struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantinos (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4957) Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used instead.
Date Thu, 06 Sep 2018 07:37:00 GMT

    [ https://issues.apache.org/jira/browse/WW-4957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16605407#comment-16605407
] 

Konstantinos commented on WW-4957:
----------------------------------

I have a Resources folder on Server which includes a lot of global properties for different
languages. This folder is filled by another system. I want my application to see this folder
and read the properties. If you see in pom.xml there is a line where i have excluded global.properties
because my app want to read the external resources folder and not from resource bundle. Before
the update of struts version it worked as expected. 

 
{code:java}
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

   <modelVersion>4.0.0</modelVersion>
   <groupId>lu.op</groupId>
   <artifactId>bou</artifactId>
   <version>2.03.00</version>
   <packaging>war</packaging>

   <organization>
      <name>Bou Dyn</name>
   </organization>

   <properties>
      <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
      <config.directory>src/main/conf</config.directory>
      <skip.static.analysis>true</skip.static.analysis>
      <skip.unit.test>true</skip.unit.test>
      <jdk.version>1.7</jdk.version>
      <svnkit.version>1.8.5</svnkit.version>
      <struts.version>2.5.17</struts.version>
   </properties>

   <prerequisites>
      <maven>3.0</maven>
   </prerequisites>

   <profiles>
      <profile>
         <id>dev</id>
         <build>
            <finalName>${project.artifactId}</finalName>
            <plugins>
               <plugin>
                  <groupId>org.apache.maven.plugins</groupId>
                  <artifactId>maven-enforcer-plugin</artifactId>
                  <executions>
                     <execution>
                        <id>enforce-versions</id>
                        <goals>
                           <goal>enforce</goal>
                        </goals>
                        <configuration>
                           <rules>
                              <requireMavenVersion>
                                 <version>[3.0.0,)</version>
                              </requireMavenVersion>
                              <requireJavaVersion>
                                 <version>${jdk.version}</version>
                              </requireJavaVersion>
                              <requirePluginVersions>
                                 <message>Best Practice is to always define plugin versions!</message>
                              </requirePluginVersions>
                           </rules>
                        </configuration>
                     </execution>
                  </executions>
               </plugin>
               <plugin>
                  <artifactId>maven-antrun-plugin</artifactId>
                  <version>1.3</version>
                  <executions>
                     <execution>
                        <phase>compile</phase>
                        <goals>
                           <goal>run</goal>
                        </goals>
                        <configuration>
                           <tasks>
                              <echo>Setup configuration files - dev</echo>
                              <!-- <copy file="${config.directory}/test/struts.properties"
tofile="${project.build.outputDirectory}/struts.properties" 
                                 /> -->
                           </tasks>
                        </configuration>
                     </execution>
                  </executions>
               </plugin>
            </plugins>
         </build>
      </profile>
      <profile>
         <id>test</id>
         <build>
            <finalName>${project.artifactId}</finalName>
            <plugins>
               <plugin>
                  <artifactId>maven-antrun-plugin</artifactId>
                  <version>1.3</version>
                  <executions>
                     <execution>
                        <phase>compile</phase>
                        <goals>
                           <goal>run</goal>
                        </goals>
                        <configuration>
                           <tasks>
                              <echo>Setup configuration files - dev</echo>
                              <!-- <copy file="${config.directory}/test/struts.properties"
tofile="${project.build.outputDirectory}/struts.properties" 
                                 /> -->
                           </tasks>
                        </configuration>
                     </execution>
                  </executions>
               </plugin>
               <plugin>
                  <groupId>org.apache.tomcat.maven</groupId>
                  <artifactId>tomcat6-maven-plugin</artifactId>
                  <version>2.3-SNAPSHOT</version>
                  <configuration>
                     <port>8081</port>
                  </configuration>
               </plugin>
            </plugins>
         </build>
      </profile>
      <profile>
         <id>delivery</id>
         <build>
            <plugins>
               <plugin>
                  <artifactId>maven-surefire-plugin</artifactId>
                  <version>2.12.4</version>
                  <configuration>
                     <skip>true</skip>
                  </configuration>
               </plugin>
               <plugin>
                  <artifactId>maven-antrun-plugin</artifactId>
                  <version>1.3</version>
                  <executions>
                     <execution>
                        <phase>compile</phase>
                        <goals>
                           <goal>run</goal>
                        </goals>
                        <configuration>
                           <tasks>
                              <echo>Setup configuration files - delivery</echo>
                              <!-- <copy file="${config.directory}/delivery/struts.properties"

                                 tofile="${project.build.outputDirectory}/struts.properties"
/> -->
                           </tasks>
                        </configuration>
                     </execution>
                  </executions>
               </plugin>
            </plugins>
         </build>
      </profile>
      <profile>
         <id>install-dependencies</id>
         <build>
            <plugins>
               <plugin>
                  <groupId>org.apache.maven.plugins</groupId>
                  <artifactId>maven-install-plugin</artifactId>
                  <version>2.4</version>
                  <executions>
                     <execution>
                        <id>install-ee</id>
                        <phase>process-resources</phase>
                        <goals>
                           <goal>install-file</goal>
                        </goals>
                        <configuration>
                           <groupId>ee.bou.client</groupId>
                           <artifactId>ee-tomcat-7.0</artifactId>
                           <version>4.19.2</version>
                           <file>${project.basedir}/lib/ee/ee-tomcat-7.0-4.19.2.jar</file>
                           <packaging>jar</packaging>
                        </configuration>
                     </execution>
                     <execution>
                        <id>install-ojdbc</id>
                        <phase>process-resources</phase>
                        <goals>
                           <goal>install-file</goal>
                        </goals>
                        <configuration>
                           <groupId>com.oracle</groupId>
                           <artifactId>ojdbc6</artifactId>
                           <version>11.2.0.3</version>
                           <file>lib/ojdbc/ojdbc6.jar</file>
                           <packaging>jar</packaging>
                        </configuration>
                     </execution>
                  </executions>
               </plugin>
            </plugins>
         </build>
      </profile>
   </profiles>

   <build>
      <finalName>${project.artifactId}</finalName>
      <resources>
         <resource>
            <directory>src/main/resources</directory>
            <excludes>
               <exclude>ee-config-bou.properties</exclude>
               <exclude>jure.properties</exclude>
               <exclude>db.properties</exclude>
               <exclude>global*.properties</exclude>
               <exclude>readme.txt</exclude>
            </excludes>
         </resource>
      </resources>
      <pluginManagement>
         <plugins>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-jar-plugin</artifactId>
               <version>2.4</version>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-surefire-plugin</artifactId>
               <configuration>
                  <skipTests>${skip.unit.test}</skipTests>
                  <reuseForks>true</reuseForks>
                  <forkCount>1</forkCount>
                  <argLine>${jvm.config}</argLine>
               </configuration>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-source-plugin</artifactId>
               <version>2.4</version>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-javadoc-plugin</artifactId>
               <version>2.10.3</version>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-release-plugin</artifactId>
               <version>2.4.1</version>
            </plugin>
            <plugin>
               <groupId>org.codehaus.mojo</groupId>
               <artifactId>buildnumber-maven-plugin</artifactId>
               <version>1.2</version>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-eclipse-plugin</artifactId>
               <version>2.9</version>
               <configuration>
                  <downloadSources>true</downloadSources>
                  <downloadJavadocs>true</downloadJavadocs>
               </configuration>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-site-plugin</artifactId>
               <version>3.2</version>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-assembly-plugin</artifactId>
               <version>2.3</version>
               <!-- <configuration> <outputDirectory>${assemblies.output.directory}</outputDirectory>

                  <finalName>${assembly.finalName}</finalName> </configuration>
-->
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-resources-plugin</artifactId>
               <version>2.5</version> <!-- Cannot be upgraded because of a
filtering bug. -->
               <configuration>
                  <includeEmptyDirs>true</includeEmptyDirs>
               </configuration>
            </plugin>
            <plugin>
               <groupId>org.codehaus.mojo</groupId>
               <artifactId>cobertura-maven-plugin</artifactId>
               <version>2.7</version>
               <configuration>
                  <formats>
                     <format>xml</format>
                  </formats>
                  <forceMojoExecution>true</forceMojoExecution>
               </configuration>
               <executions>
                  <execution>
                     <phase>post-integration-test</phase>
                     <goals>
                        <goal>cobertura</goal>
                     </goals>
                  </execution>
               </executions>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-compiler-plugin</artifactId>
               <configuration>
                  <source>${jdk.version}</source>
                  <target>${jdk.version}</target>
                  <showDeprecation>true</showDeprecation>
                  <showWarnings>true</showWarnings>
               </configuration>
               <version>3.1</version>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-clean-plugin</artifactId>
               <version>2.5</version>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-deploy-plugin</artifactId>
               <version>2.7</version>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-install-plugin</artifactId>
               <version>2.4</version>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-enforcer-plugin</artifactId>
               <version>1.2</version>
            </plugin>
            <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-checkstyle-plugin</artifactId>
               <version>2.15</version>
               <executions>
                  <execution>
                     <phase>verify</phase>
                     <goals>
                        <goal>check</goal>
                     </goals>
                     <configuration>
                        <configLocation>legap-config/src/main/resources/legap-checkstyle.xml</configLocation>
                        <consoleOutput>true</consoleOutput>
                        <failsOnError>true</failsOnError>
                        <suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression>
                        <skip>${skip.static.analysis}</skip>
                     </configuration>

                  </execution>
               </executions>
            </plugin>
            <plugin>
               <groupId>org.codehaus.mojo</groupId>
               <artifactId>findbugs-maven-plugin</artifactId>
               <version>2.5.5</version>
               <configuration>
                  <effort>Default</effort>
                  <threshold>Medium</threshold>
                  <maxRank>15</maxRank>
                  <skip>${skip.static.analysis}</skip>
                  <findbugsXmlOutput>true</findbugsXmlOutput>
                  <xmlOutput>true</xmlOutput>
                  <failOnError>false</failOnError>
               </configuration>
               <executions>
                  <execution>
                     <phase>verify</phase>
                     <goals>
                        <goal>check</goal>
                     </goals>
                  </execution>
               </executions>
            </plugin>
         </plugins>
      </pluginManagement>
      <plugins>
         <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-jar-plugin</artifactId>
            <executions>
               <execution>
                  <phase>package</phase>
                  <goals>
                     <goal>jar</goal>
                  </goals>
               </execution>
            </executions>
         </plugin>
         <!-- TODO: validate <plugin> <groupId>org.codehaus.mojo</groupId>
<artifactId>buildnumber-maven-plugin</artifactId> 
            <executions> <execution> <phase>validate</phase> <goals>
<goal>create</goal> 
            </goals> </execution> </executions> <configuration> <doCheck>false</doCheck>

            <doUpdate>false</doUpdate> <providerImplementations> <svn>javasvn</svn>
</providerImplementations> 
            </configuration> <dependencies> <dependency> <groupId>com.google.code.maven-scm-provider-svnjava</groupId>

            <artifactId>maven-scm-provider-svnjava</artifactId> <version>2.0.5</version>

            </dependency> <dependency> <groupId>org.tmatesoft.svnkit</groupId>
<artifactId>svnkit</artifactId> 
            <version>${svnkit.version}</version> </dependency> </dependencies>
</plugin> -->
         <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-war-plugin</artifactId>
            <version>2.1.1</version>
            <configuration>
               <encoding>UTF-8</encoding>
               <webResources>
                  <resource>
                     <filtering>true</filtering>
                     <directory>src/main/webapp</directory>
                  </resource>
               </webResources>
               <archive>
                  <manifestEntries>
                     <Build>${buildNumber}</Build>
                     <Compiler-source>${jdk}</Compiler-source>
                     <Implementation-Title>${project.artifactId}</Implementation-Title>
                     <Implementation-Version>${project.version}</Implementation-Version>
                     <Implementation-Vendor-Id>${project.groupId}</Implementation-Vendor-Id>
                     <Implementation-Vendor>${project.organization.name}</Implementation-Vendor>
                     <Implementation-Build>${buildNumber}</Implementation-Build>
                     <Implementation-Timestamp>${timestamp}</Implementation-Timestamp>
                  </manifestEntries>
               </archive>
            </configuration>
         </plugin>
         <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-checkstyle-plugin</artifactId>
         </plugin>
         <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
         </plugin>
         <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>cobertura-maven-plugin</artifactId>
         </plugin>
      </plugins>
   </build>

   <dependencies>
      <!-- https://mvnrepository.com/artifact/javax.mail/mail -->
      <dependency>
         <groupId>javax.mail</groupId>
         <artifactId>mail</artifactId>
         <version>1.4</version>
      </dependency>
      <!-- COMMONS -->
      <dependency>
         <groupId>commons-fileupload</groupId>
         <artifactId>commons-fileupload</artifactId>
         <version>1.2.2</version>
      </dependency>
      <dependency>
         <groupId>commons-io</groupId>
         <artifactId>commons-io</artifactId>
         <version>2.0.1</version>
      </dependency>
      <dependency>
         <groupId>org.apache.commons</groupId>
         <artifactId>commons-lang3</artifactId>
         <version>3.6</version>
      </dependency>
      <dependency>
         <groupId>commons-lang</groupId>
         <artifactId>commons-lang</artifactId>
         <version>2.4</version>
      </dependency>
      <dependency>
         <groupId>commons-logging</groupId>
         <artifactId>commons-logging</artifactId>
         <version>1.1.1</version>
      </dependency>
      <dependency>
         <groupId>commons-logging</groupId>
         <artifactId>commons-logging-api</artifactId>
         <version>1.1</version>
      </dependency>
      <dependency>
         <groupId>org.javassist</groupId>
         <artifactId>javassist</artifactId>
         <version>3.15.0-GA</version>
      </dependency>
      <dependency>
         <groupId>com.oracle</groupId>
         <artifactId>ojdbc6</artifactId>
         <version>11.2.0.3</version>
         <scope>provided</scope>
      </dependency>
      <!-- ECAS -->
      <dependency>
         <groupId>eu.europa.ec.digit.iam.ecas.client</groupId>
         <artifactId>ecas-tomcat-7.0</artifactId>
         <version>4.19.2</version>
         <scope>provided</scope>
      </dependency>
      <!-- FREEMARKER -->
      <dependency>
         <groupId>org.freemarker</groupId>
         <artifactId>freemarker</artifactId>
         <version>2.3.23</version>
      </dependency>
      <!-- HIBERNATE -->
      <dependency>
         <groupId>antlr</groupId>
         <artifactId>antlr</artifactId>
         <version>2.7.7</version>
      </dependency>
      <dependency>
         <groupId>dom4j</groupId>
         <artifactId>dom4j</artifactId>
         <version>1.6.1</version>
      </dependency>
      <dependency>
         <groupId>org.hibernate.common</groupId>
         <artifactId>hibernate-commons-annotations</artifactId>
         <version>4.0.1.Final</version>
      </dependency>
      <dependency>
         <groupId>org.hibernate</groupId>
         <artifactId>hibernate-core</artifactId>
         <version>4.1.8.Final</version>
      </dependency>
      <dependency>
         <groupId>org.hibernate</groupId>
         <artifactId>hibernate-entitymanager</artifactId>
         <version>4.1.8.Final</version>
      </dependency>
      <dependency>
         <groupId>org.hibernate.javax.persistence</groupId>
         <artifactId>hibernate-jpa-2.0-api</artifactId>
         <version>1.0.1.Final</version>
      </dependency>
      <dependency>
         <groupId>org.jboss.logging</groupId>
         <artifactId>jboss-logging</artifactId>
         <version>3.1.0.GA</version>
      </dependency>
      <dependency>
         <groupId>org.jboss.spec.javax.transaction</groupId>
         <artifactId>jboss-transaction-api_1.1_spec</artifactId>
         <version>1.0.0.Final</version>
      </dependency>
      <!-- J2EE -->
      <dependency>
          <groupId>javax.servlet</groupId>
          <artifactId>javax.servlet-api</artifactId>
          <version>3.0.1</version>
          <scope>provided</scope>
      </dependency>
      <!-- LOG4J -->
      <dependency>
         <groupId>org.apache.logging.log4j</groupId>
         <artifactId>log4j-api</artifactId>
         <version>2.8.2</version>
      </dependency>
      <dependency>
         <groupId>org.apache.logging.log4j</groupId>
         <artifactId>log4j-core</artifactId>
         <version>2.8.2</version>
      </dependency>
      <!-- STRUTS -->
      <dependency>
         <groupId>ognl</groupId>
         <artifactId>ognl</artifactId>
         <version>3.1.12</version>
      </dependency>
      <dependency>
         <groupId>org.apache.struts</groupId>
         <artifactId>struts2-core</artifactId>
         <version>${struts.version}</version>
      </dependency>
      <dependency>
         <groupId>org.apache.struts</groupId>
         <artifactId>struts2-json-plugin</artifactId>
         <version>2.5.10</version>
      </dependency>
      <!-- JUNIT -->
      <dependency>
         <groupId>junit</groupId>
         <artifactId>junit</artifactId>
         <version>4.12</version>
         <scope>test</scope>
      </dependency>
    </dependencies>
   <repositories>
      <repository>
         <id>Maven Snapshots</id>
         <url>http://snapshots.maven.codehaus.org/maven2/</url>
         <snapshots>
            <enabled>true</enabled>
         </snapshots>
         <releases>
            <enabled>false</enabled>
         </releases>
      </repository>
   </repositories>
   <distributionManagement>
      <repository>
         <id>arhs-repo-releases</id>
         <name>Arhs Release Repository</name>
         <url>http://maven.aris-lux.lan/nexus/content/repositories/ARhS/</url>
      </repository>
      <snapshotRepository>
         <id>arhs-repo-snapshots</id>
         <name>Arhs Release Repository</name>
         <url>http://maven.aris-lux.lan/nexus/content/repositories/arhs-snapshots/</url>
      </snapshotRepository>
   </distributionManagement>

</project>


{code}

> Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider
cannot be used instead.
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WW-4957
>                 URL: https://issues.apache.org/jira/browse/WW-4957
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.5.17
>            Reporter: Konstantinos
>            Assignee: Lukasz Lenart
>            Priority: Major
>             Fix For: 2.6
>
>   Original Estimate: 72h
>  Remaining Estimate: 72h
>
> I have an application that uses struts version 2.5.10.1. i want to update it to version
2.5.17 after the announcement of the Apache Software Foundation that Struts 2.5 to 2.5.16
versions are vulnerable to remote attackers. In my current version i use a struts-core library
class called LocalizedTextUtil to load messages from the global message bundle. My code below:
> {code:java}
> private void initialiseMessageBundle() throws InitializationError{
>     LOG.info("Loading global messages from " + DEFAULT_RESOURCE);
>     URL[] urls;
>     try {
>         String resourceFolder = PropertiesManager.get(Constants.PROP_RESOURCES_FOLDER);
>         File file = new File(resourceFolder);
>         if (!file.exists() || !file.isDirectory()){
>             LOG.error("file not found: path(" + Constants.PROP_RESOURCES_FOLDER + ")
= " + resourceFolder);
>             throw new InitializationError("External resource not found file not found");
>         } else {
>             LOG.debug("resources file: " + file.toURI().toURL());
>         }
>         URL url = file.toURI().toURL();
>         urls = new URL[]{url};
>         ClassLoader cl = new URLClassLoader(urls);
>         LocalizedTextUtil.setDelegatedClassLoader(cl);
>         LocalizedTextUtil.addDefaultResourceBundle("global");
>     } catch (MalformedURLException e) {
>         throw new InitializationError("MalformedURLException occured during the messageBundle
initialisation", e);
>     }
>     LOG.info("Global messages loaded.");
> }
> {code}
>  
> After updating the struts version to 2.5.17 the *LocalizedTextUtil* class is removed.
Although i create a new instance of class *GlobalLocalizedTextProvider* and *StrutsLocalizedTextProvider*
and used the same methods (*setDelegatedClassLoader*,*addDefaultResourceBundle*) my messages are
not been loaded. Also i create a bean of these classes on struts.xml and tried to inject
it but again without success. Do you have any thought how can i replace the LocalizedTextUtil
in my code above?
> Thank you.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message