struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arun M <marunkuma...@gmail.com>
Subject Re: Data Leakage in Struts 2
Date Sun, 27 Jul 2008 08:40:22 GMT

Thanks a lot...

We included singleton="false" in the applicationContext.xml
Now it works perfectly ... 


Arun M wrote:
> 
> 
> we use STRUTS2 - SPRING- HIBERNATE in our project
> here is a sample piece of code...
> as metioned earlier... SCRAPTEXT variable once set by a request is being
> reused (that is) gets prefilled in the 
> textarea of someother user in someother PC.
> 
> ............. Action Class ----------------------------
> public class SocialDetailAction extends
> com.opensymphony.xwork2.ActionSupport{
> 	
> 	  private com.jujubi.services.ProductService productService;
> 	    
> 	  
> 	  private String scrapText;
> 	  private int toId;
> 	  private String scrapFromName;
> 	  private boolean secure;
>       
>     
> 
>     public String postCustomerScrap() throws Exception {
> 		
>         	 /*****
> 		 ....
> 			
> 			// HERE  WE HAVE THE CODE THAT USES THE GETTER SETTER OF THE MEMEBERS
> 		 ...
> 			return SUCCESS; 
> 
> 		}
> }
> 
> 
> 
> 
> //GETTER SETTTER FOR THE MEMBERS
> 
> }
> 
> 
> 
> ------------ jSP ----------------------------
> ....... 
> ....
> ..
>                          <s:form namespace="/jap" action="scrappost">  
>          		<s:textarea  name="scrapText" cols="60" rows="3"/>
> 			<s:checkbox name="secure" label="secure" value="false"></s:checkbox>
> 			<s:submit value="post scrap" theme="ajax" targets="addScrap" />
> 			</s:form> 
> .........
> .....
> ...
> 
> -----------------------  Struts.xml for the action -----------------------
> 
> ..
> .
> 
> 		<action name="scrappost" class="socialDetailAction"
> method="postCustomerScrap">
> 			<result name="success">/views/social/ReturnMsg.jsp</result>
> 			<result name="input">/views/social/PeopsScrapbook.jsp</result>
> 		</action>	
> 
> ...
> ..
> 
> 
> 
> 
> 
> Richard Yee wrote:
>> 
>> Why don't you post your code. It seems that it might have a threading
>> issue.
>> 
>> -R
>> 
>> Arun M wrote:
>>> We are using struts 2.0.11
>>>
>>> We have lots of action class. Say one of them is CustomerRegisterAction
>>> (which extends ActionSupport  ) . When a say user  X registers himself
>>> on
>>> the website; this CustomerRegisterAction is populated (using OGNL) and
>>> the
>>> customer data is saved to DB. But after sometime some other user Y from
>>> some
>>> other PCcomes and clicks the Register link, then the data entered by X
>>> is
>>> prefilled now.
>>>    I think the CustomerRegisterAction is reused, instead of creating new
>>> instance every request.  we want to setup such that new
>>> CustomerRegisterAction is created every httprequest, so that data is not
>>> leaking between users. 
>>>
>>> Please help us.
>>>   
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>> 
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Data-Leakage-in-Struts-2-tp18669314p18674388.html
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message