struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maxime Clement (JIRA)" <>
Subject [jira] [Created] (WW-5029) The content allowed-methods tag of the XML configuration is sometimes truncated
Date Thu, 04 Apr 2019 13:04:00 GMT
Maxime Clement created WW-5029:

             Summary: The content allowed-methods tag of the XML configuration is sometimes
                 Key: WW-5029
             Project: Struts 2
          Issue Type: Bug
          Components: XML Configuration
    Affects Versions: 2.5.18
            Reporter: Maxime Clement

Under WebSphere 8.5, the SAX parser sometimes create multiple text elements to represent
the value of the "allowed-methods" tag found in the struts.xml configuration file. This happens
when the text is read in chunks as stated here: [].

This case is not handled in class XmlConfigurationProvider, which only reads the first child
of the org.w3c.dom.Node returned by the parser (see []).


This means that with this configuration:
The node instance almost always contains a single child [ "method1,method2" ], but randomly
the node instance can contain two children: [ "method1,me", "thod2" ]. As only the first child
is considered, the retrieved text is truncated and the configuration doesn't work.


It happens randomly and cannot be reproduced easily, but we can see in the XmlConfigurationProvider
class that this case has been taken into account for the "result" tag:
 See: [] where
all node children of type Node.TEXT_NODE are concatenated to retrieve the text value, so even
if the SAX parser returns multiple chunks, the word is correctly reconstructed.


As a workaround I created a custom configuration provider that overrides StrutsXmlConfigurationProvider
and redefines the method "buildAllowedMethods" in order to parse all children of the node
object, as done in method "buildResults". Note that the same problem applies for "global-allowed-methods"
as the XmlConfigurationProvider also considers the first child only.


This message was sent by Atlassian JIRA

View raw message