Announcement Announcement Module
Collapse
No announcement yet.
Spring Security 3 filter + Struts 2 actions Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security 3 filter + Struts 2 actions

    Hello,

    I'am trying to intercept Struts 2 actions from Spring Security filter but when i'am looking for Log, Struts url will never been matched !

    web.xml :
    Code:
    ...
    	<filter>
    		<filter-name>struts2</filter-name>
    		<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
    	</filter>
    
    	<filter-mapping>
    		<filter-name>struts2</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    
    	<!-- Struts Tiles Plugin Config -->
    	<context-param>
    		<param-name>org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG</param-name>
    		<param-value>/WEB-INF/tiles-def.xml</param-value>
    	</context-param>
    
    	<listener>
    		<listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class>
    	</listener>
    
    	<!-- Spring Application Context Config -->
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>
    			classpath:Spring-Actions.xml,
    			classpath:Spring-Security.xml
    		</param-value>
    	</context-param>
    
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
    
    	<!-- Spring Security -->
    	<filter>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    	</filter>
    
    	<filter-mapping>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<url-pattern>/*</url-pattern>
    		<dispatcher>REQUEST</dispatcher>
    		<dispatcher>FORWARD</dispatcher>
    	</filter-mapping>
    ....
    And Spring Security config context :
    Code:
    <http>
    	<intercept-url pattern="/login*" filters="none" />
    	<intercept-url pattern="/css/**" filters="none" />
    	<intercept-url pattern="/img/**" filters="none" />
    	<intercept-url pattern="/search.action*" access="ROLE_ADMIN" /><!-- Never reach -->
    	<intercept-url pattern="/user/**" access="ROLE_ADMIN" /><!-- Never reach -->
    	<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />			
    	<form-login login-page="/login.action" />
    	<logout logout-url="/logout.action" />
    </http>
    I thinks that Spring Security Filter Chain does not match Struts actions because they are also filtered (I also use Tiles).

    Can you help me to perform Spring Security integration with Struts 2 ?

  • #2
    Problem is your filter order. Make sure that you execute your security filter BEFORE the struts filter now first struts handles the request after that spring security. Move the filter-mapping for spring security before the struts filter.

    Comment


    • #3
      Thank you !!

      It was filter order in web.xml
      I thought that Spring Security filter should be executed at end (after all url filtering processes)
      Last edited by Aure77; Dec 7th, 2011, 04:56 AM.

      Comment

      Working...
      X