Here are some hints about securing your application:

Struts runs in J2EE, so you can use J2EE security, aka CMA:

Depending on your functional requirements, additional Java security packages exist such as:

Acegi - article describes implementation without Spring

JAAS -

Pow2Acl - has not been updated since 2002

SecurityFilter - example modules explain how to use with JDBC

Struts Menu -