Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-3858

Decouple token names from their respective session attribute names

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.4
    • Fix Version/s: 2.3.4.1
    • Component/s: Core Interceptors
    • Labels:
      None

      Description

      Currently token names are used as is to store session attributes for later token check. By namespacing session attributes security can be improved.

        Activity

        Hide
        rgielen Rene Gielen added a comment -

        Token names are now prefixed.

        Show
        rgielen Rene Gielen added a comment - Token names are now prefixed.
        Hide
        hudson Hudson added a comment -

        Integrated in Struts2 #515 (See https://builds.apache.org/job/Struts2/515/)
        WW-3858
        Decouple token names from their respective session attribute names (Revision 1368827)

        Result = SUCCESS
        rgielen :
        Files :

        • /struts/struts2/trunk
        • /struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java
        • /struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
        • /struts/struts2/trunk/core/src/main/java/org/apache/struts2/util/TokenHelper.java
        • /struts/struts2/trunk/core/src/test/java/org/apache/struts2/util/TokenHelperTest.java
        • /struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/jsp/ui/TokenTagTest.java
        Show
        hudson Hudson added a comment - Integrated in Struts2 #515 (See https://builds.apache.org/job/Struts2/515/ ) WW-3858 Decouple token names from their respective session attribute names (Revision 1368827) Result = SUCCESS rgielen : Files : /struts/struts2/trunk /struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java /struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java /struts/struts2/trunk/core/src/main/java/org/apache/struts2/util/TokenHelper.java /struts/struts2/trunk/core/src/test/java/org/apache/struts2/util/TokenHelperTest.java /struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/jsp/ui/TokenTagTest.java

          People

          • Assignee:
            rgielen Rene Gielen
            Reporter:
            rgielen Rene Gielen
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development