date:20201128

[struts] branch master updated (1bf0e12 -> 3949cd0)

2020-11-28 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git.


from 1bf0e12  Merge pull request #450 from 
apache/WW-3730-use-params-directly
 add a1c5284  WW-4929 Adds support for Accept-Language header when looking 
up Locale
 new 3949cd0  Merge pull request #451 from 
apache/WW-4929-support-accept-language

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../struts2/interceptor/I18nInterceptor.java   | 70 ++
 .../struts2/interceptor/I18nInterceptorTest.java   | 43 +++--
 2 files changed, 96 insertions(+), 17 deletions(-)

[struts] 01/01: Merge pull request #451 from apache/WW-4929-support-accept-language

2020-11-28 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 3949cd03e50aaf7881a3550c04ff3a2ffa8c4bb7
Merge: 1bf0e12 a1c5284
Author: Lukasz Lenart 
AuthorDate: Sat Nov 28 10:16:59 2020 +0100

Merge pull request #451 from apache/WW-4929-support-accept-language

[WW-4929] Adds support for Accept-Language header when looking up Locale

 .../struts2/interceptor/I18nInterceptor.java   | 70 ++
 .../struts2/interceptor/I18nInterceptorTest.java   | 43 +++--
 2 files changed, 96 insertions(+), 17 deletions(-)

[struts-site] branch i18-sec created (now 4514ff8)

2020-11-28 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch i18-sec
in repository https://gitbox.apache.org/repos/asf/struts-site.git.


  at 4514ff8  WW-4929 Updates description about I18Interceptor with support 
for Accept-Language Updates Security Guide with notice about forced expression 
evaluation

This branch includes the following new commits:

 new 4514ff8  WW-4929 Updates description about I18Interceptor with support 
for Accept-Language Updates Security Guide with notice about forced expression 
evaluation

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[struts-site] 01/01: WW-4929 Updates description about I18Interceptor with support for Accept-Language Updates Security Guide with notice about forced expression evaluation

2020-11-28 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch i18-sec
in repository https://gitbox.apache.org/repos/asf/struts-site.git

commit 4514ff878ed4ee0f084fdb19380a8d41286c5b5d
Author: Lukasz Lenart 
AuthorDate: Sat Nov 28 10:40:11 2020 +0100

WW-4929 Updates description about I18Interceptor with support for 
Accept-Language
Updates Security Guide with notice about forced expression evaluation
---
 source/core-developers/i18n-interceptor.md |   6 +-
 source/security/index.md   | 100 ++---
 2 files changed, 67 insertions(+), 39 deletions(-)

diff --git a/source/core-developers/i18n-interceptor.md 
b/source/core-developers/i18n-interceptor.md
index 09a3dd7..a9585a2 100644
--- a/source/core-developers/i18n-interceptor.md
+++ b/source/core-developers/i18n-interceptor.md
@@ -32,7 +32,11 @@ US English is saved in the user's session and will be used 
for all future reques
  - `requestOnlyParameterName` (optional) - the name of the HTTP request 
parameter that dictates the locale to switch to 
for the current request only, without saving it in the session. By default 
this is `request_only_locale`
  - `attributeName` (optional) - the name of the session key to store the 
selected locale. By default this is `WW_TRANS_I18N_LOCALE`
- - `localeStorage` (optional) - the name of storage location, it can be 
`none`, `session` or `cookie`. By default this is `session`
+ - `localeStorage` (optional) - the name of storage location, it can be 
`accept_language`, `request`, `session` or `cookie`,
+   by default this is `session`.
+ - `supportedLocale` (optional) - a set of comma separated locale supported by 
the application, once `storage` is set
+   to `accept_language`, interceptor will try to match `supportedLocale` with 
locale provided in `Accept-Language` header.
+   (since Struts 2.6). 
 
 ## Examples
 
diff --git a/source/security/index.md b/source/security/index.md
index 00ce3f4..cbbd8be 100644
--- a/source/security/index.md
+++ b/source/security/index.md
@@ -18,7 +18,7 @@ you should consider during application development with the 
Apache Struts 2.
 ### Restrict access to the Config Browser Plugin
 
 [Config Browser Plugin](../plugins/config-browser/) exposes internal 
configuration and should be used only during 
-development phase. If you must use it on production site, we strictly 
recommend restricting access to it - you can use  
+development phase. If you must use it on production site, we strictly 
recommend restricting access to it - you can use  
 Basic Authentication or any other security mechanism (e.g. [Apache 
Shiro](https://shiro.apache.org/))
 
 ### Don't mix different access levels in the same namespace
@@ -42,10 +42,9 @@ by security level.
 ### Never expose JSP files directly
 
 You must always hide JSP file behind an action, you cannot allow for direct 
access to the JSP files as this can leads 
-to unpredictable security vulnerabilities. You can achieve this by putting all 
your JSP files under the `WEB-INF` folder 
-- most of the JEE containers restrict access to files placed under the 
`WEB-INF` folder. Second option is to add security 
-constraint to the `web.xml` file:
-
+to unpredictable security vulnerabilities. You can achieve this by putting all 
your JSP files under the `WEB-INF` folder 
+- most of the JEE containers restrict access to files placed under the 
`WEB-INF` folder. Second option is to add security 
+constraint to the `web.xml` file:
 
 ```xml
 
@@ -70,19 +69,17 @@ The best approach is to used the both solutions.
 
 ### Disable devMode
 
-The `devMode` is a very useful option during development time, allowing for 
deep introspection and debugging into you app.
+The `devMode` is a very useful option during development time, allowing for 
deep introspection and debugging into you app.
 
 However, in production it exposes your application to be presenting too many 
informations on application's internals 
-or to evaluating risky parameter expressions. Please **always disable** 
`devMode` before deploying your application 
+or to evaluating risky parameter expressions. Please **always disable** 
`devMode` before deploying your application 
 to a production environment. While it is disabled by default, your 
-`struts.xml` might include a line setting it to `true`. The best way is to 
ensure the following setting is applied 
-to our `struts.xml` for production deployment:
-
+`struts.xml` might include a line setting it to `true`. The best way is to 
ensure the following setting is applied 
+to our `struts.xml` for production deployment:
 
 ```xml
 
 ```
- 
 
 ### Reduce logging level
 
@@ -90,7 +87,6 @@ to our `struts.xml` for production deployment:
  a lot of logging entries which will pollute the log file. You can even set 
logging level to **WARN** for classes that 
  belongs to the framework, see example Log4j2 configuration:
 
-
 ```xml
 
 
@@ -111,10 +107,9 @@ to our `stru

[struts] branch master updated: WW-4929 Uses Accept-Language first, then fallbacks to Request

2020-11-28 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git


The following commit(s) were added to refs/heads/master by this push:
 new 2fb9b9c  WW-4929 Uses Accept-Language first, then fallbacks to Request
2fb9b9c is described below

commit 2fb9b9c77fb518bf47a631722dd565eb96212ee1
Author: Lukasz Lenart 
AuthorDate: Sat Nov 28 10:46:48 2020 +0100

WW-4929 Uses Accept-Language first, then fallbacks to Request
---
 .../struts2/interceptor/I18nInterceptor.java   | 24 ++
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git 
a/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java 
b/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
index 5964693..e7d489e 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
@@ -161,7 +161,7 @@ public class I18nInterceptor extends AbstractInterceptor {
 } else if (this.storage == Storage.REQUEST) {
 localeHandler = new RequestLocaleHandler(invocation);
 } else {
-localeHandler = new AcceptLanguageHandler(invocation);
+localeHandler = new AcceptLanguageLocaleHandler(invocation);
 }
 
 LOG.debug("Using LocaleFinder implementation {}", 
localeHandler.getClass().getName());
@@ -276,32 +276,30 @@ public class I18nInterceptor extends AbstractInterceptor {
 }
 }
 
-protected class AcceptLanguageHandler extends RequestLocaleHandler {
+protected class AcceptLanguageLocaleHandler extends RequestLocaleHandler {
 
-protected AcceptLanguageHandler(ActionInvocation invocation) {
+protected AcceptLanguageLocaleHandler(ActionInvocation invocation) {
 super(invocation);
 }
 
 @Override
 @SuppressWarnings("rawtypes")
 public Locale find() {
-Enumeration locales = 
actionInvocation.getInvocationContext().getServletRequest().getLocales();
-while (locales.hasMoreElements()) {
-Locale locale = (Locale) locales.nextElement();
-if (supportedLocale.contains(locale)) {
-return locale;
+if (supportedLocale.size() > 0) {
+Enumeration locales = 
actionInvocation.getInvocationContext().getServletRequest().getLocales();
+while (locales.hasMoreElements()) {
+Locale locale = (Locale) locales.nextElement();
+if (supportedLocale.contains(locale)) {
+return locale;
+}
 }
 }
 return super.find();
 }
 
-@Override
-public boolean shouldStore() {
-return false;
-}
 }
 
-protected class SessionLocaleHandler extends RequestLocaleHandler {
+protected class SessionLocaleHandler extends AcceptLanguageLocaleHandler {
 
 protected SessionLocaleHandler(ActionInvocation invocation) {
 super(invocation);

[struts] branch master updated: WW-4929 Uses Accept-Language first even with cookies, then fallbacks to Request

2020-11-28 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git


The following commit(s) were added to refs/heads/master by this push:
 new a72d1a8  WW-4929 Uses Accept-Language first even with cookies, then 
fallbacks to Request
a72d1a8 is described below

commit a72d1a8ddfa82d0f11c6058a8a4489c24ae89141
Author: Lukasz Lenart 
AuthorDate: Sat Nov 28 10:54:00 2020 +0100

WW-4929 Uses Accept-Language first even with cookies, then fallbacks to 
Request
---
 core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java 
b/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
index e7d489e..e0f978f 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
@@ -368,7 +368,7 @@ public class I18nInterceptor extends AbstractInterceptor {
 }
 }
 
-protected class CookieLocaleHandler extends RequestLocaleHandler {
+protected class CookieLocaleHandler extends AcceptLanguageLocaleHandler {
 protected CookieLocaleHandler(ActionInvocation invocation) {
 super(invocation);
 }

[struts-site] branch i18-sec updated: WW-4929 Adds a note about session and cookie storage option

2020-11-28 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch i18-sec
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/i18-sec by this push:
 new 5020bcc  WW-4929 Adds a note about session and cookie storage option
5020bcc is described below

commit 5020bcc747ebd5fc877012ced9d3dcb5b7b4d81f
Author: Lukasz Lenart 
AuthorDate: Sat Nov 28 10:55:39 2020 +0100

WW-4929 Adds a note about session and cookie storage option
---
 source/core-developers/i18n-interceptor.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source/core-developers/i18n-interceptor.md 
b/source/core-developers/i18n-interceptor.md
index a9585a2..5902472 100644
--- a/source/core-developers/i18n-interceptor.md
+++ b/source/core-developers/i18n-interceptor.md
@@ -36,7 +36,8 @@ US English is saved in the user's session and will be used 
for all future reques
by default this is `session`.
  - `supportedLocale` (optional) - a set of comma separated locale supported by 
the application, once `storage` is set
to `accept_language`, interceptor will try to match `supportedLocale` with 
locale provided in `Accept-Language` header.
-   (since Struts 2.6). 
+   Also in case of using `session` or `cookie`, interceptor will try to first 
match with `Accept-Language` header 
+   once `supportedLocale` has been defined. Since Struts 2.6. 
 
 ## Examples

[struts-site] branch asf-staging updated: Updates stage by Jenkins

2020-11-28 Thread git-site-role

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/asf-staging by this push:
 new f7a2e45  Updates stage by Jenkins
f7a2e45 is described below

commit f7a2e45cb4c4000dba199a28c86e20871f483bd3
Author: jenkins 
AuthorDate: Sat Nov 28 09:57:29 2020 +

Updates stage by Jenkins
---
 content/core-developers/i18n-interceptor.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/content/core-developers/i18n-interceptor.html 
b/content/core-developers/i18n-interceptor.html
index b1d81b3..53a1c7f 100644
--- a/content/core-developers/i18n-interceptor.html
+++ b/content/core-developers/i18n-interceptor.html
@@ -162,7 +162,8 @@ for the current request only, without saving it in the 
session. By default this
 by default this is session.
   supportedLocale (optional) - a 
set of comma separated locale supported by the application, once storage is set
 to accept_language, interceptor will 
try to match supportedLocale with locale 
provided in Accept-Language header.
-(since Struts 2.6).
+Also in case of using session or cookie, interceptor will try to first match 
with Accept-Language header 
+once supportedLocale has been defined. 
Since Struts 2.6.
 
 
 Examples

[struts] branch master updated (1bf0e12 -> 3949cd0)

[struts] 01/01: Merge pull request #451 from apache/WW-4929-support-accept-language

[struts-site] branch i18-sec created (now 4514ff8)

[struts-site] 01/01: WW-4929 Updates description about I18Interceptor with support for Accept-Language Updates Security Guide with notice about forced expression evaluation

[struts] branch master updated: WW-4929 Uses Accept-Language first, then fallbacks to Request

[struts] branch master updated: WW-4929 Uses Accept-Language first even with cookies, then fallbacks to Request

[struts-site] branch i18-sec updated: WW-4929 Adds a note about session and cookie storage option

[struts-site] branch asf-staging updated: Updates stage by Jenkins

8 matches

Site Navigation

Mail list logo

Footer information