Re: Struts2 login action class seems to be reused

2018-04-23 Thread Prasanth Pasala
Below is the result of the new logging. Root Size: 3 Result: null Object: com.opensymphony.xwork2.DefaultTextProvider@4d36d73d Object: com.xx.webaccess.LoginAction@40c80ce8 Thanks, Prasanth On 04/21/2018 05:09 AM, Yasser Zamani wrote: > > On 4/19/2018 4:39 PM, Prasanth Pasala wrote: >>

Re: Struts2 login action class seems to be reused

2018-04-23 Thread Prasanth Pasala
Found this one also but for almost all, the root size was 3. Below one was anomaly. Root Size: 4 Result: null Object: com.opensymphony.xwork2.DefaultTextProvider@4d36d73d Object: com.nqadmin.webaccess.LoginAction@7f716c46 Object: com.nqadmin.webaccess.LoginAction@35224c2f Also found that the

bypassing request parameter validation in struts 2.5.14.1

2018-04-23 Thread Rajvinder Pal
Hi, I need to bypass one validation error , which i am getting during appscan run. *Invalid field value for field* XXX I have seen com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor in struts2-core- 2.5.14.1.jar . But it does not have any excludeParams .Please let me know what else

Re: Struts2 login action class seems to be reused

2018-04-23 Thread Yasser Zamani
On 4/23/2018 8:04 PM, Prasanth Pasala wrote: > Found this one also but for almost all, the root size was 3. Below one was > anomaly. > Root Size: 4 > Result: null > Object: com.opensymphony.xwork2.DefaultTextProvider@4d36d73d > Object: com.nqadmin.webaccess.LoginAction@7f716c46 > Object:

Re: Struts2 login action class seems to be reused

2018-04-23 Thread Prasanth Pasala
The two LoginAction classes below are from the same context (/Context2). Context1 LoginAction would have a different package name. The issue occurs when a user is requesting /Context2 directly rather than when the request is forwarded, if the request is forwarded from /Context1 it would have

Re: Struts2 login action class seems to be reused

2018-04-23 Thread Prasanth Pasala
Get rid of the get methods in LoginAction, is this in /Context2 (application where the issue is occurring) or /Context1 (which forwards the requests to /Context2)? Yes exactly. The new log shows, your previous contexts actions (LoginAction@7f716c46 and LoginAction@35224c2f) are also present in

Re: bypassing request parameter validation in struts 2.5.14.1

2018-04-23 Thread Rajvinder Pal
Any idea how can i avoid this error for a specific parameter? Regards, Raj On Mon, Apr 23, 2018 at 10:31 PM, Rajvinder Pal wrote: > Hi, > > I need to bypass one validation error , which i am getting during appscan > run. > > *Invalid field value for field* XXX > > I

Re: bypassing request parameter validation in struts 2.5.14.1

2018-04-23 Thread Lukasz Lenart
2018-04-23 19:01 GMT+02:00 Rajvinder Pal : > Hi, > > I need to bypass one validation error , which i am getting during appscan > run. > > *Invalid field value for field* XXX > > I have seen com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor > in struts2-core-

Re: Struts2 login action class seems to be reused

2018-04-23 Thread Yasser Zamani
On 4/23/2018 10:12 PM, Prasanth Pasala wrote: > The user is inputting username and password in /Context1, if I send a > redirect they would have to enter username/password again in /Context2. > No, you already have them. I think you can use Struts PostbackResult [1] in /Context1/LoginAction