How to secure Struts actions with Spring single-sign-on
Currently I am using Struts 2 framework in my web application, now I have integrated single-sign-on with the help of Spring SAML extension and ADFS server, now every thing is working fine except Struts 2 actions,
when I am going to call/hit any Struts action like example.com/myapplication/myactionname.action URL then Spring SSO never ask for authentication.
But when I hit any .jsp OR .js OR .css OR .html file
Ex. example.com/myapplication/test.jsp file in application it will prompt for authentication.
Any ideas how to secure Struts actions with Spring single-sign-on, so that anybody can't access action URL directly without any authentication ?
Finally i got the solution, I have both Spring and Struts filter in my web.xml , I just changed filter order as below and its working for me.
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
- Extra info messages from Struts appearing during Weblogic 12c startup
- Struts action performed by jQuery ajax() Method
- Struts 2 and JDK 17 numbers in locale
- java.lang.NoSuchMethodError for Ognl.createDefaultContext() in Struts 6.4.0
- NoSuchMethodError when using submitting form in Struts 2
- package org.apache.struts2.views.xslt does not exist in struts2 core 6.3.0.2 library
- Struts2 custom login interceptor
- Struts2 s:url for a image in s:submit not working
- Deploy Struts2 WebApp Within An Eclipse RCP Application Via Jetty
- How to get URL parameter in prepare method of action class in Struts 2
- The bounded wildcard gives a error using ModelDriven in Struts 2
- Sitemesh 2.4.2: How to use decorators other than body decorator
- Error creating bean with name 'editAction' defined in ServletContext resource [/WEB-INF/spring/applicationContext.xml] If anyone has time revise all
- SessionAware this.getSession().get("key") always giving null struts2
- ActionContext.getContext() returns null using Session in Struts 2
- How to send and display QRCode image from action class to JSP in Struts 2
- How to retrieve images from server to user using Struts 2
- How to fix FileUploadBase$SizeLimitExceededException: the request was rejected because its size (337867) exceeds the configured maximum (200)
- How to fix org.apache.commons.fileupload.FileUploadBase and SizeLimitExceededException in Struts 2
- How to intercept an image file uploading with CKEditor in Struts 2
- Struts 2 file upload without Struts tags
- HTTP Status 404 in Struts 2 web application and result JSP
- Struts2 DependencyException when upgrading from 2.5.29 to 2.5.33 - missing JAR dependency?
- Uploading image using Struts 2
- Struts2 link to open file only works with IE
- How to: Select date, Press Button, Create File, Download File in Struts 2
- How to display all available Struts2 actions?
- Error uplifting OGNL from 3.3.4 to 3.4.2 with struts2(6.3.0.2)
- Caused by: java.lang.IllegalArgumentException: unknown reserved key '_typeConverter'
- What is the default package name for Struts in struts.xml?