Mailing-List: contact user-help@struts.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Struts Users Mailing List" <user@struts.apache.org>
MIME-Version: 1.0
In-Reply-To: <52E7FCC9.90108@conicet.gov.ar>
References: <52E7FCC9.90108@conicet.gov.ar>
From: Lukasz Lenart <lukaszlenart@apache.org>
Date: Wed, 29 Jan 2014 07:21:58 +0100
Message-ID: 
 <CAMopvkPO7NmPPpNcdZUOfAC16QSaPiWRbHwZZisfTVb4A=VtVg@mail.gmail.com>
Subject: Re: Regarding latest struts 2.3.x changes and issues with DMI and
 Wildcards
To: Struts Users Mailing List <user@struts.apache.org>
Cc: Diego Barrabino <dbarrabino@conicet.gov.ar>,
 Juan Pablo Soto <jpsoto@conicet.gov.ar>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

As from 2.3.15.2 action: prefix is disabled by default (this is how
<s:submit action=3D"..."/> is rendered), to enable it you must add the
below constant to struts.properties or struts.xml:

### Disables support for action: prefix
struts.mapper.action.prefix.enabled =3D false


Regards
--=20
=C5=81ukasz
+ 48 606 323 122 http://www.lenart.org.pl/

2014-01-28 Manuel L=C3=B3pez Blasi <lopezblasi@conicet.gov.ar>:
> Hello,
> hi to everyone,
> i've been researching the last week all over the web in relation to the l=
ast
> 3 or 4 versions of struts 2.3.x,
> it is in my understanding that certain changes have been applied to the
> framework regarding security issues as
> mentioned in
> https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.16
> security fixes from version 2.3.15.1, 2.3.15.2 , 2.3.15.3 and 2.3.16
>
> My organization is currently using struts version 2.1.8.1 , so far we've
> been able to call methods from an action class from jsp,
> executing directly the method specified in the submit tag of jsp, we're
> using stuff like this:
>
> <s:submit cssClass=3D"CformBoton" action=3D"registrarNovedad_registrar"
> value=3D"Registrar"/>
> <s:submit cssClass=3D"CformBoton" action=3D"registrarNovedad_volver"
> value=3D"Volver"/>
>
> where the action attribute specifies action=3D"registrarNovedad_registrar=
"  ,
> that would be to call the action "registrarNovedad"
> and execute the method "registrar". Together with wildcard mappings,
> everything works beautyfully as expected, in this case we use:
> <action name=3D"registrarNovedad_*" method=3D"{1}"
> class=3D"ar.gov.conicet.apps.sigerh.presentation.administrador.CRegistrar=
NovedadAction">
>
> Up to here everything is fine but now we're trying to migrate from versio=
n
> 2.1.8.1 to 2.3.16 and suddenly this kind of stuff stopped working.
> I've been trying to make it work, using as template the examples that com=
e
> bundled with the last package available, struts 2.3.16, the proyect
> "struts2-blank",
> wich is about the smallest proyect one can concieve i think, so there're =
no
> doubts or mistakes of configuration or anything is else.
>
> For what i've been able to see the syntax for s:submit tag has changed? I=
t
> doesn't react anymore to action=3D"registrarNovedad_registrar"
> so that this doesn't work anymore: <s:submit cssClass=3D"CformBoton"
> action=3D"registrarNovedad_registrar" value=3D"Registrar"/>
> instead i've been able to make it work with <s:submit
> name=3D"method:registrar" value=3D"Registrar"/> and proper configuration =
in
> struts.xml
> <constant name=3D"struts.enable.DynamicMethodInvocation" value=3D"true" /=
>. It
> doesn't work with DynamicMethodInvocation set to false, it just doesn't f=
ire
> up the method.
>
> I tried every possible combination of configurations, actionPRoxy
> interceptors, ActionMappers , retried with other combinations, changed
> acceptedParams and excludeParams in ParametersInterceptor
> and nothing seems to work.
>
> I'm a bit confused about Dynamic Method Invocation and Wildcards as i
> believe, since the documentation i have read, that those are 2 differente
> concepts/technologies.
> In our proyect we have
> <constant name=3D"struts.enable.DynamicMethodInvocation" value=3D"false" =
/>
> in struts.xml and this works perfect:
> <s:submit cssClass=3D"CformBoton" action=3D"registrarNovedad_registrar"
> value=3D"Registrar"/>
> by perfect i mean that if you click the button it will take you to the
> action and method specified en the action attribute.
> No luck on latest versions.
>
>
> So here's my question:
> Did the syntax of submit tag changed or has it been deprecated?
> (name=3D"method:myMethod" VS. action=3D"MyAction_MyMethod")
>
> is there some way i can make my project work with DynamicMethodInvocation
> set to false (turned off) using the same old syntax of submit tags and so
> that i can call a method directly from jsp?
>
> Judging by the looks of what i've been researching all these are changes
> related to security issues regarding Dynamic Method Invocation, i'm about=
 to
> drop the update and keep with the old version
> as the impact of not being able to call method from jsp would be so huge =
in
> the proyect and would require a mayor rewrite of it, it's litterally
> impossible right now, u maybe somebody already got stuck
> with this very same issues and have clues or solutions to this.
>
> Thank you very much for your time,
> greetings to struts2 team for the great work and efforts.
>
> I hope somebody knows about this.
>
> Thanks a lot.
>
>
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org