Re: Security Issue - 2.3.35

2021-09-02 Thread Lukasz Lenart
wt., 31 sie 2021 o 17:36 Gopal, Siva Prakash
 napisał(a):
>
> Hi Team,
>
> We are using below version of struts. Is there any security issue to upgrade 
> it to next version.
>
> struts2-core-2.3.35

As far I know no, you can always check this page
https://struts.apache.org/releases.html

And be aware that the 2.3.x branch won't receive any kind of support
nor security fixes as this branch reached EOL
https://struts.apache.org/announce-2019#a20190912


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: How to set up the conditions to test web pages for HTTP status codes 403, 404, 500, 503

2021-06-21 Thread Lukasz Lenart
pt., 18 cze 2021 o 14:11 albert kao  napisał(a):
>
> Following "Exception mapping" at:
> https://struts.apache.org/getting-started/exception-handling.html
>
> Something like:
> public class HttpIOException extends Exception {
> private static final long serialVersionUID = -4261703341L;
>
> public HttpIOException() {
> super("Http IO Exception");
> }
>
> public HttpIOException(String message) {
> super(message);
> }
> }
>
>
>
> public class Register extends ActionSupport {
> //...
> public void throwHttpIOException(String message) throws HttpIOException {
> throw new HttpIOException(message);
> }
>
> public void throwHttpIO500Exception() throws HttpIOException {
> throw new HttpIOException("HTTP response code: 500");
> }
>
> public void throwHttpIO503Exception() throws HttpIOException {
> throw new HttpIOException("HTTP response code: 503");
> }
> //...
> }
>
>
>
> struts.xml
>  class="org.apache.struts.register.action.Register"
> method="throwHttpIO500Exception">
> /500.jsp
> 
>  class="org.apache.struts.register.action.Register"
> method="throwHttpIO503Exception">
> /503.jsp
> 

You must use different exceptions to handle different Response Codes:



503


500









Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: How to set up the conditions to test web pages for HTTP status codes 403, 404, 500, 503

2021-06-17 Thread Lukasz Lenart
czw., 17 cze 2021 o 13:24 albert kao  napisał(a):
>
> I developed a web application with Java (Struts 2) and Web Experience
> Toolkit (WET - https://github.com/wet-boew/wet-boew), which is running on
> the WebLogic 12c server.
> When any one of the HTTP status codes 403, 404, 500, 503 occurs, my web
> application will display a corresponding web page.
> e.g. When the HTTP status code 503 occurs, my web application will display
> the web page 503.html.
> How to set up or simulate the conditions to test my web application web
> pages for HTTP status codes 403, 404, 500, 503?
> i.e. simulate the HTTP status codes 503, etc so as to test my web
> application UI to ensure that 503 is handled properly, assuming that the
> webserver works properly.

Exception mapping isn't enough?
https://struts.apache.org/getting-started/exception-handling.html

Or you can always re-implement ExceptionMappingInterceptor and used in
your custom stack
https://struts.apache.org/maven/struts2-core/apidocs/com/opensymphony/xwork2/interceptor/ExceptionMappingInterceptor.html


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: s:url s:a and s:text

2021-06-09 Thread Lukasz Lenart
czw., 10 cze 2021 o 02:07 albert kao  napisał(a):
>
> How to use s:url s:a and s:text together?
> I tried this jsp but it did not work because some s:text did not get
> substituted.
>
> 
> ">
>
>
>
> .properties file
> comp.href=https://www.mycomp.com/client.html#x1
> browser.window.title=Title
> common.test.button=Test
>
>
>
> I tried to modify this jsp but then it did not compile :(.
> Please help.
> Thanks.

It won't work that way, you can use  like this


  


  




And you shouldn't use  if the "action" attribute doesn't point
to an action.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts Upgrade

2021-06-02 Thread Lukasz Lenart
wt., 1 cze 2021 o 16:38 Jasmine Kaur  napisał(a):
> we are able to run the project. Facing issue while clicking the buttons,
> having issue with cssClass.
>
> Do you guys have any idea?

What kind of error?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts Upgrade

2021-05-27 Thread Lukasz Lenart
pt., 28 maj 2021 o 02:15 Jasmine Kaur  napisał(a):
> We need to upgrade our project from struts version 2.2.3 to 2.5, kindly let
> us know the steps.

Please start with [1] and in case of other issues ask the questions here

[1] https://cwiki.apache.org/confluence/display/WW/Struts+2.3+to+2.5+migration


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



[ANN] Apache Struts Security Impact Levels

2021-02-20 Thread Lukasz Lenart
The Apache Struts Security Team has prepared Security Impact Levels
and updated the following Security Bulletins to match the levels. Any
new Security Bulletin will be published with a proper level of the
Security Impact Levels.

Security Impact Levels
https://cwiki.apache.org/confluence/display/WW/Security+Bulletins#SecurityBulletins-Securityimpactlevels

List of adjusted Security Bulletins:
https://cwiki.apache.org/confluence/display/WW/S2-060
Medium -> Moderate

https://cwiki.apache.org/confluence/display/WW/S2-056
Medium -> Moderate

https://cwiki.apache.org/confluence/display/WW/S2-055
High -> Important

https://cwiki.apache.org/confluence/display/WW/S2-054
Medium -> Moderate

https://cwiki.apache.org/confluence/display/WW/S2-051
Medium -> Moderate

https://cwiki.apache.org/confluence/display/WW/S2-049
High -> Important

https://cwiki.apache.org/confluence/display/WW/S2-048
High -> Important

https://cwiki.apache.org/confluence/display/WW/S2-042
High -> Important

https://cwiki.apache.org/confluence/display/WW/S2-040
Medium -> Moderate

https://cwiki.apache.org/confluence/display/WW/S2-039
Medium -> Moderate

https://cwiki.apache.org/confluence/display/WW/S2-038
Medium -> Moderate

https://cwiki.apache.org/confluence/display/WW/S2-037
High -> Important

https://cwiki.apache.org/confluence/display/WW/S2-036
Medium -> Moderate

https://cwiki.apache.org/confluence/display/WW/S2-033
High -> Important

https://cwiki.apache.org/confluence/display/WW/S2-032
High -> Important

https://cwiki.apache.org/confluence/display/WW/S2-031
Medium -> Moderate

https://cwiki.apache.org/confluence/display/WW/S2-026
High -> Important

https://cwiki.apache.org/confluence/display/WW/S2-024
Medium -> Moderate

https://cwiki.apache.org/confluence/display/WW/S2-023
Medium -> Moderate

https://cwiki.apache.org/confluence/display/WW/S2-022
Medium -> Moderate

https://cwiki.apache.org/confluence/display/WW/S2-021
High -> Important

https://cwiki.apache.org/confluence/display/WW/S2-016
Highly Critical -> Critical

https://cwiki.apache.org/confluence/display/WW/S2-015
Highly Critical -> Critical

https://cwiki.apache.org/confluence/display/WW/S2-014
Highly Critical -> Critical

https://cwiki.apache.org/confluence/display/WW/S2-013
Highly Critical -> Critical

https://cwiki.apache.org/confluence/display/WW/S2-012
Moderately Critical -> Important


Kind regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: NPE using OpenSessionBackgroundProcess class

2021-01-26 Thread Lukasz Lenart
wt., 26 sty 2021 o 13:45 Burton Rhodes  napisał(a):
>
> Lukasz -
> Sorry if this is a dumb question, but where and how do I call the
> readObject() method that you suggested?

It is used by JVM when an object is deserialized
https://docs.oracle.com/javase/7/docs/api/java/io/Serializable.html
https://stackoverflow.com/questions/12963445/serialization-readobject-writeobject-overrides


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: NPE using OpenSessionBackgroundProcess class

2021-01-25 Thread Lukasz Lenart
pon., 25 sty 2021 o 19:52 Burton Rhodes  napisał(a):
> public class OpenSessionBackgroundProcess extends BackgroundProcess {

BackgroundProcess is marked as Serializable so container can
temporarily store it on disk

> private Object lock = new Object(); // used for synchronization

I would mark this as transient and add

private void readObject(ObjectInputStream inputStream) throws
IOException, ClassNotFoundException {
lock = new Object();
}

maybe it will help


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Validate URL or email with internationalized domain name (IDN)

2021-01-25 Thread Lukasz Lenart
pon., 25 sty 2021 o 12:38 Guenter Paul
 napisał(a):
> DWR valdiation looks fine. Is there any small example? If not, I will try it 
> by myself and try to use it. After I would try to use URL- and 
> EMail-Validation.

You can check the Showcase app, there should be an example how to use
it. You can also open a PR here
https://github.com/apache/struts-examples/ to add one :)


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: NPE using OpenSessionBackgroundProcess class

2021-01-22 Thread Lukasz Lenart
czw., 21 sty 2021 o 18:56 Burton Rhodes  napisał(a):
> synchronized (lock) {   <--  NPE is here 

How is this lock defined? Is it a serializable class?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Hard limit of number of form elements submitted to an action?

2021-01-20 Thread Lukasz Lenart
wt., 19 sty 2021 o 17:34 Nikolay Ivanchev
 napisał(a):
>
> Hi All
>
> Is there a hard limit of elements in a form when processed by Struts2
> We have a form with 11000 chekcboxes and when we submit it, only 5000 
> checkboxes are sbumitted
>
> Is this a configurable parameter?

If you missed the answer in dev@ list
https://lists.apache.org/thread.html/r5e1a93cf19e08eff88b10fea16c59977ca70620dcc403a9ac80c7ed0%40%3Cdev.struts.apache.org%3E


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Validate URL or email with internationalized domain name (IDN)

2021-01-20 Thread Lukasz Lenart
niedz., 17 sty 2021 o 15:18 Guenter Paul
 napisał(a):>
> I'm not sure. Perhaps a solution with Ajax is possible?

Maybe we should drop support for Client Side Validation in case of
EmailValidator - just in case of pure JS. The Ajax/DWR valdiation
should be used instead.

https://struts.apache.org/core-developers/pure-java-script-client-side-validation
https://struts.apache.org/core-developers/ajax-client-side-validation
https://struts.apache.org/plugins/dwr/


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Hard limit of number of form elements submitted to an action?

2021-01-19 Thread Lukasz Lenart
Please use user@ mailing list

wt., 19 sty 2021 o 16:51 Nikolay Ivanchev  napisał(a):
> Is there a hard limit of elements in a form when processed by Struts2
> We have a form with 11000 chekcboxes and when we submit it, only 5000 
> checkboxes are sbumitted
>
> Is this a configurable parameter?

Could you provide which Struts version you are using? Also I cannot
recall any of such limitations on Struts' side.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Validate URL or email with internationalized domain name (IDN)

2021-01-15 Thread Lukasz Lenart
pt., 15 sty 2021 o 16:21 Guenter Paul
 napisał(a):
>
> OK, client validation is a problem, that's true. I don't use it, but yes, 
> it's usefull.
>
> I found punycode for that:
> https://github.com/bestiejs/punycode.js
>
> It's MIT-licence, I'm not sure we can use it for standard.
>
> I'm not really good in javascript, but I can it to write my own decoder. The 
> better way is to use a standard-decoder like ounycode, I think.

Yeah... I really thought about stop supporting email validation on
frontend, there is a tons of ways to do it better than we do in
Struts. Thus also means that maybe having frontend validation built-in
doesn't make sense.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Validate URL or email with internationalized domain name (IDN)

2021-01-14 Thread Lukasz Lenart
czw., 14 sty 2021 o 16:25 Günter Paul
 napisał(a):
>
> In Germany we can use domaine-names like "münchen.de".
> The struts validators URLValidator and EmailIdnValidator can't handle such 
> name with umlaut.
> The domaine is valide but not for the validator.
>
> Is it possible to change this behavior?
>
> I overwrite the classes and it works for me.
> But I think it's better to change the standard classes,
>
> Here my solution:
>
> import com.opensymphony.xwork2.validator.ValidationException;
> import com.opensymphony.xwork2.validator.validators.URLValidator;
>
> import java.net.IDN;
> import java.util.Objects;
>
> public class URLIdnValidator extends URLValidator
> {
>   @Override
>   public Object getFieldValue(String name, Object object) throws 
> ValidationException
>   {
> Object fieldValue = super.getFieldValue(name, object);
>
> if (fieldValue != null)
> {
>   fieldValue = IDN.toASCII(Objects.toString(fieldValue, "")); // need 
> Java 1.6
> }
>
> return fieldValue;
>   }
> }

Thanks for sharing your solution, the problem is that we also need to
support ClientSide validation and we are using exactly the same RegEx
on both sides. Your solution is valid but just in case of ServerSide
validation. There is a ticket to fix EmailValidator, yet I still don't
know how to do it properly on both sides.

https://issues.apache.org/jira/browse/WW-4395


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Opting action method back into validation

2020-12-09 Thread Lukasz Lenart
wt., 8 gru 2020 o 12:39 Paul Zepernick
 napisał(a):
>
> It is an existing project that has hundreds of action classes and is 
> currently configured by the struts rest plug-in to ignore the show method for 
> validation.  I know I can update the configuration to remove the exclusion, 
> but many of these actions also have a validate() implementation which would 
> begin to fire for the existing show().  I would have to go through and add 
> the skip validation annotation on most of these.

I see, the only option for now is to override
"AnnotationValidationInterceptor" and implement your own check


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Opting action method back into validation

2020-12-07 Thread Lukasz Lenart
pon., 7 gru 2020 o 15:24 Paul Zepernick
 napisał(a):

> Is there any way to take a method that has been excluded from validation
> in the configuration and turn it back on for a single action?  For example,
> I am using the REST plugin which excludes the show() method from the
> validation.  99% of the time I do not have any validation that I want to
> run, but I do have some edge cases where it would be helpful to have the
> validate() / validateShow() available for a particular action.
>

Not sure if I understand, you can add your conditional validation logic
into "validateShow()", so in 99% this method will do nothing, but in 1% of
conditions it will perform the validation.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/


[ANN] [SECURITY] Potential RCE when using forced evaluation - CVE-2020-17530

2020-12-07 Thread Lukasz Lenart
Forced OGNL evaluation, when evaluated on raw user input in tag
attributes, may lead to remote code execution.

Problem
Some of the tag's attributes could perform a double evaluation if a
developer applied forced OGNL evaluation by using the %{...} syntax.
Using forced OGNL evaluation on untrusted user input can lead to a
Remote Code Execution and security degradation.

Solution
Avoid using forced OGNL evaluation on untrusted user input, and/or
upgrade to Struts 2.5.26 which checks if expression evaluation won't
lead to the double evaluation.

Please read our Security Bulletin for more details:
https://cwiki.apache.org/confluence/display/WW/S2-061

This vulnerability was identified by:
- Alvaro Munoz - pwntester at github dot com
- Masato Anzai of Aeye Security Lab, inc.

All developers are strongly advised to perform this action.


Kind regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



[ANN] Struts 2.5.26

2020-12-06 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.26 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce.html#a20201206

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.

Below is a full list of all changes:

- Junit plugin does not push ACTION_MAPPING into the context resulting in NPE
- Struts2 StaticParametersInterceptor’s addParametersToContext method
is not working as expected

All developers are strongly advised to perform this action.

The 2.5.x series of the Apache Struts framework has a minimum
requirement of the following specification versions: Servlet API 2.4,
JSP API 2.0, and Java 7.

Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list, and, if
appropriate, file a tracking ticket.

You can download this version from our download page
https://struts.apache.org/download.cgi#struts-ga


Kind regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: URI too long error when using ExecuteAndWait interceptor

2020-11-30 Thread Lukasz Lenart
I thought a bit about this problem and to be honest I didn't find a
better solution. It would require some selective logic which params
include, e.g:



Would that work for you?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

sob., 21 lis 2020 o 16:21 Burton Rhodes  napisał(a):
>
> I ended up replacing the  tag refresh method with javascript that
> parses the "url" variable and recreates a  element on the fly to
> submit via POST.
>
> On Fri, Nov 20, 2020 at 4:19 PM Burton Rhodes 
> wrote:
>
> > I have a page that submits a form via POST and uses the ExecuteAndWait
> > interceptor.  On the "wait" jsp I have:
> >
> > "/>
> >
> > However, the includeParams "all" is including all the POST form variables
> > (which there are many), and as a result, I am getting a "URI too long"
> > exception.  Is there an easy fix for this?  Can't believe I've never run
> > into this issue before.
> >
> > Many thanks.
> >

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: NPE when running unit test with struts rest plugin

2020-11-09 Thread Lukasz Lenart
pon., 9 lis 2020 o 14:38 Paul Zepernick
 napisał(a):
>
> Thank you very much, this has resolved the issue!  I have created a ticket in 
> Jira.
>
> https://issues.apache.org/jira/browse/WW-5095

Great, thanks a lot!


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts form bean behaviour changes after 2.5.22

2020-11-08 Thread Lukasz Lenart
pon., 9 lis 2020 o 04:53 Gokul Raj  napisał(a):
>
> I have upgraded from 2.3 to 2.5. Also, It is not occurring frequently.

Did you review the migration guide?
https://cwiki.apache.org/confluence/display/WW/Struts+2.3+to+2.5+migration#Struts2.3to2.5migration-NewLocaleawareconversionlogic

This is due to fixed conversion which is now locale aware
https://issues.apache.org/jira/browse/WW-4581
https://issues.apache.org/jira/browse/WW-3650
https://github.com/apache/struts/pull/138

I would assume you ou have been using some custom solution to overcome
this in Strut 2.3 and now it produces problems in Struts 2.5


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: NPE when running unit test with struts rest plugin

2020-11-07 Thread Lukasz Lenart
śr., 4 lis 2020 o 17:29 Paul Zepernick
 napisał(a):
> I have posted an example project that reproduces the error in the junit test
>
> https://github.com/zepernick/struts25-rest-junit

I think I have found the problem, mapping is not set in
getActionProxy(), you can fix it by overriding it like this:

protected ActionProxy getActionProxy(String uri) {
request.setRequestURI(uri);
ActionMapping mapping = getActionMapping(request);
String namespace = mapping.getNamespace();
String name = mapping.getName();
String method = mapping.getMethod();

Configuration config = configurationManager.getConfiguration();
ActionProxy proxy =
config.getContainer().getInstance(ActionProxyFactory.class).createActionProxy(
namespace, name, method, new HashMap(), true, false);

initActionContext(proxy.getInvocation().getInvocationContext());

// this is normally done in onSetUp(), but we are using Struts internal
// objects (proxy and action invocation)
// so we have to hack around so it works
ServletActionContext.setServletContext(servletContext);
ServletActionContext.setRequest(request);
ServletActionContext.setResponse(response);


ServletActionContext.getContext().put(ServletActionContext.ACTION_MAPPING,
mapping);

return proxy;
}

Fee free to open a JIRA ticket and as I'm going to prepare yet another
2.5.x release I can address this issue


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts form bean behaviour changes after 2.5.22

2020-11-07 Thread Lukasz Lenart
sob., 7 lis 2020 o 11:21 Gokul Raj  napisał(a):
> After upgrade 2.5.22 we are facing a kind of issue, form beans remove
> decimal points. Does anyone face such an issue?

Could you provide more details? From which version did you upgrade to 2.5.22?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: NPE when running unit test with struts rest plugin

2020-11-03 Thread Lukasz Lenart
wt., 3 lis 2020 o 13:24 Paul Zepernick
 napisał(a):
> Yes, I am using the struts2-junit plugin and extending 
> StrutsSpringJUnit4TestCase from the plugin.

Would you mind preparing a small example and put it on Github?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: NPE when running unit test with struts rest plugin

2020-11-02 Thread Lukasz Lenart
pon., 2 lis 2020 o 14:48 Paul Zepernick
 napisał(a):

> Struts: 5.2.25
>
> Plugins: struts2-rest, struts2-spring, struts2-convention
> junit 4
>
>
Did you try to use struts2-junit plugin and based your tests
on StrutsJUnit4TestCase?
https://struts.apache.org/plugins/junit/


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/


Re: Issue in migration from struts2.3.35 to struts2.5.22

2020-11-01 Thread Lukasz Lenart
niedz., 1 lis 2020 o 14:25 Peer Mohammad  napisał(a):
>
> I have not used Xwork, index.jsp has  name="cheetta.login" flush="true"/> and cheetta.login is given in struts.xml 
> with action class.This setup is working last 7 years on struts2.3.35 .

You are not using Xwork directly but you have xwork.jar on the
classpath, and some classes can conflict - remove the jar.

Next, you are accessing index.jsp directly and not via action - that's
why you are getting the exception. You are using Struts related Tiles
listener which expects that all the Tiles definitions (in this case
"cheetta.login") will be accessed via action. So the flow supposed to
be as follow:

browser -> action -> JSP -> Tiles definition

In your case there is no action when you're accessing index.jsp. If
you don't use any of the Struts Tile listener features you can switch
to "org.apache.tiles.listener.TilesListener" as pointed in the
documentation https://struts.apache.org/plugins/tiles/#usage

And yes, for the last 7 years we have been developing and extending
Struts that's why some things have changed.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Issue in migration from struts2.3.35 to struts2.5.22

2020-10-29 Thread Lukasz Lenart
czw., 29 paź 2020 o 11:24 Peer Mohammad  napisał(a):
> list of jars for Strust2.5.22
>
> struts2-core 2.5.22
> freemarker -2.3.30
> xwork-core -2.3.37

As I said, this is not needed, XWork was merged into Struts Core, you
are duplicating classes now

> Caused by: There is no ActionContext for current request! - [unknown location]
>
> at 
> org.apache.jsp.index_jsp._jspx_meth_tiles_005finsertDefinition_005f0(index_jsp.java:151)

You are accessing index.jsp directly by

index.jsp



Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Issue in migration from struts2.3.35 to struts2.5.22

2020-10-28 Thread Lukasz Lenart
śr., 28 paź 2020 o 11:55 Peer Mohammad  napisał(a):
> Please find the web.xml and struts.xml file. I have observed that many 
> library classes are not available in strut2-tiles-plugin file and xwork some 
> package in struts-core-2.5.22 compare to struts2.3.35.

Not sure what do you mean by that? Which classes are missing? XWork
was merged into Struts Core and there is no additional jar anymore.
Maybe you are mixing different jars in your app, do you use Maven to
control dependencies? Could you list jars from the lib folder?

Also did you use a proper DTD in your tiles.xml files as mentioned
here 
https://cwiki.apache.org/confluence/display/WW/Struts+2.3+to+2.5+migration#Struts2.3to2.5migration-Tiles

http://tiles.apache.org/dtds/tiles-config_3_0.dtd;>

> Web.xml
>
> 
> http://xmlns.jcp.org/xml/ns/javaee;
>  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
>  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
>  http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd;
>  version="3.1">
> CHEETTA_online
> 
> 
> 
> org.apache.struts2.tiles.StrutsTilesListener
> 
>
> 
> 
> 
> CSRFTokenFilter
> 
> com.sbc.cheetta.common.framework.filter.GenerateCSRFTokenFilter
> 
> 
> CSRFTokenFilter
> /*
> 
>  
> CSRFTokenFilter
> *.action
> 
> 
> CSRFTokenFilter
> *.do
> 

This is duplication, just /* is enough, remove other patterns

> 
> 
> CSRFValidationFilter
> 
> com.sbc.cheetta.common.framework.filter.CSRFValidationFilter
>  
> excludedUrls
> 
> 
> /index.jsp,/Welcome.do,/Logoff.do,/LogonSubmit.do,/networkEditProfileLinker.do,/images/swmainmenubutton.gif,/images/att_logo.gif,/images/mwmainmenubutton.gif,/images/admin.gif,/theme/Master.css,/images/wmainmenubutton.gif,/images/atmainmenubutton.gif,/images/bg_header1024.gif,/images/bg_footer1024.gif,/images/bg_header1024.gif
>  
> 
> 
> CSRFValidationFilter
> /*
> 
> 
>
> 
> xFrameOptionsFilter
> 
> com.sbc.cheetta.common.framework.filter.XFrameOptionsFilter
> 
> 
> xFrameOptionsFilter
> *.action
> 
> 
> xFrameOptionsFilter
> *.do
> 
> 
> struts2
> 
> org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter
> 
> actionPackages
> com.sbc.cheetta.actions
> 
> 
> 
> struts2
> /*
> 
> 
> struts2
> *.action
> 
> 
> struts2
> *.do
> 

Same here, just left /* pattern


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: ASM version

2020-10-06 Thread Lukasz Lenart
wt., 6 paź 2020 o 14:35 Tamás Barta  napisał(a):
>
> Hi,
>
> I would like to ask if you are going to update used asm library version to
> 8.*
> Latest struts convention plugin and cxf libraries depends on different asm
> versions.

Sure, please register a ticket in JIRA and we will address that in 2.6 version


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Issue in migration from struts2.3.35 to struts2.5.22

2020-10-01 Thread Lukasz Lenart
czw., 1 paź 2020 o 22:00 Peer Mohammad  napisał(a):
> I have followed the above mentioned guide and i had removed the XWork as 
> well,But error remains the same. I am trying last 45 days to resolve this 
> issue but able to resolve yet. Any suggestion/guidance will be appreciable.

Can you share your web.xml and struts.xml? Also do you access a JSP
file directly through the browser?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



[ANN] Struts 2.5.25

2020-09-28 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.25 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce.html#a20200928

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.

Below is a full list of all changes:

- Package Level Properties in Global Results
- AbstractMatcher adds values to the map passed into replaceParameters
- Minor bug in single file upload example of the Showcase application
- Unable to set long pathname variables
- s:set with empty body
- AliasInterceptor doesn’t properly handle Parameter.Empty
- Improve build behaviour on JDK9+
- Update multiple Struts 2.5.x libraries / Maven build plugin versions
- Upgrade OSGi to the latest version

All developers are strongly advised to perform this action.

The 2.5.x series of the Apache Struts framework has a minimum
requirement of the following specification versions: Servlet API 2.4,
JSP API 2.0, and Java 7.

Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list, and, if
appropriate, file a tracking ticket.

You can download this version from our download page
https://struts.apache.org/download.cgi#struts-ga


Kind regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Issue in migration from struts2.3.35 to struts2.5.22

2020-09-28 Thread Lukasz Lenart
pon., 28 wrz 2020 o 12:35 Peer Mohammad  napisał(a):
>
> Hi Team,
>
> I am getting error while migrating Struts2.3.35 to Struts2.5.22 as "There is 
> no ActionContext for current request! - [unknown location]"
> console log: ERROR StrutsTilesLocaleResolver cannot obtain HttpServletRequest 
> from [org.apache.tiles.request.jsp.JspRequest].

Did you follow the upgrade procedure?
https://cwiki.apache.org/confluence/display/WW/Struts+2.3+to+2.5+migration#Struts2.3to2.5migration-Tiles

> list of jars for Strust2.5.22
>
> struts2-core 2.5.22
> freemarker -2.3.30
> xwork-core -2.3.37

You do not need XWork anymore, please remove the jar


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: security : context relative URL(s)

2020-09-14 Thread Lukasz Lenart
sob., 5 wrz 2020 o 19:44 Zahid Rahman  napisał(a):
>
> Hi,
>
> Can I apply these same security features in struts2 which were applied in
> struts1
> now that  the use of web.xml TAGS is discouraged in favour of annotations.
>
>
> *example deployment descriptor *
> *$CATALINA_HOME/webapps/examples/WEB-INF/web.xml*
>
> 
>  example Security Constraint  
> 
>  Protected Web Area 
> 
> /jsp/security/protected/*
> .
> DELETE
> GET
> POST
> PUT
> 
> 
> 

Yes, you can and this is a good practice
https://struts.apache.org/security/#never-expose-jsp-files-directly


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: TilesPlugin of Struts2 is not loaded in existing Struts1 project

2020-09-07 Thread Lukasz Lenart
śr., 2 wrz 2020 o 12:33 Natta Wang  napisał(a):
>
> I'm doing on migrating Struts1 to Struts2 and one of component is TilesPlugin 
> of Struts1 version. I've read the instruction of Struts2 tiles-pluing 
> implementation and follow those steps, but found it is not loaded the 
> configure as I expected.
>
> Question is I need to know how to implement new version of tiles-plugin of 
> Struts2 along with existing TilesPlugin of Struts1. (I can't migrate all 
> actions to use newer tiles-plugin in the same time, it's quite big load of 
> work to do)

As far I recall in Tiles 3 a new constant was defined to read configs
from, how do you configure Tiles?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts 1 -> Struts 2 migration session parameters not found

2020-08-27 Thread Lukasz Lenart
czw., 27 sie 2020 o 13:17 Natta Wang  napisał(a):
>
> I start to migrate from Struts 1 to Struts 2 and found a problem that I want 
> to ask for help with the session.
>
> In Struts 1 web.xml, I have a Filter class that maps to servlet and when it 
> be called, it will set a parameter with an object.
>
> All Struts 1 JSP pages can access the session that has those parameters, and 
> what I did to the new Action class of Struts 2 is implements with 
> SessionAware,
> in the class if found session object by 
> ServletActionContext.getRequest().getSession(), but cannot found the 
> parameter with the parameter name that I expected it has.
>
> What I tried is added new filter-mapping in the web.xml file, which map 
> url-pattern to Struts 2 Action class (same with that mapped to servlet I 
> mentioned above), hope it will be called when opening with a specific URL but 
> I failed as it comes out like the not set version.
>
> Can someone guide me on how to make the session and all parameters visible in 
> the Action class and JSP page?
>
> And one more thing, I use  the header page and header page also 
> refers to those session parameters. Do I need to implement any configuration 
> to make header JSP can access the session?

By using SessionAware, the session is going to be injected in your
action [1], in tags or JSPs you can use a named scope #session [2] to
access the attributes. But please be aware that Struts2 won't create
the session if it doesn't exist. You must use Session Create
Interceptor [3] to forcly create the session.

[1] https://struts.apache.org/core-developers/servlet-config-interceptor.html
[2] https://struts.apache.org/tag-developers/ognl-basics#struts-2-named-objects
[3] https://struts.apache.org/core-developers/create-session-interceptor.html


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: CVE-2019-0233 is Struts v1 vulnerable?

2020-08-21 Thread Lukasz Lenart
pt., 21 sie 2020 o 11:30 Rayne Anderson  napisał(a):
>
> I know that Apache Struts File upload CVE-2019-0233 applies to Struts v2.
> Does the CVE apply to Struts v1.3.8?

I would say no as these are totally different frameworks but we didn't
test Struts 1.3.8 against this vulnerability as Struts 1 has reached
End-of-Life a few years ago.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Status of 2.5.23?

2020-08-17 Thread Lukasz Lenart
pon., 17 sie 2020 o 20:53 Tellis, Wyatt  napisał(a):
>
> NP. Do you have an ETA for when 2.5.24 will be released?

In a few weeks, just one issue left and I will be able to prepare a test build.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Status of 2.5.23?

2020-08-17 Thread Lukasz Lenart
niedz., 16 sie 2020 o 04:47 Tellis, Wyatt  napisał(a):
> Can this be pushed to Maven central?

Sorry for the mess, Struts 2.5.23 was not accepted as some bugs were
discovered in the test build - those were already addressed and soon I
will prepare a new 2.5.24 test build.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Action path prefix rules?

2020-08-14 Thread Lukasz Lenart
pt., 14 sie 2020 o 10:48 Heikki Hyyrö  napisał(a):
> I am a bit confused about the rules concerning mapping URL paths to
> actions. Let's say that I have a Struts application running at
> example.com with the app name "myApp". Then the usual path to access a
> Struts action named "foo" would presumably be
>
> example.com/myApp/foo.action
>
> Now, it seems to be also possible to access the foo-action even by
> adding a more or less arbitrary path prefix before the app name. E.g.
> also both
>
> example.com/abcde/myApp/foo.action
> example.com/some/bogus/prefix/myApp/foo.action
>
> seem to access foo. I am wondering where the rules that allow this are
> defined? What would be the relevant documentation to look into?
>
> As a specifid question, I wonder about links. If the foo-page contains
> e.g. a link created with the url-tag, such as
>
> 
>
> 
> 
>Link to bar-action
> 
>
> the link does not include any "extra" path prefix and always points to
> example.com/myApp/bar.action. I am wondering why this happens? And what
> if I actually would want the link to reflect the actual access URL,
> including any "extra" path prefix (e.g. the link might point to
> example.com/some/bogus/prefix/myApp/bar.action)? Is this possible?

I think here [1] is a piece of the code you are looking for, if an
action cannot be found in the provided namespace, fallback to the root
namespace is done (if available). I'm not sure if this is documented
or not, feel free to create a ticket in JIRA. Maybe we should also add
a logging statement there.

[1] 
https://github.com/apache/struts/blob/master/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java#L392-L395


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts 2.5.23

2020-07-06 Thread Lukasz Lenart
niedz., 5 lip 2020 o 08:18 Yasser Zamani  napisał(a):
>
> Hi thanks for the test build!
>
> I think because mvnw cannot accept -D... jvm options directly.

Interesting ... I will double check that


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts 2.5.23

2020-07-02 Thread Lukasz Lenart
Now I'm confused, this helped, but I was doing exactly the same thing :\

export MAVEN_OPTS=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

https://central.sonatype.org/articles/2018/May/04/discontinued-support-for-tlsv11-and-below/

Anyway, 2.5.23 is under build & deploy now :)


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

pt., 3 lip 2020 o 07:28 Lukasz Lenart  napisał(a):
>
> czw., 2 lip 2020 o 13:40 Lukasz Lenart  napisał(a):
> >
> > Ha!
> >
> > This one helped
> > https://stackoverflow.com/questions/31684855/java-ssl-exception-protocol-version-when-trying-to-use-httpclient-to-log-into-a
> >
> > and using TLSv1 :D
>
> ech... it didn't, I was running JDK8 instead of JDK7, keep looking ...
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts 2.5.23

2020-07-02 Thread Lukasz Lenart
czw., 2 lip 2020 o 13:40 Lukasz Lenart  napisał(a):
>
> Ha!
>
> This one helped
> https://stackoverflow.com/questions/31684855/java-ssl-exception-protocol-version-when-trying-to-use-httpclient-to-log-into-a
>
> and using TLSv1 :D

ech... it didn't, I was running JDK8 instead of JDK7, keep looking ...

Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts 2.5.23

2020-07-02 Thread Lukasz Lenart
Ha!

This one helped
https://stackoverflow.com/questions/31684855/java-ssl-exception-protocol-version-when-trying-to-use-httpclient-to-log-into-a

and using TLSv1 :D

czw., 2 lip 2020 o 13:36 Lukasz Lenart  napisał(a):
>
> czw., 2 lip 2020 o 11:15 mar...@payer.he-hosting.de
>  napisał(a):
> > just a quick guess - use Java 8 or look here 
> > https://stackoverflow.com/questions/50824789/why-am-i-getting-received-fatal-alert-protocol-version-or-peer-not-authentic.
>
> I already tried that hint from SO, but it didn't help :( I think I
> will use Java 8 though
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts 2.5.23

2020-07-02 Thread Lukasz Lenart
czw., 2 lip 2020 o 11:15 mar...@payer.he-hosting.de
 napisał(a):
> just a quick guess - use Java 8 or look here 
> https://stackoverflow.com/questions/50824789/why-am-i-getting-received-fatal-alert-protocol-version-or-peer-not-authentic.

I already tried that hint from SO, but it didn't help :( I think I
will use Java 8 though


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts 2.5.23

2020-07-02 Thread Lukasz Lenart
Hi,

I've been trying to prepare a new release of Struts 2.5 but constantly getting

[INFO] [ERROR] Failed to execute goal
org.apache.maven.plugins:maven-deploy-plugin:2.6:deploy
(default-deploy) on project struts2-bom: Failed to deploy artifacts:
Could not transfer artifact org.apache.struts:struts2-bom:pom:2.5.23
from/to apache.releases.https
(https://repository.apache.org/service/local/staging/deploy/maven2):
Received fatal alert: protocol_version -> [Help 1]

I'm enabling TLSv1.2 in Java 7 but still it doesn't work, that used to help
./mvnw -Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2
release:perform

Any other ideas?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: SMI allowed methods not working for struts 2.5.17

2020-06-02 Thread Lukasz Lenart
wt., 2 cze 2020 o 09:05 Sailaja S  napisał(a):
> When I set Dynamic method invocation to false allowed methods is not
> working. Should allowed-methods  work with SMI?

Those two different things, you can enable DMI but you still need to
define allowed methods.

> How do I invoke multiple methods with the same action? I did post this in
> stackover flow as well.  I appreciate your time and inputs.

Where?

> Currently I have
> 
> 
> 
> search,reset

This isn't a proper Struts config, please provide a real example

> In jsp
> I have two submit buttons that are setting method name upon click. Jsp
> forntag has action=action1

Could you show a real example? I assume you are using

 and 

if so you must enable "struts.mapper.action.prefix.enabled"
https://struts.apache.org/core-developers/action-mapper.html#defaultactionmapper


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: OSGi support

2020-05-11 Thread Lukasz Lenart
sob., 9 maj 2020 o 19:17 James Chaplin  napisał(a):
>  There is probably some value in keeping the OSGi plugin around, at least 
> until it becomes a problem to maintain.  Even with JDK9+ modules, there still 
> seem to be use cases for OSGi (a general interest blog post 
> https://blog.osgi.org/2018/02/osgi-r7-highlights-java-9-support.html provides 
> some interesting reading).
>
>  Maybe reviewing the OSGi plugin in Struts 2.6.x and trying to update it 
> to the most recent OSGi standards might help decide on the question ?

Fair point, I will add a task to update OSGi to the latest version.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts 2.5.23

2020-05-11 Thread Lukasz Lenart
sob., 9 maj 2020 o 19:13 James Chaplin  napisał(a):
>  The only other possible inclusion I could think of after a quick look at 
> open bugs might be a fix for WW-5002.  It was reported as an issue for 2.5.18 
> and the last comment indicated it was probably a bug.

I tried to figure out what's wrong with WW-5002 but couldn't without
providing more information by the reporter. In other case I will close
the ticket and we are good to go.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Issue adding filter to struts2-archetype-starter project

2020-05-04 Thread Lukasz Lenart
Do you see any errors while you starting Tomcat?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Struts 2.5.23

2020-05-03 Thread Lukasz Lenart
Hi,

I'm going to prepare a test build of Struts 2.5.23 which covers those
4 issues. Any other issue should be addressed?

https://issues.apache.org/jira/issues/?jql=project%20%3D%20WW%20AND%20fixVersion%20%3D%202.5.23


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: OSGi support

2020-04-20 Thread Lukasz Lenart
pon., 20 kwi 2020 o 16:53  napisał(a):
> >Yeah, I thought about that. Just wondering who widely this
> >functionality is used and maybe doesn't make sense to support it.
>
> As all the buzz is about microservices these days my gut feeling is that OSGi 
> is pretty much dead.

I have the same, even with incoming support for modules (or is it
already there?), OSGi is a dead end anyway.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: struts 1 to struts 2 migration , virtual form replacement query

2020-04-17 Thread Lukasz Lenart
pt., 17 kwi 2020 o 13:42 Kishore Venkatesh  napisał(a):
>
> Thanks for the response. After I create an action with setters and getters , 
> how can I use this action in javascript functions.

Not sure if I understand, what do you want to achieve? Maybe some example?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: OSGi support

2020-04-15 Thread Lukasz Lenart
śr., 15 kwi 2020 o 10:24 M Huzaifah  napisał(a):
>
> Hii Lucas,
>
> Personally, i am not use OSGi. There is plan to remove this in struts?

Yeah, I thought about that. Just wondering who widely this
functionality is used and maybe doesn't make sense to support it.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



OSGi support

2020-04-14 Thread Lukasz Lenart
Hi,

Does anybody is using OSGi support in Struts these days?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: struts 1 to struts 2 migration , virtual form replacement query

2020-04-14 Thread Lukasz Lenart
wt., 14 kwi 2020 o 12:36 Kishore Venkatesh  napisał(a):
> I'm migrating an application from struts 1 to struts 2, I have some forms and 
> form beans defined  in struts-config.xml . How do I map these into struts 2. 
> I know about struts 2 forms , and mapping form to user bean . My question how 
> do I map virtual forms in struts 2.

You meant DynaActionForm? In such case you must create an action with
all the fields and setters you need. You can always access passed
values via Named Objects, but this rather a weak solution as you loose
framework's conversion and validation abilities.

https://struts.apache.org/tag-developers/ognl-basics#struts-2-named-objects


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Strtus2-jasper plugin rendering

2020-04-12 Thread Lukasz Lenart
sob., 11 kwi 2020 o 11:35 M Huzaifah  napisał(a):

> Dear Lucas and Other,
>
> i am generate PDF from struts using jasper plugin. i’ve found something
> weird. i design my report using Jasper Report Studio (version 6.12.0 the
> newest one) and then add text with bold and italic style, then preview in
> jasper report, there no problem, report render with no issue.
> when i compile my jasper report and let the struts render the report,
> style in text are gone. its like the text without any style on it. and i
> got WARN in my console log :  WARN | Unpatched iText found, cannot use
> glyph rendering
>
> even if i downgrade the version of jasper report library and jasper report
> studio to 6.10.0 version the result still the same.
>
> anyone can give me a solution for render jasper report?
>

Looks like this has nothing to do with Struts
https://stackoverflow.com/questions/51451447/unpatched-itext-found-cannot-use-glyph-rendering


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/


Re: How to reference a struts constant from within struts.xml?

2020-04-10 Thread Lukasz Lenart
pt., 10 kwi 2020 o 15:51 Burton Rhodes  napisał(a):
>
> Done.  The JIRA ticket is located here:
> https://issues.apache.org/jira/browse/WW-5066

Thanks a lot!


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: How to reference a struts constant from within struts.xml?

2020-04-09 Thread Lukasz Lenart
czw., 9 kwi 2020 o 16:58 Burton Rhodes  napisał(a):
>
> Is it possible to reference a Struts constant from within the same file?
> In other words, I would like to define a constant inside my struts.xml file
> and then reference that constant further down in the file.
>
> For example:
>
> [struts.xml]
> 
>
> 
>  
>
> 
>  class="com.afs.web.struts.action.xaction.XactionActivityGenericAction"
> method="update">
> 
> 
>  name="fileUpload.maximumSize">${afs.maxFileSize}

This rather won't work directly, as ${...} is executed in context of
an action, which means the "afs.maxFileSize" must be action's
property. Anyway this looks like an interesting idea, would you mind
registering a ticket in JIRA with this proposal?

... but you can use @Inject("afs.maxFileSize") in your action (you can
use either constructor or field injection) and then reference it via a
getter from the action, eg.: getMaxFileSize -> ${maxFileSize}


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Tiles upgrade Path

2020-03-31 Thread Lukasz Lenart
pon., 30 mar 2020 o 16:16 amit vijayvargee 
napisał(a):
> Whilst building the struts 2.5.20 with struts tiles plug-in, I'm getting 
> apache tiles 3.0.8 version jars. As you aware of apache tiles project is out 
> of support now. Is there any future plan to remove these dependency from 
> struts?

Not sure if I understand your question, you want to have the
tiles-plugin without dependency on Tiles itself? Or you meant that we
should throw away the tiles-plugin?

> Due to this apache tiles out of support issue we can't upgrade application to 
> newer version of struts.
> Any help or suggestion would be really appreciated.

Re-write your application to avoid using Tiles, then you don't have to
include the tiles-plugin.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Tiles upgrade Path

2020-03-23 Thread Lukasz Lenart
pon., 23 mar 2020 o 10:41 amit vijayvargee 
napisał(a):
> We are currently looking to migrate struts 2.3 and tiles 2 to newer version. 
> As per the security scan, existing tiles (2.0) version is deprecated and 
> reported some vulnerability in it.
> Could you please help to answer following queries?
> •   Possible options to migrate to newer version, we are planning to 
> upgrade to struts 2.5 with tiles plugin, please confirm
> •   Any migration documentation or reference link would be helpful
> •   Any challenges/issues during the upgrade cycle?

Have you read this
https://cwiki.apache.org/confluence/display/WW/Struts+2.3+to+2.5+migration
?

> •   Support lifecycle & maintainability of struts2-tiles-plugin

Same as Struts

> •   As per the maven repository struts2-tiles-plugin has only compile 
> tile dependency upon tiles-jars (core, api etc..) and doesn’t required to 
> bundle with the deployable artifact (.war)?

It will be bundled once you will use a propre Maven package format.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: [S2] getOutputStream() has already been called error?

2020-03-15 Thread Lukasz Lenart
wt., 10 mar 2020 o 15:35 Burton Rhodes  napisał(a):
> 
> 
> 
> 
> 
> true
> ERROR
> 

I would move your "exceptionInterceptor" to be the very first
interceptor in the stack, it looks like it catches an exception but
redirect to error.jsp cannot be handled as some response was already
committed.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: OGNL in struts tag

2020-02-23 Thread Lukasz Lenart
Ach. my bad, I just checked how "name" is resolved in "UIBean" instead
of analysing it into deep and I messed up things with "value"
attribute, my explanation below

niedz., 23 lut 2020 o 23:06 John Bush  napisał(a):
> 
>  

This works because of %{} and "a" was pushed onto the top of
ValueStack, so all its properties are accessible

>  

This won't work because "name" is evaluated but only if it contains
%{} - this allows build dynamic names like: name="user_%{expr}_id" or
name="%{user_id}"

>  

As "a" was pushed into to the ValueStack, we must strictly say which
scope we are interested in, so we must use "#" to use "a" scope:
name="%{#a.formcolumnName}"
We can use "a" directly: name="%{a}" but then it will be evaluated as
"a.toString()" because "name" expects String

Sorry for my misleading answer before :(

Please let me know if I should extend the Tag Syntax guide
https://struts.staged.apache.org/tag-developers/tag-syntax.html


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: OGNL in struts tag

2020-02-23 Thread Lukasz Lenart
pt., 21 lut 2020 o 04:05 M Huzaifah  napisał(a):
> 
> 
> 
> the jsp has error:
>
> Struts Problem Report
>
> Struts has detected an unhandled exception:
>
> Messages:
> /pages/common/genericform/genericMain.jsp (line: 165, column: 24) According 
> to TLD or attribute directive in tag file, attribute name does not accept any 
> expressions
> File:   org/apache/jasper/compiler/DefaultErrorHandler.java
> Line number:41

Yes, this is by design, we didn't want to base on ${} which is out of
Struts control and evaluated by a servlet container (Tag support
layer). That's why we used %{} instead, but ...

> cause the error above, then i state attribute name on struts tag does not 
> accept any expressions. if i test to just print like code bellow thats no 
> problem:
>
> 
> ${a.formcolumnName}
> 
> so, i read your documentation about the expression, then i change my code 
> bellow:
>
> 
> 
> 
> it works perfectly, thank you Lucas.

... in such a case you don't have to use %{} at all, the "name"
attribute will be evaluated against ValueStack as an expression.
 tag pushes value into ValueStack (named "a" in your
case, but this is not required if not used), all the object's
properties are available in scope (inside) of the iterator by their
names, so this can be reduced to






Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: OGNL in struts tag

2020-02-20 Thread Lukasz Lenart
wt., 18 lut 2020 o 17:04 M Huzaifah  napisał(a):
> Thank you Lucas, my goal is render the struts tag based on list of column
> name that i've set before. So i have to iterate the list of column using
> jstl than put the "name" on attribut name in struts tag. From here,  i
> think i miss understanding about struts tag. I use struts 2.5x that not
> support for expressions anymore.

Wait, what? Struts tags do not support expressions? Where did you find
such information? Did you read that?
https://struts.apache.org/tag-developers/tag-syntax.html (improved
version I'm working on right now
https://struts.staged.apache.org/tag-developers/tag-syntax.html)

Also Struts tags are using our internal mechanism which prevents
evaluating malicious expressions, in case of using JSTL you don't have
such control and as those tags are out of Struts control you can
mistakenly inject a malicious code
https://struts.apache.org/security/#internal-security-mechanism

Also using JSTL and Struts tags in the same JSP is like using Java and
Kotlin to write the same code. Anyway, Bad Idea.


Regards

--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: OGNL in struts tag

2020-02-18 Thread Lukasz Lenart
wt., 18 lut 2020 o 05:22 M Huzaifah  napisał(a):
> I've looking for solution how to create struts2 tag could generate
> dynamically. This is my code:
>
> 
>  
> 

You shouldn't mix Struts and non-Struts tags, this is a bad idea. Why
don't you use  here?
https://struts.apache.org/tag-developers/iterator-tag.html

And I'm not sure what do you want achieve with this strange syntax
"name:${column.columnName}"?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: S2.5.22 custom StrutsTypeConverter values parameter has changed?

2019-12-29 Thread Lukasz Lenart
niedz., 29 gru 2019 o 20:38 Burton Rhodes  napisał(a):
>
> It appears I needed to change my tag to the following (removing the null
> check from within the getText() method):
>
>  value="%{xaction.splitAssistant != null
> ? getText('format.percent',{xaction.splitAssistant * 100}) : ''}" />

I assume you have migrated from 2.5.20 to 2.5.22? Would you mind
creating a JIRA ticket? I would like to investigate this issue deeper.
It can be also a problem of nested expressions as you embedded an
expression inside "%{getText()}" expression.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: S2.5.22 custom StrutsTypeConverter values parameter has changed?

2019-12-29 Thread Lukasz Lenart
niedz., 29 gru 2019 o 19:34 Burton Rhodes  napisał(a):
>
> After upgrading to v2.5.22 my custom StrutsTypeConverters are having issues
> when the passed html form parameter is empty (or null).
>
> Specifically in my overridden convertFromString(context, values, toClass)
> method, the values parameter now contains
> values[0]="ognl.NoConversionPossible".  In v2.5.20, the values[0]="".
>
> Do you know why values[] contains this error text rather than the actual
> empty value like it used to?  Is there a setup issue on my end?

Do you use the same version of OGNL as provided with Struts?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: convention plugin Issue

2019-12-18 Thread Lukasz Lenart
Feel free to register a ticket in JIRA, but this is something low
priority rather.


Regards
Lukasz

sob., 7 gru 2019 o 12:58 Zahid Rahman  napisał(a):
>
> I think the convention plugin should perform a validation a check for the
> presence of multiple same class names within different
> package names. That ambiguity has been shown by my test.
> After all it is quite feasible and likely that we could have multiple same
> class names from different package names
> from jars which have been placed on the classpath.
> We cant have the convention plugin randomly (as shown by my test)
> executing random code.
>
> On Sat, 7 Dec 2019 at 10:51, Yasser Zamani  wrote:
>
> > Hi,
> >
> > I guess that the behavior of defining actions with same name and namespace
> > is undefined. I think it's not an issue because Convention Plugin has no
> > avenue to distinguish between them when you request
> > http://localhost:8080/hello-world.
> >
> > Regards.
> >
> > >-Original Message-
> > >From: Zahid Rahman 
> > >Sent: Thursday, December 5, 2019 4:51 PM
> > >To: Struts Users Mailing List 
> > >Subject: convention plugin Issue
> > >
> > >Hi,
> > >
> > >On this page
> > >https://struts.apache.org/plugins/convention/#setup
> > >
> > >if I have  com.example.actions.HelloWorld.java
> > >and
> > >uk.mypackage.actions.HelloWorld.java
> > >with  url http://localhost:8080/hello-world then
> > >uk.mypackage.actions.HelloWorld.java  execute is run.
> > >
> > >If I have
> > >uk.example.actions.HelloWorld.java
> > >and
> > >com.example.actions.HelloWorld.java
> > >then  com.example.actions.HelloWorld.java  execute is run.
> > >
> > >uk.mypackage.actions.HelloWorld,java overrides the other two.
> >

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Java Singleton , Framework Design Patterns

2019-12-11 Thread Lukasz Lenart
czw., 12 gru 2019 o 06:13 Zahid Rahman  napisał(a):
> So my point is I have not been able to find accurate information , if some
> one could furnish me a Java language specification or recommend  a book
> which accurately describes these I would be grateful.

Start with Gang of Four
http://www.blackwasp.co.uk/gofpatterns.aspx


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: struts2.5.22 + tiles3.0.8 + commons-beanutils to version 1.9.4

2019-12-10 Thread Lukasz Lenart
wt., 10 gru 2019 o 15:29 Emi  napisał(a):
>
>
> org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG
>
>
>   /WEB-INF/tiles/menu/tiles-menu.xml
>
> 

Please use "org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG"
as this has changed in Tiles 3 - also

> As from Struts 2.3.28, the plugin automatically loads all Tiles definitions 
> matching the following pattern tiles*.xml - you don’t have to specify them 
> via org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG in 
> web.xml, but you can use this option if your application is going to work in 
> restricted servlet environment e.g. Google AppEngine. In such case, 
> definitions will be read from the provided init-param


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: struts2.5.22 + tiles3.0.8 + commons-beanutils to version 1.9.4

2019-12-10 Thread Lukasz Lenart
wt., 10 gru 2019 o 14:15  napisał(a):
> > Why do you use "CompleteAutoloadTilesListener" ? And as far I see
> > everything works in the Showcase app
>
> My application based on tiles3 + struts. As suggested by
> https://struts.apache.org/plugins/tiles-3/ ,
> CompleteAutoloadTilesListener is used. If there are other config that
> could help set tiles3 + struts, could you help suggest please?

As mentioned on the page:
| This plugin was dropped in Struts 2.5, instead please use Tiles
Plugin which was extended and upgraded to Tiles 3.

So please switch into the Tiles Plugin and all you need is this:


  org.apache.struts2.tiles.StrutsTilesListener


https://struts.apache.org/plugins/tiles/


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: struts2.5.22 + tiles3.0.8 + commons-beanutils to version 1.9.4

2019-12-09 Thread Lukasz Lenart
pon., 9 gru 2019 o 16:55  napisał(a):
>
> Hello,
>
> Based on struts2.5.22 + tiles3.0.8 + commons-beanutils to version 1.9.4,
>
>
> got the following error:
>
> org.apache.catalina.core.StandardContext listenerStart
> SEVERE: Exception sending context initialized event to listener
> instance of class
> org.apache.tiles.extras.complete.CompleteAutoloadTilesListener
> org.apache.velocity.tools.config.ConfigurationException: Couldn't
> instantiate instance of tool for: Tool 'tiles' => null with 1
> properties [key -auto-> tiles; ](java.lang.NullPointerException)

Why do you use "CompleteAutoloadTilesListener" ? And as far I see
everything works in the Showcase app


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts 2.5.22 and memory?

2019-12-08 Thread Lukasz Lenart
niedz., 8 gru 2019 o 22:30 Heikki Hyyrö (TAU)  napisał(a):
>
> I am wondering if this is just a coincidence... But a site I am running
> with Struts 2 started to output errors of form
>
>  > Exception in thread "ajp-bio-8009-exec-164" Exception in thread
> "ajp-bio-8009-exec-183" Exception in thread "ajp-bio-8009-exec-151"
> java.lang.OutOfMemoryError: Java heap space
>
> within a couple of hours after having updated from Struts 2.5.20 to 2.5.22.
>
> As I have not encountered this type of errors on that site before, I am
> wondering if something in Struts 2.5.22 could increase memory usage? It
> could of course be just a coincidence, but the timing is a bit suspicious.

Any more details? Did that happen again in few hours? Did you change
configuration or use the new security options?
https://struts.apache.org/security/#proactively-protect-from-ognl-expression-injections-attacks-if-easily-applicable


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: specific : WARNING : Redundant code

2019-12-02 Thread Lukasz Lenart
sob., 16 lis 2019 o 12:24 zahis Rahman  napisał(a):
>
> Thank you.
> I am just pleased that I found a JVM [JDK8 ] version which ensures stability 
> in the underlying application dependency.
> IBM  are also  only releasing jdk8,  I suspect they are also waiting for the 
> resolution.  The same error was appearing in Spring frame work..

Struts 2.5.22 was officially released so you can check it on Java 11

> Also I like to mention that the following code is redundant in the blank 
> application template in Web.xml and  index.html due the way struts2 framework 
> works.
>
> 
> index.jsp
> 

Hm... I recall some issues when request is FORWARDed, instead of a
pure request. I would left it as this is also a good documentation
like option.


Regard
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



[ANN] Apache Struts 2.5.22

2019-11-29 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.22 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce.html#a20191129

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.

Please be aware of new security enhancements added to the version of
Struts, they are disabled by default but please consider enabling them
to increase safety of you application. You will find more details in
our Security Guide.
https://struts.apache.org/security

Below is a full list of all changes:

- File upload fails from certain clients
- Not existing property in listValueKey throws exception
- Can't get OgnlValueStack log even if enable logMissingProperties
- No more calling of a static variable in Struts 2.8.20 available
- NullPointerException in ProxyUtil class when accessing static member
- EmptyStackException in JSON plugin due to concurrency
- Tiles bug when parsing file:// URLs including # as part of the URL
- Accessing static variable via OGNL returns nothing
- HttpParameters.Builder can wrap objects in two layers of Parameters
- Binding Integer Array upon form submission
- Double-submit of TokenSessionStoreInterceptor broken since 2.5.16
- xerces tries to load resources from the internet
- Dispatcher prints stacktraces directly to the console
- The content allowed-methods tag of the XML configuration is
sometimes truncated
- OGNL: An illegal reflective access operation has occurred
- java.lang.reflect.InvocationTargetException - Class:
com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector
- Struts2 convention plugin lacks Java 11 support
- Upgrade SLF4J to latest 1.7.x version
- Minor enhancement/fix to AbstractLocalizedTextProvider
- Provide mechanism to clear OgnlUtil caches
- Struts 2 unit testing using StrutTestCase class
- Upgrade Jackson library to the latest version
- Upgrade to OGNL version 3.1.22
- Update a few Struts 2.5.x libraries to more recent versions
- Upgrade commons-beanutils to version 1.9.4
- Upgrade jackson-databind to version 2.9.9.3
- Upgrade to OGNL 3.1.26 and adapt to its new features

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.

All developers are strongly advised to perform this action.

The 2.5.x series of the Apache Struts framework has a minimum
requirement of the following specification versions: Servlet API 2.4,
JSP API 2.0, and Java 7.

Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list, and, if
appropriate, file a tracking ticket.

You can download this version from our download page
https://struts.apache.org/download.cgi#struts-ga


Kind regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: /struts-2.5.22-all.zip where can download

2019-11-25 Thread Lukasz Lenart
niedz., 24 lis 2019 o 06:15 Zahid Rahman  napisał(a):
> "struts cookbook" button is unresponsive on main page
> http://localhost:8080/struts2-showcase/index.action
> It was unresponsive in the previous version too.

Thanks, changed to point to https://github.com/apache/struts-examples


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: specific : WARNING

2019-11-15 Thread Lukasz Lenart
pt., 15 lis 2019 o 21:31 zahis Rahman  napisał(a):
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by 
> com.opensymphony.xwork2.util.AbstractLocalizedTextProvider 
> (file:/C:/Users/zahid/.m2/repository/org/apache/struts/struts2-
> core/2.5.20/struts2-core-2.5.20.jar) to field 
> java.util.ResourceBundle.cacheList
> WARNING: Please consider reporting this to the maintainers of 
> com.opensymphony.xwork2.util.AbstractLocalizedTextProvider
> WARNING: Use --illegal-access=warn to enable warnings of further illegal 
> reflective access operations
> WARNING: All illegal access operations will be denied in a future release

Struts 2.5.x is not fully compatible with JDK11+, but soon we will
release a new version which should resolve the problem.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: s:property #attr working in header.jsp but not HTTP 404.jsp

2019-11-15 Thread Lukasz Lenart
pt., 15 lis 2019 o 16:06 albert kao  napisał(a):
>
> How to fix it?
> I like to use a variable instead of hard coding like this:
> ">

It isn't about JavaScript, but how do you redirect/forward to such JSP
page? You should define a global action `404.action` and use it
instead of the JSP


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: s:property #attr working in header.jsp but not HTTP 404.jsp

2019-11-15 Thread Lukasz Lenart
pt., 15 lis 2019 o 14:13 albert kao  napisał(a):
> but displays an empty string
> in http404.jsp ("Page Not Found"):
>">

How do you access the http404.jsp? Directly, out of action? If so,
there is no context that's why #attr doesn't work


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Migrating the Migration Guide

2019-11-11 Thread Lukasz Lenart
Hi,

I have re-organised our main Confluence space and renamed it to
"Apache Struts 2 Wiki", it's a source of our Migration Guide and
Security Bulletins.

https://cwiki.apache.org/confluence/display/WW

Please be aware that we host two more spaces at Confluence
https://cwiki.apache.org/confluence/display/S2WIKI/Welcome+to+Apache+Struts2+Community+Wiki
https://cwiki.apache.org/confluence/display/S2PLUGINS/Home

Any comments are welcome :)


Regard
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Struts 2.5.21 release date

2019-10-25 Thread Lukasz Lenart
śr., 23 paź 2019 o 16:47 Sebastian Götz 
napisał(a):
> can you tell us when there will be the next bug fix release for Struts
> 2.5? Some work has been done towards java 11 compatibility on 2.5.21 but
> I see no changes lately.
> According to the project status of Struts2 in the Apache JIRA there is
> no planned release date either.

There is one issue that should be addressed and we good to go. So
maybe in a few days/weeks we can prepare a new release.

https://issues.apache.org/jira/issues/?jql=project%20%3D%20WW%20AND%20fixVersion%20%3D%202.5.21


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: How to auto submit a jsp page after loading

2019-10-03 Thread Lukasz Lenart
czw., 3 paź 2019 o 13:57 albert kao  napisał(a):
>
> How to auto submit a jsp page after loading is done?
> i.e. after a jsp page is completely loading, it will auto submit - advance
> to the next page without one of the Submit buttons is pressed or a link is
> clicked.
> This is desired for saving time when testing a web application.

The only option is to use JavaScript IMO


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Migrating the Migration Guide

2019-09-23 Thread Lukasz Lenart
sob., 21 wrz 2019 o 11:26 Yasser Zamani  napisał(a):
>
> Hi,
>
> Sorry I cannot recall why we should migrate -- Have INFRA compelled us and 
> Confulence is going to be removed? Or just to beautify?

No, we don't have to migrate. We did so with the site and other guides
just because it's easier for others to fix/add new content. And the
final thing to resolve is what to do with the Migration Guide, we can
re-organise the Confluence space and leave it there or maybe move it
where the rest of the guides is to keep it simple.

> Anyway, I think we can use a Jekyll/Ruby custom tag component which at site 
> build time, downloads that Confulence's page html as an anonymous user and 
> includes it in output -- like what I've already done for some snippets.

Right now I think that it would be better to leave the guide where it
is, just to clean up the space.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Migrating the Migration Guide

2019-09-20 Thread Lukasz Lenart
Hi,

The very last thing to migrate from Confluence to Markdown is our
Migration Guide [1]. The only problem with having all in .md files and
exposed via Git is that with Confluence we can restrict access to
particular pages which is useful when we are preparing a security
release. We can prepare the Version Notes without exposing any
information to public, clarify things and so on. Having all in .md
files won't be possible to do so.

I wonder what can of flow would help us still use Confluence in such
cases but keep the final docs in .md files, do you have some ideas?

[1] https://cwiki.apache.org/confluence/display/WW/Migration+Guide


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



[ANN] Apache Struts 2.3.x EOL

2019-09-16 Thread Lukasz Lenart
As announced over 6 months ago, Apache Struts 2.3.x web framework
series reached its end of life and won’t be longer officially
supported. Please check the following reading to find more details:

https://struts.apache.org/struts23-eol-announcement
https://struts.apache.org/announce#a20190912


Kind regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Site staging

2019-09-13 Thread Lukasz Lenart
Hi,

Based on the latest Infra improvements I have prepare a build to stage
all PRs opened against our webpage here [1]. There is a Jenkins build
[2] that will perform the job which I'm testing now, there are some
problems but hopefully I will solved them soon :)

[1] https://struts.staged.apache.org/
[2] https://builds.apache.org/view/S-Z/view/Struts/job/Struts-staged-site/


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Structs 2 Junit plugin

2019-05-24 Thread Lukasz Lenart
pt., 24 maj 2019 o 08:48 Kiran Kumar  napisał(a):
> While trying to execute Junit test cases for Struts 2 on  Zulu JDK 11.0 we
> are getting an error.
> The issue is the package org.apache.struts2 is accessible by more than one
> module (Struts 2 core module and Struts 2 Junit plugin module). And we have
> raised JIRA https://issues.apache.org/jira/browse/WW-5032?filter=-2. But
> still we have not received expected answer. We are making use of all latest
> versions of jars related to Struts 2.

As far I see you are using Eclipse and Eclipse provides its own set of
Struts JARs, try to disabled the one provided by Eclipse.

> Below is pom.xml for the sample project.
> Cp1252

Out of context: you should use UTF-8


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Migration Help for angular2

2019-05-22 Thread Lukasz Lenart
wt., 21 maj 2019 o 18:17 Gopal, Siva Prakash (US - Mechanicsburg
Delivery)  napisał(a):
>
> Thanks for your help
>
> Do we have recommended approach to handle this. One.
>
> Do we need to add any wrapper on top of the existing action class. Can you 
> please suggest some approach on it.

Not sure what do you mean by that, all depends on your application
setup and what plugins do you use, etc. Asking more precise questions
can help get answers.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Upgrade from struts 2.3.37 to struts 2.5.20 issue.

2019-05-22 Thread Lukasz Lenart
Hi,

Did you follow the migration guideline?
https://cwiki.apache.org/confluence/display/WW/Struts+2.3+to+2.5+migration

Regards
Lukasz

wt., 21 maj 2019 o 18:45 HuiFung@GMail  napisał(a):
>
> encounter issue when .ear file deployed in Weblogic 12.1.3.0.0 server.
>
> Error: Struts Dispatcher cannot be found...
>
> Upgraded the necessary jar files such as struts core, json and updates the
> necessary properties file. but still encounter the struts dispatcher error.
>
> any idea what did I missed out? project is using ANT build and also is a
> non-maven project.
>
> Regards,
>
> Hui Fung
> Sent from G-Mail

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Migration Help for angular2

2019-05-16 Thread Lukasz Lenart
wt., 14 maj 2019 o 16:50 Gopal, Siva Prakash (US - Mechanicsburg
Delivery)  napisał(a):
> Our current application is developed based on Strut2 with presentation layer 
> as JSP. We would like to upgrade presentation layer as responsive (Planning 
> to use Angular 6) and continue to reuse our backend code base (Strut2 as 
> controller).
>
> On high-level, we understand that add JSON plugin 
> https://struts.apache.org/plugins/json/  to get all class level parameter in 
> action class as json. But how to reuse chaining (one action to another action 
> class), validation method in action class, etc..

You can return validation errors via JSON as well [1] and chaining
will work as usual

[1] https://struts.apache.org/plugins/json/json-ajax-validation


Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: How to Strtus2-Rest plugin could create /user/{id}/{branch} URL Pattern

2019-05-15 Thread Lukasz Lenart
niedz., 12 maj 2019 o 07:49 M Huzaifah  napisał(a):
>
> Dear All,
>
> i’am stuck how to create /user/{id}/{branch}/{xx} URL Pattern using 
> Struts-convention and Struts2-rest plugin.
> there is a way to make it done?

The REST plugin doesn't support such configuration now, you can try to
play with RestfulMapper instead

https://struts.apache.org/core-developers/restful-action-mapper.html


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: [struts-user] XML based configuration

2019-04-17 Thread Lukasz Lenart
pon., 4 lut 2019 o 23:16 Dave  napisał(a):
>
> Hi Lukasz,
>
> Here's a summary of how Roller uses Struts and Tiles:
>
> Roller uses the StrutsPrepareAndExecute filter and maps it to all requests
> ending with “.rol”
> https://github.com/apache/roller/blob/master/app/src/main/webapp/WEB-INF/web.xml
>
> Roller’s actions are defined in struts.xml and return results of type
> “tiles”
> https://github.com/apache/roller/blob/master/app/src/main/resources/struts.xml
>
> Roller’s JSP pages are kept under /WEB-INF/jsps to prevent direct access to
> them. You can see that in the tiles.xml file
> https://github.com/apache/roller/blob/master/app/src/main/webapp/WEB-INF/tiles.xml
>
> Hope that is helpful. What else can I tell you about Roller and it's use of
> Struts & Tiles?

In my opinion it all looks good, I don't see any problems in your
current setup. Sorry for a late answer, I did review it early but
totally forgot to post my findings :(


Kind regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: disallowProxyMemberAccess

2019-04-17 Thread Lukasz Lenart
And I hope 2.5.21 will be available very soon, in few weeks :)

śr., 17 kwi 2019 o 09:40 Lukasz Lenart  napisał(a):
>
> wt., 16 kwi 2019 o 16:11 Britta Katzenbach  napisał(a):
> > We run into the same issue as described in WW-5004 after the update from 
> > 2.5.18 to 2.5.20. It works, if we set struts.disallowProxyMemberAccess to 
> > false as discribed in the bug. We use spring plugin. No the question how 
> > should the property be set? What is the idea of this property? Do you think 
> > it will have other impacts if we leave it to false? Do you recommend moving 
> > back to 2.5.18 or downgrading ognl? As I see it is fixed in 2.5.21, do you 
> > have any perspective when it will be available?
>
> The idea behind this property is to block access to proxified
> beans/properties. As you know, Spring will wrap any bean with a proxy
> to control access to the bean's propertie (this is required to inject
> dependencies). This property disables access to proxie's itself
> properties with an OGNL expression. I'm don't know how much your
> application is exposed to the internet because this is purely a
> possible security flaw that can be used by attackers. Downgrading OGNL
> can be a good idea instead of disabling this property.
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: disallowProxyMemberAccess

2019-04-17 Thread Lukasz Lenart
wt., 16 kwi 2019 o 16:11 Britta Katzenbach  napisał(a):
> We run into the same issue as described in WW-5004 after the update from 
> 2.5.18 to 2.5.20. It works, if we set struts.disallowProxyMemberAccess to 
> false as discribed in the bug. We use spring plugin. No the question how 
> should the property be set? What is the idea of this property? Do you think 
> it will have other impacts if we leave it to false? Do you recommend moving 
> back to 2.5.18 or downgrading ognl? As I see it is fixed in 2.5.21, do you 
> have any perspective when it will be available?

The idea behind this property is to block access to proxified
beans/properties. As you know, Spring will wrap any bean with a proxy
to control access to the bean's propertie (this is required to inject
dependencies). This property disables access to proxie's itself
properties with an OGNL expression. I'm don't know how much your
application is exposed to the internet because this is purely a
possible security flaw that can be used by attackers. Downgrading OGNL
can be a good idea instead of disabling this property.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: Logging problem

2019-04-11 Thread Lukasz Lenart
śr., 10 kwi 2019 o 11:20 Tamás Barta  napisał(a):
>
> Hi,
>
> We use JBoss as AS where logging is based on Log4J version 1. I see that
> Struts 2 uses Log4J version 2 and my problem is that how can I route Struts
> logging messages to the Log4J inside JBoss. I guess I need a bridge-like
> Log4J2 appender which logs into a Log4J Logger, but I couldn't find one.
> Configuring Log4J2 to log into stdout or file is not an option.

Did you try to ask guys from Log4j2 project?


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: getText with multiple parameters not populating correctly

2019-04-02 Thread Lukasz Lenart
wt., 2 kwi 2019 o 16:54 Dave Newton  napisał(a):
>
> Single-quotes must be escaped using double single-quotes; single quotes are
> used to allow non-resource strings. IIRC this is just how `MessageFormat`
> works.

Yeah... getText() is using MessageFormat so you must properly escape
your messages

https://docs.oracle.com/javase/7/docs/api/java/text/MessageFormat.html


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: getText with multiple parameters not populating correctly

2019-04-02 Thread Lukasz Lenart
wt., 2 kwi 2019 o 04:46 Affan Osman  napisał(a):
>
> I am using version 2.5.17. I am not using any custom text provider.
>
> I tried the same example as in the unit test but still only first parameter 
> gets populated. The second and third show as [1] and [2].

Could you share your struts.xml? This is rather something with your
config, I have tested the same in my app and everything looks good:

System.out.println(getText("test.key", new String[] { "A", "B", "C" }));

test.key={0} is {1} and {2}

"A is B and C"


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



Re: getText with multiple parameters not populating correctly

2019-03-31 Thread Lukasz Lenart
sob., 30 mar 2019 o 20:03 Affan Osman  napisał(a):
>
> I am passing in three parameters to getText but only the first one gets
> populated.
>
> getText("error.invalidcode", new String[] {"name", "num", "1az"});
>
> And in my ApplicationResources.properties
>
> error.invalidcode={0} and {1} property has error with code {2}.
>
> I am getting the following result: name and {1} property has error with
> code {2}.
>
> Where I was expecting:
>
> name and num property has error with code 1az.
>
> What am I missing?

Struts version? Can you post your struts.xml? Maybe you are using a
custom TextProvider.

As you see there is a unit test that covers such functionality [1]
[1] 
https://github.com/apache/struts/blob/master/core/src/test/java/com/opensymphony/xwork2/DefaultTextProviderTest.java#L89


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org



  1   2   3   4   5   6   7   8   9   10   >