On 3/3/2018 12:37 AM, Prasanth Pasala wrote:
> I was able to replicate the issue today. Asked few users to keep logging in
> and ran jmeter to access login page, with out putting any username or
> password. Out of the 100 attempts 2 attempts were
> successful in getting in with out username/password. I am seeing database
> login entries for these two. Which would happen only if a valid session is
> not present and user has provided username/password.
Shouldn't login page being accessible always? How do you try access
login page, calling directly to jsp? Or action? How do you authenticate
that access try, via session values? Via request parameters and querying
database?
> Not sure if the behavior is a side effect of having the below lines.
>
> request.setAttribute("struts.actionMapping", new
> ActionMapping());
> request.setAttribute("struts.valueStack", null);
Not these lines but I guess you may also remove more things from
forwarded request (e.g. session). Could you please print
request.toString before these lines to see what type is it? Could you
serialize request to a xml to see all values stored in that request?
Anyway, like you, I also think this issue is because of forwarding the
request from Struts1 to Struts2.
Regards.
