0

Due to a recent vulnerability identified with Struts 2.33, we are upgrading one of our project to Struts 2.5.10 and while doing this, I see the below error when trying to launch the application. Does anyone know why do I see this?

I have below jars added under WEB-INF/lib ognl-3.1.12.jar struts2-core-2.5.10.1.jar struts2-json-plugin-2.5.10.1.jar struts2-spring-plugin-2.5.10.1.jar struts2-tiles-plugin-2.5.10.1.jar xwork-core-2.3.32.jar

Thank you for your help :)

2017-07-14 16:53:54,746 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /member/: Unable to load configuration. - [unknown location]
    at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:499)
    at org.apache.struts2.dispatcher.InitOperations.initDispatcher(InitOperations.java:75)
    at org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.init(StrutsPrepareAndExecuteFilter.java:63)
    at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:111)
    at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:84)
    at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:97)
    at io.undertow.servlet.core.ManagedFilter.createFilter(ManagedFilter.java:80)
    at io.undertow.servlet.core.ManagedFilter.getFilter(ManagedFilter.java:66)
    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
    at com.my.company.member.web.security.DisableUrlSessionFilter.doFilter(DisableUrlSessionFilter.java:39)
    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
    at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
    at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
    at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
    at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
    at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
    at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
    at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
    at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
    at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
    at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:792)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: Unable to load configuration. - [unknown location]
    at com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:70)
    at org.apache.struts2.dispatcher.Dispatcher.getContainer(Dispatcher.java:906)
    at org.apache.struts2.dispatcher.Dispatcher.init_PreloadConfiguration(Dispatcher.java:445)
    at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:486)
    ... 40 more
Caused by: Parent package is not defined: json-default - [unknown location]
    at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.buildPackageContext(XmlConfigurationProvider.java:686)
    at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.addPackage(XmlConfigurationProvider.java:536)
    at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadPackages(XmlConfigurationProvider.java:323)
    at org.apache.struts2.config.StrutsXmlConfigurationProvider.loadPackages(StrutsXmlConfigurationProvider.java:108)
    at com.opensymphony.xwork2.config.impl.DefaultConfiguration.reloadContainer(DefaultConfiguration.java:189)
    at com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:67)
    ... 43 more
Prasann
  • 1,263
  • 2
  • 11
  • 18
  • Hi Aleksandr, Thanks for your reply. Yes, there is no xwork jar in 2.5.x, but do you know if we cannot use Struts 2.5.x with any older version of xwork? – Prasann Jul 17 '17 at 09:23
  • You don't need a separate xwork jar with 2.5.x series. Remove it. Make sure that json plugin jar is packaged in your app. – Aleksandr M Jul 17 '17 at 20:58
  • Maybe also interesting: Migration guides with Package renames, deprecations and removals: https://cwiki.apache.org/confluence/display/WW/Migration+Guide – beendr Jul 19 '17 at 06:04
  • Hi Aleksandr,Thanks again for your reply. This morning I tried the same, I removed the xwork jar and have only one version of json plugin jar packaged in the war. I still see the same issue. I am now analysing to see if I really need the JSON plugin. – Prasann Jul 19 '17 at 11:05
  • Hi beendr, thanks for your reply. I have seen this before and there is one more guide by apache for upgrade, but couldn't find help around this. Thanks – Prasann Jul 19 '17 at 11:07

0 Answers0