Struts 2 application with basic Spring Security

In this section we will demonstrate basic Spring Security authentication with Struts 2. We will create a sample Struts 2 application and add Spring Security features to the action to make it secured. Only authenticated authorized users can access it.

Getting ready

  • Update the Applicationcontext-security.xml file
  • Create a new dynamic project in Eclipse: Struts2_Spring_BASIC_Security_Recipe2

How to do it...

Perform the following steps for integrating the Struts 2 application with Spring Security to implement basic authentication:

  1. Modify the applicationcontext-security.xml file to support basic security:

    Applicationcontext-security.xml:

    <beans:beans xmlns="http://www.springframework.org/schema/security"
       xmlns:beans="http://www.springframework.org/schema/beans" 
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.1.xsd">
     
     <global-method-security pre-post-annotations="enabled">
            <!-- AspectJ pointcut expression that locates our "post" method and applies security that way
            <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
            -->
        </global-method-security>
    
      <http>
       <intercept-url pattern="/welcome" access="ROLE_TELLER" />
       <http-basic />
      </http>
       <authentication-manager>
         <authentication-provider>
           <user-service>
             <user name="anjana" password="123456" authorities="ROLE_TELLER" />
           </user-service>
         </authentication-provider>
       </authentication-manager>
    </beans:beans>

How it works...

When the user runs the Struts 2 application and tries to access the secured resource, the Spring Security context is initialized and the Struts 2 action is interrupted with Spring's login dialog box, which will request the username and password. On successful authentication, the user will be redirected to the Struts 2 action page.

The following is the workflow of the application:

Struts 2 and Spring basic security on browser:

How it works...

See also

  • The Using Struts 2 with digest/hashing-based Spring Security recipe