This should help [1] and you must add these (I cannot find the correct link with exact example for Struts2)
permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.lang.RuntimePermission "*"; permission ognl.OgnlInvokePermission "*"; [1] https://confluence.atlassian.com/display/CONF29/Java+Policy+Security+with+Confluence Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ 2013/11/26 Fredrik Andersson <fredan...@hotmail.com>: > Hello! > > (Hope this is the correct forum for this question) > > > > I get this error in my hello-world-struts2-webapp when I run it in my tomcat > with the catalina.policy. > > (Btw my catalina.policy is edited a bit to match my production env: > http://pastie.org/8510824) > > > > /-- Encapsulated exception ------------\ > java.lang.IllegalAccessException: Method [public void > se.mycompany.web.actions.WelcomeUserAction.setUsername(java.lang.String)] > cannot be accessed. > at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:838) > at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1280) > > > > > I found this solution: > > https://groups.google.com/forum/#!msg/google-appengine-java/GQGLAxfyeBc/1NIfi8duNCEJ > > > > It suggest that a listener does: > > OgnlRuntime.setSecurityManager(null); > > > > In the doc for OgnlRuntime it says: > > Sets the SecurityManager that OGNL uses to determine permissions for invoking > methods. > > > > But is this really a correct solution to set it to null? > > To me it doesn't sound good to have the securitymanager set to null, what > security holes does that create? > > > > Could this be solved with some extra grants in the catalina.policy-file > instead? > > > > > > Best regards > > Fredrik > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
