Yes of course, just add the in your filter chain and
I used to specify roles that can execute struts action in struts config, can I still use this feature?
in your security context.xml file.
<bean id="requestWrapper" class="net.sf.acegisecurity.wrapper.ContextHolderAwareRequestFilter"/>
Struts request processor will be able to call request.isUserInRole().
No you don't need those anymore because you won't have to use a REALM.
Do I still need the security constraints and roles defined in the web.xml once I start using acegi or are they needed for struts?
Simply declare your security constraint in the acegi spring config file.
No you are not forced to use ROLE_ prefix.
If a role was named S does it become ROLE_S in acegi?
In the bean that defines the
simply define the property
(I'm not completly sure of the syntax because I find the ROLE_ prefix quite handy).
I guess I advice you to use acegi authentication mechanisms.
Also as I don't use the j_acegi_security_check but my action on the form leads to LoginAction.do, how do I map it in the applicationContext-acegi-security.xml file?
Nothing prevents you to load your user profile the way you did before but in a servlet filter instead. Simply trigger your filter if the user is authenticated but your application user profile is null in the session.
Hope it helps.
I have written a very simple entry in my blog on migrating from a REALM to ACEGI