struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantinos (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WW-4957) Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used intead.
Date Tue, 04 Sep 2018 14:08:04 GMT
Konstantinos created WW-4957:
--------------------------------

             Summary: Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class
is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used
intead.
                 Key: WW-4957
                 URL: https://issues.apache.org/jira/browse/WW-4957
             Project: Struts 2
          Issue Type: Bug
          Components: Core
    Affects Versions: 2.5.17
            Reporter: Konstantinos
             Fix For: 2.5.10.1


I have an application that uses struts version 2.5.10.1. i want to update it to version 2.5.17
after the announcement of the Apache Software Foundation that Struts 2.5 to 2.5.16 versions
are vulnerable to remote attackers. In my current version i use a struts-core library class
called LocalizedTextUtil to load messages from the global message bundle. My code below:
{code:java}
private void initialiseMessageBundle() throws InitializationError{
    LOG.info("Loading global messages from " + DEFAULT_RESOURCE);
    URL[] urls;
    try {
        String resourceFolder = PropertiesManager.get(Constants.PROP_RESOURCES_FOLDER);
        File file = new File(resourceFolder);
        if (!file.exists() || !file.isDirectory()){
            LOG.error("file not found: path(" + Constants.PROP_RESOURCES_FOLDER + ") = " +
resourceFolder);
            throw new InitializationError("External resource not found file not found");
        } else {
            LOG.debug("resources file: " + file.toURI().toURL());
        }
        URL url = file.toURI().toURL();
        urls = new URL[]{url};
        ClassLoader cl = new URLClassLoader(urls);
        LocalizedTextUtil.setDelegatedClassLoader(cl);
        LocalizedTextUtil.addDefaultResourceBundle(DEFAULT_RESOURCE);
    } catch (MalformedURLException e) {
        throw new InitializationError("MalformedURLException occured during the messageBundle
initialisation", e);
    }
    LOG.info("Global messages loaded.");
}
{code}
 

After updating the struts version to 2.5.17 the *LocalizedTextUtil* class is removed. Although
i create a new instance of class *GlobalLocalizedTextProvider* and *StrutsLocalizedTextProvider*
and used the same methods (*setDelegatedClassLoader*,*addDefaultResourceBundle*) my messages are
not been loaded. Also i create a bean of these classes on struts.xml and tried to inject
it but again without success. Do you have any thought how can i replace the LocalizedTextUtil
in my code above?

Thank you.

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message