set the devMode to true and check the logs. You should be able to see which
classes are accessed and if you have to add them to the struts allowlist.
Thanks,
Prasanth
On 5/9/25 4:59 PM, Deborah White wrote:
And another one is: I tried adding <constant name=/"struts.allowlist.classes"/
value=/"MyStrutsPrepareFilter"//> which did not work. I am not seeing correct screens based
on roles.
14:56:09,018 WARN [org.apache.struts2.dispatcher.Dispatcher] (default task-1) Could not find action or result: /SOTAS/sotas/storeUserName.action: There is no Action mapped for namespace [/sotas]
and action name [storeUserName] associated with context path [/SOTAS]. - [unknown location]
at
deployment.SOTAS.war//org.apache.struts2.DefaultActionProxy.prepare(_DefaultActionProxy.java:186_)
at
deployment.SOTAS.war//org.apache.struts2.factory.StrutsActionProxy.prepare(_StrutsActionProxy.java:60_)
at
deployment.SOTAS.war//org.apache.struts2.factory.StrutsActionProxyFactory.createActionProxy(_StrutsActionProxyFactory.java:32_)
at
deployment.SOTAS.war//org.apache.struts2.DefaultActionProxyFactory.createActionProxy(_DefaultActionProxyFactory.java:61_)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.Dispatcher.createActionProxy(_Dispatcher.java:763_)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.Dispatcher.prepareActionProxy(_Dispatcher.java:749_)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.Dispatcher.serviceAction(_Dispatcher.java:712_)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.ExecuteOperations.executeAction(_ExecuteOperations.java:79_)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.handleRequest(_StrutsPrepareAndExecuteFilter.java:154_)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.tryHandleRequest(_StrutsPrepareAndExecuteFilter.java:137_)
at
deployment.SOTAS.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(_StrutsPrepareAndExecuteFilter.java:125_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.core.ManagedFilter.doFilter(_ManagedFilter.java:61_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(_FilterHandler.java:131_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.FilterHandler.handleRequest(_FilterHandler.java:84_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(_ServletSecurityRoleHandler.java:62_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletChain$1.handleRequest(_ServletChain.java:68_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(_ServletDispatchingHandler.java:36_)
at
org.wildfly.security.elytron-web.undertow-server@3.0.0.Beta1-redhat-00001//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(_ElytronRunAsHandler.java:68_)
at
org.wildfly.security.elytron-base@2.0.0.Beta2-redhat-00001//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(_FlexibleIdentityAssociation.java:103_)
at
org.wildfly.security.elytron-base@2.0.0.Beta2-redhat-00001//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(_Scoped.java:161_)
at
org.wildfly.security.elytron-base@2.0.0.Beta2-redhat-00001//org.wildfly.security.auth.server.Scoped.runAs(_Scoped.java:73_)
at
org.wildfly.security.elytron-web.undertow-server@3.0.0.Beta1-redhat-00001//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(_ElytronRunAsHandler.java:67_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(_RedirectDirHandler.java:68_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(_SSLInformationAssociationHandler.java:117_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(_ServletAuthenticationCallHandler.java:57_)
at
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(_PredicateHandler.java:43_)
at
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(_AuthenticationConstraintHandler.java:53_)
at
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(_AbstractConfidentialityHandler.java:46_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(_ServletConfidentialityConstraintHandler.java:64_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(_ServletSecurityConstraintHandler.java:59_)
at
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(_AbstractSecurityContextAssociationHandler.java:43_)
at
org.wildfly.security.elytron-web.undertow-server-servlet@3.0.0.Beta1-redhat-00001//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(_CleanUpHandler.java:38_)
at
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(_PredicateHandler.java:43_)
at
org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(_JACCContextIdHandler.java:61_)
at
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(_PredicateHandler.java:43_)
at
org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(_GlobalRequestControllerHandler.java:68_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(_SendErrorPageHandler.java:52_)
at
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(_PredicateHandler.java:43_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(_ServletInitialHandler.java:275_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(_ServletInitialHandler.java:134_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(_ServletInitialHandler.java:131_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(_ServletRequestContextThreadSetupAction.java:48_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(_ContextClassLoaderSetupAction.java:43_)
at
org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(_UndertowDeploymentInfoService.java:1431_)
at
org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(_UndertowDeploymentInfoService.java:1431_)
at
org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(_UndertowDeploymentInfoService.java:1431_)
at
org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(_UndertowDeploymentInfoService.java:1431_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(_ServletInitialHandler.java:255_)
at
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(_ServletInitialHandler.java:100_)
at
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.Connectors.executeRootHandler(_Connectors.java:387_)
at
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.HttpServerExchange$1.run(_HttpServerExchange.java:859_)
at
org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.ContextClassLoaderSavingRunnable.run(_ContextClassLoaderSavingRunnable.java:35_)
at
org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor.safeRun(_EnhancedQueueExecutor.java:1990_)
at
org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(_EnhancedQueueExecutor.java:1486_)
at
org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(_EnhancedQueueExecutor.java:1377_)
at
org.jboss.xnio@3.8.7.Final-redhat-00001//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(_XnioWorker.java:1282_)
at java.base/java.lang.Thread.run(_Thread.java:842_)
14:56:09,060 ERROR [stderr] (default task-1) log4j:WARN No appenders could be
found for logger (gov.ca.doj.wam.jaas.DirContextUtility).
14:56:09,061 ERROR [stderr] (default task-1) log4j:WARN Please initialize the
log4j system properly.
14:56:09,061 ERROR [stderr] (default task-1) log4j:WARN See
http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
14:56:10,899 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:10,901 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:10,906 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member type [public int
gov.ca.doj.sotas.databean.UserData.getPwdDaysToExp()] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:10,906 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Access to non-public [private int
gov.ca.doj.sotas.databean.UserData.pwdDaysToExp] is blocked!
14:56:10,910 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,289 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member type [public java.lang.String
gov.ca.doj.sotas.databean.UserData.getUserFirstName()] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,289 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Access to non-public [private java.lang.String
gov.ca.doj.sotas.databean.UserData.userFirstName] is blocked!
14:56:11,291 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member type [public java.lang.String
gov.ca.doj.sotas.databean.UserData.getUserLastName()] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,291 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Access to non-public [private java.lang.String
gov.ca.doj.sotas.databean.UserData.userLastName] is blocked!
14:56:11,293 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,294 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,295 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,297 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,297 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,298 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,298 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,299 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,299 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,301 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,302 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,303 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,303 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,304 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,305 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,305 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,306 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,306 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,307 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,307 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean
gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,308 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member type [public int
gov.ca.doj.sotas.databean.UserData.getPwdDaysToExp()] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.
14:56:11,308 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default
task-1) Access to non-public [private int
gov.ca.doj.sotas.databean.UserData.pwdDaysToExp] is blocked!
*From:*Ute Kaiser <ut...@web.de.INVALID>
*Sent:* Friday, May 9, 2025 2:50 PM
*To:* user@struts.apache.org
*Subject:* Re: Struts 7 problem
*EXTERNAL EMAIL:*This message was sent from outside DOJ. Please do not click
links or open attachments that appear suspicious.
Security
<https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_security_-23apply-2Da-2Dmaximum-2Dallowed-2Dlength-2Don-2Dognl-2Dexpressions&d=DwMFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=MyIZt6YEhTnpYcuhyk3EmtxklyjFs7s08AufCfl7m3MZl5L2Xp79FSM87zKpKI6K&s=ETzSMI0MHkeLLAXVOP834xvNcU9ygOnBWeieeAxnZaw&e=>
struts.apache.org
<https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_security_-23apply-2Da-2Dmaximum-2Dallowed-2Dlength-2Don-2Dognl-2Dexpressions&d=DwMFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=MyIZt6YEhTnpYcuhyk3EmtxklyjFs7s08AufCfl7m3MZl5L2Xp79FSM87zKpKI6K&s=ETzSMI0MHkeLLAXVOP834xvNcU9ygOnBWeieeAxnZaw&e=>
favicon.ico
<https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_security_-23apply-2Da-2Dmaximum-2Dallowed-2Dlength-2Don-2Dognl-2Dexpressions&d=DwMFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=MyIZt6YEhTnpYcuhyk3EmtxklyjFs7s08AufCfl7m3MZl5L2Xp79FSM87zKpKI6K&s=ETzSMI0MHkeLLAXVOP834xvNcU9ygOnBWeieeAxnZaw&e=>
Hi,
have you considered this restriction?
Probably exceeding max length
Von meinem iPad gesendet
Am 09.05.2025 um 23:25 schrieb Deborah White
<deborah.wh...@doj.ca.gov.invalid>:
That took care of that one. Now I have this:
14:23:09,654 ERROR [org.apache.struts2.ognl.OgnlValueStack] (default task-1) Could not evaluate
this expression due to security constraints:
[#request["MYUtils"].isUserInRole("Program_Manager")
|| #request["MYUtils"].isUserInRole("Audit_Supervisor") ||
#request["MYUtils"].isUserInRole("Audit_Staff") ||
#request["MYUtils"].isUserInRole("Level_1_Processor") ||
#request["MYUtils"].isUserInRole("Level_2_Processor") ||
#request["MYUtils"].isUserInRole("Level_3_Processor")]: ognl.OgnlException: Parsing blocked due to
security reasons!
[java.lang.SecurityException: This expression exceeded maximum allowed length:
#request["MYUtils"].isUserInRole("Program_Manager") ||
#request["MYUtils"].isUserInRole("Audit_Supervisor") ||
#request["MYUtils"].isUserInRole("Audit_Staff") ||
#request["MYUtils"].isUserInRole("Level_1_Processor") ||
#request["MYUtils"].isUserInRole("Level_2_Processor") ||
#request["MYUtils"].isUserInRole("Level_3_Processor")]
Caused by: java.lang.SecurityException: This expression exceeded maximum allowed length:
#request["MYUtils"].isUserInRole("Program_Manager") ||
#request["MYUtils"].isUserInRole("Audit_Supervisor") ||
#request["MYUtils"].isUserInRole("Audit_Staff") ||
#request["MYUtils"].isUserInRole("Level_1_Processor") ||
#request["MYUtils"].isUserInRole("Level_2_Processor") ||
#request["MYUtils"].isUserInRole("Level_3_Processor")
-----Original Message-----
From: Wolfgang Knauf <wolfgang.kn...@gmx.de.INVALID>
Sent: Friday, May 9, 2025 12:46 PM
To: user@struts.apache.org
Subject: Re: Struts 7 problem
EXTERNAL EMAIL: This message was sent from outside DOJ. Please do not click
links or open attachments that appear suspicious.
Hi Deborah,
could be a matter of casing - the attribute is "escapeHtml":
https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_tag-2Ddevelopers_property-2Dtag.html&d=DwIFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=aXgukS-NkcL78Ng5156UQDZ1fKg7z3s0u-KxFyK8W8_IIC6p6Xajb4cncqEYoZao&s=neyEKqpoeWVLnnm_nLLFQXpVYotkMnjLQGVy7BeloeY&e=
<https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_tag-2Ddevelopers_property-2Dtag.html&d=DwIFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=aXgukS-NkcL78Ng5156UQDZ1fKg7z3s0u-KxFyK8W8_IIC6p6Xajb4cncqEYoZao&s=neyEKqpoeWVLnnm_nLLFQXpVYotkMnjLQGVy7BeloeY&e=>
Does this help?
Wolfgang
Am 09.05.25 um 20:15 schrieb Deborah White:
I am getting this error after migrating to Struts 7.0.0.
JBWEB004251: An error occurred at line: 5 column: 57) JBWEB004197:
Attribute escape invalid for tag property according to TLD
I have found maybe related to this <s:property escape="false" />"?
I tried changing to escapeHTML but that didn't seem to work.
Any ideas?
CONFIDENTIALITY NOTICE: This communication with its contents may
contain confidential and/or legally privileged information. It is solely for
the use of the intended recipient(s).
Unauthorized interception, review, use or disclosure is prohibited and
may violate applicable laws including the Electronic Communications Privacy
Act. If you are not the intended recipient,
please contact the sender and destroy all copies of the communication.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the use of
the intended recipient(s). Unauthorized
interception, review, use or disclosure is prohibited and may violate
applicable laws including the Electronic Communications Privacy Act. If you are
not the intended recipient, please contact
the sender and destroy all copies of the communication.
B‹KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB•È[œÝXœØÜšX™KK[XZ[
ˆ\Ù\‹][œÝXœØÜšX™PÝ]˘\XÚK›Ü™ÃB‘›ÜˆY][Û˜[ÛÛ[X[™ËK[XZ[
ˆ\Ù\‹Z[Ý]˘\XÚK›Ü™ÃB
CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized
interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the
sender and destroy all copies of the communication.