Hello! (Hope this is the correct forum for this question)
I get this error in my hello-world-struts2-webapp when I run it in my tomcat with the catalina.policy. (Btw my catalina.policy is edited a bit to match my production env: http://pastie.org/8510824) /-- Encapsulated exception ------------\ java.lang.IllegalAccessException: Method [public void se.mycompany.web.actions.WelcomeUserAction.setUsername(java.lang.String)] cannot be accessed. at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:838) at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1280) I found this solution: https://groups.google.com/forum/#!msg/google-appengine-java/GQGLAxfyeBc/1NIfi8duNCEJ It suggest that a listener does: OgnlRuntime.setSecurityManager(null); In the doc for OgnlRuntime it says: Sets the SecurityManager that OGNL uses to determine permissions for invoking methods. But is this really a correct solution to set it to null? To me it doesn't sound good to have the securitymanager set to null, what security holes does that create? Could this be solved with some extra grants in the catalina.policy-file instead? Best regards Fredrik
