This is the Strict Method Invocation , and since Struts 2.5 is enabled by default.
From the documents on SMI and wildcard mappings:
When using wildcard matching in action definitions, SMI works in two ways:
- SMI is disabled - any wildcard will be replaced with the standard RegEx, i.e.:
<action name="Person*" method="perform*"> will be converted to allowedMethod = "regex:perform([A-Za-z0-9_$]*)" . - SMI is enabled - there will be no wildcard substitution, you must strictly determine which methods can be accessed using annotations or the
<allowed-method/> .
You can disable it for <package> .
<package strict-method-invocation="false">
OR you can add allowed method names for each action using the <allowed-methods> .
<action name="*Application" class="x.ApplicationHandler" method="{1}"> <result name="input">/WEB-INF/application.jsp</result> <result name="success" type="redirectAction"> <param name="actionName">browseApps</param> </result> <allowed-methods>firstMethod, secondMethod, thirdMethod</allowed-methods> </action>
OR add the names of allowed methods for each package using the <global-allowed-methods> .
<package extends="struts-default"> <global-allowed-methods>firstMethod, secondMethod, thirdMethod</global-allowed-methods> </package>
NOTE To use the above tags in struts.xml, you must update the DTD definition to 2.5 .
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.5//EN" "http://struts.apache.org/dtds/struts-2.5.dtd"> <struts> ... </struts>
There is also a @AllowedMethods annotation in struts2-convention-plugin that allows actions to indicate valid actions.
This annotation can be used directly for the Action classes or the package-info.java class to specify globally valid methods for all subpackages.