Spring Security 3 filter + Struts 2 actions

**Aure77** · Dec 7th, 2011, 04:15 AM

Hello,

I'am trying to intercept Struts 2 actions from Spring Security filter but when i'am looking for Log, Struts url will never been matched !

web.xml :

Code:

...
	<filter>
		<filter-name>struts2</filter-name>
		<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>struts2</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!-- Struts Tiles Plugin Config -->
	<context-param>
		<param-name>org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG</param-name>
		<param-value>/WEB-INF/tiles-def.xml</param-value>
	</context-param>

	<listener>
		<listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class>
	</listener>

	<!-- Spring Application Context Config -->
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			classpath:Spring-Actions.xml,
			classpath:Spring-Security.xml
		</param-value>
	</context-param>

	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>

	<!-- Spring Security -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>REQUEST</dispatcher>
		<dispatcher>FORWARD</dispatcher>
	</filter-mapping>
....

And Spring Security config context :

Code:

<http>
	<intercept-url pattern="/login*" filters="none" />
	<intercept-url pattern="/css/**" filters="none" />
	<intercept-url pattern="/img/**" filters="none" />
	<intercept-url pattern="/search.action*" access="ROLE_ADMIN" /><!-- Never reach -->
	<intercept-url pattern="/user/**" access="ROLE_ADMIN" /><!-- Never reach -->
	<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />			
	<form-login login-page="/login.action" />
	<logout logout-url="/logout.action" />
</http>

I thinks that Spring Security Filter Chain does not match Struts actions because they are also filtered (I also use Tiles).

Can you help me to perform Spring Security integration with Struts 2 ?

**Marten Deinum** · Dec 7th, 2011, 04:28 AM

Problem is your filter order. Make sure that you execute your security filter BEFORE the struts filter now first struts handles the request after that spring security. Move the filter-mapping for spring security before the struts filter.

**Aure77** · Dec 7th, 2011, 04:47 AM

Thank you !!

It was filter order in web.xml

I thought that Spring Security filter should be executed at end (after all url filtering processes)

Thread: Spring Security 3 filter + Struts 2 actions

Thread Tools

Display

Spring Security 3 filter + Struts 2 actions

Posting Permissions