├── .gitignore
├── README.md
├── struts-2.3-any-results
    ├── any-results
    │   ├── pom.xml
    │   └── src
    │   │   └── main
    │   │       ├── java
    │   │           └── org
    │   │           │   └── apache
    │   │           │       └── struts
    │   │           │           └── helloworld
    │   │           │               └── action
    │   │           │                   └── MainAction.java
    │   │       ├── resources
    │   │           ├── log4j2.xml
    │   │           └── struts.xml
    │   │       └── webapp
    │   │           ├── META-INF
    │   │               └── MANIFEST.MF
    │   │           ├── WEB-INF
    │   │               └── web.xml
    │   │           ├── confidential.jsp
    │   │           └── login.jsp
    └── pom.xml
└── struts-2.5-any-results
    ├── any-results
        ├── pom.xml
        └── src
        │   └── main
        │       ├── java
        │           └── org
        │           │   └── apache
        │           │       └── struts
        │           │           └── helloworld
        │           │               └── action
        │           │                   └── MainAction.java
        │       ├── resources
        │           ├── log4j2.xml
        │           └── struts.xml
        │       └── webapp
        │           ├── META-INF
        │               └── MANIFEST.MF
        │           ├── WEB-INF
        │               └── web.xml
        │           ├── confidential.jsp
        │           └── login.jsp
    └── pom.xml


/.gitignore:
--------------------------------------------------------------------------------
 1 | # IDEA
 2 | .idea
 3 | *.iml
 4 | *.ipr
 5 | *.iws
 6 | 
 7 | # Eclipse
 8 | .classpath
 9 | .project
10 | .settings/
11 | 
12 | # Netbeans
13 | nb-configuration.xml
14 | 
15 | # OSX
16 | .DS_Store
17 | 
18 | # Scripts
19 | *.sh
20 | 
21 | # Maven
22 | target
23 | 
24 | .java-version
25 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Struts 2 - Access any results vulnerability
 2 | 
 3 | This is an example project that demonstrates why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.
 4 | 
 5 | ### Usage:
 6 | 
 7 | Execute `mvn jetty:run` in the `any-results` directory. You can access the website then at:
 8 | 
 9 | http://localhost:8080/any-results/
10 | 
11 | ### Exploitation:
12 | 
13 | http://localhost:8080/any-results/index!getAccessCode.action?accessCode=confidential
14 | 


--------------------------------------------------------------------------------
/struts-2.3-any-results/any-results/pom.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
 3 |          xmlns="http://maven.apache.org/POM/4.0.0"
 4 |          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 5 |     <modelVersion>4.0.0</modelVersion>
 6 |     <parent>
 7 |         <groupId>org.apache.struts</groupId>
 8 |         <artifactId>struts-examples</artifactId>
 9 |         <version>1.0.0</version>
10 |     </parent>
11 | 
12 |     <artifactId>any-results</artifactId>
13 |     <name>Any Results</name>
14 |     <description>Struts 2 example application for the any results vulnerability</description>
15 |     <packaging>war</packaging>
16 | 
17 | 	<dependencies>
18 | 	<dependency>
19 |     <groupId>javax.servlet</groupId>
20 |     <artifactId>javax.servlet-api</artifactId>
21 |     <version>3.0.1</version>
22 |     <scope>provided</scope>
23 | </dependency>
24 | </dependencies>
25 | 	
26 |     <build>
27 |         <finalName>http-session</finalName>
28 |         <plugins>
29 |             <plugin>
30 |                 <groupId>org.eclipse.jetty</groupId>
31 |                 <artifactId>jetty-maven-plugin</artifactId>
32 |                 <version>${jetty-plugin.version}</version>
33 |                 <configuration>
34 |                     <webApp>
35 |                         <contextPath>/${project.artifactId}</contextPath>
36 |                     </webApp>
37 |                     <stopKey>CTRL+C</stopKey>
38 |                     <stopPort>8999</stopPort>
39 |                     <scanIntervalSeconds>10</scanIntervalSeconds>
40 |                     <scanTargets>
41 |                         <scanTarget>src/main/webapp/WEB-INF/web.xml</scanTarget>
42 |                     </scanTargets>
43 | 		 
44 |                 </configuration>
45 |             </plugin>
46 |         </plugins>
47 |     </build>
48 | </project>
49 | 


--------------------------------------------------------------------------------
/struts-2.3-any-results/any-results/src/main/java/org/apache/struts/helloworld/action/MainAction.java:
--------------------------------------------------------------------------------
 1 | package org.apache.struts.helloworld.action;
 2 | 
 3 | import com.opensymphony.xwork2.ActionSupport;
 4 | 
 5 | import java.util.Random;
 6 | 
 7 | public class MainAction extends ActionSupport {
 8 | 	
 9 | 	private final static Random rnd = new Random();
10 | 	private final static String expectedAccessCode = ""+(rnd.nextInt()+100000)+(rnd.nextInt()+100000)+(rnd.nextInt()+100000)+(rnd.nextInt()+100000)+(rnd.nextInt()+100000);
11 | 	
12 | 	private String accessCode;
13 | 	public void setAccessCode(String accessCode) {
14 | 		this.accessCode = accessCode;
15 | 	}
16 | 	public String getAccessCode() {
17 | 		return accessCode;
18 | 	}
19 | 
20 | 	public String execute() throws Exception {
21 | 		if(expectedAccessCode.equals(accessCode))
22 | 			return "confidential";
23 | 		else
24 | 		if(accessCode != null)
25 | 			this.addActionError("Invalid access code provided!");
26 | 				
27 | 		return "login";
28 | 	}
29 | 	
30 | }
31 | 


--------------------------------------------------------------------------------
/struts-2.3-any-results/any-results/src/main/resources/log4j2.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <Configuration>
 3 |     <Appenders>
 4 |         <Console name="STDOUT" target="SYSTEM_OUT">
 5 |             <PatternLayout pattern="%d %-5p [%t] %C{2} (%F:%L) - %m%n"/>
 6 |         </Console>
 7 |     </Appenders>
 8 |     <Loggers>
 9 |         <Logger name="com.opensymphony.xwork2" level="info"/>
10 |         <Logger name="org.apache.struts2" level="info"/>
11 |         <Logger name="org.apache.struts2.helloworld" level="debug"/>
12 |         <Root level="debug">
13 |             <AppenderRef ref="STDOUT"/>
14 |         </Root>
15 |     </Loggers>
16 | </Configuration>


--------------------------------------------------------------------------------
/struts-2.3-any-results/any-results/src/main/resources/struts.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE struts PUBLIC
 3 | 		"-//Apache Software Foundation//DTD Struts Configuration 2.5//EN"
 4 | 		"http://struts.apache.org/dtds/struts-2.5.dtd">
 5 | 
 6 | <struts>
 7 | 
 8 | 	<constant name="struts.devMode" value="true" />
 9 |     <constant name="struts.enable.DynamicMethodInvocation" value="true" />
10 | 
11 | 	<package name="basicstruts2" extends="struts-default" strict-method-invocation="false">
12 | 			
13 | 		<default-interceptor-ref name="defaultStack" />
14 | 
15 | 		<action name="index" class="org.apache.struts.helloworld.action.MainAction" method="execute">
16 |             <result name="login">/login.jsp</result>
17 |             <result name="confidential">/confidential.jsp</result>
18 | 		</action>
19 | 
20 | 	</package>
21 | 
22 | </struts>
23 | 


--------------------------------------------------------------------------------
/struts-2.3-any-results/any-results/src/main/webapp/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Class-Path: 
3 | 
4 | 


--------------------------------------------------------------------------------
/struts-2.3-any-results/any-results/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
 3 | <display-name>HTTP Session Struts 2</display-name>
 4 |   <welcome-file-list>
 5 |     <welcome-file>index.jsp</welcome-file>
 6 |   </welcome-file-list>
 7 |   
 8 |   					 
 9 |     <filter>
10 |         <filter-name>struts2</filter-name>
11 |         <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
12 |     </filter>
13 | 
14 |      <filter-mapping>
15 |         <filter-name>struts2</filter-name>
16 |         <url-pattern>/*</url-pattern>
17 |     </filter-mapping>
18 |     
19 | </web-app>
20 | 


--------------------------------------------------------------------------------
/struts-2.3-any-results/any-results/src/main/webapp/confidential.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
 2 | <%@ taglib prefix="s" uri="/struts-tags" %>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 | <title>Basic Struts 2 Application - Welcome</title>
 8 | </head>
 9 | <body>
10 | 
11 | This is some very sensitive information that could not be accessed otherwise.
12 | 
13 | </body>
14 | </html>


--------------------------------------------------------------------------------
/struts-2.3-any-results/any-results/src/main/webapp/login.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
 2 | <%@ taglib prefix="s" uri="/struts-tags" %>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 | <title>Basic Struts 2 Application - Welcome</title>
 8 | </head>
 9 | <body>
10 | <h1>This is an important resource so you need to provide the secret code first to access it.</h1>
11 | 
12 | <s:actionerror />
13 | 
14 |   <s:form>
15 | 
16 |     <s:textfield name="accessCode" label="Access Code"/>
17 | 
18 |     <s:submit/>
19 | 
20 | </s:form>	
21 | </body>
22 | </html>


--------------------------------------------------------------------------------
/struts-2.3-any-results/pom.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8"?>
  2 | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  3 |          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  4 |     <modelVersion>4.0.0</modelVersion>
  5 |     <groupId>org.apache.struts</groupId>
  6 |     <artifactId>struts-examples</artifactId>
  7 |     <version>1.0.0</version>
  8 |     <packaging>pom</packaging>
  9 |     <name>Struts 2 Examples</name>
 10 |     <description>
 11 |         This is the parent pom for the Struts 2 examples that
 12 |         go with the Struts 2 Getting Started series of tutorials.
 13 |     </description>
 14 | 
 15 |     <licenses>
 16 |         <license>
 17 |             <name>The Apache Software License, Version 2.0</name>
 18 |             <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
 19 |             <distribution>repo</distribution>
 20 |             <comments/>
 21 |         </license>
 22 |     </licenses>
 23 | 
 24 |     <organization>
 25 |         <name>Apache Software Foundation</name>
 26 |         <url>http://www.apache.org</url>
 27 |     </organization>
 28 | 
 29 |     <scm>
 30 |         <connection>scm:git:git://git.apache.org/struts.git</connection>
 31 |         <developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/struts-examples.git</developerConnection>
 32 |         <url>http://git.apache.org/struts-examples.git</url>
 33 |         <tag>HEAD</tag>
 34 |     </scm>
 35 | 
 36 |     <issueManagement>
 37 |         <system>JIRA</system>
 38 |         <url>https://issues.apache.org/jira/browse/WW</url>
 39 |     </issueManagement>
 40 | 
 41 |     <properties>
 42 |         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 43 | 		<struts2.version>2.3.35</struts2.version>
 44 |         <log4j2.version>2.9.1</log4j2.version>
 45 |         <jetty-plugin.version>9.4.11.v20180605</jetty-plugin.version>
 46 |     </properties>
 47 | 
 48 |     <dependencies>
 49 | 		
 50 |         <dependency>
 51 |             <groupId>org.apache.struts</groupId>
 52 |             <artifactId>struts2-core</artifactId>
 53 |             <version>${struts2.version}</version>
 54 |         </dependency>
 55 | 
 56 | 		<dependency>
 57 | 			<groupId>org.apache.struts</groupId>
 58 | 			<artifactId>struts2-convention-plugin</artifactId>
 59 | 			<version>${struts2.version}</version>
 60 | 		</dependency>
 61 | 
 62 |         <dependency>
 63 |             <groupId>org.apache.logging.log4j</groupId>
 64 |             <artifactId>log4j-core</artifactId>
 65 |             <version>${log4j2.version}</version>
 66 |         </dependency>
 67 | 
 68 | 
 69 |     </dependencies>
 70 | 
 71 |     <dependencyManagement>
 72 |         <dependencies>
 73 |             <dependency>
 74 |                 <groupId>org.apache.logging.log4j</groupId>
 75 |                 <artifactId>log4j-api</artifactId>
 76 |                 <version>${log4j2.version}</version>
 77 |             </dependency>
 78 |         </dependencies>
 79 |     </dependencyManagement>
 80 | 
 81 |     <build>
 82 | 
 83 |         <plugins>
 84 |             <plugin>
 85 |                 <groupId>org.apache.maven.plugins</groupId>
 86 |                 <artifactId>maven-compiler-plugin</artifactId>
 87 |                 <version>3.3</version>
 88 |                 <configuration>
 89 |                     <source>1.8</source>
 90 |                     <target>1.8</target>
 91 |                 </configuration>
 92 |             </plugin>
 93 |             <plugin>
 94 |                 <groupId>org.apache.maven.plugins</groupId>
 95 |                 <artifactId>maven-javadoc-plugin</artifactId>
 96 |                 <version>2.10.4</version>
 97 |                 <configuration>
 98 |                     <additionalparam>-Xdoclint:none</additionalparam>
 99 |                 </configuration>
100 |             </plugin>
101 |         </plugins>
102 | 
103 |     </build>
104 | 
105 |     <repositories>
106 |         <repository>
107 |             <id>apache-public</id>
108 |             <url>https://repository.apache.org/content/groups/public/</url>
109 |             <layout>default</layout>
110 |         </repository>
111 |         <repository>
112 |             <id>apache-staging</id>
113 |             <url>https://repository.apache.org/content/groups/staging/</url>
114 |             <layout>default</layout>
115 |         </repository>
116 |         <repository>
117 |             <id>apache-snapshots</id>
118 |             <url>https://repository.apache.org/content/groups/snapshots/</url>
119 |             <layout>default</layout>
120 |             <snapshots>
121 |                 <enabled>true</enabled>
122 |             </snapshots>
123 |         </repository>
124 |         <repository>
125 |             <id>oss-snapshots</id>
126 |             <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
127 |             <layout>default</layout>
128 |             <snapshots>
129 |                 <enabled>true</enabled>
130 |             </snapshots>
131 |         </repository>
132 |     </repositories>
133 | 
134 | </project>
135 | 


--------------------------------------------------------------------------------
/struts-2.5-any-results/any-results/pom.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
 3 |          xmlns="http://maven.apache.org/POM/4.0.0"
 4 |          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 5 |     <modelVersion>4.0.0</modelVersion>
 6 |     <parent>
 7 |         <groupId>org.apache.struts</groupId>
 8 |         <artifactId>struts-examples</artifactId>
 9 |         <version>1.0.0</version>
10 |     </parent>
11 | 
12 |     <artifactId>any-results</artifactId>
13 |     <name>Any Results</name>
14 |     <description>Struts 2 example application for the any results vulnerability</description>
15 |     <packaging>war</packaging>
16 | 
17 | 	<dependencies>
18 | 	<dependency>
19 |     <groupId>javax.servlet</groupId>
20 |     <artifactId>javax.servlet-api</artifactId>
21 |     <version>3.0.1</version>
22 |     <scope>provided</scope>
23 | </dependency>
24 | </dependencies>
25 | 	
26 |     <build>
27 |         <finalName>http-session</finalName>
28 |         <plugins>
29 |             <plugin>
30 |                 <groupId>org.eclipse.jetty</groupId>
31 |                 <artifactId>jetty-maven-plugin</artifactId>
32 |                 <version>${jetty-plugin.version}</version>
33 |                 <configuration>
34 |                     <webApp>
35 |                         <contextPath>/${project.artifactId}</contextPath>
36 |                     </webApp>
37 |                     <stopKey>CTRL+C</stopKey>
38 |                     <stopPort>8999</stopPort>
39 |                     <scanIntervalSeconds>10</scanIntervalSeconds>
40 |                     <scanTargets>
41 |                         <scanTarget>src/main/webapp/WEB-INF/web.xml</scanTarget>
42 |                     </scanTargets>
43 | 		 
44 |                 </configuration>
45 |             </plugin>
46 |         </plugins>
47 |     </build>
48 | </project>
49 | 


--------------------------------------------------------------------------------
/struts-2.5-any-results/any-results/src/main/java/org/apache/struts/helloworld/action/MainAction.java:
--------------------------------------------------------------------------------
 1 | package org.apache.struts.helloworld.action;
 2 | 
 3 | import com.opensymphony.xwork2.ActionSupport;
 4 | 
 5 | import java.util.Random;
 6 | 
 7 | public class MainAction extends ActionSupport {
 8 | 	
 9 | 	private final static Random rnd = new Random();
10 | 	private final static String expectedAccessCode = ""+(rnd.nextInt()+100000)+(rnd.nextInt()+100000)+(rnd.nextInt()+100000)+(rnd.nextInt()+100000)+(rnd.nextInt()+100000);
11 | 	
12 | 	private String accessCode;
13 | 	public void setAccessCode(String accessCode) {
14 | 		this.accessCode = accessCode;
15 | 	}
16 | 	public String getAccessCode() {
17 | 		return accessCode;
18 | 	}
19 | 
20 | 	public String execute() throws Exception {
21 | 		if(expectedAccessCode.equals(accessCode))
22 | 			return "confidential";
23 | 		else
24 | 		if(accessCode != null)
25 | 			this.addActionError("Invalid access code provided!");
26 | 				
27 | 		return "login";
28 | 	}
29 | 	
30 | }
31 | 


--------------------------------------------------------------------------------
/struts-2.5-any-results/any-results/src/main/resources/log4j2.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <Configuration>
 3 |     <Appenders>
 4 |         <Console name="STDOUT" target="SYSTEM_OUT">
 5 |             <PatternLayout pattern="%d %-5p [%t] %C{2} (%F:%L) - %m%n"/>
 6 |         </Console>
 7 |     </Appenders>
 8 |     <Loggers>
 9 |         <Logger name="com.opensymphony.xwork2" level="info"/>
10 |         <Logger name="org.apache.struts2" level="info"/>
11 |         <Logger name="org.apache.struts2.helloworld" level="debug"/>
12 |         <Root level="debug">
13 |             <AppenderRef ref="STDOUT"/>
14 |         </Root>
15 |     </Loggers>
16 | </Configuration>


--------------------------------------------------------------------------------
/struts-2.5-any-results/any-results/src/main/resources/struts.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE struts PUBLIC
 3 | 		"-//Apache Software Foundation//DTD Struts Configuration 2.5//EN"
 4 | 		"http://struts.apache.org/dtds/struts-2.5.dtd">
 5 | 
 6 | <struts>
 7 | 
 8 | 	<constant name="struts.devMode" value="true" />
 9 |     <constant name="struts.enable.DynamicMethodInvocation" value="true" />
10 | 
11 | 	<package name="basicstruts2" extends="struts-default" strict-method-invocation="false">
12 | 			
13 | 		<default-interceptor-ref name="defaultStack" />
14 | 
15 | 		<action name="index" class="org.apache.struts.helloworld.action.MainAction" method="execute">
16 |             <result name="login">/login.jsp</result>
17 |             <result name="confidential">/confidential.jsp</result>
18 | 		</action>
19 | 
20 | 	</package>
21 | 
22 | </struts>
23 | 


--------------------------------------------------------------------------------
/struts-2.5-any-results/any-results/src/main/webapp/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Class-Path: 
3 | 
4 | 


--------------------------------------------------------------------------------
/struts-2.5-any-results/any-results/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
 3 | <display-name>HTTP Session Struts 2</display-name>
 4 |   <welcome-file-list>
 5 |     <welcome-file>index.jsp</welcome-file>
 6 |   </welcome-file-list>
 7 |   
 8 |   					 
 9 |     <filter>
10 |         <filter-name>struts2</filter-name>
11 |         <filter-class>org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter</filter-class>
12 |     </filter>
13 | 
14 |      <filter-mapping>
15 |         <filter-name>struts2</filter-name>
16 |         <url-pattern>/*</url-pattern>
17 |     </filter-mapping>
18 |     
19 | </web-app>
20 | 


--------------------------------------------------------------------------------
/struts-2.5-any-results/any-results/src/main/webapp/confidential.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
 2 | <%@ taglib prefix="s" uri="/struts-tags" %>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 | <title>Basic Struts 2 Application - Welcome</title>
 8 | </head>
 9 | <body>
10 | 
11 | This is some very sensitive information that could not be accessed otherwise.
12 | 
13 | </body>
14 | </html>


--------------------------------------------------------------------------------
/struts-2.5-any-results/any-results/src/main/webapp/login.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
 2 | <%@ taglib prefix="s" uri="/struts-tags" %>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 | <title>Basic Struts 2 Application - Welcome</title>
 8 | </head>
 9 | <body>
10 | <h1>This is an important resource so you need to provide the secret code first to access it.</h1>
11 | 
12 | <s:actionerror />
13 | 
14 |   <s:form>
15 | 
16 |     <s:textfield name="accessCode" label="Access Code"/>
17 | 
18 |     <s:submit/>
19 | 
20 | </s:form>	
21 | </body>
22 | </html>


--------------------------------------------------------------------------------
/struts-2.5-any-results/pom.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8"?>
  2 | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  3 |          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  4 |     <modelVersion>4.0.0</modelVersion>
  5 |     <groupId>org.apache.struts</groupId>
  6 |     <artifactId>struts-examples</artifactId>
  7 |     <version>1.0.0</version>
  8 |     <packaging>pom</packaging>
  9 |     <name>Struts 2 Examples</name>
 10 |     <description>
 11 |         This is the parent pom for the Struts 2 examples that
 12 |         go with the Struts 2 Getting Started series of tutorials.
 13 |     </description>
 14 | 
 15 |     <licenses>
 16 |         <license>
 17 |             <name>The Apache Software License, Version 2.0</name>
 18 |             <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
 19 |             <distribution>repo</distribution>
 20 |             <comments/>
 21 |         </license>
 22 |     </licenses>
 23 | 
 24 |     <organization>
 25 |         <name>Apache Software Foundation</name>
 26 |         <url>http://www.apache.org</url>
 27 |     </organization>
 28 | 
 29 |     <scm>
 30 |         <connection>scm:git:git://git.apache.org/struts.git</connection>
 31 |         <developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/struts-examples.git</developerConnection>
 32 |         <url>http://git.apache.org/struts-examples.git</url>
 33 |         <tag>HEAD</tag>
 34 |     </scm>
 35 | 
 36 |     <issueManagement>
 37 |         <system>JIRA</system>
 38 |         <url>https://issues.apache.org/jira/browse/WW</url>
 39 |     </issueManagement>
 40 | 
 41 |     <properties>
 42 |         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 43 | 		<struts2.version>2.5.18</struts2.version>
 44 |         <log4j2.version>2.9.1</log4j2.version>
 45 |         <jetty-plugin.version>9.4.11.v20180605</jetty-plugin.version>
 46 |     </properties>
 47 | 
 48 |     <dependencies>
 49 | 		
 50 |         <dependency>
 51 |             <groupId>org.apache.struts</groupId>
 52 |             <artifactId>struts2-core</artifactId>
 53 |             <version>${struts2.version}</version>
 54 |         </dependency>
 55 | 
 56 | 		<dependency>
 57 | 			<groupId>org.apache.struts</groupId>
 58 | 			<artifactId>struts2-convention-plugin</artifactId>
 59 | 			<version>${struts2.version}</version>
 60 | 		</dependency>
 61 | 
 62 |         <dependency>
 63 |             <groupId>org.apache.logging.log4j</groupId>
 64 |             <artifactId>log4j-core</artifactId>
 65 |             <version>${log4j2.version}</version>
 66 |         </dependency>
 67 | 
 68 | 
 69 |     </dependencies>
 70 | 
 71 |     <dependencyManagement>
 72 |         <dependencies>
 73 |             <dependency>
 74 |                 <groupId>org.apache.logging.log4j</groupId>
 75 |                 <artifactId>log4j-api</artifactId>
 76 |                 <version>${log4j2.version}</version>
 77 |             </dependency>
 78 |         </dependencies>
 79 |     </dependencyManagement>
 80 | 
 81 |     <build>
 82 | 
 83 |         <plugins>
 84 |             <plugin>
 85 |                 <groupId>org.apache.maven.plugins</groupId>
 86 |                 <artifactId>maven-compiler-plugin</artifactId>
 87 |                 <version>3.3</version>
 88 |                 <configuration>
 89 |                     <source>1.8</source>
 90 |                     <target>1.8</target>
 91 |                 </configuration>
 92 |             </plugin>
 93 |             <plugin>
 94 |                 <groupId>org.apache.maven.plugins</groupId>
 95 |                 <artifactId>maven-javadoc-plugin</artifactId>
 96 |                 <version>2.10.4</version>
 97 |                 <configuration>
 98 |                     <additionalparam>-Xdoclint:none</additionalparam>
 99 |                 </configuration>
100 |             </plugin>
101 |         </plugins>
102 | 
103 |     </build>
104 | 
105 |     <repositories>
106 |         <repository>
107 |             <id>apache-public</id>
108 |             <url>https://repository.apache.org/content/groups/public/</url>
109 |             <layout>default</layout>
110 |         </repository>
111 |         <repository>
112 |             <id>apache-staging</id>
113 |             <url>https://repository.apache.org/content/groups/staging/</url>
114 |             <layout>default</layout>
115 |         </repository>
116 |         <repository>
117 |             <id>apache-snapshots</id>
118 |             <url>https://repository.apache.org/content/groups/snapshots/</url>
119 |             <layout>default</layout>
120 |             <snapshots>
121 |                 <enabled>true</enabled>
122 |             </snapshots>
123 |         </repository>
124 |         <repository>
125 |             <id>oss-snapshots</id>
126 |             <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
127 |             <layout>default</layout>
128 |             <snapshots>
129 |                 <enabled>true</enabled>
130 |             </snapshots>
131 |         </repository>
132 |     </repositories>
133 | 
134 | </project>
135 | 


--------------------------------------------------------------------------------