struts-site git commit: add Aleksandr to PMC
Repository: struts-site Updated Branches: refs/heads/master bcf478d46 -> 4537281ef add Aleksandr to PMC Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/4537281e Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/4537281e Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/4537281e Branch: refs/heads/master Commit: 4537281ef566ff9478d7270969d321a01ac9ccb2 Parents: bcf478d Author: Rene Gielen Authored: Sat Aug 13 13:12:27 2016 +0200 Committer: Rene Gielen Committed: Sat Aug 13 13:12:27 2016 +0200 -- source/volunteers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/struts-site/blob/4537281e/source/volunteers.md -- diff --git a/source/volunteers.md b/source/volunteers.md index 5efb199..f4ce32f 100644 --- a/source/volunteers.md +++ b/source/volunteers.md @@ -32,6 +32,7 @@ or committee member. - Christian Grobmeier (grobmeier at apache.org) - Christoph Nenning (cnenning at apache.org) - Greg Huber (ghuber at apache.org) +- Aleksandr Mashchenko (amashchenko at apache.org) ## Committers @@ -47,7 +48,6 @@ Other committers are listed in the chronological order, according to the date ea - Mathias Bogaert (pathos at apache.org) - John Lindal (jafl at apache.org) - Bruce A. Phillips (bphillips at apache.org) -- Aleksandr Mashchenko (amashchenko at apache.org) ## Emeritus Volunteers
svn commit: r995050 - /websites/production/struts/content/volunteers.html
Author: rgielen Date: Sat Aug 13 11:14:01 2016 New Revision: 995050 Log: add Aleksandr Mashchenko to PMC Modified: websites/production/struts/content/volunteers.html Modified: websites/production/struts/content/volunteers.html == --- websites/production/struts/content/volunteers.html (original) +++ websites/production/struts/content/volunteers.html Sat Aug 13 11:14:01 2016 @@ -1,264 +1,264 @@ - - - - - - - Volunteers - - - - - - - - - + + + + + + +Volunteers + + + + + + + + + http://github.com/apache/struts"; class="github-ribbon"> - https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa.png"; alt="Fork me on GitHub"> +https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa.png"; alt="Fork me on GitHub"> - - - - - -Menu -Toggle navigation - - - - - + + + + + +Menu +Toggle navigation + + + + + + + + + + +Home + + +Welcome +Downloads +Announcements +http://www.apache.org/licenses/";>License +http://apache.org/foundation/thanks.html";>Thanks! +http://apache.org/foundation/sponsorship.html";>Sponsorship + + + + +Support + + +User Mailing List +https://issues.apache.org/jira/browse/WW";>Issue Tracker +Reporting Security Issues + +Project info +Struts Core dependencies +Plugin dependencies + + + + +Documentation + + +Birds Eye +Key Technologies +Kickstart FAQ +https://cwiki.apache.org/confluence/display/WW/Home";>Wiki + +Getting started +Tutorials +FAQs +Guides + +Struts Core API +Plugin APIs +Tag reference +http://cwiki.apache.org/S2PLUGINS/home.html";>Plugin registry + + + + +Contributing + + +You at Struts +How to Help FAQ +Development Lists + +Submitting patches +Source Code +Coding standards + +Release Guidelines +PMC Charter +Volunteers +https://git-wip-us.apache.org/repos/asf?p=struts.git";>Source Repository + + +http://www.apache.org/";> + + + - - - - -Home - - -Welcome -Downloads -Announcements -http://www.apache.org/licenses/";>License -http://apache.org/foundation/thanks.html";>Thanks! -http://apa
struts-site git commit: add Stefaan Dutry to committer list
Repository: struts-site Updated Branches: refs/heads/master 9ee1e1275 -> 8a4586a46 add Stefaan Dutry to committer list Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/8a4586a4 Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/8a4586a4 Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/8a4586a4 Branch: refs/heads/master Commit: 8a4586a46bbd891ca8e64ed0440bd5c0f7c51207 Parents: 9ee1e12 Author: René Gielen Authored: Mon Jan 30 22:22:08 2017 +0100 Committer: René Gielen Committed: Mon Jan 30 22:22:08 2017 +0100 -- source/volunteers.md | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/struts-site/blob/8a4586a4/source/volunteers.md -- diff --git a/source/volunteers.md b/source/volunteers.md index f4ce32f..a30b4ee 100644 --- a/source/volunteers.md +++ b/source/volunteers.md @@ -48,6 +48,7 @@ Other committers are listed in the chronological order, according to the date ea - Mathias Bogaert (pathos at apache.org) - John Lindal (jafl at apache.org) - Bruce A. Phillips (bphillips at apache.org) +- Stefaan Dutry (sdutry at apache.org) ## Emeritus Volunteers
svn commit: r1005935 - /websites/production/struts/content/volunteers.html
Author: rgielen Date: Mon Jan 30 21:25:27 2017 New Revision: 1005935 Log: add Stefaan Dutry to committer list Modified: websites/production/struts/content/volunteers.html Modified: websites/production/struts/content/volunteers.html == --- websites/production/struts/content/volunteers.html (original) +++ websites/production/struts/content/volunteers.html Mon Jan 30 21:25:27 2017 @@ -166,6 +166,7 @@ or committee member. Mathias Bogaert (pathos at apache.org) John Lindal (jafl at apache.org) Bruce A. Phillips (bphillips at apache.org) + Stefaan Dutry (sdutry at apache.org) Emeritus Volunteers
struts-extras git commit: be more explicit in the README regarding Maven coordinates and direct download
Repository: struts-extras Updated Branches: refs/heads/master 05892506e -> f7be30754 be more explicit in the README regarding Maven coordinates and direct download To help users with less development experience, provide a concrete version in the Maven dependecy snippet (which is unlikely to change anyway...) and provide a direct donwload link to the Jar in Maven Central, to help drop-in fixing. Project: http://git-wip-us.apache.org/repos/asf/struts-extras/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-extras/commit/f7be3075 Tree: http://git-wip-us.apache.org/repos/asf/struts-extras/tree/f7be3075 Diff: http://git-wip-us.apache.org/repos/asf/struts-extras/diff/f7be3075 Branch: refs/heads/master Commit: f7be30754f3ac98b3a63506d8bba4db880f633de Parents: 0589250 Author: Rene Gielen Authored: Tue Mar 21 10:35:31 2017 +0100 Committer: Rene Gielen Committed: Tue Mar 21 10:35:31 2017 +0100 -- struts2-secure-jakarta-multipart-parser-plugin/README.md| 4 +++- struts2-secure-jakarta-stream-multipart-parser-plugin/README.md | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts-extras/blob/f7be3075/struts2-secure-jakarta-multipart-parser-plugin/README.md -- diff --git a/struts2-secure-jakarta-multipart-parser-plugin/README.md b/struts2-secure-jakarta-multipart-parser-plugin/README.md index caea826..5a14278 100644 --- a/struts2-secure-jakarta-multipart-parser-plugin/README.md +++ b/struts2-secure-jakarta-multipart-parser-plugin/README.md @@ -24,10 +24,12 @@ If you are using Maven to build your project, please add the following dependenc org.apache.struts struts2-secure-jakarta-multipart-parser-plugin -[VERSION] +1.0 ``` +If you are not building with Maven or you simply need the Jar to drop it into an existing Struts 2 based application deployment, you can [download it directly from Maven Central](http://search.maven.org/remotecontent?filepath=org/apache/struts/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar). + ## Remarks Please be aware that this is just a temporary solution, you should consider migration to the latest version anyway. http://git-wip-us.apache.org/repos/asf/struts-extras/blob/f7be3075/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md -- diff --git a/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md b/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md index b6eabca..3e52efd 100644 --- a/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md +++ b/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md @@ -24,10 +24,12 @@ If you are using Maven to build your project, please add the following dependenc org.apache.struts struts2-secure-jakarta-stream-multipart-parser-plugin -[VERSION] +1.0 ``` +If you are not building with Maven or you simply need the Jar to drop it into an existing Struts 2 based application deployment, you can [download it directly from Maven Central](http://search.maven.org/remotecontent?filepath=org/apache/struts/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar). + ## Remarks Please be aware that this is just a temporary solution, you should consider migration to the latest version anyway.
struts-extras git commit: point direct download link to newly released version 1.1
Repository: struts-extras Updated Branches: refs/heads/master 36c535e71 -> 8e1aadda4 point direct download link to newly released version 1.1 Project: http://git-wip-us.apache.org/repos/asf/struts-extras/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-extras/commit/8e1aadda Tree: http://git-wip-us.apache.org/repos/asf/struts-extras/tree/8e1aadda Diff: http://git-wip-us.apache.org/repos/asf/struts-extras/diff/8e1aadda Branch: refs/heads/master Commit: 8e1aadda494b6e273076d2f09ba16dd3b5be3f7b Parents: 36c535e Author: Rene Gielen Authored: Thu Mar 23 11:28:00 2017 +0100 Committer: Rene Gielen Committed: Thu Mar 23 11:28:00 2017 +0100 -- struts2-secure-jakarta-multipart-parser-plugin/README.md| 2 +- struts2-secure-jakarta-stream-multipart-parser-plugin/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts-extras/blob/8e1aadda/struts2-secure-jakarta-multipart-parser-plugin/README.md -- diff --git a/struts2-secure-jakarta-multipart-parser-plugin/README.md b/struts2-secure-jakarta-multipart-parser-plugin/README.md index d4c207c..0676d3d 100644 --- a/struts2-secure-jakarta-multipart-parser-plugin/README.md +++ b/struts2-secure-jakarta-multipart-parser-plugin/README.md @@ -50,7 +50,7 @@ If you are using Maven to build your project, please add the following dependenc ``` If you are not building with Maven or you simply need the Jar to drop it into an existing Struts 2 based application deployment, -you can [download it directly from Maven Central](http://search.maven.org/remotecontent?filepath=org/apache/struts/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar). +you can [download it directly from Maven Central](http://search.maven.org/remotecontent?filepath=org/apache/struts/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1.jar). ## Remarks http://git-wip-us.apache.org/repos/asf/struts-extras/blob/8e1aadda/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md -- diff --git a/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md b/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md index fe45dcb..984ba6d 100644 --- a/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md +++ b/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md @@ -50,7 +50,7 @@ If you are using Maven to build your project, please add the following dependenc ``` If you are not building with Maven or you simply need the Jar to drop it into an existing Struts 2 based application deployment, -you can [download it directly from Maven Central](http://search.maven.org/remotecontent?filepath=org/apache/struts/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar). +you can [download it directly from Maven Central](http://search.maven.org/remotecontent?filepath=org/apache/struts/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1.jar). ## Remarks
[struts-site] 01/02: update PMC and committer info
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git commit 1e734b4feb7e0103faeed2eebf37138323dd1319 Author: Rene Gielen AuthorDate: Wed Nov 15 23:50:34 2017 +0100 update PMC and committer info --- source/volunteers.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source/volunteers.md b/source/volunteers.md index 734084c..eb74917 100644 --- a/source/volunteers.md +++ b/source/volunteers.md @@ -37,6 +37,7 @@ or committee member. - Christoph Nenning (cnenning at apache.org) - Greg Huber (ghuber at apache.org) - Aleksandr Mashchenko (amashchenko at apache.org) +- Stefaan Dutry (sdutry at apache.org) ## Committers @@ -52,7 +53,7 @@ Other committers are listed in the chronological order, according to the date ea - Mathias Bogaert (pathos at apache.org) - John Lindal (jafl at apache.org) - Bruce A. Phillips (bphillips at apache.org) -- Stefaan Dutry (sdutry at apache.org) +- Yasser Zamani (yasserzamani at apache.org) ## Emeritus Volunteers -- To stop receiving notification emails like this one, please contact "commits@struts.apache.org" .
[struts-site] branch master updated (5b91cd9 -> f8e301c)
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git. from 5b91cd9 WW-4888 Documents escaping possibilities of text-tag new 1e734b4 update PMC and committer info new f8e301c make not yet migrated confluence pages available in navigation The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: source/_includes/header.html | 5 + source/volunteers.md | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) -- To stop receiving notification emails like this one, please contact ['"commits@struts.apache.org" '].
[struts-site] 02/02: make not yet migrated confluence pages available in navigation
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git commit f8e301c546d25e208dd5e9732c6b94146a9e58c1 Author: Rene Gielen AuthorDate: Wed Nov 15 23:51:34 2017 +0100 make not yet migrated confluence pages available in navigation --- source/_includes/header.html | 5 + 1 file changed, 5 insertions(+) diff --git a/source/_includes/header.html b/source/_includes/header.html index 54ebed2..2a0e2b9 100644 --- a/source/_includes/header.html +++ b/source/_includes/header.html @@ -40,6 +40,9 @@ https://issues.apache.org/jira/browse/WW";>Issue Tracker Reporting Security Issues +https://cwiki.apache.org/confluence/display/WW/Migration+Guide";>Version Notes +https://cwiki.apache.org/confluence/display/WW/Security+Bulletins";>Security Bulletins + Project info Struts Core dependencies Plugin dependencies @@ -63,6 +66,7 @@ Plugins Struts Core API Tag reference +https://cwiki.apache.org/confluence/display/WW/FAQs";>FAQs http://cwiki.apache.org/S2PLUGINS/home.html";>Plugin registry @@ -78,6 +82,7 @@ Submitting patches Source Code Coding standards +https://cwiki.apache.org/confluence/display/WW/Contributors+Guide";>Contributors Guide Release Guidelines PMC Charter -- To stop receiving notification emails like this one, please contact "commits@struts.apache.org" .
[struts-site] branch master updated: update PMC info to include Yasser as new member
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new 11dab78 update PMC info to include Yasser as new member 11dab78 is described below commit 11dab783461d772b017c7e1fd90c53b32cf65786 Author: René Gielen AuthorDate: Tue Jun 12 22:53:17 2018 +0200 update PMC info to include Yasser as new member --- source/volunteers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/volunteers.md b/source/volunteers.md index eb74917..b85e05c 100644 --- a/source/volunteers.md +++ b/source/volunteers.md @@ -38,6 +38,7 @@ or committee member. - Greg Huber (ghuber at apache.org) - Aleksandr Mashchenko (amashchenko at apache.org) - Stefaan Dutry (sdutry at apache.org) +- Yasser Zamani (yasserzamani at apache.org) ## Committers @@ -53,7 +54,6 @@ Other committers are listed in the chronological order, according to the date ea - Mathias Bogaert (pathos at apache.org) - John Lindal (jafl at apache.org) - Bruce A. Phillips (bphillips at apache.org) -- Yasser Zamani (yasserzamani at apache.org) ## Emeritus Volunteers -- To stop receiving notification emails like this one, please contact rgie...@apache.org.
[struts-site] branch master updated: establish https rewrite as recommended by Niklas Hedman
This is an automated email from the ASF dual-hosted git repository.
rgielen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/master by this push:
new b2831f4 establish https rewrite as recommended by Niklas Hedman
b2831f4 is described below
commit b2831f4a10d6311800185550d0d8043558ff950d
Author: Rene Gielen
AuthorDate: Wed Sep 12 10:16:46 2018 +0200
establish https rewrite as recommended by Niklas Hedman
---
source/.htaccess | 4
1 file changed, 4 insertions(+)
diff --git a/source/.htaccess b/source/.htaccess
index 9e224da..1be2f2e 100644
--- a/source/.htaccess
+++ b/source/.htaccess
@@ -1,6 +1,10 @@
# This file is maintained at
https://gitbox.apache.org/repos/asf?p=struts-site.git
DirectoryIndex index.html
+RewriteEngine On
+RewriteCond %{HTTPS} !=on
+RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+
RedirectMatch \/docs\/version\-notes\-25([0-9]{1,2})+\.html
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.$1
RedirectMatch \/docs\/version\-notes\-23([0-9]{1,2})+\.html
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.$1
RedirectMatch \/docs\/version\-notes\-22([0-9]{1,2})+\.html
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.2.$1
[struts-site] branch master updated: Update site for S2-058
This is an automated email from the ASF dual-hosted git repository.
rgielen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/master by this push:
new 7f8994e Update site for S2-058
7f8994e is described below
commit 7f8994e6f1f4993bbe63bc32a055cac91342ece0
Author: Rene Gielen
AuthorDate: Thu Aug 15 09:51:43 2019 +0200
Update site for S2-058
---
source/announce.md | 19 +++
source/index.html | 8
2 files changed, 27 insertions(+)
diff --git a/source/announce.md b/source/announce.md
index 66f8957..c23fa36 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -13,6 +13,25 @@ title: Announcements 2019
Skip to: Announcements - 2018
+ 15 August 2019 - Security Advice: Announcing corrected affected version
ranges in historic Apache Struts security bulletins and CVE entries {#a20190815}
+
+The Apache Struts Security team would like to announce that a number of
historic [Struts Security
Bulletins](https://cwiki.apache.org/confluence/display/WW/Security+Bulletin)
and related CVE database entries contained incorrect affected release version
ranges.
+
+The issue was reported by Christopher Fearon and the Black Duck Research Team
within the Synopsys Cybersecurity Research Center. The reporting entity
conducted thorough investigations on this matter, leading to a report to the
Apache Struts Security Team. The Apache Struts Security Team worked with the
reporters to cross-check said issues and map them to affected Apache Struts
General Availability (GA) releases.
+
+This effort led to the issue of Struts Security Bulletin S2-058, referencing
15 historic Struts Security Bulletins and [respective CVE
entries](https://github.com/CVEProject/cvelist/pull/2423/files) that have been
updated to reflect corrections in affected GA version ranges as well as minimum
GA versions to contain appropriate fixes for the issues at hand.
+
+The full Security Bulletin can be found here:
+
+[Apache Struts Security Buletin
S2-058](https://cwiki.apache.org/confluence/display/WW/S2-058)
+
+The Struts Security Team stresses that while the reporters reference more
affected issues and resulting affected version ranges, the Struts Security
Bulletins only cover GA versions designated for production use. This led to
less corrected Security Bulletins and CVE entries compared to the number of
covered issues in the original report.
+
+It is very important to understand that while the individual listed bulletins
contain updated minimum fix versions, it is strongly recommended to update to
the version recommended by the latest Security Bulletin, which is
[S2-057](https://cwiki.apache.org/confluence/display/WW/S2-057) by the time of
this announcement. Following this advice, the recommended minimum Struts
versions to operate in production are Struts 2.3.35 or Struts 2.5.17.
+
+The Apache Struts Security Team would like to thank the reporters for their
efforts and their practice of responsible disclosure, as well as their help
while investigating the report and coordinating public disclosure.
+
+
14 January 2019 - Struts 2.5.20 General Availability {#a20190114}
The Apache Struts group is pleased to announce that Struts 2.5.20 is available
as a "General Availability"
diff --git a/source/index.html b/source/index.html
index 6084881..46636c3 100644
--- a/source/index.html
+++ b/source/index.html
@@ -66,6 +66,14 @@ title: Welcome to the Apache Struts project
+Security Advice S2-058 released
+
+A number of historic Struts Security Bulletins and related CVE
database entries contained incorrect affected release version ranges.
+Read more in
+ Announcement
+
+
+
[struts-site] branch master updated: Correct link to Spring Security - WW-5059
This is an automated email from the ASF dual-hosted git repository.
rgielen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/master by this push:
new 02a1379 Correct link to Spring Security - WW-5059
02a1379 is described below
commit 02a1379788fb08cba89e1ebd43159d65b5fedbe4
Author: René Gielen
AuthorDate: Sat Apr 11 11:07:14 2020 +0200
Correct link to Spring Security - WW-5059
Fixes WW-5059
Thanks to Patrick McEvoy for pointing this out.
---
source/primer.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source/primer.md b/source/primer.md
index a9f9252..6867f07 100644
--- a/source/primer.md
+++ b/source/primer.md
@@ -245,7 +245,7 @@ It can also be used to restrict authentication based on
information in a databas
For more about security, you should read the
[Java EE tutorial](http://docs.oracle.com/javaee/6/tutorial/doc/gijrp.html).
Other projects, like [Apache Shiro](http://shiro.apache.org/) or
-[Spring Security](http://www.springframework.org/spring-security/) might also
help
+[Spring Security](https://spring.io/projects/spring-security/) might also help
you to secure your web application.
### JavaServer Pages, JSP Tag Libraries, and JavaServer Faces {#jsp}
[struts-site] branch updating-website updated (3418fd9 -> b3c4485)
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a change to branch updating-website in repository https://gitbox.apache.org/repos/asf/struts-site.git. from 3418fd9 Fixes md formatting add b3c4485 Refer to update website documentation in README No new revisions were added by this update. Summary of changes: .project | 17 + .settings/org.eclipse.core.resources.prefs | 2 ++ .settings/org.eclipse.m2e.core.prefs | 4 README.md | 4 +++- 4 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 .project create mode 100644 .settings/org.eclipse.core.resources.prefs create mode 100644 .settings/org.eclipse.m2e.core.prefs
[struts-site] branch master updated (02a1379 -> 215bacb)
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git. from 02a1379 Correct link to Spring Security - WW-5059 new 1865c13 Adds HOWTO update the website new 73090c5 Adds info about buildbot new 9e5caff Fixes md formatting new 215bacb Refer to update website documentation in README The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .project | 17 .settings/org.eclipse.core.resources.prefs | 2 ++ .settings/org.eclipse.m2e.core.prefs | 4 +++ README.md | 4 ++- source/_includes/header.html | 1 + source/updating-website.md | 43 ++ 6 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 .project create mode 100644 .settings/org.eclipse.core.resources.prefs create mode 100644 .settings/org.eclipse.m2e.core.prefs create mode 100644 source/updating-website.md
[struts-site] 02/04: Adds info about buildbot
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git commit 73090c50ee7e9e6816398499d922d97ee3a6775b Author: Lukasz Lenart AuthorDate: Sat Apr 11 19:03:18 2020 +0200 Adds info about buildbot --- source/updating-website.md | 5 + 1 file changed, 5 insertions(+) diff --git a/source/updating-website.md b/source/updating-website.md index f69f4d6..620714f 100644 --- a/source/updating-website.md +++ b/source/updating-website.md @@ -22,6 +22,11 @@ We are using Jekyll and mix of Markdown pages with raw Html pages, where Markdow > WARN: do not manually change the `asf-site` or `ast-staging` branches, they > will be automatically updated > by CI server. +The whole build of the website is orchestrated by [.asf.yaml](http://s.apache.org/asfyaml), please refer to the docs +for more details. The main build of the website is performed by [a buildbot job](https://ci2.apache.org/#/builders/7), +the staging site is build and deployed by [a Jenkins job](https://builds.apache.org/view/S-Z/view/Struts/job/Struts-staged-site/) +- buildbot doesn't support staging site deployment yet. + ## Applying a change If you are a contributor, and the change is small you can push it directly to the `master` branch. In any other case
[struts-site] 03/04: Fixes md formatting
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git commit 9e5caffa4b3e8e5768c594588cb6cd14a05c2c44 Author: Lukasz Lenart AuthorDate: Sat Apr 11 19:05:42 2020 +0200 Fixes md formatting --- source/updating-website.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source/updating-website.md b/source/updating-website.md index 620714f..d782c79 100644 --- a/source/updating-website.md +++ b/source/updating-website.md @@ -20,12 +20,12 @@ also any Pull Request should be opened against this branch as well. We are using Jekyll and mix of Markdown pages with raw Html pages, where Markdown is a preferred option. > WARN: do not manually change the `asf-site` or `ast-staging` branches, they > will be automatically updated -> by CI server. +> by a CI server. The whole build of the website is orchestrated by [.asf.yaml](http://s.apache.org/asfyaml), please refer to the docs for more details. The main build of the website is performed by [a buildbot job](https://ci2.apache.org/#/builders/7), -the staging site is build and deployed by [a Jenkins job](https://builds.apache.org/view/S-Z/view/Struts/job/Struts-staged-site/) -- buildbot doesn't support staging site deployment yet. +the staging site is build and deployed by +[a Jenkins job](https://builds.apache.org/view/S-Z/view/Struts/job/Struts-staged-site/) - buildbot doesn't support staging site deployment yet. ## Applying a change
[struts-site] 04/04: Refer to update website documentation in README
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git commit 215bacb8d7eae334560863e75acbacbab8b9521f Author: Rene Gielen AuthorDate: Mon Apr 13 09:56:34 2020 +0200 Refer to update website documentation in README --- .project | 17 + .settings/org.eclipse.core.resources.prefs | 2 ++ .settings/org.eclipse.m2e.core.prefs | 4 README.md | 4 +++- 4 files changed, 26 insertions(+), 1 deletion(-) diff --git a/.project b/.project new file mode 100644 index 000..7487c85 --- /dev/null +++ b/.project @@ -0,0 +1,17 @@ + + + struts2-site + + + + + + org.eclipse.m2e.core.maven2Builder + + + + + + org.eclipse.m2e.core.maven2Nature + + diff --git a/.settings/org.eclipse.core.resources.prefs b/.settings/org.eclipse.core.resources.prefs new file mode 100644 index 000..99f26c0 --- /dev/null +++ b/.settings/org.eclipse.core.resources.prefs @@ -0,0 +1,2 @@ +eclipse.preferences.version=1 +encoding/=UTF-8 diff --git a/.settings/org.eclipse.m2e.core.prefs b/.settings/org.eclipse.m2e.core.prefs new file mode 100644 index 000..f897a7f --- /dev/null +++ b/.settings/org.eclipse.m2e.core.prefs @@ -0,0 +1,4 @@ +activeProfiles= +eclipse.preferences.version=1 +resolveWorkspaceProjects=true +version=1 diff --git a/README.md b/README.md index c57179e..70cf0da 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ +# Apache Struts Website + This project is used to update the main Apache Struts website http://struts.apache.org/ -Changes are [automatically](https://builds.apache.org/view/S-Z/view/Struts/job/Struts-site/) pushed online. +See the [update website documentation](source/updating-website.md) on how to push changes online. However as ASF is using aggressive caching, for a while one still may need to forcely reload the page (CMD+R or Shift+F5) after changes. Site is generated by Jekyll and uses pure html either markdown format.
[struts-site] 01/04: Adds HOWTO update the website
This is an automated email from the ASF dual-hosted git repository.
rgielen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit 1865c13bea57c6f26c464869dfbc27bbffa0ebfd
Author: Lukasz Lenart
AuthorDate: Sat Apr 11 18:56:09 2020 +0200
Adds HOWTO update the website
---
source/_includes/header.html | 1 +
source/updating-website.md | 38 ++
2 files changed, 39 insertions(+)
diff --git a/source/_includes/header.html b/source/_includes/header.html
index 39e6bdf..53cb691 100644
--- a/source/_includes/header.html
+++ b/source/_includes/header.html
@@ -89,6 +89,7 @@
PMC Charter
Volunteers
https://gitbox.apache.org/repos/asf?p=struts.git";>Source
Repository
+Updating the
website
http://www.apache.org/";>
diff --git a/source/updating-website.md b/source/updating-website.md
new file mode 100644
index 000..f69f4d6
--- /dev/null
+++ b/source/updating-website.md
@@ -0,0 +1,38 @@
+---
+layout: default
+title: Updating the website
+---
+
+# Updating the website
+{:.no_toc}
+
+* Will be replaced with the ToC, excluding a header
+{:toc}
+
+## The setup
+
+The whole website is available in a dedicated Git
[repository](https://gitbox.apache.org/repos/asf?p=struts-site.git),
+you can also use a Github [mirror](https://github.com/apache/struts-site).
+
+The `master` branch contains the current source code of the website, any
changes should be applied to this branch,
+also any Pull Request should be opened against this branch as well.
+
+We are using Jekyll and mix of Markdown pages with raw Html pages, where
Markdown is a preferred option.
+
+> WARN: do not manually change the `asf-site` or `ast-staging` branches, they
will be automatically updated
+> by CI server.
+
+## Applying a change
+
+If you are a contributor, and the change is small you can push it directly to
the `master` branch. In any other case
+please open a Pull Request. The Pull Request will be automatically build and
deployed to the [staging site](https://struts.staged.apache.org/).
+
+You can then review your changes before applying them to the `master` branch.
+
+## Deploying JavaDocs
+
+There is a dedicated [Jenkins
job](https://builds.apache.org/view/S-Z/view/Struts/job/Struts-site-javadocs/)
which is
+used to update the JavaDocs based on the latest release. If you have a proper
privileges you can start the job
+and provide a Git tag of the latest release, eg. `STRUTS_2_5_22`. Based on the
tag Jenkins will generate a proper
+JavaDocs and deploy them directly into the website. You can verify them by
using this
[link](https://struts.staged.apache.org/maven/struts2-core/apidocs/index.html).
+
\ No newline at end of file
[struts-site] branch master updated: Remove eclipse files that got committed unintentionally
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new bed1ba9 Remove eclipse files that got committed unintentionally bed1ba9 is described below commit bed1ba46d10c752c81b1362d970d52f046e5 Author: Rene Gielen AuthorDate: Mon Apr 13 10:13:09 2020 +0200 Remove eclipse files that got committed unintentionally --- .project | 17 - .settings/org.eclipse.core.resources.prefs | 2 -- .settings/org.eclipse.m2e.core.prefs | 4 3 files changed, 23 deletions(-) diff --git a/.project b/.project deleted file mode 100644 index 7487c85..000 --- a/.project +++ /dev/null @@ -1,17 +0,0 @@ - - - struts2-site - - - - - - org.eclipse.m2e.core.maven2Builder - - - - - - org.eclipse.m2e.core.maven2Nature - - diff --git a/.settings/org.eclipse.core.resources.prefs b/.settings/org.eclipse.core.resources.prefs deleted file mode 100644 index 99f26c0..000 --- a/.settings/org.eclipse.core.resources.prefs +++ /dev/null @@ -1,2 +0,0 @@ -eclipse.preferences.version=1 -encoding/=UTF-8 diff --git a/.settings/org.eclipse.m2e.core.prefs b/.settings/org.eclipse.m2e.core.prefs deleted file mode 100644 index f897a7f..000 --- a/.settings/org.eclipse.m2e.core.prefs +++ /dev/null @@ -1,4 +0,0 @@ -activeProfiles= -eclipse.preferences.version=1 -resolveWorkspaceProjects=true -version=1
[struts-site] branch master updated: Trigger re-deploy
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new 8d69e99 Trigger re-deploy 8d69e99 is described below commit 8d69e995e493cd94803a7abb80014067fd6930df Author: René Gielen AuthorDate: Sun Apr 26 12:19:05 2020 +0200 Trigger re-deploy --- source/primer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/primer.md b/source/primer.md index 937b2e3..895edc7 100644 --- a/source/primer.md +++ b/source/primer.md @@ -242,7 +242,7 @@ Pragmatic security can be used to fine-tune security make authorization decision the parameters of a call, or the internal state of a Web component. It can also be used to restrict authentication based on information in a database. -For more about security, you should read the [Java EE tutorial](http://docs.oracle.com/javaee/6/tutorial/doc/gijrp.html). +For more about security you should read the [Java EE tutorial](http://docs.oracle.com/javaee/6/tutorial/doc/gijrp.html). Other projects, like [Apache Shiro](http://shiro.apache.org/) or [Spring Security](https://spring.io/projects/spring-security/) might also help you to secure your web application.
[struts-site] branch master updated: Reflect emeritus status for Stefaan Dutry
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new 8b9229f Reflect emeritus status for Stefaan Dutry 8b9229f is described below commit 8b9229ff0dca3be88081800649244b1e7376414d Author: René Gielen AuthorDate: Mon Jun 8 22:49:34 2020 +0200 Reflect emeritus status for Stefaan Dutry --- source/volunteers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/volunteers.md b/source/volunteers.md index b85e05c..8059e08 100644 --- a/source/volunteers.md +++ b/source/volunteers.md @@ -37,7 +37,6 @@ or committee member. - Christoph Nenning (cnenning at apache.org) - Greg Huber (ghuber at apache.org) - Aleksandr Mashchenko (amashchenko at apache.org) -- Stefaan Dutry (sdutry at apache.org) - Yasser Zamani (yasserzamani at apache.org) ## Committers @@ -92,3 +91,4 @@ Emeritus volunteers are no longer active in the project. An emeritus volunteer c - Nils-Helge Garli Hegvik (PMC) (nilsga at apache.org) - Martin Cooper (PMC) (martinc at apache.org) - Niall Pemberton (PMC) (niallp at apache.org) +- Stefaan Dutry (sdutry at apache.org)
[struts-site] branch master updated: Add ignores for VS Code and Eclipse
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new 4accab4 Add ignores for VS Code and Eclipse 4accab4 is described below commit 4accab4a8528b6ea991b3da803431edd6ed447f2 Author: Rene Gielen AuthorDate: Thu Aug 13 09:59:23 2020 +0200 Add ignores for VS Code and Eclipse --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index cca73da..1569020 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,5 @@ target .bundle .jekyll-metadata _site +.project +.settings/
[struts-site] branch master updated: Adjust docker scripts and docs to remove start errors (bash) and allow local serving
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new 6ec8abe Adjust docker scripts and docs to remove start errors (bash) and allow local serving 6ec8abe is described below commit 6ec8abe20f37735ae38c9105f86458abb2abeece Author: Rene Gielen AuthorDate: Thu Aug 13 12:08:14 2020 +0200 Adjust docker scripts and docs to remove start errors (bash) and allow local serving --- README.md | 2 ++ docker-run.fish | 2 +- docker-run.sh | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 70cf0da..d9425c0 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,8 @@ when running `fish-shell`, or: when running `Bash` or `Sh`. +The continuously generated website can then be accessed at http://localhost:4000 + All pages are generated into the `content` folder. There are two scripts used to build the image but this should be used only when `Dockerfile` was modified. diff --git a/docker-run.fish b/docker-run.fish index f9fc341..94e0a88 100755 --- a/docker-run.fish +++ b/docker-run.fish @@ -1,3 +1,3 @@ #!/usr/local/bin/fish -docker run --rm -v $PWD:/srv/jekyll -it jekyll/jekyll:3.8 jekyll serve --watch --trace --force_polling --incremental +docker run --rm -v $PWD:/srv/jekyll -it -p 4000:4000 jekyll/jekyll:3.8 jekyll serve --watch --trace --host 0.0.0.0 --force_polling --incremental diff --git a/docker-run.sh b/docker-run.sh index 70011ab..ff1efab 100755 --- a/docker-run.sh +++ b/docker-run.sh @@ -1,5 +1,5 @@ #!/bin/sh -export JEKYLL_VERSION 3.8 +export JEKYLL_VERSION=3.8 -docker run --rm -v $PWD:/srv/jekyll -it jekyll/jekyll:$JEKYLL_VERSION jekyll serve --watch --trace --host=0.0.0.0 --force_polling --incremental +docker run --rm -v $PWD:/srv/jekyll -it -p 4000:4000 jekyll/jekyll:$JEKYLL_VERSION jekyll serve --watch --trace --host 0.0.0.0 --force_polling --incremental
[struts-site] 02/02: Add Announcement 2020-08-13
This is an automated email from the ASF dual-hosted git repository.
rgielen pushed a commit to branch announcement-202008
in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit 53faadb0de5f65a83e493fb0a6042f64f5d13f44
Author: Rene Gielen
AuthorDate: Thu Aug 13 12:06:45 2020 +0200
Add Announcement 2020-08-13
---
source/announce.md | 48
source/index.html | 40
2 files changed, 68 insertions(+), 20 deletions(-)
diff --git a/source/announce.md b/source/announce.md
new file mode 100644
index 000..daf589e
--- /dev/null
+++ b/source/announce.md
@@ -0,0 +1,48 @@
+---
+layout: default
+title: Announcements 2020
+---
+
+# Announcements 2020
+{:.no_toc}
+
+* Will be replaced with the ToC, excluding a header
+{:toc}
+
+
+ Skip to: Announcements - 2019
+
+
+ 13 August 2020 - Security Advice: Announcing CVE-2019-0230 (Possible RCE)
and CVE-2019-0233 (DoS) security issues {#a20200813}
+
+Two new [Struts Security
Bulletins](https://cwiki.apache.org/confluence/display/WW/Security+Bulletin)
have been issued for Struts 2 by the Apache Struts Security Team:
+
+* [S2-059](https://cwiki.apache.org/confluence/display/ww/s2-059) - Forced
double OGNL evaluation, when evaluated on raw user input in tag attributes, may
lead to remote code execution (CVE-2019-0230)
+* [S2-060](https://cwiki.apache.org/confluence/display/ww/s2-060) - Access
permission override causing a Denial of Service when performing a file upload
(CVE-2019-0233)
+
+Both issues affect Apache Struts in the version range 2.0.0 - 2.5.20. The
current version 2.5.22, which was released in November 2019, is not affected.
+
+[CVE-2019-0230](https://cwiki.apache.org/confluence/display/ww/s2-059) has
been reported by Matthias Kaiser, Apple Information Security.
+By design, Struts 2 allows developers to utilize forced double evaluation for
certain tag attributes.
+When used with unvalidated, user modifiable input, malicious OGNL expressions
may be injected.
+In an ongoing effort, the Struts framework includes mitigations for limiting
the impact of injected expressions, but Struts before 2.5.22 left an attack
vector open which is addressed by this report.
+**However, we continue to urge developers building upon Struts 2 to [not use
`%{...}` syntax referencing unvalidated user modifiable input in tag attributes
](https://struts.apache.org/security/#use-struts-tags-instead-of-raw-el-expressions),
since this is the ultimate fix for this class of vulnerabilities.**
+
+[CVE-2019-0233](https://cwiki.apache.org/confluence/display/ww/s2-060) has
been reported by Takeshi Terada of Mitsui Bussan Secure Directions, Inc.
+In Struts before 2.5.22, when a file upload is performed to an Action that
exposes the file with a getter, an attacker may manipulate the request such
that the working copy of the uploaded file or even the container temporary
upload directory may be set to read-only access. As a result, subsequent
actions on the file or file uploads in general will fail with an error.
+
+Both issues are already fixed in Apache Struts
[2.5.22](https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.22),
which was released in November 2019.
+
+**We strongly recommend all users to [upgrade](download.cgi#struts-ga) to
Struts 2.5.22, if this has not been done already.**
+
+The Apache Struts Security Team would like to thank the reporters for their
efforts and their practice of responsible disclosure, as well as their help
while investigating the report and coordinating public disclosure.
+
+
+
+ Skip to: Announcements - 2019
+
+
+
+ Next:
+ Kickstart FAQ
+
diff --git a/source/index.html b/source/index.html
index 8eb9c79..821aee3 100644
--- a/source/index.html
+++ b/source/index.html
@@ -31,23 +31,39 @@ title: Welcome to the Apache Struts project
+Security Advice S2-058 released
+
+A number of historic Struts Security Bulletins and related CVE
database entries contained incorrect affected release version ranges.
+Read more in
+ Announcement
+
+
+
Apache Struts {{ site.current_version }} GA
Apache Struts {{ site.current_version }} GA has been releasedon
{{ site.release_date }}.
-Read more in Announcement or in
+Read more in Announcement or in
Version notes
+
+
+
+Apache Struts 2.3.x EOL
+
+ The Apache Struts Team informs about discontinuing support for
Struts 2.3.x branch, we recommend migration
+ to the latest version of Struts, read more in
+ Announcement
+
+
Apache Struts {{ site.prev_version }} GA
It's the latest release of Struts 2.3.x which contains the latest
security fixes,
- released on {{ site.prev_release_date }}. Read mo
[struts-site] branch announcement-202008 created (now 53faadb)
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a change to branch announcement-202008 in repository https://gitbox.apache.org/repos/asf/struts-site.git. at 53faadb Add Announcement 2020-08-13 This branch includes the following new commits: new 5059bd1 Make current 2019 announcement page archived new 53faadb Add Announcement 2020-08-13 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[struts-site] 01/02: Make current 2019 announcement page archived
This is an automated email from the ASF dual-hosted git repository.
rgielen pushed a commit to branch announcement-202008
in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit 5059bd1986eae537a20ab921253a8f9286d49af5
Author: Rene Gielen
AuthorDate: Thu Aug 13 10:04:02 2020 +0200
Make current 2019 announcement page archived
---
source/{announce.md => announce-2019.md} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/source/announce.md b/source/announce-2019.md
similarity index 100%
rename from source/announce.md
rename to source/announce-2019.md
[struts-site] 01/02: Make current 2019 announcement page archived
This is an automated email from the ASF dual-hosted git repository.
rgielen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit 82f2b508346124b3907f399cca8ff5f678f4aa9d
Author: Rene Gielen
AuthorDate: Thu Aug 13 10:04:02 2020 +0200
Make current 2019 announcement page archived
---
source/{announce.md => announce-2019.md} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/source/announce.md b/source/announce-2019.md
similarity index 100%
rename from source/announce.md
rename to source/announce-2019.md
[struts-site] 02/02: Add Announcement 2020-08-13
This is an automated email from the ASF dual-hosted git repository.
rgielen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit 166f72eb8ea5fbf0ab6b57483f46630235c0a6a5
Author: Rene Gielen
AuthorDate: Thu Aug 13 12:06:45 2020 +0200
Add Announcement 2020-08-13
---
source/announce.md | 48
source/index.html | 40
2 files changed, 68 insertions(+), 20 deletions(-)
diff --git a/source/announce.md b/source/announce.md
new file mode 100644
index 000..daf589e
--- /dev/null
+++ b/source/announce.md
@@ -0,0 +1,48 @@
+---
+layout: default
+title: Announcements 2020
+---
+
+# Announcements 2020
+{:.no_toc}
+
+* Will be replaced with the ToC, excluding a header
+{:toc}
+
+
+ Skip to: Announcements - 2019
+
+
+ 13 August 2020 - Security Advice: Announcing CVE-2019-0230 (Possible RCE)
and CVE-2019-0233 (DoS) security issues {#a20200813}
+
+Two new [Struts Security
Bulletins](https://cwiki.apache.org/confluence/display/WW/Security+Bulletin)
have been issued for Struts 2 by the Apache Struts Security Team:
+
+* [S2-059](https://cwiki.apache.org/confluence/display/ww/s2-059) - Forced
double OGNL evaluation, when evaluated on raw user input in tag attributes, may
lead to remote code execution (CVE-2019-0230)
+* [S2-060](https://cwiki.apache.org/confluence/display/ww/s2-060) - Access
permission override causing a Denial of Service when performing a file upload
(CVE-2019-0233)
+
+Both issues affect Apache Struts in the version range 2.0.0 - 2.5.20. The
current version 2.5.22, which was released in November 2019, is not affected.
+
+[CVE-2019-0230](https://cwiki.apache.org/confluence/display/ww/s2-059) has
been reported by Matthias Kaiser, Apple Information Security.
+By design, Struts 2 allows developers to utilize forced double evaluation for
certain tag attributes.
+When used with unvalidated, user modifiable input, malicious OGNL expressions
may be injected.
+In an ongoing effort, the Struts framework includes mitigations for limiting
the impact of injected expressions, but Struts before 2.5.22 left an attack
vector open which is addressed by this report.
+**However, we continue to urge developers building upon Struts 2 to [not use
`%{...}` syntax referencing unvalidated user modifiable input in tag attributes
](https://struts.apache.org/security/#use-struts-tags-instead-of-raw-el-expressions),
since this is the ultimate fix for this class of vulnerabilities.**
+
+[CVE-2019-0233](https://cwiki.apache.org/confluence/display/ww/s2-060) has
been reported by Takeshi Terada of Mitsui Bussan Secure Directions, Inc.
+In Struts before 2.5.22, when a file upload is performed to an Action that
exposes the file with a getter, an attacker may manipulate the request such
that the working copy of the uploaded file or even the container temporary
upload directory may be set to read-only access. As a result, subsequent
actions on the file or file uploads in general will fail with an error.
+
+Both issues are already fixed in Apache Struts
[2.5.22](https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.22),
which was released in November 2019.
+
+**We strongly recommend all users to [upgrade](download.cgi#struts-ga) to
Struts 2.5.22, if this has not been done already.**
+
+The Apache Struts Security Team would like to thank the reporters for their
efforts and their practice of responsible disclosure, as well as their help
while investigating the report and coordinating public disclosure.
+
+
+
+ Skip to: Announcements - 2019
+
+
+
+ Next:
+ Kickstart FAQ
+
diff --git a/source/index.html b/source/index.html
index 8eb9c79..821aee3 100644
--- a/source/index.html
+++ b/source/index.html
@@ -31,23 +31,39 @@ title: Welcome to the Apache Struts project
+Security Advice S2-058 released
+
+A number of historic Struts Security Bulletins and related CVE
database entries contained incorrect affected release version ranges.
+Read more in
+ Announcement
+
+
+
Apache Struts {{ site.current_version }} GA
Apache Struts {{ site.current_version }} GA has been releasedon
{{ site.release_date }}.
-Read more in Announcement or in
+Read more in Announcement or in
Version notes
+
+
+
+Apache Struts 2.3.x EOL
+
+ The Apache Struts Team informs about discontinuing support for
Struts 2.3.x branch, we recommend migration
+ to the latest version of Struts, read more in
+ Announcement
+
+
Apache Struts {{ site.prev_version }} GA
It's the latest release of Struts 2.3.x which contains the latest
security fixes,
- released on {{ site.prev_release_date }}. Read more in Announcement
[struts-site] branch master updated (6ec8abe -> 166f72e)
This is an automated email from the ASF dual-hosted git repository.
rgielen pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git.
from 6ec8abe Adjust docker scripts and docs to remove start errors (bash)
and allow local serving
new 82f2b50 Make current 2019 announcement page archived
new 166f72e Add Announcement 2020-08-13
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
source/{announce.md => announce-2019.md} | 0
source/announce.md | 155 ---
source/index.html| 40
3 files changed, 38 insertions(+), 157 deletions(-)
copy source/{announce.md => announce-2019.md} (100%)
[struts-site] branch master updated: Add $-syntax to announcement
This is an automated email from the ASF dual-hosted git repository.
rgielen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/master by this push:
new d7a07ec Add $-syntax to announcement
d7a07ec is described below
commit d7a07ec8bf0da37593f106e7633e64298747d679
Author: Rene Gielen
AuthorDate: Thu Aug 13 12:44:54 2020 +0200
Add $-syntax to announcement
---
source/announce.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source/announce.md b/source/announce.md
index daf589e..a6a543c 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -26,7 +26,7 @@ Both issues affect Apache Struts in the version range 2.0.0 -
2.5.20. The curren
By design, Struts 2 allows developers to utilize forced double evaluation for
certain tag attributes.
When used with unvalidated, user modifiable input, malicious OGNL expressions
may be injected.
In an ongoing effort, the Struts framework includes mitigations for limiting
the impact of injected expressions, but Struts before 2.5.22 left an attack
vector open which is addressed by this report.
-**However, we continue to urge developers building upon Struts 2 to [not use
`%{...}` syntax referencing unvalidated user modifiable input in tag attributes
](https://struts.apache.org/security/#use-struts-tags-instead-of-raw-el-expressions),
since this is the ultimate fix for this class of vulnerabilities.**
+**However, we continue to urge developers building upon Struts 2 to [not use
`%{...}` or `${...}` syntax referencing unvalidated user modifiable input in
tag attributes
](https://struts.apache.org/security/#use-struts-tags-instead-of-raw-el-expressions),
since this is the ultimate fix for this class of vulnerabilities.**
[CVE-2019-0233](https://cwiki.apache.org/confluence/display/ww/s2-060) has
been reported by Takeshi Terada of Mitsui Bussan Secure Directions, Inc.
In Struts before 2.5.22, when a file upload is performed to an Action that
exposes the file with a getter, an attacker may manipulate the request such
that the working copy of the uploaded file or even the container temporary
upload directory may be set to read-only access. As a result, subsequent
actions on the file or file uploads in general will fail with an error.
[struts-site] branch master updated: Add James Chaplin to PMC list
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new 3ae355e Add James Chaplin to PMC list 3ae355e is described below commit 3ae355e552bee7884a60a55eb14a48f345ae1b44 Author: René Gielen AuthorDate: Mon Nov 16 22:18:26 2020 +0100 Add James Chaplin to PMC list --- source/volunteers.md | 1 + 1 file changed, 1 insertion(+) diff --git a/source/volunteers.md b/source/volunteers.md index 8059e08..11394ba 100644 --- a/source/volunteers.md +++ b/source/volunteers.md @@ -38,6 +38,7 @@ or committee member. - Greg Huber (ghuber at apache.org) - Aleksandr Mashchenko (amashchenko at apache.org) - Yasser Zamani (yasserzamani at apache.org) +- James Chaplin (jchaplin at apache.org) ## Committers
[struts-site] branch master updated: Update site menu to link to 2023 announcements rather than 2022
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new 1819839ea Update site menu to link to 2023 announcements rather than 2022 1819839ea is described below commit 1819839ea036add40f980ad65435a025e2b68a83 Author: René Gielen AuthorDate: Fri Oct 6 21:58:49 2023 +0200 Update site menu to link to 2023 announcements rather than 2022 --- source/_includes/header.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/_includes/header.html b/source/_includes/header.html index caa54bef1..505fafa37 100644 --- a/source/_includes/header.html +++ b/source/_includes/header.html @@ -26,7 +26,7 @@ Welcome Download Releases -Announcements +Announcements http://www.apache.org/licenses/";>License https://www.apache.org/foundation/thanks.html";>Thanks! https://www.apache.org/foundation/sponsorship.html";>Sponsorship
(struts-site) branch master updated: Add Kusal to comitter list
This is an automated email from the ASF dual-hosted git repository. rgielen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new df112b878 Add Kusal to comitter list df112b878 is described below commit df112b878d00e139874c72f74dc0044901d98ccd Author: René Gielen AuthorDate: Wed Feb 21 22:35:50 2024 +0100 Add Kusal to comitter list --- source/volunteers.md | 1 + 1 file changed, 1 insertion(+) diff --git a/source/volunteers.md b/source/volunteers.md index c32c1815e..6ca45f9c3 100644 --- a/source/volunteers.md +++ b/source/volunteers.md @@ -54,6 +54,7 @@ Other committers are listed in the chronological order, according to the date ea - Mathias Bogaert (pathos at apache.org) - John Lindal (jafl at apache.org) - Bruce A. Phillips (bphillips at apache.org) +- Kusal Kithul-Godage (kusal at apache.org) ## Emeritus Volunteers
svn commit: r833169 - in /struts/struts2/trunk: apps/portlet/ core/ core/src/test/java/org/apache/struts2/dispatcher/ core/src/test/java/org/apache/struts2/views/jsp/ plugins/convention/ plugins/dojo/
Author: rgielen Date: Thu Nov 5 21:07:58 2009 New Revision: 833169 URL: http://svn.apache.org/viewvc?rev=833169&view=rev Log: WW-3315: Align all easymock dependencies to version 2.4 Modified: struts/struts2/trunk/apps/portlet/pom.xml struts/struts2/trunk/core/pom.xml struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/ServletActionRedirectResultTest.java struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/ServletRedirectResultTest.java struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/jsp/DynAttribsTest.java struts/struts2/trunk/plugins/convention/pom.xml struts/struts2/trunk/plugins/dojo/pom.xml struts/struts2/trunk/plugins/javatemplates/pom.xml struts/struts2/trunk/plugins/jfreechart/pom.xml struts/struts2/trunk/plugins/json/pom.xml struts/struts2/trunk/plugins/oval/pom.xml struts/struts2/trunk/plugins/portlet/pom.xml struts/struts2/trunk/plugins/spring/pom.xml Modified: struts/struts2/trunk/apps/portlet/pom.xml URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/portlet/pom.xml?rev=833169&r1=833168&r2=833169&view=diff == --- struts/struts2/trunk/apps/portlet/pom.xml (original) +++ struts/struts2/trunk/apps/portlet/pom.xml Thu Nov 5 21:07:58 2009 @@ -166,14 +166,14 @@ log4j 1.2.9 - + org.mortbay.jetty jetty 6.1.4rc0 test - + net.sourceforge.jwebunit jwebunit-htmlunit-plugin @@ -186,14 +186,14 @@ - + com.bekk.boss maven-jetty-pluto-embedded 1.0 test - + org.mortbay.jetty jsp-2.1 Modified: struts/struts2/trunk/core/pom.xml URL: http://svn.apache.org/viewvc/struts/struts2/trunk/core/pom.xml?rev=833169&r1=833168&r2=833169&view=diff == --- struts/struts2/trunk/core/pom.xml (original) +++ struts/struts2/trunk/core/pom.xml Thu Nov 5 21:07:58 2009 @@ -43,7 +43,6 @@ maven-dependency-plugin -2.0-alpha-4 unpack-xwork @@ -326,7 +325,7 @@ org.easymock easymock -2.0 +2.4 test
svn commit: r833239 - in /struts/struts2/trunk/plugins/portlet/src: main/java/org/apache/struts2/portlet/dispatcher/ main/java/org/apache/struts2/portlet/interceptor/ main/java/org/apache/struts2/port
Author: rgielen
Date: Thu Nov 5 23:46:50 2009
New Revision: 833239
URL: http://svn.apache.org/viewvc?rev=833239&view=rev
Log:
WW-3316:
- remove unconditional LOG.debug calls
- import fixes
- drop pre Java 5 constructs
Modified:
struts/struts2/trunk/plugins/portlet/src/main/java/org/apache/struts2/portlet/dispatcher/Jsr168Dispatcher.java
struts/struts2/trunk/plugins/portlet/src/main/java/org/apache/struts2/portlet/interceptor/PortletStateInterceptor.java
struts/struts2/trunk/plugins/portlet/src/main/java/org/apache/struts2/portlet/result/PortletActionRedirectResult.java
struts/struts2/trunk/plugins/portlet/src/main/java/org/apache/struts2/portlet/result/PortletResult.java
struts/struts2/trunk/plugins/portlet/src/main/java/org/apache/struts2/portlet/util/PortletUrlHelper.java
struts/struts2/trunk/plugins/portlet/src/test/java/org/apache/struts2/portlet/dispatcher/Jsr168DispatcherTest.java
Modified:
struts/struts2/trunk/plugins/portlet/src/main/java/org/apache/struts2/portlet/dispatcher/Jsr168Dispatcher.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/plugins/portlet/src/main/java/org/apache/struts2/portlet/dispatcher/Jsr168Dispatcher.java?rev=833239&r1=833238&r2=833239&view=diff
==
---
struts/struts2/trunk/plugins/portlet/src/main/java/org/apache/struts2/portlet/dispatcher/Jsr168Dispatcher.java
(original)
+++
struts/struts2/trunk/plugins/portlet/src/main/java/org/apache/struts2/portlet/dispatcher/Jsr168Dispatcher.java
Thu Nov 5 23:46:50 2009
@@ -188,7 +188,7 @@
*/
public void init(PortletConfig cfg) throws PortletException {
super.init(cfg);
-LOG.debug("Initializing portlet " + getPortletName());
+if (LOG.isDebugEnabled()) LOG.debug("Initializing portlet " +
getPortletName());
Map params = new HashMap();
for (Enumeration e = cfg.getInitParameterNames(); e.hasMoreElements();
) {
@@ -205,7 +205,7 @@
factory =
dispatcherUtils.getConfigurationManager().getConfiguration().getContainer().getInstance(ActionProxyFactory.class);
}
portletNamespace = cfg.getInitParameter("portletNamespace");
-LOG.debug("PortletNamespace: " + portletNamespace);
+if (LOG.isDebugEnabled()) LOG.debug("PortletNamespace: " +
portletNamespace);
parseModeConfig(actionMap, cfg, PortletMode.VIEW, "viewNamespace",
"defaultViewAction");
parseModeConfig(actionMap, cfg, PortletMode.EDIT, "editNamespace",
@@ -292,13 +292,13 @@
*/
public void processAction(ActionRequest request, ActionResponse response)
throws PortletException, IOException {
-LOG.debug("Entering processAction");
+if (LOG.isDebugEnabled()) LOG.debug("Entering processAction");
resetActionContext();
try {
serviceAction(request, response, getRequestMap(request),
getParameterMap(request),
getSessionMap(request), getApplicationMap(),
portletNamespace, EVENT_PHASE);
-LOG.debug("Leaving processAction");
+if (LOG.isDebugEnabled()) LOG.debug("Leaving processAction");
} finally {
ActionContext.setContext(null);
}
@@ -313,7 +313,7 @@
public void render(RenderRequest request, RenderResponse response)
throws PortletException, IOException {
-LOG.debug("Entering render");
+if (LOG.isDebugEnabled()) LOG.debug("Entering render");
resetActionContext();
response.setTitle(getTitle(request));
if(!request.getWindowState().equals(WindowState.MINIMIZED)) {
@@ -322,7 +322,7 @@
serviceAction(request, response, getRequestMap(request),
getParameterMap(request),
getSessionMap(request), getApplicationMap(),
portletNamespace, RENDER_PHASE);
-LOG.debug("Leaving render");
+if (LOG.isDebugEnabled()) LOG.debug("Leaving render");
} finally {
resetActionContext();
}
@@ -418,7 +418,7 @@
public void serviceAction(PortletRequest request, PortletResponse
response, Map requestMap, Map parameterMap,
Map sessionMap, Map
applicationMap, String portletNamespace,
Integer phase) throws PortletException {
-LOG.debug("serviceAction");
+if (LOG.isDebugEnabled()) LOG.debug("serviceAction");
Dispatcher.setInstance(dispatcherUtils);
String actionName = null;
String namespace = null;
Modified:
struts/struts2/trunk/plugins/portlet/src/main/java/org/apache/struts2/portlet/interceptor/PortletStateInterceptor.jav
svn commit: r833247 [2/2] - in /struts/sandbox/trunk/struts2-portlet2-plugin: ./ src/main/java/org/apache/struts2/components/ src/main/java/org/apache/struts2/portlet/ src/main/java/org/apache/struts2
Modified:
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/util/PortletUrlHelper.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/util/PortletUrlHelper.java?rev=833247&r1=833246&r2=833247&view=diff
==
---
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/util/PortletUrlHelper.java
(original)
+++
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/util/PortletUrlHelper.java
Thu Nov 5 23:54:25 2009
@@ -39,8 +39,8 @@
import org.apache.struts2.StrutsException;
import org.apache.struts2.portlet.context.PortletActionContext;
+import org.apache.commons.lang.xwork.StringUtils;
-import com.opensymphony.xwork2.util.TextUtils;
import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
/**
@@ -88,7 +88,7 @@
LOG.debug("Creating url. Action = " + action + ", Namespace = "
+ namespace + ", Type = " + type);
namespace = prependNamespace(namespace, portletMode);
-if (!TextUtils.stringSet(portletMode)) {
+if (StringUtils.isEmpty(portletMode)) {
portletMode =
PortletActionContext.getRequest().getPortletMode().toString();
}
String result = null;
@@ -105,30 +105,30 @@
params.put(key, new String[] { val });
}
}
-if (TextUtils.stringSet(namespace)) {
+if (StringUtils.isNotEmpty(namespace)) {
resultingAction.append(namespace);
if(!action.startsWith("/") && !namespace.endsWith("/")) {
resultingAction.append("/");
}
}
resultingAction.append(action);
-if(TextUtils.stringSet(method)) {
+if(StringUtils.isNotEmpty(method)) {
resultingAction.append("!").append(method);
}
-LOG.debug("Resulting actionPath: " + resultingAction);
+if (LOG.isDebugEnabled()) LOG.debug("Resulting actionPath: " +
resultingAction);
params.put(ACTION_PARAM, new String[] { resultingAction.toString() });
BaseURL url = null;
if ("action".equalsIgnoreCase(type)) {
-LOG.debug("Creating action url");
+if (LOG.isDebugEnabled()) LOG.debug("Creating action url");
url = response.createActionURL();
}
else if("resource".equalsIgnoreCase(type)) {
- LOG.debug("Creating resource url");
+ if (LOG.isDebugEnabled()) LOG.debug("Creating resource url");
url = response.createResourceURL();
}
else {
-LOG.debug("Creating render url");
+if (LOG.isDebugEnabled()) LOG.debug("Creating render url");
url = response.createRenderURL();
}
@@ -144,8 +144,9 @@
}
if(url instanceof PortletURL) {
try {
-
((PortletURL)url).setPortletMode(getPortletMode(request, portletMode));
-
((PortletURL)url).setWindowState(getWindowState(request, windowState));
+final PortletURL portletUrl = (PortletURL) url;
+portletUrl.setPortletMode(getPortletMode(request,
portletMode));
+ portletUrl.setWindowState(getWindowState(request,
windowState));
} catch (Exception e) {
LOG.error("Unable to set mode or state:" +
e.getMessage(), e);
}
@@ -171,28 +172,28 @@
private static String prependNamespace(String namespace, String
portletMode) {
StringBuffer sb = new StringBuffer();
PortletMode mode = PortletActionContext.getRequest().getPortletMode();
-if(TextUtils.stringSet(portletMode)) {
+if(StringUtils.isNotEmpty(portletMode)) {
mode = new PortletMode(portletMode);
}
String portletNamespace = PortletActionContext.getPortletNamespace();
String modeNamespace =
(String)PortletActionContext.getModeNamespaceMap().get(mode);
-LOG.debug("PortletNamespace: " + portletNamespace + ", modeNamespace:
" + modeNamespace);
-if(TextUtils.stringSet(portletNamespace)) {
+if (LOG.isDebugEnabled()) LOG.debug("PortletNamespace: " +
portletNamespace + ", modeNamespace: " + modeNamespace);
+if(StringUtils.isNotEmpty(portletNamespace)) {
sb.append(portletNamespace);
}
-if(TextUtils.stringSet(modeNamespace)) {
+if(StringUtils.isNotEmpty(modeNamespace)) {
if(!modeNamespace.startsWith("/")) {
sb.append("/");
}
sb.append(modeNamespace);
}
-if(TextUtils.stringSet(namespace)) {
+if(StringUtils.isNotEmpty(namespace)) {
if(!namespace.startsWith("/")) {
svn commit: r833708 - /struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/result/PortletResultHelperJSR286.java
Author: rgielen
Date: Sat Nov 7 16:34:04 2009
New Revision: 833708
URL: http://svn.apache.org/viewvc?rev=833708&view=rev
Log:
Documentation updates
Modified:
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/result/PortletResultHelperJSR286.java
Modified:
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/result/PortletResultHelperJSR286.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/result/PortletResultHelperJSR286.java?rev=833708&r1=833707&r2=833708&view=diff
==
---
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/result/PortletResultHelperJSR286.java
(original)
+++
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/result/PortletResultHelperJSR286.java
Sat Nov 7 16:34:04 2009
@@ -11,7 +11,8 @@
public class PortletResultHelperJSR286 implements PortletResultHelper {
/**
- * Set a render parameter, abstracted from the used Portlet API version
+ * Set a render parameter, abstracted from the used Portlet API version.
This implementation assumes that the given
+ * response is a {...@link javax.portlet.StateAwareResponse}, as JSR286
implies.
*
* @param response The response to set the parameter on.
* @param key The parameter key to set.
@@ -22,7 +23,8 @@
}
/**
- * Set a portlet mode, abstracted from the used Portlet API version
+ * Set a portlet mode, abstracted from the used Portlet API version. This
implementation assumes that the given
+ * response is a {...@link javax.portlet.StateAwareResponse}, as JSR286
implies.
*
* @param responseThe response to set the portlet mode on.
* @param portletMode The portlet mode to set.
@@ -32,7 +34,8 @@
}
/**
- * Call a dispatcher's include method, abstracted from the used Portlet
API version.
+ * Call a dispatcher's include method, abstracted from the used Portlet
API version. This implementation assumes
+ * that the response is a {...@link javax.portlet.MimeResponse}, as JSR286
implies.
*
* @param dispatcher The dispatcher to call the include method on.
* @param contentType The content type to set for the response.
svn commit: r887976 - /struts/sandbox/trunk/struts2-cdi-plugin/
Author: rgielen Date: Mon Dec 7 16:22:53 2009 New Revision: 887976 URL: http://svn.apache.org/viewvc?rev=887976&view=rev Log: Initial work on a CDI / JSR299 plugin Added: struts/sandbox/trunk/struts2-cdi-plugin/
svn commit: r887991 - in /struts/sandbox/trunk/struts2-cdi-plugin: ./ src/ src/main/ src/main/java/ src/main/java/org/ src/main/java/org/apache/ src/main/java/org/apache/struts2/ src/main/java/org/apa
Author: rgielen Date: Mon Dec 7 16:32:40 2009 New Revision: 887991 URL: http://svn.apache.org/viewvc?rev=887991&view=rev Log: Initial work on a CDI / JSR299 plugin Added: struts/sandbox/trunk/struts2-cdi-plugin/pom.xml struts/sandbox/trunk/struts2-cdi-plugin/src/ struts/sandbox/trunk/struts2-cdi-plugin/src/main/ struts/sandbox/trunk/struts2-cdi-plugin/src/main/java/ struts/sandbox/trunk/struts2-cdi-plugin/src/main/java/org/ struts/sandbox/trunk/struts2-cdi-plugin/src/main/java/org/apache/ struts/sandbox/trunk/struts2-cdi-plugin/src/main/java/org/apache/struts2/ struts/sandbox/trunk/struts2-cdi-plugin/src/main/java/org/apache/struts2/cdi/ struts/sandbox/trunk/struts2-cdi-plugin/src/main/java/org/apache/struts2/cdi/CdiObjectFactory.java struts/sandbox/trunk/struts2-cdi-plugin/src/main/resources/ struts/sandbox/trunk/struts2-cdi-plugin/src/main/resources/LICENSE.txt struts/sandbox/trunk/struts2-cdi-plugin/src/main/resources/NOTICE.txt struts/sandbox/trunk/struts2-cdi-plugin/src/main/resources/struts-plugin.xml struts/sandbox/trunk/struts2-cdi-plugin/src/test/ struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/ struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/ struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/ struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/ struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/ struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/CdiObjectFactoryTest.java struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/FooConsumer.java struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/FooService.java struts/sandbox/trunk/struts2-cdi-plugin/src/test/resources/ struts/sandbox/trunk/struts2-cdi-plugin/src/test/resources/META-INF/ struts/sandbox/trunk/struts2-cdi-plugin/src/test/resources/META-INF/beans.xml struts/sandbox/trunk/struts2-cdi-plugin/src/test/resources/log4j.properties Added: struts/sandbox/trunk/struts2-cdi-plugin/pom.xml URL: http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-cdi-plugin/pom.xml?rev=887991&view=auto == --- struts/sandbox/trunk/struts2-cdi-plugin/pom.xml (added) +++ struts/sandbox/trunk/struts2-cdi-plugin/pom.xml Mon Dec 7 16:32:40 2009 @@ -0,0 +1,95 @@ + +http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> +4.0.0 + +org.apache.struts +struts2-plugins +2.2.0-SNAPSHOT + +struts2-cdi-plugin + + + +java.net +java.net Repository +http://download.java.net/maven/2 + + + + + + +javax.enterprise +cdi-api +1.0 +provided + + + +org.jboss.weld +weld-core +1.0.0 +provided + + + +org.jboss.weld +weld-se +1.0.0-SNAPSHOT +test + + + +org.springframework +spring-test +2.5.6 +test + + + +junit +junit +4.5 +test + + + +log4j +log4j +1.2.14 +test + + + + + + +bootstrap + + + +org.apache.maven.plugins +maven-scm-plugin +1.0 + + +resolve-weld-se +initialize + +bootstrap + + +install + scm:svn:http://anonsvn.jboss.org/repos/weld/java-se/trunk + + + + + + + + + + + \ No newline at end of file Added: struts/sandbox/trunk/struts2-cdi-plugin/src/main/java/org/apache/struts2/cdi/CdiObjectFactory.java URL: http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-cdi-plugin/src/main/java/org/apache/struts2/cdi/CdiObjectFactory.java?rev=887991&view=auto == --- struts/sandbox/trunk/struts2-cdi-plugin/src/main/java/org/apache/struts2/cdi/CdiObjectFactory.java (adde
svn commit: r888085 - /struts/sandbox/trunk/struts2-cdi-example/
Author: rgielen Date: Mon Dec 7 19:04:45 2009 New Revision: 888085 URL: http://svn.apache.org/viewvc?rev=888085&view=rev Log: Initial work on a CDI / JSR299 plugin Added: struts/sandbox/trunk/struts2-cdi-example/
svn commit: r888088 - in /struts/sandbox/trunk/struts2-cdi-example: ./ src/ src/main/ src/main/java/ src/main/java/org/ src/main/java/org/apache/ src/main/java/org/apache/struts2/ src/main/java/org/ap
Author: rgielen
Date: Mon Dec 7 19:09:27 2009
New Revision: 888088
URL: http://svn.apache.org/viewvc?rev=888088&view=rev
Log:
Struts2 CDI/JSR299 plugin example
Added:
struts/sandbox/trunk/struts2-cdi-example/pom.xml
struts/sandbox/trunk/struts2-cdi-example/src/
struts/sandbox/trunk/struts2-cdi-example/src/main/
struts/sandbox/trunk/struts2-cdi-example/src/main/java/
struts/sandbox/trunk/struts2-cdi-example/src/main/java/org/
struts/sandbox/trunk/struts2-cdi-example/src/main/java/org/apache/
struts/sandbox/trunk/struts2-cdi-example/src/main/java/org/apache/struts2/
struts/sandbox/trunk/struts2-cdi-example/src/main/java/org/apache/struts2/example/
struts/sandbox/trunk/struts2-cdi-example/src/main/java/org/apache/struts2/example/cdi/
struts/sandbox/trunk/struts2-cdi-example/src/main/java/org/apache/struts2/example/cdi/Game.java
struts/sandbox/trunk/struts2-cdi-example/src/main/java/org/apache/struts2/example/cdi/Generator.java
struts/sandbox/trunk/struts2-cdi-example/src/main/java/org/apache/struts2/example/cdi/MaxNumber.java
struts/sandbox/trunk/struts2-cdi-example/src/main/java/org/apache/struts2/example/cdi/NumberGuess.java
struts/sandbox/trunk/struts2-cdi-example/src/main/java/org/apache/struts2/example/cdi/Random.java
struts/sandbox/trunk/struts2-cdi-example/src/main/resources/
struts/sandbox/trunk/struts2-cdi-example/src/main/resources/LICENSE.txt
struts/sandbox/trunk/struts2-cdi-example/src/main/resources/NOTICE.txt
struts/sandbox/trunk/struts2-cdi-example/src/main/resources/log4j.properties
struts/sandbox/trunk/struts2-cdi-example/src/main/resources/struts.xml
struts/sandbox/trunk/struts2-cdi-example/src/main/webapp/
struts/sandbox/trunk/struts2-cdi-example/src/main/webapp/WEB-INF/
struts/sandbox/trunk/struts2-cdi-example/src/main/webapp/WEB-INF/beans.xml
struts/sandbox/trunk/struts2-cdi-example/src/main/webapp/WEB-INF/pages/
struts/sandbox/trunk/struts2-cdi-example/src/main/webapp/WEB-INF/pages/NumberGuess.jsp
struts/sandbox/trunk/struts2-cdi-example/src/main/webapp/WEB-INF/web.xml
struts/sandbox/trunk/struts2-cdi-example/src/main/webapp/index.html
struts/sandbox/trunk/struts2-cdi-example/src/test/
Added: struts/sandbox/trunk/struts2-cdi-example/pom.xml
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-cdi-example/pom.xml?rev=888088&view=auto
==
--- struts/sandbox/trunk/struts2-cdi-example/pom.xml (added)
+++ struts/sandbox/trunk/struts2-cdi-example/pom.xml Mon Dec 7 19:09:27 2009
@@ -0,0 +1,111 @@
+
+http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
+4.0.0
+
+org.apache.struts
+struts2-apps
+2.2.0-SNAPSHOT
+
+org.apache.struts
+struts2-cdi-example
+war
+Struts2 CDI Example
+
+
+
+java.net
+java.net Repository
+http://download.java.net/maven/2
+
+
+repository.jboss.org
+JBoss Release Repository
+http://repository.jboss.org/maven2
+
+true
+
+
+false
+
+
+
+
+
+
+
+org.apache.struts
+struts2-core
+${pom.version}
+
+
+
+org.apache.struts
+struts2-junit-plugin
+${pom.version}
+
+
+
+org.apache.struts
+struts2-cdi-plugin
+2.2.0-SNAPSHOT
+
+
+
+commons-logging
+commons-logging
+1.1.1
+
+
+
+log4j
+log4j
+1.2.14
+
+
+
+javax.enterprise
+cdi-api
+1.0
+provided
+
+
+
+junit
+junit
+4.5
+test
+
+
+
+javax.servlet
+servlet-api
+2.4
+provided
+
+
+
+javax.servlet
+jsp-api
+2.0
+provided
+
+
+
+
+
+package
+struts2-cdi-example
+
+
+
+org.mortbay.jetty
+maven-jetty-plugin
+6.1.21
+
+10
+
+
+
+
+
Added:
struts/sandbox/trunk/struts2-cdi-example/src/main/java/org/apache/struts2/example/cdi/Game.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-cdi-example/src/main/java/org/apache/struts2/example/cdi/Game.java?rev=888088&view=auto
==
svn commit: r899917 - in /struts/sandbox/trunk/struts2-portlet2-plugin/src: main/java/org/apache/struts2/portlet/ main/java/org/apache/struts2/portlet/context/ main/java/org/apache/struts2/portlet/dis
Author: rgielen
Date: Sat Jan 16 10:45:49 2010
New Revision: 899917
URL: http://svn.apache.org/viewvc?rev=899917&view=rev
Log:
SB-111:
Event- and action phase handling was mixed up
Added:
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletConstants.java
- copied, changed from r899640,
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletContstants.java
Removed:
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletContstants.java
Modified:
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletActionConstants.java
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/context/PortletActionContext.java
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/dispatcher/Jsr168Dispatcher.java
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/dispatcher/Jsr286Dispatcher.java
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/interceptor/PortletStateInterceptor.java
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/servlet/PortletServletRequest.java
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/util/PortletUrlHelper.java
struts/sandbox/trunk/struts2-portlet2-plugin/src/test/java/org/apache/struts2/portlet/context/PortletActionContextTest.java
struts/sandbox/trunk/struts2-portlet2-plugin/src/test/java/org/apache/struts2/portlet/dispatcher/Jsr168DispatcherTest.java
struts/sandbox/trunk/struts2-portlet2-plugin/src/test/java/org/apache/struts2/portlet/interceptor/PortletStateInterceptorTest.java
struts/sandbox/trunk/struts2-portlet2-plugin/src/test/java/org/apache/struts2/portlet/result/PortletResultTest.java
struts/sandbox/trunk/struts2-portlet2-plugin/src/test/java/org/apache/struts2/portlet/util/PortletUrlHelperTest.java
Modified:
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletActionConstants.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletActionConstants.java?rev=899917&r1=899916&r2=899917&view=diff
==
---
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletActionConstants.java
(original)
+++
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletActionConstants.java
Sat Jan 16 10:45:49 2010
@@ -57,10 +57,10 @@
Integer RENDER_PHASE = new Integer(1);
/**
- * Constant used for the event phase (
+ * Constant used for the action phase (
* {...@link
javax.portlet.Portlet#processAction(javax.portlet.ActionRequest,
javax.portlet.ActionResponse)})
*/
-Integer EVENT_PHASE = new Integer(2);
+Integer ACTION_PHASE = new Integer(2);
/**
* Key used for looking up and storing the
Copied:
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletConstants.java
(from r899640,
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletContstants.java)
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletConstants.java?p2=struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletConstants.java&p1=struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletContstants.java&r1=899640&r2=899917&rev=899917&view=diff
==
---
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletContstants.java
(original)
+++
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/PortletConstants.java
Sat Jan 16 10:45:49 2010
@@ -2,7 +2,7 @@
import org.apache.struts2.portlet.dispatcher.DispatcherServlet;
-public class PortletContstants {
+public class PortletConstants {
/**
* Default action name to use when no default action has been configured
in the portlet
* init parameters.
Modified:
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/context/PortletActionContext.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/context/PortletActionContext.java?rev=899917&r1=899916&r2=899917&view=diff
==
---
struts/sandbox/trunk/struts2-portlet2-plugin/
svn commit: r918611 - in /struts/sandbox/trunk/struts2-cdi-plugin: pom.xml src/test/java/org/apache/struts2/cdi/CdiObjectFactoryTest.java src/test/java/org/apache/struts2/cdi/FooConsumer.java src/test
Author: rgielen
Date: Wed Mar 3 18:16:43 2010
New Revision: 918611
URL: http://svn.apache.org/viewvc?rev=918611&view=rev
Log:
- adjusted dependencies to Weld 1.0.1 Final
- removed bootstrap build for Weld-SE pre final
- fixed failing tests
- minor tests enhancements
Modified:
struts/sandbox/trunk/struts2-cdi-plugin/pom.xml
struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/CdiObjectFactoryTest.java
struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/FooConsumer.java
struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/FooService.java
Modified: struts/sandbox/trunk/struts2-cdi-plugin/pom.xml
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-cdi-plugin/pom.xml?rev=918611&r1=918610&r2=918611&view=diff
==
--- struts/sandbox/trunk/struts2-cdi-plugin/pom.xml (original)
+++ struts/sandbox/trunk/struts2-cdi-plugin/pom.xml Wed Mar 3 18:16:43 2010
@@ -10,10 +10,22 @@
struts2-cdi-plugin
+
-java.net
-java.net Repository
-http://download.java.net/maven/2
+jboss.oss.repositories
+JBoss Repositories group at Sontatype OSS Nexus
+http://oss.sonatype.org/content/groups/jboss/
+
+
+
+jboss
+http://repository.jboss.com/maven2
+
+true
+
+
+false
+
@@ -22,21 +34,29 @@
javax.enterprise
cdi-api
-1.0
+1.0-SP1
provided
org.jboss.weld
weld-core
-1.0.0
+1.0.1-Final
provided
+
org.jboss.weld
weld-se
-1.0.0-SNAPSHOT
+1.0.1-Final
test
@@ -63,33 +83,4 @@
-
-
-bootstrap
-
-
-
-org.apache.maven.plugins
-maven-scm-plugin
-1.0
-
-
-resolve-weld-se
-initialize
-
-bootstrap
-
-
-install
-
scm:svn:http://anonsvn.jboss.org/repos/weld/java-se/trunk
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
Modified:
struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/CdiObjectFactoryTest.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/CdiObjectFactoryTest.java?rev=918611&r1=918610&r2=918611&view=diff
==
---
struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/CdiObjectFactoryTest.java
(original)
+++
struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/CdiObjectFactoryTest.java
Wed Mar 3 18:16:43 2010
@@ -2,6 +2,8 @@
import org.jboss.weld.environment.se.StartMain;
import static org.junit.Assert.*;
+
+import org.jboss.weld.environment.se.WeldContainer;
import org.junit.Before;
import org.junit.Test;
import org.springframework.mock.jndi.SimpleNamingContextBuilder;
@@ -10,8 +12,6 @@
/**
* CdiObjectFactoryTest.
- *
- * @author Rene Gielen
*/
public class CdiObjectFactoryTest {
@@ -21,7 +21,8 @@
builder.activate();
StartMain sm = new StartMain(new String[0]);
-builder.bind(CdiObjectFactory.CDI_JNDIKEY_BEANMANAGER_COMP, sm.go());
+WeldContainer weldContainer = sm.go();
+builder.bind(CdiObjectFactory.CDI_JNDIKEY_BEANMANAGER_COMP,
weldContainer.getBeanManager());
}
@Test
@@ -34,6 +35,7 @@
final CdiObjectFactory cdiObjectFactory = new CdiObjectFactory();
FooConsumer fooConsumer = (FooConsumer)
cdiObjectFactory.buildBean(FooConsumer.class.getCanonicalName(), null, false);
assertNotNull(fooConsumer);
+assertNotNull(fooConsumer.fooService);
}
@Test public void testGetInjectionTarget() throws Exception {
Modified:
struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/FooConsumer.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-cdi-plugin/src/test/java/org/apache/struts2/cdi/FooConsumer.java?rev=918611&a
svn commit: r918612 - /struts/sandbox/trunk/struts2-cdi-plugin/pom.xml
Author: rgielen Date: Wed Mar 3 18:18:48 2010 New Revision: 918612 URL: http://svn.apache.org/viewvc?rev=918612&view=rev Log: debug comment removed Modified: struts/sandbox/trunk/struts2-cdi-plugin/pom.xml Modified: struts/sandbox/trunk/struts2-cdi-plugin/pom.xml URL: http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-cdi-plugin/pom.xml?rev=918612&r1=918611&r2=918612&view=diff == --- struts/sandbox/trunk/struts2-cdi-plugin/pom.xml (original) +++ struts/sandbox/trunk/struts2-cdi-plugin/pom.xml Wed Mar 3 18:18:48 2010 @@ -43,14 +43,6 @@ weld-core 1.0.1-Final provided -
svn commit: r985775 - in /struts/site/src/site: site.xml xdoc/announce-2009.xml xdoc/announce.xml xdoc/download.xml xdoc/downloads.xml xdoc/index.xml
Author: rgielen Date: Sun Aug 15 23:25:22 2010 New Revision: 985775 URL: http://svn.apache.org/viewvc?rev=985775&view=rev Log: Site updates for 2.2.1 release Added: struts/site/src/site/xdoc/announce-2009.xml Modified: struts/site/src/site/site.xml struts/site/src/site/xdoc/announce.xml struts/site/src/site/xdoc/download.xml struts/site/src/site/xdoc/downloads.xml struts/site/src/site/xdoc/index.xml Modified: struts/site/src/site/site.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/site.xml?rev=985775&r1=985774&r2=985775&view=diff == --- struts/site/src/site/site.xml (original) +++ struts/site/src/site/site.xml Sun Aug 15 23:25:22 2010 @@ -17,7 +17,7 @@ href="http://www.apache.org/"; /> http://struts.apache.org/2.1.8.1/index.html"; /> +href="http://struts.apache.org/2.2.1/index.html"; /> http://struts.apache.org/1.3.10/index.html"; /> @@ -63,8 +63,8 @@ name="Key Technologies" href="primer.html" /> http://struts.apache.org/2.1.8.1/index.html"; /> +name="Struts 2.2.1 (GA)" +href="http://struts.apache.org/2.2.1/index.html"; /> http://struts.apache.org/2.0.14/index.html"; /> Added: struts/site/src/site/xdoc/announce-2009.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/announce-2009.xml?rev=985775&view=auto == --- struts/site/src/site/xdoc/announce-2009.xml (added) +++ struts/site/src/site/xdoc/announce-2009.xml Sun Aug 15 23:25:22 2010 @@ -0,0 +1,87 @@ + + + + + + +Announcements + + + + + + +Skip to: Announcements - 2008 + + +16 November 2009 - Struts 2.1.8.1 General Availability Release + + The Apache Struts group is pleased to announce that Struts 2.1.8.1 is + available as a "General Availability" release. The GA designation is our + highest quality grade. + + + Apache Struts 2 is an elegant, extensible framework for creating + enterprise-ready Java web applications. The framework is designed to + streamline the full development cycle, from building, to deploying, to + maintaining applications over time. + + + This release is a significant upgrade. We have worked hard to improve + some of the trouble spots from 2.0. In particular, we are releasing a + new plugin for XML-free configuration called the Conventions Plugin. This + release also features the new REST and Javatemplates plugins. The + AJAX functionality has been moved to a plugin to improve maintainability. + Many bugs have been fixed for this release, see release notes for more + details. + + + Struts 2.0 will continue to be supported, but for new projects, we + suggest moving to Struts 2.1. + + + Struts 2.1.8.1 is available in a full distribution, or as separate + library, source, example and documentation distributions, from the + releases page. The release is also available through the central Maven + repository under Group ID "org.apache.struts". The release notes are + available online. + + + The 2.1.x series of the Apache Struts framework has a minimum + requirement of the following specification versions: Servlet API 2.4, + JSP API 2.0, and Java 5. + + + Should any issues arise with your use of any version of the Struts + framework, please post your comments to the user list, and, if + appropriate, file a tracking ticket. + + + + +Skip to: Announcements - 2008 + + + +Next: +Kickstart FAQ + + + + + Modified: struts/site/src/site/xdoc/announce.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/announce.xml?rev=985775&r1=985774&r2=985775&view=diff == --- struts/site/src/site/xdoc/announce.xml (original) +++ struts/site/src/site/xdoc/announce.xml Sun Aug 15 23:25:22 2010 @@ -26,12 +26,12 @@ limitations under the License. -Skip to: Anno
svn commit: r985779 - /struts/site/src/site/xdoc/index.xml
Author: rgielen Date: Sun Aug 15 23:34:29 2010 New Revision: 985779 URL: http://svn.apache.org/viewvc?rev=985779&view=rev Log: Site updates for 2.2.1 release (fix typos) Modified: struts/site/src/site/xdoc/index.xml Modified: struts/site/src/site/xdoc/index.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/index.xml?rev=985779&r1=985778&r2=985779&view=diff == --- struts/site/src/site/xdoc/index.xml (original) +++ struts/site/src/site/xdoc/index.xml Sun Aug 15 23:34:29 2010 @@ -73,7 +73,7 @@ limitations under the License. keeping the FilterDispatcher from serving built in static resources, and keeping conversion error messages from being displayed. All developers are strongly encouraged to update existing Struts 2.0.x applications -to at least to Struts 2.0.14. +to the latest available 2.2 version, or at least to Struts 2.0.14.
svn commit: r985822 - in /struts/site/src/site/xdoc: announce.xml index.xml
Author: rgielen Date: Mon Aug 16 08:02:45 2010 New Revision: 985822 URL: http://svn.apache.org/viewvc?rev=985822&view=rev Log: More link fixes due to wrong version homepage Modified: struts/site/src/site/xdoc/announce.xml struts/site/src/site/xdoc/index.xml Modified: struts/site/src/site/xdoc/announce.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/announce.xml?rev=985822&r1=985821&r2=985822&view=diff == --- struts/site/src/site/xdoc/announce.xml (original) +++ struts/site/src/site/xdoc/announce.xml Mon Aug 16 08:02:45 2010 @@ -59,7 +59,7 @@ limitations under the License. http://struts.apache.org/download.cgi#struts221";>releases page. The release is also available through the central Maven repository under Group ID "org.apache.struts". The - http://struts.apache.org/2.2.1/version-notes-221.html";>release notes + http://struts.apache.org/2.2.1/docs/version-notes-221.html";>release notes are available online. Modified: struts/site/src/site/xdoc/index.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/index.xml?rev=985822&r1=985821&r2=985822&view=diff == --- struts/site/src/site/xdoc/index.xml (original) +++ struts/site/src/site/xdoc/index.xml Mon Aug 16 08:02:45 2010 @@ -40,7 +40,11 @@ limitations under the License. http://struts.apache.org/download.cgi#struts221";>Struts 2.2.1, which was promoted to "General Availability" (or "Ready for Primetime") on 16 Aug 2010. -Struts 2.2.1 includes important security fixes. All developers are strongly +The http://struts.apache.org/2.2.1/docs/version-notes-221.html";>release notes +are available online. + + +Struts 2.2.1 includes http://struts.apache.org/2.2.1/docs/s2-005.html";>important security fixes. All developers are strongly encouraged to update existing Struts 2 applications to Struts 2.2.1.
svn commit: r1087987 - in /struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/util: PortletUrlHelper.java PortletUrlHelperJSR286.java
Author: rgielen
Date: Sat Apr 2 10:00:30 2011
New Revision: 1087987
URL: http://svn.apache.org/viewvc?rev=1087987&view=rev
Log:
- Ignore mode namespace for serveResource-URLS, since there is no mode context
for this type of URL
- refactored out some constants
Modified:
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/util/PortletUrlHelper.java
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/util/PortletUrlHelperJSR286.java
Modified:
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/util/PortletUrlHelper.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/util/PortletUrlHelper.java?rev=1087987&r1=1087986&r2=1087987&view=diff
==
---
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/util/PortletUrlHelper.java
(original)
+++
struts/sandbox/trunk/struts2-portlet2-plugin/src/main/java/org/apache/struts2/portlet/util/PortletUrlHelper.java
Sat Apr 2 10:00:30 2011
@@ -57,6 +57,13 @@ public class PortletUrlHelper {
private static final Logger LOG =
LoggerFactory.getLogger(PortletUrlHelper.class);
+protected static final String PORTLETMODE_NAME_EDIT = "edit";
+protected static final String PORTLETMODE_NAME_VIEW = "view";
+protected static final String PORTLETMODE_NAME_HELP = "help";
+
+protected static final String URLTYPE_NAME_ACTION = "action";
+protected static final String URLTYPE_NAME_RESOURCE = "resource";
+
/**
* Create a portlet URL with for the specified action and namespace.
*
@@ -87,7 +94,7 @@ public class PortletUrlHelper {
PortletRequest request = PortletActionContext.getRequest();
LOG.debug("Creating url. Action = " + action + ", Namespace = "
+ namespace + ", Type = " + type);
-namespace = prependNamespace(namespace, portletMode);
+namespace = prependNamespace(namespace, portletMode,
!URLTYPE_NAME_RESOURCE.equalsIgnoreCase(type));
if (StringUtils.isEmpty(portletMode)) {
portletMode =
PortletActionContext.getRequest().getPortletMode().toString();
}
@@ -142,7 +149,7 @@ public class PortletUrlHelper {
protected Object createUrl( String scheme, String type, Map portletParams ) {
RenderResponse response = PortletActionContext.getRenderResponse();
PortletURL url;
-if ("action".equalsIgnoreCase(type)) {
+if (URLTYPE_NAME_ACTION.equalsIgnoreCase(type)) {
if (LOG.isDebugEnabled()) LOG.debug("Creating action url");
url = response.createActionURL();
}
@@ -164,23 +171,32 @@ public class PortletUrlHelper {
}
/**
- *
* Prepend the namespace configuration for the specified namespace and
PortletMode.
*
- * @param namespace The base namespace.
- * @param portletMode The PortletMode.
- *
+ * @param namespaceThe base namespace.
+ * @param portletMode The PortletMode.
+ * @param prependModeNamespace In JSR286, the new URL type resource was
added, which does not operate in the context
+ * of a portlet mode. If the URL to create is
of type resource, this parameter should be
+ * set to false. Set it to true in any other
case.
* @return prepended namespace.
*/
-private String prependNamespace(String namespace, String portletMode) {
+private String prependNamespace(String namespace, String portletMode,
boolean prependModeNamespace) {
StringBuffer sb = new StringBuffer();
-PortletMode mode = PortletActionContext.getRequest().getPortletMode();
-if(StringUtils.isNotEmpty(portletMode)) {
-mode = new PortletMode(portletMode);
+String modeNamespace;
+if (prependModeNamespace) {
+PortletMode mode =
PortletActionContext.getRequest().getPortletMode();
+if(StringUtils.isNotEmpty(portletMode)) {
+mode = new PortletMode(portletMode);
+}
+modeNamespace =
(String)PortletActionContext.getModeNamespaceMap().get(mode);
+} else {
+modeNamespace = null;
}
String portletNamespace = PortletActionContext.getPortletNamespace();
-String modeNamespace =
(String)PortletActionContext.getModeNamespaceMap().get(mode);
-if (LOG.isDebugEnabled()) LOG.debug("PortletNamespace: " +
portletNamespace + ", modeNamespace: " + modeNamespace);
+if (LOG.isDebugEnabled()) {
+LOG.debug("PortletNamespace: " + portletNamespace + ",
mod
svn commit: r1094453 - /struts/sandbox/trunk/struts2-portlet2-plugin/pom.xml
Author: rgielen Date: Mon Apr 18 10:13:15 2011 New Revision: 1094453 URL: http://svn.apache.org/viewvc?rev=1094453&view=rev Log: SB-112: - change parent dependency to latest trunk version 2.3.1-SNAPSHOT - fix jsp-api scope from test to provided Slightly modified from Jason Pyeron's initial patch - thanks Modified: struts/sandbox/trunk/struts2-portlet2-plugin/pom.xml Modified: struts/sandbox/trunk/struts2-portlet2-plugin/pom.xml URL: http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-portlet2-plugin/pom.xml?rev=1094453&r1=1094452&r2=1094453&view=diff == --- struts/sandbox/trunk/struts2-portlet2-plugin/pom.xml (original) +++ struts/sandbox/trunk/struts2-portlet2-plugin/pom.xml Mon Apr 18 10:13:15 2011 @@ -20,7 +20,7 @@ org.apache.struts struts2-plugins - 2.3-SNAPSHOT + 2.3.1-SNAPSHOT org.apache.struts struts2-portlet2-plugin @@ -59,7 +59,7 @@ javax.servlet.jsp jsp-api 2.1 - test + provided
svn commit: r1095964 - in /struts/struts2/trunk/core/src: main/java/org/apache/struts2/components/ main/java/org/apache/struts2/components/template/ test/java/org/apache/struts2/components/template/
Author: rgielen
Date: Fri Apr 22 17:13:41 2011
New Revision: 1095964
URL: http://svn.apache.org/viewvc?rev=1095964&view=rev
Log:
WW-3612:
Fixed missing handling of file encoding for JSP includes, e.g. for Component tag
Added:
struts/struts2/trunk/core/src/test/java/org/apache/struts2/components/template/JspTemplateEngineTest.java
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/Include.java
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/template/JspTemplateEngine.java
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/Include.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/Include.java?rev=1095964&r1=1095963&r2=1095964&view=diff
==
---
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/Include.java
(original)
+++
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/Include.java
Fri Apr 22 17:13:41 2011
@@ -57,7 +57,7 @@ import com.opensymphony.xwork2.util.logg
* Include a servlet's output (result of servlet or a JSP page).
* Note: Any additional params supplied to the included page are not
* accessible within the rendered page through the <s:property...> tag
- * since no valuestack will be created. You can, however, access them in a
+ * since no valuestack will be created. You can, however, access them in a
* servlet via the HttpServletRequest object or from a JSP page via
* a scriptlet.
*
@@ -103,8 +103,7 @@ public class Include extends Component {
private static final Logger LOG = LoggerFactory.getLogger(Include.class);
-private static String encoding;
-private static boolean encodingDefined = true;
+private static String systemEncoding = System.getProperty("file.encoding");
protected String value;
private HttpServletRequest req;
@@ -163,7 +162,7 @@ public class Include extends Component {
// Include
try {
-include(result, writer, req, res);
+include(result, writer, req, res, defaultEncoding);
} catch (Exception e) {
LOG.warn("Exception thrown during include of " + result, e);
}
@@ -240,8 +239,32 @@ public class Include extends Component {
}
}
-public static void include(String aResult, Writer writer, ServletRequest
request, HttpServletResponse response) throws ServletException, IOException {
-String resourcePath = getContextRelativePath(request, aResult);
+/**
+ * @deprecated use {@link #include(String, java.io.Writer,
javax.servlet.ServletRequest,
+ * javax.servlet.http.HttpServletResponse, String)} instead
with correct encoding specified
+ */
+public static void include( String relativePath, Writer writer,
ServletRequest request,
+HttpServletResponse response ) throws
ServletException, IOException {
+include(relativePath, writer, request, response, null);
+}
+
+/**
+ * Include a resource in a response.
+ *
+ * @param relativePath the relative path of the resource to include;
resolves to {@link #getContextRelativePath(javax.servlet.ServletRequest,
+ * String)}
+ * @param writer the Writer to write output to
+ * @param request the current request
+ * @param response the response to write to
+ * @param encoding the file encoding to use for including the
resource; if null, it will default to the
+ * platform encoding
+ *
+ * @throws ServletException
+ * @throws IOException
+ */
+public static void include( String relativePath, Writer writer,
ServletRequest request,
+HttpServletResponse response, String encoding
) throws ServletException, IOException {
+String resourcePath = getContextRelativePath(request, relativePath);
RequestDispatcher rd = request.getRequestDispatcher(resourcePath);
if (rd == null) {
@@ -251,51 +274,18 @@ public class Include extends Component {
PageResponse pageResponse = new PageResponse(response);
// Include the resource
-rd.include((HttpServletRequest) request, pageResponse);
-
-//write the response back to the JspWriter, using the correct encoding.
-String encoding = getEncoding();
+rd.include(request, pageResponse);
if (encoding != null) {
-//use the encoding specified in the property file
+// Use given encoding
pageResponse.getContent().writeTo(writer, encoding);
} else {
//use the platform specific encoding
-pageResponse.getContent().writeTo(writer, null);
+pageRespo
svn commit: r1096118 - /struts/struts2/trunk/core/src/test/java/org/apache/struts2/components/template/JspTemplateEngineTest.java
Author: rgielen
Date: Sat Apr 23 07:46:43 2011
New Revision: 1096118
URL: http://svn.apache.org/viewvc?rev=1096118&view=rev
Log:
code cleanup
Modified:
struts/struts2/trunk/core/src/test/java/org/apache/struts2/components/template/JspTemplateEngineTest.java
Modified:
struts/struts2/trunk/core/src/test/java/org/apache/struts2/components/template/JspTemplateEngineTest.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/test/java/org/apache/struts2/components/template/JspTemplateEngineTest.java?rev=1096118&r1=1096117&r2=1096118&view=diff
==
---
struts/struts2/trunk/core/src/test/java/org/apache/struts2/components/template/JspTemplateEngineTest.java
(original)
+++
struts/struts2/trunk/core/src/test/java/org/apache/struts2/components/template/JspTemplateEngineTest.java
Sat Apr 23 07:46:43 2011
@@ -2,16 +2,11 @@ package org.apache.struts2.components.te
import org.apache.struts2.StrutsTestCase;
-/**
- * JspTemplateEngineTest.
- *
- * @author Rene Gielen
- */
public class JspTemplateEngineTest extends StrutsTestCase {
- public void testEncodingGetsInjected() throws Exception {
- JspTemplateEngine jspTemplateEngine = new JspTemplateEngine();
- container.inject(jspTemplateEngine);
- assertNotNull(jspTemplateEngine.encoding);
- }
+public void testEncodingGetsInjected() throws Exception {
+JspTemplateEngine jspTemplateEngine = new JspTemplateEngine();
+container.inject(jspTemplateEngine);
+assertNotNull(jspTemplateEngine.encoding);
+}
}
svn commit: r1143313 - in /struts/site: pom.xml src/site/resources/images/struts.gif
Author: rgielen
Date: Wed Jul 6 09:29:13 2011
New Revision: 1143313
URL: http://svn.apache.org/viewvc?rev=1143313&view=rev
Log:
- added 2.3 DTD to site build
- added "TM" to logo as required by Apache trademark policy
Modified:
struts/site/pom.xml
struts/site/src/site/resources/images/struts.gif
Modified: struts/site/pom.xml
URL:
http://svn.apache.org/viewvc/struts/site/pom.xml?rev=1143313&r1=1143312&r2=1143313&view=diff
==
--- struts/site/pom.xml (original)
+++ struts/site/pom.xml Wed Jul 6 09:29:13 2011
@@ -121,6 +121,9 @@
http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/resources/struts-2.1.7.dtd";
dest="${project.build.directory}/site/dtds/struts-2.1.7.dtd"
ignoreerrors="true"/>
+http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/resources/struts-2.3.dtd";
+
dest="${project.build.directory}/site/dtds/struts-2.3.dtd"
+ ignoreerrors="true"/>
Modified: struts/site/src/site/resources/images/struts.gif
URL:
http://svn.apache.org/viewvc/struts/site/src/site/resources/images/struts.gif?rev=1143313&r1=1143312&r2=1143313&view=diff
==
Binary files - no diff available.
svn commit: r1143683 - in /struts/site: pom.xml src/site/resources/doap_Struts.rdf src/site/site.xml src/site/xdoc/download.xml src/site/xdoc/downloads.xml src/site/xdoc/index.xml src/site/xdoc/securi
Author: rgielen Date: Thu Jul 7 07:14:47 2011 New Revision: 1143683 URL: http://svn.apache.org/viewvc?rev=1143683&view=rev Log: - more branding related updates, see http://www.apache.org/foundation/marks/pmcs Modified: struts/site/pom.xml struts/site/src/site/resources/doap_Struts.rdf struts/site/src/site/site.xml struts/site/src/site/xdoc/download.xml struts/site/src/site/xdoc/downloads.xml struts/site/src/site/xdoc/index.xml struts/site/src/site/xdoc/security.xml Modified: struts/site/pom.xml URL: http://svn.apache.org/viewvc/struts/site/pom.xml?rev=1143683&r1=1143682&r2=1143683&view=diff == --- struts/site/pom.xml (original) +++ struts/site/pom.xml Thu Jul 7 07:14:47 2011 @@ -82,7 +82,7 @@ maven-site-plugin -2.2 +2.3 maven-antrun-plugin Modified: struts/site/src/site/resources/doap_Struts.rdf URL: http://svn.apache.org/viewvc/struts/site/src/site/resources/doap_Struts.rdf?rev=1143683&r1=1143682&r2=1143683&view=diff == --- struts/site/src/site/resources/doap_Struts.rdf (original) +++ struts/site/src/site/resources/doap_Struts.rdf Thu Jul 7 07:14:47 2011 @@ -20,7 +20,7 @@ http://struts.apache.org"; /> http://struts.apache.org"; /> Apache Struts is a free open-source framework for creating Java web applications. -The Apache Struts Project offers two major versions of the Struts framework. Struts 1 is recognized as the most popular web application framework for Java. Struts 1 is the best choice for teams who value proven solutions to common problems. Struts 2 was originally known as WebWork 2. The 2.x framework is the best choice for teams who value elegant solutions to difficult problems. +The Apache Struts Project offers two major versions of the the Apache Struts web framework. Struts 1 is recognized as the most popular web application framework for Java. Struts 1 is the best choice for teams who value proven solutions to common problems. Struts 2 was originally known as WebWork 2. The 2.x framework is the best choice for teams who value elegant solutions to difficult problems. http://issues.apache.org/struts/"; /> http://struts.apache.org/mail.html"; /> http://struts.apache.org/downloads.html"; /> Modified: struts/site/src/site/site.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/site.xml?rev=1143683&r1=1143682&r2=1143683&view=diff == --- struts/site/src/site/site.xml (original) +++ struts/site/src/site/site.xml Thu Jul 7 07:14:47 2011 @@ -38,6 +38,10 @@ href="announce.html" /> http://www.apache.org/licenses/"; +/> + Modified: struts/site/src/site/xdoc/download.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/download.xml?rev=1143683&r1=1143682&r2=1143683&view=diff == --- struts/site/src/site/xdoc/download.xml (original) +++ struts/site/src/site/xdoc/download.xml Thu Jul 7 07:14:47 2011 @@ -28,6 +28,11 @@ limitations under the License. +The Apache Struts web framework is a free open-source solution for creating +Java web applications. + + + Use the links below to download a release of Apache Struts from one of our mirrors. You can verify the integrity Modified: struts/site/src/site/xdoc/downloads.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/downloads.xml?rev=1143683&r1=1143682&r2=1143683&view=diff == --- struts/site/src/site/xdoc/downloads.xml (original) +++ struts/site/src/site/xdoc/downloads.xml Thu Jul 7 07:14:47 2011 @@ -27,6 +27,11 @@ limitations under the License. +The Apache Struts web framework is a free open-source solution for creating +Java web applications. + + + Releases of the Apache Struts framework are made available to the general public at no charge, under the Modified: struts/site/src/site/xdoc/index.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/index.xml?rev=1143683&r1=1143682&r2=1143683&view=diff == --- struts/site/src/site/xdoc/index.xml (original) +++ struts/site/src/site/x
svn commit: r1147982 - /struts/site/src/site/xdoc/dev/volunteers.xml
Author: rgielen Date: Mon Jul 18 17:33:08 2011 New Revision: 1147982 URL: http://svn.apache.org/viewvc?rev=1147982&view=rev Log: Added Phil to the PMC listing Modified: struts/site/src/site/xdoc/dev/volunteers.xml Modified: struts/site/src/site/xdoc/dev/volunteers.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/dev/volunteers.xml?rev=1147982&r1=1147981&r2=1147982&view=diff == --- struts/site/src/site/xdoc/dev/volunteers.xml (original) +++ struts/site/src/site/xdoc/dev/volunteers.xml Mon Jul 18 17:33:08 2011 @@ -131,6 +131,10 @@ limitations under the License. Lukasz Lenart (lukaszlenart at apache.org) + +Philip Luppens +(phil at apache.org) + @@ -156,10 +160,6 @@ limitations under the License. (ddewolf at apache.org) -Philip Luppens -(phil at apache.org) - - Tom Schneider (tschneider at apache.org)
svn commit: r1162480 - /struts/site/src/site/fml/helping.fml
Author: rgielen Date: Sun Aug 28 06:04:54 2011 New Revision: 1162480 URL: http://svn.apache.org/viewvc?rev=1162480&view=rev Log: Link to coding convention as requested and initiated by Christian Grobmeier Modified: struts/site/src/site/fml/helping.fml Modified: struts/site/src/site/fml/helping.fml URL: http://svn.apache.org/viewvc/struts/site/src/site/fml/helping.fml?rev=1162480&r1=1162479&r2=1162480&view=diff == --- struts/site/src/site/fml/helping.fml (original) +++ struts/site/src/site/fml/helping.fml Sun Aug 28 06:04:54 2011 @@ -250,6 +250,14 @@ limitations under the License. +Please be aware that the Struts project follows general coding +conventions. In short, these are the official Java coding conventions +plus the rule to favor spaces over tabs for indenting. See more +details at https://cwiki.apache.org/confluence/display/S2WIKI/Struts+2+Coding+Conventions";> +Struts 2 Coding Conventions (Wiki) + + + To create a patch, you first have to checkout
svn commit: r1210473 - /struts/site/src/site/xdoc/dev/volunteers.xml
Author: rgielen Date: Mon Dec 5 14:26:22 2011 New Revision: 1210473 URL: http://svn.apache.org/viewvc?rev=1210473&view=rev Log: Added Christian Grobmeier to the committers list Modified: struts/site/src/site/xdoc/dev/volunteers.xml Modified: struts/site/src/site/xdoc/dev/volunteers.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/dev/volunteers.xml?rev=1210473&r1=1210472&r2=1210473&view=diff == --- struts/site/src/site/xdoc/dev/volunteers.xml (original) +++ struts/site/src/site/xdoc/dev/volunteers.xml Mon Dec 5 14:26:22 2011 @@ -191,7 +191,11 @@ limitations under the License. Johannes Geppert (jogep at apache.org) - + +Christian Grobmeier +(grobmeier at apache.org) + +
svn commit: r1220536 - in /struts/site/src/site: site.xml xdoc/announce.xml xdoc/download.xml xdoc/downloads.xml xdoc/index.xml
Author: rgielen Date: Sun Dec 18 20:53:49 2011 New Revision: 1220536 URL: http://svn.apache.org/viewvc?rev=1220536&view=rev Log: Update site according to End Of Life for Struts 2.0.14 Modified: struts/site/src/site/site.xml struts/site/src/site/xdoc/announce.xml struts/site/src/site/xdoc/download.xml struts/site/src/site/xdoc/downloads.xml struts/site/src/site/xdoc/index.xml Modified: struts/site/src/site/site.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/site.xml?rev=1220536&r1=1220535&r2=1220536&view=diff == --- struts/site/src/site/site.xml (original) +++ struts/site/src/site/site.xml Sun Dec 18 20:53:49 2011 @@ -71,9 +71,6 @@ name="Struts 2.3.1 (GA)" href="http://struts.apache.org/2.3.1/index.html"; /> http://struts.apache.org/2.0.14/index.html"; /> -http://struts.apache.org/1.3.10/index.html"; /> http://svn.apache.org/viewvc/struts/site/src/site/xdoc/announce.xml?rev=1220536&r1=1220535&r2=1220536&view=diff == --- struts/site/src/site/xdoc/announce.xml (original) +++ struts/site/src/site/xdoc/announce.xml Sun Dec 18 20:53:49 2011 @@ -29,6 +29,29 @@ limitations under the License. Skip to: Announcements - 2010 +18 December 2011 - Struts 2.0.14 End of Life Announcement + +The Apache Struts Team likes to inform you that the Struts 2.0 branch has reached it's end of life +and is no longer supported. All users of Struts 2.0.14 or earlier Struts 2 versions are strongly +advised to update their existing applications to Struts 2.3.x. + + +Struts 2.0.14 was for some time maintained in parallel to the 2.1 and 2.2 branches, since Struts 2.1 +introduced some API and plugin changes that were likely to break existing user code on top of Struts 2. +However, the community interest in maintaining the Struts 2.0.x branch was not strong enough to +keep it sufficiently up to date, especially in terms of security fixes. There are several serious +security problems that, while being continuously addressed in later Struts 2 versions, did not make +it into the 2.0.x branch. For that reason the Apache Struts PMC decided to remove 2.0.14 as a supported +version. + + +For more information on how to upgrade existing applications running on top of Struts 2.0.x to +Struts 2.1 and later, please read the +https://cwiki.apache.org/S2WIKI/troubleshooting-guide-migrating-from-struts-20x-to-21x.html";> +Guide to migrating from Struts 2.0.x to 2.1.x. + + + 12 December 2011 - Struts 2.3.1 General Availability Release The Apache Struts group is pleased to announce that Struts 2.3.1 is @@ -42,15 +65,19 @@ limitations under the License. maintaining applications over time. - Two main new futures are: + Some new futures are: - New Portlet 2 plugin replaced the one Portlet plugin + New Portlet 2.0 (JSR 286) plugin replaced the Portlet 1.0 (JSR 168) plugin New CDI plugin was added to allow use CDI (JavaEE 6) as an Object Factory in Struts 2 + + The dependencies of the Struts2-Spring plugin were upgraded from Spring 2.5 to 3.0 + + Besides that, various other bug fixes, improvements and security enhancements have been incorporated. All developers are strongly advised to update existing Struts 2 applications Modified: struts/site/src/site/xdoc/download.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/download.xml?rev=1220536&r1=1220535&r2=1220536&view=diff == --- struts/site/src/site/xdoc/download.xml (original) +++ struts/site/src/site/xdoc/download.xml Sun Dec 18 20:53:49 2011 @@ -164,95 +164,6 @@ limitations under the License. - - - - - http://struts.apache.org/2.0.14/";>Apache Struts 2 - is an elegant, extensible framework - for creating enterprise-ready Java web applications. - It is available in a full distribution, or as - separate library, source, example and documentation -
svn commit: r1220549 - /struts/site/src/site/site.xml
Author: rgielen Date: Sun Dec 18 21:25:43 2011 New Revision: 1220549 URL: http://svn.apache.org/viewvc?rev=1220549&view=rev Log: Add footer to re-fix Apache trademark requirements Modified: struts/site/src/site/site.xml Modified: struts/site/src/site/site.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/site.xml?rev=1220549&r1=1220548&r2=1220549&view=diff == --- struts/site/src/site/site.xml (original) +++ struts/site/src/site/site.xml Sun Dec 18 21:25:43 2011 @@ -1,5 +1,8 @@ - +http://maven.apache.org/DECORATION/1.1.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/DECORATION/1.1.0 http://maven.apache.org/xsd/decoration-1.1.0.xsd + http://maven.apache.org/DECORATION/1.1.0 "> Apache Software Foundation @@ -218,5 +221,6 @@ +© 2005-2011 The Apache Software Foundation - Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts project logos are trademarks of The Apache Software Foundation.
svn commit: r1236399 - /struts/site/src/site/xdoc/index.xml
Author: rgielen Date: Thu Jan 26 21:38:33 2012 New Revision: 1236399 URL: http://svn.apache.org/viewvc?rev=1236399&view=rev Log: Only the latest release should be featured, epecially when there is a strong recommendation to use older versions any more for security reasons Modified: struts/site/src/site/xdoc/index.xml Modified: struts/site/src/site/xdoc/index.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/index.xml?rev=1236399&r1=1236398&r2=1236399&view=diff == --- struts/site/src/site/xdoc/index.xml (original) +++ struts/site/src/site/xdoc/index.xml Thu Jan 26 21:38:33 2012 @@ -45,32 +45,6 @@ limitations under the License. - - - - -The latest production release of Struts 2 is -http://struts.apache.org/download.cgi#struts2311";>Struts 2.3.1.1, -which was promoted to "General Availability" -(or "Ready for Primetime") on 25 December 2011. -The http://struts.apache.org/2.x/docs/version-notes-2311.html";>release notes -are available online. - - - - - - - -The latest production release of Struts 2 is -http://struts.apache.org/download.cgi#struts231";>Struts 2.3.1, -which was promoted to "General Availability" -(or "Ready for Primetime") on 12 December 2011. -The http://struts.apache.org/2.3.1/docs/version-notes-231.html";>release notes -are available online. - - -
svn commit: r1290827 - in /struts/struts2/trunk/apps: portlet/src/main/webapp/WEB-INF/view/ rest-showcase/src/main/webapp/WEB-INF/content/ showcase/src/main/webapp/ajax/ showcase/src/main/webapp/ajax/
Author: rgielen
Date: Sat Feb 18 17:44:04 2012
New Revision: 1290827
URL: http://svn.apache.org/viewvc?rev=1290827&view=rev
Log:
WW-3757
Show how to produce sanitized output of user inputted data
Modified:
struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel2Submit.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel3Submit.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/chat/showRoom.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/chat/usersAvailable.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/continuations/guess.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/person/list-people.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/actionPrefix.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/methodPrefix.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/redirectActionPrefix.ftl
Modified:
struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==
---
struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl
(original)
+++
struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl
Sat Feb 18 17:44:04 2012
@@ -1,3 +1,3 @@
-Hello from FreeMarker, ${firstName} ${lastName}!
+Hello from FreeMarker, ${firstName?html} ${lastName?html}!
">Back to front page
Modified:
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp?rev=1290827&r1=1290826&r2=1290827&view=diff
==
---
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp
(original)
+++
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp
Sat Feb 18 17:44:04 2012
@@ -20,8 +20,8 @@
${id}
-${clientName}
-${amount}
+
+
View |
Edit |
Delete
Modified:
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp?rev=1290827&r1=1290826&r2=1290827&view=diff
==
---
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp
(original)
+++
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp
Sat Feb 18 17:44:04 2012
@@ -1,7 +1,9 @@
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
-
+
+<%@taglib prefix="s" uri="/struts-tags" %>
+
http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
Order ${id}
@@ -14,11 +16,11 @@
Client
-${clientName}
+
Amount
-${amount}
+
Back to Orders
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==
--- struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl
(original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl Sat Feb
18 17:44:04 2012
@@ -1,5 +1,5 @@
[
<#list options as option>
- ["${option}"],
+ ["${option?html}"],
]
\ No newline at end of file
Modified:
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl?rev=1290827&r1=1290826&r2=1290827&v
svn commit: r1290994 - in /struts/struts2/trunk/apps/showcase/src/main: java/org/apache/struts2/showcase/source/ViewSourceAction.java webapp/viewSource.jsp
Author: rgielen
Date: Sun Feb 19 12:51:44 2012
New Revision: 1290994
URL: http://svn.apache.org/viewvc?rev=1290994&view=rev
Log:
WW-3757
Show how to produce sanitized output of user inputted data
Modified:
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
struts/struts2/trunk/apps/showcase/src/main/webapp/viewSource.jsp
Modified:
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java?rev=1290994&r1=1290993&r2=1290994&view=diff
==
---
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
(original)
+++
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
Sun Feb 19 12:51:44 2012
@@ -59,7 +59,7 @@ public class ViewSourceAction extends Ac
public String execute() throws MalformedURLException, IOException {
-if (page != null && page.trim().length() > 0) {
+if (page != null) {
InputStream in =
ClassLoaderUtil.getResourceAsStream(page.substring(page.indexOf("//")+1),
getClass());
page = page.replace("//", "/");
@@ -78,7 +78,7 @@ public class ViewSourceAction extends Ac
}
}
-if (className != null && className.trim().length() > 0) {
+if (className != null) {
className = "/"+className.replace('.', '/') + ".java";
InputStream in = getClass().getResourceAsStream(className);
if (in == null) {
@@ -93,7 +93,7 @@ public class ViewSourceAction extends Ac
String rootPath =
ServletActionContext.getServletContext().getRealPath("/");
-if (config != null && config.trim().length() > 0 && (rootPath == null
|| config.startsWith(rootPath))) {
+if (config != null && (rootPath == null ||
config.startsWith(rootPath))) {
int pos = config.lastIndexOf(':');
configLine = Integer.parseInt(config.substring(pos+1));
config = config.substring(0, pos).replace("//", "/");
@@ -107,21 +107,27 @@ public class ViewSourceAction extends Ac
* @param className the className to set
*/
public void setClassName(String className) {
-this.className = className;
+if (className != null && className.trim().length()>0) {
+this.className = className;
+}
}
/**
* @param config the config to set
*/
public void setConfig(String config) {
-this.config = config;
+if (config != null && config.trim().length()>0) {
+this.config = config;
+}
}
/**
* @param page the page to set
*/
public void setPage(String page) {
-this.page = page;
+if (page != null && page.trim().length()>0) {
+this.page = page;
+}
}
/**
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/viewSource.jsp
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/viewSource.jsp?rev=1290994&r1=1290993&r2=1290994&view=diff
==
--- struts/struts2/trunk/apps/showcase/src/main/webapp/viewSource.jsp (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/viewSource.jsp Sun Feb
19 12:51:44 2012
@@ -11,14 +11,14 @@
-${empty page ? "Unknown page" : page}
+
${row.count}:
-${empty config ? "Unknown configuration" : config}
+
@@ -27,7 +27,7 @@ ${configLine - padding + row.count - 1}:
-${empty className ? "Unknown or unavailable Action class" :
className}
+
${row.count}:
svn commit: r1294413 - /struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/inject/ContainerImpl.java
Author: rgielen
Date: Tue Feb 28 00:28:57 2012
New Revision: 1294413
URL: http://svn.apache.org/viewvc?rev=1294413&view=rev
Log:
Simple code reformatting, no actual change.
Modified:
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/inject/ContainerImpl.java
Modified:
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/inject/ContainerImpl.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/inject/ContainerImpl.java?rev=1294413&r1=1294412&r2=1294413&view=diff
==
---
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/inject/ContainerImpl.java
(original)
+++
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/inject/ContainerImpl.java
Tue Feb 28 00:28:57 2012
@@ -28,594 +28,602 @@ import java.security.AccessControlExcept
/**
* Default {@link Container} implementation.
*
- * @see ContainerBuilder
* @author crazy...@google.com (Bob Lee)
+ * @see ContainerBuilder
*/
class ContainerImpl implements Container {
- final Map, InternalFactory> factories;
- final Map,Set> factoryNamesByType;
+ final Map, InternalFactory> factories;
+ final Map, Set> factoryNamesByType;
- ContainerImpl(Map, InternalFactory> factories) {
-this.factories = factories;
-Map,Set> map = new HashMap,Set>();
-for (Key key : factories.keySet()) {
- Set names = map.get(key.getType());
- if (names == null) {
-names = new HashSet();
-map.put(key.getType(), names);
- }
- names.add(key.getName());
-}
-
-for (Entry,Set> entry : map.entrySet()) {
- entry.setValue(Collections.unmodifiableSet(entry.getValue()));
-}
-
-this.factoryNamesByType = Collections.unmodifiableMap(map);
- }
-
- @SuppressWarnings("unchecked")
- InternalFactory getFactory(Key key) {
-return (InternalFactory) factories.get(key);
- }
-
- /**
- * Field and method injectors.
- */
- final Map, List> injectors =
- new ReferenceCache, List>() {
-@Override
-protected List create(Class key) {
- List injectors = new ArrayList();
- addInjectors(key, injectors);
- return injectors;
-}
- };
-
- /**
- * Recursively adds injectors for fields and methods from the given class to
- * the given list. Injects parent classes before sub classes.
- */
- void addInjectors(Class clazz, List injectors) {
-if (clazz == Object.class) {
- return;
-}
-
-// Add injectors for superclass first.
-addInjectors(clazz.getSuperclass(), injectors);
-
-// TODO (crazybob): Filter out overridden members.
-addInjectorsForFields(clazz.getDeclaredFields(), false, injectors);
-addInjectorsForMethods(clazz.getDeclaredMethods(), false, injectors);
- }
-
- void injectStatics(List> staticInjections) {
-final List injectors = new ArrayList();
-
-for (Class clazz : staticInjections) {
- addInjectorsForFields(clazz.getDeclaredFields(), true, injectors);
- addInjectorsForMethods(clazz.getDeclaredMethods(), true, injectors);
-}
-
-callInContext(new ContextualCallable() {
- public Void call(InternalContext context) {
-for (Injector injector : injectors) {
- injector.inject(context, null);
-}
-return null;
- }
-});
- }
-
- void addInjectorsForMethods(Method[] methods, boolean statics,
- List injectors) {
-addInjectorsForMembers(Arrays.asList(methods), statics, injectors,
-new InjectorFactory() {
- public Injector create(ContainerImpl container, Method method,
- String name) throws MissingDependencyException {
-return new MethodInjector(container, method, name);
- }
-});
- }
-
- void addInjectorsForFields(Field[] fields, boolean statics,
- List injectors) {
-addInjectorsForMembers(Arrays.asList(fields), statics, injectors,
-new InjectorFactory() {
- public Injector create(ContainerImpl container, Field field,
- String name) throws MissingDependencyException {
-return new FieldInjector(container, field, name);
- }
-});
- }
-
- void addInjectorsForMembers(
- List members, boolean statics, List injectors,
- InjectorFactory injectorFactory) {
-for (M member : members) {
- if (isStatic(member) == statics) {
-Inject inject = member.getAnnotation(Inject.class);
-if (inject != null) {
- try {
-injectors.add(injectorFactory.create(this, member,
inject.value()));
- } catch (MissingDependencyException e) {
-if (inject.required()) {
- throw new DependencyException(e);
-}
- }
-}
- }
-}
- }
-
- interface Inject
svn commit: r1294420 - /struts/struts2/trunk/plugins/cdi/src/main/java/org/apache/struts2/cdi/CdiObjectFactory.java
Author: rgielen
Date: Tue Feb 28 00:35:04 2012
New Revision: 1294420
URL: http://svn.apache.org/viewvc?rev=1294420&view=rev
Log:
WW-3767:
- added support for servlet container JNDI lookup key java:comp/env/BeanManager
- added support for custom configuration constant to override standard lookup
Modified:
struts/struts2/trunk/plugins/cdi/src/main/java/org/apache/struts2/cdi/CdiObjectFactory.java
Modified:
struts/struts2/trunk/plugins/cdi/src/main/java/org/apache/struts2/cdi/CdiObjectFactory.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/plugins/cdi/src/main/java/org/apache/struts2/cdi/CdiObjectFactory.java?rev=1294420&r1=1294419&r2=1294420&view=diff
==
---
struts/struts2/trunk/plugins/cdi/src/main/java/org/apache/struts2/cdi/CdiObjectFactory.java
(original)
+++
struts/struts2/trunk/plugins/cdi/src/main/java/org/apache/struts2/cdi/CdiObjectFactory.java
Tue Feb 28 00:35:04 2012
@@ -20,6 +20,7 @@
package org.apache.struts2.cdi;
import com.opensymphony.xwork2.ObjectFactory;
+import com.opensymphony.xwork2.inject.Inject;
import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
@@ -35,6 +36,13 @@ import java.util.concurrent.ConcurrentHa
/**
* CdiObjectFactory allows Struts 2 managed objects, like Actions,
Interceptors or Results, to be injected by a Contexts
* and Dependency Injection container (JSR299 / WebBeans).
+ * The BeanManager instance will be searched in the container's JNDI context,
according to following algorithm:
+ *
+ * if a value for configuration constant
struts.objectFactory.cdi.jndiKey is given, this key will be looked
up
+ * if no BeanManager found so far, look under {@link
#CDI_JNDIKEY_BEANMANAGER_COMP}
+ * if no BeanManager found so far, look under {@link
#CDI_JNDIKEY_BEANMANAGER_APP}
+ * if no BeanManager found so far, look under {@link
#CDI_JNDIKEY_BEANMANAGER_COMP_ENV}
+ *
*/
public class CdiObjectFactory extends ObjectFactory {
@@ -48,8 +56,20 @@ public class CdiObjectFactory extends Ob
* The key under which the BeanManager can be found according to JBoss
Weld docs
*/
public static final String CDI_JNDIKEY_BEANMANAGER_APP =
"java:app/BeanManager";
+ /**
+* The key under which the BeanManager can be found in pure Servlet
containers according to JBoss Weld docs.
+*/
+ public static final String CDI_JNDIKEY_BEANMANAGER_COMP_ENV =
"java:comp/env/BeanManager";
-protected BeanManager beanManager;
+
+ private String jndiKey;
+
+ @Inject(value = "struts.objectFactory.cdi.jndiKey", required = false)
+ public void setJndiKey( String jndiKey ) {
+ this.jndiKey = jndiKey;
+ }
+
+ protected BeanManager beanManager;
protected CreationalContext ctx;
Map, InjectionTarget> injectionTargetCache = new
ConcurrentHashMap, InjectionTarget>();
@@ -66,33 +86,72 @@ public class CdiObjectFactory extends Ob
}
}
-/**
- * Try to find the CDI BeanManager from JNDI context. First the key {@link
#CDI_JNDIKEY_BEANMANAGER_COMP} will be
- * tested. If nothing is found there, the key {@link
#CDI_JNDIKEY_BEANMANAGER_APP} will be checked.
- *
- * @return the BeanManager, if found. null otherwise.
- */
-protected BeanManager findBeanManager() {
-BeanManager bm;
-try {
-Context initialContext = new InitialContext();
-LOG.info("[findBeanManager]: Checking for BeanManager under JNDI
key " + CDI_JNDIKEY_BEANMANAGER_COMP);
-try {
-bm = (BeanManager)
initialContext.lookup(CdiObjectFactory.CDI_JNDIKEY_BEANMANAGER_COMP);
-} catch (NamingException e) {
-LOG.warn("[findBeanManager]: Lookup failed.", e);
-LOG.info("[findBeanManager]: Checking for BeanManager under
JNDI key " + CDI_JNDIKEY_BEANMANAGER_APP);
-bm = (BeanManager)
initialContext.lookup(CdiObjectFactory.CDI_JNDIKEY_BEANMANAGER_APP);
-}
-LOG.info("[findBeanManager]: BeanManager found.");
-return bm;
-} catch (NamingException e) {
-LOG.error("Could not get BeanManager from JNDI context", e);
-}
-return null;
-}
+ /**
+* Try to find the CDI BeanManager from JNDI context. First, if
provided, the key given by
+* struts.objectFactory.cdi.jndiKey will be checked. Then, if nothing
was found or no explicit configuration was
+* given, the key {@link #CDI_JNDIKEY_BEANMANAGER_COMP} will be tested.
If nothing is found there, the key {@link
+* #CDI_JNDIKEY_BEANMANAGER_APP} will be checked. If still nothing is
found there, the key {@link
+* #CDI_JNDIKEY_BEA
svn commit: r1304070 - /struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/inject/ContainerImpl.java
Author: rgielen
Date: Thu Mar 22 21:17:07 2012
New Revision: 1304070
URL: http://svn.apache.org/viewvc?rev=1304070&view=rev
Log:
WW-3768:
ThreadLocal was created but not removed appropriately
Modified:
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/inject/ContainerImpl.java
Modified:
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/inject/ContainerImpl.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/inject/ContainerImpl.java?rev=1304070&r1=1304069&r2=1304070&view=diff
==
---
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/inject/ContainerImpl.java
(original)
+++
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/inject/ContainerImpl.java
Thu Mar 22 21:17:07 2012
@@ -581,6 +581,8 @@ class ContainerImpl implements Container
} finally {
// Only remove the context if this call created
it.
reference[0] = null;
+ // WW-3768: ThreadLocal was not removed
+ localContext.remove();
}
} else {
// Someone else will clean up this context.
svn commit: r1304631 - /struts/struts2/trunk/pom.xml
Author: rgielen
Date: Fri Mar 23 22:25:13 2012
New Revision: 1304631
URL: http://svn.apache.org/viewvc?rev=1304631&view=rev
Log:
Added CDI plugin to dependency management section
Modified:
struts/struts2/trunk/pom.xml
Modified: struts/struts2/trunk/pom.xml
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/pom.xml?rev=1304631&r1=1304630&r2=1304631&view=diff
==
--- struts/struts2/trunk/pom.xml (original)
+++ struts/struts2/trunk/pom.xml Fri Mar 23 22:25:13 2012
@@ -344,6 +344,11 @@
org.apache.struts
+struts2-cdi-plugin
+${project.version}
+
+
+org.apache.struts
struts2-portlet-plugin
${project.version}
svn commit: r1368827 - in /struts/struts2/trunk: ./ core/src/main/java/org/apache/struts2/interceptor/ core/src/main/java/org/apache/struts2/util/ core/src/test/java/org/apache/struts2/util/ core/src/
Author: rgielen
Date: Fri Aug 3 08:03:12 2012
New Revision: 1368827
URL: http://svn.apache.org/viewvc?rev=1368827&view=rev
Log:
WW-3858
Decouple token names from their respective session attribute names
Modified:
struts/struts2/trunk/ (props changed)
struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java
struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
struts/struts2/trunk/core/src/main/java/org/apache/struts2/util/TokenHelper.java
struts/struts2/trunk/core/src/test/java/org/apache/struts2/util/TokenHelperTest.java
struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/jsp/ui/TokenTagTest.java
Propchange: struts/struts2/trunk/
--
--- svn:ignore (original)
+++ svn:ignore Fri Aug 3 08:03:12 2012
@@ -6,3 +6,5 @@
*.iws
target
.idea
+
+test-output
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java?rev=1368827&r1=1368826&r2=1368827&view=diff
==
---
struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java
(original)
+++
struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java
Fri Aug 3 08:03:12 2012
@@ -257,8 +257,9 @@ public class ExecuteAndWaitInterceptor e
if ((!executeAfterValidationPass || !secondTime) && bp != null &&
!bp.isDone()) {
actionInvocation.getStack().push(bp.getAction());
-if (TokenHelper.getToken() != null) {
-session.put(TokenHelper.getTokenName(),
TokenHelper.getToken());
+ final String token = TokenHelper.getToken();
+ if (token != null) {
+
TokenHelper.setSessionToken(TokenHelper.getTokenName(), token);
}
Map results = proxy.getConfig().getResults();
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java?rev=1368827&r1=1368826&r2=1368827&view=diff
==
---
struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
(original)
+++
struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
Fri Aug 3 08:03:12 2012
@@ -121,7 +121,8 @@ public class TokenSessionStoreIntercepto
params.remove(tokenName);
params.remove(TokenHelper.TOKEN_NAME_FIELD);
-ActionInvocation savedInvocation =
InvocationSessionStore.loadInvocation(tokenName, token);
+ String sessionTokenName =
TokenHelper.buildTokenSessionAttributeName(tokenName);
+ActionInvocation savedInvocation =
InvocationSessionStore.loadInvocation(sessionTokenName, token);
if (savedInvocation != null) {
// set the valuestack to the request scope
@@ -157,7 +158,8 @@ public class TokenSessionStoreIntercepto
// we know the token name and token must be there
String key = TokenHelper.getTokenName();
String token = TokenHelper.getToken(key);
-InvocationSessionStore.storeInvocation(key, token, invocation);
+ String sessionTokenName =
TokenHelper.buildTokenSessionAttributeName(key);
+ InvocationSessionStore.storeInvocation(sessionTokenName, token,
invocation);
return invocation.invoke();
}
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/util/TokenHelper.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/util/TokenHelper.java?rev=1368827&r1=1368826&r2=1368827&view=diff
==
---
struts/struts2/trunk/core/src/main/java/org/apache/struts2/util/TokenHelper.java
(original)
+++
struts/struts2/trunk/core/src/main/java/org/apache/struts2/util/TokenHelper.java
Fri Aug 3 08:03:12 2012
@@ -36,10 +36,15 @@ import com.opensymphony.xwork2.util.logg
*/
public class TokenHelper {
-/**
+ /**
+* The default namespace for storing token session values
+*/
+ public static final String TOKEN_NAMESPACE = "struts.tokens";
+
+ /**
* The default name to map the token value
*/
svn commit: r1368841 - in /struts/struts2/trunk/xwork-core/src: main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java test/java/com/opensymphony/xwork2/interceptor/ParametersInterce
Author: rgielen
Date: Fri Aug 3 09:16:47 2012
New Revision: 1368841
URL: http://svn.apache.org/viewvc?rev=1368841&view=rev
Log:
WW-3860
Restrict accepted parameter name length
Thanks to Johno Crawford for the patch.
Modified:
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
Modified:
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java?rev=1368841&r1=1368840&r2=1368841&view=diff
==
---
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
(original)
+++
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
Fri Aug 3 09:16:47 2012
@@ -96,9 +96,11 @@ import java.util.regex.Pattern;
*
*
*
- *
* ordered - set to true if you want the top-down property setter
behaviour
- *
+ * acceptParamNames - a comma delimited list of regular expressions to
describe a whitelist of accepted parameter names.
+ * Don't change the default unless you know what you are doing in terms of
security implications
+ * excludeParams - a comma delimited list of regular expressions to
describe a blacklist of not allowed parameter names
+ * paramNameMaxLength - the maximum length of parameter names; parameters
with longer names will be ignored; the default is 100 characters
*
*
*
@@ -130,6 +132,10 @@ public class ParametersInterceptor exten
private static final Logger LOG =
LoggerFactory.getLogger(ParametersInterceptor.class);
+protected static final int PARAM_NAME_MAX_LENGTH = 100;
+
+private int paramNameMaxLength = PARAM_NAME_MAX_LENGTH;
+
boolean ordered = false;
Set excludeParams = Collections.emptySet();
Set acceptParams = Collections.emptySet();
@@ -151,7 +157,16 @@ public class ParametersInterceptor exten
devMode = "true".equals(mode);
}
-public void setAcceptParamNames(String commaDelim) {
+ /**
+* Sets a comma-delimited list of regular expressions to match
+* parameters that are allowed in the parameter map (aka whitelist).
+*
+* Don't change the default unless you know what you are doing in terms
+* of security implications.
+*
+* @param commaDelim A comma-delimited list of regular expressions
+*/
+ public void setAcceptParamNames(String commaDelim) {
Collection acceptPatterns =
ArrayUtils.asCollection(commaDelim);
if (acceptPatterns != null) {
acceptParams = new HashSet();
@@ -161,6 +176,16 @@ public class ParametersInterceptor exten
}
}
+/**
+ * If the param name exceeds the configured maximum length it will not be
+ * accepted.
+ *
+ * @param paramNameMaxLength Maximum length of param names
+ */
+public void setParamNameMaxLength(int paramNameMaxLength) {
+this.paramNameMaxLength = paramNameMaxLength;
+}
+
static private int countOGNLCharacters(String s) {
int count = 0;
for (int i = s.length() - 1; i >= 0; i--) {
@@ -351,10 +376,15 @@ public class ParametersInterceptor exten
}
protected boolean acceptableName(String name) {
-return isAccepted(name) && !isExcluded(name);
+return isWithinLengthLimit(name) && isAccepted(name)
+&& !isExcluded(name);
}
-protected boolean isAccepted(String paramName) {
+ protected boolean isWithinLengthLimit( String name ) {
+ return name.length() <= paramNameMaxLength;
+ }
+
+ protected boolean isAccepted(String paramName) {
if (!this.acceptParams.isEmpty()) {
for (Pattern pattern : acceptParams) {
Matcher matcher = pattern.matcher(paramName);
Modified:
struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java?rev=1368841&r1=1368840&r2=1368841&view=diff
==
---
struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
(original)
+++
struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
Fri Aug 3 09:16:47 2012
@@ -201,7 +201,39 @@ public class ParametersInterceptor
svn commit: r1368890 - in /struts/struts2/tags/STRUTS_2_3_4: ./ apps/ apps/jboss-blank/ archetypes/ archetypes/struts2-archetype-blank/ archetypes/struts2-archetype-convention/ archetypes/struts2-arch
Author: rgielen Date: Fri Aug 3 11:15:11 2012 New Revision: 1368890 URL: http://svn.apache.org/viewvc?rev=1368890&view=rev Log: Fixed ignores Modified: struts/struts2/tags/STRUTS_2_3_4/ (props changed) struts/struts2/tags/STRUTS_2_3_4/apps/ (props changed) struts/struts2/tags/STRUTS_2_3_4/apps/jboss-blank/ (props changed) struts/struts2/tags/STRUTS_2_3_4/archetypes/ (props changed) struts/struts2/tags/STRUTS_2_3_4/archetypes/struts2-archetype-blank/ (props changed) struts/struts2/tags/STRUTS_2_3_4/archetypes/struts2-archetype-convention/ (props changed) struts/struts2/tags/STRUTS_2_3_4/archetypes/struts2-archetype-dbportlet/ (props changed) struts/struts2/tags/STRUTS_2_3_4/archetypes/struts2-archetype-plugin/ (props changed) struts/struts2/tags/STRUTS_2_3_4/archetypes/struts2-archetype-portlet/ (props changed) struts/struts2/tags/STRUTS_2_3_4/archetypes/struts2-archetype-starter/ (props changed) struts/struts2/tags/STRUTS_2_3_4/assembly/ (props changed) struts/struts2/tags/STRUTS_2_3_4/bundles/ (props changed) struts/struts2/tags/STRUTS_2_3_4/plugins/ (props changed) struts/struts2/tags/STRUTS_2_3_4/plugins/cdi/ (props changed) struts/struts2/tags/STRUTS_2_3_4/plugins/gxp/ (props changed) struts/struts2/tags/STRUTS_2_3_4/plugins/portlet/ (props changed) Propchange: struts/struts2/tags/STRUTS_2_3_4/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -6,3 +6,5 @@ *.iws target .idea +atlassian-ide-plugin* +classes Propchange: struts/struts2/tags/STRUTS_2_3_4/apps/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -4,3 +4,4 @@ .project target .settings +*.iml Propchange: struts/struts2/tags/STRUTS_2_3_4/apps/jboss-blank/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -1 +1,3 @@ target +*.iml +*.idea Propchange: struts/struts2/tags/STRUTS_2_3_4/archetypes/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -1 +1,3 @@ target +*.iml +*.idea Propchange: struts/struts2/tags/STRUTS_2_3_4/archetypes/struts2-archetype-blank/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -1 +1,3 @@ target +*.iml +*.idea Propchange: struts/struts2/tags/STRUTS_2_3_4/archetypes/struts2-archetype-convention/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -1 +1,3 @@ target +*.iml +*.idea Propchange: struts/struts2/tags/STRUTS_2_3_4/archetypes/struts2-archetype-dbportlet/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -1 +1,3 @@ target +*.iml +*.idea Propchange: struts/struts2/tags/STRUTS_2_3_4/archetypes/struts2-archetype-plugin/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -1 +1,3 @@ target +*.iml +*.idea Propchange: struts/struts2/tags/STRUTS_2_3_4/archetypes/struts2-archetype-portlet/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -1,3 +1,5 @@ target .project .classpath +*.iml +*.idea Propchange: struts/struts2/tags/STRUTS_2_3_4/archetypes/struts2-archetype-starter/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -1 +1,3 @@ target +*.iml +*.idea Propchange: struts/struts2/tags/STRUTS_2_3_4/assembly/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -6,3 +6,4 @@ target WW .settings +*.iml Propchange: struts/struts2/tags/STRUTS_2_3_4/bundles/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -2,4 +2,4 @@ *.ipr *.iws target -.* +*.iml Propchange: struts/struts2/tags/STRUTS_2_3_4/plugins/ -- --- svn:ignore (original) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -4,3 +4,4 @@ .project target .settings +*.iml Propchange: struts/struts2/tags/STRUTS_2_3_4/plugins/cdi/ -- --- svn:ignore (added) +++ svn:ignore Fri Aug 3 11:15:11 2012 @@ -0,0 +1,2 @@ +target +*.iml Propch
svn commit: r1368894 - /struts/struts2/branches/STRUTS_2_3_4_X/
Author: rgielen Date: Fri Aug 3 11:21:43 2012 New Revision: 1368894 URL: http://svn.apache.org/viewvc?rev=1368894&view=rev Log: Branch preparation Added: struts/struts2/branches/STRUTS_2_3_4_X/
svn commit: r1368900 - /struts/struts2/branches/STRUTS_2_3_4_X/
Author: rgielen Date: Fri Aug 3 11:51:55 2012 New Revision: 1368900 URL: http://svn.apache.org/viewvc?rev=1368900&view=rev Log: Branch preparation Removed: struts/struts2/branches/STRUTS_2_3_4_X/
svn commit: r1368902 - /struts/struts2/branches/STRUTS_2_3_4_X/
Author: rgielen Date: Fri Aug 3 11:53:35 2012 New Revision: 1368902 URL: http://svn.apache.org/viewvc?rev=1368902&view=rev Log: Branch Added: struts/struts2/branches/STRUTS_2_3_4_X/ (props changed) - copied from r1368900, struts/struts2/tags/STRUTS_2_3_4/ Propchange: struts/struts2/branches/STRUTS_2_3_4_X/ -- reviewboard:url = https://reviews.apache.org Propchange: struts/struts2/branches/STRUTS_2_3_4_X/ -- --- svn:ignore (added) +++ svn:ignore Fri Aug 3 11:53:35 2012 @@ -0,0 +1,10 @@ +.classpath +.project +.settings +*.ipr +*.iml +*.iws +target +.idea +atlassian-ide-plugin* +classes Propchange: struts/struts2/branches/STRUTS_2_3_4_X/ -- --- svn:mergeinfo (added) +++ svn:mergeinfo Fri Aug 3 11:53:35 2012 @@ -0,0 +1,2 @@ +/struts/struts2/branches/STRUTS_2_2_1_1:1037870-1053416 +/struts/struts2/tags/STRUTS_2_2_1:965062-1037869
svn commit: r1368921 - /struts/struts2/branches/STRUTS_2_3_4_X/pom.xml
Author: rgielen Date: Fri Aug 3 12:41:33 2012 New Revision: 1368921 URL: http://svn.apache.org/viewvc?rev=1368921&view=rev Log: Added gpg-plugin version fix Modified: struts/struts2/branches/STRUTS_2_3_4_X/pom.xml Modified: struts/struts2/branches/STRUTS_2_3_4_X/pom.xml URL: http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_3_4_X/pom.xml?rev=1368921&r1=1368920&r2=1368921&view=diff == --- struts/struts2/branches/STRUTS_2_3_4_X/pom.xml (original) +++ struts/struts2/branches/STRUTS_2_3_4_X/pom.xml Fri Aug 3 12:41:33 2012 @@ -197,7 +197,11 @@ maven-bundle-plugin 2.1.0 - + +org.apache.maven.plugins +maven-gpg-plugin +1.4 +
svn commit: r1368946 - in /struts/struts2/branches/STRUTS_2_3_4_X/core/src: main/java/org/apache/struts2/interceptor/ main/java/org/apache/struts2/util/ test/java/org/apache/struts2/util/ test/java/or
Author: rgielen
Date: Fri Aug 3 13:40:01 2012
New Revision: 1368946
URL: http://svn.apache.org/viewvc?rev=1368946&view=rev
Log:
Merged from trunk
WW-3858
Decouple token names from their respective session attribute names [from
revision 1368827]
Modified:
struts/struts2/branches/STRUTS_2_3_4_X/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java
(contents, props changed)
struts/struts2/branches/STRUTS_2_3_4_X/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
(contents, props changed)
struts/struts2/branches/STRUTS_2_3_4_X/core/src/main/java/org/apache/struts2/util/TokenHelper.java
(contents, props changed)
struts/struts2/branches/STRUTS_2_3_4_X/core/src/test/java/org/apache/struts2/util/TokenHelperTest.java
(contents, props changed)
struts/struts2/branches/STRUTS_2_3_4_X/core/src/test/java/org/apache/struts2/views/jsp/ui/TokenTagTest.java
(contents, props changed)
Modified:
struts/struts2/branches/STRUTS_2_3_4_X/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java
URL:
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_3_4_X/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java?rev=1368946&r1=1368945&r2=1368946&view=diff
==
---
struts/struts2/branches/STRUTS_2_3_4_X/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java
(original)
+++
struts/struts2/branches/STRUTS_2_3_4_X/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java
Fri Aug 3 13:40:01 2012
@@ -257,8 +257,9 @@ public class ExecuteAndWaitInterceptor e
if ((!executeAfterValidationPass || !secondTime) && bp != null &&
!bp.isDone()) {
actionInvocation.getStack().push(bp.getAction());
-if (TokenHelper.getToken() != null) {
-session.put(TokenHelper.getTokenName(),
TokenHelper.getToken());
+ final String token = TokenHelper.getToken();
+ if (token != null) {
+
TokenHelper.setSessionToken(TokenHelper.getTokenName(), token);
}
Map results = proxy.getConfig().getResults();
Propchange:
struts/struts2/branches/STRUTS_2_3_4_X/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java
--
--- svn:mergeinfo (added)
+++ svn:mergeinfo Fri Aug 3 13:40:01 2012
@@ -0,0 +1,3 @@
+/struts/struts2/branches/STRUTS_2_2_1_1/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java:1037870-1053416
+/struts/struts2/tags/STRUTS_2_2_1/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java:965062-1037869
+/struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java:1368827
Modified:
struts/struts2/branches/STRUTS_2_3_4_X/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
URL:
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_3_4_X/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java?rev=1368946&r1=1368945&r2=1368946&view=diff
==
---
struts/struts2/branches/STRUTS_2_3_4_X/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
(original)
+++
struts/struts2/branches/STRUTS_2_3_4_X/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
Fri Aug 3 13:40:01 2012
@@ -121,7 +121,8 @@ public class TokenSessionStoreIntercepto
params.remove(tokenName);
params.remove(TokenHelper.TOKEN_NAME_FIELD);
-ActionInvocation savedInvocation =
InvocationSessionStore.loadInvocation(tokenName, token);
+ String sessionTokenName =
TokenHelper.buildTokenSessionAttributeName(tokenName);
+ActionInvocation savedInvocation =
InvocationSessionStore.loadInvocation(sessionTokenName, token);
if (savedInvocation != null) {
// set the valuestack to the request scope
@@ -157,7 +158,8 @@ public class TokenSessionStoreIntercepto
// we know the token name and token must be there
String key = TokenHelper.getTokenName();
String token = TokenHelper.getToken(key);
-InvocationSessionStore.storeInvocation(key, token, invocation);
+ String sessionTokenName =
TokenHelper.buildTokenSessionAttributeName(key);
+ InvocationSessionStore.storeInvocation(sessionTokenName, token,
invocation);
return invocation.invoke();
}
Propchange:
struts/struts2/branches/STRUTS_2_3_4_X/core/
svn commit: r1368949 - in /struts/struts2/branches/STRUTS_2_3_4_X/xwork-core/src: main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java test/java/com/opensymphony/xwork2/interceptor
Author: rgielen
Date: Fri Aug 3 13:41:28 2012
New Revision: 1368949
URL: http://svn.apache.org/viewvc?rev=1368949&view=rev
Log:
Merged from trunk
WW-3860
Restrict accepted parameter name length
Thanks to Johno Crawford for the patch. [from revision 1368841]
Modified:
struts/struts2/branches/STRUTS_2_3_4_X/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
(contents, props changed)
struts/struts2/branches/STRUTS_2_3_4_X/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
(contents, props changed)
Modified:
struts/struts2/branches/STRUTS_2_3_4_X/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
URL:
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_3_4_X/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java?rev=1368949&r1=1368948&r2=1368949&view=diff
==
---
struts/struts2/branches/STRUTS_2_3_4_X/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
(original)
+++
struts/struts2/branches/STRUTS_2_3_4_X/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
Fri Aug 3 13:41:28 2012
@@ -95,9 +95,11 @@ import java.util.regex.Pattern;
*
*
*
- *
* ordered - set to true if you want the top-down property setter
behaviour
- *
+ * acceptParamNames - a comma delimited list of regular expressions to
describe a whitelist of accepted parameter names.
+ * Don't change the default unless you know what you are doing in terms of
security implications
+ * excludeParams - a comma delimited list of regular expressions to
describe a blacklist of not allowed parameter names
+ * paramNameMaxLength - the maximum length of parameter names; parameters
with longer names will be ignored; the default is 100 characters
*
*
*
@@ -129,6 +131,10 @@ public class ParametersInterceptor exten
private static final Logger LOG =
LoggerFactory.getLogger(ParametersInterceptor.class);
+protected static final int PARAM_NAME_MAX_LENGTH = 100;
+
+private int paramNameMaxLength = PARAM_NAME_MAX_LENGTH;
+
boolean ordered = false;
Set excludeParams = Collections.emptySet();
Set acceptParams = Collections.emptySet();
@@ -150,7 +156,16 @@ public class ParametersInterceptor exten
devMode = "true".equals(mode);
}
-public void setAcceptParamNames(String commaDelim) {
+ /**
+* Sets a comma-delimited list of regular expressions to match
+* parameters that are allowed in the parameter map (aka whitelist).
+*
+* Don't change the default unless you know what you are doing in terms
+* of security implications.
+*
+* @param commaDelim A comma-delimited list of regular expressions
+*/
+ public void setAcceptParamNames(String commaDelim) {
Collection acceptPatterns =
ArrayUtils.asCollection(commaDelim);
if (acceptPatterns != null) {
acceptParams = new HashSet();
@@ -160,6 +175,16 @@ public class ParametersInterceptor exten
}
}
+/**
+ * If the param name exceeds the configured maximum length it will not be
+ * accepted.
+ *
+ * @param paramNameMaxLength Maximum length of param names
+ */
+public void setParamNameMaxLength(int paramNameMaxLength) {
+this.paramNameMaxLength = paramNameMaxLength;
+}
+
static private int countOGNLCharacters(String s) {
int count = 0;
for (int i = s.length() - 1; i >= 0; i--) {
@@ -350,10 +375,15 @@ public class ParametersInterceptor exten
}
protected boolean acceptableName(String name) {
-return isAccepted(name) && !isExcluded(name);
+return isWithinLengthLimit(name) && isAccepted(name)
+&& !isExcluded(name);
}
-protected boolean isAccepted(String paramName) {
+ protected boolean isWithinLengthLimit( String name ) {
+ return name.length() <= paramNameMaxLength;
+ }
+
+ protected boolean isAccepted(String paramName) {
if (!this.acceptParams.isEmpty()) {
for (Pattern pattern : acceptParams) {
Matcher matcher = pattern.matcher(paramName);
Propchange:
struts/struts2/branches/STRUTS_2_3_4_X/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
--
--- svn:mergeinfo (added)
+++ svn:mergeinfo Fri Aug 3 13:41:28 2012
@@ -0,0 +1,3 @@
+/struts/struts2/branches/STRUTS_2_2_1_1/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java:1037870-1053416
+/struts/struts2/tags/STRUTS_2_2_1/xwork-core/src/main/java/com/opensymphony/xwork2/inte
svn commit: r1368951 - /struts/struts2/branches/STRUTS_2_3_4_X/pom.xml
Author: rgielen Date: Fri Aug 3 13:42:36 2012 New Revision: 1368951 URL: http://svn.apache.org/viewvc?rev=1368951&view=rev Log: Reverted plugin management change Modified: struts/struts2/branches/STRUTS_2_3_4_X/pom.xml Modified: struts/struts2/branches/STRUTS_2_3_4_X/pom.xml URL: http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_3_4_X/pom.xml?rev=1368951&r1=1368950&r2=1368951&view=diff == --- struts/struts2/branches/STRUTS_2_3_4_X/pom.xml (original) +++ struts/struts2/branches/STRUTS_2_3_4_X/pom.xml Fri Aug 3 13:42:36 2012 @@ -197,11 +197,6 @@ maven-bundle-plugin 2.1.0 - -org.apache.maven.plugins -maven-gpg-plugin -1.4 -
svn commit: r1368961 - /struts/struts2/tags/STRUTS_2_3_4_1/
Author: rgielen Date: Fri Aug 3 13:54:15 2012 New Revision: 1368961 URL: http://svn.apache.org/viewvc?rev=1368961&view=rev Log: [maven-release-plugin] copy for tag STRUTS_2_3_4_1 Added: struts/struts2/tags/STRUTS_2_3_4_1/ (props changed) - copied from r1368960, struts/struts2/branches/STRUTS_2_3_4_X/ Propchange: struts/struts2/tags/STRUTS_2_3_4_1/ -- reviewboard:url = https://reviews.apache.org Propchange: struts/struts2/tags/STRUTS_2_3_4_1/ -- --- svn:ignore (added) +++ svn:ignore Fri Aug 3 13:54:15 2012 @@ -0,0 +1,10 @@ +.classpath +.project +.settings +*.ipr +*.iml +*.iws +target +.idea +atlassian-ide-plugin* +classes Propchange: struts/struts2/tags/STRUTS_2_3_4_1/ -- --- svn:mergeinfo (added) +++ svn:mergeinfo Fri Aug 3 13:54:15 2012 @@ -0,0 +1,2 @@ +/struts/struts2/branches/STRUTS_2_2_1_1:1037870-1053416 +/struts/struts2/tags/STRUTS_2_2_1:965062-1037869
svn commit: r1372387 - in /struts/site/src/site: resources/archetype-catalog.xml site.xml xdoc/announce.xml xdoc/download.xml xdoc/downloads.xml xdoc/index.xml
Author: rgielen Date: Mon Aug 13 12:17:47 2012 New Revision: 1372387 URL: http://svn.apache.org/viewvc?rev=1372387&view=rev Log: Changes for 2.3.4.1 release Modified: struts/site/src/site/resources/archetype-catalog.xml struts/site/src/site/site.xml struts/site/src/site/xdoc/announce.xml struts/site/src/site/xdoc/download.xml struts/site/src/site/xdoc/downloads.xml struts/site/src/site/xdoc/index.xml Modified: struts/site/src/site/resources/archetype-catalog.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/resources/archetype-catalog.xml?rev=1372387&r1=1372386&r2=1372387&view=diff == --- struts/site/src/site/resources/archetype-catalog.xml (original) +++ struts/site/src/site/resources/archetype-catalog.xml Mon Aug 13 12:17:47 2012 @@ -7,42 +7,42 @@ org.apache.struts struts2-archetype-blank -2.3.4 +2.3.4.1 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Blank org.apache.struts struts2-archetype-convention -2.3.4 +2.3.4.1 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Blank Convention org.apache.struts struts2-archetype-dbportlet -2.3.4 +2.3.4.1 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Database Portlet org.apache.struts struts2-archetype-plugin -2.3.4 +2.3.4.1 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Plugin org.apache.struts struts2-archetype-portlet -2.3.4 +2.3.4.1 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Portlet org.apache.struts struts2-archetype-starter -2.3.4 +2.3.4.1 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Starter Modified: struts/site/src/site/site.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/site.xml?rev=1372387&r1=1372386&r2=1372387&view=diff == --- struts/site/src/site/site.xml (original) +++ struts/site/src/site/site.xml Mon Aug 13 12:17:47 2012 @@ -21,7 +21,7 @@ href="http://www.apache.org/"; /> http://struts.apache.org/2.3.4/index.html"; /> +href="http://struts.apache.org/2.3.4.1/index.html"; /> http://struts.apache.org/1.3.10/index.html"; /> @@ -71,8 +71,8 @@ name="Key Technologies" href="primer.html" /> http://struts.apache.org/2.3.4/index.html"; /> +name="Struts 2.3.4.1 (GA)" +href="http://struts.apache.org/2.3.4.1/index.html"; /> http://struts.apache.org/1.3.10/index.html"; /> Modified: struts/site/src/site/xdoc/announce.xml URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/announce.xml?rev=1372387&r1=1372386&r2=1372387&view=diff == --- struts/site/src/site/xdoc/announce.xml (original) +++ struts/site/src/site/xdoc/announce.xml Mon Aug 13 12:17:47 2012 @@ -30,6 +30,60 @@ limitations under the License. Announcements - 2011 +13 August 2012 - Struts 2.3.4.1 General Availability Release + +The Apache Struts group is pleased to announce that Struts 2.3.4.1 is +available as a "General Availability" release. The GA designation is our +highest quality grade. + + +Apache Struts 2 is an elegant, extensible framework for creating +enterprise-ready Java web applications. The framework is designed to +streamline the full development cycle, from building, to deploying, to +maintaining applications over time. + + +Two security issues were solved with this release: + + +Decoupling of session attribute and parameter naming for Struts 2 token mechanism, +to improve security when used for CSRF-attack protection + + +
svn commit: r1414222 - in /struts: archive/struts-doc-1.0.2/ site/legacy/struts-doc-1.0.2/
Author: rgielen Date: Tue Nov 27 15:11:03 2012 New Revision: 1414222 URL: http://svn.apache.org/viewvc?rev=1414222&view=rev Log: Moved legacy docs to archive Added: struts/archive/struts-doc-1.0.2/ - copied from r1414221, struts/site/legacy/struts-doc-1.0.2/ Removed: struts/site/legacy/struts-doc-1.0.2/
svn commit: r1414223 - in /struts: archive/struts-doc-1.1/ site/legacy/struts-doc-1.1/
Author: rgielen Date: Tue Nov 27 15:12:01 2012 New Revision: 1414223 URL: http://svn.apache.org/viewvc?rev=1414223&view=rev Log: Moved legacy docs to archive Added: struts/archive/struts-doc-1.1/ - copied from r1414222, struts/site/legacy/struts-doc-1.1/ Removed: struts/site/legacy/struts-doc-1.1/
svn commit: r1414225 - /struts/site/legacy/
Author: rgielen Date: Tue Nov 27 15:19:25 2012 New Revision: 1414225 URL: http://svn.apache.org/viewvc?rev=1414225&view=rev Log: Contents of legacy moved to ../archive Removed: struts/site/legacy/
svn commit: r1414226 - /struts/resources/
Author: rgielen Date: Tue Nov 27 15:20:25 2012 New Revision: 1414226 URL: http://svn.apache.org/viewvc?rev=1414226&view=rev Log: General directory for various resources, such as forms and templates Added: struts/resources/
svn commit: r1414228 - in /struts: resources/forms/ site/forms/
Author: rgielen Date: Tue Nov 27 15:22:40 2012 New Revision: 1414228 URL: http://svn.apache.org/viewvc?rev=1414228&view=rev Log: moved forms to newly created ../resources directory Added: struts/resources/forms/ - copied from r1414227, struts/site/forms/ Removed: struts/site/forms/
svn commit: r1414282 - /struts/site/branches/site2fluidomigration/src/site/site.xml
Author: rgielen Date: Tue Nov 27 17:44:30 2012 New Revision: 1414282 URL: http://svn.apache.org/viewvc?rev=1414282&view=rev Log: Footer section improved, but not yet "production ready" - trademarks content gets rendered below copyright statement, but alignment (tested with Safari) is still broken Modified: struts/site/branches/site2fluidomigration/src/site/site.xml Modified: struts/site/branches/site2fluidomigration/src/site/site.xml URL: http://svn.apache.org/viewvc/struts/site/branches/site2fluidomigration/src/site/site.xml?rev=1414282&r1=1414281&r2=1414282&view=diff == --- struts/site/branches/site2fluidomigration/src/site/site.xml (original) +++ struts/site/branches/site2fluidomigration/src/site/site.xml Tue Nov 27 17:44:30 2012 @@ -238,6 +238,11 @@ -© 2005-2011 The Apache Software Foundation - Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts project logos are trademarks of The Apache Software Foundation. + + +Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts +project logos are trademarks of The Apache Software Foundation. + +
svn commit: r1464900 - in /struts/site/trunk: content/markdown/ content/markdown/struts1eol-announcement.md content/markdown/struts1eol-press.md content/site.xml content/xdoc/announce.xml content/xdoc
Author: rgielen Date: Fri Apr 5 09:28:04 2013 New Revision: 1464900 URL: http://svn.apache.org/r1464900 Log: Preparation for Struts 1 EOL announcement Added: struts/site/trunk/content/markdown/ struts/site/trunk/content/markdown/struts1eol-announcement.md struts/site/trunk/content/markdown/struts1eol-press.md Modified: struts/site/trunk/content/site.xml struts/site/trunk/content/xdoc/announce.xml struts/site/trunk/content/xdoc/downloads.xml struts/site/trunk/content/xdoc/index.xml struts/site/trunk/pom.xml Added: struts/site/trunk/content/markdown/struts1eol-announcement.md URL: http://svn.apache.org/viewvc/struts/site/trunk/content/markdown/struts1eol-announcement.md?rev=1464900&view=auto == --- struts/site/trunk/content/markdown/struts1eol-announcement.md (added) +++ struts/site/trunk/content/markdown/struts1eol-announcement.md Fri Apr 5 09:28:04 2013 @@ -0,0 +1,37 @@ +Apache Struts 1 EOL Announcement + +# Apache Struts 1 End-Of-Life (EOL) Announcement + +**The Apache Struts Project Team would like to inform you that the Struts 1.x web framework has reached its end of life and is no longer officially supported.** + +Started in 2000, Struts 1 had its last release - version 1.3.10 - in December 2008. In the meantime the Struts community +has focused on pushing the Struts 2 framework forward, with as many as 23 releases as of April 2013. +Taking this into account, announcing Struts 1 EOL is just the official statement that we have been lacking volunteer +support for some time now and that users should not rely on a properly maintained framework state when utilizing +Struts 1 in projects. See the following Q/A section for more details. + +## Questions and Answers + +* **With the announcement of Struts 1 EOL, what happens to Struts 1 resources?** + +All resources will stay where they are. The documentation will still be accessible from the Apache Struts homepage, as well as the downloads for all released Struts 1.x versions. All of the Struts 1 source code can be found in the Apache Struts subversion repository, now and in future. All released Maven artifacts will still be accessible in Maven Central. + +* **Given a major security problem or a serious bug is reported for Struts 1 in near future, can we expect a new release with fixes?** + +As of now, actually no - that is what the EOL announcement essentially is about. Since the end of support is reached, you will either need to find mitigations, patch the existing Struts 1 source code yourself or migrate your project to another web framework. + +* **Is there an immediate need to eliminate Struts 1 from my projects?** + +As far as the Struts team is currently aware of, there is no urgent issue posing the immediate need to eliminate Struts 1 usage from your projects. However, you should be aware that security and bug fixes will no longer be provided. If in future such flaws are found you will need to take action as described in the preceding answer. + +* **We plan to start a new project based on Struts 1. Can we still do so?** + +Basically yes, but we would not recommend doing so. As long as no code line is written it is very easy to conceptually select an alternative web framework such as Struts 2. + +* **We want to migrate our project from Struts 1 to another web framework. What would you recommend?** + +You should be aware that there is currently no "drop-in" replacement for Struts 1. You will need to adapt your existing code to the framework of choice. Basically every action based Java web framework is a possible candidate. We as the Apache Struts Team can highly recommend investigating Struts 2 as a successor framework - it is modern, highly decoupled, feature rich, well maintained and successfully running in many mission critical projects in the wild. It shares the same basic principles with Struts 1, but offers a highly improved architecture and API. Other alternatives are e.g. Spring Web MVC, Grails or Stripes. + +* **My friends / colleagues and I would like to see Struts 1 being maintained again. What can we do?** + +You are free to put effort in Struts 1. There are basically two possible ways to do so: either fork the existing source, or engage in community building within the Apache Struts Project. If there are enough people demonstrating their will and ability to provide patches, maintenance and oversight in the long run, there is nothing holding us back from putting Struts 1 back into maintenance with the help of these volunteers. Added: struts/site/trunk/content/markdown/struts1eol-press.md URL: http://svn.apache.org/viewvc/struts/site/trunk/content/markdown/struts1eol-press.md?rev=1464900&view=auto == --- struts/site/trunk/content/markdown/struts1eol-press.md (adde
svn commit: r1464903 - in /struts/site/trunk/content: markdown/struts1eol-announcement.md xdoc/announce.xml xdoc/download.xml xdoc/downloads.xml
Author: rgielen Date: Fri Apr 5 09:56:08 2013 New Revision: 1464903 URL: http://svn.apache.org/r1464903 Log: - better download section support - small fixes - press release linked in announcement Modified: struts/site/trunk/content/markdown/struts1eol-announcement.md struts/site/trunk/content/xdoc/announce.xml struts/site/trunk/content/xdoc/download.xml struts/site/trunk/content/xdoc/downloads.xml Modified: struts/site/trunk/content/markdown/struts1eol-announcement.md URL: http://svn.apache.org/viewvc/struts/site/trunk/content/markdown/struts1eol-announcement.md?rev=1464903&r1=1464902&r2=1464903&view=diff == --- struts/site/trunk/content/markdown/struts1eol-announcement.md (original) +++ struts/site/trunk/content/markdown/struts1eol-announcement.md Fri Apr 5 09:56:08 2013 @@ -10,6 +10,8 @@ Taking this into account, announcing Str support for some time now and that users should not rely on a properly maintained framework state when utilizing Struts 1 in projects. See the following Q/A section for more details. +See also: [Apache Struts 1 EOL Press Release](struts1eol-press.html) + ## Questions and Answers * **With the announcement of Struts 1 EOL, what happens to Struts 1 resources?** Modified: struts/site/trunk/content/xdoc/announce.xml URL: http://svn.apache.org/viewvc/struts/site/trunk/content/xdoc/announce.xml?rev=1464903&r1=1464902&r2=1464903&view=diff == --- struts/site/trunk/content/xdoc/announce.xml (original) +++ struts/site/trunk/content/xdoc/announce.xml Fri Apr 5 09:56:08 2013 @@ -38,8 +38,8 @@ limitations under the License. Please check the following readings to find more details. -Apache Struts 1 EOL Announcement, including a detailed Q/A section -Apache Struts 1 EOL Press Release +Apache Struts 1 EOL Announcement, including a detailed Q/A section +Apache Struts 1 EOL Press Release Modified: struts/site/trunk/content/xdoc/download.xml URL: http://svn.apache.org/viewvc/struts/site/trunk/content/xdoc/download.xml?rev=1464903&r1=1464902&r2=1464903&view=diff == --- struts/site/trunk/content/xdoc/download.xml (original) +++ struts/site/trunk/content/xdoc/download.xml Fri Apr 5 09:56:08 2013 @@ -166,13 +166,18 @@ limitations under the License. -http://struts.apache.org/1.3.10/index.html";>Struts 1.3.10 +http://struts.apache.org/1.3.10/index.html";>Struts 1.3.10 - EOL is the latest production release of Struts 1. It is available in a full distribution, or as separate library, source, example and documentation distributions. + +Important: +Apache Struts 1 EOL Announcement, including a detailed Q/A section + + Full Distribution: Modified: struts/site/trunk/content/xdoc/downloads.xml URL: http://svn.apache.org/viewvc/struts/site/trunk/content/xdoc/downloads.xml?rev=1464903&r1=1464902&r2=1464903&view=diff == --- struts/site/trunk/content/xdoc/downloads.xml (original) +++ struts/site/trunk/content/xdoc/downloads.xml Fri Apr 5 09:56:08 2013 @@ -71,9 +71,14 @@ limitations under the License. Older Releases -are available from the +are available here +http://struts.apache.org/download.cgi#struts1310";> +Struts 1.3.10 + (latest Struts 1 release before EOL) + + http://archive.apache.org/dist/struts/";> Archive Site
svn commit: r857505 - in /websites/production/struts/content: ./ development/ release/
Author: rgielen Date: Sat Apr 6 13:14:49 2013 New Revision: 857505 Log: Publishing updated site with Struts 1 EOL announcement Added: websites/production/struts/content/ - copied from r857504, websites/staging/struts/trunk/content/ websites/production/struts/content/development/ - copied from r857504, websites/production/struts/content/development/ websites/production/struts/content/release/ - copied from r857504, websites/production/struts/content/release/
svn commit: r1467337 - /struts/site/trunk/content/xdoc/dev/volunteers.xml
Author: rgielen Date: Fri Apr 12 16:18:18 2013 New Revision: 1467337 URL: http://svn.apache.org/r1467337 Log: - Updated volunteers page to reflect latest PMC changes Modified: struts/site/trunk/content/xdoc/dev/volunteers.xml Modified: struts/site/trunk/content/xdoc/dev/volunteers.xml URL: http://svn.apache.org/viewvc/struts/site/trunk/content/xdoc/dev/volunteers.xml?rev=1467337&r1=1467336&r2=1467337&view=diff == --- struts/site/trunk/content/xdoc/dev/volunteers.xml (original) +++ struts/site/trunk/content/xdoc/dev/volunteers.xml Fri Apr 12 16:18:18 2013 @@ -67,11 +67,6 @@ limitations under the License. -Martin Cooper -(martinc at apache.org) - - - James Holmes (jholmes at apache.org) @@ -82,11 +77,6 @@ limitations under the License. -Niall Pemberton -(niallp at apache.org) - - - Wendy Smoak (wsmoak at apache.org) @@ -322,6 +312,15 @@ limitations under the License. Nils-Helge Garli Hegvik (PMC) (nilsga at apache.org) + +Martin Cooper (PMC) +(martinc at apache.org) + + +Niall Pemberton (PMC) +(niallp at apache.org) + +
svn commit: r858242 - in /websites/production/struts/content: ./ development/ release/
Author: rgielen Date: Fri Apr 12 16:20:15 2013 New Revision: 858242 Log: Publishing svnmucc operation to struts site by rgielen Added: websites/production/struts/content/ - copied from r858241, websites/staging/struts/trunk/content/ websites/production/struts/content/development/ - copied from r858241, websites/production/struts/content/development/ websites/production/struts/content/release/ - copied from r858241, websites/production/struts/content/release/
svn commit: r1475841 - /struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ContainerHolder.java
Author: rgielen
Date: Thu Apr 25 16:24:16 2013
New Revision: 1475841
URL: http://svn.apache.org/r1475841
Log:
WW-4058
- use remove rather than set(null) for cleanup
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ContainerHolder.java
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ContainerHolder.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ContainerHolder.java?rev=1475841&r1=1475840&r2=1475841&view=diff
==
---
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ContainerHolder.java
(original)
+++
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ContainerHolder.java
Thu Apr 25 16:24:16 2013
@@ -27,7 +27,7 @@ class ContainerHolder {
}
public static void clear() {
-ContainerHolder.instance.set(null);
+ContainerHolder.instance.remove();
}
}
svn commit: r1477947 - /struts/site/trunk/content/resources/doap_Struts.rdf
Author: rgielen Date: Wed May 1 11:05:42 2013 New Revision: 1477947 URL: http://svn.apache.org/r1477947 Log: Updated doap information to reflect Struts 1 EOL Modified: struts/site/trunk/content/resources/doap_Struts.rdf Modified: struts/site/trunk/content/resources/doap_Struts.rdf URL: http://svn.apache.org/viewvc/struts/site/trunk/content/resources/doap_Struts.rdf?rev=1477947&r1=1477946&r2=1477947&view=diff == --- struts/site/trunk/content/resources/doap_Struts.rdf (original) +++ struts/site/trunk/content/resources/doap_Struts.rdf Wed May 1 11:05:42 2013 @@ -20,7 +20,7 @@ http://struts.apache.org"; /> http://struts.apache.org"; /> Apache Struts is a free open-source framework for creating Java web applications. -The Apache Struts Project offers two major versions of the the Apache Struts web framework. Struts 1 is recognized as the most popular web application framework for Java. Struts 1 is the best choice for teams who value proven solutions to common problems. Struts 2 was originally known as WebWork 2. The 2.x framework is the best choice for teams who value elegant solutions to difficult problems. +The Apache Struts Project offers the Apache Struts 2 web framework which is a comprehensive and modular tooling stack for creating web-based Java applications. Struts 2, emerged from the WebWork 2 framework, is an excellent choice for teams who value elegant solutions to difficult problems. Its predecessor Struts 1 used to be the de-facto standard for creating Java-based web applications for a long time. The Apache Struts Project has put the Struts 1 framework out of maintenance, yet offers all resources and documentation for this still very popular framework. http://issues.apache.org/struts/"; /> http://struts.apache.org/mail.html"; /> http://struts.apache.org/downloads.html"; />
svn commit: r860468 - in /websites/production/struts/content: ./ development/ release/
Author: rgielen Date: Wed May 1 11:10:43 2013 New Revision: 860468 Log: Updated DOAP information Added: websites/production/struts/content/ - copied from r860467, websites/staging/struts/trunk/content/ websites/production/struts/content/development/ - copied from r860467, websites/production/struts/content/development/ websites/production/struts/content/release/ - copied from r860467, websites/production/struts/content/release/
svn commit: r1486076 - /struts/struts2/branches/STRUTS_2_3_14_X/core/src/main/java/org/apache/struts2/views/util/DefaultUrlHelper.java
Author: rgielen
Date: Fri May 24 14:29:09 2013
New Revision: 1486076
URL: http://svn.apache.org/r1486076
Log:
WW-4063
Skipping unneeded translation for included parameters
Modified:
struts/struts2/branches/STRUTS_2_3_14_X/core/src/main/java/org/apache/struts2/views/util/DefaultUrlHelper.java
Modified:
struts/struts2/branches/STRUTS_2_3_14_X/core/src/main/java/org/apache/struts2/views/util/DefaultUrlHelper.java
URL:
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_3_14_X/core/src/main/java/org/apache/struts2/views/util/DefaultUrlHelper.java?rev=1486076&r1=1486075&r2=1486076&view=diff
==
---
struts/struts2/branches/STRUTS_2_3_14_X/core/src/main/java/org/apache/struts2/views/util/DefaultUrlHelper.java
(original)
+++
struts/struts2/branches/STRUTS_2_3_14_X/core/src/main/java/org/apache/struts2/views/util/DefaultUrlHelper.java
Fri May 24 14:29:09 2013
@@ -241,47 +241,45 @@ public class DefaultUrlHelper implements
private String buildParameterSubstring(String name, String value) {
StringBuilder builder = new StringBuilder();
-builder.append(translateAndEncode(name));
+builder.append(encode(name));
builder.append('=');
-builder.append(translateAndEncode(value));
+builder.append(encode(value));
return builder.toString();
}
-/**
- * Translates any script expressions using {@link
com.opensymphony.xwork2.util.TextParseUtil#translateVariables} and
- * encodes the URL using {@link java.net.URLEncoder#encode} with the
encoding specified in the configuration.
- *
- * @param input
- * @return the translated and encoded string
- */
-public String translateAndEncode(String input) {
-String translatedInput = translateVariable(input);
-try {
-return URLEncoder.encode(translatedInput, encoding);
-} catch (UnsupportedEncodingException e) {
-if (LOG.isWarnEnabled()) {
-LOG.warn("Could not encode URL parameter '#0', returning value
un-encoded", input);
-}
-return translatedInput;
-}
-}
-
-public String translateAndDecode(String input) {
-String translatedInput = translateVariable(input);
-try {
-return URLDecoder.decode(translatedInput, encoding);
-} catch (UnsupportedEncodingException e) {
-if (LOG.isWarnEnabled()) {
-LOG.warn("Could not encode URL parameter '#0', returning value
un-encoded", input);
-}
-return translatedInput;
-}
-}
-
-private String translateVariable(String input) {
-ValueStack valueStack =
ServletActionContext.getContext().getValueStack();
-return TextParseUtil.translateVariables(input, valueStack);
-}
+ /**
+* Encodes the URL using {@link java.net.URLEncoder#encode} with the
encoding specified in the configuration.
+*
+* @param input the input to encode
+* @return the encoded string
+*/
+ public String encode( String input ) {
+ try {
+ return URLEncoder.encode(input, encoding);
+ } catch (UnsupportedEncodingException e) {
+ if (LOG.isWarnEnabled()) {
+ LOG.warn("Could not encode URL parameter '#0',
returning value un-encoded", input);
+ }
+ return input;
+ }
+ }
+
+ /**
+* Decodes the URL using {@link java.net.URLDecoder#decode(String,
String)} with the encoding specified in the configuration.
+*
+* @param input the input to decode
+* @return the encoded string
+*/
+ public String decode( String input ) {
+ try {
+ return URLDecoder.decode(input, encoding);
+ } catch (UnsupportedEncodingException e) {
+ if (LOG.isWarnEnabled()) {
+ LOG.warn("Could not decode URL parameter '#0',
returning value un-decoded", input);
+ }
+ return input;
+ }
+ }
public Map parseQueryString(String queryString, boolean
forceValueArray) {
Map queryParams = new LinkedHashMap();
@@ -299,8 +297,8 @@ public class DefaultUrlHelper implements
paramValue = tmpParams[1];
}
if (paramName != null) {
-paramName = translateAndDecode(paramName);
-String translatedParamValue =
translateAndDecode(paramValue);
+paramName = decode(paramName);
+String translatedParamValue = dec
svn commit: r1486077 - in /struts/struts2/branches/STRUTS_2_3_14_X: ./ plugins/portlet-tiles/
Author: rgielen Date: Fri May 24 14:30:43 2013 New Revision: 1486077 URL: http://svn.apache.org/r1486077 Log: Remote excution vulnerability Modified: struts/struts2/branches/STRUTS_2_3_14_X/ (props changed) struts/struts2/branches/STRUTS_2_3_14_X/plugins/portlet-tiles/ (props changed) Propchange: struts/struts2/branches/STRUTS_2_3_14_X/ -- --- svn:ignore (original) +++ svn:ignore Fri May 24 14:30:43 2013 @@ -8,3 +8,5 @@ target .idea test-output + +atlassian-ide-plugin.xml Propchange: struts/struts2/branches/STRUTS_2_3_14_X/plugins/portlet-tiles/ -- --- svn:ignore (added) +++ svn:ignore Fri May 24 14:30:43 2013 @@ -0,0 +1 @@ +*.iml
svn commit: r1486161 - /struts/struts2/branches/STRUTS_2_3_14_X/src/site/resources/archetype-catalog.xml
Author: rgielen Date: Fri May 24 18:40:23 2013 New Revision: 1486161 URL: http://svn.apache.org/r1486161 Log: Maven archetype versions updated Modified: struts/struts2/branches/STRUTS_2_3_14_X/src/site/resources/archetype-catalog.xml Modified: struts/struts2/branches/STRUTS_2_3_14_X/src/site/resources/archetype-catalog.xml URL: http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_3_14_X/src/site/resources/archetype-catalog.xml?rev=1486161&r1=1486160&r2=1486161&view=diff == --- struts/struts2/branches/STRUTS_2_3_14_X/src/site/resources/archetype-catalog.xml (original) +++ struts/struts2/branches/STRUTS_2_3_14_X/src/site/resources/archetype-catalog.xml Fri May 24 18:40:23 2013 @@ -7,42 +7,42 @@ org.apache.struts struts2-archetype-blank -2.3.14.1 +2.3.14.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Blank org.apache.struts struts2-archetype-convention -2.3.14.1 +2.3.14.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Blank Convention org.apache.struts struts2-archetype-dbportlet -2.3.14.1 +2.3.14.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Database Portlet org.apache.struts struts2-archetype-plugin -2.3.14.1 +2.3.14.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Plugin org.apache.struts struts2-archetype-portlet -2.3.14.1 +2.3.14.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Portlet org.apache.struts struts2-archetype-starter -2.3.14.1 +2.3.14.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Starter
svn commit: r1486164 - /struts/struts2/branches/STRUTS_2_3_14_X/core/src/test/java/org/apache/struts2/views/util/DefaultUrlHelperTest.java
Author: rgielen
Date: Fri May 24 18:47:35 2013
New Revision: 1486164
URL: http://svn.apache.org/r1486164
Log:
WW-4063
Testcase modification after refactoring
Modified:
struts/struts2/branches/STRUTS_2_3_14_X/core/src/test/java/org/apache/struts2/views/util/DefaultUrlHelperTest.java
Modified:
struts/struts2/branches/STRUTS_2_3_14_X/core/src/test/java/org/apache/struts2/views/util/DefaultUrlHelperTest.java
URL:
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_3_14_X/core/src/test/java/org/apache/struts2/views/util/DefaultUrlHelperTest.java?rev=1486164&r1=1486163&r2=1486164&view=diff
==
---
struts/struts2/branches/STRUTS_2_3_14_X/core/src/test/java/org/apache/struts2/views/util/DefaultUrlHelperTest.java
(original)
+++
struts/struts2/branches/STRUTS_2_3_14_X/core/src/test/java/org/apache/struts2/views/util/DefaultUrlHelperTest.java
Fri May 24 18:47:35 2013
@@ -380,7 +380,7 @@ public class DefaultUrlHelperTest extend
public void testTranslateAndEncode() throws Exception {
setProp(StrutsConstants.STRUTS_I18N_ENCODING, "UTF-8");
-String result = urlHelper.translateAndEncode("\u65b0\u805e");
+String result = urlHelper.encode("\u65b0\u805e");
String expectedResult = "%E6%96%B0%E8%81%9E";
assertEquals(result, expectedResult);
@@ -388,7 +388,7 @@ public class DefaultUrlHelperTest extend
public void testTranslateAndDecode() throws Exception {
setProp(StrutsConstants.STRUTS_I18N_ENCODING, "UTF-8");
-String result = urlHelper.translateAndDecode("%E6%96%B0%E8%81%9E");
+String result = urlHelper.decode("%E6%96%B0%E8%81%9E");
String expectedResult = "\u65b0\u805e";
assertEquals(result, expectedResult);
svn commit: r1486171 - /struts/struts2/tags/STRUTS_2_3_14_2/
Author: rgielen Date: Fri May 24 19:02:28 2013 New Revision: 1486171 URL: http://svn.apache.org/r1486171 Log: [maven-release-plugin] copy for tag STRUTS_2_3_14_2 Added: struts/struts2/tags/STRUTS_2_3_14_2/ (props changed) - copied from r1486170, struts/struts2/branches/STRUTS_2_3_14_X/ Propchange: struts/struts2/tags/STRUTS_2_3_14_2/ -- reviewboard:url = https://reviews.apache.org Propchange: struts/struts2/tags/STRUTS_2_3_14_2/ -- --- svn:ignore (added) +++ svn:ignore Fri May 24 19:02:28 2013 @@ -0,0 +1,12 @@ +.classpath +.project +.settings +*.ipr +*.iml +*.iws +target +.idea + +test-output + +atlassian-ide-plugin.xml Propchange: struts/struts2/tags/STRUTS_2_3_14_2/ -- --- svn:mergeinfo (added) +++ svn:mergeinfo Fri May 24 19:02:28 2013 @@ -0,0 +1,2 @@ +/struts/struts2/branches/STRUTS_2_2_1_1:1037870-1053416 +/struts/struts2/tags/STRUTS_2_2_1:965062-1037869
svn commit: r1486417 - in /struts/site/trunk/content/xdoc: download.xml downloads.xml
Author: rgielen Date: Sun May 26 15:02:00 2013 New Revision: 1486417 URL: http://svn.apache.org/r1486417 Log: Preparation for 2.3.14.2 release Modified: struts/site/trunk/content/xdoc/download.xml struts/site/trunk/content/xdoc/downloads.xml Modified: struts/site/trunk/content/xdoc/download.xml URL: http://svn.apache.org/viewvc/struts/site/trunk/content/xdoc/download.xml?rev=1486417&r1=1486416&r2=1486417&view=diff == --- struts/site/trunk/content/xdoc/download.xml (original) +++ struts/site/trunk/content/xdoc/download.xml Sun May 26 15:02:00 2013 @@ -94,28 +94,31 @@ limitations under the License. - - + + - http://struts.apache.org/2.3.14/";>Apache Struts 2.3.14.1 + http://struts.apache.org/release/2.3.x/";>Apache Struts 2.3.14.2 is an elegant, extensible framework for creating enterprise-ready Java web applications. It is available in a full distribution, or as separate library, source, example and documentation distributions. - Struts 2.3.14 is the "best available" version of Struts in the 2.3 series. + Struts 2.3.14.2 is the "best available" version of Struts in the 2.3 series. - http://struts.apache.org/development/2.x/docs/version-notes-23141.html";>Version Notes + https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.14.2";>Version Notes + Full Distribution: -struts-2.3.14.1-all.zip (65MB) -[http://www.apache.org/dist/struts/binaries/struts-2.3.14.1-all.zip.asc";>PGP] -[http://www.apache.org/dist/struts/binaries/struts-2.3.14.1-all.zip.md5";>MD5] +struts-2.3.14.2-all.zip (65MB) +[http://www.apache.org/dist/struts/binaries/struts-2.3.14.2-all.zip.asc";>PGP] +[http://www.apache.org/dist/struts/binaries/struts-2.3.14.2-all.zip.md5";>MD5] @@ -123,18 +126,18 @@ limitations under the License. Example Applications: -struts-2.3.14.1-apps.zip (35MB) -[http://www.apache.org/dist/struts/examples/struts-2.3.14.1-apps.zip.asc";>PGP] -[http://www.apache.org/dist/struts/examples/struts-2.3.14.1-apps.zip.md5";>MD5] +struts-2.3.14.2-apps.zip (35MB) +[http://www.apache.org/dist/struts/examples/struts-2.3.14.2-apps.zip.asc";>PGP] +[http://www.apache.org/dist/struts/examples/struts-2.3.14.2-apps.zip.md5";>MD5] Essential Dependencies Only: -struts-2.3.14.1-lib.zip (19MB) -[http://www.apache.org/dist/struts/library/struts-2.3.14.1-lib.zip.asc";>PGP] -[http://www.apache.org/dist/struts/library/struts-2.3.14.1-lib.zip.md5";>MD5] +struts-2.3.14.2-lib.zip (19MB) +[http://www.apache.org/dist/struts/library/struts-2.3.14.2-lib.zip.asc";>PGP] +[http://www.apache.org/dist/struts/library/struts-2.3.14.2-lib.zip.md5";>MD5] @@ -142,18 +145,18 @@ limitations under the License. Documentation: -struts-2.3.14.1-docs.zip (13MB) -[http://www.apache.org/dist/struts/documentation/struts-2.3.14.1-docs.zip.asc";>PGP] -[http://www.apache.org/dist/struts/documentation/struts-2.3.14.1-docs.zip.md5";>MD5] +struts-2.3.14.2-docs.zip (13MB) +[http://www.apache.org/dist/struts/documentation/struts-2.3.14.2-docs.zip.asc";>PGP] +[http://www.apache.org/dist/struts/documentation/struts-2.3.14.2-docs.zip.md5";>MD5]
svn commit: r1486428 - /struts/site/trunk/content/xdoc/download.xml
Author: rgielen Date: Sun May 26 16:25:50 2013 New Revision: 1486428 URL: http://svn.apache.org/r1486428 Log: Minor fix, trying to trigger buildbot Modified: struts/site/trunk/content/xdoc/download.xml Modified: struts/site/trunk/content/xdoc/download.xml URL: http://svn.apache.org/viewvc/struts/site/trunk/content/xdoc/download.xml?rev=1486428&r1=1486427&r2=1486428&view=diff == --- struts/site/trunk/content/xdoc/download.xml (original) +++ struts/site/trunk/content/xdoc/download.xml Sun May 26 16:25:50 2013 @@ -109,6 +109,7 @@ limitations under the License. https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.14.2";>Version Notes
svn commit: r1486429 - /struts/site/trunk/content/xdoc/downloads.xml
Author: rgielen Date: Sun May 26 16:30:20 2013 New Revision: 1486429 URL: http://svn.apache.org/r1486429 Log: fixed typo Modified: struts/site/trunk/content/xdoc/downloads.xml Modified: struts/site/trunk/content/xdoc/downloads.xml URL: http://svn.apache.org/viewvc/struts/site/trunk/content/xdoc/downloads.xml?rev=1486429&r1=1486428&r2=1486429&view=diff == --- struts/site/trunk/content/xdoc/downloads.xml (original) +++ struts/site/trunk/content/xdoc/downloads.xml Sun May 26 16:30:20 2013 @@ -125,7 +125,7 @@ limitations under the License. 22 May 2013 -http://struts.apache.org/2.x/docs/s2-014.html";>S2-013, +http://struts.apache.org/2.x/docs/s2-014.html";>S2-014 http://struts.apache.org/2.3.12/docs/version-notes-23141.html";>Version notes
