I used to specify roles that can execute struts action in struts config, can I still use this feature?
Yes of course, just add the in your filter chain and
Code:
<bean id="requestWrapper" class="net.sf.acegisecurity.wrapper.ContextHolderAwareRequestFilter"/>
in your security context.xml file.
Struts request processor will be able to call request.isUserInRole().
Do I still need the security constraints and roles defined in the web.xml once I start using acegi or are they needed for struts?
No you don't need those anymore because you won't have to use a REALM.
Simply declare your security constraint in the acegi spring config file.
If a role was named S does it become ROLE_S in acegi?
No you are not forced to use ROLE_ prefix.
In the bean that defines the
Code:
net.sf.acegisecurity.vote.RoleVoter
simply define the property
Code:
<property name="rolePrefix"><value>null</value></property>
(I'm not completly sure of the syntax because I find the ROLE_ prefix quite handy).
Also as I don't use the j_acegi_security_check but my action on the form leads to LoginAction.do, how do I map it in the applicationContext-acegi-security.xml file?
I guess I advice you to use acegi authentication mechanisms.
Nothing prevents you to load your user profile the way you did before but in a servlet filter instead. Simply trigger your filter if the user is authenticated but your application user profile is null in the session.
Hope it helps.
I have written a very simple entry in my blog on migrating from a REALM to ACEGI
Acegi newbie and Struts integration
