Hello,
hi to everyone,
i've been researching the last week all over the web in relation to the
last 3 or 4 versions of struts 2.3.x,
it is in my understanding that certain changes have been applied to the
framework regarding security issues as
mentioned in
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.16
security fixes from version 2.3.15.1, 2.3.15.2 , 2.3.15.3 and 2.3.16
My organization is currently using struts version 2.1.8.1 , so far we've
been able to call methods from an action class from jsp,
executing directly the method specified in the submit tag of jsp, we're
using stuff like this:
<s:submit cssClass="CformBoton" action="registrarNovedad_registrar"
value="Registrar"/>
<s:submit cssClass="CformBoton" action="registrarNovedad_volver"
value="Volver"/>
where the action attribute specifies
action="registrarNovedad_registrar" , that would be to call the action
"registrarNovedad"
and execute the method "registrar". Together with wildcard mappings,
everything works beautyfully as expected, in this case we use:
<action name="registrarNovedad_*" method="{1}"
class="ar.gov.conicet.apps.sigerh.presentation.administrador.CRegistrarNovedadAction">
Up to here everything is fine but now we're trying to migrate from
version 2.1.8.1 to 2.3.16 and suddenly this kind of stuff stopped working.
I've been trying to make it work, using as template the examples that
come bundled with the last package available, struts 2.3.16, the proyect
"struts2-blank",
wich is about the smallest proyect one can concieve i think, so there're
no doubts or mistakes of configuration or anything is else.
For what i've been able to see the syntax for s:submit tag has changed?
It doesn't react anymore to action="registrarNovedad_registrar"
so that this doesn't work anymore: <s:submit cssClass="CformBoton"
action="registrarNovedad_registrar" value="Registrar"/>
instead i've been able to make it work with <s:submit
name="method:registrar" value="Registrar"/> and proper configuration in
struts.xml
<constant name="struts.enable.DynamicMethodInvocation" value="true" />.
It doesn't work with DynamicMethodInvocation set to false, it just
doesn't fire up the method.
I tried every possible combination of configurations, actionPRoxy
interceptors, ActionMappers , retried with other combinations, changed
acceptedParams and excludeParams in ParametersInterceptor
and nothing seems to work.
I'm a bit confused about Dynamic Method Invocation and Wildcards as i
believe, since the documentation i have read, that those are 2
differente concepts/technologies.
In our proyect we have
<constant name="struts.enable.DynamicMethodInvocation" value="false" />
in struts.xml and this works perfect:
<s:submit cssClass="CformBoton" action="registrarNovedad_registrar"
value="Registrar"/>
by perfect i mean that if you click the button it will take you to the
action and method specified en the action attribute.
No luck on latest versions.
So here's my question:
Did the syntax of submit tag changed or has it been deprecated?
(name="method:myMethod" VS. action="MyAction_MyMethod")
is there some way i can make my project work with
DynamicMethodInvocation set to false (turned off) using the same old
syntax of submit tags and so that i can call a method directly from jsp?
Judging by the looks of what i've been researching all these are changes
related to security issues regarding Dynamic Method Invocation, i'm
about to drop the update and keep with the old version
as the impact of not being able to call method from jsp would be so huge
in the proyect and would require a mayor rewrite of it, it's litterally
impossible right now, u maybe somebody already got stuck
with this very same issues and have clues or solutions to this.
Thank you very much for your time,
greetings to struts2 team for the great work and efforts.
I hope somebody knows about this.
Thanks a lot.