Return-Path: X-Original-To: apmail-struts-user-archive@www.apache.org Delivered-To: apmail-struts-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1D28210703 for ; Wed, 8 May 2013 16:32:04 +0000 (UTC) Received: (qmail 20610 invoked by uid 500); 8 May 2013 16:32:02 -0000 Delivered-To: apmail-struts-user-archive@struts.apache.org Received: (qmail 20584 invoked by uid 500); 8 May 2013 16:32:02 -0000 Mailing-List: contact user-help@struts.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Struts Users Mailing List" Reply-To: "Struts Users Mailing List" Delivered-To: mailing list user@struts.apache.org Received: (qmail 20575 invoked by uid 99); 8 May 2013 16:32:02 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 May 2013 16:32:02 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [207.211.31.18] (HELO service7-us.mimecast.com) (207.211.31.18) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 May 2013 16:31:54 +0000 Received: from Shqsr15v.setechusa.com (74.223.140.142.nw.nuvox.net [74.223.140.142]) (Using TLS) by service7-us.mimecast.com; Wed, 08 May 2013 12:31:31 -0400 Received: from SHQSR15V.setechusa.com ([::1]) by Shqsr15v.setechusa.com ([::1]) with mapi id 14.03.0123.003; Wed, 8 May 2013 11:31:29 -0500 From: "CRANFORD, CHRIS" To: Struts Users Mailing List Subject: RE: OGNL Exception after upgrading from 2.3.4 to 2.3.14 Thread-Topic: OGNL Exception after upgrading from 2.3.4 to 2.3.14 Thread-Index: Ac5L9pWShH3kWQbXRvCKgvGQVCa9kgAEfL6w Date: Wed, 8 May 2013 16:31:29 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [192.168.3.105] MIME-Version: 1.0 X-MC-Unique: 113050812313101401 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org After some final digging, this appears to only surface in devMode=3Dtrue on= builds 2.3.12 and 2.3.14 regarding ParametersInterceptor.java:329. If thi= s was related to the security fix for parameter names, wouldn't the excepti= on/problem occur in both devMode and non-devMode? I'm confused as to what = is the culprit here. -----Original Message----- From: CRANFORD, CHRIS [mailto:Chris.Cranford@setech.com]=20 Sent: Wednesday, May 08, 2013 9:25 AM To: Struts Users Mailing List Subject: OGNL Exception after upgrading from 2.3.4 to 2.3.14 We have several forms in our Struts2 application that pass values to the ac= tion like the following: This worked beautifully prior to the upgrade but now I get the following OG= NL exception: Unexpected Exception caught setting 'items[0]' on 'class com.setech.dw.inve= ntory.web.ItemSearchAction: Error setting expression 'items[0]' with value = '[Ljava.lang.String;@738b650c' File: OgnlRuntime.java Method: setProperty Line: 2326 - ognl/OgnlRuntime.java:2326:-1 at com.opensymphony.xwork2.ognl.OgnlValueStack.handleOgnlException(O= gnlValueStack.java:215) at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueSta= ck.java:176) at com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValu= eStack.java:152) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.setPara= meters(ParametersInterceptor.java:329) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doInter= cept(ParametersInterceptor.java:241) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.inter= cept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(M= ultiselectInterceptor.java:73) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(Chec= kboxInterceptor.java:91) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18= nInterceptor.java:176) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(Al= iasInterceptor.java:193) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.i= ntercept(ExceptionMappingInterceptor.java:187) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at com.setech.dw.common.web.interceptors.LocaleContextInterceptor.in= tercept(LocaleContextInterceptor.java:43) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18= nInterceptor.java:176) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at com.setech.dw.common.web.interceptors.MenuInterceptor.intercept(M= enuInterceptor.java:58) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at com.setech.dw.common.web.interceptors.AuditInterceptor.intercept(= AuditInterceptor.java:81) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at com.setech.dw.common.web.interceptors.TimerInterceptor.intercept(= TimerInterceptor.java:141) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at com.setech.dw.common.web.interceptors.SiteOverrideInterceptor.int= ercept(SiteOverrideInterceptor.java:63) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at com.setech.dw.common.web.interceptors.LoggingInterceptor.intercep= t(LoggingInterceptor.java:88) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at com.setech.dw.common.web.interceptors.SeekExceptionInterceptor.in= tercept(SeekExceptionInterceptor.java:48) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultAct= ionInvocation.java:246) at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionPro= xy.java:54) at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher= .java:546) at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(= ExecuteOperations.java:77) at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFi= lter.doFilter(StrutsPrepareAndExecuteFilter.java:91) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:210) at org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOve= rrideFilter.java:125) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:210) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:330) at com.setech.dw.security.filter.ChangePasswordFilter.doFilterIntern= al(ChangePasswordFilter.java:105) at org.springframework.web.filter.OncePerRequestFilter.doFilter(Once= PerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.switchuser.Switch= UserFilter.doFilter(SwitchUserFilter.java:181) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.access.intercept.FilterSecurityI= nterceptor.invoke(FilterSecurityInterceptor.java:118) at org.springframework.security.web.access.intercept.FilterSecurityI= nterceptor.doFilter(FilterSecurityInterceptor.java:84) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.access.ExceptionTranslationFilte= r.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.session.SessionManagementFilter.= doFilter(SessionManagementFilter.java:103) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AnonymousAuthenti= cationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.servletapi.SecurityContextHolder= AwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54= ) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.savedrequest.RequestCacheAwareFi= lter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AbstractAuthentic= ationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:= 183) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.logout.LogoutFilt= er.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.session.ConcurrentSessionFilter.= doFilter(ConcurrentSessionFilter.java:125) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.SecurityContextPersisten= ceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterCh= ain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.FilterChainProxy.doFilterInterna= l(FilterChainProxy.java:192) at org.springframework.security.web.FilterChainProxy.doFilter(Filter= ChainProxy.java:160) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelega= te(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(Del= egatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:210) at org.springframework.web.filter.CharacterEncodingFilter.doFilterIn= ternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(Once= PerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrap= perValve.java:222) at org.apache.catalina.core.StandardContextValve.invoke(StandardCont= extValve.java:123) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authen= ticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostVal= ve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportVal= ve.java:99) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.j= ava:936) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngin= eValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter= .java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(Abstract= Http11Processor.java:1004) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.proc= ess(AbstractProtocol.java:589) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEnd= point.java:1822) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecu= tor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExec= utor.java:615) at java.lang.Thread.run(Thread.java:722) Caused by: ognl.OgnlException: target is null for setProperty(null, "0", [L= java.lang.String;@738b650c) at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:2326) at ognl.ASTProperty.setValueBody(ASTProperty.java:127) at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220) at ognl.SimpleNode.setValue(SimpleNode.java:301) at ognl.ASTChain.setValueBody(ASTChain.java:227) at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220) at ognl.SimpleNode.setValue(SimpleNode.java:301) at ognl.Ognl.setValue(Ognl.java:737) at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:224) at com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValue= Stack.java:187) at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueSta= ck.java:174) ... 91 more The action doesn't allocate memory for the List property and never = has. Is there something I may have missed that I need to change from upgrading f= rom 2.3.4 to 2.3.14? Thanks, Chris Email secured by Check Point --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@struts.apache.org For additional commands, e-mail: user-help@struts.apache.org