struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emi Lu <em...@encs.concordia.ca>
Subject Re: [ANN] Struts 2.3.15.2 GA release available - security fix
Date Mon, 23 Sep 2013 14:23:43 GMT
Good morning,

Upgraded from 2.3.15.1 to 15.2, but "s:submit" problem:


(1) jsp:
<s:form
    name    = "loginForm"
    namespace= "/Login"
    action   = "ProcessLoginAction"
    method   = "post"
    theme="simple"
 >

<s:submit value="Login"
           theme="simple"
           action="loginProcessLoginAction" />   --- never call 
loginProcessLoginAction



(2) struts.xml
<package name="Login" namespace="/Login" extends="tiles-default">
<action name="*ProcessLoginAction"  method="{1}" class="ProcessLoginAction">
   <result name="success"   type="tiles">main_menu</result>
   <result name="ajax_check" >
   /WEB-INF/pages/errorinfo/ajax_error_check.jsp
   </result>
</action>


(3) ProcessLoginAction.java
    public String login() throws Exception
    {
       try
       {
         ......
       }catch(Exception e)
       {
          log.error("login Error: " + e.getMessage());
          log.error(e);
          this.addActionError("login Error: " + e.getMessage());
       }
       return "success";
    }


The problem is that "loginProcessLoginAction in jsp page" is never be 
called.

Could you help?
Thanks,
Emi



On 09/21/2013 12:06 PM, Lukasz Lenart wrote:
> The Apache Struts group is pleased to announce that Struts 2.3.15.2 is
> available as a "General Availability" release.The GA designation is
> our highest quality grade.
>
> Apache Struts 2 is an elegant, extensible framework for creating
> enterprise-ready Java web applications. The framework is designed to
> streamline the full development cycle, from building, to deploying, to
> maintaining applications over time.
>
> This release includes important security fixes:
> - S2-018 - Broken Access Control Vulnerability in Apache Struts2
> - S2-019 - Dynamic Method Invocation disabled by default
>
> All developers are strongly advised to update existing Struts 2
> applications to Struts 2.3.15.2
>
> Struts 2.3.15.2 is available in a full distribution, or as separate
> library, source, example and documentation distributions, from the
> releases page.
> * http://struts.apache.org/download.cgi#struts23152
>
> The release is also available from the central Maven repository under
> Group ID "org.apache.struts".
>
> The 2.3.x series of the Apache Struts framework has a minimum
> requirement of the following specification versions:
> * Java Servlet 2.4 and JavaServer Pages (JSP) 2.0
> * Java 2 Standard Platform Edition (J2SE) 5
>
> The release notes are available online at:
> * http://struts.apache.org/release/2.3.x/docs/version-notes-23152.html
>
> Should any issues arise with your use of any version of the Struts
> framework, please post your comments to the user list, and, if
> appropriate, file a tracking ticket.appropriate, file a tracking
> ticket:
> * https://issues.apache.org/jira/browse/WW
>
>
> - The Apache Struts group.
>
>
> Regards
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message