : parts) { if (part.getSubmittedFileName() == null || "".equals(part.getSubmittedFileName()) ) { // normal field LOG.error("Ignoring a normal form field: {}", part.getName()); } else { // file upload LOG.error("Storing file: {} in save dir: {}", part.getSubmittedFileName(), saveDir); parseFile(part, saveDir); } } On 30/12/2022 09:01, Lukasz Lenart wrote: pt., 30 gru 2022 o 09:39 Greg Huber napisał(a): Is it possible to use the original temp file that tomcat creates rather than creating another one? If "struts.multipart.saveDir" is not provided (or empty), Struts will use "javax.servlet.context.tempdir" which should be defined in servlet context. Yet I notice some inconsistency and I'm working on that. Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Fileupload on JakartaEE
With the correct servlet mapping (other email) it kind of works, but the file has zero size. in ServletMultiPartRequest.extractFile(Part part, String saveDir) it creates an empty temporary file (line 134) which it returns: File tempFile = File.createTempFile(prefix + "_", suffix, new File(saveDir)); if I add the data from the original file it works (but slow). try (OutputStream out = new FileOutputStream(tempFile)) { InputStream fileContent = part.getInputStream(); int read = 0; final byte[] bytes = new byte[1024]; while ((read = fileContent.read(bytes)) != -1) { out.write(bytes, 0, read); } } Is it possible to use the original temp file that tomcat creates rather than creating another one? On 30/12/2022 08:18, Lukasz Lenart wrote: czw., 29 gru 2022 o 17:40 Greg Huber napisał(a): Does not seem to call the servlet, only a 404. I use the StrutsPrepareAndExecuteFilter. With the filter mapping, how does it use the servlet mapping? The basic idea is that when the filter detects if this a fileupload request and the new ServletMultiPartRequest is used, it will skip processing and let the servlet do the job. boolean isMultipartRequest = request instanceof MultiPartRequestWrapper is still false. Strange, this happens here [1] after the request was recognised as multipart [2] [1] https://github.com/apache/struts/blob/master/core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java#L919-L930 [2] https://struts.apache.org/core-developers/file-upload.html#disabling-file-upload-support Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Fileupload on JakartaEE
fileUploadServlet /user/resources.action makes it work, but ends up with an empty file called embeddable53b33ea6a4fb4bb1957d35fa60af338c.jpg. Will debug some more.😁 On 29/12/2022 12:56, Lukasz Lenart wrote: czw., 29 gru 2022 o 13:34 Greg Huber napisał(a): I have now set struts.multipart.parser=org.apache.struts2.dispatcher.multipart.ServletMultiPartRequest this must be: struts.multipart.parser=servlet (I will document this latter) fileUploadServlet org.apache.struts2.dispatcher.servlet.FileUploadServlet fileUploadServlet /fileupload/* /tags/ui/* Just be sure you are using proper patterns matching your endpoints with fileupload Error uploading: No boundary defined!! It means something else already handled the upload My upload action is /user/resources.action This endpoint should be defined in web.xml fileUploadServlet /user/resources* Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Fileupload on JakartaEE
struts.multipart.parser=servlet struts2 url-pattern>*.action fileUploadServlet /user/resources* Does not seem to call the servlet, only a 404. I use the StrutsPrepareAndExecuteFilter. With the filter mapping, how does it use the servlet mapping? boolean isMultipartRequest = request instanceof MultiPartRequestWrapper is still false. On 29/12/2022 12:56, Lukasz Lenart wrote: czw., 29 gru 2022 o 13:34 Greg Huber napisał(a): I have now set struts.multipart.parser=org.apache.struts2.dispatcher.multipart.ServletMultiPartRequest this must be: struts.multipart.parser=servlet (I will document this latter) fileUploadServlet org.apache.struts2.dispatcher.servlet.FileUploadServlet fileUploadServlet /fileupload/* /tags/ui/* Just be sure you are using proper patterns matching your endpoints with fileupload Error uploading: No boundary defined!! It means something else already handled the upload My upload action is /user/resources.action This endpoint should be defined in web.xml fileUploadServlet /user/resources* Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Fileupload on JakartaEE
I have now set struts.multipart.parser=org.apache.struts2.dispatcher.multipart.ServletMultiPartRequest fileUploadServlet org.apache.struts2.dispatcher.servlet.FileUploadServlet fileUploadServlet /fileupload/* /tags/ui/* # I get in FileUploadSupport.java isMultipartRequest == false isServletMultipartRequest == true and an error: Error uploading: No boundary defined!! # My upload action is /user/resources.action enctype="multipart/form-data">.. # If I change isMultipartRequest == true I get Status Code 404 Message The requested resource [/user/resources.action] is not available On 29/12/2022 11:41, Lukasz Lenart wrote: czw., 29 gru 2022 o 11:55 Greg Huber napisał(a): I made no changes just used the branch as is. I tried deleting the commons jar to make sure it was using the new code but my app won't start without it. Cool, it means I didn't break any existing configuration :D Did you change the value of the "struts.multipart.parser" constant? ..If I add a breakpoint on FileUploadSupport isFileUploadRequest(..) it stops so I assume its being used. Yes, it is used just to verify if request should be left to be processed by the servlet, to full use the new @MultipartConfig you must add the following servlet in your web.xml plus additional mapping https://github.com/apache/struts/pull/650/files#diff-058a38cfcdd6de381467549793200fd7c1e0f790a1de1fd72e27cd2cf4a06079 Regards
Re: Fileupload on JakartaEE
I made no changes just used the branch as is. I tried deleting the commons jar to make sure it was using the new code but my app won't start without it. ..If I add a breakpoint on FileUploadSupport isFileUploadRequest(..) it stops so I assume its being used. On 29/12/2022 10:44, Lukasz Lenart wrote: czw., 29 gru 2022 o 11:40 Greg Huber napisał(a): WW-5273-servlet-upload branch works on both my ajax and forms based upload. Great to hear that! Did you have any problem with configuring that additional FileUploadServlet which is needed by Servlet API 3.1? (although commons-fileupload-1.4.jar is still included) Yes, it's there still as the old MultiPartRequest instances are using it, it will be gone once the deprecated classes will be removed in 7.0.0 I can make it optional though :) Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Fileupload on JakartaEE
WW-5273-servlet-upload branch works on both my ajax and forms based upload. (although commons-fileupload-1.4.jar is still included) On 29/12/2022 09:38, Lukasz Lenart wrote: Take a look on that PR https://github.com/apache/struts/pull/650 Regards - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [GitHub] [struts] lukaszlenart closed pull request #644: Bump spring-web from 5.3.23 to 6.0.0
Is there a plan for the Jakarta namespace change? All of Spring is now jdk 17. On 13/12/2022 07:52, GitBox wrote: lukaszlenart closed pull request #644: Bump spring-web from 5.3.23 to 6.0.0 URL: https://github.com/apache/struts/pull/644 - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Apache Struts 6.1.1
Thanks, works great for me. [x] General Availability (GA) (B) On 24/11/2022 19:16, Lukasz Lenart wrote: The Apache Struts 6.1.1 test build is available. With this release the following issues were addressed: Release notes: * https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.1.1 Github release * https://github.com/apache/struts/releases/tag/STRUTS_6_1_1 Distribution: * https://dist.apache.org/repos/dist/dev/struts/6.1.1/ Maven 2 staging repository: * https://repository.apache.org/content/repositories/staging/ Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. The vote will remain open for at least 72 hours, longer upon request. A vote can be amended at any time to upgrade or downgrade the quality of the release based on future experience. If an initial vote designates the build as "Beta", the release will be submitted for mirroring and announced to the user list. Once released as a public beta, subsequent quality votes on a build may be held on the user list. As always, the act of voting carries certain obligations. A binding vote not only states an opinion, but means that the voter is agreeing to help do the work. Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [GitHub] [struts] gregh3269 opened a new pull request, #616: WW 5233 Add velocity classes and tests
If anyone has a complex tiles/freemarker layout please can you give the plugin a spin😁 On 18/10/2022 14:47, GitBox wrote: gregh3269 opened a new pull request, #616: URL: https://github.com/apache/struts/pull/616 Whilst I can remember the complex cut and paste, I have added the velocity classes and tests, as the documentation says struts, freemarker and velocity. I tested the jar on the struts-examples-tiles but there is no velocity only jsp/freemarker. If we do not want to support velocity going forward, ignore this PR, but I think we should change the docs. - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: Tiles support
My thinking also, keep things simple. The patch includes all the tests for completeness, I guess as it was meant to be. On 13/10/2022 08:10, Lukasz Lenart wrote: To be honest, I would like to reduce as much as possible by taking some custom steps to generate something. I do not expect to have a lot of issues around Tiles or new feature requests, so having this as simple as possible is the way to go :) Cheers -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ wt., 11 paź 2022 o 11:24 Greg Huber napisał(a): I thought about the autotag stuff and with the validation/tests etc, seemed a good idea to keep it, as its not that involved. Basically it uses template-suite.xml to generate the tag files and tld. I have got it all working, and passing the tests. Rather than the maven autotag plugin, I have a simple class (BuildJspAutotags) that builds the tags to /target/generated-sources/autotag And then if changing the template-suite.xml, run the build and copy manually the classes/tld back into the source. The org.apache.struts2.tiles.BuildJspAutotags.java probably needs a better home. I have committed all this to https://github.com/gregh3269/struts/tree/WW-5233-tiles I can will do another PR so can have a look? On 11/10/2022 10:00, Lukasz Lenart wrote: I copied some auto generated classes but they depend on Autotag classes, so I copied them as well. If something is still missing I have a Tiles build locally and can copy other auto generated stuff. And yes, we should avoid maintaining Autotag, it complicates things. As far as I understand we only use / expose JSP tags, I don't know if someone is using Freemarker/Velocity directives - we can always add them later on request. Regards Łukasz niedz., 9 paź 2022 o 16:17 Greg Huber napisał(a): Looking at it in more depth, I think we need to leave as much code as possible in the attic, including the autotag stuff. Keep only the parts to make it work, and update the tag classes manually. Having to maintain classes to generate the tag classes is pointless (might as well update them directly). If we need to generate the tld we can use the struts tld processor. This means we don't need all of the velocity code, support classes etc and should reduce the plugin packages also. I will play around with it to see what we can loose, so we only have the bare minimum. On Sun, 9 Oct 2022 at 10:52, Greg Huber wrote: Or better, try to build the tags (whatever the maven-autotag-pluging did) on the plugin build? On 09/10/2022 10:28, Greg Huber wrote: The reason why the taglibs were missing, they are generated by tiles auto tag https://tiles.apache.org/tiles-autotag/ Tiles-3 introduces a f Autotag Project, a project that automatically generates tags (or tag-like) artifact from a common template code for a range of templating languages. Today JSP tags, Freemarker directive models and Velocity directives are generated from a common template models. Do we use Freemarker directive models and Velocity directives? Maybe we don't need the autotag in the plugin as we have the tag classes now? On 06/10/2022 14:05, Lukasz Lenart wrote: I have prepared a PR to copy Tiles code base into the Tile plugin - just copied what is needed by the plugin. I would like to merge it after releasing 6.1.0 https://github.com/apache/struts/pull/608 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ wt., 9 sie 2022 o 16:43 Antonio Petrelli napisał(a): - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org