Apache Struts 2 is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model–view–controller (MVC) architecture. The WebWork framework spun off from Apache Struts 1 aiming to offer enhancements and refinements while retaining the same general architecture of the original Struts framework. In December 2005, it was announced that WebWork 2.2 was adopted as Apache Struts 2, which reached its first full release in February 2007.
Struts 2 has a history of critical security bugs, many tied to its use of OGNL technology; some vulnerabilities can lead to arbitrary code execution. In October 2017, it was reported that failure by Equifax to address a Struts 2 vulnerability advised in March 2017 was later exploited in the data breach that was disclosed by Equifax in September 2017.
Oct 2 2017Features
- Simple POJO-based actions6
- Simplified testability
- Thread safe
- AJAX support
- jQuery plugin
- Dojo Toolkit plugin7 (deprecated)
- Ajax client-side validation
- Template support8
- Support for different result types9
- Easy to extend with plugins
- REST plugin10 (REST-based actions, extension-less URLs)
- Convention plugin (action configuration via Conventions and Annotations)
- Spring plugin11 (dependency injection)
- Hibernate plugin
- Support in design
- JFreechart plugin (charts)
- jQuery plugin (Ajax support, UI widgets, dynamic table, charts)
- Rome plugin
See also
- Free and open-source software portal
- Computer programming portal
Citations
- Newton, Dave (2009). Apache Struts 2 Web Application Development. Packt Publishing. ISBN 978-1-84719-339-1.
External links
References
About Apache Struts 2 Archived January 14, 2014, at the Wayback Machine https://struts.apache.org/release/2.2.x/ ↩
"Apache Struts : List of security vulnerabilities". cvedetails.com. Retrieved October 2, 2017. https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-6117/Apache-Struts.html ↩
Munoz, Alvaro (January 14, 2014). "Struts 2: OGNL Expression Injections". HPE.com. Archived from the original on October 3, 2017. Retrieved October 2, 2017. https://web.archive.org/web/20171003124645/https://community.saas.hpe.com/t5/Security-Research/Struts-2-OGNL-Expression-Injections/ba-p/288881#.WdL6ca2ZNxw ↩
Chirgwin, Richard (October 2, 2017). "Equifax couldn't find or patch vulnerable Struts implementations". The Register. Retrieved October 2, 2017. https://www.theregister.co.uk/2017/10/02/equifax_ceo_richard_smith_congressional_testimony/?mt=1506988904204 ↩
Goodin, Dan (October 2, 2017). "A series of delays and major errors led to massive Equifax breach". Ars Technica. Retrieved October 2, 2017. https://arstechnica.com/information-technology/2017/10/a-series-of-delays-and-major-errors-led-to-massive-equifax-breach/ ↩
Newton 2009, p. 9, §1 Struts and Agile Development - Actions. - Newton, Dave (2009). Apache Struts 2 Web Application Development. Packt Publishing. ISBN 978-1-84719-339-1. ↩
Newton 2009, p. 258, §13 Rich Internet Applications - Dojo tags. - Newton, Dave (2009). Apache Struts 2 Web Application Development. Packt Publishing. ISBN 978-1-84719-339-1. ↩
Newton 2009, p. 294, §12 Comprehensive Testing - Detour: Struts and Spring in a nutshell. - Newton, Dave (2009). Apache Struts 2 Web Application Development. Packt Publishing. ISBN 978-1-84719-339-1. ↩
Newton 2009, pp. 57–81, §4 Results and Result Types - Dojo tags. - Newton, Dave (2009). Apache Struts 2 Web Application Development. Packt Publishing. ISBN 978-1-84719-339-1. ↩
Newton 2009, pp. 249–255, §12 Themes and Templates - The REST plug-in. - Newton, Dave (2009). Apache Struts 2 Web Application Development. Packt Publishing. ISBN 978-1-84719-339-1. ↩
Newton 2009, p. 294, §13 Comprehensive Testing - Detour: Struts and Spring in a nutshell. - Newton, Dave (2009). Apache Struts 2 Web Application Development. Packt Publishing. ISBN 978-1-84719-339-1. ↩