set the devMode to true and check the logs. You should be able to see which 
classes are accessed and if you have to add them to the struts allowlist.

Thanks,
Prasanth

On 5/9/25 4:59 PM, Deborah White wrote:

And another one is: I tried adding <constant name=/"struts.allowlist.classes"/ 
value=/"MyStrutsPrepareFilter"//> which did not work. I am not seeing correct screens based 
on roles.

14:56:09,018 WARN  [org.apache.struts2.dispatcher.Dispatcher] (default task-1) Could not find action or result: /SOTAS/sotas/storeUserName.action: There is no Action mapped for namespace [/sotas] and action name [storeUserName] associated with context path [/SOTAS]. - [unknown location]

at 
deployment.SOTAS.war//org.apache.struts2.DefaultActionProxy.prepare(_DefaultActionProxy.java:186_)

at 
deployment.SOTAS.war//org.apache.struts2.factory.StrutsActionProxy.prepare(_StrutsActionProxy.java:60_)

at 
deployment.SOTAS.war//org.apache.struts2.factory.StrutsActionProxyFactory.createActionProxy(_StrutsActionProxyFactory.java:32_)

at 
deployment.SOTAS.war//org.apache.struts2.DefaultActionProxyFactory.createActionProxy(_DefaultActionProxyFactory.java:61_)

at 
deployment.SOTAS.war//org.apache.struts2.dispatcher.Dispatcher.createActionProxy(_Dispatcher.java:763_)

at 
deployment.SOTAS.war//org.apache.struts2.dispatcher.Dispatcher.prepareActionProxy(_Dispatcher.java:749_)

at 
deployment.SOTAS.war//org.apache.struts2.dispatcher.Dispatcher.serviceAction(_Dispatcher.java:712_)

at 
deployment.SOTAS.war//org.apache.struts2.dispatcher.ExecuteOperations.executeAction(_ExecuteOperations.java:79_)

at 
deployment.SOTAS.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.handleRequest(_StrutsPrepareAndExecuteFilter.java:154_)

at 
deployment.SOTAS.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.tryHandleRequest(_StrutsPrepareAndExecuteFilter.java:137_)

at 
deployment.SOTAS.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(_StrutsPrepareAndExecuteFilter.java:125_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.core.ManagedFilter.doFilter(_ManagedFilter.java:61_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(_FilterHandler.java:131_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.FilterHandler.handleRequest(_FilterHandler.java:84_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(_ServletSecurityRoleHandler.java:62_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletChain$1.handleRequest(_ServletChain.java:68_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(_ServletDispatchingHandler.java:36_)

at 
org.wildfly.security.elytron-web.undertow-server@3.0.0.Beta1-redhat-00001//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(_ElytronRunAsHandler.java:68_)

at 
org.wildfly.security.elytron-base@2.0.0.Beta2-redhat-00001//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(_FlexibleIdentityAssociation.java:103_)

at 
org.wildfly.security.elytron-base@2.0.0.Beta2-redhat-00001//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(_Scoped.java:161_)

at 
org.wildfly.security.elytron-base@2.0.0.Beta2-redhat-00001//org.wildfly.security.auth.server.Scoped.runAs(_Scoped.java:73_)

at 
org.wildfly.security.elytron-web.undertow-server@3.0.0.Beta1-redhat-00001//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(_ElytronRunAsHandler.java:67_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(_RedirectDirHandler.java:68_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(_SSLInformationAssociationHandler.java:117_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(_ServletAuthenticationCallHandler.java:57_)

at 
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(_PredicateHandler.java:43_)

at 
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(_AuthenticationConstraintHandler.java:53_)

at 
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(_AbstractConfidentialityHandler.java:46_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(_ServletConfidentialityConstraintHandler.java:64_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(_ServletSecurityConstraintHandler.java:59_)

at 
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(_AbstractSecurityContextAssociationHandler.java:43_)

at 
org.wildfly.security.elytron-web.undertow-server-servlet@3.0.0.Beta1-redhat-00001//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(_CleanUpHandler.java:38_)

at 
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(_PredicateHandler.java:43_)

at 
org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(_JACCContextIdHandler.java:61_)

at 
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(_PredicateHandler.java:43_)

at 
org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(_GlobalRequestControllerHandler.java:68_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(_SendErrorPageHandler.java:52_)

at 
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(_PredicateHandler.java:43_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(_ServletInitialHandler.java:275_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(_ServletInitialHandler.java:134_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(_ServletInitialHandler.java:131_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(_ServletRequestContextThreadSetupAction.java:48_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(_ContextClassLoaderSetupAction.java:43_)

at org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(_UndertowDeploymentInfoService.java:1431_)

at org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(_UndertowDeploymentInfoService.java:1431_)

at org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(_UndertowDeploymentInfoService.java:1431_)

at org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(_UndertowDeploymentInfoService.java:1431_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(_ServletInitialHandler.java:255_)

at 
io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(_ServletInitialHandler.java:100_)

at 
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.Connectors.executeRootHandler(_Connectors.java:387_)

at 
io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.HttpServerExchange$1.run(_HttpServerExchange.java:859_)

at 
org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.ContextClassLoaderSavingRunnable.run(_ContextClassLoaderSavingRunnable.java:35_)

at 
org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor.safeRun(_EnhancedQueueExecutor.java:1990_)

at 
org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(_EnhancedQueueExecutor.java:1486_)

at 
org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(_EnhancedQueueExecutor.java:1377_)

at 
org.jboss.xnio@3.8.7.Final-redhat-00001//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(_XnioWorker.java:1282_)

at java.base/java.lang.Thread.run(_Thread.java:842_)

14:56:09,060 ERROR [stderr] (default task-1) log4j:WARN No appenders could be 
found for logger (gov.ca.doj.wam.jaas.DirContextUtility).

14:56:09,061 ERROR [stderr] (default task-1) log4j:WARN Please initialize the 
log4j system properly.

14:56:09,061 ERROR [stderr] (default task-1) log4j:WARN See 
http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.

14:56:10,899 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:10,901 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:10,906 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member type [public int gov.ca.doj.sotas.databean.UserData.getPwdDaysToExp()] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:10,906 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default 
task-1) Access to non-public [private int 
gov.ca.doj.sotas.databean.UserData.pwdDaysToExp] is blocked!

14:56:10,910 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,289 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member type [public java.lang.String gov.ca.doj.sotas.databean.UserData.getUserFirstName()] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,289 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default 
task-1) Access to non-public [private java.lang.String 
gov.ca.doj.sotas.databean.UserData.userFirstName] is blocked!

14:56:11,291 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member type [public java.lang.String gov.ca.doj.sotas.databean.UserData.getUserLastName()] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,291 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default 
task-1) Access to non-public [private java.lang.String 
gov.ca.doj.sotas.databean.UserData.userLastName] is blocked!

14:56:11,293 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,294 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,295 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,297 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,297 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,298 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,298 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,299 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,299 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,301 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,302 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,303 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,303 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,304 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,305 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,305 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,306 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,306 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,307 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,307 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,308 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member type [public int gov.ca.doj.sotas.databean.UserData.getPwdDaysToExp()] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration.

14:56:11,308 WARN  [org.apache.struts2.ognl.SecurityMemberAccess] (default 
task-1) Access to non-public [private int 
gov.ca.doj.sotas.databean.UserData.pwdDaysToExp] is blocked!

*From:*Ute Kaiser <ut...@web.de.INVALID>
*Sent:* Friday, May 9, 2025 2:50 PM
*To:* user@struts.apache.org
*Subject:* Re: Struts 7 problem

*EXTERNAL EMAIL:*This message was sent from outside DOJ. Please do not click 
links or open attachments that appear suspicious.

Security <https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_security_-23apply-2Da-2Dmaximum-2Dallowed-2Dlength-2Don-2Dognl-2Dexpressions&d=DwMFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=MyIZt6YEhTnpYcuhyk3EmtxklyjFs7s08AufCfl7m3MZl5L2Xp79FSM87zKpKI6K&s=ETzSMI0MHkeLLAXVOP834xvNcU9ygOnBWeieeAxnZaw&e=>

struts.apache.org <https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_security_-23apply-2Da-2Dmaximum-2Dallowed-2Dlength-2Don-2Dognl-2Dexpressions&d=DwMFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=MyIZt6YEhTnpYcuhyk3EmtxklyjFs7s08AufCfl7m3MZl5L2Xp79FSM87zKpKI6K&s=ETzSMI0MHkeLLAXVOP834xvNcU9ygOnBWeieeAxnZaw&e=>

        

favicon.ico <https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_security_-23apply-2Da-2Dmaximum-2Dallowed-2Dlength-2Don-2Dognl-2Dexpressions&d=DwMFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=MyIZt6YEhTnpYcuhyk3EmtxklyjFs7s08AufCfl7m3MZl5L2Xp79FSM87zKpKI6K&s=ETzSMI0MHkeLLAXVOP834xvNcU9ygOnBWeieeAxnZaw&e=>

Hi,

have you considered this restriction?

Probably exceeding max length

Von meinem iPad gesendet



    Am 09.05.2025 um 23:25 schrieb Deborah White 
<deborah.wh...@doj.ca.gov.invalid>:

    That took care of that one. Now I have this:
    14:23:09,654 ERROR [org.apache.struts2.ognl.OgnlValueStack] (default task-1) Could not evaluate 
this expression due to security constraints: 
[#request["MYUtils"].isUserInRole("Program_Manager")
    || #request["MYUtils"].isUserInRole("Audit_Supervisor") || 
#request["MYUtils"].isUserInRole("Audit_Staff") || 
#request["MYUtils"].isUserInRole("Level_1_Processor") ||
    #request["MYUtils"].isUserInRole("Level_2_Processor") || 
#request["MYUtils"].isUserInRole("Level_3_Processor")]: ognl.OgnlException: Parsing blocked due to 
security reasons!
    [java.lang.SecurityException: This expression exceeded maximum allowed length: 
#request["MYUtils"].isUserInRole("Program_Manager") || 
#request["MYUtils"].isUserInRole("Audit_Supervisor") ||
    #request["MYUtils"].isUserInRole("Audit_Staff") || 
#request["MYUtils"].isUserInRole("Level_1_Processor") || 
#request["MYUtils"].isUserInRole("Level_2_Processor") ||
    #request["MYUtils"].isUserInRole("Level_3_Processor")]
    Caused by: java.lang.SecurityException: This expression exceeded maximum allowed length: 
#request["MYUtils"].isUserInRole("Program_Manager") ||
    #request["MYUtils"].isUserInRole("Audit_Supervisor") || 
#request["MYUtils"].isUserInRole("Audit_Staff") || 
#request["MYUtils"].isUserInRole("Level_1_Processor") ||
    #request["MYUtils"].isUserInRole("Level_2_Processor") || 
#request["MYUtils"].isUserInRole("Level_3_Processor")
    -----Original Message-----
    From: Wolfgang Knauf <wolfgang.kn...@gmx.de.INVALID>
    Sent: Friday, May 9, 2025 12:46 PM
    To: user@struts.apache.org
    Subject: Re: Struts 7 problem

    EXTERNAL EMAIL: This message was sent from outside DOJ. Please do not click 
links or open attachments that appear suspicious.


    Hi Deborah,

    could be a matter of casing - the attribute is "escapeHtml":
    
https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_tag-2Ddevelopers_property-2Dtag.html&d=DwIFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=aXgukS-NkcL78Ng5156UQDZ1fKg7z3s0u-KxFyK8W8_IIC6p6Xajb4cncqEYoZao&s=neyEKqpoeWVLnnm_nLLFQXpVYotkMnjLQGVy7BeloeY&e=
    
<https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_tag-2Ddevelopers_property-2Dtag.html&d=DwIFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=aXgukS-NkcL78Ng5156UQDZ1fKg7z3s0u-KxFyK8W8_IIC6p6Xajb4cncqEYoZao&s=neyEKqpoeWVLnnm_nLLFQXpVYotkMnjLQGVy7BeloeY&e=>

    Does this help?

    Wolfgang

    Am 09.05.25 um 20:15 schrieb Deborah White:

        I am getting this error after migrating to Struts 7.0.0.

        JBWEB004251: An error occurred at line: 5 column: 57) JBWEB004197: 
Attribute escape invalid for tag property according to TLD

        I have found maybe related to this <s:property escape="false" />"?

        I tried changing to escapeHTML but that didn't seem to work.

        Any ideas?

        CONFIDENTIALITY NOTICE: This communication with its contents may 
contain confidential and/or legally privileged information. It is solely for 
the use of the intended recipient(s).
        Unauthorized interception, review, use or disclosure is prohibited and 
may violate applicable laws including the Electronic Communications Privacy 
Act. If you are not the intended recipient,
        please contact the sender and destroy all copies of the communication.



    ---------------------------------------------------------------------
    To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
    For additional commands, e-mail: user-h...@struts.apache.org


    CONFIDENTIALITY NOTICE: This communication with its contents may contain 
confidential and/or legally privileged information. It is solely for the use of 
the intended recipient(s). Unauthorized
    interception, review, use or disclosure is prohibited and may violate 
applicable laws including the Electronic Communications Privacy Act. If you are 
not the intended recipient, please contact
    the sender and destroy all copies of the communication.
    
B‹KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB•È[œÝXœØÜšX™KK[XZ[
    ˆ\Ù\‹][œÝXœØÜšX™Pݝ]˘\XÚK›Ü™ÃB‘›ÜˆY][Û˜[ÛÛ[X[™ËK[XZ[
    ˆ\Ù\‹Z[ݝ]˘\XÚK›Ü™ÃB


CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication.

Reply via email to