- Spring Security 3.x Cookbook
- Anjana Mankale
- 176字
- 2021-07-23 14:10:44
Struts 2 application with basic Spring Security
In this section we will demonstrate basic Spring Security authentication with Struts 2. We will create a sample Struts 2 application and add Spring Security features to the action to make it secured. Only authenticated authorized users can access it.
Getting ready
- Update the
Applicationcontext-security.xml
file - Create a new dynamic project in Eclipse:
Struts2_Spring_BASIC_Security_Recipe2
How to do it...
Perform the following steps for integrating the Struts 2 application with Spring Security to implement basic authentication:
- Modify the
applicationcontext-security.xml
file to support basic security:Applicationcontext-security.xml
:<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <global-method-security pre-post-annotations="enabled"> <!-- AspectJ pointcut expression that locates our "post" method and applies security that way <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/> --> </global-method-security> <http> <intercept-url pattern="/welcome" access="ROLE_TELLER" /> <http-basic /> </http> <authentication-manager> <authentication-provider> <user-service> <user name="anjana" password="123456" authorities="ROLE_TELLER" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans>
How it works...
When the user runs the Struts 2 application and tries to access the secured resource, the Spring Security context is initialized and the Struts 2 action is interrupted with Spring's login dialog box, which will request the username and password. On successful authentication, the user will be redirected to the Struts 2 action page.
The following is the workflow of the application:
Struts 2 and Spring basic security on browser:
See also
- The Using Struts 2 with digest/hashing-based Spring Security recipe