struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Issue in migration from struts2.3.35 to struts2.5.22
Date Wed, 28 Oct 2020 14:28:45 GMT
śr., 28 paź 2020 o 11:55 Peer Mohammad <peer4026@gmail.com> napisał(a):
> Please find the web.xml and struts.xml file. I have observed that many library classes
are not available in strut2-tiles-plugin file and xwork some package in struts-core-2.5.22
compare to struts2.3.35.

Not sure what do you mean by that? Which classes are missing? XWork
was merged into Struts Core and there is no additional jar anymore.
Maybe you are mixing different jars in your app, do you use Maven to
control dependencies? Could you list jars from the lib folder?

Also did you use a proper DTD in your tiles.xml files as mentioned
here https://cwiki.apache.org/confluence/display/WW/Struts+2.3+to+2.5+migration#Struts2.3to2.5migration-Tiles

<!DOCTYPE tiles-definitions PUBLIC
       "-//Apache Software Foundation//DTD Tiles Configuration 3.0//EN"
       "http://tiles.apache.org/dtds/tiles-config_3_0.dtd">

> Web.xml
>
> <?xml version="1.0" encoding="UTF-8"?>
> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
>          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>          xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
>                  http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
>          version="3.1">
>         <display-name>CHEETTA_online</display-name>
>         <!-- <context-param>
>                 <param-name>org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG</param-name>
>                 <param-value>/WEB-INF/tiles.xml</param-value>
>         </context-param> -->
>         <listener>
>                 <listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class>
>         </listener>
>
>         <!-- For Veracode CSRF issue - Added the below filters - Start -->
>         <!-- Generates CSRF token and keeps in session and request objects -->
>         <filter>
>     <filter-name>CSRFTokenFilter</filter-name>
>     <filter-class>com.sbc.cheetta.common.framework.filter.GenerateCSRFTokenFilter</filter-class>
>         </filter>
>         <filter-mapping>
>             <filter-name>CSRFTokenFilter</filter-name>
>             <url-pattern>/*</url-pattern>
>         </filter-mapping>
>          <filter-mapping>
>             <filter-name>CSRFTokenFilter</filter-name>
>             <url-pattern>*.action</url-pattern>
>         </filter-mapping>
>         <filter-mapping>
>             <filter-name>CSRFTokenFilter</filter-name>
>             <url-pattern>*.do</url-pattern>
>         </filter-mapping>

This is duplication, just /* is enough, remove other patterns

>         <!-- Filter for validating CSRF attack-->
>         <filter>
>     <filter-name>CSRFValidationFilter</filter-name>
>     <filter-class>com.sbc.cheetta.common.framework.filter.CSRFValidationFilter</filter-class>
>      <init-param>
>         <param-name>excludedUrls</param-name>
>         <!-- Comma separated list of excluded servlets  -->
>         <param-value>/index.jsp,/Welcome.do,/Logoff.do,/LogonSubmit.do,/networkEditProfileLinker.do,/images/swmainmenubutton.gif,/images/att_logo.gif,/images/mwmainmenubutton.gif,/images/admin.gif,/theme/Master.css,/images/wmainmenubutton.gif,/images/atmainmenubutton.gif,/images/bg_header1024.gif,/images/bg_footer1024.gif,/images/bg_header1024.gif</param-value>
>      </init-param>
>         </filter>
>         <filter-mapping>
>             <filter-name>CSRFValidationFilter</filter-name>
>             <url-pattern>/*</url-pattern>
>         </filter-mapping>
>         <!-- For Veracode CSRF issue - Added the below filters - End -->
>
>         <filter>
>                 <filter-name>xFrameOptionsFilter</filter-name>
>                 <filter-class>com.sbc.cheetta.common.framework.filter.XFrameOptionsFilter</filter-class>
>         </filter>
>         <filter-mapping>
>                 <filter-name>xFrameOptionsFilter</filter-name>
>                 <url-pattern>*.action</url-pattern>
>         </filter-mapping>
>         <filter-mapping>
>                 <filter-name>xFrameOptionsFilter</filter-name>
>                 <url-pattern>*.do</url-pattern>
>         </filter-mapping>
>         <filter>
>                 <filter-name>struts2</filter-name>
>                 <filter-class>org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter</filter-class>
>                 <init-param>
>                         <param-name>actionPackages</param-name>
>                         <param-value>com.sbc.cheetta.actions</param-value>
>                 </init-param>
>         </filter>
>         <filter-mapping>
>                 <filter-name>struts2</filter-name>
>                 <url-pattern>/*</url-pattern>
>         </filter-mapping>
>         <filter-mapping>
>         <filter-name>struts2</filter-name>
>         <url-pattern>*.action</url-pattern>
>     </filter-mapping>
>         <filter-mapping>
>                 <filter-name>struts2</filter-name>
>                 <url-pattern>*.do</url-pattern>
>         </filter-mapping>

Same here, just left /* pattern


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message