-
Notifications
You must be signed in to change notification settings - Fork 811
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WW-5251 Reinstate deleted interfaces with transparent compat #898
Conversation
@brianandle If you bundle these classes with your Struts application, it should restore compatibility. |
|
||
@Override | ||
default void withParameters(HttpParameters parameters) { | ||
setParameters(parameters); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would need to be something like the following since the setParameters takes a Map:
Map<String, String[]> newParams = new HashMap<String, String[]>();
for(String key : parameters.keySet()){
Parameter p = parameters.get(key);
if(p instanceof Parameter.Request){
if(p.isMultiple()) {
newParams.put(key, p.getMultipleValues());
} else {
newParams.put(key, new String[] {p.getValue()});
}
}
}
setParameters(newParams);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're also missing the restoration of org.apache.struts2.interceptor.RequestAware which would be something like:
public interface RequestAware extends org.apache.struts2.action..ServletRequestAware {
void setRequest(Map<String,Object> request);
default void withServletRequest(HttpServletRequest request) {
setRequest(request.getParameterMap());
}
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I created https://issues.apache.org/jira/browse/WW-5403 as well which highlights some other classes/methods I found that (probably not just the ones listed) that were removed in a minor when they really, IMHO, should have been removed only in the next major (7.x).
I would worry what other newly deprecated, in 6.x, classes/methods were removed in a minor vs waiting until 7.x. Unless the class/method exposed a significant security risk on it's own.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as I know Struts has never adhered to SemVer. I noticed deprecations and deletions happening in successive minor versions when I first began contributing so I just went with it too. Maybe with 7.0.0 we can start adhering to it strictly if this is what the community/users would prefer?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From Struts 6.0.0 announcement page.
Version change
You can be surprised by the version change, previously we have been using Struts 2.5.x versioning schema, but this was a bit misleading. Struts 2 is a different framework than Struts 1 and its versioning is supposed to start with 1.0.0, yet that never happened. With each breaking changes release (like Struts 2.5), we had been only upgrading the MINOR part of the versioning schema. To fix that problem as from Struts 2 ver. 6.0.0 (aka Struts 2.6) we adopt a proper SemVer to avoid such confusion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes that was the approach (bundled compatibility jar) I took when upgrading my Struts application. This technique can be used for the renamed marker interfaces only however. The remaining API changes are easy enough to find and replace in your codebase.
I'll leave it to @lukaszlenart to decide whether we want to restore full API compatibility with Struts 6.0.0. Given you're upgrading from 2.5 and you're the first (as far as I know) to complain, I'm inclined to say no.
However, I'm very much in favour of ensuring there are no more SemVer violations henceforth.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using the four numbers format is an old approach to marking a given release a security hotfix. Anyway, restoring an old behaviour can be dangerous. I'm fine with restoring the old interfaces, yet I would be more careful brining back changes related to ActionContext - this is was a source of lot of security vulnerabilities.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That makes sense to not revert all of the ActionContext change. It might make sense to add back getName(), since it was never marked deprecated, marking deprecated and removing in 7.0.0.
I agree that reverting something that would re-expose a security issue wouldn't make sense. If the revert in #897 was done for 6.4.0.0 then from our implementation we'd be good to go. I created WW-5403 thinking about the community at large and that it could cause adoption issues.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me fix ParameterAware
and add RequestAware
to this PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@brianandle I believe this PR should be equivalent to #897 now - let me know if there's any issues
Quality Gate failedFailed conditions See analysis details on SonarCloud Catch issues before they fail your Quality Gate with our IDE extension SonarLint |
@Deprecated | ||
public interface ParameterAware extends org.apache.struts2.action.ParametersAware { | ||
|
||
void setParameters(Map map); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To match the existing signature, which caused build issues for us, this needs to be:
setParameters(Map<String, String[]> map);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah good catch, not sure how I managed to drop the generic types here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did check the other files in the review and it was just this one.
We were able to build fine and it's going through our automation, what we have anyway, tonight.
Sorry, I merged wrong PR :( Should I revert it? |
@lukaszlenart I believe it's the correct one, this seems like a better approach vs the revert, but the ParameterAware still needs an additional change by @kusalk. Or you could fix the method signature (see comment) |
Thanks @kusalk that other PR looks good to me. Commented there too |
Partially reverts #670 to restore compatibility with deprecated interfaces
Refs WW-5251