struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emi Lu <em...@encs.concordia.ca>
Subject Re: [ANN] Struts 2.3.15.2 GA release available - security fix
Date Mon, 23 Sep 2013 14:53:51 GMT
On 09/23/2013 10:38 AM, Volker Krebs wrote:
> Am 23.09.2013 16:23, schrieb Emi Lu:
>> Good morning,
>>
>> Upgraded from 2.3.15.1 to 15.2, but "s:submit" problem:
>>
>>
>> (1) jsp:
>> <s:form
>>     name    = "loginForm"
>>     namespace= "/Login"
>>     action   = "ProcessLoginAction"
>>     method   = "post"
>>     theme="simple"
>>  >
>>
>> <s:submit value="Login"
>>            theme="simple"
>>            action="loginProcessLoginAction" />   --- never call
>> loginProcessLoginAction
>>
>>
>>
>> (2) struts.xml
>> <package name="Login" namespace="/Login" extends="tiles-default">
>> <action name="*ProcessLoginAction"  method="{1}"
>> class="ProcessLoginAction">
>>    <result name="success"   type="tiles">main_menu</result>
>>    <result name="ajax_check" >
>>    /WEB-INF/pages/errorinfo/ajax_error_check.jsp
>>    </result>
>> </action>
>>
>>
>> (3) ProcessLoginAction.java
>>     public String login() throws Exception
>>     {
>>        try
>>        {
>>          ......
>>        }catch(Exception e)
>>        {
>>           log.error("login Error: " + e.getMessage());
>>           log.error(e);
>>           this.addActionError("login Error: " + e.getMessage());
>>        }
>>        return "success";
>>     }
>>
>>
>> The problem is that "loginProcessLoginAction in jsp page" is never be
>> called.
>>
>> Could you help?
>> Thanks,
>> Emi
>>
>
> We have the same Problem.
> This relates to http://struts.apache.org/release/2.3.x/docs/s2-018.html
> But there it says
> "Backward Compatibility
> After upgrading to Struts >= 2.3.15.2, applications using the "action:"
> should still work as expected."
>
> I'm still trying to figure out what exactly the problem is.
> I don't like this Security through obscurity approach.

The document does not say what 15.2 does not support related to 
<s:submit action="loginAction"> & in struts.xml.

What causing cannot do action anymore? How to fix it ?

Thanks a lot!







---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message