Thursday, July 12, 2012

Integrating Struts2 with Spring Security using Custom Login Form

Integrating Struts2 with Spring Security involves few configurations.

Add all the spring core and spring security related jars-- spring -3.0.6

Struts2-Action :gets user principal and displays it on jsp after authentication
 package com.prdc.spring3;  
 import java.util.ArrayList;  
 import javax.servlet.http.HttpServletRequest;   
 import java.util.Iterator;  
 import java.util.List;  
 import java.util.Properties;  
 import java.util.Set;  
 import org.apache.struts2.ServletActionContext;  
 public class HelloWorld {  
      private String message;  
      private String username;  
      public String getMessage() {  
           return message;  
      }  
      public void setMessage(String message) {  
           this.message = message;  
      }  
      public String execute() {  
           /*to get the authenticated username*/  
           HttpServletRequest request = ServletActionContext.getRequest();  
           this.setUsername(request.getUserPrincipal().getName());  
           this.setMessage("Successful Struts spring secuirty authentication");  
            return "SUCCESS";  
   }  
      public String getUsername() {  
           return username;  
      }  
      public void setUsername(String username) {  
           this.username = username;  
      }  
 }  
create folder-secure/ and inside the secure folder- create JSP-hello.jsp
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>  
 <%@page import="java.security.Principal" %>  
 <html>  
 <body>  
      <h3>Message : ${message}</h3>       
      <h3>Username : ${username}</h3>        
      <a href="<c:url value="/j_spring_security_logout" />" > Logout</a>  
 </body>  
 </html>  
Step-1:Add spring filters- before-Sturts2 Filters in your web.xml file.Also welcome file list is moved to the bottom.
<context-param>tag is used to read the applicationContext-security.xml file
Two spring securityFilters are added in web.xml file:
  • springSecurityFilterChain
  • DelegatingFilterProxy
<?xml version="1.0" encoding="UTF-8"?> 
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> 
  <display-name>Spring_Struts2_Security</display-name> 
  <context-param> 
   <param-name>contextConfigLocation</param-name> 
   <param-value> 
           /WEB-INF/applicationContext-security.xml 
           </param-value> 
  </context-param> 
  <filter> 
   <filter-name>springSecurityFilterChain</filter-name> 
   <filter-class> 
          org.springframework.web.filter.DelegatingFilterProxy 
         </filter-class> 
  </filter> 
  <filter-mapping> 
   <filter-name>springSecurityFilterChain</filter-name> 
   <url-pattern>/*</url-pattern> 
  </filter-mapping> 
  <filter> 
   <filter-name>struts2</filter-name> 
   <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> 
  </filter> 
  <listener> 
   <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
  </listener> 
  <filter-mapping> 
   <filter-name>struts2</filter-name> 
   <url-pattern>/*</url-pattern> 
  </filter-mapping> 
  <servlet> 
   <description></description> 
   <display-name>TestServlet</display-name> 
   <servlet-name>TestServlet</servlet-name> 
   <servlet-class>com.prdc.spring3.TestServlet</servlet-class> 
  </servlet> 
  <servlet-mapping> 
   <servlet-name>TestServlet</servlet-name> 
   <url-pattern>/TestServlet</url-pattern> 
  </servlet-mapping> 
  <welcome-file-list> 
   <welcome-file>index.jsp</welcome-file> 
  </welcome-file-list> 
 </web-app>  

Step-2:Add a application-Context-secuirty.xml file to WEB-INF folder.map the struts2 actions .The /welcome url has been made secure. in the below file using intercept-url

 <beans:beans xmlns="http://www.springframework.org/schema/security"  
      xmlns:beans="http://www.springframework.org/schema/beans"   
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
      xsi:schemaLocation="http://www.springframework.org/schema/beans  
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd  
      http://www.springframework.org/schema/security  
      http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">  
  <global-method-security pre-post-annotations="enabled">  
     <!-- AspectJ pointcut expression that locates our "post" method and applies security that way  
     <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>  
     -->  
   </global-method-security>  
      <http auto-config="true">  
           <intercept-url pattern="/welcome" access="ROLE_USER" />  
           <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed?error=true" />  
 <!--            <intercept-url pattern="/**" access="permitAll" /> -->  
           <logout/>  
      </http>  
      <authentication-manager>  
       <authentication-provider>  
        <user-service>  
           <user name="anjana" password="123456" authorities="ROLE_USER" />  
        </user-service>  
       </authentication-provider>  
      </authentication-manager>  
 </beans:beans>  

Step-3:Struts.xml file map the action here:
 
 <!DOCTYPE struts PUBLIC  
 "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"  
 "http://struts.apache.org/dtds/struts-2.0.dtd">  
 <struts>  
 <constant name="struts.action.excludePattern" value="/j_spring_security_check"/>  
 <constant name="struts.action.excludePattern" value="/j_spring_security_check.*,.*\\.j_spring_security_check"/>  
   <package name="default" namespace="/" extends="struts-default">  
     <action name="helloWorld" class="com.prdc.spring3.HelloWorld">  
       <result name="SUCCESS">success.jsp</result>  
     </action>  
    <action name="login">  
                <result>login.jsp</result>  
           </action>  
           <action name="loginfailed">  
                <result>login.jsp?error=true</result>  
           </action>  
                <action name="welcome">  
                <result>secure/hello.jsp</result>  
           </action>  
   </package>  
 </struts>  

4 comments:

  1. Could you please post the sample project with the above configuration?

    ReplyDelete
  2. hi could u please post sample project on my mail id firdoseows@gmail.com

    ReplyDelete
  3. Will u mail that code me 2 lakshman.giri00@gmail.com

    ReplyDelete
  4. Will u mail the sample project code to p4praseen@gmail.com also.

    ReplyDelete