Integrating Struts2 with Spring Security using Custom Login Form

Integrating Struts2 with Spring Security involves few configurations.

Add all the spring core and spring security related jars-- spring -3.0.6

Struts2-Action :gets user principal and displays it on jsp after authentication
 package com.prdc.spring3;  
 import java.util.ArrayList;  
 import javax.servlet.http.HttpServletRequest;   
 import java.util.Iterator;  
 import java.util.List;  
 import java.util.Properties;  
 import java.util.Set;  
 import org.apache.struts2.ServletActionContext;  
 public class HelloWorld {  
      private String message;  
      private String username;  
      public String getMessage() {  
           return message;  
      }  
      public void setMessage(String message) {  
           this.message = message;  
      }  
      public String execute() {  
           /*to get the authenticated username*/  
           HttpServletRequest request = ServletActionContext.getRequest();  
           this.setUsername(request.getUserPrincipal().getName());  
           this.setMessage("Successful Struts spring secuirty authentication");  
            return "SUCCESS";  
   }  
      public String getUsername() {  
           return username;  
      }  
      public void setUsername(String username) {  
           this.username = username;  
      }  
 }  
create folder-secure/ and inside the secure folder- create JSP-hello.jsp
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>  
 <%@page import="java.security.Principal" %>  
 <html>  
 <body>  
      <h3>Message : ${message}</h3>       
      <h3>Username : ${username}</h3>        
      <a href="<c:url value="/j_spring_security_logout" />" > Logout</a>  
 </body>  
 </html>  
Step-1:Add spring filters- before-Sturts2 Filters in your web.xml file.Also welcome file list is moved to the bottom.
<context-param>tag is used to read the applicationContext-security.xml file
Two spring securityFilters are added in web.xml file:
  • springSecurityFilterChain
  • DelegatingFilterProxy
<?xml version="1.0" encoding="UTF-8"?> 
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> 
  <display-name>Spring_Struts2_Security</display-name> 
  <context-param> 
   <param-name>contextConfigLocation</param-name> 
   <param-value> 
           /WEB-INF/applicationContext-security.xml 
           </param-value> 
  </context-param> 
  <filter> 
   <filter-name>springSecurityFilterChain</filter-name> 
   <filter-class> 
          org.springframework.web.filter.DelegatingFilterProxy 
         </filter-class> 
  </filter> 
  <filter-mapping> 
   <filter-name>springSecurityFilterChain</filter-name> 
   <url-pattern>/*</url-pattern> 
  </filter-mapping> 
  <filter> 
   <filter-name>struts2</filter-name> 
   <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> 
  </filter> 
  <listener> 
   <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
  </listener> 
  <filter-mapping> 
   <filter-name>struts2</filter-name> 
   <url-pattern>/*</url-pattern> 
  </filter-mapping> 
  <servlet> 
   <description></description> 
   <display-name>TestServlet</display-name> 
   <servlet-name>TestServlet</servlet-name> 
   <servlet-class>com.prdc.spring3.TestServlet</servlet-class> 
  </servlet> 
  <servlet-mapping> 
   <servlet-name>TestServlet</servlet-name> 
   <url-pattern>/TestServlet</url-pattern> 
  </servlet-mapping> 
  <welcome-file-list> 
   <welcome-file>index.jsp</welcome-file> 
  </welcome-file-list> 
 </web-app>  

Step-2:Add a application-Context-secuirty.xml file to WEB-INF folder.map the struts2 actions .The /welcome url has been made secure. in the below file using intercept-url

 <beans:beans xmlns="http://www.springframework.org/schema/security"  
      xmlns:beans="http://www.springframework.org/schema/beans"   
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
      xsi:schemaLocation="http://www.springframework.org/schema/beans  
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd  
      http://www.springframework.org/schema/security  
      http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">  
  <global-method-security pre-post-annotations="enabled">  
     <!-- AspectJ pointcut expression that locates our "post" method and applies security that way  
     <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>  
     -->  
   </global-method-security>  
      <http auto-config="true">  
           <intercept-url pattern="/welcome" access="ROLE_USER" />  
           <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed?error=true" />  
 <!--            <intercept-url pattern="/**" access="permitAll" /> -->  
           <logout/>  
      </http>  
      <authentication-manager>  
       <authentication-provider>  
        <user-service>  
           <user name="anjana" password="123456" authorities="ROLE_USER" />  
        </user-service>  
       </authentication-provider>  
      </authentication-manager>  
 </beans:beans>  

Step-3:Struts.xml file map the action here:
 
 <!DOCTYPE struts PUBLIC  
 "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"  
 "http://struts.apache.org/dtds/struts-2.0.dtd">  
 <struts>  
 <constant name="struts.action.excludePattern" value="/j_spring_security_check"/>  
 <constant name="struts.action.excludePattern" value="/j_spring_security_check.*,.*\\.j_spring_security_check"/>  
   <package name="default" namespace="/" extends="struts-default">  
     <action name="helloWorld" class="com.prdc.spring3.HelloWorld">  
       <result name="SUCCESS">success.jsp</result>  
     </action>  
    <action name="login">  
                <result>login.jsp</result>  
           </action>  
           <action name="loginfailed">  
                <result>login.jsp?error=true</result>  
           </action>  
                <action name="welcome">  
                <result>secure/hello.jsp</result>  
           </action>  
   </package>  
 </struts>  

Comments

  1. Could you please post the sample project with the above configuration?

    ReplyDelete
  2. hi could u please post sample project on my mail id firdoseows@gmail.com

    ReplyDelete
  3. Will u mail that code me 2 lakshman.giri00@gmail.com

    ReplyDelete
  4. Will u mail the sample project code to p4praseen@gmail.com also.

    ReplyDelete
  5. That's really awesome blog because i found there lot of valuable Information and i am very glad that you share this blog with us.
    Window Ac Repairing Service in Delhi NCR


    ReplyDelete
  6. Thank you so much for sharing. Keep updating your blog. It will very useful to the many users
    Building Contractors Service Provider In Delhi NCR

    ReplyDelete
  7. This is such a great resource that you are providing and you it away for free. I love seeing blog that understand the value.
    Event Organizers in South Delhi
    Event Organizers in Delhi NCR

    ReplyDelete

Post a Comment

Popular posts from this blog

defining functions clojure