(struts) branch master updated (292420822 -> 0ce2c7b5d)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts.git from 292420822 Merge pull request #1053 from apache/dependabot/maven/org.apache.maven.plugins-maven-site-plugin-3.20.0 add fda2c546b Bump org.owasp:dependency-check-maven from 10.0.3 to 10.0.4 add 0ce2c7b5d Merge pull request #1054 from apache/dependabot/maven/org.owasp-dependency-check-maven-10.0.4 No new revisions were added by this update. Summary of changes: pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
(struts) branch dependabot/maven/org.apache.maven.plugins-maven-site-plugin-3.20.0 deleted (was f03d36c46)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch dependabot/maven/org.apache.maven.plugins-maven-site-plugin-3.20.0 in repository https://gitbox.apache.org/repos/asf/struts.git was f03d36c46 Bump org.apache.maven.plugins:maven-site-plugin from 3.12.1 to 3.20.0 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch master updated (90f984ca8 -> 292420822)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts.git from 90f984ca8 Merge pull request #1050 from apache/dependabot/maven/org.awaitility-awaitility-4.2.2 add f03d36c46 Bump org.apache.maven.plugins:maven-site-plugin from 3.12.1 to 3.20.0 new 292420822 Merge pull request #1053 from apache/dependabot/maven/org.apache.maven.plugins-maven-site-plugin-3.20.0 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
(struts) 01/01: Merge pull request #1053 from apache/dependabot/maven/org.apache.maven.plugins-maven-site-plugin-3.20.0
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts.git commit 29242082289a6595cff0b4208e7a8ba3050a8c01 Merge: 90f984ca8 f03d36c46 Author: Lukasz Lenart AuthorDate: Mon Sep 23 19:23:29 2024 +0200 Merge pull request #1053 from apache/dependabot/maven/org.apache.maven.plugins-maven-site-plugin-3.20.0 Bump org.apache.maven.plugins:maven-site-plugin from 3.12.1 to 3.20.0 pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
(struts) branch dependabot/maven/org.owasp-dependency-check-maven-10.0.4 deleted (was fda2c546b)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch dependabot/maven/org.owasp-dependency-check-maven-10.0.4 in repository https://gitbox.apache.org/repos/asf/struts.git was fda2c546b Bump org.owasp:dependency-check-maven from 10.0.3 to 10.0.4 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch dependabot/github_actions/github/codeql-action-3.26.8 deleted (was 3c71b2ed8)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch dependabot/github_actions/github/codeql-action-3.26.8 in repository https://gitbox.apache.org/repos/asf/struts.git was 3c71b2ed8 Bump github/codeql-action from 3.26.6 to 3.26.8 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch master updated (0ce2c7b5d -> 40b439580)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts.git from 0ce2c7b5d Merge pull request #1054 from apache/dependabot/maven/org.owasp-dependency-check-maven-10.0.4 add d7626ed7d Bump org.codehaus.mojo:exec-maven-plugin from 3.3.0 to 3.4.1 add 40b439580 Merge pull request #1057 from apache/dependabot/maven/org.codehaus.mojo-exec-maven-plugin-3.4.1 No new revisions were added by this update. Summary of changes: plugins/tiles/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
(struts) branch dependabot/maven/org.codehaus.mojo-exec-maven-plugin-3.4.1 deleted (was d7626ed7d)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch dependabot/maven/org.codehaus.mojo-exec-maven-plugin-3.4.1 in repository https://gitbox.apache.org/repos/asf/struts.git was d7626ed7d Bump org.codehaus.mojo:exec-maven-plugin from 3.3.0 to 3.4.1 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch master updated (40b439580 -> 48c4e3b6a)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts.git from 40b439580 Merge pull request #1057 from apache/dependabot/maven/org.codehaus.mojo-exec-maven-plugin-3.4.1 add 3c71b2ed8 Bump github/codeql-action from 3.26.6 to 3.26.8 new 48c4e3b6a Merge pull request #1058 from apache/dependabot/github_actions/github/codeql-action-3.26.8 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecards-analysis.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)
(struts) 01/01: Merge pull request #1058 from apache/dependabot/github_actions/github/codeql-action-3.26.8
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts.git commit 48c4e3b6a0b8b5b410263f119bc2e35cbccb8e17 Merge: 40b439580 3c71b2ed8 Author: Lukasz Lenart AuthorDate: Mon Sep 23 19:25:25 2024 +0200 Merge pull request #1058 from apache/dependabot/github_actions/github/codeql-action-3.26.8 Bump github/codeql-action from 3.26.6 to 3.26.8 .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecards-analysis.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)
(struts) branch dependabot/maven/org.mockito-mockito-core-5.13.0 deleted (was 768b95a9a)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch dependabot/maven/org.mockito-mockito-core-5.13.0 in repository https://gitbox.apache.org/repos/asf/struts.git was 768b95a9a Bump org.mockito:mockito-core from 4.3.1 to 5.13.0 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) 01/01: WW-5368 Fixes checking nonce of invalidated session
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch fix/WW-5368-invalid-session
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 9b347f6b4e7115ec6f90b1896b08829e9364fb84
Author: Lukasz Lenart
AuthorDate: Mon Sep 23 19:56:43 2024 +0200
WW-5368 Fixes checking nonce of invalidated session
---
.../java/org/apache/struts2/components/UIBean.java | 8 +++-
.../org/apache/struts2/components/UIBeanTest.java | 43 +++---
2 files changed, 44 insertions(+), 7 deletions(-)
diff --git a/core/src/main/java/org/apache/struts2/components/UIBean.java
b/core/src/main/java/org/apache/struts2/components/UIBean.java
index 59d3713ed..c787fd100 100644
--- a/core/src/main/java/org/apache/struts2/components/UIBean.java
+++ b/core/src/main/java/org/apache/struts2/components/UIBean.java
@@ -40,6 +40,7 @@ import org.apache.struts2.views.util.ContextUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import java.io.Writer;
import java.util.HashMap;
import java.util.LinkedHashMap;
@@ -863,10 +864,13 @@ public abstract class UIBean extends Component {
}
// to be used with the CSP interceptor - adds the nonce value as a
parameter to be accessed from ftl files
-Map session = stack.getActionContext().getSession();
-Object nonceValue = session != null ? session.get("nonce") : null;
+HttpSession session =
stack.getActionContext().getServletRequest().getSession(false);
+Object nonceValue = session != null ? session.getAttribute("nonce") :
null;
+
if (nonceValue != null) {
addParameter("nonce", nonceValue.toString());
+} else {
+LOG.debug("Session is not active, cannot obtain nonce value");
}
evaluateExtraParams();
diff --git a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
index 690328942..1bff06889 100644
--- a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
+++ b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
@@ -25,12 +25,13 @@ import org.apache.struts2.StrutsInternalTestCase;
import org.apache.struts2.components.template.Template;
import org.apache.struts2.components.template.TemplateEngine;
import org.apache.struts2.components.template.TemplateEngineManager;
+import org.apache.struts2.dispatcher.SessionMap;
import org.apache.struts2.dispatcher.StaticContentLoader;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.mock.web.MockHttpSession;
import java.util.Collections;
-import java.util.HashMap;
import java.util.Map;
import static
com.opensymphony.xwork2.security.DefaultNotExcludedAcceptedPatternsCheckerTest.NO_EXCLUSION_ACCEPT_ALL_PATTERNS_CHECKER;
@@ -160,7 +161,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
try {
txtFld.mergeTemplate(null, new Template(null, null, null));
fail("Exception not thrown");
-} catch(final Exception e){
+} catch (final Exception e) {
assertTrue(e instanceof ConfigurationException);
}
}
@@ -225,6 +226,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
TextField txtFld = new TextField(stack, req, res);
txtFld.setAccesskey(accesskeyValue);
@@ -238,6 +240,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
TextField txtFld = new TextField(stack, req, res);
txtFld.addParameter("value", value);
@@ -250,11 +253,13 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
stack.push(new Object() {
public String getMyValue() {
return "%{myBad}";
}
+
public String getMyBad() {
throw new IllegalStateException("Recursion detected!");
}
@@ -273,11 +278,13 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack
(struts) branch fix/WW-5368-invalid-session created (now 9b347f6b4)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/WW-5368-invalid-session in repository https://gitbox.apache.org/repos/asf/struts.git at 9b347f6b4 WW-5368 Fixes checking nonce of invalidated session This branch includes the following new commits: new 9b347f6b4 WW-5368 Fixes checking nonce of invalidated session The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) branch fix/WW-5297-invalid-session created (now 2c98aec2d)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/WW-5297-invalid-session in repository https://gitbox.apache.org/repos/asf/struts.git at 2c98aec2d WW-5297 Fixes checking nonce of invalidated session This branch includes the following new commits: new 2c98aec2d WW-5297 Fixes checking nonce of invalidated session The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) 01/01: WW-5297 Fixes checking nonce of invalidated session
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch fix/WW-5297-invalid-session
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 2c98aec2d83730c312728d61d6fa08cefe8a
Author: Lukasz Lenart
AuthorDate: Mon Sep 23 19:58:06 2024 +0200
WW-5297 Fixes checking nonce of invalidated session
---
.../java/org/apache/struts2/components/UIBean.java | 8 +++-
.../org/apache/struts2/components/UIBeanTest.java | 43 +++---
2 files changed, 44 insertions(+), 7 deletions(-)
diff --git a/core/src/main/java/org/apache/struts2/components/UIBean.java
b/core/src/main/java/org/apache/struts2/components/UIBean.java
index 59d3713ed..c787fd100 100644
--- a/core/src/main/java/org/apache/struts2/components/UIBean.java
+++ b/core/src/main/java/org/apache/struts2/components/UIBean.java
@@ -40,6 +40,7 @@ import org.apache.struts2.views.util.ContextUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import java.io.Writer;
import java.util.HashMap;
import java.util.LinkedHashMap;
@@ -863,10 +864,13 @@ public abstract class UIBean extends Component {
}
// to be used with the CSP interceptor - adds the nonce value as a
parameter to be accessed from ftl files
-Map session = stack.getActionContext().getSession();
-Object nonceValue = session != null ? session.get("nonce") : null;
+HttpSession session =
stack.getActionContext().getServletRequest().getSession(false);
+Object nonceValue = session != null ? session.getAttribute("nonce") :
null;
+
if (nonceValue != null) {
addParameter("nonce", nonceValue.toString());
+} else {
+LOG.debug("Session is not active, cannot obtain nonce value");
}
evaluateExtraParams();
diff --git a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
index 690328942..1bff06889 100644
--- a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
+++ b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
@@ -25,12 +25,13 @@ import org.apache.struts2.StrutsInternalTestCase;
import org.apache.struts2.components.template.Template;
import org.apache.struts2.components.template.TemplateEngine;
import org.apache.struts2.components.template.TemplateEngineManager;
+import org.apache.struts2.dispatcher.SessionMap;
import org.apache.struts2.dispatcher.StaticContentLoader;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.mock.web.MockHttpSession;
import java.util.Collections;
-import java.util.HashMap;
import java.util.Map;
import static
com.opensymphony.xwork2.security.DefaultNotExcludedAcceptedPatternsCheckerTest.NO_EXCLUSION_ACCEPT_ALL_PATTERNS_CHECKER;
@@ -160,7 +161,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
try {
txtFld.mergeTemplate(null, new Template(null, null, null));
fail("Exception not thrown");
-} catch(final Exception e){
+} catch (final Exception e) {
assertTrue(e instanceof ConfigurationException);
}
}
@@ -225,6 +226,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
TextField txtFld = new TextField(stack, req, res);
txtFld.setAccesskey(accesskeyValue);
@@ -238,6 +240,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
TextField txtFld = new TextField(stack, req, res);
txtFld.addParameter("value", value);
@@ -250,11 +253,13 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
stack.push(new Object() {
public String getMyValue() {
return "%{myBad}";
}
+
public String getMyBad() {
throw new IllegalStateException("Recursion detected!");
}
@@ -273,11 +278,13 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack
(struts) branch fix/WW-5368-invalid-session deleted (was 9b347f6b4)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/WW-5368-invalid-session in repository https://gitbox.apache.org/repos/asf/struts.git was 9b347f6b4 WW-5368 Fixes checking nonce of invalidated session The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch fix/WW-5297-invalid-session updated (2c98aec2d -> b98e50680)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/WW-5297-invalid-session in repository https://gitbox.apache.org/repos/asf/struts.git discard 2c98aec2d WW-5297 Fixes checking nonce of invalidated session new b98e50680 WW-5297 Fixes checking nonce of invalidated session This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (2c98aec2d) \ N -- N -- N refs/heads/fix/WW-5297-invalid-session (b98e50680) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../apache/struts2/views/java/simple/AbstractTest.java | 11 +++ .../org/apache/struts2/views/java/simple/LinkTest.java | 18 +++--- .../apache/struts2/views/java/simple/ScriptTest.java | 5 - 3 files changed, 14 insertions(+), 20 deletions(-)
(struts) 01/01: WW-5297 Fixes checking nonce of invalidated session
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch fix/WW-5297-invalid-session
in repository https://gitbox.apache.org/repos/asf/struts.git
commit b98e50680d75cbab5a2c45237ae80780e0f5a652
Author: Lukasz Lenart
AuthorDate: Mon Sep 23 19:58:06 2024 +0200
WW-5297 Fixes checking nonce of invalidated session
---
.../java/org/apache/struts2/components/UIBean.java | 8 +++-
.../org/apache/struts2/components/UIBeanTest.java | 43 +++---
.../struts2/views/java/simple/AbstractTest.java| 11 ++
.../apache/struts2/views/java/simple/LinkTest.java | 18 ++---
.../struts2/views/java/simple/ScriptTest.java | 5 ---
5 files changed, 58 insertions(+), 27 deletions(-)
diff --git a/core/src/main/java/org/apache/struts2/components/UIBean.java
b/core/src/main/java/org/apache/struts2/components/UIBean.java
index 59d3713ed..c787fd100 100644
--- a/core/src/main/java/org/apache/struts2/components/UIBean.java
+++ b/core/src/main/java/org/apache/struts2/components/UIBean.java
@@ -40,6 +40,7 @@ import org.apache.struts2.views.util.ContextUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import java.io.Writer;
import java.util.HashMap;
import java.util.LinkedHashMap;
@@ -863,10 +864,13 @@ public abstract class UIBean extends Component {
}
// to be used with the CSP interceptor - adds the nonce value as a
parameter to be accessed from ftl files
-Map session = stack.getActionContext().getSession();
-Object nonceValue = session != null ? session.get("nonce") : null;
+HttpSession session =
stack.getActionContext().getServletRequest().getSession(false);
+Object nonceValue = session != null ? session.getAttribute("nonce") :
null;
+
if (nonceValue != null) {
addParameter("nonce", nonceValue.toString());
+} else {
+LOG.debug("Session is not active, cannot obtain nonce value");
}
evaluateExtraParams();
diff --git a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
index 690328942..1bff06889 100644
--- a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
+++ b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
@@ -25,12 +25,13 @@ import org.apache.struts2.StrutsInternalTestCase;
import org.apache.struts2.components.template.Template;
import org.apache.struts2.components.template.TemplateEngine;
import org.apache.struts2.components.template.TemplateEngineManager;
+import org.apache.struts2.dispatcher.SessionMap;
import org.apache.struts2.dispatcher.StaticContentLoader;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.mock.web.MockHttpSession;
import java.util.Collections;
-import java.util.HashMap;
import java.util.Map;
import static
com.opensymphony.xwork2.security.DefaultNotExcludedAcceptedPatternsCheckerTest.NO_EXCLUSION_ACCEPT_ALL_PATTERNS_CHECKER;
@@ -160,7 +161,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
try {
txtFld.mergeTemplate(null, new Template(null, null, null));
fail("Exception not thrown");
-} catch(final Exception e){
+} catch (final Exception e) {
assertTrue(e instanceof ConfigurationException);
}
}
@@ -225,6 +226,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
TextField txtFld = new TextField(stack, req, res);
txtFld.setAccesskey(accesskeyValue);
@@ -238,6 +240,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
TextField txtFld = new TextField(stack, req, res);
txtFld.addParameter("value", value);
@@ -250,11 +253,13 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
stack.push(new Object() {
public String getMyValue() {
return "%{myBad}";
}
+
public String getMyBad() {
(struts) 01/01: WW-5297 Fixes checking nonce of invalidated session
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch fix/WW-5297-invalid-session
in repository https://gitbox.apache.org/repos/asf/struts.git
commit a2800e3e9c14314514723c08af67bf1dbc322d5e
Author: Lukasz Lenart
AuthorDate: Mon Sep 23 19:58:06 2024 +0200
WW-5297 Fixes checking nonce of invalidated session
---
.../java/org/apache/struts2/components/UIBean.java | 8 +++-
.../org/apache/struts2/components/UIBeanTest.java | 43 +++---
.../struts2/views/java/simple/AbstractTest.java| 11 ++
.../apache/struts2/views/java/simple/HeadTest.java | 2 +-
.../apache/struts2/views/java/simple/LinkTest.java | 18 ++---
.../struts2/views/java/simple/ScriptTest.java | 5 ---
6 files changed, 59 insertions(+), 28 deletions(-)
diff --git a/core/src/main/java/org/apache/struts2/components/UIBean.java
b/core/src/main/java/org/apache/struts2/components/UIBean.java
index 59d3713ed..c787fd100 100644
--- a/core/src/main/java/org/apache/struts2/components/UIBean.java
+++ b/core/src/main/java/org/apache/struts2/components/UIBean.java
@@ -40,6 +40,7 @@ import org.apache.struts2.views.util.ContextUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import java.io.Writer;
import java.util.HashMap;
import java.util.LinkedHashMap;
@@ -863,10 +864,13 @@ public abstract class UIBean extends Component {
}
// to be used with the CSP interceptor - adds the nonce value as a
parameter to be accessed from ftl files
-Map session = stack.getActionContext().getSession();
-Object nonceValue = session != null ? session.get("nonce") : null;
+HttpSession session =
stack.getActionContext().getServletRequest().getSession(false);
+Object nonceValue = session != null ? session.getAttribute("nonce") :
null;
+
if (nonceValue != null) {
addParameter("nonce", nonceValue.toString());
+} else {
+LOG.debug("Session is not active, cannot obtain nonce value");
}
evaluateExtraParams();
diff --git a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
index 690328942..1bff06889 100644
--- a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
+++ b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
@@ -25,12 +25,13 @@ import org.apache.struts2.StrutsInternalTestCase;
import org.apache.struts2.components.template.Template;
import org.apache.struts2.components.template.TemplateEngine;
import org.apache.struts2.components.template.TemplateEngineManager;
+import org.apache.struts2.dispatcher.SessionMap;
import org.apache.struts2.dispatcher.StaticContentLoader;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.mock.web.MockHttpSession;
import java.util.Collections;
-import java.util.HashMap;
import java.util.Map;
import static
com.opensymphony.xwork2.security.DefaultNotExcludedAcceptedPatternsCheckerTest.NO_EXCLUSION_ACCEPT_ALL_PATTERNS_CHECKER;
@@ -160,7 +161,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
try {
txtFld.mergeTemplate(null, new Template(null, null, null));
fail("Exception not thrown");
-} catch(final Exception e){
+} catch (final Exception e) {
assertTrue(e instanceof ConfigurationException);
}
}
@@ -225,6 +226,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
TextField txtFld = new TextField(stack, req, res);
txtFld.setAccesskey(accesskeyValue);
@@ -238,6 +240,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
TextField txtFld = new TextField(stack, req, res);
txtFld.addParameter("value", value);
@@ -250,11 +253,13 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
stack.push(new Object() {
public String getMyValue() {
return "%{myBad}
(struts) branch fix/WW-5297-invalid-session updated (b98e50680 -> a2800e3e9)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/WW-5297-invalid-session in repository https://gitbox.apache.org/repos/asf/struts.git discard b98e50680 WW-5297 Fixes checking nonce of invalidated session new a2800e3e9 WW-5297 Fixes checking nonce of invalidated session This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (b98e50680) \ N -- N -- N refs/heads/fix/WW-5297-invalid-session (a2800e3e9) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../src/test/java/org/apache/struts2/views/java/simple/HeadTest.java| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
(struts) 01/01: WW-5297 Fixes checking nonce of invalidated session
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch fix/WW-5297-invalid-session
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 0bd4266d2f263e235d091613e283590a092bbe5f
Author: Lukasz Lenart
AuthorDate: Mon Sep 23 19:58:06 2024 +0200
WW-5297 Fixes checking nonce of invalidated session
---
.../java/org/apache/struts2/components/UIBean.java | 8 +++-
.../org/apache/struts2/components/UIBeanTest.java | 43 +++---
.../struts2/views/java/simple/AbstractTest.java| 11 ++
.../apache/struts2/views/java/simple/HeadTest.java | 2 +-
.../apache/struts2/views/java/simple/LinkTest.java | 18 ++---
.../struts2/views/java/simple/ScriptTest.java | 12 --
6 files changed, 59 insertions(+), 35 deletions(-)
diff --git a/core/src/main/java/org/apache/struts2/components/UIBean.java
b/core/src/main/java/org/apache/struts2/components/UIBean.java
index 59d3713ed..c787fd100 100644
--- a/core/src/main/java/org/apache/struts2/components/UIBean.java
+++ b/core/src/main/java/org/apache/struts2/components/UIBean.java
@@ -40,6 +40,7 @@ import org.apache.struts2.views.util.ContextUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import java.io.Writer;
import java.util.HashMap;
import java.util.LinkedHashMap;
@@ -863,10 +864,13 @@ public abstract class UIBean extends Component {
}
// to be used with the CSP interceptor - adds the nonce value as a
parameter to be accessed from ftl files
-Map session = stack.getActionContext().getSession();
-Object nonceValue = session != null ? session.get("nonce") : null;
+HttpSession session =
stack.getActionContext().getServletRequest().getSession(false);
+Object nonceValue = session != null ? session.getAttribute("nonce") :
null;
+
if (nonceValue != null) {
addParameter("nonce", nonceValue.toString());
+} else {
+LOG.debug("Session is not active, cannot obtain nonce value");
}
evaluateExtraParams();
diff --git a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
index 690328942..1bff06889 100644
--- a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
+++ b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
@@ -25,12 +25,13 @@ import org.apache.struts2.StrutsInternalTestCase;
import org.apache.struts2.components.template.Template;
import org.apache.struts2.components.template.TemplateEngine;
import org.apache.struts2.components.template.TemplateEngineManager;
+import org.apache.struts2.dispatcher.SessionMap;
import org.apache.struts2.dispatcher.StaticContentLoader;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.mock.web.MockHttpSession;
import java.util.Collections;
-import java.util.HashMap;
import java.util.Map;
import static
com.opensymphony.xwork2.security.DefaultNotExcludedAcceptedPatternsCheckerTest.NO_EXCLUSION_ACCEPT_ALL_PATTERNS_CHECKER;
@@ -160,7 +161,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
try {
txtFld.mergeTemplate(null, new Template(null, null, null));
fail("Exception not thrown");
-} catch(final Exception e){
+} catch (final Exception e) {
assertTrue(e instanceof ConfigurationException);
}
}
@@ -225,6 +226,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
TextField txtFld = new TextField(stack, req, res);
txtFld.setAccesskey(accesskeyValue);
@@ -238,6 +240,7 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
TextField txtFld = new TextField(stack, req, res);
txtFld.addParameter("value", value);
@@ -250,11 +253,13 @@ public class UIBeanTest extends StrutsInternalTestCase {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
+ActionContext.getContext().withServletRequest(req);
stack.push(new Object() {
public String getMyValue() {
return "%{myB
(struts) branch fix/WW-5297-invalid-session updated (a2800e3e9 -> 0bd4266d2)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/WW-5297-invalid-session in repository https://gitbox.apache.org/repos/asf/struts.git discard a2800e3e9 WW-5297 Fixes checking nonce of invalidated session new 0bd4266d2 WW-5297 Fixes checking nonce of invalidated session This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (a2800e3e9) \ N -- N -- N refs/heads/fix/WW-5297-invalid-session (0bd4266d2) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../test/java/org/apache/struts2/views/java/simple/ScriptTest.java | 7 --- 1 file changed, 7 deletions(-)
