Re: Invalid Field Value when using Map
I have built a test project to just test the Map variables. In the validate method it does give a String object (for value of map). But seems like a field error is also added. If I try to use the map in validate method I would get a class cast exception, but if I don't do anything with the map values then the input page is displayed with invalid field value error. So I guess the issue is that my validate method is trying to validate the values in the map and that causes the exception, as the map has String values in it. I have to update the validation methods to check if the value is of type Double or not. Is this how it is supposed to work? I would have thought that a field error would be added and the String value would not be added to the Map as the code is expecting Doubles. Thanks, Prasanth On 6/24/19 1:42 AM, Yasser Zamani wrote: Hi, I think putting breakpoints at [1] and [2] and seeing if you reach there and what happens next can help proceeding this issue. Thanks in advance! Regards. [1] https://github.com/apache/struts/blob/651eac2c57396aa11ee65002006b3123dd69cbb4/core/src/main/java/com/opensymphony/xwork2/conversion/impl/DefaultObjectTypeDeterminer.java#L114 [2] https://github.com/apache/struts/blob/651eac2c57396aa11ee65002006b3123dd69cbb4/core/src/main/java/com/opensymphony/xwork2/interceptor/ConversionErrorInterceptor.java#L118 -Original Message- From: Prasanth Sent: Friday, June 21, 2019 6:27 PM To: user@struts.apache.org Subject: Re: Invalid Field Value when using Map Hi Yasser, The conversion error occurs when the field is not a map. I have a form with int/long fields, if the user enters non numeric value the form display error. The actions are validation aware and the control does come to validation method. It is in the validation method that I usually get exceptions as the code is expecting to have a Double but the type of the object in the map is a String. I have tried to check in the validate method if the object is of type Double and if it is not a Double add a field error. When I do that OGNL seems to have an issue when displaying the input form with the values in the map. Seems like OGNL is now expecting a Double value and is not able to handle a String object being present in the map. The JSP stops at the field which has String value. So even if I add additional validations to make sure all values in the map are Doubles it would still cause a problem as Struts would not be able to display the input form. Thanks, Prasanth On 6/21/19 1:23 AM, Yasser Zamani wrote: Oh interesting! Have you seen [1]? e.g. conversion error interceptor should be present in your interceptor stack. To debug, for example put a number field which is not a map and see if conversion error appears - I think you should also have fieldErrors tag in your jsp. It seems your action also should be ValidationAware. Put a break-point at [2] and see if your code reaches there and what happens next. Regards. [1] https://struts.apache.org/core-developers/type-conversion.html#collect ion-and-map-support [2] https://github.com/apache/struts/blob/651eac2c57396aa11ee65002006b3123 dd69cbb4/core/src/main/java/com/opensymphony/xwork2/interceptor/Conver sionErrorInterceptor.java#L116 On 6/19/2019 10:35 PM, Prasanth Pasala wrote: Hi Yasser, I think at run time you can add any type of objects you want to the map. The checks are only at compile time on the data types of objects added to Maps. Thanks, Prasanth On 6/19/19 1:29 AM, Yasser Zamani wrote: Hi Prasanth, I'm surprised how you get non digit characters in your map while both key and value are not String! Regards. -Original Message- From: Prasanth Sent: Monday, June 17, 2019 8:52 PM To: Struts Users Mailing List Subject: Invalid Field Value when using Map Hi, I have a form that uses maps to store data as shown below. When the user enters valid numbers it works as expected, but when user enters non digit characters in the text field a String object is saved in the map rather than showing a "Invalid field value for field " message which is done for basic data types like int/long/double. Is this something that struts has not implemented for maps yet, as the annotations provide the expected data type? @Element(value=java.lang.Double.class) private HashMap deferralAmountValue = new HashMap(); @Element(value=java.lang.Double.class) private HashMap deferralPercentValue = new HashMap(); Thanks, Prasanth - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: use
Re: Invalid Field Value when using Map
Hi Yasser, I think at run time you can add any type of objects you want to the map. The checks are only at compile time on the data types of objects added to Maps. Thanks, Prasanth On 6/19/19 1:29 AM, Yasser Zamani wrote: Hi Prasanth, I'm surprised how you get non digit characters in your map while both key and value are not String! Regards. -Original Message- From: Prasanth Sent: Monday, June 17, 2019 8:52 PM To: Struts Users Mailing List Subject: Invalid Field Value when using Map Hi, I have a form that uses maps to store data as shown below. When the user enters valid numbers it works as expected, but when user enters non digit characters in the text field a String object is saved in the map rather than showing a "Invalid field value for field " message which is done for basic data types like int/long/double. Is this something that struts has not implemented for maps yet, as the annotations provide the expected data type? @Element(value=java.lang.Double.class) private HashMap deferralAmountValue = new HashMap(); @Element(value=java.lang.Double.class) private HashMap deferralPercentValue = new HashMap(); Thanks, Prasanth - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: HashMap with String as key
Lukasz, There is no new keys in the hash map. The hash map is not updated at all. Before the form is displayed to the user, the hash map is populated based on the data in the database. These values are correctly displayed to the user in the text fields. But when the form is submitted by the user the data doesn't get populated in the hash map. Only the data I have populated in the hash map is present (as the model class is stored in session using scope interceptor) doesn't matter what values I type in the text fields. Yasser, That is right the key is a string, not long. Also as I was testing this (having keys with and with out hyphen) I realized that any values that I have added to hash map before showing the form are still in the map. The new values from the form (keys without hyphen) got added to the hash map. I was under the impression that struts would set a new hash map with just the keys present in the form. Thanks, Prasanth On 3/12/19 4:12 AM, Yasser Zamani wrote: > (regarding your previous emails background) Please also consider that the key > 2432-123 is not further Long. It's String. > > Regards. > >> -Original Message- >> From: Lukasz Lenart >> Sent: Tuesday, March 12, 2019 10:52 AM >> To: Struts Users Mailing List >> Subject: Re: HashMap with String as key >> >> pon., 11 mar 2019 o 18:41 Prasanth napisał(a): >>> When you have a HashMap backed form and String as key, are there any >> restrictions on the characters allowed? >>> I have keys like "2432-123" as I have to incorporate two ids in the >>> key. When I have these keys the HashMap is not getting populated. If I >>> change >> it, so that there is only one id (no hyphen) then the data is getting posted >> as >> expected. >> >> I assume it's because of the "-" (minus) sign, and OGNL performs an >> evaluation or >> something. Could you check if you have key 2309 in your map as a result of >> distraction operation (2432-123 = 2309)? >> >> >> Regards >> -- >> Łukasz >> + 48 606 323 122 http://www.lenart.org.pl/ >> >> - >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 Checkboxlist
I think the issue I am having is due to the theme, I had old checkboxlist.ftl code. Once it is updated to the latest code it is working well. The only change I make in it is show each checkbox in a separate line. Appreciate all the help. Thanks, Prasanth On 2/6/19 9:31 AM, Prasanth Pasala wrote: > So there is no need to add MultiselectInterceptor in the action definition? > > Below is the checkboxlist in the jsp. accountNames map is in the account to > provide the list values and names. > > listValue="%{value}" theme="tpg" > > > Thanks, > Prasanth > > On 2/6/19 8:53 AM, Yasser Zamani wrote: >> Ach! Sorry, you're right. For checkbox list it's MultiselectInterceptor >> class which handles this and here it works with following config: >> >> List selectedLongs= new ArrayList<>(); >> public List getLongs(){ >> List longs= new ArrayList<>(); >> longs.add(0L); >> longs.add(1L); >> return longs; >> } >> public void setSelectedLongs(List selectedLongs){ >> this.selectedLongs = selectedLongs; >> } >> public List getSelectedLongs(){ >> return selectedLongs; >> } >> >> > tooltip="longs test" >> label="Longs Test" >> list="longs" >> name="selectedLongs" >> value="selectedLongs"/> >> >> > class="org.apache.struts2.showcase.UITagExample" method="doSubmit"> >> /WEB-INF/tags/ui/exampleSubmited.jsp >> /WEB-INF/tags/ui/example.jsp >> >> >> >> When I post an empty form, MultiselectInterceptor adds an empty string for >> selectedLongs http param, then Struts internal conversion converts it to an >> empty instance of List, then setSelectedLongs will be called here with >> it. >> >> Regards. >> >>> -Original Message- >>> From: Prasanth Pasala >>> Sent: Wednesday, February 6, 2019 12:30 AM >>> To: user@struts.apache.org >>> Subject: Re: Struts2 Checkboxlist >>> >>> Hi Yasser, >>> >>> Even after having the param the ArrayList was not populated with -1 >>> for >>> unchecked checkboxes. The ArrayList is in form. The set method in the >>> form is not getting called when I don't check any of the checkboxes. I am >>> using a >>> checkboxlist rather than individual checkboxes. >>> >>> >>> >>> form >>> >>> >>> -1 >>> >>> >>> >>> Thanks, >>> Prasanth >>> >>> On 2/5/19 5:43 AM, Yasser Zamani wrote: >>>> Hi Prasanth, >>>> >>>> Yes, I think. Now I can recall a long discussion about this at [1]. i.e. >>>> you also can >>> keep array list of long but override the interceptor like below [2]: >>>> >>> class="com.afs.ListConverterTestAction"> >>>> >>>> -1 >>>> >>>> >>>> Kind Regards. >>>> >>>> [1] https://github.com/apache/struts/pull/169 >>>> [2] https://github.com/apache/struts/pull/169#issuecomment-352999309 >>>> >>>> >>>>> -Original Message- >>>>> From: Prasanth Pasala >>>>> Sent: Tuesday, February 5, 2019 3:26 AM >>>>> To: user@struts.apache.org >>>>> Subject: Re: Struts2 Checkboxlist >>>>> >>>>> I am using the defaultStack but the ArrayList used for the checkboxes >>>>> is of type Long. If we change it to ArrayList of Boolean would the >>>>> interceptor set the values to false? Or is this only applicable if >>>>> you have individual checkboxes rather than checkboxlist? >>>>> >>>>> Thanks, >>>>> Prasanth >>>>> >>>>> On 2/4/19 4:29 PM, Paul Zepernick wrote: >>>>>> Yes, setFoo is only called if the checkbox is checked. However, >>>>>> Struts 2 does have a checkbox interceptor: >>>>>> https://struts.apache.org/core-de
Re: Struts2 Checkboxlist
So there is no need to add MultiselectInterceptor in the action definition? Below is the checkboxlist in the jsp. accountNames map is in the account to provide the list values and names. Thanks, Prasanth On 2/6/19 8:53 AM, Yasser Zamani wrote: > Ach! Sorry, you're right. For checkbox list it's MultiselectInterceptor class > which handles this and here it works with following config: > > List selectedLongs= new ArrayList<>(); > public List getLongs(){ > List longs= new ArrayList<>(); > longs.add(0L); > longs.add(1L); > return longs; > } > public void setSelectedLongs(List selectedLongs){ > this.selectedLongs = selectedLongs; > } > public List getSelectedLongs(){ > return selectedLongs; > } > > tooltip="longs test" > label="Longs Test" > list="longs" > name="selectedLongs" > value="selectedLongs"/> > > class="org.apache.struts2.showcase.UITagExample" method="doSubmit"> > /WEB-INF/tags/ui/exampleSubmited.jsp > /WEB-INF/tags/ui/example.jsp > > > > When I post an empty form, MultiselectInterceptor adds an empty string for > selectedLongs http param, then Struts internal conversion converts it to an > empty instance of List, then setSelectedLongs will be called here with > it. > > Regards. > >> -Original Message- >> From: Prasanth Pasala >> Sent: Wednesday, February 6, 2019 12:30 AM >> To: user@struts.apache.org >> Subject: Re: Struts2 Checkboxlist >> >> Hi Yasser, >> >> Even after having the param the ArrayList was not populated with -1 for >> unchecked checkboxes. The ArrayList is in form. The set method in the >> form is not getting called when I don't check any of the checkboxes. I am >> using a >> checkboxlist rather than individual checkboxes. >> >> >> >> form >> >> >> -1 >> >> >> >> Thanks, >> Prasanth >> >> On 2/5/19 5:43 AM, Yasser Zamani wrote: >>> Hi Prasanth, >>> >>> Yes, I think. Now I can recall a long discussion about this at [1]. i.e. >>> you also can >> keep array list of long but override the interceptor like below [2]: >>> >> class="com.afs.ListConverterTestAction"> >>> >>> -1 >>> >>> >>> Kind Regards. >>> >>> [1] https://github.com/apache/struts/pull/169 >>> [2] https://github.com/apache/struts/pull/169#issuecomment-352999309 >>> >>> >>>> -Original Message- >>>> From: Prasanth Pasala >>>> Sent: Tuesday, February 5, 2019 3:26 AM >>>> To: user@struts.apache.org >>>> Subject: Re: Struts2 Checkboxlist >>>> >>>> I am using the defaultStack but the ArrayList used for the checkboxes >>>> is of type Long. If we change it to ArrayList of Boolean would the >>>> interceptor set the values to false? Or is this only applicable if >>>> you have individual checkboxes rather than checkboxlist? >>>> >>>> Thanks, >>>> Prasanth >>>> >>>> On 2/4/19 4:29 PM, Paul Zepernick wrote: >>>>> Yes, setFoo is only called if the checkbox is checked. However, >>>>> Struts 2 does have a checkbox interceptor: >>>>> https://struts.apache.org/core-developers/checkbox-interceptor.html >>>>> >>>>> This interceptor defaults checkbox Boolean's to False if the box is not >> checked. >>>> This is part of the default interceptor stack. >>>>> Paul >>>>> >>>>> -Original Message- >>>>> From: Prasanth Pasala >>>>> Sent: Monday, February 4, 2019 5:21 PM >>>>> To: user@struts.apache.org >>>>> Subject: Re: Struts2 Checkboxlist >>>>> >>>>> NOTICE: This email originated from outside of the organization. Do >>>>> not click >>>> links or open attachments unless you recognize the sender and know >>>> the content is safe. >>>>>
Re: Struts2 Checkboxlist
Hi Yasser, Even after having the param the ArrayList was not populated with -1 for unchecked checkboxes. The ArrayList is in form. The set method in the form is not getting called when I don't check any of the checkboxes. I am using a checkboxlist rather than individual checkboxes. form -1 Thanks, Prasanth On 2/5/19 5:43 AM, Yasser Zamani wrote: > Hi Prasanth, > > Yes, I think. Now I can recall a long discussion about this at [1]. i.e. you > also can keep array list of long but override the interceptor like below [2]: > > > > -1 > > > Kind Regards. > > [1] https://github.com/apache/struts/pull/169 > [2] https://github.com/apache/struts/pull/169#issuecomment-352999309 > > >> -Original Message- >> From: Prasanth Pasala >> Sent: Tuesday, February 5, 2019 3:26 AM >> To: user@struts.apache.org >> Subject: Re: Struts2 Checkboxlist >> >> I am using the defaultStack but the ArrayList used for the checkboxes is of >> type >> Long. If we change it to ArrayList of Boolean would the interceptor set the >> values >> to false? Or is this only applicable if you have individual checkboxes >> rather than >> checkboxlist? >> >> Thanks, >> Prasanth >> >> On 2/4/19 4:29 PM, Paul Zepernick wrote: >>> Yes, setFoo is only called if the checkbox is checked. However, >>> Struts 2 does have a checkbox interceptor: >>> https://struts.apache.org/core-developers/checkbox-interceptor.html >>> >>> This interceptor defaults checkbox Boolean's to False if the box is not >>> checked. >> This is part of the default interceptor stack. >>> Paul >>> >>> -Original Message- >>> From: Prasanth Pasala >>> Sent: Monday, February 4, 2019 5:21 PM >>> To: user@struts.apache.org >>> Subject: Re: Struts2 Checkboxlist >>> >>> NOTICE: This email originated from outside of the organization. Do not click >> links or open attachments unless you recognize the sender and know the >> content >> is safe. >>> Is that how Struts2 is expected to work? Meaning setFoo would not be called >>> if >> non of the Foo checkboxes are selected? I know that is how Struts1 worked. >>> Thanks, >>> Prasanth >>> >>> On 2/2/19 7:08 PM, Prasanth Pasala wrote: >>>> Hi Yasser, >>>> >>>> When none of the checkboxes is selected the setFoo is not getting called. >>>> >>>> Thanks >>>> Prasanth >>>> >>>> On February 2, 2019 8:02:07 AM CST, Yasser Zamani >> wrote: >>>>> Hi Prasanth, >>>>> >>>>> AFAIK this tag is like this: >>>>> >>>>> >>>>> >>>>> It calls getBar method of your action or finds bar in value stack to >>>>> find out what to display. Same for baz to find out which to be >>>>> selected. Then it calls yourAction.setFoo to post selected items. i.e. >>>>> it is up to you what you do with it in setFoo method. Normally you >>>>> should clear baz and fill it with them again to update selected items. >>>>> >>>>> Thanks for using Struts! >>>>> >>>>> Kind Regards. >>>>> >>>>>> -Original Message- >>>>>> From: Prasanth >>>>>> Sent: Saturday, February 2, 2019 1:08 AM >>>>>> To: user@struts.apache.org >>>>>> Subject: Struts2 Checkboxlist >>>>>> >>>>>> Hi, >>>>>> >>>>>> I am using a checkboxlist on a jsp page which corresponds to a >>>>> ArrayList in the >>>>>> form class, which is used to store form data from a multi page wizard. >>>>> I am using >>>>>> scope interceptor to store the form class in session so that the >>>>>> data >>>>> persists as >>>>>> the user navigates the wizard. When the user selects some check >>>>>> boxes >>>>> it is >>>>>> correctly populated in the form class but if the user navigates >>>>>> back >>>>> in the wizard >>>>>> and unchecks the check box (non of the check boxes selected) struts >>>>> doesn't set >>>>>> the ArrayList to empty. It will still contain the old selection. >>>>
Re: Struts2 Checkboxlist
I am using the defaultStack but the ArrayList used for the checkboxes is of type Long. If we change it to ArrayList of Boolean would the interceptor set the values to false? Or is this only applicable if you have individual checkboxes rather than checkboxlist? Thanks, Prasanth On 2/4/19 4:29 PM, Paul Zepernick wrote: > Yes, setFoo is only called if the checkbox is checked. However, Struts 2 > does have a checkbox interceptor: > https://struts.apache.org/core-developers/checkbox-interceptor.html > > This interceptor defaults checkbox Boolean's to False if the box is not > checked. This is part of the default interceptor stack. > > Paul > > -Original Message- > From: Prasanth Pasala > Sent: Monday, February 4, 2019 5:21 PM > To: user@struts.apache.org > Subject: Re: Struts2 Checkboxlist > > NOTICE: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > Is that how Struts2 is expected to work? Meaning setFoo would not be called > if non of the Foo checkboxes are selected? I know that is how Struts1 worked. > > Thanks, > Prasanth > > On 2/2/19 7:08 PM, Prasanth Pasala wrote: >> Hi Yasser, >> >> When none of the checkboxes is selected the setFoo is not getting called. >> >> Thanks >> Prasanth >> >> On February 2, 2019 8:02:07 AM CST, Yasser Zamani >> wrote: >>> Hi Prasanth, >>> >>> AFAIK this tag is like this: >>> >>> >>> >>> It calls getBar method of your action or finds bar in value stack to >>> find out what to display. Same for baz to find out which to be >>> selected. Then it calls yourAction.setFoo to post selected items. i.e. >>> it is up to you what you do with it in setFoo method. Normally you >>> should clear baz and fill it with them again to update selected items. >>> >>> Thanks for using Struts! >>> >>> Kind Regards. >>> >>>> -Original Message- >>>> From: Prasanth >>>> Sent: Saturday, February 2, 2019 1:08 AM >>>> To: user@struts.apache.org >>>> Subject: Struts2 Checkboxlist >>>> >>>> Hi, >>>> >>>> I am using a checkboxlist on a jsp page which corresponds to a >>> ArrayList in the >>>> form class, which is used to store form data from a multi page wizard. >>> I am using >>>> scope interceptor to store the form class in session so that the >>>> data >>> persists as >>>> the user navigates the wizard. When the user selects some check >>>> boxes >>> it is >>>> correctly populated in the form class but if the user navigates back >>> in the wizard >>>> and unchecks the check box (non of the check boxes selected) struts >>> doesn't set >>>> the ArrayList to empty. It will still contain the old selection. >>>> What >>> is the best way >>>> to solve this issue? >>>> >>>> My Options: >>>> 1. Should I use Preparable and set this ArrayList to empty? Since >>>> this >>> is a wizard >>>> (multiple pages submitting to the same action) have to make sure it >>>> is >>> done only >>>> when submitting the page that have these checkboxes. >>>> 2. Create two separate ArrayLists, one to get values from Struts and >>> another to >>>> save the original selection and clear the first array list. Down >>>> side >>> is I need to >>>> populate the list linked to the form when user navigates back to >>>> that >>> page. >>>> Neither of them seem elegant. Is there a way to make struts set the >>> ArrayList to >>>> empty when user doesn't select any check box? >>>> >>>> Using Struts 2.3.35 >>>> >>>> Thanks, >>>> Prasanth >>> - >>> To unsubscribe, e-m > Disclaimer: This communication and any files transmitted with it may contain > information that is privileged, confidential and/or exempt from disclosure > under applicable law. If you are not the intended recipient, you are hereby > notified that any disclosure, copying, distribution, or use of the > information contained herein (including any reliance thereon) is strictly > prohibited. If you received this communication in error, please immediately > contact the sender and destroy the material in its entirety, whether in > electronic or hard copy format. Thank you. > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 Checkboxlist
Is that how Struts2 is expected to work? Meaning setFoo would not be called if non of the Foo checkboxes are selected? I know that is how Struts1 worked. Thanks, Prasanth On 2/2/19 7:08 PM, Prasanth Pasala wrote: > Hi Yasser, > > When none of the checkboxes is selected the setFoo is not getting called. > > Thanks > Prasanth > > On February 2, 2019 8:02:07 AM CST, Yasser Zamani > wrote: >> Hi Prasanth, >> >> AFAIK this tag is like this: >> >> >> >> It calls getBar method of your action or finds bar in value stack to >> find out what to display. Same for baz to find out which to be >> selected. Then it calls yourAction.setFoo to post selected items. i.e. >> it is up to you what you do with it in setFoo method. Normally you >> should clear baz and fill it with them again to update selected items. >> >> Thanks for using Struts! >> >> Kind Regards. >> >>> -Original Message- >>> From: Prasanth >>> Sent: Saturday, February 2, 2019 1:08 AM >>> To: user@struts.apache.org >>> Subject: Struts2 Checkboxlist >>> >>> Hi, >>> >>> I am using a checkboxlist on a jsp page which corresponds to a >> ArrayList in the >>> form class, which is used to store form data from a multi page wizard. >> I am using >>> scope interceptor to store the form class in session so that the data >> persists as >>> the user navigates the wizard. When the user selects some check boxes >> it is >>> correctly populated in the form class but if the user navigates back >> in the wizard >>> and unchecks the check box (non of the check boxes selected) struts >> doesn't set >>> the ArrayList to empty. It will still contain the old selection. What >> is the best way >>> to solve this issue? >>> >>> My Options: >>> 1. Should I use Preparable and set this ArrayList to empty? Since this >> is a wizard >>> (multiple pages submitting to the same action) have to make sure it is >> done only >>> when submitting the page that have these checkboxes. >>> 2. Create two separate ArrayLists, one to get values from Struts and >> another to >>> save the original selection and clear the first array list. Down side >> is I need to >>> populate the list linked to the form when user navigates back to that >> page. >>> Neither of them seem elegant. Is there a way to make struts set the >> ArrayList to >>> empty when user doesn't select any check box? >>> >>> Using Struts 2.3.35 >>> >>> Thanks, >>> Prasanth >> - >> To unsubscribe, e-m
RE: Struts2 Checkboxlist
Hi Yasser, When none of the checkboxes is selected the setFoo is not getting called. Thanks Prasanth On February 2, 2019 8:02:07 AM CST, Yasser Zamani wrote: >Hi Prasanth, > >AFAIK this tag is like this: > > > >It calls getBar method of your action or finds bar in value stack to >find out what to display. Same for baz to find out which to be >selected. Then it calls yourAction.setFoo to post selected items. i.e. >it is up to you what you do with it in setFoo method. Normally you >should clear baz and fill it with them again to update selected items. > >Thanks for using Struts! > >Kind Regards. > >>-Original Message- >>From: Prasanth >>Sent: Saturday, February 2, 2019 1:08 AM >>To: user@struts.apache.org >>Subject: Struts2 Checkboxlist >> >>Hi, >> >>I am using a checkboxlist on a jsp page which corresponds to a >ArrayList in the >>form class, which is used to store form data from a multi page wizard. >I am using >>scope interceptor to store the form class in session so that the data >persists as >>the user navigates the wizard. When the user selects some check boxes >it is >>correctly populated in the form class but if the user navigates back >in the wizard >>and unchecks the check box (non of the check boxes selected) struts >doesn't set >>the ArrayList to empty. It will still contain the old selection. What >is the best way >>to solve this issue? >> >>My Options: >>1. Should I use Preparable and set this ArrayList to empty? Since this >is a wizard >>(multiple pages submitting to the same action) have to make sure it is >done only >>when submitting the page that have these checkboxes. >>2. Create two separate ArrayLists, one to get values from Struts and >another to >>save the original selection and clear the first array list. Down side >is I need to >>populate the list linked to the form when user navigates back to that >page. >> >>Neither of them seem elegant. Is there a way to make struts set the >ArrayList to >>empty when user doesn't select any check box? >> >>Using Struts 2.3.35 >> >>Thanks, >>Prasanth > >- >To unsubscribe, e-m -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Struts2 login action class seems to be reused
(SSLInformationAssociationHandler.java:131 at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57 at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43 at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53 at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46 at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64 at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59 at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60 at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77 at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50 at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43 at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43 at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61 at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43 at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68 at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43 at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292 at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81 at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138 at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135 at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48 at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43 at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508 at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272 at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81 at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104 at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326 at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624 On 05/16/2018 12:44 AM, Yasser Zamani wrote: > > On 5/16/2018 6:59 AM, Prasanth Pasala wrote: >> We have two applications (websites) to make it easier for users we have a >> third site that acts as a common login place. Once the user enters the >> username and password it determines the right site to use and does a forward >> to that context (applications hosted in the same host). >> >> When using struts1 everything was fine. When we moved to struts2 we started >> getting crossed logins. When a user gets to login page the action would get >> populated with a username and password used by some other user. This happens >> only if a request with this information is forwarded from one context to >> another. >> >> With some help from struts mailing list it was determined that some how old >> actions are in the stack and if we remove get methods struts2 would not be >> able to pull that data and put in the current value stack. So we did it and >> when we started testing we are getting session invalid
Re: Struts2 login action class seems to be reused
We have two applications (websites) to make it easier for users we have a third site that acts as a common login place. Once the user enters the username and password it determines the right site to use and does a forward to that context (applications hosted in the same host). When using struts1 everything was fine. When we moved to struts2 we started getting crossed logins. When a user gets to login page the action would get populated with a username and password used by some other user. This happens only if a request with this information is forwarded from one context to another. With some help from struts mailing list it was determined that some how old actions are in the stack and if we remove get methods struts2 would not be able to pull that data and put in the current value stack. So we did it and when we started testing we are getting session invalid exceptions. Again this happens only if there are users logging in context1 and that request is forwarded to context2. If the login activity is done directly in context2 the issue does not arise. Thanks Prasanth On May 15, 2018 8:45:25 PM CDT, Jaikiran Pai <jai.forums2...@gmail.com> wrote: >I don't have enough context of this discussion, but looking briefly at >this, it looks like you are using Apache HTTP client (probably with >pooled connections) and it seems like a connection reuse for a >subsequent login request is sending a Cookie with the request (when it >shouldn't?). > > >If that's the case, then it looks like the Apache HTTP client's auto >Cookie management is coming into picture where it "auto attaches" the >Cookie, obtained from a previous response on that connection, to the >new >request on that reused connection. Apache HTTP client allows you to >configure this behaviour by setting a cookie policy management. I guess > >you probably want to use the "ignoreCookies" policy in your case, since > >you want to manage setting the Cookie to the requests yourself. The >Apache HTTP client documentation[1] has more information. Something >like: > > > final HttpClientBuilder httpClientBuilder = > final RequestConfig.Builder requestConfigBuilder = >RequestConfig.custom(); > ... >requestConfigBuilder.setCookieSpec(org.apache.http.client.config.CookieSpecs.IGNORE_COOKIES); > ... >httpClientBuilder.setDefaultRequestConfig(requestConfigBuilder.build()); > > >[1] For 3.x version (I couldn't find one for 4.x which you seem to be >using) https://hc.apache.org/httpclient-3.x/cookies.html > >[2] >https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/config/CookieSpecs.html > > >-Jaikiran > > >On 16/05/18 2:33 AM, Martin Gainty wrote: >> >> 8443 indicates secure connection so perhaps a misconfig with >> wildfly standalone.xml (see below) >> >> >> >> >> >> >> >> >https://docs.jboss.org/author/display/WFLY10/Admin+Guide#AdminGuide-SessionCookieConfiguration > >> >> Admin Guide - WildFly 10 - Project Documentation Editor >> ><https://docs.jboss.org/author/display/WFLY10/Admin+Guide#AdminGuide-SessionCookieConfiguration> >> docs.jboss.org >> Target audience. This document is a guide to the setup, >> administration, and configuration of WildFly. Prerequisites. Before >> continuing, you should know how to download, install and run WildFly. >> >> ? >> >> can you ping wildfly userlist ? >> https://developer.jboss.org/en/wildfly >> Space: WildFly |JBoss Developer ><https://developer.jboss.org/en/wildfly> >> developer.jboss.org >> Log in to follow, share, and participate in this community. Not a >> member? Join Now! >> >> >> jaikiran is a good resource that i met on a different userlist..i >> would definitely ping him >> stay in touch/let me know if setting session-cookie in >standalone.xml >> works >> >> M- >> NB: I once contracted to the company that bought wildfly..we had to >> figure configuration by ourselves >> >> > >> *From:* Prasanth Pasala <ppas...@pangburngroup.com> >> *Sent:* Tuesday, May 15, 2018 11:42 AM >> *To:* user@struts.apache.org >> *Subject:* Re: Struts2 login action class seems to be reused >> See below the header information when the exception occurred. Strange > >> thing is JMeter is saying it did not send any cookie (which is want I > >> would except in this case as it is just requesting the login >> page) >> >> Cookie: JSESSIONID=ZclUN41sWwTsPGRw
Re: Struts2 login action class seems to be reused
See below the header information when the exception occurred. Strange thing is JMeter is saying it did not send any cookie (which is want I would except in this case as it is just requesting the login page) Cookie: JSESSIONID=ZclUN41sWwTsPGRw7Cf255OHu7jnQtgt4rEZ2QDZ. (xx - is the machine name on which wildfly is running) Connection: keep-alive User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_151) Host: dev.secure.xxx.com:8443 Content-Length: 46 Content-Type: application/x-www-form-urlencoded 10:09:09,150 ERROR [org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler] (default task-20) Exception occurred during processing request: UT10: Session is invalid ZclUN41sWwTsPGRw7Cf255OHu7jnQtgt4rEZ2QDZ: java.lang.IllegalStateException: UT10: Session is invalid ZclUN41sWwTsPGRw7Cf255OHu7jnQtgt4rEZ2QDZ From JMeter--- GET https://dev.secure.pangburngroup.com:8443/participant/ GET data: [no cookies] Request Headers: Connection: keep-alive Host: dev.secure.xxx.com:8443 User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_151) -- Thanks, Prasanth On 05/15/2018 07:44 AM, Martin Gainty wrote: > Hi Norbert/Prasanth > > Struts2 login action problem has morphed to "Invalid Session State"with > Wildfly's implementation of TC 5.5 > > https://en.wikipedia.org/wiki/WildFly > > [https://upload.wikimedia.org/wikipedia/commons/thumb/a/a3/Wildfly_logo.png/200px-Wildfly_logo.png]<https://en.wikipedia.org/wiki/WildFly> > > WildFly - Wikipedia<https://en.wikipedia.org/wiki/WildFly> > en.wikipedia.org > WildFly, formerly known as JBoss AS, or simply JBoss, is an application > server authored by JBoss, now developed by Red Hat.WildFly is written in Java > and implements the Java Platform, Enterprise Edition (Java EE) specification. > > > MG>as a debugging exercise I would dump HTTP Header attributes with > > http://livehttpheaders.mozdev.org/ > > mozdev.org - livehttpheaders: index<http://livehttpheaders.mozdev.org/> > livehttpheaders.mozdev.org > Welcome to the livehttpheaders project.. The goal of this project is to adds > information about the HTTP headers in two ways: First by adding a 'Headers' > tab in 'View Page Info' of a web page. > > > MG>then check JSESSIONID > > MG>a fellow named "Thomas" had a similar problem with incorrect JSESSIONID > MG>and corrected with his own StandardManager findSession method > https://www.thecodingforums.com/threads/session-problem-jsessionid-cookie-comes-back-with-double-quotes.140442/ > > Yes, there is! I found it and implemented this solution: A class > extending org.apache.catalina.session.StandardManager and overriding > the method public Session findSession(String id) throws IOException - > simply removing quotation marks, if any! Seems to work fine. > Thanks for putting me on the right trail! > > MG>assuming your TC has incorrect StandardManager can you update wildfly with > a more updated version? > MG>here are versions > https://developer.jboss.org/wiki/VersionOfTomcatInJBossAS?_sscc=t > true<https://developer.jboss.org/wiki/VersionOfTomcatInJBossAS?_sscc=t> > developer.jboss.org > What version of Apache Tomcat ships with JBoss Application Server JBossAS > version Ships with Tomcat Servlet Spec JSP Spec 3.2.3 4.1.29 2.3 > > > MG>personally i wouldnt muck with TC i would suggest upgrading wildfly and > getting jboss-web container > > hth > martin > __ > > > > > > From: Norbert Hirneisen <no...@s2you.de> > Sent: Friday, March 2, 2018 6:55 PM > To: user@struts.apache.org > Subject: Fwd: Re: Struts2 login action class seems to be reused > > Hi Prasanth, > > are you sure all your struts1 code is thread safe ? I had some similiar > problems in a struts1 application. After removing all action class > properties the problem was solved. Struts2 should be thread safe. But > your problems looks to me like a problem with thread safety. > > Best regards, > > Norbert > > science + communication & HaNo Systems > > Bonn/Ho-Chi-Minh > > > Am 02.03.2018 um 22:07 schrieb Prasanth Pasala: >> I was able to replicate the issue today. Asked few users to keep logging in >> and ran jmeter to access login page, with out putting any username or >> password. Out of the 100 attempts 2 attempts were >> successful in getting in with out username/password. I am seeing database >> login entries for these two. Which would happen only if a valid session is >> not present and user has provided username/
Re: Struts2 login action class seems to be reused
Hi Martin, Thanks for the response. We are using Wildfly 11.0.0 Final. I will try to get the HTTP header dump. Thanks, Prasanth On 05/15/2018 07:44 AM, Martin Gainty wrote: > Hi Norbert/Prasanth > > Struts2 login action problem has morphed to "Invalid Session State"with > Wildfly's implementation of TC 5.5 > > https://en.wikipedia.org/wiki/WildFly > > [https://upload.wikimedia.org/wikipedia/commons/thumb/a/a3/Wildfly_logo.png/200px-Wildfly_logo.png]<https://en.wikipedia.org/wiki/WildFly> > > WildFly - Wikipedia<https://en.wikipedia.org/wiki/WildFly> > en.wikipedia.org > WildFly, formerly known as JBoss AS, or simply JBoss, is an application > server authored by JBoss, now developed by Red Hat.WildFly is written in Java > and implements the Java Platform, Enterprise Edition (Java EE) specification. > > > MG>as a debugging exercise I would dump HTTP Header attributes with > > http://livehttpheaders.mozdev.org/ > > mozdev.org - livehttpheaders: index<http://livehttpheaders.mozdev.org/> > livehttpheaders.mozdev.org > Welcome to the livehttpheaders project.. The goal of this project is to adds > information about the HTTP headers in two ways: First by adding a 'Headers' > tab in 'View Page Info' of a web page. > > > MG>then check JSESSIONID > > MG>a fellow named "Thomas" had a similar problem with incorrect JSESSIONID > MG>and corrected with his own StandardManager findSession method > https://www.thecodingforums.com/threads/session-problem-jsessionid-cookie-comes-back-with-double-quotes.140442/ > > Yes, there is! I found it and implemented this solution: A class > extending org.apache.catalina.session.StandardManager and overriding > the method public Session findSession(String id) throws IOException - > simply removing quotation marks, if any! Seems to work fine. > Thanks for putting me on the right trail! > > MG>assuming your TC has incorrect StandardManager can you update wildfly with > a more updated version? > MG>here are versions > https://developer.jboss.org/wiki/VersionOfTomcatInJBossAS?_sscc=t > true<https://developer.jboss.org/wiki/VersionOfTomcatInJBossAS?_sscc=t> > developer.jboss.org > What version of Apache Tomcat ships with JBoss Application Server JBossAS > version Ships with Tomcat Servlet Spec JSP Spec 3.2.3 4.1.29 2.3 > > > MG>personally i wouldnt muck with TC i would suggest upgrading wildfly and > getting jboss-web container > > hth > martin > __ > > > > > > From: Norbert Hirneisen <no...@s2you.de> > Sent: Friday, March 2, 2018 6:55 PM > To: user@struts.apache.org > Subject: Fwd: Re: Struts2 login action class seems to be reused > > Hi Prasanth, > > are you sure all your struts1 code is thread safe ? I had some similiar > problems in a struts1 application. After removing all action class > properties the problem was solved. Struts2 should be thread safe. But > your problems looks to me like a problem with thread safety. > > Best regards, > > Norbert > > science + communication & HaNo Systems > > Bonn/Ho-Chi-Minh > > > Am 02.03.2018 um 22:07 schrieb Prasanth Pasala: >> I was able to replicate the issue today. Asked few users to keep logging in >> and ran jmeter to access login page, with out putting any username or >> password. Out of the 100 attempts 2 attempts were >> successful in getting in with out username/password. I am seeing database >> login entries for these two. Which would happen only if a valid session is >> not present and user has provided username/password. >> >> Thanks, >> Prasanth >> >> On 03/01/2018 02:27 PM, Prasanth wrote: >>> Hi, >>> >>> I have an application which uses both struts1 & struts2. The login action >>> was recently moved to struts2. Immediately after the deployment we were >>> notified that one user is seeing a different user >>> information, so we had to move to older war files. I am not able to >>> replicate it. But after investigating the logs it seems like couple users >>> were logged in as soon as they requested the login page. >>> For the database entry to happen it has to verify the username and password >>> in the action class, but the fact that there is no POST entry at that time >>> from that IP in my access log makes me believe >>> that the action class some how already had that information from a prior >>> user. >>> >>> I do have a login filter to check if users are logged in when accessing >>> other pages. In this
Re: Struts2 login action class seems to be reused
A different issue is coming up now after the get methods are removed. Getting the below exception some times when you request the login page, at which point the browser doesn't have the session id yet, the session id mentioned would be a session id from a previous request (from another thread, in JMeter testing). Wonder if, some how this data (session id) is also moved by struts2 when copying data from the other LoginAction that is lingering from old requests. Thanks, Prasanth Exception: java.lang.IllegalStateException: UT10: Session is invalid JVoo5BkMlzTpOavsEe7_NjS0MzTXDlhYtlSviiGR On 04/24/2018 09:00 AM, Prasanth Pasala wrote: > I have removed the get methods from the LoginAction of /Context2 and that > seems to solve the problem. So seems like the LoginAction objects created > because of FORWARD some how are in the stack while a > LoginAction is created due to a REQUEST. Wondering if this can be replicated > without having two contexts. If there is a FORWARD within the context and the > same action can also be initiated by direct > REQUEST wonder if the same issue will crop up. > > Thanks, > Prasanth > > On 04/24/2018 01:52 AM, Yasser Zamani wrote: >> On 4/23/2018 11:50 PM, Prasanth Pasala wrote: >>> Get rid of the get methods in LoginAction, is this in /Context2 >>> (application where the issue is occurring) or /Context1 (which forwards the >>> requests to /Context2)? >>> >> That contexts who forwards request (Context1 I think) but you may do for >> all to be sure. However, I still prefer rewriting FORWARD with REDIRECT >> or POSTBACK to prevent future possible issues. >> >>> Yes exactly. The new log shows, your previous contexts actions >>> (LoginAction@7f716c46 and LoginAction@35224c2f) are also present in >>> current context because you forward same request which includes previous >>> context data, then, Struts ChainInterceptor copies data from previous to >>> current action :S . As currently Struts cannot handle forwarded requests >>> well, could you please try REDIRECT instead? sendRedirect asks user >>> browser to continue with a new request. >>> >>> Still not sure about the above comment. So the ChainInterceptor is getting >>> data from an action that occurred before and is not part of current request? >> Struts has a stack. ChainResult push current action to stack for next >> action. In next action, ChainInterceptor pops it and copies values. Now >> you have two actions in stack (I don't know how but seems it's because >> of forward same request which has previous context1 stack) and >> ChainInterceptor thinks ChainResult has pushed that and then pops and >> copies them into current action. >> >> Regards. >> >> - >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >
Re: Request parameter value different from instance variable value
I think I might have found the reason. The page it is forwarded to have page=ChangePassword as a query string. So I think struts is getting data from the query string and the post data and combining them to form the ChangePassword, ChangePassword as the value for the page variable. I have fixed the logic in ChangePasswordFilter to not forward if the request is going to ChangePassword action. Thanks, Prasanth On 05/08/2018 01:39 AM, Yasser Zamani wrote: > > On 5/7/2018 8:35 PM, Prasanth wrote: >> When I get the value from request object (request.getParameter("page");) it >> returns "ChangePassword". > What does 'String[] pages = request.getParameterValues("page");' return > (it's length and values)? > > Regards. > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Request parameter value different from instance variable value
This seems to be happening only when the PasswordChangedFilter forwards the request to this action. If the action is accessed directly it works fine. Thanks, Prasanth On 05/07/2018 11:05 AM, Prasanth wrote: > Hi, > > I am using struts 2.3.34 and have an form with few text fields and a hidden > field. All the values are set correctly in the action class except for the > hidden field value. > > Below is the html code in the form > id="ChangePassword_page"/> > > In the action the value set to page variable is "ChangePassword, > ChangePassword". When I get the value from request object > (request.getParameter("page");) it returns "ChangePassword". > > Any idea why my action instance variable is set with a different value than > what is in the request parameter? > > Below is the stack trace from the setPage function. > > (java.lang.StackTraceElement[]) > [java.lang.Thread.getStackTrace(Thread.java:1559) > com.xx.webaccess.ContactInfoAction.setPage(ContactInfoAction.java:162) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > java.lang.reflect.Method.invoke(Method.java:498) > ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:897) > ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1299) > ognl.OgnlRuntime.setMethodValue(OgnlRuntime.java:1508) > > ognl.ObjectPropertyAccessor.setPossibleProperty(ObjectPropertyAccessor.java:85) > ognl.ObjectPropertyAccessor.setProperty(ObjectPropertyAccessor.java:162) > > com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.setProperty(ObjectAccessor.java:27) > ognl.OgnlRuntime.setProperty(OgnlRuntime.java:2437) > > com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.setProperty(CompoundRootAccessor.java:81) > ognl.OgnlRuntime.setProperty(OgnlRuntime.java:2437) > ognl.ASTProperty.setValueBody(ASTProperty.java:127) > ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220) > ognl.SimpleNode.setValue(SimpleNode.java:301) > ognl.Ognl.setValue(Ognl.java:713) > com.opensymphony.xwork2.ognl.OgnlUtil$1.execute(OgnlUtil.java:306) > com.opensymphony.xwork2.ognl.OgnlUtil$1.execute(OgnlUtil.java:298) > com.opensymphony.xwork2.ognl.OgnlUtil.compileAndExecute(OgnlUtil.java:393) > com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:298) > > com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:184) > com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:171) > > com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:153) > > com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:303) > > com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:221) > > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) > > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) > > com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:229) > > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) > > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) > > com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191) > > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) > > org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73) > > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) > > org.apache.struts2.interceptor.DateTextFieldInterceptor.intercept(DateTextFieldInterceptor.java:125) > > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) > > org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91) > > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) > > org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:253) > > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) > > com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) > > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) > > com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141) > > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245) > > com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) > >
Re: Struts2 login action class seems to be reused
I have removed the get methods from the LoginAction of /Context2 and that seems to solve the problem. So seems like the LoginAction objects created because of FORWARD some how are in the stack while a LoginAction is created due to a REQUEST. Wondering if this can be replicated without having two contexts. If there is a FORWARD within the context and the same action can also be initiated by direct REQUEST wonder if the same issue will crop up. Thanks, Prasanth On 04/24/2018 01:52 AM, Yasser Zamani wrote: > > On 4/23/2018 11:50 PM, Prasanth Pasala wrote: >> Get rid of the get methods in LoginAction, is this in /Context2 (application >> where the issue is occurring) or /Context1 (which forwards the requests to >> /Context2)? >> > That contexts who forwards request (Context1 I think) but you may do for > all to be sure. However, I still prefer rewriting FORWARD with REDIRECT > or POSTBACK to prevent future possible issues. > >> Yes exactly. The new log shows, your previous contexts actions >> (LoginAction@7f716c46 and LoginAction@35224c2f) are also present in >> current context because you forward same request which includes previous >> context data, then, Struts ChainInterceptor copies data from previous to >> current action :S . As currently Struts cannot handle forwarded requests >> well, could you please try REDIRECT instead? sendRedirect asks user >> browser to continue with a new request. >> >> Still not sure about the above comment. So the ChainInterceptor is getting >> data from an action that occurred before and is not part of current request? > Struts has a stack. ChainResult push current action to stack for next > action. In next action, ChainInterceptor pops it and copies values. Now > you have two actions in stack (I don't know how but seems it's because > of forward same request which has previous context1 stack) and > ChainInterceptor thinks ChainResult has pushed that and then pops and > copies them into current action. > > Regards. > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 login action class seems to be reused
Get rid of the get methods in LoginAction, is this in /Context2 (application where the issue is occurring) or /Context1 (which forwards the requests to /Context2)? Yes exactly. The new log shows, your previous contexts actions (LoginAction@7f716c46 and LoginAction@35224c2f) are also present in current context because you forward same request which includes previous context data, then, Struts ChainInterceptor copies data from previous to current action :S . As currently Struts cannot handle forwarded requests well, could you please try REDIRECT instead? sendRedirect asks user browser to continue with a new request. Still not sure about the above comment. So the ChainInterceptor is getting data from an action that occurred before and is not part of current request? Thanks, Prasanth On 04/23/2018 01:27 PM, Yasser Zamani wrote: > > On 4/23/2018 10:12 PM, Prasanth Pasala wrote: >> The user is inputting username and password in /Context1, if I send a >> redirect they would have to enter username/password again in /Context2. >> > No, you already have them. I think you can use Struts PostbackResult [1] > in /Context1/LoginAction like below: > > /Context2/LoginAction > >> May be for LoginAction in /Context2 I can remove instance variables (so that >> struts doesn't set any values) I will directly access the request object to >> get username and password to validate. > The simpler solution is deleting getUsername and getPassword methods > from LoginAction which disables ChainInterceptor to copies them and > solves this issue! But I'm worry about other issues caused by FORWARD, > so please try replacing all of them as I mentioned above. > > [1] https://struts.apache.org/core-developers/postback-result.html > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 login action class seems to be reused
The two LoginAction classes below are from the same context (/Context2). Context1 LoginAction would have a different package name. The issue occurs when a user is requesting /Context2 directly rather than when the request is forwarded, if the request is forwarded from /Context1 it would have the username and password in the request and those seems to be working fine. The issue is when there are requests forwarded from /Context1 with username and password and later on there is a GET request to /Context2 LoginAction (no username/password in request, so should display login page). Now some how struts is using data from the old forwarded requests (sent from Context1) for a request made directly to Context2. The user is inputting username and password in /Context1, if I send a redirect they would have to enter username/password again in /Context2. May be for LoginAction in /Context2 I can remove instance variables (so that struts doesn't set any values) I will directly access the request object to get username and password to validate. Thanks, Prasanth On 04/23/2018 12:31 PM, Yasser Zamani wrote: > > On 4/23/2018 8:04 PM, Prasanth Pasala wrote: >> Found this one also but for almost all, the root size was 3. Below one was >> anomaly. >> Root Size: 4 >> Result: null >> Object: com.opensymphony.xwork2.DefaultTextProvider@4d36d73d >> Object: com.nqadmin.webaccess.LoginAction@7f716c46 >> Object: com.nqadmin.webaccess.LoginAction@35224c2f >> >> Also found that the issue doesn't come up if I am logging in only to the >> second website (/context2). The issue only comes up if there are users >> logging in via context1, whose login request is >> forwarded to context2. > Yes exactly. The new log shows, your previous contexts actions > (LoginAction@7f716c46 and LoginAction@35224c2f) are also present in > current context because you forward same request which includes previous > context data, then, Struts ChainInterceptor copies data from previous to > current action :S . As currently Struts cannot handle forwarded requests > well, could you please try REDIRECT instead? sendRedirect asks user > browser to continue with a new request. > > Regards. > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 login action class seems to be reused
Found this one also but for almost all, the root size was 3. Below one was anomaly. Root Size: 4 Result: null Object: com.opensymphony.xwork2.DefaultTextProvider@4d36d73d Object: com.nqadmin.webaccess.LoginAction@7f716c46 Object: com.nqadmin.webaccess.LoginAction@35224c2f Also found that the issue doesn't come up if I am logging in only to the second website (/context2). The issue only comes up if there are users logging in via context1, whose login request is forwarded to context2. Since it have been a while including the details of how our setup works. Context 2 & Context 3 are two websites and depending on user type they have to login to one or the other. To make it easy for the user we have Context1 where we allow users to login this site checks the database and determines which site they need to be logging into and forwards the login request to Context2 or Context3. We have users who would login to the right context and some who utilize Context1 to login. Thanks, Prasanth On 04/23/2018 09:42 AM, Prasanth Pasala wrote: > Below is the result of the new logging. > > Root Size: 3 > Result: null > Object: com.opensymphony.xwork2.DefaultTextProvider@4d36d73d > Object: com.xx.webaccess.LoginAction@40c80ce8 > > Thanks, > Prasanth > > On 04/21/2018 05:09 AM, Yasser Zamani wrote: >> On 4/19/2018 4:39 PM, Prasanth Pasala wrote: >>> There is a index.jsp which is defined as default page in web.xml it just >>> forwards the request to Login.action. There is no chaining of actions in >>> struts itself. We do have a LoginFilter which verifies >>> if a user is logged in. >>> >> So maybe there is a bug with chain interceptor! Could you please use >> following code in your action setUsername method (save it's log in a >> private string field in your action). Then print it when your action >> data are not consistent with request params. >> >> String log = ""; >> ActionInvocation invocation= ActionContext.getActionInvocation(); >> ValueStack stack = invocation.getStack(); >> CompoundRoot root = stack.getRoot(); >> log += "Root Size: " + root.size(); >> Result result = invocation.getResult(); >> log += "\r\nResult: " + result; >> List list = new ArrayList(root); >> list.remove(0); >> Collections.reverse(list); >> for (Object object : list) { >> log += "\r\nObject: " + object; >> } >> this.log = log; //saves for possible future use >> >> Thanks! >> >> - >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 login action class seems to be reused
Below is the result of the new logging. Root Size: 3 Result: null Object: com.opensymphony.xwork2.DefaultTextProvider@4d36d73d Object: com.xx.webaccess.LoginAction@40c80ce8 Thanks, Prasanth On 04/21/2018 05:09 AM, Yasser Zamani wrote: > > On 4/19/2018 4:39 PM, Prasanth Pasala wrote: >> There is a index.jsp which is defined as default page in web.xml it just >> forwards the request to Login.action. There is no chaining of actions in >> struts itself. We do have a LoginFilter which verifies >> if a user is logged in. >> > So maybe there is a bug with chain interceptor! Could you please use > following code in your action setUsername method (save it's log in a > private string field in your action). Then print it when your action > data are not consistent with request params. > > String log = ""; > ActionInvocation invocation= ActionContext.getActionInvocation(); > ValueStack stack = invocation.getStack(); > CompoundRoot root = stack.getRoot(); > log += "Root Size: " + root.size(); > Result result = invocation.getResult(); > log += "\r\nResult: " + result; > List list = new ArrayList(root); > list.remove(0); > Collections.reverse(list); > for (Object object : list) { > log += "\r\nObject: " + object; > } > this.log = log; //saves for possible future use > > Thanks! > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 login action class seems to be reused
There is a index.jsp which is defined as default page in web.xml it just forwards the request to Login.action. There is no chaining of actions in struts itself. We do have a LoginFilter which verifies if a user is logged in. Thanks, Prasanth On 04/19/2018 03:26 AM, Yasser Zamani wrote: > > On 4/19/2018 7:21 AM, Prasanth Pasala wrote: >> >> com.opensymphony.xwork2.interceptor.ChainingInterceptor.copyStack(ChainingInterceptor.java:153) >> >> com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:143) > Thanks! These lines show Struts doesn't set username from a request > parameter, but it seems that you have a chain result to login action > which sets username from it's previous action's getUsername! Could you > verify these via reviewing your struts.xml finding an action that has a > chain result to login action? > > Thanks in advance! > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 login action class seems to be reused
(index_jsp.java:107) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:790) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:403) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:347) javax.servlet.http.HttpServlet.service(HttpServlet.java:790) io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32) io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) java.lang.Thread.run(Thread.java:748) Thanks, Prasanth On 04/17/2018 10:28 AM, Yasser Zamani wrote: > > On 4/16/2018 7:19 PM, Pr
Re: Struts2 login action class seems to be reused
Finally we redeployed the code with an added check to make sure the instance variables populated by struts match the request parameters. With in few hours of deployments we got emails indicating that the values populated into the instance variables don't match those in request parameters. Below you can see the difference between the instance variable and the values in the request object. The code is also updated to store the hash code of Login action for each login, so that we can see if the object is reused. Surprisingly the hash code doesn't match with any of the hash codes stored for successful logins. When the emails are triggered there is only a GET request for the Login action (which should display the login page, on the user enters the username & password it is submitted via POST). So I am wondering where did these values come from into the instance variables? - Struts data doesn't match that in request object. Struts Data: Username: jsmith Action: Login Request Data: Username: null Action: null Object Hash: 1573857416 - Thanks, Prasanth On 03/16/2018 02:30 PM, Prasanth Pasala wrote: > There is only one reference to Util.authenticate in the project and that is > in LoginAction. > > On 03/16/2018 02:13 PM, Yasser Zamani wrote: >> And you confirm that those log record insertions are only possible via >> LoginAction.execute method? Right? Or util.authenticate are called elsewhere >> also? >> On Mar 16, 2018, at 9:45PM, Prasanth Pasala >> <ppas...@pangburngroup.com<mailto:ppas...@pangburngroup.com>> wrote: >> >> We have a pretty standard struts.xml just declaration of action and the >> class along with the results (tiles results). Nothing other than that. >> >> On 03/16/2018 11:55 AM, Yasser Zamani wrote: >> >> On 3/16/2018 1:49 AM, Prasanth Pasala wrote: >> We do have login time, using that and the IP to correlate that with the >> access logs. Not all login entries have corresponding POST entries in access >> log, so those would be our problems occurrences. >> They actual correspond to a GET entry from a user. >> >> IP of the GET request of User1 matches with the login record in the >> database (login would be for User2 id and IP from User1 GET). So it looks as >> if the same user logged in from two different IPs >> around the same time, which shouldn't be the case. >> I'm almost sure Struts always asks object factory to create the action >> on each request. This is belong to object factory if create a new one >> object of that action, or no, reuse a previous one object of an action. >> So have you set any specific object factory via struts.xml? >> >> >> >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> >
Re: Struts2 login action class seems to be reused
There is only one reference to Util.authenticate in the project and that is in LoginAction. On 03/16/2018 02:13 PM, Yasser Zamani wrote: > And you confirm that those log record insertions are only possible via > LoginAction.execute method? Right? Or util.authenticate are called elsewhere > also? > On Mar 16, 2018, at 9:45PM, Prasanth Pasala > <ppas...@pangburngroup.com<mailto:ppas...@pangburngroup.com>> wrote: > > We have a pretty standard struts.xml just declaration of action and the class > along with the results (tiles results). Nothing other than that. > > On 03/16/2018 11:55 AM, Yasser Zamani wrote: > > On 3/16/2018 1:49 AM, Prasanth Pasala wrote: > We do have login time, using that and the IP to correlate that with the > access logs. Not all login entries have corresponding POST entries in access > log, so those would be our problems occurrences. > They actual correspond to a GET entry from a user. > > IP of the GET request of User1 matches with the login record in the database > (login would be for User2 id and IP from User1 GET). So it looks as if the > same user logged in from two different IPs > around the same time, which shouldn't be the case. > I'm almost sure Struts always asks object factory to create the action > on each request. This is belong to object factory if create a new one > object of that action, or no, reuse a previous one object of an action. > So have you set any specific object factory via struts.xml? > > > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: Struts2 login action class seems to be reused
We have a pretty standard struts.xml just declaration of action and the class along with the results (tiles results). Nothing other than that. On 03/16/2018 11:55 AM, Yasser Zamani wrote: > > On 3/16/2018 1:49 AM, Prasanth Pasala wrote: >> We do have login time, using that and the IP to correlate that with the >> access logs. Not all login entries have corresponding POST entries in access >> log, so those would be our problems occurrences. >> They actual correspond to a GET entry from a user. >> >> IP of the GET request of User1 matches with the login record in the database >> (login would be for User2 id and IP from User1 GET). So it looks as if the >> same user logged in from two different IPs >> around the same time, which shouldn't be the case. > I'm almost sure Struts always asks object factory to create the action > on each request. This is belong to object factory if create a new one > object of that action, or no, reuse a previous one object of an action. > So have you set any specific object factory via struts.xml? > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 login action class seems to be reused
We do have login time, using that and the IP to correlate that with the access logs. Not all login entries have corresponding POST entries in access log, so those would be our problems occurrences. They actual correspond to a GET entry from a user. IP of the GET request of User1 matches with the login record in the database (login would be for User2 id and IP from User1 GET). So it looks as if the same user logged in from two different IPs around the same time, which shouldn't be the case. Thanks, Prasanth On 03/15/2018 10:28 AM, Yasser Zamani wrote: > > On 3/15/2018 5:21 PM, Prasanth Pasala wrote: >> User2 would have logged in some time before that, some times with in a >> minute before that. I haven't seen any requests from User2 exactly at the >> time of GET request from User1. > It's strange :) > > Are login log records have same field values for both User1 and User2? > Do you also have login time in there? If so, are they same and are they > consistent with access log times? Are their IP same (while they > shouldn't, right?)? Is the IP of the GET request of User1 (that is > logged in access log by container) same as the IP field value of your > login log records? > > Thanks! > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 login action class seems to be reused
User2 would have logged in some time before that, some times with in a minute before that. I haven't seen any requests from User2 exactly at the time of GET request from User1. Thanks, Prasanth On 03/15/2018 04:45 AM, Yasser Zamani wrote: > > On 3/14/2018 5:43 PM, Prasanth Pasala wrote: >> We had a user report it soon after the deployment. After that we started >> looking into the specific user who reported (User1) and the user (whose >> information was seen by the reporting user) say User2. >> We realized there are login entries from same IP for both of these users. > As you get IP address from request (rather than Struts action), then it > seems that request (which contains username/password and that same IP > address) is being reused. > >> In the access log of the server there was a POST request for User1 but at >> the time of login entry for User2 there was only a >> GET request. In the time line GET request is first, User1 sees User2's >> information logs out and then login again with their credentials. > At that time when there is a GET request for User1 and this issue > happens, what are logs for User2 at same time? > > Thanks in advance! > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 login action class seems to be reused
We had a user report it soon after the deployment. After that we started looking into the specific user who reported (User1) and the user (whose information was seen by the reporting user) say User2. We realized there are login entries from same IP for both of these users. In the access log of the server there was a POST request for User1 but at the time of login entry for User2 there was only a GET request. In the time line GET request is first, User1 sees User2's information logs out and then login again with their credentials. Thanks, Prasanth On 03/13/2018 11:41 PM, Yasser Zamani wrote: > > On 3/10/2018 1:22 AM, Prasanth Pasala wrote: >> Ran tests with 1000 users logging in in 60sec while simultaneously 1000 >> users just requesting login page in 60 sec to see if any of them would get >> in with out username/password. No luck. System seems >> to be working properly. Also tried increasing it to 2000 it still worked as >> it should with out the issue coming up. >> >> Would hot deployments cause any issue? > Without reproducing it, it's hard to say why this issue happens rarely > :( How did you discover it firstly? Was incorrectly loged in user able > to continue to other pages also as an authenticated user? > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 login action class seems to be reused
Ran tests with 1000 users logging in in 60sec while simultaneously 1000 users just requesting login page in 60 sec to see if any of them would get in with out username/password. No luck. System seems to be working properly. Also tried increasing it to 2000 it still worked as it should with out the issue coming up. Would hot deployments cause any issue? Thanks, Prasanth On 03/08/2018 11:53 AM, Yasser Zamani wrote: > > On 3/8/2018 6:42 PM, Prasanth Pasala wrote: >> Wish I was able to consistently reproduce it. I have two thread groups in >> JMeter one thread group requests login page then logs in. Another thread >> group just requests login page. I have tried this >> with 100 users, 250 users in each thread group. I have varied the ramp up >> times from 60sec to 300sec. > I think this is not heavy enough to force race condition on your web > server. Use only ones user which logs in and logs out in a loop. Then, > in another side, Increase users (threads) and decrease the ramp up time > as more as your system does not hang. I remember I was able to ramp up > 300 users (threads) in 15 seconds at my system. > > Regards. > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 login action class seems to be reused
Wish I was able to consistently reproduce it. I have two thread groups in JMeter one thread group requests login page then logs in. Another thread group just requests login page. I have tried this with 100 users, 250 users in each thread group. I have varied the ramp up times from 60sec to 300sec. I have been trying this for the last 10 days. I was successful in reproducing it only during one run, which had 100 users and two of the requests for login page (no username/password) made login entries and got home page. I will keep trying. If I can't reproduce it more often, one solution I am thinking of is comparing the username/password in the action class with the values in the request object itself. If they are different I can send an email with the information and not login the user. Thanks, Prasanth On 03/08/2018 03:13 AM, Yasser Zamani wrote: > > On 3/7/2018 11:23 PM, Prasanth Pasala wrote: >> If it is a session crossover we would display another user information >> without making a login entry. In the cases where we had issue the code >> recognized that there is no active session and went to the >> authentication part, authenticated the user and made a database entry for >> successful login. The authentication is based on the form variables >> populated by struts into the action class. > Ahaa... so, currently the only thing I can imagine is maybe this issue > raises up when you have two simultaneous requests: one with > username/password parameters, the other without (and both without any > active session). Could you please verify this with a lot of such pair > simultaneous requests using JMeter? i.e. create two simultaneous > requests, one of them contains username/password, the other one does > not. Add an assertion to the other one which checks if issue occurs. > Then tell JMeter to run this pair a lot of times, concurrently. > > I hope you'll be able to reproduce the issue which is the half of the > resolution :) > > Regards. > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 login action class seems to be reused
Thanks for looking into this Yasser. In the current setup we have, we don't have a cluster, it is the only server handling all requests. If it is a session crossover we would display another user information without making a login entry. In the cases where we had issue the code recognized that there is no active session and went to the authentication part, authenticated the user and made a database entry for successful login. The authentication is based on the form variables populated by struts into the action class. Thanks, Prasanth On 03/07/2018 01:22 PM, Yasser Zamani wrote: > > On 3/7/2018 7:34 PM, Prasanth wrote: >> I can't say that 2 percent of users were able to get in without >> username/password. As I have ran the JMeter tests a lot of times (each run >> with 100 users). Only during one of those runs of JMeter I >> had 2 requests get users home page when Login.action was requested (with out >> username/password). >> >> Below is the Login.action code. Removed the code that fetches the data for >> home page. > Thanks! I see you use session also. > > Looks like a bug with Undertow web server [1]. I'm not familiar with it > so you may open an issue there and copy paste this thread there. They > may have some idea as it seems they have similar issues with session > which I linked below. > > Good luck. > > [1] > https://issues.jboss.org/browse/JBEAP-6683?focusedCommentId=13340535=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-13340535 > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: Struts2 login action class seems to be reused
I am not defining any default action. I would get the below exception if I set the ActionMapping to null. For some reason the object doesn't go away, if I set it to null. After setting it to null using request.setAttribute("struts.actionMapping", null); I can get it using getAttribute. The object remains even if I do removeAttribute. 11:57:27,509 ERROR [stderr] (default task-32) Caused by: java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping cannot be cast to org.apache.struts2.dispatcher.mapper.ActionMapping 11:57:27,509 ERROR [stderr] (default task-32) at org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:163) 11:57:27,509 ERROR [stderr] (default task-32) at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) 11:57:27,509 ERROR [stderr] (default task-32) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) 11:57:27,509 ERROR [stderr] (default task-32) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) 11:57:27,509 ERROR [stderr] (default task-32) at com.x.xx.LoginFilter.doFilter(LoginFilter.java:52) 11:57:27,509 ERROR [stderr] (default task-32) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) 11:57:27,510 ERROR [stderr] (default task-32) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) 11:57:27,510 ERROR [stderr] (default task-32) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) 11:57:27,510 ERROR [stderr] (default task-32) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) 11:57:27,510 ERROR [stderr] (default task-32) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) 11:57:27,510 ERROR [stderr] (default task-32) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 11:57:27,510 ERROR [stderr] (default task-32) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 11:57:27,510 ERROR [stderr] (default task-32) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 11:57:27,510 ERROR [stderr] (default task-32) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:274) 11:57:27,510 ERROR [stderr] (default task-32) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:209) 11:57:27,510 ERROR [stderr] (default task-32) at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:221) 11:57:27,510 ERROR [stderr] (default task-32) ... 128 more Below is what I see by displaying the request.getAttribute("struts.actionMapping") after removeAttribute or after setting it to null. ActionMapping{name='Login', namespace='/', method='null', extension='action', params={}, result=null} In StrutsPrepareAndExecuteFilter below is the line that gets the action mapping, since the forceLookup is set to true the PrepareOperations class might be creating it again. ActionMapping mapping = prepare.findActionMapping(request, response, true); ---PrepareOperations--- public ActionMapping findActionMapping(HttpServletRequest request, HttpServletResponse response, boolean forceLookup) { ActionMapping mapping = (ActionMapping) request.getAttribute(STRUTS_ACTION_MAPPING_KEY); if (mapping == null || forceLookup) { try { mapping = dispatcher.getContainer().getInstance(ActionMapper.class).getMapping(request, dispatcher.getConfigurationManager()); if (mapping != null) { request.setAttribute(STRUTS_ACTION_MAPPING_KEY, mapping); } } catch (Exception ex) { if (dispatcher.isHandleException() || dispatcher.isDevMode()) { dispatcher.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, ex); } } } return mapping; } -- Thanks, Prasanth On 03/05/2018 11:49 AM, Yasser Zamani wrote: > > On 3/5/2018 7:48 PM, Prasanth wrote: >> But the Login filter had the below lines to make sure forwarded requests >> from /context1 >> would work. >> >> request.setAttribute("struts.actionMapping", new ActionMapping()); > Please let me discuss this line first of all. I'm still surprised how > context2 app works with this line! I expect you always get > ConfigurationException or get the result of the default action. Have you > set this filter pattern to being applied only on /Login.action? If so, > still you should get
Re: Struts2 login action class seems to be reused
I am not using Spring. Using Struts1, Struts 2 (2.3.34), tiles 2.0.4 On 03/05/2018 11:57 AM, Adam Brin wrote: > What are the annotations on the class? Is it possible that you're using > Spring, and not declaring "prototype" scope. eg: > > @Scope("prototype") > > On Mon, Mar 5, 2018 at 10:49 AM, Yasser Zamani> wrote: > >> >> On 3/5/2018 7:48 PM, Prasanth wrote: >>> But the Login filter had the below lines to make sure forwarded requests >> from /context1 >>> would work. >>> >>> request.setAttribute("struts.actionMapping", new ActionMapping()); >> Please let me discuss this line first of all. I'm still surprised how >> context2 app works with this line! I expect you always get >> ConfigurationException or get the result of the default action. Have you >> set this filter pattern to being applied only on /Login.action? If so, >> still you should get ConfigurationException or get the result of the >> default action (is /Login.action default?). Or maybe you have put these >> two lines in an if statement like if(request has these attributes){...}? >> If not, then do this please; an if statement for each line. >> >> Could you please try `request.setAttribute("struts.actionMapping", >> null)`? then post back the exception if any (I don't expect any). You >> should set to null or remove the attribute. Any other code is wrong. >> >> Regards. >> >> >
Re: java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping
The filter is just for struts2. Struts1 is handled by servlet mapping. action *.do On 03/05/2018 11:52 PM, Lukasz Lenart wrote: > 2018-03-05 16:19 GMT+01:00 Prasanth Pasala <ppas...@pangburngroup.com>: >> Yeah, my url pattern is *.action as I do have some struts1 actions. > Does it mean you use the same filter to handle Struts 1 and Strut 2? > > > Regards
Re: java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping
Yeah, my url pattern is *.action as I do have some struts1 actions. struts2 *.action REQUEST FORWARD On 03/05/2018 12:27 AM, Lukasz Lenart wrote: > 2018-03-02 17:33 GMT+01:00 Prasanth: >> https://issues.apache.org/jira/projects/WW/issues/WW-4904 >> >> Forwarded using request dispatcher. >> >> ServletContext sContext = context.getContext("/context2"); >> RequestDispatcher rd = sContext.getRequestDispatcher(resource); >> rd.forward(request, response); > Did you add FORWARD as below when configuring the Struts filter? > > > struts > /* > REQUEST > FORWARD > > > > Regards
Re: Struts2 login action class seems to be reused
I was able to replicate the issue today. Asked few users to keep logging in and ran jmeter to access login page, with out putting any username or password. Out of the 100 attempts 2 attempts were successful in getting in with out username/password. I am seeing database login entries for these two. Which would happen only if a valid session is not present and user has provided username/password. Thanks, Prasanth On 03/01/2018 02:27 PM, Prasanth wrote: > Hi, > > I have an application which uses both struts1 & struts2. The login action was > recently moved to struts2. Immediately after the deployment we were notified > that one user is seeing a different user > information, so we had to move to older war files. I am not able to replicate > it. But after investigating the logs it seems like couple users were logged > in as soon as they requested the login page. > For the database entry to happen it has to verify the username and password > in the action class, but the fact that there is no POST entry at that time > from that IP in my access log makes me believe > that the action class some how already had that information from a prior user. > > I do have a login filter to check if users are logged in when accessing other > pages. In this filter I have the below two lines, we had to do this as we > will have requests forwarded from one > application to another and when that happens we are getting class cast > exception for ActionMapping class and valueStack. Not sure if the behavior is > a side effect of having the below lines. > > request.setAttribute("struts.actionMapping", new > ActionMapping()); > request.setAttribute("struts.valueStack", null); > > We are using Struts 2.3.34 and Wildfly. > > Appreciate any insights you might have. > > Thanks, > Prasanth > >
Re: java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping
Added it to Struts JIRA (WW-4904) If I set the struts.actionMapping attribute to null it still causes the class cast exception. What I have seen is that after setting it to null if you call getAttribute you would still get the old ActionMapping object, not sure how that is possible. Thanks, Prasanth --- [show/hide original text] No it's not a Struts issue. You don't see this in Struts1 because maybe it doesn't use any object bounded to dispatched request. But Struts2 wants to ActionMapping mapping = (ActionMapping)request.getAttribute("struts.actionMapping"); A workaround would be removing object with key "struts.actionMapping" from request before dispatching. I hope this helps. On 12/15/2017 04:54 PM, Prasanth Pasala wrote: > Added the below two lines to my filter (before the struts2 filter) in > context2 app. That seems to do the trick. Thought it might create a problem > as I am setting a new ActionMapping in the request, > but seems to work fine. Do you see any side effects of this? > > request.setAttribute("struts.actionMapping", new ActionMapping()); > request.setAttribute("struts.valueStack", null); > > Thanks, > Prasanth > > On 12/15/2017 04:10 PM, Prasanth Pasala wrote: >> It seems like removeAttribute or setAttribute is not getting rid of the >> attribute from request. See below. If I set the value to a random string >> then I get a String can't be cast to ActionMapping >> exception. >> >> Enumeration attrs = request.getAttributeNames(); >> while(attrs.hasMoreElements()) { >> System.out.println(attrs.nextElement()); >> } >> System.out.println(request.getAttribute("struts.actionMapping")); >> request.setAttribute("struts.actionMapping", null); >> System.out.println(request.getAttribute("struts.actionMapping")); >> >> Output: >> 16:05:05,300 INFO [stdout] (default task-13) >> javax.servlet.forward.context_path >> 16:05:05,302 INFO [stdout] (default task-13) >> javax.servlet.forward.servlet_path >> 16:05:05,303 INFO [stdout] (default task-13) >> javax.servlet.forward.request_uri >> 16:05:05,303 INFO [stdout] (default task-13) javax.servlet.forward.path_info >> 16:05:05,303 INFO [stdout] (default task-13) >> javax.servlet.forward.query_string >> 16:05:05,303 INFO [stdout] (default task-13) javax.servlet.request.key_size >> 16:05:05,303 INFO [stdout] (default task-13) __cleanup_recursion_counter >> 16:05:05,303 INFO [stdout] (default task-13) >> javax.servlet.request.cipher_suite >> 16:05:05,304 INFO [stdout] (default task-13) struts.valueStack >> 16:05:05,308 INFO [stdout] (default task-13) >> javax.servlet.request.ssl_session_id >> 16:05:09,121 INFO [stdout] (default task-13) ActionMapping{name='Login', >> namespace='/', method='null', extension='action', params=null, result=null} >> 16:05:10,960 INFO [stdout] (default task-13) ActionMapping{name='Login', >> namespace='/', method='null', extension='action', params=null, result=null} >> >> >> On 12/15/2017 02:28 PM, Prasanth Pasala wrote: >>> Thanks for the prompt response. Tried removing the attribute from the >>> request, but still getting the class cast exception. Is it possible it is >>> being set after I have called the forward? >>> request.removeAttribute("struts.actionMapping"); // FORWARD THE REQUEST >>> ServletContext sContext = context.getContext("/context2"); >>> RequestDispatcher rd = >>> sContext.getRequestDispatcher("/Login.action"); rd.forward(request, >>> response); [show/hide original text] >>> No it's not a Struts issue. You don't see this in Struts1 because maybe >>> it doesn't use any object bounded to dispatched request. But Struts2 >>> wants to >>> >>> ActionMapping mapping = >>> (ActionMapping)request.getAttribute("struts.actionMapping"); >>> >>> A workaround would be removing object with key "struts.actionMapping" >>> from request before dispatching. >>> >>> I hope this helps. >>> >>> - >>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >>> For additional commands, e-mail: user-h...@struts.apache.org >> >
Re: java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping
Added the below two lines to my filter (before the struts2 filter) in context2 app. That seems to do the trick. Thought it might create a problem as I am setting a new ActionMapping in the request, but seems to work fine. Do you see any side effects of this? request.setAttribute("struts.actionMapping", new ActionMapping()); request.setAttribute("struts.valueStack", null); Thanks, Prasanth On 12/15/2017 04:10 PM, Prasanth Pasala wrote: > It seems like removeAttribute or setAttribute is not getting rid of the > attribute from request. See below. If I set the value to a random string then > I get a String can't be cast to ActionMapping > exception. > > Enumeration attrs = request.getAttributeNames(); > while(attrs.hasMoreElements()) { > System.out.println(attrs.nextElement()); > } > System.out.println(request.getAttribute("struts.actionMapping")); > request.setAttribute("struts.actionMapping", null); > System.out.println(request.getAttribute("struts.actionMapping")); > > Output: > 16:05:05,300 INFO [stdout] (default task-13) > javax.servlet.forward.context_path > 16:05:05,302 INFO [stdout] (default task-13) > javax.servlet.forward.servlet_path > 16:05:05,303 INFO [stdout] (default task-13) > javax.servlet.forward.request_uri > 16:05:05,303 INFO [stdout] (default task-13) javax.servlet.forward.path_info > 16:05:05,303 INFO [stdout] (default task-13) > javax.servlet.forward.query_string > 16:05:05,303 INFO [stdout] (default task-13) javax.servlet.request.key_size > 16:05:05,303 INFO [stdout] (default task-13) __cleanup_recursion_counter > 16:05:05,303 INFO [stdout] (default task-13) > javax.servlet.request.cipher_suite > 16:05:05,304 INFO [stdout] (default task-13) struts.valueStack > 16:05:05,308 INFO [stdout] (default task-13) > javax.servlet.request.ssl_session_id > 16:05:09,121 INFO [stdout] (default task-13) ActionMapping{name='Login', > namespace='/', method='null', extension='action', params=null, result=null} > 16:05:10,960 INFO [stdout] (default task-13) ActionMapping{name='Login', > namespace='/', method='null', extension='action', params=null, result=null} > > > On 12/15/2017 02:28 PM, Prasanth Pasala wrote: >> Thanks for the prompt response. Tried removing the attribute from the >> request, but still getting the class cast exception. Is it possible it is >> being set after I have called the forward? >> request.removeAttribute("struts.actionMapping"); // FORWARD THE REQUEST >> ServletContext sContext = context.getContext("/context2"); >> RequestDispatcher rd = >> sContext.getRequestDispatcher("/Login.action"); rd.forward(request, >> response); [show/hide original text] >> No it's not a Struts issue. You don't see this in Struts1 because maybe >> it doesn't use any object bounded to dispatched request. But Struts2 >> wants to >> >> ActionMapping mapping = >> (ActionMapping)request.getAttribute("struts.actionMapping"); >> >> A workaround would be removing object with key "struts.actionMapping" >> from request before dispatching. >> >> I hope this helps. >> >> - >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >
Re: Re: java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping
It seems like removeAttribute or setAttribute is not getting rid of the attribute from request. See below. If I set the value to a random string then I get a String can't be cast to ActionMapping exception. Enumeration attrs = request.getAttributeNames(); while(attrs.hasMoreElements()) { System.out.println(attrs.nextElement()); } System.out.println(request.getAttribute("struts.actionMapping")); request.setAttribute("struts.actionMapping", null); System.out.println(request.getAttribute("struts.actionMapping")); Output: 16:05:05,300 INFO [stdout] (default task-13) javax.servlet.forward.context_path 16:05:05,302 INFO [stdout] (default task-13) javax.servlet.forward.servlet_path 16:05:05,303 INFO [stdout] (default task-13) javax.servlet.forward.request_uri 16:05:05,303 INFO [stdout] (default task-13) javax.servlet.forward.path_info 16:05:05,303 INFO [stdout] (default task-13) javax.servlet.forward.query_string 16:05:05,303 INFO [stdout] (default task-13) javax.servlet.request.key_size 16:05:05,303 INFO [stdout] (default task-13) __cleanup_recursion_counter 16:05:05,303 INFO [stdout] (default task-13) javax.servlet.request.cipher_suite 16:05:05,304 INFO [stdout] (default task-13) struts.valueStack 16:05:05,308 INFO [stdout] (default task-13) javax.servlet.request.ssl_session_id 16:05:09,121 INFO [stdout] (default task-13) ActionMapping{name='Login', namespace='/', method='null', extension='action', params=null, result=null} 16:05:10,960 INFO [stdout] (default task-13) ActionMapping{name='Login', namespace='/', method='null', extension='action', params=null, result=null} On 12/15/2017 02:28 PM, Prasanth Pasala wrote: > Thanks for the prompt response. Tried removing the attribute from the > request, but still getting the class cast exception. Is it possible it is > being set after I have called the forward? > request.removeAttribute("struts.actionMapping"); // FORWARD THE REQUEST > ServletContext sContext = context.getContext("/context2"); > RequestDispatcher rd = > sContext.getRequestDispatcher("/Login.action"); rd.forward(request, > response); [show/hide original text] > No it's not a Struts issue. You don't see this in Struts1 because maybe > it doesn't use any object bounded to dispatched request. But Struts2 > wants to > > ActionMapping mapping = > (ActionMapping)request.getAttribute("struts.actionMapping"); > > A workaround would be removing object with key "struts.actionMapping" > from request before dispatching. > > I hope this helps. > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org
Re: java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping
Thanks for the prompt response. Tried removing the attribute from the request, but still getting the class cast exception. Is it possible it is being set after I have called the forward? request.removeAttribute("struts.actionMapping"); // FORWARD THE REQUEST ServletContext sContext = context.getContext("/context2"); RequestDispatcher rd = sContext.getRequestDispatcher("/Login.action"); rd.forward(request, response); [show/hide original text] No it's not a Struts issue. You don't see this in Struts1 because maybe it doesn't use any object bounded to dispatched request. But Struts2 wants to ActionMapping mapping = (ActionMapping)request.getAttribute("struts.actionMapping"); A workaround would be removing object with key "struts.actionMapping" from request before dispatching. I hope this helps. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
re: java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping
Yes, dispatching request to another struts application. I am using Wildfly which does use different class loaders. Is this issue just with Struts2, as it works with Struts1. Thanks, Prasanth -- ... do you try to dispatch request to another Struts application? I remember e.g. for Tomcat, it uses different classloaders for each app. I think you can ask and continue with your container (e.g. Tomcat, Jetty, WebSphere, etc) for a solution. Regards.
java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping
Hi, I am trying to forward the request to another action that is present in a different context. It works in struts1 but when trying in struts 2.3.34 I am getting a class cast exception. Both the projects (contexts) have the same version of struts2. ServletContext sContext = context.getContext("/context2"); RequestDispatcher rd = sContext.getRequestDispatcher(resource); rd.forward(request, response); Thanks, Prasanth Exception: java.lang.RuntimeException: java.lang.RuntimeException: java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping cannot be cast to org.apache.struts2.dispatcher.mapper.ActionMapping at io.undertow.servlet.spec.ServletContextImpl.invokeAction(ServletContextImpl.java:888 at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImplSetup(RequestDispatcherImpl.java:134 at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:111 at com.mypackage.LoginAction.execute(LoginAction.java:139 at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43 at java.lang.reflect.Method.invoke(Method.java:498 at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:897 at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1299 at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:68 at com.opensymphony.xwork2.ognl.accessor.XWorkMethodAccessor.callMethodWithDebugInfo(XWorkMethodAccessor.java:117 at com.opensymphony.xwork2.ognl.accessor.XWorkMethodAccessor.callMethod(XWorkMethodAccessor.java:108 at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:1375 at ognl.ASTMethod.getValueBody(ASTMethod.java:91 at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212 at ognl.SimpleNode.getValue(SimpleNode.java:258 at ognl.Ognl.getValue(Ognl.java:470 at ognl.Ognl.getValue(Ognl.java:434 at com.opensymphony.xwork2.ognl.OgnlUtil$3.execute(OgnlUtil.java:362 at com.opensymphony.xwork2.ognl.OgnlUtil.compileAndExecuteMethod(OgnlUtil.java:414 at com.opensymphony.xwork2.ognl.OgnlUtil.callMethod(OgnlUtil.java:360 at com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:430 at com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:290 at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251 at org.apache.struts2.interceptor.DeprecationInterceptor.intercept(DeprecationInterceptor.java:41 at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245 at org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:256 at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245 at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:168 at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98 at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245 at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265 at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:76 at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98 at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245 at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:138 at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245 at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:229 at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98 at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245 at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:229 at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98 at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245 at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191 at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245 at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73 at