struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Norbert Hirneisen <>
Subject Fwd: Re: Struts2 login action class seems to be reused
Date Fri, 02 Mar 2018 23:55:15 GMT
Hi Prasanth,

are you sure all your struts1 code is thread safe ? I had some similiar
problems in a struts1 application. After removing all action class
properties the problem was solved. Struts2 should be thread safe. But
your problems looks to me like a problem with thread safety.

Best regards,


science + communication & HaNo Systems


Am 02.03.2018 um 22:07 schrieb Prasanth Pasala:
> I was able to replicate the issue today. Asked few users to keep logging in and ran jmeter
to access login page, with out putting any username or password. Out of the 100 attempts 2
attempts were
> successful in getting in with out username/password. I am seeing database login entries
for these two. Which would happen only if a valid session is not present and user has provided
> Thanks,
> Prasanth
> On 03/01/2018 02:27 PM, Prasanth wrote:
>> Hi,
>> I have an application which uses both struts1 & struts2. The login action was
recently moved to struts2. Immediately after the deployment we were notified that one user
is seeing a different user
>> information, so we had to move to older war files. I am not able to replicate it.
But after investigating the logs it seems like couple users were logged in as soon as they
requested the login page.
>> For the database entry to happen it has to verify the username and password in the
action class, but the fact that there is no POST entry at that time from that IP in my access
log makes me believe
>> that the action class some how already had that information from a prior user.
>> I do have a login filter to check if users are logged in when accessing other pages.
In this filter I have the below two lines, we had to do this as we will have requests forwarded
from one
>> application to another and when that happens we are getting class cast exception
for ActionMapping class and valueStack. Not sure if the behavior is a side effect of having
the below lines.
>>              request.setAttribute("struts.actionMapping", new ActionMapping());
>>              request.setAttribute("struts.valueStack", null);
>> We are using Struts 2.3.34 and Wildfly.
>> Appreciate any insights you might have.
>> Thanks,
>> Prasanth

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message