Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-5194

UIBean.evaluateParams() throws an IllegalStateException when getting the nonce out of a session that has been invalidated.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Not A Problem
    • 6.0.0
    • 6.0.3
    • Core

    Description

      Summary

      UIBean.evaluateParams() grabs the nonce out of the session without first checking that it exists, causing an IllegalStateException to be thrown if the session has been invalidated. This breaks our use case where we invalidate a session, but still want to use ActionError to convey information to the user. It doesn't appear that this change relates to removing double evaluations, so I would consider this a regression.

      Triage

      This was introduced when refactoring to fix double evaluations:

      Object nonceValue = session != null ? session.get("nonce") : null;
      if (nonceValue != null){ 
          addParameter("nonce", nonceValue.toString()); 
      }

      The previous previous revision first checks that the key exists before attempting to pull it out:

      if (session.containsKey("nonce")) {               
         String nonceValue = session.get("nonce").toString();
         addParameter("nonce", nonceValue);           
      }
      

      Attachments

        Activity

          People

            yasserzamani Yasser Zamani
            joseph.wolschon Joseph Wolschon
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: