[jira] [Work logged] (WW-5383) Exclude JAR files by default when scanning for actions on JDK9+

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5383?focusedWorklogId=897763=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897763
 ]

ASF GitHub Bot logged work on WW-5383:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 06:56
Start Date: 03/Jan/24 06:56
Worklog Time Spent: 10m 
  Work Description: sonarcloud[bot] commented on PR #830:
URL: https://github.com/apache/struts/pull/830#issuecomment-1874925293

   ## [![Quality Gate 
Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png
 'Quality Gate 
Failed')](https://sonarcloud.io/dashboard?id=apache_struts=830) 
**Quality Gate failed**  
   Failed conditions
   
   [1 Security 
Hotspot](https://sonarcloud.io/project/security_hotspots?id=apache_struts=830=false=true)
  
   [69.7% Coverage on New 
Code](https://sonarcloud.io/component_measures?id=apache_struts=830=new_coverage=list)
 (required ≥ 80%)  
 
   [See analysis details on 
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=830)
   
   




Issue Time Tracking
---

Worklog Id: (was: 897763)
Time Spent: 20m  (was: 10m)

> Exclude JAR files by default when scanning for actions on JDK9+
> ---
>
> Key: WW-5383
> URL: https://issues.apache.org/jira/browse/WW-5383
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Plugin - Convention
>Reporter: Lukasz Lenart
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> When running an app on the JDK9+ it can happen that the Convention plugin 
> starts scanning JAR files due to changed behaviour of 
> {{getClassLoader().getResources("")}} as this will also return additional 
> path and current pattern to exclude JARs won't work.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5383) Exclude JAR files by default when scanning for actions on JDK9+

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5383?focusedWorklogId=897761=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897761
 ]

ASF GitHub Bot logged work on WW-5383:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 06:51
Start Date: 03/Jan/24 06:51
Worklog Time Spent: 10m 
  Work Description: lukaszlenart opened a new pull request, #830:
URL: https://github.com/apache/struts/pull/830

   Closes [WW-5383](https://issues.apache.org/jira/browse/WW-5383)




Issue Time Tracking
---

Worklog Id: (was: 897761)
Remaining Estimate: 0h
Time Spent: 10m

> Exclude JAR files by default when scanning for actions on JDK9+
> ---
>
> Key: WW-5383
> URL: https://issues.apache.org/jira/browse/WW-5383
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Plugin - Convention
>Reporter: Lukasz Lenart
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> When running an app on the JDK9+ it can happen that the Convention plugin 
> starts scanning JAR files due to changed behaviour of 
> {{getClassLoader().getResources("")}} as this will also return additional 
> path and current pattern to exclude JARs won't work.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (WW-5383) Exclude JAR files by default when scanning for actions on JDK9+

2024-01-02 Thread Lukasz Lenart (Jira) 
Lukasz Lenart created WW-5383:
-

 Summary: Exclude JAR files by default when scanning for actions on 
JDK9+
 Key: WW-5383
 URL: https://issues.apache.org/jira/browse/WW-5383
 Project: Struts 2
  Issue Type: Improvement
  Components: Plugin - Convention
Reporter: Lukasz Lenart
 Fix For: 6.4.0


When running an app on the JDK9+ it can happen that the Convention plugin 
starts scanning JAR files due to changed behaviour of 
{{getClassLoader().getResources("")}} as this will also return additional path 
and current pattern to exclude JARs won't work.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5352) Implement annotation mechanism for injectable fields via parameters

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5352?focusedWorklogId=897755=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897755
 ]

ASF GitHub Bot logged work on WW-5352:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 06:13
Start Date: 03/Jan/24 06:13
Worklog Time Spent: 10m 
  Work Description: lukaszlenart commented on code in PR #829:
URL: https://github.com/apache/struts/pull/829#discussion_r1440104256


##
core/src/main/java/org/apache/struts2/interceptor/parameter/ParameterNameAware.java:
##
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.struts2.interceptor.parameter;

Review Comment:
   This is an action related interface and I prefer to put them in 
`org.apache.struts2.action` package - this should avoid users' confusion if 
such interface works with interceptors. wdyt?





Issue Time Tracking
---

Worklog Id: (was: 897755)
Time Spent: 1.5h  (was: 1h 20m)

> Implement annotation mechanism for injectable fields via parameters
> ---
>
> Key: WW-5352
> URL: https://issues.apache.org/jira/browse/WW-5352
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core, Core Interceptors
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> struts.parameters.requireAnnotations
>  
> Require an explicit annotation '@StrutsParameter' on one of: 
> Getter/Setter/Field/ReturnType for injecting parameters.
>  
> This mechanism is intended to be a more usable replacement for 
> 'ParameterNameAware'



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5381) Introduce extension points for CompoundRootAccessor and MethodAccessor

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5381?focusedWorklogId=897754=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897754
 ]

ASF GitHub Bot logged work on WW-5381:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 06:07
Start Date: 03/Jan/24 06:07
Worklog Time Spent: 10m 
  Work Description: lukaszlenart commented on code in PR #824:
URL: https://github.com/apache/struts/pull/824#discussion_r1440101727


##
core/src/main/resources/struts-beans.xml:
##
@@ -174,11 +174,9 @@
 
 
-

Review Comment:
   Could this be a breaking change? Maybe somehow mention that `ClassResolver` 
shouldn't be used anymore and implement `CompoundRoot` instead?





Issue Time Tracking
---

Worklog Id: (was: 897754)
Time Spent: 2h 10m  (was: 2h)

> Introduce extension points for CompoundRootAccessor and MethodAccessor
> --
>
> Key: WW-5381
> URL: https://issues.apache.org/jira/browse/WW-5381
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 2h 10m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5352) Implement annotation mechanism for injectable fields via parameters

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5352?focusedWorklogId=897753=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897753
 ]

ASF GitHub Bot logged work on WW-5352:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 05:20
Start Date: 03/Jan/24 05:20
Worklog Time Spent: 10m 
  Work Description: github-advanced-security[bot] commented on code in PR 
#829:
URL: https://github.com/apache/struts/pull/829#discussion_r1440083331


##
core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java:
##
@@ -0,0 +1,559 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.struts2.interceptor.parameter;
+
+import com.opensymphony.xwork2.ActionContext;
+import com.opensymphony.xwork2.ActionInvocation;
+import com.opensymphony.xwork2.TextProvider;
+import com.opensymphony.xwork2.inject.Inject;
+import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor;
+import com.opensymphony.xwork2.interceptor.ValidationAware;
+import com.opensymphony.xwork2.security.AcceptedPatternsChecker;
+import com.opensymphony.xwork2.security.ExcludedPatternsChecker;
+import com.opensymphony.xwork2.util.ClearableValueStack;
+import com.opensymphony.xwork2.util.MemberAccessValueStack;
+import com.opensymphony.xwork2.util.TextParseUtil;
+import com.opensymphony.xwork2.util.ValueStack;
+import com.opensymphony.xwork2.util.ValueStackFactory;
+import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
+import org.apache.commons.lang3.BooleanUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.struts2.StrutsConstants;
+import org.apache.struts2.action.NoParameters;
+import org.apache.struts2.dispatcher.HttpParameters;
+import org.apache.struts2.dispatcher.Parameter;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.regex.Pattern;
+
+import static org.apache.commons.lang3.StringUtils.normalizeSpace;
+
+/**
+ * This interceptor sets all parameters on the value stack.
+ */
+public class ParametersInterceptor extends MethodFilterInterceptor {
+
+private static final Logger LOG = 
LogManager.getLogger(ParametersInterceptor.class);
+
+protected static final int PARAM_NAME_MAX_LENGTH = 100;
+
+private static final Pattern DMI_IGNORED_PATTERN = 
Pattern.compile("^(action|method):.*", Pattern.CASE_INSENSITIVE);
+
+private int paramNameMaxLength = PARAM_NAME_MAX_LENGTH;
+private boolean devMode = false;
+private boolean dmiEnabled = false;
+
+protected boolean ordered = false;
+
+private ValueStackFactory valueStackFactory;
+private ExcludedPatternsChecker excludedPatterns;
+private AcceptedPatternsChecker acceptedPatterns;
+private Set excludedValuePatterns = null;
+private Set acceptedValuePatterns = null;
+
+@Inject
+public void setValueStackFactory(ValueStackFactory valueStackFactory) {
+this.valueStackFactory = valueStackFactory;
+}
+
+@Inject(StrutsConstants.STRUTS_DEVMODE)
+public void setDevMode(String mode) {
+this.devMode = BooleanUtils.toBoolean(mode);
+}
+
+@Inject
+public void setExcludedPatterns(ExcludedPatternsChecker excludedPatterns) {
+this.excludedPatterns = excludedPatterns;
+}
+
+@Inject
+public void setAcceptedPatterns(AcceptedPatternsChecker acceptedPatterns) {
+this.acceptedPatterns = acceptedPatterns;
+}
+
+@Inject(value = StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, 
required = false)
+protected void setDynamicMethodInvocation(String dmiEnabled) {
+this.dmiEnabled = Boolean.parseBoolean(dmiEnabled);
+}
+
+/**
+ * If the param name exceeds the configured maximum length it will not be
+ * accepted.
+ *
+ * @param paramNameMaxLength Maximum length of param names
+ */
+public void setParamNameMaxLength(int paramNameMaxLength) {
+this.paramNameMaxLength = paramNameMaxLength;
+

[jira] [Work logged] (WW-5352) Implement annotation mechanism for injectable fields via parameters

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5352?focusedWorklogId=897752=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897752
 ]

ASF GitHub Bot logged work on WW-5352:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 05:19
Start Date: 03/Jan/24 05:19
Worklog Time Spent: 10m 
  Work Description: sonarcloud[bot] commented on PR #829:
URL: https://github.com/apache/struts/pull/829#issuecomment-1874860522

   ## [![Quality Gate 
Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png
 'Quality Gate 
Failed')](https://sonarcloud.io/dashboard?id=apache_struts=829) 
**Quality Gate failed**  
   Failed conditions
   
   [B Security Rating on New 
Code](https://sonarcloud.io/dashboard?id=apache_struts=829) 
(required ≥ A)  
 
   [See analysis details on 
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=829)
   
   
   
   
![idea](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/light_bulb-16px.png
 'idea') Catch issues before they fail your Quality Gate with our IDE extension 
![SonarLint](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/sonarlint-16px.png
 'SonarLint') 
[SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request)




Issue Time Tracking
---

Worklog Id: (was: 897752)
Time Spent: 1h 10m  (was: 1h)

> Implement annotation mechanism for injectable fields via parameters
> ---
>
> Key: WW-5352
> URL: https://issues.apache.org/jira/browse/WW-5352
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core, Core Interceptors
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> struts.parameters.requireAnnotations
>  
> Require an explicit annotation '@StrutsParameter' on one of: 
> Getter/Setter/Field/ReturnType for injecting parameters.
>  
> This mechanism is intended to be a more usable replacement for 
> 'ParameterNameAware'



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5352) Implement annotation mechanism for injectable fields via parameters

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5352?focusedWorklogId=897751=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897751
 ]

ASF GitHub Bot logged work on WW-5352:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 04:14
Start Date: 03/Jan/24 04:14
Worklog Time Spent: 10m 
  Work Description: sonarcloud[bot] commented on PR #829:
URL: https://github.com/apache/struts/pull/829#issuecomment-1874828176

   ## [![Quality Gate 
Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png
 'Quality Gate 
Failed')](https://sonarcloud.io/dashboard?id=apache_struts=829) 
**Quality Gate failed**  
   Failed conditions
   
   [B Security Rating on New 
Code](https://sonarcloud.io/dashboard?id=apache_struts=829) 
(required ≥ A)  
 
   [See analysis details on 
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=829)
   
   
   
   
![idea](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/light_bulb-16px.png
 'idea') Catch issues before they fail your Quality Gate with our IDE extension 
![SonarLint](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/sonarlint-16px.png
 'SonarLint') 
[SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request)




Issue Time Tracking
---

Worklog Id: (was: 897751)
Time Spent: 1h  (was: 50m)

> Implement annotation mechanism for injectable fields via parameters
> ---
>
> Key: WW-5352
> URL: https://issues.apache.org/jira/browse/WW-5352
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core, Core Interceptors
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 1h
>  Remaining Estimate: 0h
>
> struts.parameters.requireAnnotations
>  
> Require an explicit annotation '@StrutsParameter' on one of: 
> Getter/Setter/Field/ReturnType for injecting parameters.
>  
> This mechanism is intended to be a more usable replacement for 
> 'ParameterNameAware'



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5352) Implement annotation mechanism for injectable fields via parameters

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5352?focusedWorklogId=897750=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897750
 ]

ASF GitHub Bot logged work on WW-5352:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 03:56
Start Date: 03/Jan/24 03:56
Worklog Time Spent: 10m 
  Work Description: github-advanced-security[bot] commented on code in PR 
#829:
URL: https://github.com/apache/struts/pull/829#discussion_r1440047404


##
core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java:
##
@@ -0,0 +1,557 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.struts2.interceptor.parameter;
+
+import com.opensymphony.xwork2.ActionContext;
+import com.opensymphony.xwork2.ActionInvocation;
+import com.opensymphony.xwork2.TextProvider;
+import com.opensymphony.xwork2.inject.Inject;
+import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor;
+import com.opensymphony.xwork2.interceptor.ValidationAware;
+import com.opensymphony.xwork2.security.AcceptedPatternsChecker;
+import com.opensymphony.xwork2.security.ExcludedPatternsChecker;
+import com.opensymphony.xwork2.util.ClearableValueStack;
+import com.opensymphony.xwork2.util.MemberAccessValueStack;
+import com.opensymphony.xwork2.util.TextParseUtil;
+import com.opensymphony.xwork2.util.ValueStack;
+import com.opensymphony.xwork2.util.ValueStackFactory;
+import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
+import org.apache.commons.lang3.BooleanUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.struts2.StrutsConstants;
+import org.apache.struts2.action.NoParameters;
+import org.apache.struts2.dispatcher.HttpParameters;
+import org.apache.struts2.dispatcher.Parameter;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.regex.Pattern;
+
+/**
+ * This interceptor sets all parameters on the value stack.
+ */
+public class ParametersInterceptor extends MethodFilterInterceptor {
+
+private static final Logger LOG = 
LogManager.getLogger(ParametersInterceptor.class);
+
+protected static final int PARAM_NAME_MAX_LENGTH = 100;
+
+private static final Pattern DMI_IGNORED_PATTERN = 
Pattern.compile("^(action|method):.*", Pattern.CASE_INSENSITIVE);
+
+private int paramNameMaxLength = PARAM_NAME_MAX_LENGTH;
+private boolean devMode = false;
+private boolean dmiEnabled = false;
+
+protected boolean ordered = false;
+
+private ValueStackFactory valueStackFactory;
+private ExcludedPatternsChecker excludedPatterns;
+private AcceptedPatternsChecker acceptedPatterns;
+private Set excludedValuePatterns = null;
+private Set acceptedValuePatterns = null;
+
+@Inject
+public void setValueStackFactory(ValueStackFactory valueStackFactory) {
+this.valueStackFactory = valueStackFactory;
+}
+
+@Inject(StrutsConstants.STRUTS_DEVMODE)
+public void setDevMode(String mode) {
+this.devMode = BooleanUtils.toBoolean(mode);
+}
+
+@Inject
+public void setExcludedPatterns(ExcludedPatternsChecker excludedPatterns) {
+this.excludedPatterns = excludedPatterns;
+}
+
+@Inject
+public void setAcceptedPatterns(AcceptedPatternsChecker acceptedPatterns) {
+this.acceptedPatterns = acceptedPatterns;
+}
+
+@Inject(value = StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, 
required = false)
+protected void setDynamicMethodInvocation(String dmiEnabled) {
+this.dmiEnabled = Boolean.parseBoolean(dmiEnabled);
+}
+
+/**
+ * If the param name exceeds the configured maximum length it will not be
+ * accepted.
+ *
+ * @param paramNameMaxLength Maximum length of param names
+ */
+public void setParamNameMaxLength(int paramNameMaxLength) {
+this.paramNameMaxLength = paramNameMaxLength;
+}
+
+static private int countOGNLCharacters(String s) {
+

[jira] [Work logged] (WW-5352) Implement annotation mechanism for injectable fields via parameters

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5352?focusedWorklogId=897749=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897749
 ]

ASF GitHub Bot logged work on WW-5352:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 03:56
Start Date: 03/Jan/24 03:56
Worklog Time Spent: 10m 
  Work Description: sonarcloud[bot] commented on PR #829:
URL: https://github.com/apache/struts/pull/829#issuecomment-1874820170

   ## [![Quality Gate 
Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png
 'Quality Gate 
Failed')](https://sonarcloud.io/dashboard?id=apache_struts=829) 
**Quality Gate failed**  
   Failed conditions
   
   [B Security Rating on New 
Code](https://sonarcloud.io/dashboard?id=apache_struts=829) 
(required ≥ A)  
 
   [See analysis details on 
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=829)
   
   
   
   
![idea](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/light_bulb-16px.png
 'idea') Catch issues before they fail your Quality Gate with our IDE extension 
![SonarLint](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/sonarlint-16px.png
 'SonarLint') 
[SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request)




Issue Time Tracking
---

Worklog Id: (was: 897749)
Time Spent: 40m  (was: 0.5h)

> Implement annotation mechanism for injectable fields via parameters
> ---
>
> Key: WW-5352
> URL: https://issues.apache.org/jira/browse/WW-5352
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core, Core Interceptors
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 40m
>  Remaining Estimate: 0h
>
> struts.parameters.requireAnnotations
>  
> Require an explicit annotation '@StrutsParameter' on one of: 
> Getter/Setter/Field/ReturnType for injecting parameters.
>  
> This mechanism is intended to be a more usable replacement for 
> 'ParameterNameAware'



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5352) Implement annotation mechanism for injectable fields via parameters

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5352?focusedWorklogId=897748=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897748
 ]

ASF GitHub Bot logged work on WW-5352:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 03:54
Start Date: 03/Jan/24 03:54
Worklog Time Spent: 10m 
  Work Description: kusalk commented on code in PR #829:
URL: https://github.com/apache/struts/pull/829#discussion_r1440046409


##
core/src/main/java/org/apache/struts2/action/NoParameters.java:
##
@@ -23,7 +23,6 @@
  * them automatically. This may be useful if one is using the action tag and 
want to supply
  * the parameters to the action manually using the param tag. It may also be 
useful if one for
  * security reasons wants to make sure that parameters cannot be set by 
malicious users.
- *
  */
-public interface NoParameters extends 
com.opensymphony.xwork2.interceptor.NoParameters {

Review Comment:
   Reverse the delegations for easier deletion of deprecated classes





Issue Time Tracking
---

Worklog Id: (was: 897748)
Time Spent: 0.5h  (was: 20m)

> Implement annotation mechanism for injectable fields via parameters
> ---
>
> Key: WW-5352
> URL: https://issues.apache.org/jira/browse/WW-5352
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core, Core Interceptors
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> struts.parameters.requireAnnotations
>  
> Require an explicit annotation '@StrutsParameter' on one of: 
> Getter/Setter/Field/ReturnType for injecting parameters.
>  
> This mechanism is intended to be a more usable replacement for 
> 'ParameterNameAware'



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5352) Implement annotation mechanism for injectable fields via parameters

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5352?focusedWorklogId=897747=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897747
 ]

ASF GitHub Bot logged work on WW-5352:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 03:53
Start Date: 03/Jan/24 03:53
Worklog Time Spent: 10m 
  Work Description: sonarcloud[bot] commented on PR #829:
URL: https://github.com/apache/struts/pull/829#issuecomment-1874819062

   ## [![Quality Gate 
Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png
 'Quality Gate 
Failed')](https://sonarcloud.io/dashboard?id=apache_struts=829) 
**Quality Gate failed**  
   Failed conditions
   
   [B Security Rating on New 
Code](https://sonarcloud.io/dashboard?id=apache_struts=829) 
(required ≥ A)  
 
   [See analysis details on 
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=829)
   
   
   
   
![idea](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/light_bulb-16px.png
 'idea') Catch issues before they fail your Quality Gate with our IDE extension 
![SonarLint](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/sonarlint-16px.png
 'SonarLint') 
[SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request)




Issue Time Tracking
---

Worklog Id: (was: 897747)
Time Spent: 20m  (was: 10m)

> Implement annotation mechanism for injectable fields via parameters
> ---
>
> Key: WW-5352
> URL: https://issues.apache.org/jira/browse/WW-5352
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core, Core Interceptors
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> struts.parameters.requireAnnotations
>  
> Require an explicit annotation '@StrutsParameter' on one of: 
> Getter/Setter/Field/ReturnType for injecting parameters.
>  
> This mechanism is intended to be a more usable replacement for 
> 'ParameterNameAware'



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5352) Implement annotation mechanism for injectable fields via parameters

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5352?focusedWorklogId=897746=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897746
 ]

ASF GitHub Bot logged work on WW-5352:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 03:47
Start Date: 03/Jan/24 03:47
Worklog Time Spent: 10m 
  Work Description: kusalk opened a new pull request, #829:
URL: https://github.com/apache/struts/pull/829

   WW-5352
   --
   In preparation for new parameter annotation mechanism




Issue Time Tracking
---

Worklog Id: (was: 897746)
Remaining Estimate: 0h
Time Spent: 10m

> Implement annotation mechanism for injectable fields via parameters
> ---
>
> Key: WW-5352
> URL: https://issues.apache.org/jira/browse/WW-5352
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core, Core Interceptors
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> struts.parameters.requireAnnotations
>  
> Require an explicit annotation '@StrutsParameter' on one of: 
> Getter/Setter/Field/ReturnType for injecting parameters.
>  
> This mechanism is intended to be a more usable replacement for 
> 'ParameterNameAware'



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (WW-5351) Add configuration option for max traversal depth when injecting parameters

2024-01-02 Thread Kusal Kithul-Godage (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kusal Kithul-Godage closed WW-5351.
---
Fix Version/s: (was: 6.4.0)
   Resolution: Won't Do

> Add configuration option for max traversal depth when injecting parameters
> --
>
> Key: WW-5351
> URL: https://issues.apache.org/jira/browse/WW-5351
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core, Core Interceptors
>Reporter: Kusal Kithul-Godage
>Priority: Minor
>
> struts.parameters.maxTraversalDepth



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (WW-5351) Add configuration option for max traversal depth when injecting parameters

2024-01-02 Thread Kusal Kithul-Godage (Jira) 


[ 
https://issues.apache.org/jira/browse/WW-5351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17802003#comment-17802003
 ] 

Kusal Kithul-Godage commented on WW-5351:
-

I'm going to forgo this dedicated constant and instead integrate this as an 
annotation parameter in WW-5352

> Add configuration option for max traversal depth when injecting parameters
> --
>
> Key: WW-5351
> URL: https://issues.apache.org/jira/browse/WW-5351
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core, Core Interceptors
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>
> struts.parameters.maxTraversalDepth



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (WW-5378) Add option to not fallback to context lookup when finding value in OgnlValueStack

2024-01-02 Thread Kusal Kithul-Godage (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5378?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kusal Kithul-Godage resolved WW-5378.
-
Resolution: Fixed

> Add option to not fallback to context lookup when finding value in 
> OgnlValueStack
> -
>
> Key: WW-5378
> URL: https://issues.apache.org/jira/browse/WW-5378
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 2.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack

2024-01-02 Thread Kusal Kithul-Godage (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kusal Kithul-Godage resolved WW-5379.
-
Resolution: Fixed

> Implement alternative mechanism for Velocity directives to obtain stack
> ---
>
> Key: WW-5379
> URL: https://issues.apache.org/jira/browse/WW-5379
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Plugin - Velocity
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 2h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5378) Add option to not fallback to context lookup when finding value in OgnlValueStack

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5378?focusedWorklogId=897734=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897734
 ]

ASF GitHub Bot logged work on WW-5378:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 01:12
Start Date: 03/Jan/24 01:12
Worklog Time Spent: 10m 
  Work Description: asf-ci commented on PR #222:
URL: https://github.com/apache/struts-site/pull/222#issuecomment-1874743820

   Staged site is ready at https://struts.staged.apache.org/




Issue Time Tracking
---

Worklog Id: (was: 897734)
Time Spent: 2.5h  (was: 2h 20m)

> Add option to not fallback to context lookup when finding value in 
> OgnlValueStack
> -
>
> Key: WW-5378
> URL: https://issues.apache.org/jira/browse/WW-5378
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 2.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5381) Introduce extension points for CompoundRootAccessor and MethodAccessor

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5381?focusedWorklogId=897732=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897732
 ]

ASF GitHub Bot logged work on WW-5381:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 00:41
Start Date: 03/Jan/24 00:41
Worklog Time Spent: 10m 
  Work Description: kusalk merged PR #823:
URL: https://github.com/apache/struts/pull/823




Issue Time Tracking
---

Worklog Id: (was: 897732)
Time Spent: 2h  (was: 1h 50m)

> Introduce extension points for CompoundRootAccessor and MethodAccessor
> --
>
> Key: WW-5381
> URL: https://issues.apache.org/jira/browse/WW-5381
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 2h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897733=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897733
 ]

ASF GitHub Bot logged work on WW-5379:
--

Author: ASF GitHub Bot
Created on: 03/Jan/24 00:41
Start Date: 03/Jan/24 00:41
Worklog Time Spent: 10m 
  Work Description: kusalk merged PR #822:
URL: https://github.com/apache/struts/pull/822




Issue Time Tracking
---

Worklog Id: (was: 897733)
Time Spent: 2h  (was: 1h 50m)

> Implement alternative mechanism for Velocity directives to obtain stack
> ---
>
> Key: WW-5379
> URL: https://issues.apache.org/jira/browse/WW-5379
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Plugin - Velocity
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 2h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897722=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897722
 ]

ASF GitHub Bot logged work on WW-5379:
--

Author: ASF GitHub Bot
Created on: 02/Jan/24 19:28
Start Date: 02/Jan/24 19:28
Worklog Time Spent: 10m 
  Work Description: lukaszlenart commented on code in PR #822:
URL: https://github.com/apache/struts/pull/822#discussion_r1439750640


##
plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java:
##
@@ -96,11 +96,15 @@ protected Object chainedContextGet(String key) {
 return null;
 }
 for (VelocityContext chainedContext : chainedContexts) {
-Object val = chainedContext.internalGet(key);
+Object val = chainedContext.get(key);
 if (val != null) {
 return val;
 }
 }
 return null;
 }
+
+public ValueStack getValueStack() {
+return stack;
+}

Review Comment:
   It shouldn't change as far I understand, yet I'm not sure if this is true :) 
Let's leave it as is, at some point I will solve this puzzle ;-)





Issue Time Tracking
---

Worklog Id: (was: 897722)
Time Spent: 1h 50m  (was: 1h 40m)

> Implement alternative mechanism for Velocity directives to obtain stack
> ---
>
> Key: WW-5379
> URL: https://issues.apache.org/jira/browse/WW-5379
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Plugin - Velocity
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 1h 50m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (WW-5377) trouble with Struts tags nested within one

2024-01-02 Thread Dave Newton (Jira) 


[ 
https://issues.apache.org/jira/browse/WW-5377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17801853#comment-17801853
 ] 

Dave Newton edited comment on WW-5377 at 1/2/24 4:38 PM:
-

[~pduroux] The most helpful thing would be to explain what you expected to 
happen and what actually happened (but in the mailing list, the Jira is for 
known/suspected issues, not general support).

That said why not use {{}} on its own and put your code in its own

[jira] [Commented] (WW-5377) trouble with Struts tags nested within one

2024-01-02 Thread Dave Newton (Jira) 


[ 
https://issues.apache.org/jira/browse/WW-5377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17801853#comment-17801853
 ] 

Dave Newton commented on WW-5377:
-

The most helpful thing would be to explain what you expected to happen and what 
actually happened (but in the mailing list, the Jira is for known/suspected 
issues, not general support).

That said why not use {{}} on its own and put your code in its own

[jira] [Commented] (WW-5377) trouble with Struts tags nested within one

2024-01-02 Thread Patrice DUROUX (Jira) 


[ 
https://issues.apache.org/jira/browse/WW-5377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17801820#comment-17801820
 ] 

Patrice DUROUX commented on WW-5377:


Sorry, I just signed up for the Users Mailing list for the next time.

To be more clear, my improvement issue is related to the fact that both the 
following JSP code:
var data = ;


and :
var data = ;


do not render the same output regarding the content script.

I haven't tried with another tag like {{}} in place of 
{{.}}

Would you like me to provide a small test case?

> trouble with Struts tags nested within  one
> -
>
> Key: WW-5377
> URL: https://issues.apache.org/jira/browse/WW-5377
> Project: Struts 2
>  Issue Type: Improvement
>Affects Versions: 6.3.0
>Reporter: Patrice DUROUX
>Priority: Minor
> Fix For: 6.4.0
>
>
> Hi,
> I am facing a trouble with some JSPs that contain code like:
> {code:java}
> 
> var data =  ;
> 
> 
> {code}
> Using

[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897638=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897638
 ]

ASF GitHub Bot logged work on WW-5379:
--

Author: ASF GitHub Bot
Created on: 02/Jan/24 10:32
Start Date: 02/Jan/24 10:32
Worklog Time Spent: 10m 
  Work Description: sonarcloud[bot] commented on PR #822:
URL: https://github.com/apache/struts/pull/822#issuecomment-1873852402

   ## [![Quality Gate 
Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png
 'Quality Gate 
Failed')](https://sonarcloud.io/dashboard?id=apache_struts=822) 
**Quality Gate failed**  
   Failed conditions
   
   [10 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=822=false=true)
  
   [28.5% Coverage on New 
Code](https://sonarcloud.io/component_measures?id=apache_struts=822=new_coverage=list)
 (required ≥ 80%)  
   [4.1% Duplication on New 
Code](https://sonarcloud.io/component_measures?id=apache_struts=822=new_duplicated_lines_density=list)
 (required ≤ 3%)  
   [E Security Rating on New 
Code](https://sonarcloud.io/dashboard?id=apache_struts=822) 
(required ≥ A)  
   [E Reliability Rating on New 
Code](https://sonarcloud.io/dashboard?id=apache_struts=822) 
(required ≥ A)  
 
   [See analysis details on 
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=822)
   
   
   
   
![idea](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/light_bulb-16px.png
 'idea') Catch issues before they fail your Quality Gate with our IDE extension 
![SonarLint](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/sonarlint-16px.png
 'SonarLint') 
[SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request)




Issue Time Tracking
---

Worklog Id: (was: 897638)
Time Spent: 1h 40m  (was: 1.5h)

> Implement alternative mechanism for Velocity directives to obtain stack
> ---
>
> Key: WW-5379
> URL: https://issues.apache.org/jira/browse/WW-5379
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Plugin - Velocity
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 1h 40m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897635=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897635
 ]

ASF GitHub Bot logged work on WW-5379:
--

Author: ASF GitHub Bot
Created on: 02/Jan/24 10:12
Start Date: 02/Jan/24 10:12
Worklog Time Spent: 10m 
  Work Description: kusalk commented on code in PR #822:
URL: https://github.com/apache/struts/pull/822#discussion_r1439307636


##
plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java:
##
@@ -96,11 +96,15 @@ protected Object chainedContextGet(String key) {
 return null;
 }
 for (VelocityContext chainedContext : chainedContexts) {
-Object val = chainedContext.internalGet(key);
+Object val = chainedContext.get(key);
 if (val != null) {
 return val;
 }
 }
 return null;
 }
+
+public ValueStack getValueStack() {
+return stack;
+}

Review Comment:
   I think it has to be but I wonder if Directives can simply obtain the 
ValueStack from the ActionContext? It's not clear to me if the ValueStack on 
the ActionContext changes between the time of Velocity context creation and 
directive rendering. I recall this was how the ValueStack was obtained in 
WebWork 2.1 but I presume it was changed for a reason?
   
   But also, there's no change in terms of security as the stack was already 
exposed on the `StrutsVelocityContext` instance using `internalGet("stack")` or 
`get("stack")`.
   
   And yep I can definitely use a marker interface to allow more flexibility in 
the Velocity context implementation used by applications.





Issue Time Tracking
---

Worklog Id: (was: 897635)
Time Spent: 1.5h  (was: 1h 20m)

> Implement alternative mechanism for Velocity directives to obtain stack
> ---
>
> Key: WW-5379
> URL: https://issues.apache.org/jira/browse/WW-5379
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Plugin - Velocity
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 1.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897628=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897628
 ]

ASF GitHub Bot logged work on WW-5379:
--

Author: ASF GitHub Bot
Created on: 02/Jan/24 09:45
Start Date: 02/Jan/24 09:45
Worklog Time Spent: 10m 
  Work Description: lukaszlenart commented on code in PR #822:
URL: https://github.com/apache/struts/pull/822#discussion_r1439286738


##
plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java:
##
@@ -96,11 +96,15 @@ protected Object chainedContextGet(String key) {
 return null;
 }
 for (VelocityContext chainedContext : chainedContexts) {
-Object val = chainedContext.internalGet(key);
+Object val = chainedContext.get(key);
 if (val != null) {
 return val;
 }
 }
 return null;
 }
+
+public ValueStack getValueStack() {
+return stack;
+}

Review Comment:
   Do we need to have this public? Also this requires to cast to 
`StrutsVelocityContext`, wouldn't be better to have a marking interface 
`ValueStackAware` or `ValueStackProvider` to expose the ValueStack?





Issue Time Tracking
---

Worklog Id: (was: 897628)
Time Spent: 1h 20m  (was: 1h 10m)

> Implement alternative mechanism for Velocity directives to obtain stack
> ---
>
> Key: WW-5379
> URL: https://issues.apache.org/jira/browse/WW-5379
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Plugin - Velocity
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 1h 20m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5378) Add option to not fallback to context lookup when finding value in OgnlValueStack

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5378?focusedWorklogId=897625=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897625
 ]

ASF GitHub Bot logged work on WW-5378:
--

Author: ASF GitHub Bot
Created on: 02/Jan/24 09:38
Start Date: 02/Jan/24 09:38
Worklog Time Spent: 10m 
  Work Description: sepe81 commented on code in PR #222:
URL: https://github.com/apache/struts-site/pull/222#discussion_r1439282245


##
source/security/index.md:
##
@@ -289,6 +289,39 @@ state.
 
 Note: This feature does not work with JDK 21 and above.
 
+### Restricting access to the Struts Context (ActionContext)
+
+The Struts ActionContext is a core construct of the Struts framework. It is 
shared and manipulated throughout the
+codebase. From the ActionContext, it is possible to access application 
parameters, the 'OgnlValueStack', the current

Review Comment:
   ```suggestion
   codebase. From the ActionContext, it is possible to access application 
parameters, the `OgnlValueStack`, the current
   ```
   
   Maybe with backticks for code highlighting?





Issue Time Tracking
---

Worklog Id: (was: 897625)
Time Spent: 2h 20m  (was: 2h 10m)

> Add option to not fallback to context lookup when finding value in 
> OgnlValueStack
> -
>
> Key: WW-5378
> URL: https://issues.apache.org/jira/browse/WW-5378
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 2h 20m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5378) Add option to not fallback to context lookup when finding value in OgnlValueStack

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5378?focusedWorklogId=897623=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897623
 ]

ASF GitHub Bot logged work on WW-5378:
--

Author: ASF GitHub Bot
Created on: 02/Jan/24 09:33
Start Date: 02/Jan/24 09:33
Worklog Time Spent: 10m 
  Work Description: kusalk merged PR #821:
URL: https://github.com/apache/struts/pull/821




Issue Time Tracking
---

Worklog Id: (was: 897623)
Time Spent: 2h 10m  (was: 2h)

> Add option to not fallback to context lookup when finding value in 
> OgnlValueStack
> -
>
> Key: WW-5378
> URL: https://issues.apache.org/jira/browse/WW-5378
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 2h 10m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5378) Add option to not fallback to context lookup when finding value in OgnlValueStack

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5378?focusedWorklogId=897610=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897610
 ]

ASF GitHub Bot logged work on WW-5378:
--

Author: ASF GitHub Bot
Created on: 02/Jan/24 08:49
Start Date: 02/Jan/24 08:49
Worklog Time Spent: 10m 
  Work Description: asf-ci commented on PR #222:
URL: https://github.com/apache/struts-site/pull/222#issuecomment-1873746987

   Staged site is ready at https://struts.staged.apache.org/




Issue Time Tracking
---

Worklog Id: (was: 897610)
Time Spent: 2h  (was: 1h 50m)

> Add option to not fallback to context lookup when finding value in 
> OgnlValueStack
> -
>
> Key: WW-5378
> URL: https://issues.apache.org/jira/browse/WW-5378
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 2h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5378) Add option to not fallback to context lookup when finding value in OgnlValueStack

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5378?focusedWorklogId=897608=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897608
 ]

ASF GitHub Bot logged work on WW-5378:
--

Author: ASF GitHub Bot
Created on: 02/Jan/24 08:48
Start Date: 02/Jan/24 08:48
Worklog Time Spent: 10m 
  Work Description: kusalk commented on PR #821:
URL: https://github.com/apache/struts/pull/821#issuecomment-1873745864

   @lukaszlenart Here we are :) https://github.com/apache/struts-site/pull/222




Issue Time Tracking
---

Worklog Id: (was: 897608)
Time Spent: 1h 40m  (was: 1.5h)

> Add option to not fallback to context lookup when finding value in 
> OgnlValueStack
> -
>
> Key: WW-5378
> URL: https://issues.apache.org/jira/browse/WW-5378
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 1h 40m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5378) Add option to not fallback to context lookup when finding value in OgnlValueStack

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5378?focusedWorklogId=897609=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897609
 ]

ASF GitHub Bot logged work on WW-5378:
--

Author: ASF GitHub Bot
Created on: 02/Jan/24 08:48
Start Date: 02/Jan/24 08:48
Worklog Time Spent: 10m 
  Work Description: asf-ci commented on PR #222:
URL: https://github.com/apache/struts-site/pull/222#issuecomment-1873746499

   Staged site is ready at https://struts.staged.apache.org/




Issue Time Tracking
---

Worklog Id: (was: 897609)
Time Spent: 1h 50m  (was: 1h 40m)

> Add option to not fallback to context lookup when finding value in 
> OgnlValueStack
> -
>
> Key: WW-5378
> URL: https://issues.apache.org/jira/browse/WW-5378
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 1h 50m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5378) Add option to not fallback to context lookup when finding value in OgnlValueStack

2024-01-02 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/WW-5378?focusedWorklogId=897607=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897607
 ]

ASF GitHub Bot logged work on WW-5378:
--

Author: ASF GitHub Bot
Created on: 02/Jan/24 08:41
Start Date: 02/Jan/24 08:41
Worklog Time Spent: 10m 
  Work Description: kusalk opened a new pull request, #222:
URL: https://github.com/apache/struts-site/pull/222

   WW-5378 WW-5381
   --
   Documentation for new configuration options introduced in:
   * https://github.com/apache/struts/pull/821
   * https://github.com/apache/struts/pull/823
   * https://github.com/apache/struts/pull/824
   * https://github.com/apache/struts/pull/825




Issue Time Tracking
---

Worklog Id: (was: 897607)
Time Spent: 1.5h  (was: 1h 20m)

> Add option to not fallback to context lookup when finding value in 
> OgnlValueStack
> -
>
> Key: WW-5378
> URL: https://issues.apache.org/jira/browse/WW-5378
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
>  Time Spent: 1.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)