Re: New warning message with V6.1.1 - SecurityMemberAccess...
śr., 4 sty 2023 o 19:53 Ralph Grove napisał(a): > > Could you try to use the simple theme? > > When I change it to theme=“simple”, the warning messages do not appear. It can be related to this fix https://github.com/struts-community-plugins/struts2-bootstrap/pull/51 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: New warning message with V6.1.1 - SecurityMemberAccess...
> On Jan 4, 2023, at 12:53 PM, Lukasz Lenart wrote: > > śr., 4 sty 2023 o 18:19 Ralph Grove napisał(a): >>> cssClass="form-vertical"> > > Could you try to use the simple theme? When I change it to theme=“simple”, the warning messages do not appear. > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: New warning message with V6.1.1 - SecurityMemberAccess...
śr., 4 sty 2023 o 18:19 Ralph Grove napisał(a): > cssClass="form-vertical"> Could you try to use the simple theme? Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: New warning message with V6.1.1 - SecurityMemberAccess...
I stripped the code down for further testing - this is what the minimal action and jsp look like. package org.personalitypad.action; import com.opensymphony.xwork2.ActionSupport; import java.util.Map; import java.util.HashMap; /** in struts.xml: * * /WEB-INF/jsp/test.jsp * */ public class TestSetupAction extends ActionSupport { private char status; private Map statuses; @Override public String execute() { final char ACTIVE = 'A', INACTIVE = 'I'; statuses = new HashMap<>(); statuses.put(ACTIVE, "Active"); statuses.put(INACTIVE, "Inactive"); status = ACTIVE; return SUCCESS; } public char getStatus() { return status; } public void setStatus(char status) { this.status = status; } public Map getStatuses() { return statuses; } public void setStatuses(Map statuses) { this.statuses = statuses; } } — test.jsp — <%@page contentType=“text/html" pageEncoding="UTF-8" errorPage="error.jsp" %> <%@taglib prefix="s" uri="/struts-tags" %> <%@taglib prefix="sj" uri="/struts-jquery-tags" %> <%@taglib prefix="sb" uri="/struts-bootstrap-tags" %> http://www.w3.org/1999/xhtml";> Personality Pad | Test Test Page > On Jan 4, 2023, at 11:39 AM, Lukasz Lenart wrote: > > wt., 3 sty 2023 o 20:40 Ralph Grove napisał(a): >> The message is a result of the execution of this tag: >> >name="status" >>label="Status" >>list="statuses" /> > > Does any value on the list "statuses" have the value "disabled"? > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: New warning message with V6.1.1 - SecurityMemberAccess...
> On Jan 4, 2023, at 11:39 AM, Lukasz Lenart wrote: > > wt., 3 sty 2023 o 20:40 Ralph Grove napisał(a): >> The message is a result of the execution of this tag: >> >name="status" >>label="Status" >>list="statuses" /> > > Does any value on the list "statuses" have the value "disabled"? No, the list contains only two values: public static final char ACTIVE = 'A', INACTIVE = 'I'; public static HashMap getStatusMap() { HashMap statusMap = new HashMap<>(); statusMap.put(User.ACTIVE, "Active"); statusMap.put(User.INACTIVE, "Inactive"); return statusMap; } I searched the project for the string “.disabled” - it was not found anywhere. I also searched for “disabled”, which was found once only, in a different jsp (different from the one that triggers the warning messages): > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: New warning message with V6.1.1 - SecurityMemberAccess...
wt., 3 sty 2023 o 20:40 Ralph Grove napisał(a): > The message is a result of the execution of this tag: >name="status" > label="Status" > list="statuses" /> Does any value on the list "statuses" have the value "disabled"? Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: New warning message with V6.1.1 - SecurityMemberAccess...
You would have .disabled somewhere in your own app code ognl expressions, I would guess. Could you please search for .disabled there? Or put a break-point at [1] and see what ognl, how and why are trying to access UIBean.disabled non-public member! Regards [1] https://github.com/apache/struts/blob/master/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java#L99 On 1/3/2023 11:09 PM, Ralph Grove wrote: I just upgraded from Struts2 2.5.3 to 6.1.1 . After a few tweaks (mostly related to Bootstrap5), the application is running correctly, but it’s generating a new warning message (always 4 times): [WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess - Access to non-public [protected java.lang.String org.apache.struts2.components.UIBean.disabled] is blocked! [WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess - Access to non-public [protected java.lang.String org.apache.struts2.components.UIBean.disabled] is blocked! [WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess - Access to non-public [protected java.lang.String org.apache.struts2.components.UIBean.disabled] is blocked! [WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess - Access to non-public [protected java.lang.String org.apache.struts2.components.UIBean.disabled] is blocked! The message is a result of the execution of this tag: The variables are setup by the action class shown below, which forwards to the JSP containing the s:radio tag. It seems to be working correctly, but the warning messages are puzzling. Does anyone know why the warnings are appearing? Thanks, Ralph Grove -- public class UserSetupAction extends ActionSupport { private static final Logger logger = LogManager.getLogger(UserSetupAction.class); private String userId; private String firstName; private String lastName; private Calendar lastActivity; private Boolean projectAdmin; private Boolean systemAdmin; private char status; private Calendar statusDate; private Map statuses; @Override public String execute() throws SQLException { try { User user = UserPersistence.getUser(userId); firstName = user.getFirstName(); lastName = user.getLastName(); lastActivity = user.getLastActivity(); projectAdmin = user.getProjectAdmin(); systemAdmin = user.getSystemAdmin(); status = user.getStatus(); statusDate = user.getStatusDate(); statuses = User.getStatusMap(); return SUCCESS; } catch (Exception e) { logger.error("USA.execute(): ", e); return ERROR; } } public String getUserId() { return userId; } public void setUserId(String userId) { this.userId = userId; } public String getFirstName() { return firstName; } public void setFirstName(String firstName) { this.firstName = firstName; } public String getLastName() { return lastName; } public void setLastName(String lastName) { this.lastName = lastName; } public Calendar getLastActivity() { return lastActivity; } public void setLastActivity(Calendar lastActivity) { this.lastActivity = lastActivity; } public Boolean getProjectAdmin() { return projectAdmin; } public void setProjectAdmin(Boolean projectAdmin) { this.projectAdmin = projectAdmin; } public Boolean getSystemAdmin() { return systemAdmin; } public void setSystemAdmin(Boolean systemAdmin) { this.systemAdmin = systemAdmin; } public char getStatus() { return status; } public void setStatus(char status) { this.status = status; } public Calendar getStatusDate() { return statusDate; } public void setStatusDate(Calendar statusDate) { this.statusDate = statusDate; } public Map getStatuses() { return statuses; } public void setStatuses(Map statuses) { this.statuses = statuses; } } - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
New warning message with V6.1.1 - SecurityMemberAccess...
I just upgraded from Struts2 2.5.3 to 6.1.1 . After a few tweaks (mostly related to Bootstrap5), the application is running correctly, but it’s generating a new warning message (always 4 times): [WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess - Access to non-public [protected java.lang.String org.apache.struts2.components.UIBean.disabled] is blocked! [WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess - Access to non-public [protected java.lang.String org.apache.struts2.components.UIBean.disabled] is blocked! [WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess - Access to non-public [protected java.lang.String org.apache.struts2.components.UIBean.disabled] is blocked! [WARN ] 2023-01-03 14:20:08 [https-jsse-nio-8443-exec-186] SecurityMemberAccess - Access to non-public [protected java.lang.String org.apache.struts2.components.UIBean.disabled] is blocked! The message is a result of the execution of this tag: The variables are setup by the action class shown below, which forwards to the JSP containing the s:radio tag. It seems to be working correctly, but the warning messages are puzzling. Does anyone know why the warnings are appearing? Thanks, Ralph Grove -- public class UserSetupAction extends ActionSupport { private static final Logger logger = LogManager.getLogger(UserSetupAction.class); private String userId; private String firstName; private String lastName; private Calendar lastActivity; private Boolean projectAdmin; private Boolean systemAdmin; private char status; private Calendar statusDate; private Map statuses; @Override public String execute() throws SQLException { try { User user = UserPersistence.getUser(userId); firstName = user.getFirstName(); lastName = user.getLastName(); lastActivity = user.getLastActivity(); projectAdmin = user.getProjectAdmin(); systemAdmin = user.getSystemAdmin(); status = user.getStatus(); statusDate = user.getStatusDate(); statuses = User.getStatusMap(); return SUCCESS; } catch (Exception e) { logger.error("USA.execute(): ", e); return ERROR; } } public String getUserId() { return userId; } public void setUserId(String userId) { this.userId = userId; } public String getFirstName() { return firstName; } public void setFirstName(String firstName) { this.firstName = firstName; } public String getLastName() { return lastName; } public void setLastName(String lastName) { this.lastName = lastName; } public Calendar getLastActivity() { return lastActivity; } public void setLastActivity(Calendar lastActivity) { this.lastActivity = lastActivity; } public Boolean getProjectAdmin() { return projectAdmin; } public void setProjectAdmin(Boolean projectAdmin) { this.projectAdmin = projectAdmin; } public Boolean getSystemAdmin() { return systemAdmin; } public void setSystemAdmin(Boolean systemAdmin) { this.systemAdmin = systemAdmin; } public char getStatus() { return status; } public void setStatus(char status) { this.status = status; } public Calendar getStatusDate() { return statusDate; } public void setStatusDate(Calendar statusDate) { this.statusDate = statusDate; } public Map getStatuses() { return statuses; } public void setStatuses(Map statuses) { this.statuses = statuses; } } - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org