Let's say you need to secure what's accessible on the /admin/*path. You need to declare the Spring Security Filter in your web.xml, the Struts filter should come after so that if you are accessing /adminit will be Spring Security that handle the request first and will be able to let it pass or block it depending on the role of the user:

假设您需要保护/admin/*路径上可访问的内容。您需要在您的 中声明 Spring Security 过滤器web.xml，Struts 过滤器应该紧随其后，这样如果您正在访问/admin它，Spring Security 将首先处理请求，并且能够根据角色的作用让它通过或阻止它用户：

<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/admin/*</url-pattern>
</filter-mapping>
<filter>
    <filter-name>struts2</filter-name>
    <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

You then declare your spring security context:

然后你声明你的 spring 安全上下文：

<http>
    <intercept-url pattern="/*" filters="none" />
    <intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />           
    <form-login login-page="/login" />
    <logout logout-url="/logout" />
</http>

I propose that you use the struts2-conventionplugin so that URLs like /loginare bound automatically to a class named let's say com.foo.bar.actions.LoginAction. Same for LogoutAction

我建议您使用该struts2-convention插件，以便像这样的 URL/login自动绑定到名为 let's say 的类com.foo.bar.actions.LoginAction。同为LogoutAction

Now what is under /admin/*should be secured by Spring Security, and the rest should be forwarded directly to the Struts2 filter.

现在下面的/admin/*应该由 Spring Security 保护，其余的应该直接转发到 Struts2 过滤器。

Finally, in your JSP you can check if someone is an Admin with:

最后，在您的 JSP 中，您可以通过以下方式检查某人是否是管理员：

<sec:authorize access="hasRole('ROLE_ADMIN')">
   <p>you are an admin</p>
</sec:authorize>

The rest can be found in any Spring Security tutorial. What's really important is the order of the filters declaration, spring security must be first.

其余的可以在任何 Spring Security 教程中找到。真正重要的是过滤器声明的顺序，spring security 必须是第一位的。

Edit:searching on google, there is also this linkthat can be of help for you.

编辑：在谷歌上搜索，还有这个链接可以为您提供帮助。

This is actually very simple - Spring Security is web framework agnostic :)

这实际上非常简单 - Spring Security 与 Web 框架无关 :)

You need to define Spring Security filter chain - this is a Java Filter that should be mapped to all requests. The filter will check if the path requires any privilages and if so checks if user is logged in and has those privilages.

您需要定义 Spring Security 过滤器链 - 这是一个应该映射到所有请求的 Java 过滤器。过滤器将检查路径是否需要任何特权，如果需要，则检查用户是否已登录并拥有这些特权。

Simple setup example.

简单的设置示例。

web.xml (insert to your existing one, alongside struts config):

web.xml（插入到现有的，与 struts 配置一起）：

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        classpath:META-INF/spring/applicationContext-security.xml
    </param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Spring security configuration (in the file mentioned in web.xml in contextConfigLocation parameter):

Spring 安全配置（在 web.xml 中 contextConfigLocation 参数中提到的文件中）：

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
    http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http pattern="/js/**" security="none" />
<http pattern="/css/**" security="none" />
<http pattern="/images/**" security="none" />

<http auto-config="false" use-expressions="true">
    <http-basic/>
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
    <session-management session-fixation-protection="newSession" />
</http>
</beans:beans>

You may extend this as you wish - Spring's documentation is rather well written

您可以根据需要扩展它 - Spring 的文档写得相当好

You may go along an even simpler auto-config:

您可以使用更简单的自动配置：

<http auto-config='true'>
    <intercept-url pattern="/**" access="ROLE_USER" />
</http>

Above options secure your web-app per request path. You may want to secure the actions as well. Adding the below would get you going:

以上选项可保护您的每个请求路径的网络应用程序。您可能还想保护这些操作。添加以下内容将使您继续前进：

<global-method-security secured-annotations="enabled" pre-post-annotations="enabled" proxy-target-class = "true" />

Let me know what features you need and I can point you in a direction. Keep in mind that namespace config is not a silver bullet - if you need a very custom solution you might need to configure all the spring beans yourself, but the documentation explains this well.

让我知道您需要哪些功能，我可以为您指明方向。请记住，命名空间配置不是灵丹妙药——如果您需要一个非常自定义的解决方案，您可能需要自己配置所有 spring bean，但文档对此进行了很好的解释。