Thanks Chris! There was a security release between - 2.3.4.1 - have you tried it?
Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ 2013/5/8 CRANFORD, CHRIS <chris.cranf...@setech.com>: > After some final digging, this appears to only surface in devMode=true on > builds 2.3.12 and 2.3.14 regarding ParametersInterceptor.java:329. If this > was related to the security fix for parameter names, wouldn't the > exception/problem occur in both devMode and non-devMode? I'm confused as to > what is the culprit here. > > -----Original Message----- > From: CRANFORD, CHRIS [mailto:chris.cranf...@setech.com] > Sent: Wednesday, May 08, 2013 9:25 AM > To: Struts Users Mailing List > Subject: OGNL Exception after upgrading from 2.3.4 to 2.3.14 > > We have several forms in our Struts2 application that pass values to the > action like the following: > > <s:textfield name="items[0]" size="30" maxlength="100" /> > <s:textfield name="items[1]" size="30" maxlength="100" /> > <s:textfield name="items[2]" size='30" maxlength="100" /> > > This worked beautifully prior to the upgrade but now I get the following OGNL > exception: > > Unexpected Exception caught setting 'items[0]' on 'class > com.setech.dw.inventory.web.ItemSearchAction: Error setting expression > 'items[0]' with value '[Ljava.lang.String;@738b650c' > File: OgnlRuntime.java > Method: setProperty > Line: 2326 - ognl/OgnlRuntime.java:2326:-1 > at > com.opensymphony.xwork2.ognl.OgnlValueStack.handleOgnlException(OgnlValueStack.java:215) > at > com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:176) > at > com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:152) > at > com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:329) > at > com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:241) > at > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:176) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:193) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:187) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.setech.dw.common.web.interceptors.LocaleContextInterceptor.intercept(LocaleContextInterceptor.java:43) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:176) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.setech.dw.common.web.interceptors.MenuInterceptor.intercept(MenuInterceptor.java:58) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.setech.dw.common.web.interceptors.AuditInterceptor.intercept(AuditInterceptor.java:81) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.setech.dw.common.web.interceptors.TimerInterceptor.intercept(TimerInterceptor.java:141) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.setech.dw.common.web.interceptors.SiteOverrideInterceptor.intercept(SiteOverrideInterceptor.java:63) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.setech.dw.common.web.interceptors.LoggingInterceptor.intercept(LoggingInterceptor.java:88) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.setech.dw.common.web.interceptors.SeekExceptionInterceptor.intercept(SeekExceptionInterceptor.java:48) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54) > at > org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:546) > at > org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77) > at > org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:91) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) > at > com.setech.dw.security.filter.ChangePasswordFilter.doFilterInternal(ChangePasswordFilter.java:105) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:181) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) > at > org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) > at > org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1822) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:722) > Caused by: ognl.OgnlException: target is null for setProperty(null, "0", > [Ljava.lang.String;@738b650c) > at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:2326) > at ognl.ASTProperty.setValueBody(ASTProperty.java:127) > at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220) > at ognl.SimpleNode.setValue(SimpleNode.java:301) > at ognl.ASTChain.setValueBody(ASTChain.java:227) > at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220) > at ognl.SimpleNode.setValue(SimpleNode.java:301) > at ognl.Ognl.setValue(Ognl.java:737) > at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:224) > at > com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:187) > at > com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:174) > ... 91 more > > The action doesn't allocate memory for the List<String> property and never > has. > Is there something I may have missed that I need to change from upgrading > from 2.3.4 to 2.3.14? > > Thanks, > Chris > > > Email secured by Check Point > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
