Struts2 + Spring Security 2.06: Valuestack is null when attempting to use @Secured on an Action method

I just wonder, this problem occurs if you use the default configuration of Spring Security, where it expects ROLE_ prefixed names.

See this question:How do I use custom roles/authorities in Spring Security?

You are using the default configuration witch expects that roles starts with the "ROLE_" prefix. You will have to add a custom security configuration and set rolePrefix to ""

The example configuration from: Spring Security Role Prefix and Custom User Details Service

<beans:bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">    <beans:property name="rolePrefix" value="" /></beans:bean>

Related questions:

• Spring Security ROLE_ prefix no longer needed?
• Acegi Security: How do i add another GrantedAuthority to Authentication to anonymous user

The stacktrace indicates a problem in the 'header.jsp' file, where there is a problem with the tag. I suspect you simply have a nullpointer problem with the expression in the tag. Can you share the JSP snippet of header.jsp ?

this won't directly answer your question, but you would have a much easier time of integration if you utilize Spring 3 MVC Controllers with annotations and use a Spring Security version that matches. This would give you the added benefit of being able to develop it faster, ditch the XML configuration for your controllers and it would only take a few minutes to switch. Depending on how far into your implementation you are, this may be an option. Typically Spring annotations only work when they are within a Spring managed beans or you weave dependencies into non Spring classes at compile or runtime.