czw., 29 maj 2025 o 20:42 Ute Kaiser <ut...@web.de.invalid> napisał(a):
>
> Lukasz, thank you for your advice.
> I got rid of almost all by moving logic into the action and passing new flags
> to jsp instead.
>
> e.g.
> Migrating struts1
> <logic:present name="myList">
> <logic:notEmpty name="myList">
> by
> <s:if test="%{myList != null && !myList.isEmpty()}">
> raised
> WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-2)
> Declaring class [class java.util.ArrayList] of member type [public boolean
> java.util.ArrayList.isEmpty()] is not allowlisted!
>
> Solution according to your advice:
> - Checking myList in the Action
> - passing a new flag hasData=true|false to the jsp
> - <s:if test="%{hasData}">
> worked.
Very good, thanks for sharing your thoughts and solution!
> One entry remaining in struts.allowlist.classes - the world won't end because
> of this :-)
That's good, it means your app is very secure :)
Cheers
Łukasz
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
