The same way we extends the default behaviour of the Struts application, we can validate the user and authorize them to some resources in the application. We have to just mention the role for the resource in the struts-config.xml file. The following example will demonstrate the Application managed security. If the user enters the role as admin only then the submit will be called otherwise the exception page is displayed on the screen.

(1) Struts-config.xml File

<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE struts-config PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 1.3//EN" "http://struts.apache.org/dtds/struts-config_1_3.dtd">
<struts-config>
<!-- ================================================ Form Bean Definitions -->
<form-beans>
    <form-bean name="inputForm" type="com.visualbuilder.InputForm" />
</form-beans>
<!-- ========================================= Global Exception Definitions -->

<global-exceptions></global-exceptions>
<!-- =========================================== Global Forward Definitions -->
<global-forwards></global-forwards>
<!-- =========================================== Action Mapping Definitions -->
<action-mappings>
    <action path="/submit"

    type="com.visualbuilder.SubmitAction"

    scope="request" validate="false"

    name="inputForm" input="/index.jsp"
    roles="admin"/>
</action-mappings>
<!-- =========================================== Controller Mapping Definition -->
<controller contentType="text/html;charset=UTF-8" locale="true" debug="1" nocache="true" processorClass="org.apache.struts.chain.ComposableRequestProcessor" />

<!-- ======================================== Message Resources Definitions -->
<message-resources parameter="MessageResources" />

</struts-config>

(2) chain-config.xml File

Note:- The only change with in this file is to replace line number 1 by the line number 2.