Here are some hints about securing your application:
Struts runs in J2EE, so you can use J2EE security, aka CMA:
- http://e-docs.bea.com/wls/docs61/webapp/web_xml.html WEB.XML
- http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html#JDBCRealm One Containers Realms
Depending on your functional requirements, additional Java security packages exist such as:
Acegi - article describes implementation without Spring
- http://acegisecurity.sourceforge.net/standalone.html (Overview)
- http://raibledesigns.com/wiki/Wiki.jsp?page=AppFuseAuthentication (Tutorial)
JAAS -
- http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html
- http://www.jroller.com/page/tomdz/20041215 (Using JAAS with Struts)
Pow2Acl - has not been updated since 2002
SecurityFilter - example modules explain how to use with JDBC
Struts Menu -