[ https://issues.apache.org/jira/browse/WW-4957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16605407#comment-16605407
]
Konstantinos commented on WW-4957:
----------------------------------
I have a Resources folder on Server which includes a lot of global properties for different
languages. This folder is filled by another system. I want my application to see this folder
and read the properties. If you see in pom.xml there is a line where i have excluded global.properties
because my app want to read the external resources folder and not from resource bundle. Before
the update of struts version it worked as expected.
{code:java}
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>lu.op</groupId>
<artifactId>bou</artifactId>
<version>2.03.00</version>
<packaging>war</packaging>
<organization>
<name>Bou Dyn</name>
</organization>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<config.directory>src/main/conf</config.directory>
<skip.static.analysis>true</skip.static.analysis>
<skip.unit.test>true</skip.unit.test>
<jdk.version>1.7</jdk.version>
<svnkit.version>1.8.5</svnkit.version>
<struts.version>2.5.17</struts.version>
</properties>
<prerequisites>
<maven>3.0</maven>
</prerequisites>
<profiles>
<profile>
<id>dev</id>
<build>
<finalName>${project.artifactId}</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<executions>
<execution>
<id>enforce-versions</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireMavenVersion>
<version>[3.0.0,)</version>
</requireMavenVersion>
<requireJavaVersion>
<version>${jdk.version}</version>
</requireJavaVersion>
<requirePluginVersions>
<message>Best Practice is to always define plugin versions!</message>
</requirePluginVersions>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-antrun-plugin</artifactId>
<version>1.3</version>
<executions>
<execution>
<phase>compile</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<tasks>
<echo>Setup configuration files - dev</echo>
<!-- <copy file="${config.directory}/test/struts.properties"
tofile="${project.build.outputDirectory}/struts.properties"
/> -->
</tasks>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>test</id>
<build>
<finalName>${project.artifactId}</finalName>
<plugins>
<plugin>
<artifactId>maven-antrun-plugin</artifactId>
<version>1.3</version>
<executions>
<execution>
<phase>compile</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<tasks>
<echo>Setup configuration files - dev</echo>
<!-- <copy file="${config.directory}/test/struts.properties"
tofile="${project.build.outputDirectory}/struts.properties"
/> -->
</tasks>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat6-maven-plugin</artifactId>
<version>2.3-SNAPSHOT</version>
<configuration>
<port>8081</port>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>delivery</id>
<build>
<plugins>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.12.4</version>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
<plugin>
<artifactId>maven-antrun-plugin</artifactId>
<version>1.3</version>
<executions>
<execution>
<phase>compile</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<tasks>
<echo>Setup configuration files - delivery</echo>
<!-- <copy file="${config.directory}/delivery/struts.properties"
tofile="${project.build.outputDirectory}/struts.properties"
/> -->
</tasks>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>install-dependencies</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>2.4</version>
<executions>
<execution>
<id>install-ee</id>
<phase>process-resources</phase>
<goals>
<goal>install-file</goal>
</goals>
<configuration>
<groupId>ee.bou.client</groupId>
<artifactId>ee-tomcat-7.0</artifactId>
<version>4.19.2</version>
<file>${project.basedir}/lib/ee/ee-tomcat-7.0-4.19.2.jar</file>
<packaging>jar</packaging>
</configuration>
</execution>
<execution>
<id>install-ojdbc</id>
<phase>process-resources</phase>
<goals>
<goal>install-file</goal>
</goals>
<configuration>
<groupId>com.oracle</groupId>
<artifactId>ojdbc6</artifactId>
<version>11.2.0.3</version>
<file>lib/ojdbc/ojdbc6.jar</file>
<packaging>jar</packaging>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
<build>
<finalName>${project.artifactId}</finalName>
<resources>
<resource>
<directory>src/main/resources</directory>
<excludes>
<exclude>ee-config-bou.properties</exclude>
<exclude>jure.properties</exclude>
<exclude>db.properties</exclude>
<exclude>global*.properties</exclude>
<exclude>readme.txt</exclude>
</excludes>
</resource>
</resources>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<skipTests>${skip.unit.test}</skipTests>
<reuseForks>true</reuseForks>
<forkCount>1</forkCount>
<argLine>${jvm.config}</argLine>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.10.3</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.4.1</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>buildnumber-maven-plugin</artifactId>
<version>1.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-eclipse-plugin</artifactId>
<version>2.9</version>
<configuration>
<downloadSources>true</downloadSources>
<downloadJavadocs>true</downloadJavadocs>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<version>3.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>2.3</version>
<!-- <configuration> <outputDirectory>${assemblies.output.directory}</outputDirectory>
<finalName>${assembly.finalName}</finalName> </configuration>
-->
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>2.5</version> <!-- Cannot be upgraded because of a
filtering bug. -->
<configuration>
<includeEmptyDirs>true</includeEmptyDirs>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
<version>2.7</version>
<configuration>
<formats>
<format>xml</format>
</formats>
<forceMojoExecution>true</forceMojoExecution>
</configuration>
<executions>
<execution>
<phase>post-integration-test</phase>
<goals>
<goal>cobertura</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>${jdk.version}</source>
<target>${jdk.version}</target>
<showDeprecation>true</showDeprecation>
<showWarnings>true</showWarnings>
</configuration>
<version>3.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>2.5</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>2.7</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>2.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>2.15</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>check</goal>
</goals>
<configuration>
<configLocation>legap-config/src/main/resources/legap-checkstyle.xml</configLocation>
<consoleOutput>true</consoleOutput>
<failsOnError>true</failsOnError>
<suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression>
<skip>${skip.static.analysis}</skip>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>2.5.5</version>
<configuration>
<effort>Default</effort>
<threshold>Medium</threshold>
<maxRank>15</maxRank>
<skip>${skip.static.analysis}</skip>
<findbugsXmlOutput>true</findbugsXmlOutput>
<xmlOutput>true</xmlOutput>
<failOnError>false</failOnError>
</configuration>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- TODO: validate <plugin> <groupId>org.codehaus.mojo</groupId>
<artifactId>buildnumber-maven-plugin</artifactId>
<executions> <execution> <phase>validate</phase> <goals>
<goal>create</goal>
</goals> </execution> </executions> <configuration> <doCheck>false</doCheck>
<doUpdate>false</doUpdate> <providerImplementations> <svn>javasvn</svn>
</providerImplementations>
</configuration> <dependencies> <dependency> <groupId>com.google.code.maven-scm-provider-svnjava</groupId>
<artifactId>maven-scm-provider-svnjava</artifactId> <version>2.0.5</version>
</dependency> <dependency> <groupId>org.tmatesoft.svnkit</groupId>
<artifactId>svnkit</artifactId>
<version>${svnkit.version}</version> </dependency> </dependencies>
</plugin> -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.1.1</version>
<configuration>
<encoding>UTF-8</encoding>
<webResources>
<resource>
<filtering>true</filtering>
<directory>src/main/webapp</directory>
</resource>
</webResources>
<archive>
<manifestEntries>
<Build>${buildNumber}</Build>
<Compiler-source>${jdk}</Compiler-source>
<Implementation-Title>${project.artifactId}</Implementation-Title>
<Implementation-Version>${project.version}</Implementation-Version>
<Implementation-Vendor-Id>${project.groupId}</Implementation-Vendor-Id>
<Implementation-Vendor>${project.organization.name}</Implementation-Vendor>
<Implementation-Build>${buildNumber}</Implementation-Build>
<Implementation-Timestamp>${timestamp}</Implementation-Timestamp>
</manifestEntries>
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<dependencies>
<!-- https://mvnrepository.com/artifact/javax.mail/mail -->
<dependency>
<groupId>javax.mail</groupId>
<artifactId>mail</artifactId>
<version>1.4</version>
</dependency>
<!-- COMMONS -->
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.0.1</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.6</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging-api</artifactId>
<version>1.1</version>
</dependency>
<dependency>
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
<version>3.15.0-GA</version>
</dependency>
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc6</artifactId>
<version>11.2.0.3</version>
<scope>provided</scope>
</dependency>
<!-- ECAS -->
<dependency>
<groupId>eu.europa.ec.digit.iam.ecas.client</groupId>
<artifactId>ecas-tomcat-7.0</artifactId>
<version>4.19.2</version>
<scope>provided</scope>
</dependency>
<!-- FREEMARKER -->
<dependency>
<groupId>org.freemarker</groupId>
<artifactId>freemarker</artifactId>
<version>2.3.23</version>
</dependency>
<!-- HIBERNATE -->
<dependency>
<groupId>antlr</groupId>
<artifactId>antlr</artifactId>
<version>2.7.7</version>
</dependency>
<dependency>
<groupId>dom4j</groupId>
<artifactId>dom4j</artifactId>
<version>1.6.1</version>
</dependency>
<dependency>
<groupId>org.hibernate.common</groupId>
<artifactId>hibernate-commons-annotations</artifactId>
<version>4.0.1.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>4.1.8.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>4.1.8.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate.javax.persistence</groupId>
<artifactId>hibernate-jpa-2.0-api</artifactId>
<version>1.0.1.Final</version>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
<version>3.1.0.GA</version>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.transaction</groupId>
<artifactId>jboss-transaction-api_1.1_spec</artifactId>
<version>1.0.0.Final</version>
</dependency>
<!-- J2EE -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<!-- LOG4J -->
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.8.2</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.8.2</version>
</dependency>
<!-- STRUTS -->
<dependency>
<groupId>ognl</groupId>
<artifactId>ognl</artifactId>
<version>3.1.12</version>
</dependency>
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-core</artifactId>
<version>${struts.version}</version>
</dependency>
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-json-plugin</artifactId>
<version>2.5.10</version>
</dependency>
<!-- JUNIT -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
</dependencies>
<repositories>
<repository>
<id>Maven Snapshots</id>
<url>http://snapshots.maven.codehaus.org/maven2/</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>false</enabled>
</releases>
</repository>
</repositories>
<distributionManagement>
<repository>
<id>arhs-repo-releases</id>
<name>Arhs Release Repository</name>
<url>http://maven.aris-lux.lan/nexus/content/repositories/ARhS/</url>
</repository>
<snapshotRepository>
<id>arhs-repo-snapshots</id>
<name>Arhs Release Repository</name>
<url>http://maven.aris-lux.lan/nexus/content/repositories/arhs-snapshots/</url>
</snapshotRepository>
</distributionManagement>
</project>
{code}
> Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider
cannot be used instead.
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WW-4957
> URL: https://issues.apache.org/jira/browse/WW-4957
> Project: Struts 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.5.17
> Reporter: Konstantinos
> Assignee: Lukasz Lenart
> Priority: Major
> Fix For: 2.6
>
> Original Estimate: 72h
> Remaining Estimate: 72h
>
> I have an application that uses struts version 2.5.10.1. i want to update it to version
2.5.17 after the announcement of the Apache Software Foundation that Struts 2.5 to 2.5.16
versions are vulnerable to remote attackers. In my current version i use a struts-core library
class called LocalizedTextUtil to load messages from the global message bundle. My code below:
> {code:java}
> private void initialiseMessageBundle() throws InitializationError{
> LOG.info("Loading global messages from " + DEFAULT_RESOURCE);
> URL[] urls;
> try {
> String resourceFolder = PropertiesManager.get(Constants.PROP_RESOURCES_FOLDER);
> File file = new File(resourceFolder);
> if (!file.exists() || !file.isDirectory()){
> LOG.error("file not found: path(" + Constants.PROP_RESOURCES_FOLDER + ")
= " + resourceFolder);
> throw new InitializationError("External resource not found file not found");
> } else {
> LOG.debug("resources file: " + file.toURI().toURL());
> }
> URL url = file.toURI().toURL();
> urls = new URL[]{url};
> ClassLoader cl = new URLClassLoader(urls);
> LocalizedTextUtil.setDelegatedClassLoader(cl);
> LocalizedTextUtil.addDefaultResourceBundle("global");
> } catch (MalformedURLException e) {
> throw new InitializationError("MalformedURLException occured during the messageBundle
initialisation", e);
> }
> LOG.info("Global messages loaded.");
> }
> {code}
>
> After updating the struts version to 2.5.17 the *LocalizedTextUtil* class is removed.
Although i create a new instance of class *GlobalLocalizedTextProvider* and *StrutsLocalizedTextProvider*
and used the same methods (*setDelegatedClassLoader*,*addDefaultResourceBundle*) my messages are
not been loaded. Also i create a bean of these classes on struts.xml and tried to inject
it but again without success. Do you have any thought how can i replace the LocalizedTextUtil
in my code above?
> Thank you.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
|