struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "M. Rakowski" <matth...@rakowski.biz>
Subject Re: Authentication and authorization
Date Thu, 19 Apr 2012 22:53:30 GMT
a brief explanation for basic spring-security (only authentication) 
configuration with struts:

Spring security is running as a filter in your web-app
(you need to make sure that it comes first before Struts).
For the filter-configuration take a look at (2.2.1):
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html

Than you will have to provide a context file where you
define the whole configuration for Spring-security:
- <intercept-url pattern="" access=""/> : access roles for certain url 
patterns
- <form-login login-page="your-struts-login-action" /> : configuration 
for login
- <authentication-manager> : to provide a service for 
user-authentication, like:
<authentication-manager>
  <authentication-provider 
user-service-ref="your-authentication-service"> [...]

The last step is the implementation of the authentication-service
(http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/userdetails/UserDetailsService.html):
UserDetails loadUserByUsername(String username)
and UserDetails-Interfaces (your User-Bean).

For all authenticated struts-actions you can get UserDetail
by accessing 
SecurityContextHolder.getContext().getAuthentication().getPrincipal()
(http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/context/SecurityContextHolder.html)

I hope i could help you with this short explanation which covers only 
basic usage of spring.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message