How to integrate Spring Security and Struts2

Question

I\'ve done tons of googling regarding this issue and up to now I could not find any tutorial regarding integrating Struts2 and Spring Security.

My question is that

Answer 1

This is actually very simple - Spring Security is web framework agnostic :)

You need to define Spring Security filter chain - this is a Java Filter that should be mapped to all requests. The filter will check if the path requires any privilages and if so checks if user is logged in and has those privilages.

Simple setup example.

web.xml (insert to your existing one, alongside struts config):

    contextConfigLocation
    
        classpath:META-INF/spring/applicationContext-security.xml
    



    org.springframework.web.context.ContextLoaderListener



    springSecurityFilterChain
    org.springframework.web.filter.DelegatingFilterProxy



    springSecurityFilterChain
    /*

Spring security configuration (in the file mentioned in web.xml in contextConfigLocation parameter):

You may extend this as you wish - Spring's documentation is rather well written

You may go along an even simpler auto-config:

Above options secure your web-app per request path. You may want to secure the actions as well. Adding the below would get you going:

Let me know what features you need and I can point you in a direction. Keep in mind that namespace config is not a silver bullet - if you need a very custom solution you might need to configure all the spring beans yourself, but the documentation explains this well.