And another one is: I tried adding <constant name="struts.allowlist.classes"
value="MyStrutsPrepareFilter"/> which did not work. I am not seeing correct
screens based on roles.
14:56:09,018 WARN [org.apache.struts2.dispatcher.Dispatcher] (default task-1)
Could not find action or result: /SOTAS/sotas/storeUserName.action: There is no
Action mapped for namespace [/sotas] and action name [storeUserName] associated
with context path [/SOTAS]. - [unknown location]
at
deployment.SOTAS.war//org.apache.struts2.DefaultActionProxy.prepare(DefaultActionProxy.java:186)
at
deployment.SOTAS.war//org.apache.struts2.factory.StrutsActionProxy.prepare(StrutsActionProxy.java:60)
at
deployment.SOTAS.war//org.apache.struts2.factory.StrutsActionProxyFactory.createActionProxy(StrutsActionProxyFactory.java:32)
at
deployment.SOTAS.war//org.apache.struts2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:61)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.Dispatcher.createActionProxy(Dispatcher.java:763)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.Dispatcher.prepareActionProxy(Dispatcher.java:749)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:712)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.ExecuteOperations.executeAction(ExecuteOperations.java:79)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.handleRequest(StrutsPrepareAndExecuteFilter.java:154)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.tryHandleRequest(StrutsPrepareAndExecuteFilter.java:137)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:125)
at
[email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
[email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
[email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
[email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
[email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at
[email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.security.elytron-web.undertow-server@3.0.0.Beta1-redhat-00001//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68)
at
[email protected]//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103)
at
[email protected]//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161)
at
[email protected]//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73)
at
org.wildfly.security.elytron-web.undertow-server@3.0.0.Beta1-redhat-00001//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67)
at
[email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at
[email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
at
[email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
[email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
[email protected]//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
at
[email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
[email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
[email protected]//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
at
[email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
org.wildfly.security.elytron-web.undertow-server-servlet@3.0.0.Beta1-redhat-00001//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
at
[email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
[email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
[email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
[email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at
[email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
at
[email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
[email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275)
at
[email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
at
[email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
at
[email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
[email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
[email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431)
at
[email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431)
at
[email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431)
at
[email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431)
at
[email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)
at
[email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)
at
[email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
at
[email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:859)
at
[email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at
[email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at
[email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at
[email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at
[email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
at java.base/java.lang.Thread.run(Thread.java:842)
14:56:09,060 ERROR [stderr] (default task-1) log4j:WARN No appenders could be
found for logger (gov.ca.doj.wam.jaas.DirContextUtility).
14:56:09,061 ERROR [stderr] (default task-1) log4j:WARN Please initialize the
log4j system properly.
14:56:09,061 ERROR [stderr] (default task-1) log4j:WARN See
http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
14:56:10,899 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:10,901 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:10,906 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member
type [public int gov.ca.doj.sotas.databean.UserData.getPwdDaysToExp()] is not
allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:10,906 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Access to non-public [private int
gov.ca.doj.sotas.databean.UserData.pwdDaysToExp] is blocked!
14:56:10,910 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,289 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member
type [public java.lang.String
gov.ca.doj.sotas.databean.UserData.getUserFirstName()] is not allowlisted! Add
to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,289 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Access to non-public [private java.lang.String
gov.ca.doj.sotas.databean.UserData.userFirstName] is blocked!
14:56:11,291 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member
type [public java.lang.String
gov.ca.doj.sotas.databean.UserData.getUserLastName()] is not allowlisted! Add
to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,291 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Access to non-public [private java.lang.String
gov.ca.doj.sotas.databean.UserData.userLastName] is blocked!
14:56:11,293 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,294 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,295 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,297 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,297 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,298 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,298 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,299 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,299 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,301 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,302 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,303 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,303 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,304 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,305 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,305 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,306 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,306 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,307 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,307 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public
boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)]
is not allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,308 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member
type [public int gov.ca.doj.sotas.databean.UserData.getPwdDaysToExp()] is not
allowlisted! Add to 'struts.allowlist.classes' or
'struts.allowlist.packageNames' configuration.
14:56:11,308 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Access to non-public [private int
gov.ca.doj.sotas.databean.UserData.pwdDaysToExp] is blocked!
From: Ute Kaiser <[email protected]>
Sent: Friday, May 9, 2025 2:50 PM
To: [email protected]
Subject: Re: Struts 7 problem
EXTERNAL EMAIL: This message was sent from outside DOJ. Please do not click
links or open attachments that appear suspicious.
Security<https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_security_-23apply-2Da-2Dmaximum-2Dallowed-2Dlength-2Don-2Dognl-2Dexpressions&d=DwMFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=MyIZt6YEhTnpYcuhyk3EmtxklyjFs7s08AufCfl7m3MZl5L2Xp79FSM87zKpKI6K&s=ETzSMI0MHkeLLAXVOP834xvNcU9ygOnBWeieeAxnZaw&e=>
struts.apache.org<https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_security_-23apply-2Da-2Dmaximum-2Dallowed-2Dlength-2Don-2Dognl-2Dexpressions&d=DwMFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=MyIZt6YEhTnpYcuhyk3EmtxklyjFs7s08AufCfl7m3MZl5L2Xp79FSM87zKpKI6K&s=ETzSMI0MHkeLLAXVOP834xvNcU9ygOnBWeieeAxnZaw&e=>
[favicon.ico]<https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_security_-23apply-2Da-2Dmaximum-2Dallowed-2Dlength-2Don-2Dognl-2Dexpressions&d=DwMFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=MyIZt6YEhTnpYcuhyk3EmtxklyjFs7s08AufCfl7m3MZl5L2Xp79FSM87zKpKI6K&s=ETzSMI0MHkeLLAXVOP834xvNcU9ygOnBWeieeAxnZaw&e=>
Hi,
have you considered this restriction?
Probably exceeding max length
Von meinem iPad gesendet
Am 09.05.2025 um 23:25 schrieb Deborah White
<[email protected]<mailto:[email protected]>>:
That took care of that one. Now I have this:
14:23:09,654 ERROR [org.apache.struts2.ognl.OgnlValueStack] (default task-1)
Could not evaluate this expression due to security constraints:
[#request["MYUtils"].isUserInRole("Program_Manager") ||
#request["MYUtils"].isUserInRole("Audit_Supervisor") ||
#request["MYUtils"].isUserInRole("Audit_Staff") ||
#request["MYUtils"].isUserInRole("Level_1_Processor") ||
#request["MYUtils"].isUserInRole("Level_2_Processor") ||
#request["MYUtils"].isUserInRole("Level_3_Processor")]: ognl.OgnlException:
Parsing blocked due to security reasons! [java.lang.SecurityException: This
expression exceeded maximum allowed length:
#request["MYUtils"].isUserInRole("Program_Manager") ||
#request["MYUtils"].isUserInRole("Audit_Supervisor") ||
#request["MYUtils"].isUserInRole("Audit_Staff") ||
#request["MYUtils"].isUserInRole("Level_1_Processor") ||
#request["MYUtils"].isUserInRole("Level_2_Processor") ||
#request["MYUtils"].isUserInRole("Level_3_Processor")]
Caused by: java.lang.SecurityException: This expression exceeded maximum
allowed length: #request["MYUtils"].isUserInRole("Program_Manager") ||
#request["MYUtils"].isUserInRole("Audit_Supervisor") ||
#request["MYUtils"].isUserInRole("Audit_Staff") ||
#request["MYUtils"].isUserInRole("Level_1_Processor") ||
#request["MYUtils"].isUserInRole("Level_2_Processor") ||
#request["MYUtils"].isUserInRole("Level_3_Processor")
-----Original Message-----
From: Wolfgang Knauf
<[email protected]<mailto:[email protected]>>
Sent: Friday, May 9, 2025 12:46 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: Struts 7 problem
EXTERNAL EMAIL: This message was sent from outside DOJ. Please do not click
links or open attachments that appear suspicious.
Hi Deborah,
could be a matter of casing - the attribute is "escapeHtml":
https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_tag-2Ddevelopers_property-2Dtag.html&d=DwIFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=aXgukS-NkcL78Ng5156UQDZ1fKg7z3s0u-KxFyK8W8_IIC6p6Xajb4cncqEYoZao&s=neyEKqpoeWVLnnm_nLLFQXpVYotkMnjLQGVy7BeloeY&e=
Does this help?
Wolfgang
Am 09.05.25 um 20:15 schrieb Deborah White:
I am getting this error after migrating to Struts 7.0.0.
JBWEB004251: An error occurred at line: 5 column: 57) JBWEB004197: Attribute
escape invalid for tag property according to TLD
I have found maybe related to this <s:property escape="false" />"?
I tried changing to escapeHTML but that didn't seem to work.
Any ideas?
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the use of
the intended recipient(s). Unauthorized interception, review, use or disclosure
is prohibited and may violate applicable laws including the Electronic
Communications Privacy Act. If you are not the intended recipient, please
contact the sender and destroy all copies of the communication.
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]<mailto:[email protected]>
For additional commands, e-mail:
[email protected]<mailto:[email protected]>
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the use of
the intended recipient(s). Unauthorized interception, review, use or disclosure
is prohibited and may violate applicable laws including the Electronic
Communications Privacy Act. If you are not the intended recipient, please
contact the sender and destroy all copies of the communication.
B‹KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB•È[œÝXœØÜšX™KK[XZ[
ˆ\Ù\‹][œÝXœØÜšX™P�Ý�]�˘\XÚK›Ü™ÃB‘›ÜˆY][Û˜[ÛÛ[X[™�ËK[XZ[
ˆ\Ù\‹Z[��Ý�]�˘\XÚK›Ü™ÃB
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the use of
the intended recipient(s). Unauthorized interception, review, use or disclosure
is prohibited and may violate applicable laws including the Electronic
Communications Privacy Act. If you are not the intended recipient, please
contact the sender and destroy all copies of the communication.
