Beware of this vulnerability: http://www.brucephillips.name/blog/index.cfm/2011/2/19/Struts-2-Security-Vulnerability--Dynamic-Method-Invocation
Cheers, J. On Tue, Nov 13, 2012 at 4:41 PM, Wu Ming <rdyf4e...@gmail.com> wrote: > Hi, > > Never mind, I had found the solution: you have to set > "struts.enable.DynamicMethodInvocation" to true. > > > On Tue, Nov 13, 2012 at 7:52 PM, yang shoujun <yangshou...@139.com> wrote: > > Your form action shoud be employAction!doSearch.do > > > > Wu Ming <rdyf4e...@gmail.com>编写: > > > >>Hi, > >> > >>I'm using struts-2.3.4 and running apache tomcat 7. > >> > >>I have a form in search.jsp. There are two submit buttons: "Search" > >>and "Add New" button. I had set each button with their own method > >>attribute: > >> > >><s:form name="searchForm" action="employeeAction" method="post"> > >> <s:textfield name="id" label="Employee ID"/> > >> <s:textfield name="name" label="Employee Name"/> > >> > >> <s:submit value="Search" method="doSearch"/> > >> <s:submit value="Add New" method="doAddNew"/> > >></s:form> > >> > >> > >>In struts.xml: > >> > >><?xml version="1.0" encoding="UTF-8" ?> > >><!DOCTYPE struts PUBLIC > >> "-//Apache Software Foundation//DTD Struts Configuration 2.3//EN" > >> "http://struts.apache.org/dtds/struts-2.3.dtd";> > >> > >><struts> > >> > >> <constant name="struts.enable.DynamicMethodInvocation" value="false" > /> > >> <constant name="struts.devMode" value="true" /> > >> > >> <package name="default" namespace="/" extends="struts-default"> > >> > >> <global-results> > >> <result name="error">/error.jsp</result> > >> </global-results> > >> > >> <global-exception-mappings> > >> <exception-mapping exception="java.lang.Exception" > result="error"/> > >> </global-exception-mappings> > >> > >> </package> > >> > >> <package name="example" namespace="/example" extends="default"> > >> > >> <action name="employeeAction" class="example.EmployeeAction"> > >> <result name="search">/example/search.jsp</result> > >> <result name="add">/example/add.jsp</result> > >> </action> > >> > >> </package> > >></struts> > >> > >> > >>In EmployeeAction class: > >> > >>public class EmployeeAction extends ActionSupport { > >> > >> private static final Logger logger = > >>Logger.getLogger(EmployeeAction.class); //log4j > >> > >> @Override > >> public String execute() throws Exception { > >> > >> logger.info("Calling execute!"); > >> > >> return SUCCESS; > >> } > >> > >> public String doSearch() throws Exception { > >> > >> logger.info("Calling doSearch!"); > >> > >> return "search"; > >> } > >> > >> public String doAddNew() throws Exception { > >> > >> logger.info("Calling doAddNew!"); > >> > >> return "add"; > >> } > >>} > >> > >>The problem is when I clicked "Search" or "Add New" button in jsp, the > >>method doSearch() or doAddNew() was never called, instead execute() > >>method was called. > >> > >>What is wrong with my code above? Anyone know? > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
