#1. The acegi filters and Tiles aren't related. The filters kick-in even before the JSP renders and Tiles gets a chance to do any work. So to answer your question, the filters do work with Tiles.
#2. I think you meant to say the Validator, not Tiles. The validator may be used in Struts apps to do validation. The validator can be used outside of Tiles. See the Jakarta Validator site for details on that. You could tap into it to validate credentials by extending the AuthenticationProcessingFilter and overiding the onPreAuthentication method to call the validator. If you find a validation problem you send a response back right from there. I think this would work, but I didn't look at it too closely.
#3. No they are not mandatory. You just need to make sure you get the work done some how. The fiters are a great way. There's no reason you can't use them with Struts. They're MVC agnostic. That's the great thing about the design. I suggest you keep them in case you want to swap out Struts someday. There's no need to do extra work.
#4. If you want to do authentication by hand inside an action, then you need to make sure you store the Authentication object in the ContextHolder so it can be accessed throughout the life of the request. Here's a code snip
You'd need to pass in the authentication manager. You could do this by integrating Struts and Spring using the delegation method.
Authentication usernamePasswordAuthentication = new UsernamePasswordAuthenticationToken(username,password);
Authentication authentication = getAuthenticationManager().authenticate(usernamePasswordAuthentication);
SecureContext context = new SecureContextImpl();
Note, you'll need to make sure you shuttle the Authentication object in/out of the HttpSession, but that's the job of the HttpSessionContextIntegrationFilter. That would be another job you would need to take care of if you decided not to use the filters.