After further testing, it looks like even without tiles, the strut2
action mapping is not secured with Acegi/Spring Security (as of version
2.0.1, Struts version 2.0.11). As far as I can tell, it has to do with
the FilterDispatcher (Struts2) always forwarding to ActionProxy class to
process work (hence the Spring Security Filter never knows of the request)
Antonio Petrelli wrote:
> 2008/5/13 Alberto A. Flores <aaflores@(protected)>:
>> I would, but it seems to me like there is little that can be done on the
>> Struts2 side (unless a plugin of some sort is written). Essentially, when
>> control is forwarded to the tile, Spring security can not do much (or maybe
>> I'm missing something).
>
> I see...
>
>> The Spring Security team is well aware of (as far as forwards), that
>> resources are not secured on forwards (which sucks, really, unless I'm doing
>> something terribly wrong).
>
> Great, at least the bug is not at Struts or Tiles side :-)
>
>> I'll see if I can create a subset of my current app describing the problem.
>> Probably would post a war file? Is that what you meant?
>
> Exactly, with the source.
>
> Antonio
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@(protected)
> For additional commands, e-mail: user-help@(protected)
>
>
--
Alberto A. Flores
http://www.linkedin.com/in/aflores
