How to integrate Spring Security and Struts2

Question

I\'ve done tons of googling regarding this issue and up to now I could not find any tutorial regarding integrating Struts2 and Spring Security.

My question is that

Answer 1

Let's say you need to secure what's accessible on the /admin/* path. You need to declare the Spring Security Filter in your web.xml, the Struts filter should come after so that if you are accessing /admin it will be Spring Security that handle the request first and will be able to let it pass or block it depending on the role of the user:

  springSecurityFilterChain
  org.springframework.web.filter.DelegatingFilterProxy


springSecurityFilterChain
  /admin/*


    struts2
    org.apache.struts2.dispatcher.FilterDispatcher


    struts2
    /*

You then declare your spring security context:

I propose that you use the struts2-convention plugin so that URLs like /login are bound automatically to a class named let's say com.foo.bar.actions.LoginAction. Same for LogoutAction

Now what is under /admin/* should be secured by Spring Security, and the rest should be forwarded directly to the Struts2 filter.

Finally, in your JSP you can check if someone is an Admin with:

   
you are an admin

The rest can be found in any Spring Security tutorial. What's really important is the order of the filters declaration, spring security must be first.

Edit: searching on google, there is also this link that can be of help for you.