My application uses struts and spring integration using the spring plugin for struts. I then apply my custom security aspects to the actions which are defined in the spring config file. The security exception thrown by the security aspects are handled by the struts exception handler.

I want to now replace my custom security with acegi. What is the best way to approach this keeping the above mentioned structure in mind? Do i have to use filters to do the security or can I just apply security at struts action level using aspects or a combination of both ?

Any thougts will be appreciated

Thanks

Which AOP framework are you using? If AOP Alliance (default Spring IoC AOP) or AspectJ, you'll find Acegi Security offers alternative advisors you can use in place of your own. They'll consult SecurityContextHolder for the SecurityContext.getAuthentication(). I would suggest you first get authentication working by adopting one of the Acegi Security-provided filters and AuthenticationProviders. Then change your existing aspects to use SecurityContextHolder. That way you can defer making major changes to your authorization side until later. When you get more time, replace your existing aspects with the appropriate Acegi Security AbstractSecurityInterceptor subclass. You might even find it's worth not bothering with the intermediate step of getting your aspects to work with SecurityContextHolder, and just jump straight to using the appropriate AbstractSecurityInterceptor.