struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prasanth <>
Subject Struts2 login action class seems to be reused
Date Thu, 01 Mar 2018 20:27:43 GMT

I have an application which uses both struts1 & struts2. The login action was recently
moved to struts2. Immediately after the deployment we were notified that one user is seeing
a different user
information, so we had to move to older war files. I am not able to replicate it. But after
investigating the logs it seems like couple users were logged in as soon as they requested
the login page.
For the database entry to happen it has to verify the username and password in the action
class, but the fact that there is no POST entry at that time from that IP in my access log
makes me believe
that the action class some how already had that information from a prior user.

I do have a login filter to check if users are logged in when accessing other pages. In this
filter I have the below two lines, we had to do this as we will have requests forwarded from
application to another and when that happens we are getting class cast exception for ActionMapping
class and valueStack. Not sure if the behavior is a side effect of having the below lines.

            request.setAttribute("struts.actionMapping", new ActionMapping());   
            request.setAttribute("struts.valueStack", null);

We are using Struts 2.3.34 and Wildfly.

Appreciate any insights you might have.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message