First of all,
here is a great article in the most recent JDJ on
Struts security that I'd suggest you read.
In that article, it explains that if you want to change Struts' behavior when it checks security roles, you need to create a subclass of RequestProcessor and in that subclass, override the processRoles method.
[ March 28, 2006: Message edited by: Merrill Higginson ]