struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bobby Mitch <cel...@yahoo.com>
Subject Re: JBoss 5 RC1 and Struts 2 : Simple validation error (URI scheme is not "file")
Date Thu, 11 Sep 2008 15:19:07 GMT
That is not the same error.

--- On Thu, 9/11/08, Musachy Barroso <musachy@gmail.com> wrote:
From: Musachy Barroso <musachy@gmail.com>
Subject: Re: JBoss 5 RC1 and Struts 2 : Simple validation error (URI scheme is not "file")
To: "Struts Users Mailing List" <user@struts.apache.org>, cel975@yahoo.com
Date: Thursday, September 11, 2008, 7:54 AM

A fix in the code I meant: https://issues.apache.org/struts/browse/WW-2653 .
Grabbing the latest xwork from trunk or release branch and building it,
should fix your problem.

On Thu, Sep 11, 2008 at 10:49 AM, Bobby Mitch <cel975@yahoo.com> wrote:

> What exactly is the fix for this problem then ?
> Thanks
>
> --- On Thu, 9/11/08, Musachy Barroso <musachy@gmail.com> wrote:
> From: Musachy Barroso <musachy@gmail.com>
> Subject: Re: JBoss 5 RC1 and Struts 2 : Simple validation error (URI
scheme
> is not "file")
> To: "Struts Users Mailing List" <user@struts.apache.org>
> Date: Thursday, September 11, 2008, 6:03 AM
>
> The fix in this case is known.
>
> musachy
>
> On Wed, Sep 10, 2008 at 9:30 PM, Struts Two <strutstwo@yahoo.ca>
wrote:
>
> > Do not give up, the game is not still over ..... (you can still do
sth
> > about it)
> >
> > As an alternative, you can import the source code of xwork into ur
> > workspace and remove xwork the jar file, run your code in debug mode,
> find
> > the culprit, fix it. Then you can replace the class file in xwork jar
> file
> > with the one fixed. That is what I usually do on the last resort, and
it
> is
> > garuanteed to work.
> >
> >
> >
> > ----- Original Message ----
> > From: Bobby Mitch <cel975@yahoo.com>
> > To: Struts Users Mailing List <user@struts.apache.org>
> > Sent: Wednesday, September 10, 2008 5:01:14 PM
> > Subject: Re: JBoss 5 RC1 and Struts 2 : Simple validation error (URI
> scheme
> > is not "file")
> >
> > Thanks.
> > Applying the workaround with Struts 2.0.11.1 and XWorks 2.0..4, and
> > modifying struts.xml by adding the interceptor-ref tag does not work:
> >
> > 22:58:02,671 ERROR [[default]] Servlet.service() for servlet default
> threw
> > exception
> > java.lang.IllegalArgumentException: URI scheme is not
"file"
> >     at java.io.File.<init>(Unknown Source)
> >     at
> >
>
>
com..opensymphony.xwork2.validator.ValidatorFactory.parseValidators(ValidatorFactory.java:314)
> >     at
> >
>
>
com.opensymphony.xwork2.validator.ValidatorFactory.<clinit>(ValidatorFactory.java:224)
> >     at
> >
>
>
com.opensymphony.xwork2.validator.AnnotationValidationConfigurationBuilder.processRequiredFieldValidatorAnnotation(AnnotationValidationConfigurationBuilder.java:575)
> >     at
> >
>
>
com.opensymphony.xwork2.validator.AnnotationValidationConfigurationBuilder.processAnnotations(AnnotationValidationConfigurationBuilder..java:149)
> >     at
> >
>
>
com.opensymphony.xwork2.validator.AnnotationValidationConfigurationBuilder.buildAnnotationClassValidatorConfigs(AnnotationValidationConfigurationBuilder.java:783)
> >     at
> >
>
>
com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.buildClassValidatorConfigs(AnnotationActionValidatorManager.java:254)
> >     at
> >
>
>
com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.buildValidatorConfigs(AnnotationActionValidatorManager.java:340)
> >     at
> >
>
>
com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.getValidators(AnnotationActionValidatorManager.java:69)
> >     at
> >
>
>
com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.validate(AnnotationActionValidatorManager.java:138)
> >     at
> >
>
>
com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.validate(AnnotationActionValidatorManager.java:113)
> >     at
> >
>
>
com.opensymphony.xwork2.validator.AnnotationActionValidatorManager.validate(AnnotationActionValidatorManager.java:100)
> >     at
> >
>
>
com.opensymphony.xwork2.validator.ValidationInterceptor.doBeforeInvocation(ValidationInterceptor.java:142)
> >     at
> >
>
>
com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:148)
> >     at
> >
>
>
org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:48)
> >     at
> >
>
>
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:86)
> >     at
> >
>
>
com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)
> >     at
> >
>
>
com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:223)
> >     at
> >
>
>
com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455)
> >     at
> >
>
>
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221)
> >
> >
> > I guess it is game over until a new working release comes out ....
> >
> >
> > --- On Wed, 9/10/08, Struts Two <strutstwo@yahoo.ca> wrote:
> > From: Struts Two <strutstwo@yahoo.ca>
> > Subject: Re: JBoss 5 RC1 and Struts 2 : Simple validation error (URI
> scheme
> > is not "file")
> > To: "Struts Users Mailing List"
<user@struts.apache.org>
> > Date: Wednesday, September 10, 2008, 9:09 AM
> >
> > I believe the issue should be fixed on 2.1.2 (for Websphere at
least),
> but
> > it
> > still remains an issue for Struts 2.0.11.2 (for Websphere users). See
> the
> > email
> > below:
> >
> > ----- Original Message ----
> > From: Rene Gielen <rgielen@apache.org>
> > To: Struts Users Mailing List <user@struts.apache.org>
> > Sent: Wednesday, July 16, 2008 2:40:38 AM
> > Subject: [ANN] Struts 2.0.11.2 General Availability Release with
> Important
> > Security Fix
> > Apache Struts 2.0..11.2 is now available from
> > <http://struts.apache.org/download.cgi#struts20112>.
> > This release is a fast track security fix release, including a
security
> > fixed version 2.0.5 of XWork, which corrects a serious vulnerability
in
> > ParametersInterceptor allowing malicious users to remotely change
server
> > side context objects. For more information about the exploit, visit
our
> > security bulletins page at
> > <http://struts.apache.org/2.0.11.2/docs/s2-003.html>.
> > IMPORTANT ADDITIONAL NOTES:
> > There are two known issues with this release:
> > 1. the integrated XWork 2.0.5 jar may cause problems when used in a
> > combination of WebSphere 6.1 runtime environments with validation
> > configuration via XML files.
> > Possible Workarounds:
> > - use annotation based validation definition instead XML based
> > - stay with Struts 2.0..11.1 including XWork 2.0.4, applying the
> >   following exclude rule to your parameter interceptor refs in
> >   struts.xml
> >   <interceptor-ref name="params">
> >       <param
> >
>
name="excludeParams">.*[[^\\p{Graph}][\\\\#:=]].*</param>
> >   </interceptor-ref>
> > 2. the filtering mechanism implemeted in XWork's
ParametersInterceptor
> > to fix the described security issue does not completely avoid any
> > possible malicious parameter name.
> > Possible Workaround:
> > - apply the following exclude rule to your parameter interceptor refs
in
> >   struts.xml to avoid the usage of backslash characters in parameter
> >   names
> >   <interceptor-ref name="params">
> >       <param
> > name="excludeParams">.*\\.*</param>
> >   </interceptor-ref>
> > Both issues will be addressed in a soon upcoming XWork 2..0.6
release,
> > followed by a new Struts 2.0 GA release including this new XWork
version.
> > * All developers are advised to either update Struts 2 applications
to
> > Struts 2.0.11.2 or manually exchange usages of xwork-2.0.x.jar with
the
> > fixed xwork-2.0.5.jar to prevent remotety induced context
manipulations.
> > For the complete release notes for Struts 2.0.11.2, see
> >
<http://struts.apache.org/2.0.11.2/docs/release-notes-20112.html>.
> >
> > - The Apache Struts Team.
> >
> >
> >      
__________________________________________________________________
> > Connect with friends from any web browser - no download required. Try
the
> > new
> > Yahoo! Canada Messenger for the Web BETA at
> > http://ca.messenger.yahoo.com/webmessengerpromo.php
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
> >      
__________________________________________________________________
> > Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark
your
> > favourite sites. Download it now at
> > http://ca.toolbar.yahoo.com..
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
>
>
> --
> "Hey you! Would you help me to carry the stone?" Pink Floyd
>
>
>
>
>



-- 
"Hey you! Would you help me to carry the stone?" Pink Floyd



      
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message