As Wolfgang mentioned this can be the reason, I recommend reviewing all the security changes [1] as many of them can impact your application. Other problem that can impact your app is allowlist capability [2]
[1] https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=293046977#Struts6.x.xto7.x.xmigration-Strongersecurity [2] https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=293046977#Struts6.x.xto7.x.xmigration-OGNLallowlistcapability pon., 20 sty 2025 o 22:14 Wolfgang Knauf <wolfgang.kn...@gmx.de.invalid> napisał(a): > > Hi Heikki, > > your description sounds like this parameter injection change: > https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=293046977#Struts6.x.xto7.x.xmigration-Actionparameterinjection > > For testing purposes, you might disable this security feature completely: > struts.parameters.requireAnnotations=true > > Hope this helps > > Wolfgang > > Am 20.01.25 um 19:52 schrieb Heikki Hyyrö: > > Dear all, > > > > I might(?) have a similar problem. When I upgragded Struts 2 version > > from 6.3.0.2 to 7.0.0 and replaced xworks2 imports by their struts2 > > counterparts, one problem is that the application's actions no longer > > receive parameters from html forms. I suppose this could be caused by an > > interceptor stack problem that fails to run the params interceptor? The > > app seemingly works normally without giving fundamental error messages, > > but actions get null-values as their request parameters and the app is > > unusable (e.g. one cannot even login as usernames and passwords are > > received as null). > > > > The link you posted states that a simple workaround is to continue using > > com.opensymphony.xwork2.ActionSupport. What would be the suggested way > > to do that? Add xwork separately as a maven independence? The newest > > version seems to be from 2009, is that still ok? > > > > Best regards > > Heikki > > > > Lukasz Lenart kirjoitti 9.1.2025 klo 12.20: > >> śr., 8 sty 2025 o 21:26 Tellis, Wyatt <wyatt.tel...@ucsf.edu.invalid> > >> napisał(a): > >>> I recently upgraded my app to 6.7.0 and saw that many classes are > >>> deprecated due to the renaming of the xwork2 packages. I tried > >>> changing the imports to use the org.apache.struts2 equivalents, but > >>> my application no longer works. Everything compiles correctly, but I > >>> get a 404 error when I go to any of the actions. I'm using the > >>> convention plugin to configure the actions and it seems as though > >>> none of the actions are being found. There are no errors in the logs > >>> and the app works fine if I keep using the original xworks2 classes. > >>> Any ideas what could be wrong? > >> I think this is already reported by this issue [1] yet I didn't have > >> time to take a look at it, probably something is wrong with detecting > >> based package by the Convention plugin so probably defining > >> "struts.convention.package.locators.basePackage" should help. > >> > >> [1] https://issues.apache.org/jira/browse/WW-5494 > >> > >> > >> Cheers > >> Łukasz > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
