wt., 30 cze 2026 o 18:13 [email protected] <[email protected]>
napisał(a):
> If you have an Action extends ActionSupport that returns Json (using Gson 
> here), it is not sufficient to annotate the setter
>
> @StrutsParameter(depth = 2) public void setContents(final List<MyObject> 
> contents) { this.contents = contents; }
>
>
> 2026-06-30 17:47:40 WARN org.apache.struts2.json.JSONInterceptor - JSON body 
> parameter [contents[0].title] rejected by @StrutsParameter authorization on 
> [org
> .your.NameOfTheAction]
>
> You need also to annotate the getter
>
> @StrutsParameter(depth = 2) public List<MyObject> getContents() { return 
> contents; }
>
> Because the new security mechanism first seems to use getContents to check, 
> if there is permission to setContents. Also note that depth = 1 is not 
> sufficent, despite that MyObject is a flat POJO. Not sure why that is, 
> probably because it is a List<MyObject>.
>
> Maybe the documentation should be updated to make this clear. It does not 
> seem obvious at least to me, which admittedly doesn't mean much. ;-)

Is it your case?
https://struts.apache.org/core-developers/struts-parameter-annotation#populating-properties-of-objects-within-a-collection


Cheers
Łukasz

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to