I believe that either I've discovered a bug in the bridging mechanism, or I'm not using it correctly.

Some of my struts actions are protected by a `roles' parameter in the ActionMapping line in struts-config.xml

When I go directly to the action using an appropriate portal URL (eg
http://localhost:8080/portal/index.html?ctrl:id=window.default.LeadAdminWindow&ctrl:type=action&_spage=%2Fadmin%2FViewLeads.do ) I get the appropriate 403 error. Although not very pretty, this message helps the user realise they must log in.

However, when I specify the struts action as the `ViewPage' parameter in my portlet.xml and then access the portlet using a regular URL (eg http://localhost:8080/portal/index.html?ctrl:id=page.default.leadsadmin ) the 403 message doesn't appear - just the portal title and nothing else. I suspect that struts is blocking access to the action, but the error message is not being displayed by the bridge or the portlet container/portal. Therefore, the user doesn't know what is wrong.