The web application uses struts2-core-2.3.16.3. Since Apache struts 2.x before 2.3.25 have vulnerability with cross site scripting, we need to migrate to struts2.3.25 and above. Not sure on the dependency jar files. Please advise on the jar files that needs to changed apart from struts2-core-2.3.16.3.
Related
i am using idea ultimate 2020.3
i created a maven web project.
when i changed java or jsp files and choose update class and resources, they can be hot deploy.
however, if i changed files under src/main/resources, e.g. mybatis xml file under src/main/resouces/config/mapper, they cannot be hot deploy.
how can i fix it?
Make sure you are deploying an exploded artifact, see Update applications on application servers
Also make sure the module has configured Web resources (has the Web facet with Web Resource Directories and Source Roots configured:
I'm having an EAR project, consisting from 3 modules/projects: WEB, EJB and JPA. In WEB project, i have added log4j2 for logging. Therefore i've putted log4j2.xml file into WebContent/WEB-INF/ direcotry.
Now, i have made two projects out of one: the developer version and the test version. The differs mainly in project name. They also have different file location configured in log4j2.xml file, to which to write logs.
When i deploy only one project (for instance developer version), everything works fine. However, when im deploying both projects, then, both of them are logging to the same file (it is always the file configured in log4j2 from the project that was deployed first).
My Glassfish version is 3.1.2.2 and Log4j2 version is 2.0.2.
Does any one konws how to solve it?
The log4j2 manual has details on configuration for web applications.
Are the log4j2 jar files also in the WebProject1/WEB-INF/lib and WebProject2/WEB-INF/lib folders (and not in some shared location)? That way the log4j2 classes will be loaded by separate webapp class loaders and they can have separate configurations.
I've read in the documentations of Apache Ace 2 that it works with Equinox OSGi targets as well, but I can't find out how to configure it. I am aware there is already p2 for Equinox but I also want to integrate it with the Ace software.
I've found somewhere that I should edit managementagent bundle, if that's true still don't know how.
The binary release of Apache ACE ships with:
An executable jar that contains Apache Felix and the management agent. It can be found in the server-allinone/store folder and is called ace-launcher.jar
A "development" target in the target/ folder that can be used to for development/testing and pre-installs a shell, logging and the management agent.
Neither gives you Equinox out of the box.
However, if you checkout the ACE sources, there is a project called org.apache.ace.agent.launcher which creates two jar files:
felix.bnd which creates the ace-launcher.jar mentioned above and embeds Apache Felix
base.bnd which relies on the standardized launcher API of OSGi and will bootstrap the first framework it finds on the classpath
So, you can either use the artifact generated by base.bnd and put Equinox on your classpath, or take felix.bnd and modify it so it will run equinox instead.
By the way, we would be happy to accept such work as a patch so we can provide this out of the box.
I have built a Spring 3 MVC driven RESTful web service app. I use Maven 2 to manage the application lifecycle including packaging up the WAR for distribution. As part of the end solution, I filter application requests through Apache to handle some of the GET requests for static content. This of course requires that I have several custom configurations in Apache configuration files.
My question is this, I would like to package and version these Apache configurations with ( not inside) the WAR, is there a clean way to do this? (using maven?)
Currently, the configuration changes are just included as installation instructions.
My question is this, I would like to package and version these Apache configurations with (not inside) the WAR, is there a clean way to do this? (using maven?)
I'd put such files in a dedicated module (with a pom packaging) and use the Maven Assembly Plugin to create a .zip archive to be unzipped on the target machine(s) and that would be part of the delivery.
Worked pretty well in the past.
I'm building my application to run in an OSGi container. I use Maven and the Maven Bundle Plugin from Apache Felix to set up the OSGi manifests for my own modules and that works great.
Now, I'm deploying my bundles into an OSGi container together with several 3rd party libraries. Some of these are already OSGi-fied when I get them from the Maven repos, others, I want to convert into OSGi-compatible jars. I want to set up a Maven project that collects all dependencies, and puts each in its own OSGi jar. The ultimate goal is to collect these jars and my own into an assembly that I can use as a standalone deployment package.
I know how to convert standard jars to OSGi jars, and I have a (somewhat hackish) approach to merge multiple OSGi bundles, even if I probably shouldn't. But if I have a dependency that's already fine as it is, and I just want to copy it from the repo into my assembly, what part of Maven do I use? The bundle plugin is wrong, it messes up the manifests if a dependency is already OSGi-compatible. Do I use the dependency-plugin, the assembly plugin or something else?
I have the feeling I'm overlooking something very simple here.
Did you have a look at the PAX tools? In particular Pax-Runner and
pax-construct... They do not only give you a nice template to start with, but also solve most the problems you mentioned for free.
We use many libraries which are not OSGified by the vendor and which are not available on the Spring bundle repository. We also have many of these and want to deploy them all together hassle free. For this we have created a 2-layer maven setup:
Individual maven projects that either download or contain (as 'system' scope depends) the 3rd party lib in question, and OSGify these using the Apache Felix bundle plugin
One container project that has a dependency on all of these small projects and makes an assembly of them using the core assembly maven plugin. This POM also uses the copy-dependencies goal of maven to make sure everything is in place.
Once it is turned into an assembly (ours is a tar file) we deploy this to our servers. We have gone one step further and used this assembly of 3rd party libraries as the Target Platform for our Eclipse build environment. But this may be irrelevant for you.
You can get OSGi friendly versions of many common artifacts from the Spring bundle repository. So you may not have to do it yourself.
See details of how to configure the bundle repository for Maven.
(will update with some ideas for those that aren't available as bundles already)