Manjesh Patil

This is a question about Java 8u51 update which has security fixes. We are evaluating if the vulnerability affects the jdk version we use.

What I want to know is :

For some CVE when it says 6u95,7u80 are affected, does it mean earlier versions (6u31,7u55, 7u71) are also affected? or they affect only the specific versions mentioned in "Supported Versions Affected" column of the table ?

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA

Hi,
I am using Apache Commons libraries to upload a .docx file . I want to extract the text using Apache POI at the same time. My application server(Google App egine) does not allow to create files so I cannot write to file. This is the reason I need to extract the text from uploaded file and store it as String object or BLOB in database.

While doing so I cannot pass the inputStream returned by ServletFileUpload to Apache POI API, it is throwing an exception Your InputStream was neither an OLE2 stream, nor an OOXML stream
the POI API expects a FileInputStream but the inputStream returned by ServletFileUpload is not compatible ..

ServletFileUpload upload = new ServletFileUpload(); FileItemIterator iterator = upload.getItemIterator(request); while (iterator.hasNext()) { FileItemStream item = iterator.next(); InputStream stream = item.openStream(); ExtractorFactory.createExtractor(stream).getText(); // throws an exception Your InputStream was neither an OLE2 stream, nor an OOXML stream }
I am passing a valid .docx file.
how should I handle this?

In Jboss say If your application name TestApp, then on deployment the server shows message like ...

14:18:42,752 INFO [org.jboss.web.tomcat.service.deployers.TomcatDeployment] deploy, ctxPath=/TestApp

which application server do you use?

If you know where is your hosting server located , server's log locations you can debug it easily.

Also , using UPPER cases for package name is discouraged. As a best practice use smaller cases for package names.
Example :

<servlet-name>ControllerServlet</servlet-name> <servlet-class>controller.controllerservlet</servlet-class> </servlet>

Do you see your application Context loaded messages in server.log?

So you do not want to show anything to the user until your stored proc completes? If the stored proc takes too much time to complete its activity why cannot you trigger a separate thread for this ?
incase if its required to wait until the proc finishes , you can try something like WaitAndExecute filters to notify the GUI that something is happening behind the screen..


-regards
Manjesh

I wish some plugin would come up though I do not see any roadmap for struts2 on their official site.

Struts2 as of now does not seems to be supporting HTML5. you have to use s:textfield only.
here is the list of HTML elelments that struts2 tags can render....


http://struts.apache.org/2.0.6/docs/ui-tag-reference.html



regards
Manjesh

Sounds it is programmatic issue and the way you are handling the shared objects in the Action classes/Beans .This Issue does not seems to be originated from the framework, try putting more logs/debugs ..
Good luck.

rerards.

From Ajax call or by URL alone you cannot direct struts framework to invoke any method present in the Action class, as you have mentioned you have to make use of struts.xml file to instruct which method to be invoked unless you want default( execute) to be get executed.

-regards
Ma

Where do you see the NullPointerException ? written to the browser ? Exception trace is not available?
try chaning the bean scope to "request" and see ..

Which version of struts you are using .. struts2 or struts1.x?

Hi I have Struts2 application Running on Google App Engine.
When I add "tokenSession" interceptor to any of the actions (say registration.action) , I do get the following exception. If I remove "tokenSession" Interceptor.. things works fine.., what could be the issue?
I have even tried with latest xwork-core-2.3.5-.jar file but no gain.
I use struts2-core.2.3.1.2 and dependent jars. please help me to fix this issue.

java.lang.RuntimeException: java.io.NotSerializableException: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector at com.google.apphosting.runtime.jetty.SessionManager.serialize(SessionManager.java:373) at com.google.apphosting.runtime.jetty.DatastoreSessionStore.createEntityForSession(DatastoreSessionStore.java:71) at com.google.apphosting.runtime.jetty.DatastoreSessionStore.saveSession(DatastoreSessionStore.java:93) at com.google.apphosting.runtime.jetty.SessionManager$AppEngineSession.save(SessionManager.java:164) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:41) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:249) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:135) at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:477) at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:449) at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:455) at com.google.tracing.TraceContext.runInContext(TraceContext.java:695) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:333) at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:325) at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:453) at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:251) at java.lang.Thread.run(Thread.java:679)

Thanks
Manjesh

Thanks for Reply

yes ...there is out.flush() ; in the code . It writes the output but in single line.............

how to configure these outputstreams so as to consider the new line character?

-thanks
Ma

I agree. But what I understand from mail is that , the developer is trying to apply high level authorisation to the URL (allow/deny).

If all my jsps are in the path : /jsp/example/ I can still uses security-constraint tag to protect /jsp/example/*.jsp same way for Servlets.

regards
Ma

Hi I have the following requirement

String s="aaaaaaaaaaaaaaaaaaa \n bbbbbbbbbbbbbbbb";



When I write this to browser from servlet, the output will be printed in the same line but I am expecting in two lines (in text form not HTML form which can be achived using <br/>).
If I use System.out.println(s) , it prints as I am expecting.

I have tried the following things but no gain!

doGet () { String s="aaaaaaaaaaaaaaaaaaa \n bbbbbbbbbbbbbbbb"; PrintWriter out=new PrintWriter(response.getOutputStream(), true); out.print(s); }

Also I have noticed one thing that System.getProperty("line.separator"); returns blank (nothing) . I am using JRE6 WINDOWS 7 and ECLIPSE
is this the problem?

can someone help me..?
thanks in advance
Ma