I resolved this myself by simply overriding the set(String, Object) method in my form, to ignore certain request parameter names that are not of type String in my LazyValidatorForm.
________________________________ From: Strachan, Paul Sent: Saturday, 10 March 2007 4:51 PM To: user@struts.apache.org Subject: [s1] handle exception in processPopulate? Hi, struts 1.2.9 beanutils 1.7.0 I receive a 500 'org.apache.commons.beanutils.ConversionException' originating from the RequestProcessor.processPopulate() displayed on the web page. I can usually make this type of error occur by "hacking" the http parameters, e.g. specifiying a request parameter which is actually a nested business object on the form OR say when a "restricted" DynaBean throws IllegalArgumentException for example. Is there any way to configure struts to simply log these types of errors and continue? Why can it be so easy for a hacker to break the processPopulate phase and receive information on the underlying exception? Even if I override processPopulate to ignore/log exceptions there may still be valid request parameters that are not yet populated on the form. I have an error-page mapping in web.xml, but was just wondering why we have so little control over processPopulate (I assume there is a good reason though :) Thanks for any feedback, Paul ********************************************************************** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. **********************************************************************
