如何整合Spring Security和Struts2 [英] How to integrate Spring Security and Struts2

问题描述

关于这个问题，我已经进行了大量的搜索，到目前为止，我还没有找到有关集成Struts2和Spring Security的任何教程.

I've done tons of googling regarding this issue and up to now I could not find any tutorial regarding integrating Struts2 and Spring Security.

我的问题是我应该如何整合Spring Security和Struts2?

My question is that How would I integrate Spring Security and Struts2?

在我希望限制某些操作或页面的地方，例如管理员页面/URL应该仅由管理员访问，而其他类似的事情，如果用户尝试访问该页面，则他或她将被重定向到另一个页面.

Where I want certain actions or pages to be restricted, like the admin page/url should be accessed only by an administrator and other things like that if a user tried to accessed that page he or she would be redirected to another page.

推荐答案

假设您需要保护/admin/*路径上可访问的内容.您需要在web.xml中声明Spring Security过滤器，Struts过滤器应紧随其后，这样，如果您访问/admin，它将由Spring Security首先处理请求，并能够让其通过或阻止它取决于用户的角色:

Let's say you need to secure what's accessible on the /admin/* path. You need to declare the Spring Security Filter in your web.xml, the Struts filter should come after so that if you are accessing /admin it will be Spring Security that handle the request first and will be able to let it pass or block it depending on the role of the user:

<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/admin/*</url-pattern>
</filter-mapping>
<filter>
    <filter-name>struts2</filter-name>
    <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

然后，您声明您的spring安全上下文:

You then declare your spring security context:

<http>
    <intercept-url pattern="/*" filters="none" />
    <intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />           
    <form-login login-page="/login" />
    <logout logout-url="/logout" />
</http>

我建议您使用struts2-convention插件，以便将/login之类的URL自动绑定到名为com.foo.bar.actions.LoginAction的类.与LogoutAction

I propose that you use the struts2-convention plugin so that URLs like /login are bound automatically to a class named let's say com.foo.bar.actions.LoginAction. Same for LogoutAction

现在/admin/*下的内容应该由Spring Security保护，其余的应该直接转发到Struts2过滤器.

Now what is under /admin/* should be secured by Spring Security, and the rest should be forwarded directly to the Struts2 filter.

最后，在您的JSP中，您可以检查某人是否是具有以下内容的管理员:

Finally, in your JSP you can check if someone is an Admin with:

<sec:authorize access="hasRole('ROLE_ADMIN')">
   <p>you are an admin</p>
</sec:authorize>

其余内容可以在任何Spring Security教程中找到.真正重要的是过滤器声明的顺序，必须首先确保Spring安全性.

The rest can be found in any Spring Security tutorial. What's really important is the order of the filters declaration, spring security must be first.

在Google上进行搜索，还有链接可能会对您有所帮助.

searching on google, there is also this link that can be of help for you.

这篇关于如何整合Spring Security和Struts2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！