How to secure Struts actions with Spring single-sign-on
Currently I am using Struts 2 framework in my web application, now I have integrated single-sign-on with the help of Spring SAML extension and ADFS server, now every thing is working fine except Struts 2 actions,
when I am going to call/hit any Struts action like example.com/myapplication/myactionname.action URL then Spring SSO never ask for authentication.
But when I hit any .jsp OR .js OR .css OR .html file
Ex. example.com/myapplication/test.jsp file in application it will prompt for authentication.
Any ideas how to secure Struts actions with Spring single-sign-on, so that anybody can't access action URL directly without any authentication ?
Finally i got the solution, I have both Spring and Struts filter in my web.xml , I just changed filter order as below and its working for me.
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
- How to disable the label for <s:textfield> tag in Struts 2
- What is the default package name for Struts 2 in struts.xml?
- Dynamic <s:form> action in Struts 2
- <sj:submit> with targets and errorElementId not rendering properly
- Comparing two string values in validation.xml
- Are session in Struts 2 and sessionScope in JSP EL the same?
- How to pass an object from front-end to Struts 2 backend through JavaScript?
- How to avoid Struts 2 validation?
- How to load some text onto a JSP page in Struts 2?
- How to pass a Map<ObjectA, List<ObjectB>> to action in Struts 2?
- How to use <s:select> tag with two lists of the same type in Struts 2?
- How to save a dropdown list value to the database in Struts 2?
- Custom 404 error page not working with Struts 2
- How to retrieve the elements of HashSet without using <s:iterator> tag in Struts 2?
- How to use Struts <s:iterator> and <s:if> tags together?
- How many sessions can be managed by an Java Application in Struts 2?
- How to fix SizeLimitExceededException: the request was rejected because its size (337867) exceeds the configured maximum (200) in Struts 2?
- How to get request parameters by the interceptor in Struts 2?
- How to use CSS files with <s:head> tag in Struts 2?
- Return to current page on INPUT result in Struts 2
- How to retrieve images from server and show them on JSP page in Struts 2?
- How to use <s:select> tag to show keys from a Map and return values to the action in Struts 2?
- Manual validation on specific fields in Struts 2
- How to upload a file using ServletFileUpload's parseRequest() in Struts 2?
- How to display the validation messages based on multiple languages in Struts 2?
- java.lang.NoClassDefFoundError: ognl.OgnlRuntime
- Bean type class com.opensymphony.xwork2.ObjectFactory with the name struts has already been loaded by bean
- How to use Open Session in View pattern in Struts 2?
- What's causing this NPE when I request an action?
- Adding interceptors in struts.xml for all Action classes