śr., 28 paź 2020 o 11:55 Peer Mohammad <peer4...@gmail.com> napisał(a): > Please find the web.xml and struts.xml file. I have observed that many > library classes are not available in strut2-tiles-plugin file and xwork some > package in struts-core-2.5.22 compare to struts2.3.35.
Not sure what do you mean by that? Which classes are missing? XWork was merged into Struts Core and there is no additional jar anymore. Maybe you are mixing different jars in your app, do you use Maven to control dependencies? Could you list jars from the lib folder? Also did you use a proper DTD in your tiles.xml files as mentioned here https://cwiki.apache.org/confluence/display/WW/Struts+2.3+to+2.5+migration#Struts2.3to2.5migration-Tiles <!DOCTYPE tiles-definitions PUBLIC "-//Apache Software Foundation//DTD Tiles Configuration 3.0//EN" "http://tiles.apache.org/dtds/tiles-config_3_0.dtd";> > Web.xml > > <?xml version="1.0" encoding="UTF-8"?> > <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee > http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"; > version="3.1"> > <display-name>CHEETTA_online</display-name> > <!-- <context-param> > > <param-name>org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG</param-name> > <param-value>/WEB-INF/tiles.xml</param-value> > </context-param> --> > <listener> > > <listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class> > </listener> > > <!-- For Veracode CSRF issue - Added the below filters - Start --> > <!-- Generates CSRF token and keeps in session and request objects --> > <filter> > <filter-name>CSRFTokenFilter</filter-name> > > <filter-class>com.sbc.cheetta.common.framework.filter.GenerateCSRFTokenFilter</filter-class> > </filter> > <filter-mapping> > <filter-name>CSRFTokenFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > <filter-mapping> > <filter-name>CSRFTokenFilter</filter-name> > <url-pattern>*.action</url-pattern> > </filter-mapping> > <filter-mapping> > <filter-name>CSRFTokenFilter</filter-name> > <url-pattern>*.do</url-pattern> > </filter-mapping> This is duplication, just /* is enough, remove other patterns > <!-- Filter for validating CSRF attack--> > <filter> > <filter-name>CSRFValidationFilter</filter-name> > > <filter-class>com.sbc.cheetta.common.framework.filter.CSRFValidationFilter</filter-class> > <init-param> > <param-name>excludedUrls</param-name> > <!-- Comma separated list of excluded servlets --> > > <param-value>/index.jsp,/Welcome.do,/Logoff.do,/LogonSubmit.do,/networkEditProfileLinker.do,/images/swmainmenubutton.gif,/images/att_logo.gif,/images/mwmainmenubutton.gif,/images/admin.gif,/theme/Master.css,/images/wmainmenubutton.gif,/images/atmainmenubutton.gif,/images/bg_header1024.gif,/images/bg_footer1024.gif,/images/bg_header1024.gif</param-value> > </init-param> > </filter> > <filter-mapping> > <filter-name>CSRFValidationFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > <!-- For Veracode CSRF issue - Added the below filters - End --> > > <filter> > <filter-name>xFrameOptionsFilter</filter-name> > > <filter-class>com.sbc.cheetta.common.framework.filter.XFrameOptionsFilter</filter-class> > </filter> > <filter-mapping> > <filter-name>xFrameOptionsFilter</filter-name> > <url-pattern>*.action</url-pattern> > </filter-mapping> > <filter-mapping> > <filter-name>xFrameOptionsFilter</filter-name> > <url-pattern>*.do</url-pattern> > </filter-mapping> > <filter> > <filter-name>struts2</filter-name> > > <filter-class>org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter</filter-class> > <init-param> > <param-name>actionPackages</param-name> > <param-value>com.sbc.cheetta.actions</param-value> > </init-param> > </filter> > <filter-mapping> > <filter-name>struts2</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > <filter-mapping> > <filter-name>struts2</filter-name> > <url-pattern>*.action</url-pattern> > </filter-mapping> > <filter-mapping> > <filter-name>struts2</filter-name> > <url-pattern>*.do</url-pattern> > </filter-mapping> Same here, just left /* pattern Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
