Re: [VOTE] Apache Struts 6.6.0

2024-08-05 Thread Greg Huber 

Works great for me.  Thanks.

[x] General Availability (GA) B

On 06/08/2024 05:47, Lukasz Lenart wrote:

Once you have had a chance to review the test build, please respond
with a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Re: [TEST] Apache Struts 6.6.0 test build is ready

2024-07-20 Thread Greg Huber 
Sorry, please ignore previous emails, I went back in my logs and found 
the same errors.  Fixed it by updating my crusty code.😳


<%@ include file="/WEB-INF/jsps/taglibs-struts2.jsp" %>
<%
pageContext.setAttribute("version",my.model.MyFactory.getMe().getVersion());
pageContext.setAttribute("revision",my.model.MyFactory.getMe().getRevision());
pageContext.setAttribute("",my.model.MyFactory.getMe().getCurrentYear());%>


    Copyright © value="#attr." />value="#attr.revision" />




On 20/07/2024 07:52, Lukasz Lenart wrote:

Hello,

This is another minor version of Struts 6.x series. Please take the
time and test the bits - any help is appreciated. Please report any
problems you will spot.

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_6_6_0

Staging Maven repo
https://repository.apache.org/content/groups/staging/

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/6.6.0/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.6.0


Kind regards
--
Łukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 6.6.0 test build is ready

2024-07-20 Thread Greg Huber 

May have been some formatting on previous mail, here it is again

2024-07-20 09:39:59,406 WARN 
org.apache.struts2.interceptor.TokenSessionStoreInterceptor 
TokenSessionStoreInterceptor:handleInvalidToken - testHandleInvalidToken
2024-07-20 09:39:59,535 WARN com.opensymphony.xwork2.ognl.OgnlValueStack 
OgnlValueStack:logLookupFailure - Caught an exception while evaluating 
expression '#request.' against value stack
java.lang.IllegalStateException: The request object has been recycled 
and is no longer associated with this facade
    at 
org.apache.catalina.connector.RequestFacade.checkFacade(RequestFacade.java:856) 
~[catalina.jar:9.0.91]
    at 
org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:245) 
~[catalina.jar:9.0.91]
    at 
javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) 
~[servlet-api.jar:4.0.FR]
    at 
javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) 
~[servlet-api.jar:4.0.FR]
    at 
javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) 
~[servlet-api.jar:4.0.FR]
    at 
javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) 
~[servlet-api.jar:4.0.FR]
    at 
org.apache.struts2.dispatcher.StrutsRequestWrapper.getAttribute(StrutsRequestWrapper.java:81) 
~[classes/:?]
    at 
org.apache.struts2.dispatcher.RequestMap.get(RequestMap.java:102) 
~[classes/:?]
    at 
ognl.MapPropertyAccessor.getProperty(MapPropertyAccessor.java:76) 
~[ognl-3.3.5.jar:?]
    at 
com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor.getProperty(XWorkMapPropertyAccessor.java:79) 
~[classes/:?]
    at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:3354) 
~[ognl-3.3.5.jar:?]
    at ognl.ASTProperty.getValueBody(ASTProperty.java:121) 
~[ognl-3.3.5.jar:?]
    at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) 
~[ognl-3.3.5.jar:?]

    at ognl.SimpleNode.getValue(SimpleNode.java:258) ~[ognl-3.3.5.jar:?]
    at ognl.ASTChain.getValueBody(ASTChain.java:141) ~[ognl-3.3.5.jar:?]
    at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) 
~[ognl-3.3.5.jar:?]

    at ognl.SimpleNode.getValue(SimpleNode.java:258) ~[ognl-3.3.5.jar:?]
    at ognl.Ognl.getValue(Ognl.java:586) ~[ognl-3.3.5.jar:?]
    at com.opensymphony.xwork2.ognl.OgnlUtil.ognlGet(OgnlUtil.java:596) 
~[classes/:?]
    at 
com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:576) 
~[classes/:?]
    at 
com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:412) 
~[classes/:?]
    at 
com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:346) 
[classes/:?]
    at 
com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:333) 
[classes/:?]
    at 
com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:313) 
[classes/:?]
    at 
org.apache.struts2.components.Component.findValue(Component.java:302) 
[classes/:?]

    at org.apache.struts2.components.Param.end(Param.java:126) [classes/:?]
    at 
org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:38) 
[classes/:?]
    at 
org.apache.jsp.WEB_002dINF.jsps.tiles.footer_jsp._jspx_meth_s_005fparam_005f0(footer_jsp.java:228) 
[work/:?]
    at 
org.apache.jsp.WEB_002dINF.jsps.tiles.footer_jsp._jspx_meth_s_005ftext_005f0(footer_jsp.java:190) 
[work/:?]
    at 
org.apache.jsp.WEB_002dINF.jsps.tiles.footer_jsp._jspService(footer_jsp.java:149) 
[work/:?]
    at 
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:67) 
[jasper.jar:9.0.91]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) 
[servlet-api.jar:?]


footer.jsp

<%@ include file="/WEB-INF/jsps/taglibs-struts2.jsp" %>
<%
request.setAttribute("version",my.model.MyFactory.getMe().getVersion());
request.setAttribute("revision",my.model.MyFactory.getMe().getRevision());
request.setAttribute("",my.model.MyFactory.getMe().getCurrentYear());
%>


    Copyright © value="#request." />value="#request.revision" />



On 20/07/2024 07:52, Lukasz Lenart wrote:

Hello,

This is another minor version of Struts 6.x series. Please take the
time and test the bits - any help is appreciated. Please report any
problems you will spot.

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_6_6_0

Staging Maven repo
https://repository.apache.org/content/groups/staging/

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/6.6.0/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.6.0


Kind regards
--
Łukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 6.6.0 test build is ready

2024-07-20 Thread Greg Huber 
I am looking into duplicate session postings (circular nulls in 
TokenSessionStoreInterceptor by refresh post) in my app, and noticed 
this now in the tomcat log



2024-07-20 09:39:59,406 WARN 
org.apache.struts2.interceptor.TokenSessionStoreInterceptor 
TokenSessionStoreInterceptor:handleInvalidToken - testHandleInvalidToken


2024-07-20 09:39:59,535 WARN com.opensymphony.xwork2.ognl.OgnlValueStack 
OgnlValueStack:logLookupFailure - Caught an exception while evaluating 
expression '#request.' against value stack


java.lang.IllegalStateException: The request object has been recycled 
and is no longer associated with this facade


at 
org.apache.catalina.connector.RequestFacade.checkFacade(RequestFacade.java:856) 
~[catalina.jar:9.0.91]


at 
org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:245) 
~[catalina.jar:9.0.91]


at 
javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) 
~[servlet-api.jar:4.0.FR]


at 
javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) 
~[servlet-api.jar:4.0.FR]


at 
javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) 
~[servlet-api.jar:4.0.FR]


at 
javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:83) 
~[servlet-api.jar:4.0.FR]


at 
org.apache.struts2.dispatcher.StrutsRequestWrapper.getAttribute(StrutsRequestWrapper.java:81) 
~[classes/:?]


at org.apache.struts2.dispatcher.RequestMap.get(RequestMap.java:102) 
~[classes/:?]


at ognl.MapPropertyAccessor.getProperty(MapPropertyAccessor.java:76) 
~[ognl-3.3.5.jar:?]


at 
com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor.getProperty(XWorkMapPropertyAccessor.java:79) 
~[classes/:?]


at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:3354) ~[ognl-3.3.5.jar:?]

at ognl.ASTProperty.getValueBody(ASTProperty.java:121) ~[ognl-3.3.5.jar:?]

at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) 
~[ognl-3.3.5.jar:?]


at ognl.SimpleNode.getValue(SimpleNode.java:258) ~[ognl-3.3.5.jar:?]

at ognl.ASTChain.getValueBody(ASTChain.java:141) ~[ognl-3.3.5.jar:?]

at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) 
~[ognl-3.3.5.jar:?]


at ognl.SimpleNode.getValue(SimpleNode.java:258) ~[ognl-3.3.5.jar:?]

at ognl.Ognl.getValue(Ognl.java:586) ~[ognl-3.3.5.jar:?]

at com.opensymphony.xwork2.ognl.OgnlUtil.ognlGet(OgnlUtil.java:596) 
~[classes/:?]


at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:576) 
~[classes/:?]


at 
com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:412) 
~[classes/:?]


at 
com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:346) 
[classes/:?]


at 
com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:333) 
[classes/:?]


at 
com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:313) 
[classes/:?]


at org.apache.struts2.components.Component.findValue(Component.java:302) 
[classes/:?]


at org.apache.struts2.components.Param.end(Param.java:126) [classes/:?]

at 
org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:38) 
[classes/:?]


at 
org.apache.jsp.WEB_002dINF.jsps.tiles.footer_jsp._jspx_meth_s_005fparam_005f0(footer_jsp.java:228) 
[work/:?]


at 
org.apache.jsp.WEB_002dINF.jsps.tiles.footer_jsp._jspx_meth_s_005ftext_005f0(footer_jsp.java:190) 
[work/:?]


at 
org.apache.jsp.WEB_002dINF.jsps.tiles.footer_jsp._jspService(footer_jsp.java:149) 
[work/:?]


The footer.jsp

/>/>


Are there any changes made on this version that would cause this?

On 20/07/2024 07:52, Lukasz Lenart wrote:

Hello,

This is another minor version of Struts 6.x series. Please take the
time and test the bits - any help is appreciated. Please report any
problems you will spot.

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_6_6_0

Staging Maven repo
https://repository.apache.org/content/groups/staging/

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/6.6.0/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.6.0


Kind regards
--
Łukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M7 test build is ready

2024-06-23 Thread Greg Huber 
Going through my parameters, as I share alot of screens in various parts 
with different requirements, a struts.xml version on the action, similar to


save,publish,expire

would work well here ie

path,filter

public String getPath() {
    return path;
}

public String getFilter() {
    return filter;
}

Just an idea.

On 18/06/2024 08:57, Kusal Kithul-Godage wrote:

Yeah good call I'll look into it

On Tue, Jun 18, 2024 at 5:54 PM Greg Huber  wrote:

OK thanks.

Can the logging be the same others - Developer Notification rather than
changing the debug level?

ie for a bad date I get

024-06-18 08:24:53,696 WARN org.apache.struts2.components.Date Date:end
- Developer Notification (set struts.devMode to false to disable this
message):

Expression [bean.created] passed to  tag which was evaluated to
[null](null) isn't supported!

On 18/06/2024 08:34, Kusal Kithul-Godage wrote:

Good questions

The log messages for these are at the debug level so you will need to
enable logging at the debug level to see these. This was a deliberate
decision as otherwise bad actors would be able to flood your
application logs.

The annotations should only target Action class methods. If you are
using a bean (also known as a form DTO), you only need to annotate the
getter method on the Action class that returns that bean (and with an
appropriate depth limit).

If you add `@StrutsParameter(depth = 99)` to every getter/setter
method on every Action class, it is indeed equivalent to disabling the
capability entirely.

So the annotation exists to prevent your application users from
invoking any arbitrary getter/setter on your Action classes as they
have been able to do in Struts 6 and earlier.

Also feel free to have a read of this section if you haven't had a chance too:
https://struts.apache.org/security/#defining-and-annotating-your-action-parameters

On Tue, Jun 18, 2024 at 5:22 PM Greg Huber   wrote:

For the |struts.parameters.requireAnnotations=||true|

If I test my action, there are no log messages for these.  ie missing
@StrutsParameter.

It also says Action class, what if I have a bean in the action class, do
I need to do these also?

If I add them to every field/bean is this the same as setting it false?
ie what does @StrutsParameter do?

On 18/06/2024 07:44, Kusal Kithul-Godage wrote:

I've fleshed out the Security section of the migration guide. Open to
any feedback on anything that is still unclear.
https://cwiki.apache.org/confluence/x/wYp3EQ

On Mon, Jun 17, 2024 at 8:14 PM Kusal Kithul-Godage
wrote:

Ah right - yep no objections here

Based on the feedback in this thread, I'm working on a minor
enhancement for the allowlisting capability which will allow it to
continue working at a lesser strictness in environments where
Hibernate entities are used. I'll target M8 for this as well as the
updated documentation

On Mon, Jun 17, 2024 at 8:07 PM Lukasz Lenartwrote:

pon., 17 cze 2024 o 11:00 Kusal Kithul-Godage
napisał(a):

When you say release officially do you mean as the final Struts 7.0.0?

I meant release -> publish as M7 in the Maven Central - in such a case
we can spread testing to other users as they can use official
artifacts.

Regards
Lukasz

-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
For additional commands,e-mail:dev-h...@struts.apache.org


-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
For additional commands,e-mail:dev-h...@struts.apache.org


-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
For additional commands,e-mail:dev-h...@struts.apache.org


-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M7 test build is ready

2024-06-18 Thread Greg Huber 

OK thanks.

Can the logging be the same others - Developer Notification rather than 
changing the debug level?


ie for a bad date I get

024-06-18 08:24:53,696 WARN org.apache.struts2.components.Date Date:end 
- Developer Notification (set struts.devMode to false to disable this 
message):


Expression [bean.created] passed to  tag which was evaluated to 
[null](null) isn't supported!


On 18/06/2024 08:34, Kusal Kithul-Godage wrote:

Good questions

The log messages for these are at the debug level so you will need to
enable logging at the debug level to see these. This was a deliberate
decision as otherwise bad actors would be able to flood your
application logs.

The annotations should only target Action class methods. If you are
using a bean (also known as a form DTO), you only need to annotate the
getter method on the Action class that returns that bean (and with an
appropriate depth limit).

If you add `@StrutsParameter(depth = 99)` to every getter/setter
method on every Action class, it is indeed equivalent to disabling the
capability entirely.

So the annotation exists to prevent your application users from
invoking any arbitrary getter/setter on your Action classes as they
have been able to do in Struts 6 and earlier.

Also feel free to have a read of this section if you haven't had a chance too:
https://struts.apache.org/security/#defining-and-annotating-your-action-parameters

On Tue, Jun 18, 2024 at 5:22 PM Greg Huber  wrote:

For the |struts.parameters.requireAnnotations=||true|

If I test my action, there are no log messages for these.  ie missing
@StrutsParameter.

It also says Action class, what if I have a bean in the action class, do
I need to do these also?

If I add them to every field/bean is this the same as setting it false?
ie what does @StrutsParameter do?

On 18/06/2024 07:44, Kusal Kithul-Godage wrote:

I've fleshed out the Security section of the migration guide. Open to
any feedback on anything that is still unclear.
https://cwiki.apache.org/confluence/x/wYp3EQ

On Mon, Jun 17, 2024 at 8:14 PM Kusal Kithul-Godage
   wrote:

Ah right - yep no objections here

Based on the feedback in this thread, I'm working on a minor
enhancement for the allowlisting capability which will allow it to
continue working at a lesser strictness in environments where
Hibernate entities are used. I'll target M8 for this as well as the
updated documentation

On Mon, Jun 17, 2024 at 8:07 PM Lukasz Lenart   wrote:

pon., 17 cze 2024 o 11:00 Kusal Kithul-Godage
   napisał(a):

When you say release officially do you mean as the final Struts 7.0.0?

I meant release -> publish as M7 in the Maven Central - in such a case
we can spread testing to other users as they can use official
artifacts.

Regards
Lukasz

-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
For additional commands,e-mail:dev-h...@struts.apache.org


-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
For additional commands,e-mail:dev-h...@struts.apache.org


-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M7 test build is ready

2024-06-18 Thread Greg Huber 

For the |struts.parameters.requireAnnotations=||true|

If I test my action, there are no log messages for these.  ie missing 
@StrutsParameter.


It also says Action class, what if I have a bean in the action class, do 
I need to do these also?


If I add them to every field/bean is this the same as setting it false?  
ie what does @StrutsParameter do?


On 18/06/2024 07:44, Kusal Kithul-Godage wrote:

I've fleshed out the Security section of the migration guide. Open to
any feedback on anything that is still unclear.
https://cwiki.apache.org/confluence/x/wYp3EQ

On Mon, Jun 17, 2024 at 8:14 PM Kusal Kithul-Godage
  wrote:

Ah right - yep no objections here

Based on the feedback in this thread, I'm working on a minor
enhancement for the allowlisting capability which will allow it to
continue working at a lesser strictness in environments where
Hibernate entities are used. I'll target M8 for this as well as the
updated documentation

On Mon, Jun 17, 2024 at 8:07 PM Lukasz Lenart  wrote:

pon., 17 cze 2024 o 11:00 Kusal Kithul-Godage
  napisał(a):

When you say release officially do you mean as the final Struts 7.0.0?

I meant release -> publish as M7 in the Maven Central - in such a case
we can spread testing to other users as they can use official
artifacts.

Regards
Lukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org


-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M7 test build is ready

2024-06-16 Thread Greg Huber 

These work for me also:





Looks good.

On 16/06/2024 17:58, Kusal Kithul-Godage wrote:

Hi Burton

The migration guide incorrectly stated
struts.disallowProxyMemberAccess - I've corrected this now (thanks
Lukasz for the permission).

The options you need to set are:
struts.disallowProxyObjectAccess=false
struts.allowlist.enable=false

As for struts.parameters.requireAnnotations, this has no relation to
proxy objects. You will of course need to add the necessary
annotations throughout your codebase but much of it can be scripted.
I'd recommend starting here to understand how the annotation works:
https://struts.apache.org/security/#defining-and-annotating-your-action-parameters
The transition mode option is also available which should make keeping
this option enabled even less laborious.

On Mon, Jun 17, 2024 at 2:16 AM Burton Rhodes  wrote:

I am having the same issue because many of our JSPs access Hibernate
proxy objects. However, setting [struts.disallowProxyMemberAccess=false]
is not working for me.  I am still receiving "Access to proxy is
blocked!" errors. Correcting this issue properly (by changing our JSPs)
will take significant time so I would prefer to initially take the
security risk.

Below is an example of a log entry plus the "non-secure" struts.xml
settings.

Log Entry Example
  com.opensymphony.xwork2.ognl.SecurityMemberAccess - Access to proxy
is blocked! Target [--data here--], proxy class
[com.afs.core.entity.Folder$HibernateProxy$OVniT9Ol]

struts.xml
  
  
  


-- Original Message --
 From "Kusal Kithul-Godage" 
To "Struts Developers List" 
Date 6/16/2024 9:51:36 AM
Subject Re: [TEST] Apache Struts 7.0.0-M7 test build is ready


So the allowlist configuration is usually just informed by the
warnings logged during runtime. For most applications this will either
be nothing or some Pojo packages. So for the example log warning
you've provided that would be:
struts.allowlist.packageNames=my.pojo

However, the main issue you're having here is that your Pojos are
actually Hibernate entities, and you are then accessing them directly
using OGNL - which is not recommended. The allowlist capability is
also not compatible with any type of proxy object, Hibernate entities
included.

So you've 2 options here:

a) Disable both the proxy block and the allowlist using the following
options and accept the increased security risk.
struts.disallowProxyObjectAccess=false
struts.allowlist.enable=false

b) Invest some time introducing an intermediary layer which provides
proper separation between your database entities and view layer. This
will completely eliminate the risk of exploits targeting your view
layer being escalated to the persistence layer.

I obviously recommend the latter but we are not going to force this
upon anyone as I understand it can take some effort and resources you
may not have.

Thank you for reporting this though as I expect yours won't be the
only Struts application with this issue. I'll update the documentation
to better acknowledge this case as well as the options I outlined
above.

Lukasz if you could give me edit permission for the Struts 7.x
migration guide, I'll add a quick note there too.

On Sun, Jun 16, 2024 at 8:21 PM Greg Huber  wrote:

  2024-06-16 11:06:39,002 WARN
  com.opensymphony.xwork2.ognl.SecurityMemberAccess
  SecurityMemberAccess:isAccessible - Access to proxy is blocked! Target

  The docs don't give any hints on what the list should be.

  

  

  my.pojo.Pojo$HibernateProxy$tEzkTVrG]

  This is an inquiry screen.

  On 16/06/2024 10:51, Kusal Kithul-Godage wrote:
  > So you've got 2 separate issues here:
  > * Pojos that are not allowlisted
  > * OGNL executions against Spring/Hibernate proxied objects
  >
  > If you have genuine Pojos that need allowlisting, you can do so by
  > following the documentation:
  > https://struts.apache.org/security/#ognl-member-access
  > Allowlisting Pojos is perfectly fine and will not reduce security.
  >
  > As for manipulating Spring/Hibernate objects via OGNL - this is a
  > security risk as it means in the event of an SSTI vulnerability,
  > attackers may also be able to manipulate Spring/Hibernate objects. I'd
  > first review why your application is relying on this behaviour.
  >
  > On Sun, Jun 16, 2024 at 7:39 PM Greg Huber  wrote:
  >> I use both spring and hibernate v6 testing, I would not want to make any
  >> drastic changes to these as they are painful.
  >>
  >> Here is one (of many)
  >>
  >> 2024-06-16 09:26:21,419 WARN
  >> com.opensymphony.xwork2.ognl.SecurityMemberAccess
  >> SecurityMemberAccess:checkAllowlist - Declaring class [class
  >> my.pojo.Pojo] of member type [public java.lang.String
  >> my.pojo.Pojo.getUserName()] is not allowlisted!
  >> 2024-06-16 09:26:21,41

Re: [TEST] Apache Struts 7.0.0-M7 test build is ready

2024-06-16 Thread Greg Huber 
2024-06-16 11:06:39,002 WARN 
com.opensymphony.xwork2.ognl.SecurityMemberAccess 
SecurityMemberAccess:isAccessible - Access to proxy is blocked! Target


The docs don't give any hints on what the list should be.





my.pojo.Pojo$HibernateProxy$tEzkTVrG]

This is an inquiry screen.

On 16/06/2024 10:51, Kusal Kithul-Godage wrote:

So you've got 2 separate issues here:
* Pojos that are not allowlisted
* OGNL executions against Spring/Hibernate proxied objects

If you have genuine Pojos that need allowlisting, you can do so by
following the documentation:
https://struts.apache.org/security/#ognl-member-access
Allowlisting Pojos is perfectly fine and will not reduce security.

As for manipulating Spring/Hibernate objects via OGNL - this is a
security risk as it means in the event of an SSTI vulnerability,
attackers may also be able to manipulate Spring/Hibernate objects. I'd
first review why your application is relying on this behaviour.

On Sun, Jun 16, 2024 at 7:39 PM Greg Huber  wrote:

I use both spring and hibernate v6 testing, I would not want to make any
drastic changes to these as they are painful.

Here is one (of many)

2024-06-16 09:26:21,419 WARN
com.opensymphony.xwork2.ognl.SecurityMemberAccess
SecurityMemberAccess:checkAllowlist - Declaring class [class
my.pojo.Pojo] of member type [public java.lang.String
my.pojo.Pojo.getUserName()] is not allowlisted!
2024-06-16 09:26:21,419 WARN
com.opensymphony.xwork2.ognl.SecurityMemberAccess
SecurityMemberAccess:isAccessible - Access to non-public [private
java.lang.String my.pojo.Pojo.userName] is blocked!

public class Pojo {

private String userName;

public String getUserName() {
  return userName;
  }

}

On 16/06/2024 10:33, Kusal Kithul-Godage wrote:

That suggests the target is proxied by Spring or Hibernate, which
Pojos should not be by definition. You'll need to attach a debugger to
investigate why this is the case

On Sun, Jun 16, 2024 at 7:19 PM Greg Huber   wrote:

The text looks ok, but I get this in the log also:

2024-06-16 10:15:12,587 WARN
com.opensymphony.xwork2.ognl.SecurityMemberAccess
SecurityMemberAccess:isAccessible - Access to proxy is blocked! Target [][

Where the target is my pojo, which I have alot of.

On 16/06/2024 10:15, Kusal Kithul-Godage wrote:

I didn't do much testing with the Struts JSP integration beyond the
examples in the showcase app so it's possible I've missed some
packages/classes that should be allowed by default.

Could you share the warnings you are receiving? Perhaps deduplicate
the warnings first if there are many repetitive ones

On Sun, Jun 16, 2024 at 7:10 PM Greg Huberwrote:

Sorry checked the wrong log file, it was this one, needed to be false.



Is there any docs on this?  ie and example of what would go in the list,
as its excluding struts default stuff.

On 16/06/2024 10:01, Kusal Kithul-Godage wrote:

All of the mentioned options should log issues at warn level or
greater, except for 'struts.parameters.requireAnnotations' which will
log at debug level.

Using the following PR as a reference, you can revert settings to
their previous value one by one, to isolate which option may be
causing your application issues.
https://github.com/apache/struts/pull/919/files

Once you have isolated and corrected any issues, please re-enable the
options as they offer significant protection against vulnerabilities.

On Sun, Jun 16, 2024 at 6:39 PM Greg Huber wrote:

I tried this and there is alot of text missing on my jsp pages

it mentions these:

|struts.ognl.allowStaticFieldAccess=||false|
|struts.ognl.expressionMaxLength=||150|
|struts.disallowDefaultPackageAccess=||true|
|struts.disallowProxyMemberAccess=||true|
|struts.parameters.requireAnnotations=||true|
|struts.ognl.disallowCustomOgnlMap=||true|
|struts.allowlist.enable=||true|
|
|
|I tried
|
|
|
|struts.ognl.allowStaticFieldAccess=true
|
|
|
|but it made no difference.|
|
|
|There are no warning in the logs.
|

On 12/06/2024 07:12, Lukasz Lenart wrote:

Hello,

This is another milestone of Struts 7.x series, which is based on
JakartaEE 6. Please take the time and test the bits - any help is
appreciated. Please report any problems you will spot.

Please read the Migration guide as this version includes stronger
security options
https://cwiki.apache.org/confluence/display/WW/Struts+6.x.x+to+7.x.x+migration

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M7

Staging Maven repo
https://repository.apache.org/content/groups/staging/

* please read our guideline how to setup your Maven build to include
the Staging repository
   https://struts.apache.org/builds.html#test-builds

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/7.0.0-M7/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M7


Have fun!
Łukasz

---

Re: [TEST] Apache Struts 7.0.0-M7 test build is ready

2024-06-16 Thread Greg Huber 
I use both spring and hibernate v6 testing, I would not want to make any 
drastic changes to these as they are painful.


Here is one (of many)

2024-06-16 09:26:21,419 WARN 
com.opensymphony.xwork2.ognl.SecurityMemberAccess 
SecurityMemberAccess:checkAllowlist - Declaring class [class 
my.pojo.Pojo] of member type [public java.lang.String 
my.pojo.Pojo.getUserName()] is not allowlisted!
2024-06-16 09:26:21,419 WARN 
com.opensymphony.xwork2.ognl.SecurityMemberAccess 
SecurityMemberAccess:isAccessible - Access to non-public [private 
java.lang.String my.pojo.Pojo.userName] is blocked!


public class Pojo {

private String userName;

public String getUserName() {
    return userName;
    }

}

On 16/06/2024 10:33, Kusal Kithul-Godage wrote:

That suggests the target is proxied by Spring or Hibernate, which
Pojos should not be by definition. You'll need to attach a debugger to
investigate why this is the case

On Sun, Jun 16, 2024 at 7:19 PM Greg Huber  wrote:

The text looks ok, but I get this in the log also:

2024-06-16 10:15:12,587 WARN
com.opensymphony.xwork2.ognl.SecurityMemberAccess
SecurityMemberAccess:isAccessible - Access to proxy is blocked! Target [][

Where the target is my pojo, which I have alot of.

On 16/06/2024 10:15, Kusal Kithul-Godage wrote:

I didn't do much testing with the Struts JSP integration beyond the
examples in the showcase app so it's possible I've missed some
packages/classes that should be allowed by default.

Could you share the warnings you are receiving? Perhaps deduplicate
the warnings first if there are many repetitive ones

On Sun, Jun 16, 2024 at 7:10 PM Greg Huber   wrote:

Sorry checked the wrong log file, it was this one, needed to be false.



Is there any docs on this?  ie and example of what would go in the list,
as its excluding struts default stuff.

On 16/06/2024 10:01, Kusal Kithul-Godage wrote:

All of the mentioned options should log issues at warn level or
greater, except for 'struts.parameters.requireAnnotations' which will
log at debug level.

Using the following PR as a reference, you can revert settings to
their previous value one by one, to isolate which option may be
causing your application issues.
https://github.com/apache/struts/pull/919/files

Once you have isolated and corrected any issues, please re-enable the
options as they offer significant protection against vulnerabilities.

On Sun, Jun 16, 2024 at 6:39 PM Greg Huberwrote:

I tried this and there is alot of text missing on my jsp pages

it mentions these:

|struts.ognl.allowStaticFieldAccess=||false|
|struts.ognl.expressionMaxLength=||150|
|struts.disallowDefaultPackageAccess=||true|
|struts.disallowProxyMemberAccess=||true|
|struts.parameters.requireAnnotations=||true|
|struts.ognl.disallowCustomOgnlMap=||true|
|struts.allowlist.enable=||true|
|
|
|I tried
|
|
|
|struts.ognl.allowStaticFieldAccess=true
|
|
|
|but it made no difference.|
|
|
|There are no warning in the logs.
|

On 12/06/2024 07:12, Lukasz Lenart wrote:

Hello,

This is another milestone of Struts 7.x series, which is based on
JakartaEE 6. Please take the time and test the bits - any help is
appreciated. Please report any problems you will spot.

Please read the Migration guide as this version includes stronger
security options
https://cwiki.apache.org/confluence/display/WW/Struts+6.x.x+to+7.x.x+migration

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M7

Staging Maven repo
https://repository.apache.org/content/groups/staging/

* please read our guideline how to setup your Maven build to include
the Staging repository
  https://struts.apache.org/builds.html#test-builds

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/7.0.0-M7/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M7


Have fun!
Łukasz

-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
For additional commands,e-mail:dev-h...@struts.apache.org


-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
For additional commands,e-mail:dev-h...@struts.apache.org


-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
For additional commands,e-mail:dev-h...@struts.apache.org


-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M7 test build is ready

2024-06-16 Thread Greg Huber 

The text looks ok, but I get this in the log also:

2024-06-16 10:15:12,587 WARN 
com.opensymphony.xwork2.ognl.SecurityMemberAccess 
SecurityMemberAccess:isAccessible - Access to proxy is blocked! Target [][


Where the target is my pojo, which I have alot of.

On 16/06/2024 10:15, Kusal Kithul-Godage wrote:

I didn't do much testing with the Struts JSP integration beyond the
examples in the showcase app so it's possible I've missed some
packages/classes that should be allowed by default.

Could you share the warnings you are receiving? Perhaps deduplicate
the warnings first if there are many repetitive ones

On Sun, Jun 16, 2024 at 7:10 PM Greg Huber  wrote:

Sorry checked the wrong log file, it was this one, needed to be false.



Is there any docs on this?  ie and example of what would go in the list,
as its excluding struts default stuff.

On 16/06/2024 10:01, Kusal Kithul-Godage wrote:

All of the mentioned options should log issues at warn level or
greater, except for 'struts.parameters.requireAnnotations' which will
log at debug level.

Using the following PR as a reference, you can revert settings to
their previous value one by one, to isolate which option may be
causing your application issues.
https://github.com/apache/struts/pull/919/files

Once you have isolated and corrected any issues, please re-enable the
options as they offer significant protection against vulnerabilities.

On Sun, Jun 16, 2024 at 6:39 PM Greg Huber   wrote:

I tried this and there is alot of text missing on my jsp pages

it mentions these:

|struts.ognl.allowStaticFieldAccess=||false|
|struts.ognl.expressionMaxLength=||150|
|struts.disallowDefaultPackageAccess=||true|
|struts.disallowProxyMemberAccess=||true|
|struts.parameters.requireAnnotations=||true|
|struts.ognl.disallowCustomOgnlMap=||true|
|struts.allowlist.enable=||true|
|
|
|I tried
|
|
|
|struts.ognl.allowStaticFieldAccess=true
|
|
|
|but it made no difference.|
|
|
|There are no warning in the logs.
|

On 12/06/2024 07:12, Lukasz Lenart wrote:

Hello,

This is another milestone of Struts 7.x series, which is based on
JakartaEE 6. Please take the time and test the bits - any help is
appreciated. Please report any problems you will spot.

Please read the Migration guide as this version includes stronger
security options
https://cwiki.apache.org/confluence/display/WW/Struts+6.x.x+to+7.x.x+migration

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M7

Staging Maven repo
https://repository.apache.org/content/groups/staging/

* please read our guideline how to setup your Maven build to include
the Staging repository
 https://struts.apache.org/builds.html#test-builds

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/7.0.0-M7/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M7


Have fun!
Łukasz

-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
For additional commands,e-mail:dev-h...@struts.apache.org


-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
For additional commands,e-mail:dev-h...@struts.apache.org


-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M7 test build is ready

2024-06-16 Thread Greg Huber 

Sorry checked the wrong log file, it was this one, needed to be false.



Is there any docs on this?  ie and example of what would go in the list, 
as its excluding struts default stuff.


On 16/06/2024 10:01, Kusal Kithul-Godage wrote:

All of the mentioned options should log issues at warn level or
greater, except for 'struts.parameters.requireAnnotations' which will
log at debug level.

Using the following PR as a reference, you can revert settings to
their previous value one by one, to isolate which option may be
causing your application issues.
https://github.com/apache/struts/pull/919/files

Once you have isolated and corrected any issues, please re-enable the
options as they offer significant protection against vulnerabilities.

On Sun, Jun 16, 2024 at 6:39 PM Greg Huber  wrote:

I tried this and there is alot of text missing on my jsp pages

it mentions these:

|struts.ognl.allowStaticFieldAccess=||false|
|struts.ognl.expressionMaxLength=||150|
|struts.disallowDefaultPackageAccess=||true|
|struts.disallowProxyMemberAccess=||true|
|struts.parameters.requireAnnotations=||true|
|struts.ognl.disallowCustomOgnlMap=||true|
|struts.allowlist.enable=||true|
|
|
|I tried
|
|
|
|struts.ognl.allowStaticFieldAccess=true
|
|
|
|but it made no difference.|
|
|
|There are no warning in the logs.
|

On 12/06/2024 07:12, Lukasz Lenart wrote:

Hello,

This is another milestone of Struts 7.x series, which is based on
JakartaEE 6. Please take the time and test the bits - any help is
appreciated. Please report any problems you will spot.

Please read the Migration guide as this version includes stronger
security options
https://cwiki.apache.org/confluence/display/WW/Struts+6.x.x+to+7.x.x+migration

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M7

Staging Maven repo
https://repository.apache.org/content/groups/staging/

* please read our guideline how to setup your Maven build to include
the Staging repository
https://struts.apache.org/builds.html#test-builds

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/7.0.0-M7/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M7


Have fun!
Łukasz

-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
For additional commands,e-mail:dev-h...@struts.apache.org


-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M7 test build is ready

2024-06-16 Thread Greg Huber 

I tried this and there is alot of text missing on my jsp pages

it mentions these:

|struts.ognl.allowStaticFieldAccess=||false|
|struts.ognl.expressionMaxLength=||150|
|struts.disallowDefaultPackageAccess=||true|
|struts.disallowProxyMemberAccess=||true|
|struts.parameters.requireAnnotations=||true|
|struts.ognl.disallowCustomOgnlMap=||true|
|struts.allowlist.enable=||true|
|
|
|I tried
|
|
|
|struts.ognl.allowStaticFieldAccess=true
|
|
|
|but it made no difference.|
|
|
|There are no warning in the logs.
|

On 12/06/2024 07:12, Lukasz Lenart wrote:

Hello,

This is another milestone of Struts 7.x series, which is based on
JakartaEE 6. Please take the time and test the bits - any help is
appreciated. Please report any problems you will spot.

Please read the Migration guide as this version includes stronger
security options
https://cwiki.apache.org/confluence/display/WW/Struts+6.x.x+to+7.x.x+migration

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M7

Staging Maven repo
https://repository.apache.org/content/groups/staging/

* please read our guideline how to setup your Maven build to include
the Staging repository
   https://struts.apache.org/builds.html#test-builds

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/7.0.0-M7/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M7


Have fun!
Łukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: Struts2 7.x official release

2024-05-17 Thread Greg Huber 

I am not sure there is a date,  but M6 is quite good and stable.

On 17/05/2024 10:55, Sai Charan Teja Pratti wrote:

Hi,

Inorder to upgrade to tomcat 10.x, we have dependency with struts2 7.x
Can you please let us know when can we expect the struts2 7.x official 
release


Thanks,
Sai

On Tue, May 14, 2024 at 2:18 PM Sai Charan Teja Pratti 
 wrote:


Hi,

Inorder to upgrade to tomcat 10.x, we have dependency with struts2 7.x
When can we expect the struts2 7.x official release

Thanks,
Sai


This electronic communication and the information and any files 
transmitted with it, or attached to it, are confidential and are 
intended solely for the use of the individual or entity to whom it is 
addressed and may contain information that is confidential, legally 
privileged, protected by privacy laws, or otherwise restricted from 
disclosure to anyone else. If you are not the intended recipient or 
the person responsible for delivering the e-mail to the intended 
recipient, you are hereby notified that any use, copying, 
distributing, dissemination, forwarding, printing, or copying of this 
e-mail is strictly prohibited. If you received this e-mail in error, 
please return the e-mail to the sender, delete it from your computer, 
and destroy any printed copy of it.

Re: [TEST] Apache Struts 7.0.0-M6 test build is read

2024-04-22 Thread Greg Huber 

7.0.0-M7-SNAPSHOT

Thanks it worked, maybe it was a timing thing as they are in snapshots now.

M7 works ok.

File upload also works OK, but Without the  in UploadedFile now I must do 
the cast manually:

for (UploadedFile uploadedFile : uploads) {
...
  new FileInputStream((File) uploadedFile.getContent())
...
}

On 22/04/2024 05:45, Lukasz Lenart wrote:

niedz., 21 kwi 2024 o 20:11 Greg Huber  napisał(a):

I run my ide directly from git, and it is the struts project that won't
build.  I was following the previous modification changing the struts pom
3x -jakarta entries which was previously 7.0.0-M3-SNAPSHOT and it worked
then ok.

So you can use 7.0.0-M7-SNAPSHOT instead, but also any other SNAPSHOT
version should work
https://repository.apache.org/content/groups/snapshots/org/apache/struts/struts2-freemarker-jakarta/

Cheers
Lukasz

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M6 test build is read

2024-04-21 Thread Greg Huber 
I run my ide directly from git, and it is the struts project that won't
build.  I was following the previous modification changing the struts pom
3x -jakarta entries which was previously 7.0.0-M3-SNAPSHOT and it worked
then ok.




On Sun, 21 Apr 2024 at 12:10, Lukasz Lenart  wrote:

> niedz., 21 kwi 2024 o 11:12 Greg Huber  napisał(a):
> >
> > Using 7.0.0-M6 I still get
> >
> > The POM for org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M6 is
> > missing, no dependency information available
>
> Do you specify "struts2-freemarker-jakarta" as a seperated dependency?
> Or is it just "struts2-core" in your pom?
>
> Regards
> Lukasz
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: [TEST] Apache Struts 7.0.0-M6 test build is read

2024-04-21 Thread Greg Huber 

Using 7.0.0-M6 I still get

The POM for org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M6 is 
missing, no dependency information available



#Sun Apr 21 10:00:20 BST 2024

apache.snapshots|https\://repository.apache.org/snapshots|javadoc=1713690020922

central|https\://repo.maven.apache.org/maven2|sources=1713690019219

central|https\://repo.maven.apache.org/maven2|javadoc=1713690020922

apache.snapshots|https\://repository.apache.org/snapshots|sources=1713690019219

The jars are in staging?

https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-freemarker-jakarta/7.0.0-M6/


On 20/04/2024 14:25, Lukasz Lenart wrote:

sob., 20 kwi 2024 o 13:20 Burton Rhodes  napisał(a):

It should be

7.0.0-M6

I released M4 & M5 but there was a problem with standalone ZIP
packages, so I had to prepare another release. I think it would be
good to push this into Maven Central to allow others to test it as
well.


Regards
Lukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M6 test build is read

2024-04-20 Thread Greg Huber 

What would be the pom fix value we need to use?

7.0.0-M6-SNAPSHOT



org.apache.struts

struts2-velocity-tools-view-jakarta

7.0.0-M6-SNAPSHOT



On 20/04/2024 08:45, Lukasz Lenart wrote:

Hello,

This is a third milestone of Struts 7.x series, which is based on
JakartaEE 6. Please take the time and test the bits - any help is
appreciated. Please report any problems you will spot.

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M6

Staging Maven repo
https://repository.apache.org/content/groups/staging/

* please read our guideline how to setup your Maven build to include
the Staging repository
   https://struts.apache.org/builds.html#test-builds

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/7.0.0-M6/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M6


Have fun!
Łukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [VOTE] Apache Struts 6.4.0

2024-04-19 Thread Greg Huber 

Works great for me.  Thanks.

[x] General Availability (GA) B

On 18/04/2024 06:23, Lukasz Lenart wrote:

The Apache Struts 6.4.0 test build is available. With this release the
following issues were addressed:

Bug
[WW-5192] - Radio tag not setting enum key values
[WW-5319] - StrutsUtils is not defined in validation.js
[WW-5357] - Struts anchor tag doesn't support "disabled" even though
docs indicate it does
[WW-5365] - Radio tag does not support value objects of type Boolean
when setting the default value
[WW-5373] - CspReportAction JavaDoc wrong
[WW-5382] - Stale configuration persists after configuration reload
[WW-5387] - ApplicationMap.remove does not remove the entry from the
ServletContext
[WW-5392] - Tiles-Plugin unable to load tiles definition XML if the
file names are specified with wild char
[WW-5396] - Javatemplates s:file shows server/file location
[WW-5403] - Struts 2.5 to 6.x migration issues caused by removal of
deprecated code within a minor release

New Feature
[WW-5402] - Auto loading the Tiles definition files from the classpath
dependent JAR

Improvement
[WW-5225] - add accessor to the original filename into
JakartaMultiPartRequest & MultiPartRequestWrapper
[WW-5328] - Removes deprecated methods from SecurityMemberAccess &
MemberAccessValueStack
[WW-5333] - Refactor AttributeMap
[WW-5338] - Remove deprecated OgnlTool
[WW-5339] - Mitigate against custom class ASTMap node construction
[WW-5340] - Introduce optional AST node exclusion list
[WW-5341] - Ensure exclusion list applies to objects from all ClassLoaders
[WW-5342] - Block classes in default package
[WW-5343] - Make SecurityMemberAccess extensible and a prototype bean
[WW-5346] - CDI Plugin: Replace deprecated BeanManager::createInjectionTarget
[WW-5348] - Allow overriding of logging behaviour in
DefaultAcceptedPatternsChecker
[WW-5349] - Remove core dependency on ognl.ASTVarRef
[WW-5350] - Implement optional strict class/package allowlist for OGNL
[WW-5352] - Implement annotation mechanism for injectable fields via parameters
[WW-5354] - Add actionErrors, actionMessages, fieldErrors to parameter
excluded patterns
[WW-5355] - Integrate and use WTLFU cache by default
[WW-5358] - Expand exclusion list
[WW-5359] - Improved the StrutsUrlDecoder so that charset retrieval is
performed only once
[WW-5360] - Struts 2 and JDK 17 numbers of iterator tag when using
different locale
[WW-5362] - Remove type attribute out of  tag
[WW-5363] - Look up Stack last in Velocity context
[WW-5364] - Automatically populate OGNL allowlist
[WW-5369] - Re-define a minimal library set for Struts 6.x
[WW-5370] - Make HttpParameters case-insensitive
[WW-5371] - Use action based callback to transfer information about
uploaded files
[WW-5374] - CspInterceptor reportUri with context
[WW-5377] - trouble with Struts tags nested within  one
[WW-5378] - Add option to not fallback to context lookup when finding
value in OgnlValueStack
[WW-5379] - Implement alternative mechanism for Velocity directives to
obtain stack
[WW-5381] - Introduce extension points for CompoundRootAccessor and
MethodAccessor
[WW-5383] - Exclude JAR files by default when scanning for actions on JDK9+
[WW-5391] - Add interface for VelocityManager extension point
[WW-5401] - Adds more logging statements around validating and
accepting MultiPartRequest

Task
[WW-5394] - Use request encoding in rest plugin

Dependency
[WW-5344] - Un-deprecate the Sitemesh plugin and upgrade Sitemesh to ver. 2.5.0
[WW-5347] - Upgrade to commons-digester3 version 3.2
[WW-5389] - Upgrade Log4j to version 2.21.1
[WW-5395] - Upgrade commons-logging:commons-logging from 1.2 to 1.3.0
[WW-5397] - Upgrade net.sf.jasperreports:jasperreports from 6.20.6 to 6.21.0
[WW-5398] - Upgrade commons-validator:commons-validator from 1.6 to 1.8.0
[WW-5399] - Upgrade org.apache.commons:commons-compress from 1.25.0 to 1.26.0
[WW-5404] - Bump log4j2.version from 2.21.1 to 2.23.1

Release notes:
* https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.4.0

Github release
* https://github.com/apache/struts/releases/tag/STRUTS_6_4_0

Distribution:
* https://dist.apache.org/repos/dist/dev/struts/6.4.0/

Maven 2 staging repository:
* https://repository.apache.org/content/repositories/staging/

Once you have had a chance to review the test build, please respond
with a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Everyone who has tested the build is invited to vote. Votes by PMC
members are considered binding. A vote passes if there are at least
three binding +1s and more +1s than -1s.

The vote will remain open for at least 72 hours, longer upon request.
A vote can be amended at any time to upgrade or downgrade the quality
of the release based on future experience. If an initial vote
designates the build as "Beta", the release will be submitted for
mirroring and announced to the user list. Once released as a public
beta, subsequent quality votes on a build may be held on the user
list.

Re: Unable to load configuration: /struts2-core-6.4.0.jar!/struts-beans.xml:39:72

2024-04-18 Thread Greg Huber 

Debugging StrutsWildcardServletApplicationContext

and what gets loaded :

context.getResourcePaths("/")

folders only and files (ie index.jsp, robots.txt etc)

webapp/

and

getClass().getClassLoader().getResources("/")

webapp/WEB-INF/classes

webapp/WEB-INF/lib/*jars

Not sure the pattern is going to work as there are no files to compare, 
than from webapp/


Just the filter TILES_DEFAULT_PATTERNS

tiles*.xml

Will load from webapp/WEB-INF/tiles1.xml

On 18/04/2024 10:17, i...@flyingfischer.ch wrote:

This resolves the issue, as Greg points out:

  
org.apache.struts2.tiles.StrutsTilesListener 


  

    
org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG 


    /WEB-INF/tiles.xml
    

However, this still seems to be a breaking change, which at least 
should be documented. Maybe is was wong by not specifying tiles.xml 
specifically in the first place...


Thanks!
Markus


Am 18.04.24 um 11:08 schrieb i...@flyingfischer.ch:

I simply use

  
org.apache.struts2.tiles.StrutsTilesListener 


  

without any further params. Is this incomplete?

Markus



Am 18.04.24 um 10:29 schrieb Greg Huber:

How do you load your tiles from web.xml?

..For my setup this works.



org.apache.struts2.tiles.StrutsTilesListener 


    

    
org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG 


    
        /WEB-INF/tiles.xml
    
    


On 18/04/2024 08:47, i...@flyingfischer.ch wrote:

Am 18.04.24 um 09:27 schrieb Lukasz Lenart:

czw., 18 kwi 2024 o 09:05 i...@flyingfischer.ch
 napisał(a):

My tiles definition remains unchanged under

/WEB-INF/tiles.xml

If I see this correctly, these changes do not include this 
situation?


https://github.com/apache/struts/pull/896/commits/c7ae614824b4c158b9998575294d94fe9a746c41 



   @Deprecated
String TILES_DEFAULT_PATTERN =
"/WEB-INF/**/tiles*.xml,classpath*:META-INF/**/tiles*.xml";


  public static final Set TILES_DEFAULT_PATTERNS =
Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
  "/WEB-INF/**/tiles*.xml",
  "classpath*:META-INF/**/tiles*.xml"
  )));


This seems to be a breaking change?

Looks like, I assumed that ** should match any folder and even
no-folder, could you move your tiles.xml into the "config" subfolder
to see if this will fix the problem?



hmm, I now tried the following versions, without success, moving 
/WEB-INF/tiles.xml to



/WEB-INF/tiles2.xml

/WEB-INF/conf/tiles.xml

/WEB-INF/conf/tiles2.xml


reverting back to struts-6.3.0 does not show the issue.




There is option to use  but I assume you do not use 
servlet config



 tiles
org.apache.tiles.web.startup.TilesServlet 


 
 
org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG
 
 
   /WEB-INF/tiles.xml
 
 
 2



No, I do not use this option.




Thanks in advance
Lukasz




-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Unable to load configuration: /struts2-core-6.4.0.jar!/struts-beans.xml:39:72

2024-04-18 Thread Greg Huber 

..what would the pattern be?

/WEB-INF/tiles*.xml

On 18/04/2024 09:35, Łukasz Lenart wrote:

Yes, this works but it doesn't support wildcards


 
org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG
 /WEB-INF/tiles.xml


czw., 18 kwi 2024 o 10:30 Greg Huber  napisał(a):

How do you load your tiles from web.xml?

..For my setup this works.



org.apache.struts2.tiles.StrutsTilesListener
  

  
org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG
  
  /WEB-INF/tiles.xml
  
  


On 18/04/2024 08:47, i...@flyingfischer.ch wrote:

Am 18.04.24 um 09:27 schrieb Lukasz Lenart:

czw., 18 kwi 2024 o 09:05 i...@flyingfischer.ch
 napisał(a):

My tiles definition remains unchanged under

/WEB-INF/tiles.xml

If I see this correctly, these changes do not include this situation?

https://github.com/apache/struts/pull/896/commits/c7ae614824b4c158b9998575294d94fe9a746c41


@Deprecated
String TILES_DEFAULT_PATTERN =
"/WEB-INF/**/tiles*.xml,classpath*:META-INF/**/tiles*.xml";


   public static final Set TILES_DEFAULT_PATTERNS =
Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
   "/WEB-INF/**/tiles*.xml",
   "classpath*:META-INF/**/tiles*.xml"
   )));


This seems to be a breaking change?

Looks like, I assumed that ** should match any folder and even
no-folder, could you move your tiles.xml into the "config" subfolder
to see if this will fix the problem?


hmm, I now tried the following versions, without success, moving
/WEB-INF/tiles.xml to


/WEB-INF/tiles2.xml

/WEB-INF/conf/tiles.xml

/WEB-INF/conf/tiles2.xml


reverting back to struts-6.3.0 does not show the issue.



There is option to use  but I assume you do not use
servlet config


  tiles
org.apache.tiles.web.startup.TilesServlet
  
  
org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG
  
  
/WEB-INF/tiles.xml
  
  
  2


No, I do not use this option.



Thanks in advance
Lukasz



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Unable to load configuration: /struts2-core-6.4.0.jar!/struts-beans.xml:39:72

2024-04-18 Thread Greg Huber 

How do you load your tiles from web.xml?

..For my setup this works.



org.apache.struts2.tiles.StrutsTilesListener
    

    
org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG
    
        /WEB-INF/tiles.xml
    
    


On 18/04/2024 08:47, i...@flyingfischer.ch wrote:

Am 18.04.24 um 09:27 schrieb Lukasz Lenart:

czw., 18 kwi 2024 o 09:05 i...@flyingfischer.ch
 napisał(a):

My tiles definition remains unchanged under

/WEB-INF/tiles.xml

If I see this correctly, these changes do not include this situation?

https://github.com/apache/struts/pull/896/commits/c7ae614824b4c158b9998575294d94fe9a746c41 



   @Deprecated
String TILES_DEFAULT_PATTERN =
"/WEB-INF/**/tiles*.xml,classpath*:META-INF/**/tiles*.xml";


  public static final Set TILES_DEFAULT_PATTERNS =
Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
  "/WEB-INF/**/tiles*.xml",
  "classpath*:META-INF/**/tiles*.xml"
  )));


This seems to be a breaking change?

Looks like, I assumed that ** should match any folder and even
no-folder, could you move your tiles.xml into the "config" subfolder
to see if this will fix the problem?



hmm, I now tried the following versions, without success, moving 
/WEB-INF/tiles.xml to



/WEB-INF/tiles2.xml

/WEB-INF/conf/tiles.xml

/WEB-INF/conf/tiles2.xml


reverting back to struts-6.3.0 does not show the issue.




There is option to use  but I assume you do not use 
servlet config



 tiles
org.apache.tiles.web.startup.TilesServlet
 
 
org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG
 
 
   /WEB-INF/tiles.xml
 
 
 2



No, I do not use this option.




Thanks in advance
Lukasz




-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Apache Struts Master 15

2024-04-09 Thread Greg Huber 

Builds ok for me.

[x] General Availability (GA)

On 06/04/2024 18:14, Lukasz Lenart wrote:

The Struts Master 15 test build is now available as a Maven artifact.
https://repository.apache.org/content/groups/staging/org/apache/struts/struts-master/15/

Release notes:
* uses the latest version of the Apache Parent POM version 31

If you have had a chance to review the test build, please respond with
a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Everyone who has tested the build is invited to vote. Votes by PMC
members are considered binding. A vote passes if there are at least
three binding +1s and more +1s than -1s.

The vote will remain open for at least 72 hours, longer upon request.


Kind regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Apache Struts Master 15

2024-04-09 Thread Greg Huber 

What is the correct way to test this?  Do a project build?


On 06/04/2024 18:14, Lukasz Lenart wrote:

The Struts Master 15 test build is now available as a Maven artifact.
https://repository.apache.org/content/groups/staging/org/apache/struts/struts-master/15/

Release notes:
* uses the latest version of the Apache Parent POM version 31

If you have had a chance to review the test build, please respond with
a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Everyone who has tested the build is invited to vote. Votes by PMC
members are considered binding. A vote passes if there are at least
three binding +1s and more +1s than -1s.

The vote will remain open for at least 72 hours, longer upon request.


Kind regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: improve documentation for UploadedFilesAware

2024-03-25 Thread Greg Huber 

OK great.  More of a chance of it being read 🙂.

I guess this new version includes all the "old versions" security stuff 
from past issues, and is not a new code base.


As the old one is deprecated, and we all rush and upgrade, their may be 
more resources put in trying to break it.  Maybe better to wait a bit 
before upgrading?


On 24/03/2024 20:47, Lukasz Lenart wrote:

pon., 18 mar 2024 o 14:42 Greg Huber  napisał(a):

OK...I did not spot the link in the text.

I repeated the links in the Examples sections of both


Cheers
Lukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: improve documentation for UploadedFilesAware

2024-03-18 Thread Greg Huber 
OK...I did not spot the link in the text.


On Mon, 18 Mar 2024 at 12:59, Łukasz Lenart  wrote:

> pon., 18 mar 2024 o 13:05 Greg Huber  napisał(a):
> >
> > > See [this page] for more examples and advanced configuration.
> >
> > Which page?
>
> On these pages, a very first sentence
>
> https://struts.staged.apache.org/core-developers/action-file-upload-interceptor
> https://struts.staged.apache.org/core-developers/file-upload-interceptor
>
> > > I reverted this idea and UploadedFile isn't generic.
> >
> > that would be in 7.0.0_M4?  I used _M3 to test it.
>
> Yes, I need to reverse merge master and push M4
>
>
> Cheers
> Lukasz
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: improve documentation for UploadedFilesAware

2024-03-18 Thread Greg Huber 

See [this page] for more examples and advanced configuration.


Which page?


I reverted this idea and UploadedFile isn't generic.


that would be in 7.0.0_M4?  I used _M3 to test it.

On 18/03/2024 11:56, Lukasz Lenart wrote:

pon., 18 mar 2024 o 08:21 Greg Huber  napisał(a):

Rechecking these :

Could not see the link from from the interceptor pages to these detailed
help pages.  Add a link after Examples?

File Upload Interceptor

  Parameters
  Extending the Interceptor
  Examples


Or at the bottom of the page?

The links are in the very first sentence:
See [this page] for more examples and advanced configuration.


There is a UploadedFile is a raw type. References to generic type
UploadedFile should be parameterized warning

I reverted this idea and UploadedFile isn't generic.


Cheers
Łukasz

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: improve documentation for UploadedFilesAware

2024-03-18 Thread Greg Huber 

Rechecking these :

Could not see the link from from the interceptor pages to these detailed 
help pages.  Add a link after Examples?


File Upload Interceptor

    Parameters
    Extending the Interceptor
    Examples


Or at the bottom of the page?

#

There is a UploadedFile is a raw type. References to generic type 
UploadedFile should be parameterized warning


private List uploadedFiles = new ArrayList<>();
private List> uploadedFiles = new ArrayList<>();

|@Override public void withUploadedFiles(List uploads) { }|

@Override public void withUploadedFiles(List> arg0) { }

On 17/03/2024 16:46, Lukasz Lenart wrote:

Added :) Also adjusted the Showcasehttps://github.com/apache/struts/pull/895

niedz., 17 mar 2024 o 12:29 Greg Huber  napisał(a):

Looks good, but what happened to the examples with the stream stuff?

Something like this for MultipleFileUploadUsingArrayActionusing arrays
example?


public class MultipleFileUploadUsingArrayAction extends ActionSupport
  implements UploadedFilesAware {

  private List> uploads = null;

  public String upload() throws Exception {
  System.out.println("\n\n upload2");
  System.out.println("files:");

  for (UploadedFile uploadedFile : this.uploads) {
  System.out.println("*** " + uploadedFile.getOriginalName()
+ "\t"
  + uploadedFile.getContentType() + "\t"
  + uploadedFile.length());
  }
  System.out.println("filenames:");
  String[] uploadFileNames = getUploadedFilesFileNames();
  for (String n : uploadFileNames) {
  System.out.println("*** " + n);
  }
  System.out.println("content types:");
  String[] uploadContentTypes = getUploadedFilesContentType();
  for (String c : uploadContentTypes) {
  System.out.println("*** " + c);
  }
  System.out.println("\n\n");
  return SUCCESS;
  }

  @Override
  public void withUploadedFiles(List> uploadedFiles) {
  this.uploads = uploadedFiles;
  }

  private String[] getUploadedFilesFileNames() {
  return this.uploads.stream().map(UploadedFile::getOriginalName)
  .toArray(size -> new String[size]);
  }

  private String[] getUploadedFilesContentType() {
  return this.uploads.stream().map(UploadedFile::getContentType)
  .toArray(size -> new String[size]);
  }
}


On 17/03/2024 09:33, Lukasz Lenart wrote:

Better?
https://struts.staged.apache.org/core-developers/action-file-upload
https://struts.staged.apache.org/core-developers/file-upload

czw., 14 mar 2024 o 15:29 Greg Huber   napisał(a):

Sorry, I meant we need to copy/duplicate this page :

https://struts.apache.org/core-developers/file-upload.html

to an *action* version:

https://struts.apache.org/core-developers/action-file-upload.html

and modify it for the new interceptor methods/logic

On Thu, 14 Mar 2024 at 12:42, Łukasz Lenart   wrote:


Done
https://github.com/apache/struts-site/pull/231

czw., 14 mar 2024 o 11:35 Greg Huber   napisał(a):

There is a really good page for the old upload

https://struts.apache.org/core-developers/file-upload.html

But the << back to Core Developers Guide does not make it easy to find
it again.

##

https://struts.apache.org/core-developers/action-file-upload-interceptor

would benefit a similar detail page, updated and with the stream stuff.

return

this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray();

otherwise without streams

List>uploads =this.uploadedFiles;

if(uploads !=null&&uploads.size()>0){

for(inti =0;i 
pon., 26 lut 2024 o 12:08 Greg Hubernapisał(a):

The documentation only lists one file

|public void withUploadedFiles(List uploadedFiles) { if
(!uploadedFiles.isEmpty()) { this.uploadedFile = uploadedFiles.get(0);
this.fileName = uploadedFile.getName(); this.contentType =
uploadedFile.getContentType(); this.originalName =
uploadedFile.getOriginalName(); } }|

For multiple files these need populating

privateFile[]uploadedFiles=null;

privateString[]uploadedFilesContentType=null;

privateString[]uploadedFilesFileName=null;

We have to loop and do it ourselves now?

Basically it would be better to stop using additional fields if not
needed. You can achieve the same behaviour just exposing getters
extracting what's needed from "uploadedFiles", eg:

public void withUploadedFiles(List uploadedFiles) {
 this.uploadedFiles = uploadedFiles;
}

public String[] getUploadedFilesContentType() {
 return

this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray();

}

etc.


Cheers
Lukasz

-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org

Re: improve documentation for UploadedFilesAware

2024-03-17 Thread Greg Huber 

Looks good, but what happened to the examples with the stream stuff?

Something like this for MultipleFileUploadUsingArrayActionusing arrays 
example?



public class MultipleFileUploadUsingArrayAction extends ActionSupport
    implements UploadedFilesAware {

    private List> uploads = null;

    public String upload() throws Exception {
    System.out.println("\n\n upload2");
    System.out.println("files:");

    for (UploadedFile uploadedFile : this.uploads) {
        System.out.println("*** " + uploadedFile.getOriginalName() 
+ "\t"

                + uploadedFile.getContentType() + "\t"
                + uploadedFile.length());
    }
    System.out.println("filenames:");
    String[] uploadFileNames = getUploadedFilesFileNames();
    for (String n : uploadFileNames) {
        System.out.println("*** " + n);
    }
    System.out.println("content types:");
    String[] uploadContentTypes = getUploadedFilesContentType();
    for (String c : uploadContentTypes) {
        System.out.println("*** " + c);
    }
    System.out.println("\n\n");
    return SUCCESS;
    }

    @Override
    public void withUploadedFiles(List> uploadedFiles) {
    this.uploads = uploadedFiles;
    }

    private String[] getUploadedFilesFileNames() {
    return this.uploads.stream().map(UploadedFile::getOriginalName)
            .toArray(size -> new String[size]);
    }

    private String[] getUploadedFilesContentType() {
    return this.uploads.stream().map(UploadedFile::getContentType)
            .toArray(size -> new String[size]);
    }
}


On 17/03/2024 09:33, Lukasz Lenart wrote:

Better?
https://struts.staged.apache.org/core-developers/action-file-upload
https://struts.staged.apache.org/core-developers/file-upload

czw., 14 mar 2024 o 15:29 Greg Huber  napisał(a):

Sorry, I meant we need to copy/duplicate this page :

https://struts.apache.org/core-developers/file-upload.html

to an *action* version:

https://struts.apache.org/core-developers/action-file-upload.html

and modify it for the new interceptor methods/logic

On Thu, 14 Mar 2024 at 12:42, Łukasz Lenart  wrote:


Done
https://github.com/apache/struts-site/pull/231

czw., 14 mar 2024 o 11:35 Greg Huber  napisał(a):

There is a really good page for the old upload

https://struts.apache.org/core-developers/file-upload.html

But the << back to Core Developers Guide does not make it easy to find
it again.

##

https://struts.apache.org/core-developers/action-file-upload-interceptor

would benefit a similar detail page, updated and with the stream stuff.

return

this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray();

otherwise without streams

List>uploads =this.uploadedFiles;

if(uploads !=null&&uploads.size()>0){

for(inti =0;i 
pon., 26 lut 2024 o 12:08 Greg Huber   napisał(a):

The documentation only lists one file

|public void withUploadedFiles(List uploadedFiles) { if
(!uploadedFiles.isEmpty()) { this.uploadedFile = uploadedFiles.get(0);
this.fileName = uploadedFile.getName(); this.contentType =
uploadedFile.getContentType(); this.originalName =
uploadedFile.getOriginalName(); } }|

For multiple files these need populating

privateFile[]uploadedFiles=null;

privateString[]uploadedFilesContentType=null;

privateString[]uploadedFilesFileName=null;

We have to loop and do it ourselves now?

Basically it would be better to stop using additional fields if not
needed. You can achieve the same behaviour just exposing getters
extracting what's needed from "uploadedFiles", eg:

public void withUploadedFiles(List uploadedFiles) {
this.uploadedFiles = uploadedFiles;
}

public String[] getUploadedFilesContentType() {
return

this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray();

}

etc.


Cheers
Lukasz

-
To unsubscribe,e-mail:dev-unsubscr...@struts.apache.org
For additional commands,e-mail:dev-h...@struts.apache.org


-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org



-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: improve documentation for UploadedFilesAware

2024-03-14 Thread Greg Huber 
Sorry, I meant we need to copy/duplicate this page :

https://struts.apache.org/core-developers/file-upload.html

to an *action* version:

https://struts.apache.org/core-developers/action-file-upload.html

and modify it for the new interceptor methods/logic

On Thu, 14 Mar 2024 at 12:42, Łukasz Lenart  wrote:

> Done
> https://github.com/apache/struts-site/pull/231
>
> czw., 14 mar 2024 o 11:35 Greg Huber  napisał(a):
> >
> > There is a really good page for the old upload
> >
> > https://struts.apache.org/core-developers/file-upload.html
> >
> > But the << back to Core Developers Guide does not make it easy to find
> > it again.
> >
> > ##
> >
> > https://struts.apache.org/core-developers/action-file-upload-interceptor
> >
> > would benefit a similar detail page, updated and with the stream stuff.
> >
> > return
> this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray();
> >
> > otherwise without streams
> >
> > List>uploads =this.uploadedFiles;
> >
> > if(uploads !=null&&uploads.size()>0){
> >
> > for(inti =0;i  >
> > String file uploads.get(i).getOriginalName();
> >
> > // destroy the temporary file created
> >
> > uploads.get(i).delete();
> >
> > }
> >
> > }
> >
> > On 12/03/2024 19:48, Lukasz Lenart wrote:
> > > pon., 26 lut 2024 o 12:08 Greg Huber  napisał(a):
> > >> The documentation only lists one file
> > >>
> > >> |public void withUploadedFiles(List uploadedFiles) { if
> > >> (!uploadedFiles.isEmpty()) { this.uploadedFile = uploadedFiles.get(0);
> > >> this.fileName = uploadedFile.getName(); this.contentType =
> > >> uploadedFile.getContentType(); this.originalName =
> > >> uploadedFile.getOriginalName(); } }|
> > >>
> > >> For multiple files these need populating
> > >>
> > >> privateFile[]uploadedFiles=null;
> > >>
> > >> privateString[]uploadedFilesContentType=null;
> > >>
> > >> privateString[]uploadedFilesFileName=null;
> > >>
> > >> We have to loop and do it ourselves now?
> > > Basically it would be better to stop using additional fields if not
> > > needed. You can achieve the same behaviour just exposing getters
> > > extracting what's needed from "uploadedFiles", eg:
> > >
> > > public void withUploadedFiles(List uploadedFiles) {
> > >this.uploadedFiles = uploadedFiles;
> > > }
> > >
> > > public String[] getUploadedFilesContentType() {
> > >return
> this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray();
> > > }
> > >
> > > etc.
> > >
> > >
> > > Cheers
> > > Lukasz
> > >
> > > -
> > > To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
> > > For additional commands, e-mail:dev-h...@struts.apache.org
> > >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: improve documentation for UploadedFilesAware

2024-03-14 Thread Greg Huber 

There is a really good page for the old upload

https://struts.apache.org/core-developers/file-upload.html

But the << back to Core Developers Guide does not make it easy to find 
it again.


##

https://struts.apache.org/core-developers/action-file-upload-interceptor

would benefit a similar detail page, updated and with the stream stuff.

return this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray();

otherwise without streams

List>uploads =this.uploadedFiles;

if(uploads !=null&&uploads.size()>0){

for(inti =0;i 
pon., 26 lut 2024 o 12:08 Greg Huber  napisał(a):

The documentation only lists one file

|public void withUploadedFiles(List uploadedFiles) { if
(!uploadedFiles.isEmpty()) { this.uploadedFile = uploadedFiles.get(0);
this.fileName = uploadedFile.getName(); this.contentType =
uploadedFile.getContentType(); this.originalName =
uploadedFile.getOriginalName(); } }|

For multiple files these need populating

privateFile[]uploadedFiles=null;

privateString[]uploadedFilesContentType=null;

privateString[]uploadedFilesFileName=null;

We have to loop and do it ourselves now?

Basically it would be better to stop using additional fields if not
needed. You can achieve the same behaviour just exposing getters
extracting what's needed from "uploadedFiles", eg:

public void withUploadedFiles(List uploadedFiles) {
   this.uploadedFiles = uploadedFiles;
}

public String[] getUploadedFilesContentType() {
   return 
this.uploadedFiles.stream().map(UploadedFile::getContentType).toArray();
}

etc.


Cheers
Lukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M3 test build is ready

2024-02-28 Thread Greg Huber 

selecting "Maven > Disable Workspace Resolution"

I need eclipse to build the target/classes folder otherwise I cannot run tomcat.

Hopefully this will be fixed once the *-jakarta.jars are released as they are 
not snapshot?

   


On 28/02/2024 00:01, James Dyer wrote:

I agree the best long-term solution to this problem is to move the "*-jakarta" 
subprojects so they are not children of the parent pom.  That way, when you import your 
projects into your IDE, these projects will not be automatically imported with everything 
else.  Having them in a separate repo completely isolates them and is the most complete 
solution of all.  With the projects isolated, the IDE will get the artifacts from the 
maven repository and not look for the missing code in these projects.

In Eclipse anyhow, you can work around the issue immediately by right clicking on the 
projects having the errors and selecting "Maven > Disable Workspace 
Resolution".  Then you can run the unit tests within Eclipse.

On 2024/02/25 10:57:34 Greg Huber wrote:

Also building in eclipse I get these strange errors

Missing artifact org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3

Missing artifact
org.apache.struts:struts2-velocity-tools-jsp-jakarta:jar:7.0.0-M3

Missing artifact
org.apache.struts:struts2-velocity-tools-view-jakarta:jar:7.0.0-M3

[ERROR] Failed to execute goal on project struts2-core:
Could not resolve dependencies for project
org.apache.struts:struts2-core:jar:7.0.0-M3: The following artifacts
could not be resolved:
org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 (present, but
unavailable): org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3
was not found in https://repo.maven.apache.org/maven2 during a previous
attempt. This failure was cached in the local repository and resolution
is not reattempted until the update interval of central has elapsed or
updates are forced-> [Help 1]

Caused by: org.apache.maven.lifecycle.LifecycleExecutionException:
Failed to execute goal on project struts2-core: Could not
resolve dependencies for project
org.apache.struts:struts2-core:jar:7.0.0-M3: The following artifacts
could not be resolved:
org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 (present, but
unavailable): org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3
was not found in https://repo.maven.apache.org/maven2 during a previous
attempt. This failure was cached in the local repository and resolution
is not reattempted until the update interval of central has elapsed or
updates are forced

I have deleted my ~.m2 and it makes no difference.


On 24/02/2024 08:46, Lukasz Lenart wrote:

Hello,

This is a third milestone of Struts 7.x series, which is based on
JakartaEE 6. Please take the time and test the bits - any help is
appreciated. Please report any problems you will spot.

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M3

Staging Maven repo
https://repository.apache.org/content/groups/staging/

* please read our guideline how to setup your Maven build to include
the Staging repository
https://struts.apache.org/builds.html#test-builds

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/7.0.0-M3/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M3


Have fun!
Łukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

improve documentation for UploadedFilesAware

2024-02-26 Thread Greg Huber 

The documentation only lists one file

|public void withUploadedFiles(List uploadedFiles) { if 
(!uploadedFiles.isEmpty()) { this.uploadedFile = uploadedFiles.get(0); 
this.fileName = uploadedFile.getName(); this.contentType = 
uploadedFile.getContentType(); this.originalName = 
uploadedFile.getOriginalName(); } }|


For multiple files these need populating

privateFile[]uploadedFiles=null;

privateString[]uploadedFilesContentType=null;

privateString[]uploadedFilesFileName=null;

We have to loop and do it ourselves now?

Re: [TEST] Apache Struts 7.0.0-M3 test build is ready

2024-02-26 Thread Greg Huber 

This fixes it, seems it needs the getOriginalName() rather than getName()?

org.apache.struts2.dispatcher.multipart.AbstractMultiPartRequest

original

public String[] getFileNames(String fieldName) {
    return uploadedFiles.getOrDefault(fieldName, 
Collections.emptyList()).stream()

    .map(file -> getCanonicalName(file.getName()))
    .toArray(String[]::new);
    }

fixed

public String[] getFileNames(String fieldName) {
    return uploadedFiles.getOrDefault(fieldName, 
Collections.emptyList()).stream()

    .map(file -> getCanonicalName(file.getOriginalName()))
    .toArray(String[]::new);
    }

This .map stuff is not good for debugging🙁.

On 26/02/2024 06:26, Łukasz Lenart wrote:

niedz., 25 lut 2024 o 09:42 Greg Huber  napisał(a):

Testing the file upload and it now does not work.

I get an error where its using the wrong file name ie
upload5549a568d9794ef5b654da83d07961350045.tmp rather than the
actual file name.

Which file upload do you use? Old FileuploadInterceptor or
ActionFileuploadInterceptor?
Do you mean the error message is wrong and it displays the wrong file name?


I put back the mods I did, and it still does not work.

Were there any other changes?

Herehttps://github.com/apache/struts/pull/873


Regards
Łukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M3 test build is ready

2024-02-26 Thread Greg Huber 
The old version.  The pom change to snapshot worked so I will have a 
look now.


On 26/02/2024 06:26, Łukasz Lenart wrote:

niedz., 25 lut 2024 o 09:42 Greg Huber  napisał(a):

Testing the file upload and it now does not work.

I get an error where its using the wrong file name ie
upload5549a568d9794ef5b654da83d07961350045.tmp rather than the
actual file name.

Which file upload do you use? Old FileuploadInterceptor or
ActionFileuploadInterceptor?
Do you mean the error message is wrong and it displays the wrong file name?


I put back the mods I did, and it still does not work.

Were there any other changes?

Herehttps://github.com/apache/struts/pull/873


Regards
Łukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M3 test build is ready

2024-02-25 Thread Greg Huber 

Why does it work then for the other artifacts?


    org.apache.struts
struts2-freemarker-jakarta
    ${project.version}
    
    
    org.apache.struts
    struts2-core
    ${project.version}
    
    
    org.apache.struts
struts2-spring-plugin
    ${project.version}


Seems to be the newer jars, are the maven details correct?

On 26/02/2024 06:28, Lukasz Lenart wrote:

niedz., 25 lut 2024 o 11:57 Greg Huber  napisał(a):

Also building in eclipse I get these strange errors

Missing artifact org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3

It's because the artifacts are transformed during build and the IDE
doesn't see them. Here is an example how to overcome this problem to
run unit tests from within the IDE
https://github.com/apache/struts/pull/871


Regards
Łukasz

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M3 test build is ready

2024-02-25 Thread Greg Huber 

Also building in eclipse I get these strange errors

Missing artifact org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3

Missing artifact 
org.apache.struts:struts2-velocity-tools-jsp-jakarta:jar:7.0.0-M3


Missing artifact 
org.apache.struts:struts2-velocity-tools-view-jakarta:jar:7.0.0-M3


[ERROR] Failed to execute goal on project struts2-core: 
Could not resolve dependencies for project 
org.apache.struts:struts2-core:jar:7.0.0-M3: The following artifacts 
could not be resolved: 
org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 (present, but 
unavailable): org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 
was not found in https://repo.maven.apache.org/maven2 during a previous 
attempt. This failure was cached in the local repository and resolution 
is not reattempted until the update interval of central has elapsed or 
updates are forced-> [Help 1]


Caused by: org.apache.maven.lifecycle.LifecycleExecutionException: 
Failed to execute goal on project struts2-core: Could not 
resolve dependencies for project 
org.apache.struts:struts2-core:jar:7.0.0-M3: The following artifacts 
could not be resolved: 
org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 (present, but 
unavailable): org.apache.struts:struts2-freemarker-jakarta:jar:7.0.0-M3 
was not found in https://repo.maven.apache.org/maven2 during a previous 
attempt. This failure was cached in the local repository and resolution 
is not reattempted until the update interval of central has elapsed or 
updates are forced


I have deleted my ~.m2 and it makes no difference.


On 24/02/2024 08:46, Lukasz Lenart wrote:

Hello,

This is a third milestone of Struts 7.x series, which is based on
JakartaEE 6. Please take the time and test the bits - any help is
appreciated. Please report any problems you will spot.

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M3

Staging Maven repo
https://repository.apache.org/content/groups/staging/

* please read our guideline how to setup your Maven build to include
the Staging repository
   https://struts.apache.org/builds.html#test-builds

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/7.0.0-M3/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M3


Have fun!
Łukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M3 test build is ready

2024-02-25 Thread Greg Huber 

Testing the file upload and it now does not work.

I get an error where its using the wrong file name ie 
upload5549a568d9794ef5b654da83d07961350045.tmp rather than the 
actual file name.


I put back the mods I did, and it still does not work.

Were there any other changes?

I did not test M2 so maybe there was something in that. Everything else 
works, so I think I have got everything setup correctly in my ide.


On 24/02/2024 08:46, Lukasz Lenart wrote:

Hello,

This is a third milestone of Struts 7.x series, which is based on
JakartaEE 6. Please take the time and test the bits - any help is
appreciated. Please report any problems you will spot.

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M3

Staging Maven repo
https://repository.apache.org/content/groups/staging/

* please read our guideline how to setup your Maven build to include
the Staging repository
   https://struts.apache.org/builds.html#test-builds

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/7.0.0-M3/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M3


Have fun!
Łukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: [7.0.0-M3] Error message

2024-02-16 Thread Greg Huber 

What happened to M3? There is no tag on https://github.com/apache/struts

On 16/02/2024 07:27, Lukasz Lenart wrote:

I'm going to prepare another M4 which will contain the latest fixes
around file upload and changes from the master branch

pt., 9 lut 2024 o 16:53 Burton Rhodes  napisał(a):

Lastly, I am also finding a ton of these log entries below.  I'm not
sure why they are happening either, but to be honest, I haven't had much
time to investigate.  "upload" is the form field name, BTW.  I will try
to do some more investigating on these over the weekend.

Feb 08 09:29:12 lb-group-web-app-v1d2-dqsv afs-site: WARN
o.a.s.i.ActionFileUploadInterceptor: Could not find a Filename for
upload. Verify that a valid file was submitted.
   Feb 08 09:29:12 lb-group-web-app-v1d2-dqsv afs-site: WARN
o.a.s.i.FileUploadInterceptor: Could not find a Content-Type for upload.
Verify that a valid file was submitted.

   Feb 08 09:33:39 lb-group-web-app-v1d2-dqsv afs-site: WARN
o.a.s.i.ActionFileUploadInterceptor: Could not find a Filename for
upload. Verify that a valid file was submitted.
   Feb 08 09:33:39 lb-group-web-app-v1d2-dqsv afs-site: WARN
o.a.s.i.FileUploadInterceptor: Could not find a Content-Type for upload.
Verify that a valid file was submitted.


-- Original Message --
 From "Burton Rhodes"
To "Struts Developers List"
Date 2/9/2024 9:43:18 AM
Subject Re: [7.0.0-M3] Error message


Also, I am finding quite a few of these "generic" errors in my logs (Error 
uploading: {0}!), and I believe it's happening when the upload fails either through a 
broken pipe/connection or client abort.  I haven't had the time to test it though to be 
sure why these are being generated in my error logs.



-- Original Message --

>From "Burton Rhodes" 

To "Struts Developers List"
Date 2/9/2024 9:38:12 AM
Subject Re: [7.0.0-M3] Error message


The easiest example is when a custom "saveDir" is not accessible.  (e.g. no 
security access).  This will throw a generic FileUploadException with no identifiable 
file.


-- Original Message --

>From "Lukasz Lenart" 

To "Struts Developers List"
Date 2/9/2024 9:34:36 AM
Subject Re: [7.0.0-M3] Error message


pt., 9 lut 2024 o 16:21 Burton Rhodes  napisał(a):

  I haven't had time yet, but I will try this weekend.

Could you share a use case when it can happen?


Cheers
Lukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org


-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org


-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: file uploading

2024-02-13 Thread Greg Huber 
Yes, only in the java templates plugin.  Will do a PR.

On Tue, 13 Feb 2024 at 15:18, Łukasz Lenart  wrote:

> I noticed your ticket in JIRA, so this problem is only related to the
> Java templates plugin?
>
> pon., 12 lut 2024 o 16:56 Greg Huber  napisał(a):
> >
> > This is happening on the current version.
> >
> > I was just looking at what I need to do for the
> ActionFileUploadInterceptor.
> >
> > On Mon, 12 Feb 2024 at 15:52, Lukasz Lenart 
> wrote:
> >
> > > pon., 12 lut 2024 o 16:48 Greg Huber  napisał(a):
> > > >
> > > > Current version 6.3.0.2.
> > >
> > > This version doesn't contain a new file upload interceptor, it's a
> > > part of 6.4.0 & 7.0.0
> > > https://issues.apache.org/jira/browse/WW-5371
> > >
> > >
> > > Regards
> > > Lukasz
> > >
> > > -
> > > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> > > For additional commands, e-mail: dev-h...@struts.apache.org
> > >
> > >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: file uploading

2024-02-12 Thread Greg Huber 
This is happening on the current version.

I was just looking at what I need to do for the ActionFileUploadInterceptor.

On Mon, 12 Feb 2024 at 15:52, Lukasz Lenart  wrote:

> pon., 12 lut 2024 o 16:48 Greg Huber  napisał(a):
> >
> > Current version 6.3.0.2.
>
> This version doesn't contain a new file upload interceptor, it's a
> part of 6.4.0 & 7.0.0
> https://issues.apache.org/jira/browse/WW-5371
>
>
> Regards
> Lukasz
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: file uploading

2024-02-12 Thread Greg Huber 
Current version 6.3.0.2.

On Mon, 12 Feb 2024 at 15:45, Lukasz Lenart  wrote:

> pon., 12 lut 2024 o 16:36 Greg Huber  napisał(a):
> >
> > Was looking at switching to the new FileUploadInterceptor.
> >
> > But testing the current version, I noticed that after the upload it gives
> > details of the webapp location in the value attribute.
> >
> > 
> >
> >
> ..value="/dev/apache-tomcat/apache-tomcat-9.0.85/work/Catalina/localhost/ROOT##/upload_52c5bcff_6363_4414_b23e_fe49bb3f3af7_0462.tmp"
> > .
> >
> > To clear this I have to set value=""
> >
> > ie 
> >
> > Is this intentional?  I like to try and hide such info.
>
> Rather a mistake, which version have you been using?
>
>
> Regards
> Łukasz
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

file uploading

2024-02-12 Thread Greg Huber 
Was looking at switching to the new FileUploadInterceptor.

But testing the current version, I noticed that after the upload it gives
details of the webapp location in the value attribute.



..value="/dev/apache-tomcat/apache-tomcat-9.0.85/work/Catalina/localhost/ROOT##/upload_52c5bcff_6363_4414_b23e_fe49bb3f3af7_0462.tmp"
.

To clear this I have to set value=""

ie 

Is this intentional?  I like to try and hide such info.

Re: [7.0.0-M1] Actions not setting parameters with Multi-part forms

2024-01-23 Thread Greg Huber 

I use the default which is

struts.multipart.parser=org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest 



What would the jakarta-stream do that is different?

On 23/01/2024 03:12, Burton Rhodes wrote:
The biggest issue I'm having at the moment is with all of my 
multi-part forms that include parameter data and a file. The action 
does receive the file, but the parameter "team.company" is set to the 
String value of stream, for example:
"org.apache.commons.fileupload2.core.MultipartInput$ItemInputStream@1afaa502" 
 Am I missing something obvious?


To add, it actually doesn't matter if I have a file field in the 
form.  Any form with [enctype="multipart/form-data"] never sets the 
action fields properly.  Is there a different parser I should be 
referencing?  Or are my interceptors not correct?



Example Form
    method="post" enctype="multipart/form-data" 
accept-charset="utf-8">

    
    
    


Parser


Interceptor Stack

    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    input,back,cancel,browse
    
    
    input,back,cancel,browse
    
    



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [TEST] Apache Struts 7.0.0-M1 test build is ready

2024-01-23 Thread Greg Huber 
Seems to pass all my tests and  runs good.  Upload seems to work OK, 
both my ajax and struts version.


Stack:

zulu17.42.19-ca-crac-jdk17.0.7-linux_x64

Spring framework 6.1.3

Spring Security 6.2.1

apache-tomcat-10.1.18

On 20/01/2024 11:12, Lukasz Lenart wrote:

Hello,

This is the first version of Struts 7.x series, this a very first
release based on JakartaEE. Please take the time and test the bits -
any help is appreciated. Please report any problems you will spot.

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M1

Staging Maven repo
https://repository.apache.org/content/groups/staging/

* please read our guideline how to setup your Maven build to include
the Staging repository
https://struts.apache.org/builds.html#test-builds

Standalone artifacts
https://nightlies.apache.org/struts/snapshot/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M1


Kind regards
--
Łukasz

-
To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
For additional commands, e-mail:dev-h...@struts.apache.org

Re: tooltip on

2023-10-11 Thread Greg Huber 

Great, thanks.

...whilst the iron is hot, I was looking at the tooltip template code 
for theme simple.


There is a template form-close-tooltips.ftl that includes the domTT.js 
and domTT.css, but I cannot see how it actually adds the tool tip.


Possibly this needs to be removed as it looks like it is not supported 
(on the simple theme),


#

Could modify common-attributes.ftl to include the tooltip stuff as a title:

<#if parameters.accesskey?has_content>
 accesskey="${parameters.accesskey}"<#rt/>
<#rt/>
<#if parameters.tooltip??>
 title="${parameters.tooltip}"<#rt/>
<#rt/>

...but then should use the title rather than the tooltip on the component.

On 10/10/2023 14:20, Lukasz Lenart wrote:

wt., 10 paź 2023 o 11:50 Greg Huber  napisał(a):

My bad the filter mapping has changed from /struts/*.


   struts2
   /static/*


Although the docs don't mention this, if you app is bigger and only
filter on the .action you need to map the static.


   struts2
   *.action



   struts2
   /static/*


Great! I extended the description to match your case, is this clear enough?
https://github.com/apache/struts-site/pull/206


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: tooltip on

2023-10-10 Thread Greg Huber 

My bad the filter mapping has changed from /struts/*.


 struts2
 /static/*


Although the docs don't mention this, if you app is bigger and only 
filter on the .action you need to map the static.



 struts2
 *.action



 struts2
 /static/*


On 08/10/2023 12:30, Łukasz Lenart wrote:

Maybe serving static content is disabled
https://struts.apache.org/core-developers/static-content


(mobile)


W dniu niedz., 8.10.2023 o 13:23 Greg Huber
napisał(a):


All I get is a 404

Loading failed for the

Re: tooltip on

2023-10-08 Thread Greg Huber 

All I get is a 404

Loading failed for the

Re: tooltip on

2023-10-08 Thread Greg Huber 

Not to sure what you mean?

Its auto generated by

/core/src/main/resources/template/simple/form-close-tooltips.ftl


<#if (parameters.hasTooltip!false)><#t/>

<#lt/>

<#lt/><@s.script type="text/javascript" 
src="${base}${parameters.staticContentPath}/domTT.js" />


<#lt/><@s.link rel="stylesheet" type="text/css" 
href="${base}${parameters.staticContentPath}/domTT.css" />


<#t/>

On 08/10/2023 11:44, Lukasz Lenart wrote:

niedz., 8 paź 2023 o 12:08 Greg Huber  napisał(a):

How is this supposed to work?

I get this at the bottom of the form, but for me it maps to an invalid url?






http://www.xx.xx/static/domTT.js

Is there some js that is supposed to take care of this?

https://struts.apache.org/tag-developers/textfield-tag  does not mention
anything.

Try to use





Regards

tooltip on

2023-10-08 Thread Greg Huber 

How is this supposed to work?

I get this at the bottom of the form, but for me it maps to an invalid url?






http://www.xx.xx/static/domTT.js

Is there some js that is supposed to take care of this?

https://struts.apache.org/tag-developers/textfield-tag does not mention 
anything.

Re: Struts 2.5.x EOL

2023-10-04 Thread Greg Huber 

Spring 5 Framework has an EOL of 2024-12-31, and 6 is Java 17+.


 * Spring Framework 6.1.x: Jakarta EE 9-11 (jakarta namespace)
 * Spring Framework 6.0.x: Jakarta EE 9-10 (jakarta namespace)
 * Spring Framework 5.3.x: Java EE 7-8 (javax namespace)



On 04/10/2023 05:32, Lukasz Lenart wrote:

Hi,

I would like to announce that we end support for Struts 2.5.x branch.
Is setting this date to the 1st of the new year ok? Not too short a
period of time?


Regards

Re: Struts 2.5.x EOL

2023-10-04 Thread Greg Huber 

+1.

If we are going to create a plugin for the Jakarta changes, would 
make it easier.


On 04/10/2023 05:32, Lukasz Lenart wrote:

Hi,

I would like to announce that we end support for Struts 2.5.x branch.
Is setting this date to the 1st of the new year ok? Not too short a
period of time?


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Apache Struts 6.3.0

2023-09-01 Thread Greg Huber 

Works great for me.  Thanks.

[x] General Availability (GA)

On 01/09/2023 07:44, Lukasz Lenart wrote:

Once you have had a chance to review the test build, please respond
with a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Everyone who has tested the build is invited to vote. Votes by PMC
members are considered binding. A vote passes if there are at least
three binding +1s and more +1s than -1s.


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Apache Struts 6.3.0

2023-08-31 Thread Greg Huber 

Is this vote still open?

On 30/08/2023 12:01, Lukasz Lenart wrote:

There is a blocker [1] discovered by Kusal, should I merge the PR into
the master branch and roll a new release -> 6.3.1 or rather clean up
everything and start over with 6.3.0.
Some uses get confused if there is there is a patch release without
having a minor release (having 6.3.1 without releasing 6.3.0)

[1] https://github.com/apache/struts/pull/744


Regards
Łukasz

śr., 30 sie 2023 o 10:50 Lukasz Lenart  napisał(a):

The Apache Struts 6.3.0 test build is available. With this release the
following issues were addressed:

Improvement
[WW-5233] - Include Apache Tiles code base in the Tiles plugin
[WW-5321] - notify / document about new maxStringLength limitation
[WW-5327] - Stop using JavaBeans notation for setters in
SecurityMemberAccess & MemberAccessValueStack
[WW-5332] - Validate excluded package name list for missing commas
[WW-5334] - Misc VelocityManager code cleanup
[WW-5336] - Merge OgnlTool class into StrutsUtil class
[WW-5337] - Improve performance of excluded classes and packages

Bug
[WW-5330] - Issue when submitting a form with a textarea containing
more than 4000 characters.
[WW-5331] - Access to request attributes via tags is broken

Dependency
[WW-5315] - Upgrades ASM to version 9.5
[WW-5316] - Upgrades commons-io to version 2.13.0
[WW-5317] - Upgrades log4j-api to version 2.20.0
[WW-5318] - Upgrades slf4j-api to version 2.0.7
[WW-5320] - finish Reproducible Builds
[WW-5322] - Upgrade Jackson version to 2.15.2
[WW-5323] - Upgrade JasperReports to version 6.20.5
[WW-5325] - Upgrade commons-lang3 to version 2.13.0
[WW-5329] - Upgrade xstream to version 1.4.20

Release notes:
* https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.3.0

Github release
* https://github.com/apache/struts/releases/tag/STRUTS_6_3_0

Distribution:
* https://dist.apache.org/repos/dist/dev/struts/6.3.0/

Maven 2 staging repository:
* https://repository.apache.org/content/repositories/staging/

Once you have had a chance to review the test build, please respond
with a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Everyone who has tested the build is invited to vote. Votes by PMC
members are considered binding. A vote passes if there are at least
three binding +1s and more +1s than -1s.

The vote will remain open for at least 72 hours, longer upon request.
A vote can be amended at any time to upgrade or downgrade the quality
of the release based on future experience. If an initial vote
designates the build as "Beta", the release will be submitted for
mirroring and announced to the user list. Once released as a public
beta, subsequent quality votes on a build may be held on the user
list.

As always, the act of voting carries certain obligations. A binding
vote not only states an opinion, but means that the voter is agreeing
to help do the work.


Kind regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: tiles taglib

2023-07-20 Thread Greg Huber 
Whichever.If any kind of custom velocity and use tiles, please give 
the rc a spin.


On 19/07/2023 16:39, Lukasz Lenart wrote:

Yet this can break backward compatibility, users will have to switch
to the new tags uri. Not sure if this is a good idea.


Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

pon., 17 lip 2023 o 13:03 Greg Huber  napisał(a):

...if we do change it, it is built with pom build-autotags

Changed in  BuildAutotags.java

String taglibURI = "/struts-tiles";

and copied over from target.

On 17/07/2023 10:47, Lukasz Lenart wrote:

pon., 17 lip 2023 o 11:44 Greg Huber  napisał(a):>

I now get this pesky error (eclipse) using this

<%@ taglib uri="http://tiles.apache.org/tags-tiles"; prefix="tiles" %>

Maybe we are missing something for this?

Probably we should change that to a Struts related uri


Regards

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: tiles taglib

2023-07-17 Thread Greg Huber 

...if we do change it, it is built with pom build-autotags

Changed in  BuildAutotags.java

  String taglibURI = "/struts-tiles";

and copied over from target.

On 17/07/2023 10:47, Lukasz Lenart wrote:

pon., 17 lip 2023 o 11:44 Greg Huber  napisał(a):>

I now get this pesky error (eclipse) using this

<%@ taglib uri="http://tiles.apache.org/tags-tiles"; prefix="tiles" %>

Maybe we are missing something for this?

Probably we should change that to a Struts related uri


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: tiles taglib

2023-07-17 Thread Greg Huber 

A good idea.

./struts-tiles

###

I guess an eclipse thing.  Every thing looks ok.


On 17/07/2023 10:47, Lukasz Lenart wrote:

pon., 17 lip 2023 o 11:44 Greg Huber  napisał(a):>

I now get this pesky error (eclipse) using this

<%@ taglib uri="http://tiles.apache.org/tags-tiles"; prefix="tiles" %>

Maybe we are missing something for this?

Probably we should change that to a Struts related uri


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

tiles taglib

2023-07-17 Thread Greg Huber 

I now get this pesky error (eclipse) using this


<%@ taglib uri="http://tiles.apache.org/tags-tiles"; prefix="tiles" %>


Maybe we are missing something for this?



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [TEST] Apache Struts 6.3.0-RC1 test build is read

2023-07-16 Thread Greg Huber 

Work great for me.😁

Thanks.

On 16/07/2023 09:23, Lukasz Lenart wrote:

Hello,

This is another minor version of Struts 6.x series, yet it includes
the Apache Struts tiles code base instead of depending on the outdated
libraries. Please take the time and test the bits - any help is
appreciated. Please report any problems you will spot.

Here are the changes from the previous version:
https://github.com/apache/struts/releases/tag/STRUTS_6_3_0_RC1

Staging Maven repo
https://repository.apache.org/content/groups/staging/

* please read our guideline how to setup your Maven build to include
the Staging repository
https://struts.apache.org/builds.html#test-builds

Standalone artifacts
https://dist.apache.org/repos/dist/dev/struts/6.3.0-RC1/

Release notes
https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.3.0


Kind regards
--
Łukasz

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Apache Struts 6.2.0

2023-07-05 Thread Greg Huber 

Work great for me.  Thanks.

On 05/07/2023 11:25, Lukasz Lenart wrote:

[x] General Availability (GA) (B)


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

blog post not helpful

2023-06-08 Thread Greg Huber 

I noticed on searching, that it shows "a people ask",

If I click on the link, Is Struts 2 outdated?

People also ask

Is Struts 2 outdated?

Yes, you can be surprised but *after almost 18 years on the market the 
Apache Struts project is still maintained and under active 
development*.10 Sept 2018



It links to this 
https://blog.softwaremill.com/the-apache-struts-still-alive-b7ea7bc7b7ed


Can the block post be changed, asit has taken the text out of context, 
and is not helpful.

Re: String variable with a number s:if test

2023-05-25 Thread Greg Huber 

Ah, ok not to use .equals().

Think here the type started of as "type1" "type2".. "typeA" "typeB" 
etc and got refactored to 1,2...A,B etc so had an impact.


###

May be it would be faster also to use ==  rather than .equals()?

I do alot of !bean.imageSource.equals('')

Thanks!

On 25/05/2023 08:17, Lukasz Lenart wrote:

czw., 25 maj 2023 o 09:12 Greg Huber  napisał(a):



Thanks, need to try and remembered this! Would explain why some of my item 
types don't select/work as expected.

I would use "==" to be sure, as documented in
https://ognl.orphan.software/language-guide#operators

"e1 == e2"; e1 eq e2 - Equality test

Equality is tested for as follows. If either value is null, they are
equal if and only if both are null. If they are the same object or the
equals() method says they are equal, they are equal. If they are both
Numbers, they are equal if their values as double-precision floating
point numbers are equal. Otherwise, they are not equal. These rules
make numbers compare equal more readily than they would normally, if
just using the equals method.

So the final version is:




Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: String variable with a number s:if test

2023-05-25 Thread Greg Huber 




Thanks, need to try and remembered this! Would explain why some of my item 
types don't select/work as expected.

On 24/05/2023 12:26, Lukasz Lenart wrote:

śr., 24 maj 2023 o 11:23 Greg Huber  napisał(a):

If I have a bean with a variable of type of String

ie public String getType() { return type; }

AND it has a number, eg 2.

In my jsp

Does not work:



I must use this:



Is this how it should work?

Some old code uses .equals('2'), as the bean is a string, and is not
working as expected.🙁  Maybe it has always been wrong?

Did you try to use:



?

As '*' indicates a char


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

String variable with a number s:if test

2023-05-24 Thread Greg Huber 

If I have a bean with a variable of type of String

ie public String getType() { return type; }

AND it has a number, eg 2.

In my jsp

Does not work:



I must use this:



Is this how it should work?

Some old code uses .equals('2'), as the bean is a string, and is not 
working as expected.🙁  Maybe it has always been wrong?




-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Struts 6.2.0

2023-05-17 Thread Greg Huber 
Maybe a separate release immediately after 6.2.0?  It is only a 
refactor, with no code changes, but might have missed something 
especially if using velocity heavily.


On 16/05/2023 19:56, Lukasz Lenart wrote:

Hi,

I think it's time to release a new version which addresses over 50
issues [1] and I want to merge two more PRs [2]

I wonder if we should include Tiles codebase [3] in 6.2.0 or rather
makes this a dedicated release just narrowed to replacing Tiles
dependency with the copied code.

[1] https://issues.apache.org/jira/projects/WW/versions/12352403
[2] https://github.com/apache/struts/pulls
[3] https://github.com/apache/struts/pull/608


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

action="%{tmp}" on other tags

2023-04-19 Thread Greg Huber 

The form tag




does this :



On 19/04/2023 08:25, Lukasz Lenart wrote:

śr., 19 kwi 2023 o 09:19 Greg Huber  napisał(a):

clickById("entry_%{#mainAction}!publish")

This patch fixes the format by calculating the action first:

https://github.com/apache/struts/commit/d7cf72c92eb84437eb9794b56c2525b389cf7900

This is really a hack to satisfy Roller requirements, but looks like
this clearly explains the expectations: calculate ID based on action
AND method at the same time, is that correct?


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: looking at roller upgrade again

2023-04-19 Thread Greg Huber 

hack to satisfy Roller requirements


Well I don't think its a hack, to have the variable name as part of the 
id does not seem correct to me


eg

    entryEdit
    


ie the name would be :

entry___tmp__saveDraft

vs

entry_entryEdit_saveDraft


calculate ID based on action
AND method at the same time, is that correct?


yes, other tags must be doing this already?

On 19/04/2023 08:25, Lukasz Lenart wrote:

śr., 19 kwi 2023 o 09:19 Greg Huber  napisał(a):

clickById("entry_%{#mainAction}!publish")

This patch fixes the format by calculating the action first:

https://github.com/apache/struts/commit/d7cf72c92eb84437eb9794b56c2525b389cf7900

This is really a hack to satisfy Roller requirements, but looks like
this clearly explains the expectations: calculate ID based on action
AND method at the same time, is that correct?


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: looking at roller upgrade again

2023-04-19 Thread Greg Huber 

@Greg Huber is the current approach ok?
https://github.com/apache/struts/pull/678


This works but not really related to this formatting issue.

As there is nothing wrong with Struts, it never formatted it correctly in the 
first place, which can be seen from the test clickById :

clickById("entry_%{#mainAction}!publish")
 


This patch fixes the format by calculating the action first:

https://github.com/apache/struts/commit/d7cf72c92eb84437eb9794b56c2525b389cf7900

Maybe there is another approach that other tags use?   I will have another look.

On 19/04/2023 07:51, Lukasz Lenart wrote:

I'm sorry Yasser if you took this personally - escape logic has
changed and on first thought that was the cause. After investigating
the thing deeper I found it isn't just this but also missing support
for evaluation of ID which bases on action or method.

Previously ID was evaluated on set (in the setter) to overcome some
problems, yet it was too early and I have changed this logic sometime
ago, yet still this affected only tags with ID defined.

@Greg Huber is the current approach ok?
https://github.com/apache/struts/pull/678


Cheers
--
Łukasz

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: looking at roller upgrade again

2023-04-15 Thread Greg Huber 
I think it was always wrong as the test is checking for : 
entry_%{#mainAction}!publish


clickById("entry_%{#mainAction}!publish")


On 14/04/2023 19:17, Yasser Zamani wrote:
Thank you for the explanation Greg. Yes I agree that previously it was 
looking better. Currently am wondering how previous Struts was 
generating the id from an evaluated name! Because as you see below, 
Struts is and was keeping name property unchanged via introducing a 
local var named name:


    String name = findString(this.name); // previous version
    String translatedName = findString(this.name); // current version

You see. I just renamed local var name to translatedName to not 
confuse name with this.name. So am wondering how _tmp_id = 
...escape(name)...; uses an evaluated name in previous versions!


Regards.

On 4/12/2023 7:13 PM, Greg Huber wrote:

There is nothing wrong with struts.

There is a selenium test in roller that checks on the id

clickById("entry_%{#mainAction}!publish");

it now has:
entrymainAction__publish

ie it escapes %{#}! with spaces.

To match other tags, it should evaluate %{#mainAction}

ie using the form below:


 entryEdit
 


entry_entryEdit_publish

Whether this is is needed or not is debatable, although it looks better.

But, it is just as easy to change the test to be:
entrymainAction__publish.


On Wed, 12 Apr 2023 at 14:27, Yasser Zamani  
wrote:



Sorry I didn't get what the problem exactly is.

1. Was your app depended to Struts internal behavior of id generation
and so your app is broken now?

2. Or no, Struts itself is broken now by my change?


On 4/11/2023 10:16 AM, Greg Huber wrote:

More housekeeping, the id on the form tag never supported %{..} on the
action attribute. ie action="%{#mainAction}!saveDraft"

On 10/04/2023 20:37, Yasser Zamani wrote:

Hi there, please see inline...

On 4/3/2023 11:18 AM, Lukasz Lenart wrote:

The change has been introduced here [1] and the problem is that it
replaces any non-alphanumeric character with "_". Also it works 
on an

unevaluated version of the "name" attribute (in case if the "id"
attribute is not defined). I think this is a bug and I'm not sure 
why

the "escape" method has been changed in case of fixing double
evaluations (its main purpose was JavaScript-friendliness)


Because it was also reported in same report by our last security
report. It's required and is a common practice to avoid XSS.

If some plugin has a problem with it, then it also need to be fixed
(i.e. replace any non-alpha with _) because it's only for Struts
internal usage and users shouldn't depend on Struts internal 
behavior.


Best Regards,
Yasser



[1]

https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897 




Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

sob., 1 kwi 2023 o 12:43 Greg Huber  
napisał(a):


Maybe a user question (sorry)

Using action like this : action="%{#mainAction}!saveDraft"/> struts
seems to get the "id" wrong?  ...but the "name" correct.

eg:

entryEdit



renders:

id="entrymainAction__saveDraft" 
name="action:entryAdd!saveDraft"

class="btn btn-warning">


Should be




#

If I try it on my app it does the same thing




action="%{myConfigz}!save"

accesskey="s" />



renders:




should be







- 


To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



- 


To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org






-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: looking at roller upgrade again

2023-04-12 Thread Greg Huber 
There is nothing wrong with struts.

There is a selenium test in roller that checks on the id

clickById("entry_%{#mainAction}!publish");

it now has:
entrymainAction__publish

ie it escapes %{#}! with spaces.

To match other tags, it should evaluate %{#mainAction}

ie using the form below:


entryEdit



entry_entryEdit_publish

Whether this is is needed or not is debatable, although it looks better.

But, it is just as easy to change the test to be:
entrymainAction__publish.


On Wed, 12 Apr 2023 at 14:27, Yasser Zamani  wrote:

> Sorry I didn't get what the problem exactly is.
>
> 1. Was your app depended to Struts internal behavior of id generation
> and so your app is broken now?
>
> 2. Or no, Struts itself is broken now by my change?
>
>
> On 4/11/2023 10:16 AM, Greg Huber wrote:
> > More housekeeping, the id on the form tag never supported %{..} on the
> > action attribute. ie action="%{#mainAction}!saveDraft"
> >
> > On 10/04/2023 20:37, Yasser Zamani wrote:
> >> Hi there, please see inline...
> >>
> >> On 4/3/2023 11:18 AM, Lukasz Lenart wrote:
> >>> The change has been introduced here [1] and the problem is that it
> >>> replaces any non-alphanumeric character with "_". Also it works on an
> >>> unevaluated version of the "name" attribute (in case if the "id"
> >>> attribute is not defined). I think this is a bug and I'm not sure why
> >>> the "escape" method has been changed in case of fixing double
> >>> evaluations (its main purpose was JavaScript-friendliness)
> >>
> >> Because it was also reported in same report by our last security
> >> report. It's required and is a common practice to avoid XSS.
> >>
> >> If some plugin has a problem with it, then it also need to be fixed
> >> (i.e. replace any non-alpha with _) because it's only for Struts
> >> internal usage and users shouldn't depend on Struts internal behavior.
> >>
> >> Best Regards,
> >> Yasser
> >>
> >>>
> >>> [1]
> >>>
> https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
> >>>
> >>>
> >>> Regards
> >>> --
> >>> Łukasz
> >>> + 48 606 323 122 http://www.lenart.org.pl/
> >>>
> >>> sob., 1 kwi 2023 o 12:43 Greg Huber  napisał(a):
> >>>>
> >>>> Maybe a user question (sorry)
> >>>>
> >>>> Using action like this : action="%{#mainAction}!saveDraft"/> struts
> >>>> seems to get the "id" wrong?  ...but the "name" correct.
> >>>>
> >>>> eg:
> >>>>
> >>>> entryEdit
> >>>>
> >>>>  >>>> value="%{getText('weblogEdit.save')}"
> >>>> action="%{#mainAction}!saveDraft"/>
> >>>>
> >>>> renders:
> >>>>
> >>>>  >>>> id="entrymainAction__saveDraft" name="action:entryAdd!saveDraft"
> >>>> class="btn btn-warning">
> >>>>
> >>>>
> >>>> Should be
> >>>>
> >>>>  >>>> id="entry_entryAdd_saveDraft"
> >>>> name="action:entryAdd!saveDraft" class="btn btn-warning">
> >>>>
> >>>>
> >>>> #
> >>>>
> >>>> If I try it on my app it does the same thing
> >>>>
> >>>>  >>>> method="post">
> >>>>
> >>>> 
> >>>>  >>>> accesskey="s" />
> >>>>
> >>>> 
> >>>>
> >>>> renders:
> >>>>
> >>>>  >>>> id="myConfig___myConfigz__save" accesskey="s">
> >>>>
> >>>>
> >>>> should be
> >>>>
> >>>>  >>>> id="myConfig_myConfig_save" accesskey="s">
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> -
> >>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> >>>> For additional commands, e-mail: dev-h...@struts.apache.org
> >>>>
> >>>
> >>> -
> >>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> >>> For additional commands, e-mail: dev-h...@struts.apache.org
> >>>
> >>
> >> -
> >> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> >> For additional commands, e-mail: dev-h...@struts.apache.org
> >>
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> > For additional commands, e-mail: dev-h...@struts.apache.org
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: looking at roller upgrade again

2023-04-10 Thread Greg Huber 
More housekeeping, the id on the form tag never supported %{..} on the 
action attribute. ie action="%{#mainAction}!saveDraft"


On 10/04/2023 20:37, Yasser Zamani wrote:

Hi there, please see inline...

On 4/3/2023 11:18 AM, Lukasz Lenart wrote:

The change has been introduced here [1] and the problem is that it
replaces any non-alphanumeric character with "_". Also it works on an
unevaluated version of the "name" attribute (in case if the "id"
attribute is not defined). I think this is a bug and I'm not sure why
the "escape" method has been changed in case of fixing double
evaluations (its main purpose was JavaScript-friendliness)


Because it was also reported in same report by our last security 
report. It's required and is a common practice to avoid XSS.


If some plugin has a problem with it, then it also need to be fixed 
(i.e. replace any non-alpha with _) because it's only for Struts 
internal usage and users shouldn't depend on Struts internal behavior.


Best Regards,
Yasser



[1] 
https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897



Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

sob., 1 kwi 2023 o 12:43 Greg Huber  napisał(a):


Maybe a user question (sorry)

Using action like this : action="%{#mainAction}!saveDraft"/> struts
seems to get the "id" wrong?  ...but the "name" correct.

eg:

entryEdit



renders:




Should be

id="entry_entryAdd_saveDraft"

name="action:entryAdd!saveDraft" class="btn btn-warning">


#

If I try it on my app it does the same thing








renders:




should be







-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: looking at roller upgrade again

2023-04-10 Thread Greg Huber 

Modified version here

https://github.com/gregh3269/struts/tree/WW-5302-unevaluated-id



  myConfig
  action="%{#mainAction}!save" />
  method="save" />


  id="myConfig_myConfig_save">




On 09/04/2023 15:16, Lukasz Lenart wrote:

niedz., 9 kwi 2023 o 12:20 Greg Huber  napisał(a):

Testing the branch it is still the same?

Please try now


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: looking at roller upgrade again

2023-04-10 Thread Greg Huber 

branch WW-5302-unevaluated-id

Seems the same to me.  Note the action has a variable: %{#mainAction}!save

All it seems to be doing is escaping action: %{#mainAction}!save :

%{#mainAction}!save

___mainAction}_save

On 09/04/2023 15:16, Lukasz Lenart wrote:

niedz., 9 kwi 2023 o 12:20 Greg Huber  napisał(a):

Testing the branch it is still the same?

Please try now


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: looking at roller upgrade again

2023-04-09 Thread Greg Huber 

Testing the branch it is still the same?

myConfig


id="myConfigmainAction__save" >


What we want is:

id="myConfig_myConfig_save" >


##

It needs this from previous email

// determine actual action
ActionMapping mapping = new ActionMapping();
mapping.setName(findString(action));
if (method != null) {
    mapping.setMethod(findString(method));
}
mapping.setExtension("");
String tmp = actionMapper.getUriFromActionMapping(mapping);
_tmp_id = _tmp_id + escape(tmp);


On 09/04/2023 10:52, Lukasz Lenart wrote:

PR is ready
https://github.com/apache/struts/pull/678

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: looking at roller upgrade again

2023-04-09 Thread Greg Huber 





I guess what we want.

###

In the FormButton populateComponentHtmlId(Form form) it evaluates the action based on the text 
rather than the "actual" action.  If the action is determined from the mapping it renders 
correctly. See "// determine actual action" in code below

entryEdit



renders:



#

org.apache.struts2.components.FormButton

protected void populateComponentHtmlId(Form form) {
String _tmp_id = "";
if (id != null) {
// this check is needed for backwards compatibility with 2.1.x
_tmp_id = findString(id);
} else {
if (form != null && form.getParameters().get("id") != null) {
_tmp_id = _tmp_id + form.getParameters().get("id").toString() + 
"_";
}
if (name != null) {
_tmp_id = _tmp_id + escape(name);
} else if (action != null || method != null) {
if (action != null) {
//_tmp_id = _tmp_id + escape(tmp);

// determine actual action
ActionMapping mapping = new ActionMapping();
mapping.setName(findString(action));
if (method != null) {
mapping.setMethod(findString(method));
}
mapping.setExtension("");
String tmp = actionMapper.getUriFromActionMapping(mapping);
_tmp_id = _tmp_id + escape(tmp);


}
//if (method != null) {
//_tmp_id = _tmp_id + "_" + escape(method);
//}
} else {
// if form is null, this component is used, without a form, i 
guess
// there's not much we could do then.
if (form != null) {
_tmp_id = _tmp_id + form.getSequence();
}
}
}
addParameter("id", _tmp_id);
addParameter("escapedId", escape(_tmp_id));
}



On 08/04/2023 20:00, Lukasz Lenart wrote:

What about such an approach?



The ID is generated based on the evaluated version of the name attribute.


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: looking at roller upgrade again

2023-04-03 Thread Greg Huber 

Thanks.

There is a selenium test in roller that checks on the id

clickById("entry_%{#mainAction}!publish");

it now has:

entrymainAction__publish"

I guess its a matter of modifying the test, as %{ characters etc may not 
be desirable the id field?


On 03/04/2023 08:48, Lukasz Lenart wrote:

The change has been introduced here [1] and the problem is that it
replaces any non-alphanumeric character with "_". Also it works on an
unevaluated version of the "name" attribute (in case if the "id"
attribute is not defined). I think this is a bug and I'm not sure why
the "escape" method has been changed in case of fixing double
evaluations (its main purpose was JavaScript-friendliness)

[1] 
https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897


Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

sob., 1 kwi 2023 o 12:43 Greg Huber  napisał(a):

Maybe a user question (sorry)

Using action like this : action="%{#mainAction}!saveDraft"/> struts
seems to get the "id" wrong?  ...but the "name" correct.

eg:

entryEdit



renders:




Should be




#

If I try it on my app it does the same thing








renders:




should be







-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

looking at roller upgrade again

2023-04-01 Thread Greg Huber 

Maybe a user question (sorry)

Using action like this : action="%{#mainAction}!saveDraft"/> struts 
seems to get the "id" wrong?  ...but the "name" correct.


eg:

entryEdit



renders:

id="entrymainAction__saveDraft" name="action:entryAdd!saveDraft" 
class="btn btn-warning">



Should be

name="action:entryAdd!saveDraft" class="btn btn-warning">



#

If I try it on my app it does the same thing

method="post">



accesskey="s" />




renders:

id="myConfig___myConfigz__save" accesskey="s">



should be

id="myConfig_myConfig_save" accesskey="s">






-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Fwd: Struts2-bootstrap-plugin

2023-03-23 Thread Greg Huber 

This may not be an issue.  So please ignore the previous email.

..dependency stuff linked with using the plugin.

 Forwarded Message 
Subject:Struts2-bootstrap-plugin
Date:   Thu, 23 Mar 2023 10:02:55 +
From:   Greg Huber 
To: Struts Developers List 



I was looking at apache roller which uses the struts2-bootstrap-plugin.

When I check the generated id's they seem to have extra underscores?

id="entrymainAction__publish" name="action:entryEdit!publish" 
class="btn btn-success">


Is this intentional?

###

When I look at "normal" tags only see one underscore:

name="action:myAdd!save">

Struts2-bootstrap-plugin

2023-03-23 Thread Greg Huber 

I was looking at apache roller which uses the struts2-bootstrap-plugin.

When I check the generated id's they seem to have extra underscores?

id="entrymainAction__publish" name="action:entryEdit!publish" 
class="btn btn-success">


Is this intentional?

###

When I look at "normal" tags only see one underscore:

name="action:myAdd!save">



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Apache tiles

2023-03-20 Thread Greg Huber 

Dave,

BTW, Struts devs are planning to merge the tiles code base into the 
Struts Tiles Plugin to eliminate the dependency on the now Attic project.


https://github.com/apache/struts/tree/WW-5233-tiles/plugins/tiles


On 20/03/2023 21:38, Dave wrote:

Hi Laurent and PJ,

The Apache Roller project still uses Struts, Tiles and Velocity and I would
like to see the projects continue and move into Jakarta land. I have some
limited time to help out. What do y'all need help with?

Dave

On Sun, Mar 19, 2023 at 8:01 AM PJ Fanning  wrote:


Hi Laurent,
I don't want to write off the possibility of a Jakarta variant of
Tiles joining the Apache Incubator - but the fact that Apache Tiles
doesn't have an active community around it is going to be a major
impediment. For Apache projects and podlings to succeed, they need a
number of contributors to get involved.
Could you start by putting your code up on Github or somewhere similar
and adding documentation that highlights that you are looking for
collaborators? Maybe there are some forums where some remaining users
of Tiles can be contacted?

There is no impediment to you simply releasing your Jakarta variant of
Tiles yourself or via some organisation that you are involved with
(e.g. a company that you work with). If you go this route, the ASF
would look like to see that you remove all the ASF branding and
ideally, change the package names.

If you want to avoid having to do all the branding changes and see the
new project join/rejoin the ASF, then I think that you'll need to come
back to us with more collaborators and probably some indication that
they are bought into keeping the project going over the foreseeable
future.

Regards,
PJ


On Sat, 18 Mar 2023 at 06:32, Laurent Schoelens
 wrote:

Hi everyone,

I’m working on Apache Tiles porting to Jakarta EE (without support of

freemarker and velocity, since both of them are still going with javax API)
and my work is going to reach it’s end – all builds are successful, jdk17
baseline and updated dependencies (as far as I know) – but still uncommited
to my personal github account.

I know Tiles is in Attic land of Apache but I’d which to make this first

step (Jakarta migration) go to open-source world, without creating new
projects out of the box.

Tiles is a framework I use on a project, with Spring and since Spring 6

has migrated to Jakarta API, I’m stuck to Spring 5.X if I stay on this.
Changing technology is an option for frontend application but not until a
good rework that may take months (or years, depending on time we have to do
that migration).

Having a Tiles Jakarta port would be great since the technology itself

is working well on my project.

Do you know what can I do to make this properly, according to Apache

work ?

Thanks in advance for your help.

Regards.
L. SCHOELENS

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org




-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Apache tiles

2023-03-20 Thread Greg Huber 

Maybe tiles will live on.

On 20/03/2023 21:38, Dave wrote:

Hi Laurent and PJ,

The Apache Roller project still uses Struts, Tiles and Velocity and I would
like to see the projects continue and move into Jakarta land. I have some
limited time to help out. What do y'all need help with?

Dave

On Sun, Mar 19, 2023 at 8:01 AM PJ Fanning  wrote:


Hi Laurent,
I don't want to write off the possibility of a Jakarta variant of
Tiles joining the Apache Incubator - but the fact that Apache Tiles
doesn't have an active community around it is going to be a major
impediment. For Apache projects and podlings to succeed, they need a
number of contributors to get involved.
Could you start by putting your code up on Github or somewhere similar
and adding documentation that highlights that you are looking for
collaborators? Maybe there are some forums where some remaining users
of Tiles can be contacted?

There is no impediment to you simply releasing your Jakarta variant of
Tiles yourself or via some organisation that you are involved with
(e.g. a company that you work with). If you go this route, the ASF
would look like to see that you remove all the ASF branding and
ideally, change the package names.

If you want to avoid having to do all the branding changes and see the
new project join/rejoin the ASF, then I think that you'll need to come
back to us with more collaborators and probably some indication that
they are bought into keeping the project going over the foreseeable
future.

Regards,
PJ


On Sat, 18 Mar 2023 at 06:32, Laurent Schoelens
 wrote:

Hi everyone,

I’m working on Apache Tiles porting to Jakarta EE (without support of

freemarker and velocity, since both of them are still going with javax API)
and my work is going to reach it’s end – all builds are successful, jdk17
baseline and updated dependencies (as far as I know) – but still uncommited
to my personal github account.

I know Tiles is in Attic land of Apache but I’d which to make this first

step (Jakarta migration) go to open-source world, without creating new
projects out of the box.

Tiles is a framework I use on a project, with Spring and since Spring 6

has migrated to Jakarta API, I’m stuck to Spring 5.X if I stay on this.
Changing technology is an option for frontend application but not until a
good rework that may take months (or years, depending on time we have to do
that migration).

Having a Tiles Jakarta port would be great since the technology itself

is working well on my project.

Do you know what can I do to make this properly, according to Apache

work ?

Thanks in advance for your help.

Regards.
L. SCHOELENS

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org




-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts Maven Archetypes 6.0.0

2023-03-14 Thread Greg Huber 

+1 It works OK.

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[x] General Availability (GA) (B)


On 13/03/2023 12:54, Lukasz Lenart wrote:

One more binding vote is needed :)

pt., 10 mar 2023 o 09:09 Johannes Geppert  napisał(a):

+1 (binding)

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[X] General Availability (GA)

#
web: http://www.jgeppert.com
twitter: http://twitter.com/jogep



Am Fr., 24. Feb. 2023 um 08:51 Uhr schrieb Lukasz Lenart <
lukaszlen...@apache.org>:


The Apache Struts Maven Archetypes 6.0.0 test build is now available.
It includes support for the latest Struts version.

Changes:
*
https://github.com/apache/struts-archetypes/releases/tag/STRUTS_ARCHETYPES_6_0_0

Maven 2 staging repository:
* https://repository.apache.org/content/repositories/orgapachestruts-1126

To test them you must specify a new profile in settings.xml:


 struts-archetypes
 
 
 archetype 
 
https://repository.apache.org/content/repositories/orgapachestruts-1126

 
 true
 fail
 
 
 false
 warn
 
 
 


Now you can run the command:
mvn archetype:generate -Pstruts-archetypes
-Dfilter=org.apache.struts:struts2

and select each archetype, please select version 6.0.0 to test the
current test release

Once you have had a chance to review the test build, please respond
with a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Everyone who has tested the build is invited to vote. Votes by PMC
members are considered binding. A vote passes if there are at least
three binding +1s and more +1s than -1s.

- The Apache Struts group.


Kind regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [CLOSED] [VOTE] [FASTTRACK] Apache Struts 6.1.2

2023-03-13 Thread Greg Huber 

From here:

https://markmail.org/search/?q=6.1.2%20list%3Aorg.apache.struts.users#query:6.1.2%20list%3Aorg.apache.struts.users+page:1+mid:fexjsvlz3u6uwdt5+state:results

Subject: 	[ANN] Apache Struts *6.1.2* 
<http://markmail.org/message/fexjsvlz3u6uwdt5> 	permalink 
<http://markmail.org/message/fexjsvlz3u6uwdt5>

From:   Lukasz Lenart (luka...@apache.org)
Date:   Mar 9, 2023 10:59:12 pm
List:   *org.apache.struts.user*


Can the dev list be added also?

On 13/03/2023 10:27, Lukasz Lenart wrote:

pon., 13 mar 2023 o 10:56 Greg Huber  napisał(a):

OK thanks.  I checked my spam/bin folder, maybe the email did not
get sent?

I have no idea how to check that :)


Regards

Re: [CLOSED] [VOTE] [FASTTRACK] Apache Struts 6.1.2

2023-03-13 Thread Greg Huber 
OK thanks.  I checked my spam/bin folder, maybe the email did not 
get sent?


On 13/03/2023 09:50, Lukasz Lenart wrote:

pon., 13 mar 2023 o 10:46 Greg Huber  napisał(a):

Was there an email of the official release?  May have missed it.

Yes, it was
https://lists.apache.org/thread/5rsp3r0p6sxtqk6yr592txx7lgcd3qnv


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [CLOSED] [VOTE] [FASTTRACK] Apache Struts 6.1.2

2023-03-13 Thread Greg Huber 

Was there an email of the official release?  May have missed it.

On 10/03/2023 06:18, Lukasz Lenart wrote:

Vote passed with result:

GA +1 x3 (binding)
GA +1 x2 (non-binding)

Thanks & regards
Łukasz

śr., 8 mar 2023 o 21:10 Lukasz Lenart  napisał(a):



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] [FASTTRACK] Apache Struts 6.1.2

2023-03-08 Thread Greg Huber 

Works for me.  Thanks.

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[x] General Availability (GA) (B)

On 08/03/2023 20:10, Lukasz Lenart wrote:

The Apache Struts 6.1.2 test build is now available. It includes the
latest security patch which fixes potential security vulnerability:
* missing max files upload limit in Commons FileUpload, CVE-2023-24998
   https://github.com/apache/commons-fileupload/pull/185

Release notes:
* https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.1.2

Distribution:
* https://dist.apache.org/repos/dist/dev/struts/6.1.2/

Maven 2 staging repository:
* https://repository.apache.org/content/repositories/staging/

Once you have had a chance to review the test build, please respond
with a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Everyone who has tested the build is invited to vote. Votes by PMC
members are considered binding. A vote passes if there are at least
three binding +1s and more +1s than -1s.

This is a "fast-track" release vote. If we have a positive vote after
24 hours (at least three binding +1s and more +1s than -1s),  the
release may be submitted for mirroring and announced to the usual
channels.


Regards
Łukasz

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Fileupload on JakartaEE

2023-02-28 Thread Greg Huber 

..probably right, but its always good to have a backup to dependencies.

On 28/02/2023 07:29, Lukasz Lenart wrote:

I think this is not the way to handle the file upload with Servlet API
3.1 - we must wait on upgrading commons-fileupload to version
supporting Jakarta API (btw. Tomcat is using it right now). I will try
to help make this happen :)


Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

niedz., 1 sty 2023 o 10:38 Greg Huber  napisał(a):

I rechecked tomcats work folder to see what the parts are, there are no
files with zero size, only the the hidden fields, submit button (Upload)
and the image.

The two extra parts could be these as they have the name uploadedFiles
and match FieldName=uploadedFiles









##



  
  
  
  
  
  
  
  

  
  
  
  

  
  
    Bulk
Upload  
  
  
  
  
  
  
  
    Upload  
  
  
  
  
  
  
  
  
  
  Upload Files
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  




On 01/01/2023 08:32, Lukasz Lenart wrote:

sob., 31 gru 2022 o 08:18 Greg Huber  napisał(a):

Seems there is more going on, as without it there are two extra parts
with no StoreLocation.

"Without it" - what does that mean?


name=, StoreLocation=null, size=0 bytes, isFormField=false,
FieldName=uploadedFiles

name=myimage.jpg,
StoreLocation=/home/dev/git/myapp/myapp/work/upload_0f8323e4_9dd9_4972_8305_6b7c31911f47_0033.tmp,
size=1050531 bytes, isFormField=false, FieldName=uploadedFiles

name=, StoreLocation=null, size=0 bytes, isFormField=false,
FieldName=uploadedFiles

Could you share your html form? I would like to test locally what's
going on. Maybe I should ignore files with 0 size
https://stackoverflow.com/questions/2422468/how-can-i-upload-files-to-a-server-using-jsp-servlet/2424824#2424824


Regards

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Fileupload on JakartaEE

2023-01-01 Thread Greg Huber 
I rechecked tomcats work folder to see what the parts are, there are no 
files with zero size, only the the hidden fields, submit button (Upload) 
and the image.


The two extra parts could be these as they have the name uploadedFiles 
and match FieldName=uploadedFiles



  id="uploadFiles_uploadedFiles" multiple="multiple">



  id="uploadFiles_uploadedFiles" multiple="multiple">




##


action="/user/Resources.action" enctype="multipart/form-data" method="POST">
    id="uploadFiles_check">
    id="uploadFiles_pageNum">
    id="uploadFiles_path">
    id="uploadFiles_type">
    id="uploadFiles_rowSize">
    id="uploadFiles_resize">
    id="uploadFiles_overwrite">

    

    
    
        
            

                
                    
                          href="#tab1">Bulk

Upload  
                    
                
            
            
            
                
                    
                          Upload  

                    
                
            
        
    
    
    

    
    
        Upload Files
        multiple="multiple" title="Upload Files" class="ga-upload-button">

    
    
    style="width:80%;display:none;">
        

    
    
    
    
    
    
    
        id="uploadFiles_uploadedFiles" multiple="multiple">

    
    
        id="uploadFiles_uploadedFiles" multiple="multiple">

    
    
    value="Upload" id="uploadFiles_resources_upload">
    value="Cancel" id="uploadFiles_resources_cancel">

    
    




On 01/01/2023 08:32, Lukasz Lenart wrote:

sob., 31 gru 2022 o 08:18 Greg Huber  napisał(a):

Seems there is more going on, as without it there are two extra parts
with no StoreLocation.

"Without it" - what does that mean?


name=, StoreLocation=null, size=0 bytes, isFormField=false,
FieldName=uploadedFiles

name=myimage.jpg,
StoreLocation=/home/dev/git/myapp/myapp/work/upload_0f8323e4_9dd9_4972_8305_6b7c31911f47_0033.tmp,
size=1050531 bytes, isFormField=false, FieldName=uploadedFiles

name=, StoreLocation=null, size=0 bytes, isFormField=false,
FieldName=uploadedFiles

Could you share your html form? I would like to test locally what's
going on. Maybe I should ignore files with 0 size
https://stackoverflow.com/questions/2422468/how-can-i-upload-files-to-a-server-using-jsp-servlet/2424824#2424824


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Fileupload on JakartaEE

2022-12-30 Thread Greg Huber 
Seems there is more going on, as without it there are two extra parts 
with no StoreLocation.


name=, StoreLocation=null, size=0 bytes, isFormField=false, 
FieldName=uploadedFiles


name=myimage.jpg, 
StoreLocation=/home/dev/git/myapp/myapp/work/upload_0f8323e4_9dd9_4972_8305_6b7c31911f47_0033.tmp, 
size=1050531 bytes, isFormField=false, FieldName=uploadedFiles


name=, StoreLocation=null, size=0 bytes, isFormField=false, 
FieldName=uploadedFiles


On 30/12/2022 09:18, Lukasz Lenart wrote:

pt., 30 gru 2022 o 10:06 Greg Huber  napisał(a):

Also need an extra check || "".equals(part.getSubmittedFileName()

for (Part part : parts) {
  if (part.getSubmittedFileName() == null ||
"".equals(part.getSubmittedFileName()) ) { // normal field

Empty getSubmittedFileName() means the file was uploaded but with
empty "filename" attribue in the Content-Disposition header
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition#as_a_header_for_a_multipart_body


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Fileupload on JakartaEE

2022-12-30 Thread Greg Huber 

Also need an extra check || "".equals(part.getSubmittedFileName()

for (Part part : parts) {
    if (part.getSubmittedFileName() == null || 
"".equals(part.getSubmittedFileName()) ) { // normal field
    LOG.error("Ignoring a normal form field: {}", 
part.getName());

    } else { // file upload
    LOG.error("Storing file: {} in save dir: {}", 
part.getSubmittedFileName(), saveDir);

    parseFile(part, saveDir);
    }
    }

On 30/12/2022 09:01, Lukasz Lenart wrote:

pt., 30 gru 2022 o 09:39 Greg Huber  napisał(a):

Is it possible to use the original temp file that tomcat creates rather
than creating another one?

If "struts.multipart.saveDir" is not provided (or empty), Struts will
use "javax.servlet.context.tempdir" which should be defined in servlet
context. Yet I notice some inconsistency and I'm working on that.


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Fileupload on JakartaEE

2022-12-30 Thread Greg Huber 
With the correct servlet mapping (other email) it kind of works, but the 
file has zero size.


in ServletMultiPartRequest.extractFile(Part part, String saveDir)

it creates an empty temporary file (line 134) which it returns:

File tempFile = File.createTempFile(prefix + "_", suffix, new 
File(saveDir));


if I add the data from the original file it works (but slow).

try (OutputStream out = new FileOutputStream(tempFile)) {
        InputStream fileContent = part.getInputStream();

        int read = 0;
        final byte[] bytes = new byte[1024];

        while ((read = fileContent.read(bytes)) != -1) {
            out.write(bytes, 0, read);
        }
    }

Is it possible to use the original temp file that tomcat creates rather 
than creating another one?


On 30/12/2022 08:18, Lukasz Lenart wrote:

czw., 29 gru 2022 o 17:40 Greg Huber  napisał(a):

Does not seem to call the servlet, only a 404.  I use the 
StrutsPrepareAndExecuteFilter.  With the filter mapping, how does it use the 
servlet mapping?

The basic idea is that when the filter detects if this a fileupload
request and the new ServletMultiPartRequest is used, it will skip
processing and let the servlet do the job.


boolean isMultipartRequest = request instanceof MultiPartRequestWrapper
is still false.

Strange, this happens here [1] after the request was recognised as multipart [2]

[1] 
https://github.com/apache/struts/blob/master/core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java#L919-L930
[2] 
https://struts.apache.org/core-developers/file-upload.html#disabling-file-upload-support


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Fileupload on JakartaEE

2022-12-29 Thread Greg Huber 

 
    fileUploadServlet
/user/resources.action
 

makes it work, but ends up with an empty file called 
embeddable53b33ea6a4fb4bb1957d35fa60af338c.jpg. Will debug some more.😁


On 29/12/2022 12:56, Lukasz Lenart wrote:

czw., 29 gru 2022 o 13:34 Greg Huber  napisał(a):

I have now set

struts.multipart.parser=org.apache.struts2.dispatcher.multipart.ServletMultiPartRequest

this must be:
struts.multipart.parser=servlet

(I will document this latter)



  fileUploadServlet
org.apache.struts2.dispatcher.servlet.FileUploadServlet
  


  fileUploadServlet
  /fileupload/*
  /tags/ui/*


Just be sure you are using proper patterns matching your endpoints
with fileupload


Error uploading: No boundary defined!!

It means something else already handled the upload


My upload action is /user/resources.action

This endpoint should be defined in web.xml


  fileUploadServlet
  /user/resources*



Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Fileupload on JakartaEE

2022-12-29 Thread Greg Huber 

struts.multipart.parser=servlet



  struts2
  url-pattern>*.action



  fileUploadServlet
  /user/resources*




Does not seem to call the servlet, only a 404.  I use the 
StrutsPrepareAndExecuteFilter.  With the filter mapping, how does it use the 
servlet mapping?

boolean isMultipartRequest = request instanceof MultiPartRequestWrapper
is still false.

On 29/12/2022 12:56, Lukasz Lenart wrote:

czw., 29 gru 2022 o 13:34 Greg Huber  napisał(a):

I have now set

struts.multipart.parser=org.apache.struts2.dispatcher.multipart.ServletMultiPartRequest

this must be:
struts.multipart.parser=servlet

(I will document this latter)



  fileUploadServlet
org.apache.struts2.dispatcher.servlet.FileUploadServlet
  


  fileUploadServlet
  /fileupload/*
  /tags/ui/*


Just be sure you are using proper patterns matching your endpoints
with fileupload


Error uploading: No boundary defined!!

It means something else already handled the upload


My upload action is /user/resources.action

This endpoint should be defined in web.xml


  fileUploadServlet
  /user/resources*



Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Fileupload on JakartaEE

2022-12-29 Thread Greg Huber 

I have now set

struts.multipart.parser=org.apache.struts2.dispatcher.multipart.ServletMultiPartRequest


    fileUploadServlet
org.apache.struts2.dispatcher.servlet.FileUploadServlet
    


    fileUploadServlet
    /fileupload/*
    /tags/ui/*


#

I get in FileUploadSupport.java

isMultipartRequest == false

isServletMultipartRequest == true


and an error:

Error uploading: No boundary defined!!

#

My upload action is /user/resources.action

enctype="multipart/form-data">..


#

If I change isMultipartRequest == true I get

Status Code 404
Message The requested resource [/user/resources.action] is not available


On 29/12/2022 11:41, Lukasz Lenart wrote:

czw., 29 gru 2022 o 11:55 Greg Huber  napisał(a):

I made no changes just used the branch as is.  I tried deleting the
commons jar to make sure it was using the new code but my app won't
start without it.

Cool, it means I didn't break any existing configuration :D

Did you change the value of the "struts.multipart.parser" constant?


..If I add a breakpoint on FileUploadSupport isFileUploadRequest(..) it
stops so I assume its being used.

Yes, it is used just to verify if request should be left to be
processed by the servlet, to full use the new @MultipartConfig you
must add the following servlet in your web.xml plus additional mapping
https://github.com/apache/struts/pull/650/files#diff-058a38cfcdd6de381467549793200fd7c1e0f790a1de1fd72e27cd2cf4a06079


Regards

Re: Fileupload on JakartaEE

2022-12-29 Thread Greg Huber 
I made no changes just used the branch as is.  I tried deleting the 
commons jar to make sure it was using the new code but my app won't 
start without it.


..If I add a breakpoint on FileUploadSupport isFileUploadRequest(..) it 
stops so I assume its being used.


On 29/12/2022 10:44, Lukasz Lenart wrote:

czw., 29 gru 2022 o 11:40 Greg Huber  napisał(a):

WW-5273-servlet-upload branch works on both my ajax and forms based upload.

Great to hear that! Did you have any problem with configuring that
additional FileUploadServlet which is needed by Servlet API 3.1?


(although commons-fileupload-1.4.jar is still included)

Yes, it's there still as the old MultiPartRequest instances are using
it, it will be gone once the deprecated classes will be removed in
7.0.0
I can make it optional though :)


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Fileupload on JakartaEE

2022-12-29 Thread Greg Huber 



WW-5273-servlet-upload branch works on both my ajax and forms based upload.

(although commons-fileupload-1.4.jar is still included)

On 29/12/2022 09:38, Lukasz Lenart wrote:

Take a look on that PR
https://github.com/apache/struts/pull/650


Regards


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [GitHub] [struts] lukaszlenart closed pull request #644: Bump spring-web from 5.3.23 to 6.0.0

2022-12-13 Thread Greg Huber 
Is there a plan for the Jakarta namespace change?  All of Spring is now 
jdk 17.


On 13/12/2022 07:52, GitBox wrote:

lukaszlenart closed pull request #644: Bump spring-web from 5.3.23 to 6.0.0
URL: https://github.com/apache/struts/pull/644




-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Apache Struts 6.1.1

2022-11-24 Thread Greg Huber 

Thanks, works great for me.

[x] General Availability (GA) (B)

On 24/11/2022 19:16, Lukasz Lenart wrote:

The Apache Struts 6.1.1 test build is available. With this release the
following issues were addressed:

Release notes:
* https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.1.1

Github release
* https://github.com/apache/struts/releases/tag/STRUTS_6_1_1

Distribution:
* https://dist.apache.org/repos/dist/dev/struts/6.1.1/

Maven 2 staging repository:
* https://repository.apache.org/content/repositories/staging/

Once you have had a chance to review the test build, please respond
with a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Everyone who has tested the build is invited to vote. Votes by PMC
members are considered binding. A vote passes if there are at least
three binding +1s and more +1s than -1s.

The vote will remain open for at least 72 hours, longer upon request.
A vote can be amended at any time to upgrade or downgrade the quality
of the release based on future experience. If an initial vote
designates the build as "Beta", the release will be submitted for
mirroring and announced to the user list. Once released as a public
beta, subsequent quality votes on a build may be held on the user
list.

As always, the act of voting carries certain obligations. A binding
vote not only states an opinion, but means that the voter is agreeing
to help do the work.


Kind regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [GitHub] [struts] gregh3269 opened a new pull request, #616: WW 5233 Add velocity classes and tests

2022-10-18 Thread Greg Huber 
If anyone has a complex tiles/freemarker layout please can you give the 
plugin a spin😁


On 18/10/2022 14:47, GitBox wrote:

gregh3269 opened a new pull request, #616:
URL: https://github.com/apache/struts/pull/616

Whilst I can remember the complex cut and paste, I have added the velocity 
classes and tests, as the documentation says struts, freemarker and velocity.

I tested the jar on the struts-examples-tiles but there is no velocity only jsp/freemarker.

If we do not want to support velocity going forward, ignore this PR, but I think we should change the docs.






-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Tiles support

2022-10-13 Thread Greg Huber 
My thinking also, keep things simple.  The patch includes all the tests 
for completeness, I guess as it was meant to be.


On 13/10/2022 08:10, Lukasz Lenart wrote:

To be honest, I would like to reduce as much as possible by taking
some custom steps to generate something. I do not expect to have a lot
of issues around Tiles or new feature requests, so having this as
simple as possible is the way to go :)


Cheers
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

wt., 11 paź 2022 o 11:24 Greg Huber  napisał(a):

I thought about the autotag stuff and with the validation/tests etc,
seemed a good idea to keep it, as its not that involved.

Basically it uses template-suite.xml to generate the tag files and tld.

I have got it all working, and passing the tests.

Rather than the maven autotag plugin, I have a simple class
(BuildJspAutotags) that builds the tags to

/target/generated-sources/autotag

And then if changing the  template-suite.xml, run the build and copy
manually the classes/tld back into the source.

The org.apache.struts2.tiles.BuildJspAutotags.java probably needs a
better home.

I have committed all this to

https://github.com/gregh3269/struts/tree/WW-5233-tiles

I can will do another PR so can have a look?

On 11/10/2022 10:00, Lukasz Lenart wrote:

I copied some auto generated classes but they depend on Autotag
classes, so I copied them as well. If something is still missing I
have a Tiles build locally and can copy other auto generated stuff.
And yes, we should avoid maintaining Autotag, it complicates things.
As far as I understand we only use / expose JSP tags, I don't know if
someone is using Freemarker/Velocity directives - we can always add
them later on request.


Regards
Łukasz

niedz., 9 paź 2022 o 16:17 Greg Huber  napisał(a):

Looking at it in more depth, I think we need to leave as much code as
possible in the attic, including the autotag stuff.  Keep only the parts to
make it work, and update the tag classes manually.  Having to maintain
classes to generate the tag classes is pointless (might as well update them
directly).  If we need to generate the tld we can use the struts tld
processor.

This means we don't need all of the velocity code, support classes etc and
should reduce the plugin packages also.

I will play around with it to see what we can loose, so we only have the
bare minimum.


On Sun, 9 Oct 2022 at 10:52, Greg Huber  wrote:


Or better, try to build the tags (whatever the maven-autotag-pluging
did) on the plugin build?

On 09/10/2022 10:28, Greg Huber wrote:

The reason why the taglibs were missing, they are generated by tiles
auto tag

https://tiles.apache.org/tiles-autotag/

Tiles-3 introduces a f Autotag Project, a project that automatically
generates tags (or tag-like) artifact from a common template code for
a range of templating languages. Today JSP tags, Freemarker directive
models and Velocity directives are generated from a common template
models.

Do we use Freemarker directive models and Velocity directives?

Maybe we don't need the autotag in the plugin as we have the tag
classes now?

On 06/10/2022 14:05, Lukasz Lenart wrote:

I have prepared a PR to copy Tiles code base into the Tile plugin -
just copied what is needed by the plugin. I would like to merge it
after releasing 6.1.0

https://github.com/apache/struts/pull/608


Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

wt., 9 sie 2022 o 16:43 Antonio Petrelli 
napisał(a):

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

  1   2   3   4   5   6   >