a brief explanation for basic spring-security (only authentication)
configuration with struts:
Spring security is running as a filter in your web-app
(you need to make sure that it comes first before Struts).
For the filter-configuration take a look at (2.2.1):
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html
Than you will have to provide a context file where you
define the whole configuration for Spring-security:
- <intercept-url pattern="" access=""/> : access roles for certain url
patterns
- <form-login login-page="your-struts-login-action" /> : configuration
for login
- <authentication-manager> : to provide a service for
user-authentication, like:
<authentication-manager>
<authentication-provider
user-service-ref="your-authentication-service"> [...]
The last step is the implementation of the authentication-service
(http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/userdetails/UserDetailsService.html):
UserDetails loadUserByUsername(String username)
and UserDetails-Interfaces (your User-Bean).
For all authenticated struts-actions you can get UserDetail
by accessing
SecurityContextHolder.getContext().getAuthentication().getPrincipal()
(http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/context/SecurityContextHolder.html)
I hope i could help you with this short explanation which covers only
basic usage of spring.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
