I have a struts2 action with an @Secured({"ROLE_ADMIN"})
to secure the execute method. In the execute method i assign a message to a member variable of the action, then return SUCCESS and end up on the jsp page. On the page I retrieve the actions member variable with <sroperty
.
private String greeting;
public String execute() throws Exception {
this.greeting="Hello";
return SUCCESS;
}
// getters and setters for greeting
...
<s:property value="greeting" />
The problem is when the secured annotation is present the jsp shows nothing for the member variable but when @Secured is removed the whole thing behaves properly and shows the message that was set into the member variable.
It appears that the actual security is working ok but when enabled via the annotation the member variable (or maybe the instance of the action) is not making its way onto the value stack.
I cant see any error messages.