You can obtain the UserPrincipal and other security details by going through the request or implementing PrincipalAware. Implementing PrincipalAware is preferred.

Go Through the Request

First obtain the HttpServletRequest and then obtain the security Principal.

HttpServletRequest request = ServletActionContext.getRequest();
String authType = request.getAuthType();         // http or https
String user = request.getRemoteUser();           // the user principal (in string)
Principalprincipal = request.getUserPrincipal(); // get a Principal object
bool isAuth = request.isUserInRole("patrick");

Implement PrincipalAware

Preferred

• Ensure that servlet-config Interceptor is included in the Action's stack.
  • The default stack already includes servlet-config.
• Edit the Action so that it implements the PrincipalAware interface.
  • The PrincipalAware interface expects a setPrincipalProxy(PrincipalProxy) method. You may wish to include a companion getPrincipalProxy method.
• At runtime, use the PrincipalProxy reference to invoke methods such as isUserInRole, getUserPrincipal(), getRemoteUser(), isRequestSecure(), and so forth.

@see org.apache.struts.action2.interceptor.PrincipalProxy
@see org.apache.struts.action2.interceptor.PrincipalAware
@see org.apache.struts.action2.interceptor.ServletConfigInterceptor