Hi, I see: 1. I tried adding <constant name="struts.allowlist.classes" value="MyStrutsPrepareFilter"/> which did not work. 2. Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted!
The use of upper and lower case seems to be different (MY or My). Best regards Ute Gesendet: Freitag, 9. Mai 2025 um 23:59 Von: "Deborah White" <deborah.wh...@doj.ca.gov.INVALID> An: "Struts Users Mailing List" <user@struts.apache.org> Betreff: RE: Struts 7 problem And another one is: I tried adding <constant name="struts.allowlist.classes" value="MyStrutsPrepareFilter"/> which did not work. I am not seeing correct screens based on roles. 14:56:09,018 WARN [org.apache.struts2.dispatcher.Dispatcher] (default task-1) Could not find action or result: /SOTAS/sotas/storeUserName.action: There is no Action mapped for namespace [/sotas] and action name [storeUserName] associated with context path [/SOTAS]. - [unknown location] at deployment.SOTAS.war//org.apache.struts2.DefaultActionProxy.prepare(DefaultActionProxy.java:186) at deployment.SOTAS.war//org.apache.struts2.factory.StrutsActionProxy.prepare(StrutsActionProxy.java:60) at deployment.SOTAS.war//org.apache.struts2.factory.StrutsActionProxyFactory.createActionProxy(StrutsActionProxyFactory.java:32) at deployment.SOTAS.war//org.apache.struts2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:61) at deployment.SOTAS.war//org.apache.struts2.dispatcher.Dispatcher.createActionProxy(Dispatcher.java:763) at deployment.SOTAS.war//org.apache.struts2.dispatcher.Dispatcher.prepareActionProxy(Dispatcher.java:749) at deployment.SOTAS.war//org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:712) at deployment.SOTAS.war//org.apache.struts2.dispatcher.ExecuteOperations.executeAction(ExecuteOperations.java:79) at deployment.SOTAS.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.handleRequest(StrutsPrepareAndExecuteFilter.java:154) at deployment.SOTAS.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.tryHandleRequest(StrutsPrepareAndExecuteFilter.java:137) at deployment.SOTAS.war//org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:125) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.security.elytron-web.undertow-server@3.0.0.Beta1-redhat-00001//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68) at org.wildfly.security.elytron-base@2.0.0.Beta2-redhat-00001//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103) at org.wildfly.security.elytron-base@2.0.0.Beta2-redhat-00001//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161) at org.wildfly.security.elytron-base@2.0.0.Beta2-redhat-00001//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73) at org.wildfly.security.elytron-web.undertow-server@3.0.0.Beta1-redhat-00001//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) at io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) at io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at org.wildfly.security.elytron-web.undertow-server-servlet@3.0.0.Beta1-redhat-00001//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38) at io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52) at io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431) at org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431) at org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431) at org.wildfly.extension.under...@8.0.0.beta-redhat-00003//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255) at io.undertow.servlet@2.3.0.Alpha2-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100) at io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387) at io.undertow.core@2.3.0.Alpha2-redhat-00001//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:859) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at org.jboss.xnio@3.8.7.Final-redhat-00001//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282) at java.base/java.lang.Thread.run(Thread.java:842) 14:56:09,060 ERROR [stderr] (default task-1) log4j:WARN No appenders could be found for logger (gov.ca.doj.wam.jaas.DirContextUtility). 14:56:09,061 ERROR [stderr] (default task-1) log4j:WARN Please initialize the log4j system properly. 14:56:09,061 ERROR [stderr] (default task-1) log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. 14:56:10,899 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:10,901 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:10,906 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member type [public int gov.ca.doj.sotas.databean.UserData.getPwdDaysToExp()] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:10,906 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Access to non-public [private int gov.ca.doj.sotas.databean.UserData.pwdDaysToExp] is blocked! 14:56:10,910 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,289 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member type [public java.lang.String gov.ca.doj.sotas.databean.UserData.getUserFirstName()] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,289 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Access to non-public [private java.lang.String gov.ca.doj.sotas.databean.UserData.userFirstName] is blocked! 14:56:11,291 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member type [public java.lang.String gov.ca.doj.sotas.databean.UserData.getUserLastName()] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,291 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Access to non-public [private java.lang.String gov.ca.doj.sotas.databean.UserData.userLastName] is blocked! 14:56:11,293 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,294 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,295 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,297 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,297 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,298 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,298 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,299 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,299 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,301 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,302 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,303 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,303 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,304 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,305 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,305 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,306 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,306 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,307 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,307 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils] of member type [public boolean gov.ca.doj.sotas.util.MYStrutsPrepareFilter$MYUtils.isUserInRole(java.lang.String)] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,308 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Declaring class [class gov.ca.doj.sotas.databean.UserData] of member type [public int gov.ca.doj.sotas.databean.UserData.getPwdDaysToExp()] is not allowlisted! Add to 'struts.allowlist.classes' or 'struts.allowlist.packageNames' configuration. 14:56:11,308 WARN [org.apache.struts2.ognl.SecurityMemberAccess] (default task-1) Access to non-public [private int gov.ca.doj.sotas.databean.UserData.pwdDaysToExp] is blocked! From: Ute Kaiser <ut...@web.de.INVALID> Sent: Friday, May 9, 2025 2:50 PM To: user@struts.apache.org Subject: Re: Struts 7 problem EXTERNAL EMAIL: This message was sent from outside DOJ. Please do not click links or open attachments that appear suspicious. Security struts.apache.org favicon.ico [/mail/client/mailbodycompose/attachment/view/tmai1746827987042815976/aW1hZ2UwMDEucG5nQDAxREJDMEYyLkY1MTk4MkIw;jsessionid=C47DCF14ED56926ABB0A24CA51F71EE8-n4.bap37b] Hi, have you considered this restriction? Probably exceeding max length Von meinem iPad gesendet > Am 09.05.2025 um 23:25 schrieb Deborah White < > deborah.wh...@doj.ca.gov.invalid[mailto:deborah.wh...@doj.ca.gov.invalid] >: > That took care of that one. Now I have this: > 14:23:09,654 ERROR [org.apache.struts2.ognl.OgnlValueStack] (default task-1) > Could not evaluate this expression due to security constraints: > [#request["MYUtils"].isUserInRole("Program_Manager") || > #request["MYUtils"].isUserInRole("Audit_Supervisor") || > #request["MYUtils"].isUserInRole("Audit_Staff") || > #request["MYUtils"].isUserInRole("Level_1_Processor") || > #request["MYUtils"].isUserInRole("Level_2_Processor") || > #request["MYUtils"].isUserInRole("Level_3_Processor")]: ognl.OgnlException: > Parsing blocked due to security reasons! [java.lang.SecurityException: This > expression exceeded maximum allowed length: > #request["MYUtils"].isUserInRole("Program_Manager") || > #request["MYUtils"].isUserInRole("Audit_Supervisor") || > #request["MYUtils"].isUserInRole("Audit_Staff") || > #request["MYUtils"].isUserInRole("Level_1_Processor") || > #request["MYUtils"].isUserInRole("Level_2_Processor") || > #request["MYUtils"].isUserInRole("Level_3_Processor")] > Caused by: java.lang.SecurityException: This expression exceeded maximum > allowed length: #request["MYUtils"].isUserInRole("Program_Manager") || > #request["MYUtils"].isUserInRole("Audit_Supervisor") || > #request["MYUtils"].isUserInRole("Audit_Staff") || > #request["MYUtils"].isUserInRole("Level_1_Processor") || > #request["MYUtils"].isUserInRole("Level_2_Processor") || > #request["MYUtils"].isUserInRole("Level_3_Processor") > -----Original Message----- > From: Wolfgang Knauf < > wolfgang.kn...@gmx.de.INVALID[mailto:wolfgang.kn...@gmx.de.INVALID] > > Sent: Friday, May 9, 2025 12:46 PM > To: user@struts.apache.org[mailto:user@struts.apache.org] > Subject: Re: Struts 7 problem > > EXTERNAL EMAIL: This message was sent from outside DOJ. Please do not click > links or open attachments that appear suspicious. > > > Hi Deborah, > > could be a matter of casing - the attribute is "escapeHtml": > https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_tag-2Ddevelopers_property-2Dtag.html&d=DwIFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=aXgukS-NkcL78Ng5156UQDZ1fKg7z3s0u-KxFyK8W8_IIC6p6Xajb4cncqEYoZao&s=neyEKqpoeWVLnnm_nLLFQXpVYotkMnjLQGVy7BeloeY&e= > > Does this help? > > Wolfgang > > Am 09.05.25 um 20:15 schrieb Deborah White: > > > > I am getting this error after migrating to Struts 7.0.0. > > > > > > JBWEB004251: An error occurred at line: 5 column: 57) JBWEB004197: Attribute > > escape invalid for tag property according to TLD > > > > > > I have found maybe related to this <s:property escape="false" />"? > > > > > > I tried changing to escapeHTML but that didn't seem to work. > > > > > > Any ideas? > > > > > > CONFIDENTIALITY NOTICE: This communication with its contents may contain > > confidential and/or legally privileged information. It is solely for the use > > of the intended recipient(s). Unauthorized interception, review, use or > > disclosure is prohibited and may violate applicable laws including the > > Electronic Communications Privacy Act. If you are not the intended > > recipient, please contact the sender and destroy all copies of the > > communication. > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > user-unsubscr...@struts.apache.org[mailto:user-unsubscr...@struts.apache.org] > For additional commands, e-mail: > user-h...@struts.apache.org[mailto:user-h...@struts.apache.org] > > > CONFIDENTIALITY NOTICE: This communication with its contents may contain > confidential and/or legally privileged information. It is solely for the use > of the intended recipient(s). Unauthorized interception, review, use or > disclosure is prohibited and may violate applicable laws including the > Electronic Communications Privacy Act. If you are not the intended recipient, > please contact the sender and destroy all copies of the communication. > B‹KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB•È[œÝXœØÜšX™KK[XZ[ > ˆ\Ù\‹][œÝXœØÜšX™P�Ý��]�˘\XÚK›Ü™ÃB‘›ÜˆY][Û˜[ÛÛ[X[™�ËK[XZ[ > ˆ\Ù\‹Z[��Ý��]�˘\XÚK›Ü™ÃB CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
