Re: java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping

2018-03-05 Thread Lukasz Lenart 
2018-03-05 16:19 GMT+01:00 Prasanth Pasala :
> Yeah, my url pattern is *.action as I do have some struts1 actions.

Does it mean you use the same filter to handle Struts 1 and Strut 2?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping

2018-03-05 Thread Prasanth Pasala 
Yeah, my url pattern is *.action as I do have some struts1 actions.

  
    struts2
    *.action
    REQUEST
    FORWARD
  

On 03/05/2018 12:27 AM, Lukasz Lenart wrote:
> 2018-03-02 17:33 GMT+01:00 Prasanth :
>> https://issues.apache.org/jira/projects/WW/issues/WW-4904
>>
>> Forwarded using request dispatcher.
>>
>> ServletContext sContext = context.getContext("/context2");
>> RequestDispatcher rd = sContext.getRequestDispatcher(resource);
>> rd.forward(request, response);
> Did you add FORWARD as below when configuring the Struts filter?
>
> 
> struts
> /*
> REQUEST
> FORWARD
> 
>
>
> Regards

Re: Struts2 login action class seems to be reused

2018-03-05 Thread Adam Brin 
What are the annotations on the class?  Is it possible that you're using
Spring, and not declaring "prototype" scope. eg:

@Scope("prototype")

On Mon, Mar 5, 2018 at 10:49 AM, Yasser Zamani 
wrote:

>
>
> On 3/5/2018 7:48 PM, Prasanth wrote:
> > But the Login filter had the below lines to make sure forwarded requests
> from /context1
> > would work.
> >
> > request.setAttribute("struts.actionMapping", new ActionMapping());
>
> Please let me discuss this line first of all. I'm still surprised how
> context2 app works with this line! I expect you always get
> ConfigurationException or get the result of the default action. Have you
> set this filter pattern to being applied only on /Login.action? If so,
> still you should get ConfigurationException or get the result of the
> default action (is /Login.action default?). Or maybe you have put these
> two lines in an if statement like if(request has these attributes){...}?
> If not, then do this please; an if statement for each line.
>
> Could you please try `request.setAttribute("struts.actionMapping",
> null)`? then post back the exception if any (I don't expect any). You
> should set to null or remove the attribute. Any other code is wrong.
>
> Regards.
>
>


-- 
_
Adam Brin
Director of Technology, Digital Antiquity
480.965.1278

Re: Struts2 login action class seems to be reused

2018-03-05 Thread Yasser Zamani 


On 3/5/2018 7:48 PM, Prasanth wrote:
> But the Login filter had the below lines to make sure forwarded requests from 
> /context1
> would work.
> 
> request.setAttribute("struts.actionMapping", new ActionMapping());

Please let me discuss this line first of all. I'm still surprised how
context2 app works with this line! I expect you always get
ConfigurationException or get the result of the default action. Have you
set this filter pattern to being applied only on /Login.action? If so,
still you should get ConfigurationException or get the result of the
default action (is /Login.action default?). Or maybe you have put these
two lines in an if statement like if(request has these attributes){...}?
If not, then do this please; an if statement for each line.

Could you please try `request.setAttribute("struts.actionMapping",
null)`? then post back the exception if any (I don't expect any). You
should set to null or remove the attribute. Any other code is wrong.

Regards.

Re: Struts2 login action class seems to be reused

2018-03-05 Thread Prasanth 
Yes, login page is accessible always. Direct jsp access is not allowed, it has 
to go through the actions. When a user requests /Login.action login jsp page is 
displayed. When the user submits username
and password (Post to Login.action) the user is authenticated and home page is 
displayed by Login.action. Since the same action handles both displaying login 
page and validating, if the values are
already present (username, password, value of the button clicked) the action 
will authenticate the user and display home page as it does this it will make a 
database entry saying xyz user has logged in.

Actual Setup:
Application 1: /context1   --- User can login here and they will be forwarded 
to context2. This application uses struts 2.5.14
Application 2: /context2   --- User can login directly in /context 2 (in which 
case no forwarding). This application uses struts 2.3.34 for login and other 
actions. There are few actions in struts1 also.

For replicating the issue I was directly accessing /context2/Login.action. So 
/context1 was not used in testing. But the Login filter had the below lines to 
make sure forwarded requests from /context1
would work.

request.setAttribute("struts.actionMapping", new ActionMapping());
request.setAttribute("struts.valueStack", null);

The request object type is io.undertow.servlet.spec.HttpServletRequestImpl

Thanks,
Prasanth


On 03/03/2018 04:14 AM, Yasser Zamani wrote:
> On 3/3/2018 12:37 AM, Prasanth Pasala wrote:
>> I was able to replicate the issue today. Asked few users to keep logging in 
>> and ran jmeter to access login page, with out putting any username or 
>> password. Out of the 100 attempts 2 attempts were
>> successful in getting in with out username/password. I am seeing database 
>> login entries for these two. Which would happen only if a valid session is 
>> not present and user has provided username/password.
> Shouldn't login page being accessible always? How do you try access
> login page, calling directly to jsp? Or action? How do you authenticate
> that access try, via session values? Via request parameters and querying
> database?
>
>> Not sure if the behavior is a side effect of having the below lines.
>>
>> request.setAttribute("struts.actionMapping", new 
>> ActionMapping());   
>> request.setAttribute("struts.valueStack", null);
> Not these lines but I guess you may also remove more things from
> forwarded request (e.g. session). Could you please print
> request.toString before these lines to see what type is it? Could you
> serialize request to a xml to see all values stored in that request?
> Anyway, like you, I also think this issue is because of forwarding the
> request from Struts1 to Struts2.
>
> Regards.
>
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>

Re: Struts 2.5.14 support for java 8/java 9/java 10

2018-03-05 Thread Adam Brin 
You might look in the struts2 JIRA for open issues 

> On Mar 5, 2018, at 6:18 AM, David Greene  wrote:
> 
> Struts 2.5 has out of the gate support for Java8.  I haven't tried 9 or 10
> yet.
> 
> On Mon, Mar 5, 2018 at 4:16 AM, coolaki2...@gmail.com > wrote:
> 
>> Hello,
>> 
>> Can anyone throw some knowledge about Struts support for Java 8 , Java 9
>> and Java 10.
>> 
>> 
>> Thanks,
>> 
>> A.S
>> 
>> -
>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> For additional commands, e-mail: user-h...@struts.apache.org
>> 
>> 
> 
> 
> -- 
> 
> *David Greene*
> *SecureLink, Inc.*
> Secure networks for remote support
> 
> mobile | (512) 630-2285
> office | (512) 640-1912
> 
> da...@securelink.com
> 
> This email may contain private information and is for the intended
> recipient only. If received in error, please notify sender and destroy any
> copies. Unauthorized review, use, or disclosure of the contents herein is
> prohibited

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts 2.5.14 support for java 8/java 9/java 10

2018-03-05 Thread David Greene 
Struts 2.5 has out of the gate support for Java8.  I haven't tried 9 or 10
yet.

On Mon, Mar 5, 2018 at 4:16 AM, coolaki2...@gmail.com  wrote:

> Hello,
>
> Can anyone throw some knowledge about Struts support for Java 8 , Java 9
> and Java 10.
>
>
> Thanks,
>
> A.S
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>


-- 

*David Greene*
*SecureLink, Inc.*
Secure networks for remote support

mobile | (512) 630-2285
office | (512) 640-1912

da...@securelink.com

This email may contain private information and is for the intended
recipient only. If received in error, please notify sender and destroy any
copies. Unauthorized review, use, or disclosure of the contents herein is
prohibited

Struts 2.5.14 support for java 8/java 9/java 10

2018-03-05 Thread coolaki2006 
Hello, 

Can anyone throw some knowledge about Struts support for Java 8 , Java 9 and 
Java 10. 


Thanks, 

A.S

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org