wt., 30 cze 2026 o 18:13 [email protected] <[email protected]> napisał(a): > If you have an Action extends ActionSupport that returns Json (using Gson > here), it is not sufficient to annotate the setter > > @StrutsParameter(depth = 2) public void setContents(final List<MyObject> > contents) { this.contents = contents; } > > > 2026-06-30 17:47:40 WARN org.apache.struts2.json.JSONInterceptor - JSON body > parameter [contents[0].title] rejected by @StrutsParameter authorization on > [org > .your.NameOfTheAction] > > You need also to annotate the getter > > @StrutsParameter(depth = 2) public List<MyObject> getContents() { return > contents; } > > Because the new security mechanism first seems to use getContents to check, > if there is permission to setContents. Also note that depth = 1 is not > sufficent, despite that MyObject is a flat POJO. Not sure why that is, > probably because it is a List<MyObject>. > > Maybe the documentation should be updated to make this clear. It does not > seem obvious at least to me, which admittedly doesn't mean much. ;-)
Is it your case? https://struts.apache.org/core-developers/struts-parameter-annotation#populating-properties-of-objects-within-a-collection Cheers Łukasz --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
