Description:
Enforce only allowed objects and types being requested from the JSP - preventing business objects hitting the "glass".

The general idea is to throw a runtime error when something other than an instance of a marker interface "MonitorViewObject", String, Integer, Long... or collection of same is requested from a jsp.

Since this could potentially halt development I thought we would both key off of whether dev-mode is on AND have an override in case you are working on a feature and putting off the creation of the view container until a later time.

I spoke with both Eric and Oldag on this subject and they expressed interest.

How to repeat:
Once advisors with bundles is supported in 2.0. Requests for the text property of a rule bo will return a key rather than the actual text. Surfacing this to the jsp layer will show the incorrect value to the user. However, the call will be valid and it may not be obvious that the wrong information will be displayed.

Suggested fix:
This will likely have to happen in a custom build of struts. We had already talked about doing this to improve date handling, error reporting of bad property keys, invalid method calls in the jsp, and changing the lifespan of errors and notices.

See description for a possible implementation from the appropriate point in struts.

Note, protect call to original object in view containers.

Something to note - most container objects will have a method to retrieve the original server object (useful in action code in a variety of situations). However, this method should not be called from the jsp. Because these methods need to remain public, perhaps a check that the caller is an instance of something that extends BaseAction?