From user-return-218879-archive-asf-public=cust-asf.ponee.io@struts.apache.org  Wed Mar  7 09:16:16 2018
Return-Path: <user-return-218879-archive-asf-public=cust-asf.ponee.io@struts.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id E42A4180656
	for <archive-asf-public@cust-asf.ponee.io>; Wed,  7 Mar 2018 09:16:15 +0100 (CET)
Received: (qmail 19580 invoked by uid 500); 7 Mar 2018 08:16:14 -0000
Mailing-List: contact user-help@struts.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:user-unsubscribe@struts.apache.org>
List-Help: <mailto:user-help@struts.apache.org>
List-Post: <mailto:user@struts.apache.org>
List-Id: "Struts Users Mailing List" <user.struts.apache.org>
Reply-To: "Struts Users Mailing List" <user@struts.apache.org>
Delivered-To: mailing list user@struts.apache.org
Received: (qmail 29140 invoked by uid 99); 6 Mar 2018 18:13:12 -0000
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.999
X-Spam-Level: *
X-Spam-Status: No, score=1.999 tagged_above=-999 required=6.31
	tests=[HTML_MESSAGE=2, SPF_PASS=-0.001] autolearn=disabled
Subject: Re: Struts2 login action class seems to be reused
To: user@struts.apache.org
References: <5f2097dc-db20-82c8-3fed-828bc7e9d601@pangburngroup.com>
 <29d8a10a-ac22-7c90-14a4-84559f82139d@pangburngroup.com>
 <DB5PR08MB10620EE70C3722A03658490F92C40@DB5PR08MB1062.eurprd08.prod.outlook.com>
 <fa9f42bc-0aec-98ad-911d-6f5f44de31a2@pangburngroup.com>
 <DB5PR08MB1062403BBD16C8F208C49C3A92DA0@DB5PR08MB1062.eurprd08.prod.outlook.com>
From: Prasanth Pasala <ppasala@pangburngroup.com>
Organization: The Pangburn Company
Message-ID: <0b7dc660-ad42-5c96-3a8e-a8595a4f37b8@pangburngroup.com>
Date: Tue, 6 Mar 2018 12:12:55 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <DB5PR08MB1062403BBD16C8F208C49C3A92DA0@DB5PR08MB1062.eurprd08.prod.outlook.com>
Content-Type: multipart/alternative;
 boundary="------------A0D7D49B1CFEB13C305F4126"
Content-Language: en-US

--------------A0D7D49B1CFEB13C305F4126
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

I am not defining any default action.

I would get the below exception if I set the ActionMapping to null. For some reason the object doesn't go away, if I set it to null. After setting it to null using
request.setAttribute("struts.actionMapping", null);    I can get it using getAttribute. The object remains even if I do removeAttribute.

11:57:27,509 ERROR [stderr] (default task-32) Caused by: java.lang.ClassCastException: org.apache.struts2.dispatcher.mapper.ActionMapping cannot be cast to
org.apache.struts2.dispatcher.mapper.ActionMapping
11:57:27,509 ERROR [stderr] (default task-32)     at org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:163)
11:57:27,509 ERROR [stderr] (default task-32)     at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92)
11:57:27,509 ERROR [stderr] (default task-32)     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
11:57:27,509 ERROR [stderr] (default task-32)     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
11:57:27,509 ERROR [stderr] (default task-32)     at com.xxxxx.xxxxxx.LoginFilter.doFilter(LoginFilter.java:52)
11:57:27,509 ERROR [stderr] (default task-32)     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
11:57:27,510 ERROR [stderr] (default task-32)     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
11:57:27,510 ERROR [stderr] (default task-32)     at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
11:57:27,510 ERROR [stderr] (default task-32)     at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
11:57:27,510 ERROR [stderr] (default task-32)     at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
11:57:27,510 ERROR [stderr] (default task-32)     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
11:57:27,510 ERROR [stderr] (default task-32)     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
11:57:27,510 ERROR [stderr] (default task-32)     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
11:57:27,510 ERROR [stderr] (default task-32)     at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:274)
11:57:27,510 ERROR [stderr] (default task-32)     at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:209)
11:57:27,510 ERROR [stderr] (default task-32)     at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:221)
11:57:27,510 ERROR [stderr] (default task-32)     ... 128 more

Below is what I see by displaying the request.getAttribute("struts.actionMapping") after removeAttribute or after setting it to null.
ActionMapping{name='Login', namespace='/', method='null', extension='action', params={}, result=null}

In StrutsPrepareAndExecuteFilter below is the line that gets the action mapping, since the forceLookup is set to true the PrepareOperations class might be creating it again.
ActionMapping mapping = prepare.findActionMapping(request, response, true);


---------------PrepareOperations-------------------------------
public ActionMapping findActionMapping(HttpServletRequest request, HttpServletResponse response, boolean forceLookup) {
        ActionMapping mapping = (ActionMapping) request.getAttribute(STRUTS_ACTION_MAPPING_KEY);
        if (mapping == null || forceLookup) {
            try {
                mapping = dispatcher.getContainer().getInstance(ActionMapper.class).getMapping(request, dispatcher.getConfigurationManager());
                if (mapping != null) {
                    request.setAttribute(STRUTS_ACTION_MAPPING_KEY, mapping);
                }
            } catch (Exception ex) {
                if (dispatcher.isHandleException() || dispatcher.isDevMode()) {
                    dispatcher.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, ex);
                }
            }
        }

        return mapping;
    }
----------------------------------------------

Thanks,
Prasanth


On 03/05/2018 11:49 AM, Yasser Zamani wrote:
>
> On 3/5/2018 7:48 PM, Prasanth wrote:
>> But the Login filter had the below lines to make sure forwarded requests from /context1
>> would work.
>>
>> request.setAttribute("struts.actionMapping", new ActionMapping());
> Please let me discuss this line first of all. I'm still surprised how
> context2 app works with this line! I expect you always get
> ConfigurationException or get the result of the default action. Have you
> set this filter pattern to being applied only on /Login.action? If so,
> still you should get ConfigurationException or get the result of the
> default action (is /Login.action default?). Or maybe you have put these
> two lines in an if statement like if(request has these attributes){...}?
> If not, then do this please; an if statement for each line.
>
> Could you please try `request.setAttribute("struts.actionMapping",
> null)`? then post back the exception if any (I don't expect any). You
> should set to null or remove the attribute. Any other code is wrong.
>
> Regards.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>


--------------A0D7D49B1CFEB13C305F4126--