Struts 2
  1. Struts 2
  2. WW-3858

Decouple token names from their respective session attribute names

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.4
    • Fix Version/s: 2.3.4.1
    • Component/s: Core Interceptors
    • Labels:
      None

      Description

      Currently token names are used as is to store session attributes for later token check. By namespacing session attributes security can be improved.

        Activity

        Hide
        Hudson added a comment -

        Integrated in Struts2 #515 (See https://builds.apache.org/job/Struts2/515/)
        WW-3858
        Decouple token names from their respective session attribute names (Revision 1368827)

        Result = SUCCESS
        rgielen :
        Files :

        • /struts/struts2/trunk
        • /struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java
        • /struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
        • /struts/struts2/trunk/core/src/main/java/org/apache/struts2/util/TokenHelper.java
        • /struts/struts2/trunk/core/src/test/java/org/apache/struts2/util/TokenHelperTest.java
        • /struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/jsp/ui/TokenTagTest.java
        Show
        Hudson added a comment - Integrated in Struts2 #515 (See https://builds.apache.org/job/Struts2/515/ ) WW-3858 Decouple token names from their respective session attribute names (Revision 1368827) Result = SUCCESS rgielen : Files : /struts/struts2/trunk /struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java /struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java /struts/struts2/trunk/core/src/main/java/org/apache/struts2/util/TokenHelper.java /struts/struts2/trunk/core/src/test/java/org/apache/struts2/util/TokenHelperTest.java /struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/jsp/ui/TokenTagTest.java
        Hide
        Rene Gielen added a comment -

        Token names are now prefixed.

        Show
        Rene Gielen added a comment - Token names are now prefixed.

          People

          • Assignee:
            Rene Gielen
            Reporter:
            Rene Gielen
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development