Recently, I need to upgrade Struts2 libraries from to
First all, I upgraded those libraries:
After that I tried to login the website, it didn't work. And I can't get any error messages or logs from the Tomcat console.
Here are some parts of my configuration files:
<constant name="struts.custom.i18n.resources" value="ApplicationResources,errors"/>
<constant name="struts.devMode" value="true" />
<constant name="struts.configuration.xml.reload" value="true" />
<constant name="struts.action.extension" value="do" />
<package name="tiles" extends="tiles-default" namespace="/test">
<result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult"/>
<default-interceptor-ref name="myStack"/>
<result name="input">/error.jsp</result>
<result name="success" type="tiles">global.setting.successMessage</result>
<result name="error" type="tiles">global.setting.errorMessage</result>
<result name="index" type="tiles">global.home.index</result>
<action name="Login" class="test.action.LoginAction">
<result name="index">/index.jsp</result>
<s:form action="">
<s:textfield required="true" key="user.account" />
<s:password required="true" key="user.password" />
<s:submit key="normal.login" align="right" method="login"/>
I closed other filters in web.xml
, and interceptors in struts.xml
Finally, I can't login the website and didn't get any error messages or logs from Tomcat console.
If you didn't get any error messages or logs from Tomcat console, then you should try debug the application to find a problem. Fist thing that you should do is to turn on a developer mode: struts.devMode=true
then you will see more messages on the console.
Closer to your question: as a security issues published on the site, the DMI (Dynamic Method Invocation) has been turned off by default configuration settings. However you can change this setting to allow method:
parameter being accepted by the params
interceptor. Or you should refactor your application to use only mapped methods. For example
<action name="Login" class="test.action.LoginAction" method="login">
<result name="index">/index.jsp</result>