Hello,
hi to everyone,
i've been researching the last week all over the web in relation to the last 3 or 4 versions of struts 2.3.x, it is in my understanding that certain changes have been applied to the framework regarding security issues as mentioned in https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.16
security fixes from version 2.3.15.1, 2.3.15.2 , 2.3.15.3 and 2.3.16

My organization is currently using struts version 2.1.8.1 , so far we've been able to call methods from an action class from jsp, executing directly the method specified in the submit tag of jsp, we're using stuff like this:

<s:submit cssClass="CformBoton" action="registrarNovedad_registrar" value="Registrar"/> <s:submit cssClass="CformBoton" action="registrarNovedad_volver" value="Volver"/>

where the action attribute specifies action="registrarNovedad_registrar" , that would be to call the action "registrarNovedad" and execute the method "registrar". Together with wildcard mappings, everything works beautyfully as expected, in this case we use: <action name="registrarNovedad_*" method="{1}" class="ar.gov.conicet.apps.sigerh.presentation.administrador.CRegistrarNovedadAction">

Up to here everything is fine but now we're trying to migrate from version 2.1.8.1 to 2.3.16 and suddenly this kind of stuff stopped working. I've been trying to make it work, using as template the examples that come bundled with the last package available, struts 2.3.16, the proyect "struts2-blank", wich is about the smallest proyect one can concieve i think, so there're no doubts or mistakes of configuration or anything is else.

For what i've been able to see the syntax for s:submit tag has changed? It doesn't react anymore to action="registrarNovedad_registrar" so that this doesn't work anymore: <s:submit cssClass="CformBoton" action="registrarNovedad_registrar" value="Registrar"/> instead i've been able to make it work with <s:submit name="method:registrar" value="Registrar"/> and proper configuration in struts.xml <constant name="struts.enable.DynamicMethodInvocation" value="true" />. It doesn't work with DynamicMethodInvocation set to false, it just doesn't fire up the method.

I tried every possible combination of configurations, actionPRoxy interceptors, ActionMappers , retried with other combinations, changed acceptedParams and excludeParams in ParametersInterceptor
and nothing seems to work.

I'm a bit confused about Dynamic Method Invocation and Wildcards as i believe, since the documentation i have read, that those are 2 differente concepts/technologies.
In our proyect we have
<constant name="struts.enable.DynamicMethodInvocation" value="false" />
in struts.xml and this works perfect:
<s:submit cssClass="CformBoton" action="registrarNovedad_registrar" value="Registrar"/> by perfect i mean that if you click the button it will take you to the action and method specified en the action attribute.
No luck on latest versions.


So here's my question:
Did the syntax of submit tag changed or has it been deprecated? (name="method:myMethod" VS. action="MyAction_MyMethod")

is there some way i can make my project work with DynamicMethodInvocation set to false (turned off) using the same old syntax of submit tags and so that i can call a method directly from jsp?

Judging by the looks of what i've been researching all these are changes related to security issues regarding Dynamic Method Invocation, i'm about to drop the update and keep with the old version as the impact of not being able to call method from jsp would be so huge in the proyect and would require a mayor rewrite of it, it's litterally impossible right now, u maybe somebody already got stuck
with this very same issues and have clues or solutions to this.

Thank you very much for your time,
greetings to struts2 team for the great work and efforts.

I hope somebody knows about this.

Thanks a lot.





Reply via email to