RE: Specific Exception Handling

2016-03-22 Thread Martin Gainty 

Date: Tue, 22 Mar 2016 20:13:37 +
Subject: Specific Exception Handling
From: jadt...@gmail.com
To: user@struts.apache.org

In the example of exception - handling explains how to configure an specific 
exception for an action.
It is simple, only write the exception-mapping into the action node. But i 
don't know how it works and why we need two result nodes.


I understood that if the method throwSecurityException of the Register class 
throws SecurityBreachException, the action returns the result login and then it 
redirects to login.jsp but:
In which part of the app use the URL action actionspecificexeption?
MG>when op first executes login.jsp as seen below:   
 
  /register.jsp
  /login.jsp
   If the method throwsSecurityException always throws 
SecurityBreachException why do we need the other result?

MG>/register.jsp is default result when processed by 
org.apache.struts.register.action.Register that returns SUCCESS
MG>https://struts.apache.org/docs/exception-handling.html
-- 
Un saludo,José A.
MG>¿Claro?MG>/Saludos Cordiales/MG>Martín

Re: Specific Exception Handling

2016-03-22 Thread José Antonio Delgado Trujillo 
OK,
I saw in the github the URL cause actions exceptions in the index,jsp but i
dont't still understand the two result in the actionspecificexption.

2016-03-22 20:13 GMT+00:00 José Antonio Delgado Trujillo 
:

> In the example of exception - handling explains how to configure an
> specific exception for an action.
>
> It is simple, only write the exception-mapping into the action node. But i
> don't know how it works and why we need two result nodes.
>
> [image: Imágenes integradas 1]
>
> I understood that if the method throwSecurityException of the Register
> class throws SecurityBreachException, the action returns the result login
> and then it redirects to login.jsp but:
>
>
>- In which part of the app use the URL action actionspecificexeption?
>- If the method throwsSecurityException always throws
>SecurityBreachException why do we need the other result?
>
>
>
> --
> Un saludo,
> José A.
>



-- 
Un saludo,
José A.

Specific Exception Handling

2016-03-22 Thread José Antonio Delgado Trujillo 
In the example of exception - handling explains how to configure an
specific exception for an action.

It is simple, only write the exception-mapping into the action node. But i
don't know how it works and why we need two result nodes.

[image: Imágenes integradas 1]

I understood that if the method throwSecurityException of the Register
class throws SecurityBreachException, the action returns the result login
and then it redirects to login.jsp but:


   - In which part of the app use the URL action actionspecificexeption?
   - If the method throwsSecurityException always throws
   SecurityBreachException why do we need the other result?



-- 
Un saludo,
José A.

Re: tiles2.2.2 error for Struts 2.3.28 GA

2016-03-22 Thread Lukasz Lenart 
2016-03-22 19:55 GMT+01:00 Emi :
> Hello,
>>
>> - Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see
>> WW-4568
>
> tiles3.x, everything success.
>
> For tiles2.2.2, after migrating from2.3.24.1 to 2.3.28, got the following
> error:
>
> org.apache.tiles.definition.NoSuchDefinitionException: login_page
>
> But "login_page" is in tiles-login.xml file(no change).
>
>
> 
> org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG
> 
> /WEB-INF/tiles/tiles-login.xml
>
>
> For the new version, do I have to change something for tiles configuration
> with struts?

Here you have an example how to configure
https://github.com/apache/struts-examples/blob/master/tiles/src/main/webapp/WEB-INF/web.xml

Right now Struts Tiles plugin by default loads all "tiles*.xml" defintionions
https://github.com/apache/struts/blob/master/plugins/tiles/src/main/java/org/apache/struts2/tiles/StrutsTilesContainerFactory.java#L98

Just remember to use proper DTD
https://github.com/apache/struts-examples/blob/master/tiles/src/main/webapp/WEB-INF/tiles.xml


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

tiles2.2.2 error for Struts 2.3.28 GA

2016-03-22 Thread Emi 

Hello,

- Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see WW-4568

tiles3.x, everything success.

For tiles2.2.2, after migrating from2.3.24.1 to 2.3.28, got the 
following error:


org.apache.tiles.definition.NoSuchDefinitionException: login_page

But "login_page" is in tiles-login.xml file(no change).

   

org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG

/WEB-INF/tiles/tiles-login.xml
   

For the new version, do I have to change something for tiles 
configuration with struts?


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Log4j dtd

2016-03-22 Thread José Antonio Delgado Trujillo 
Thanks Lukasz for the link about log4j2 and Martin for log4j.xml in Eclipse.
I have the log4j.xml in /src/main/resource and the warning is about the
validation of the XML. Eclipse can't locate log4j.dtd and is looking for it
in /src/main/java.

It is only a warning, i can see the log message in the console.


2016-03-21 22:44 GMT+00:00 Martin Gainty :

> Eclipse cleans classes folder so perhaps put a copy of log4j.xml into \src
> ?
> For maven put a copy of log4j.xml into \src\main\resources
> http://stackoverflow.com/questions/9554805/log4j-xml-in-eclipse
> Saludos/
> Martín
> __
>
>
>
> > From: jadt...@gmail.com
> > Subject: Re: Log4j dtd
> > Date: Mon, 21 Mar 2016 22:21:28 +
> > To: user@struts.apache.org
> >
> > Well there are some difference between the online documentation tutorial
> basic-struts and the github examples.
> >
> > In the documentation
> > log4j.xml
> > and in the pom the dependency log4j as artifactId.
> >
> > In the github
> > lo4j2.xml
> > and in the pom the dependency log4j-core like artifactId
> >
> > i used the first, i find log4j.jar in my local repository but i still
> see the Eclipse warning in the xml file
> > (file cannot be validated as the XML definition) Eclipse look up in the
> workspace for log4j.dtd
> >
> > Why Eclipse doesn't find did file in the log4j.jar?
> > Is there an important difference between log4j and log4j2?
> >
> >
> >
> > > On 21 Mar 2016, at 19:44, Lukasz Lenart 
> wrote:
> > >
> > > 2016-03-21 19:00 GMT+01:00 José Antonio Delgado Trujillo <
> jadt...@gmail.com>:
> > >> Hi,
> > >>
> > >> i'm doing the getting started struts2 tutorial and i have a warning
> message with log4j.xml file.
> > >>
> > >> In the tutorial the second line in log4j.xml is
> > >>
> > >>  Configuration//EN" "log4j.dtd">
> > >>
> > >> but eclipse can't located log4j.dtd in my workspace.
> > >>
> > >> How can i fix the problem?
> > >> isn't there a external place to locate log4j.dtd?
> > >
> > > It should be inside a jar with Log4j and why Log4j and not Log4j2?
> > >
> > >
> > > Regards
> > > --
> > > Łukasz
> > > + 48 606 323 122 http://www.lenart.org.pl/
> > >
> > > -
> > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> > > For additional commands, e-mail: user-h...@struts.apache.org
> > >
> >
>
>



-- 
Un saludo,
José A.

[ANN] Apache Struts 2.3.28 GA

2016-03-22 Thread Lukasz Lenart 
The Apache Struts group is pleased to announce that Struts 2.3.28 is
available as a “General Availability” release. The GA designation is
our highest quality grade.

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.

This release addresses three potential security vulnerabilities:

S2-028 Possible XSS vulnerability in pages not using UTF-8 was fixed.
S2-029 Forced double OGNL evaluation, when evaluated on raw user input
in tag attributes, may lead to remote code execution.
S2-030 I18NInterceptor narrows selected locale to those available in
JVM to reduce possibility of another XSS vulnerability.

All developers are strongly advised to perform this action.

This release contains several changes and improvements just to mention
few of them:

- New Configurationprovider type was introduced -
ServletContextAwareConfigurationProvider, see WW-4410
- Setting status code in HttpHeaders isn’t ignored anymore, see WW-4545
- Spring BeanPostProcessor(s) are called only once to constructed
objects., see WW-4554
- OGNL was upgraded to version 3.0.13, see WW-4562
- Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see WW-4568
- A dedicated assembly with minimal set of jars was defined, see WW-4570
- Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585
- Improved the Struts2 Rest plugin to honor Accept header, see WW-4588
- MessageStoreInterceptor was refactored to use PreResultListener to
store messages, see WW-4605
- A new annotation was added to support configuring Tiles -
@TilesDefinition, see WW-4606

and many other improvements, please check the version notes

The 2.3.x series of the Apache Struts framework has a minimum
requirement of the following specification versions: Servlet API 2.4,
JSP API 2.0, and Java 6.

Struts 2.3.28 is available in a full distribution, or as separate
library, source, example and documentation distributions, from the
releases page
* http://struts.apache.org/download.cgi#struts2328

The release is also available from the central Maven repository under
Group ID "org.apache.struts".

The 2.3.28 version of the Apache Struts framework has a minimum
requirement of the following specification versions:
* Java Servlet 2.4 and JavaServer Pages (JSP) 2.0
* Java 2 Standard Platform Edition (J2SE) 6

The release notes are available online at:
* http://struts.apache.org/docs/version-notes-2328.html

Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list, and, if
appropriate, file a tracking ticket.appropriate, file a tracking
ticket:
* https://issues.apache.org/jira/browse/WW


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Log4j dtd

2016-03-22 Thread Lukasz Lenart 
2016-03-21 23:21 GMT+01:00 José Antonio Delgado Trujillo :
> Well there are some difference between the online documentation tutorial 
> basic-struts and the github examples.
>
> In the documentation
> log4j.xml
> and in the pom the dependency log4j as artifactId.
>
> In the github
> lo4j2.xml
> and in the pom the dependency log4j-core like artifactId

Yes, sorry for that :( struts-examples are targeting Struts 2.5 but
documentation is still pointing Struts 2.3.x

> i used the first, i find log4j.jar in my local repository but i still see the 
> Eclipse warning in the xml file
> (file cannot be validated as the XML definition) Eclipse look up in the 
> workspace for log4j.dtd
>
> Why Eclipse doesn’t find did file in the log4j.jar?

No idea, I'm using IDEA and I don't have such problems

> Is there an important difference between log4j and log4j2?

Yes, more details you can find here
https://www.grobmeier.de/log4j-2-performance-close-to-insane-20072013.html


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org