Confluence 8.5.3 and later (replaced XWork introduced in 1.4)
This module was previously defined as xwork in Confluence versions prior to 8.5.3. The xwork module will continue to be supported for backward compatibility.
Purpose of this module
Struts plugin modules enable you to deploy Struts actions and views as a part of your plugins.
Additionally, the Struts module should also be used to define multipart request parsing rules. Ordinarily, multipart requests will only be parsed if the request is authorized according to the enforceSiteAccess method in ConfluencePermissionEnforcer:
Struts actions should extend ConfluenceActionSupport, which provides a number of helper methods and components that are useful when writing an Action that works within Confluence.
Other action base-classes can be found within Confluence, but we recommend you don't use them - the hierarchy of action classes in Confluence is over-complicated, and likely to be simplified in the future in a way that will break your plugins.
Accessing Your Actions
Actions are added to the Struts core configuration within Confluence, which means they are accessed like any other action.
For example, given the above atlassian-plugin.xml, the livesearch action would be accessed at <host>/<context-path>/plugins/livesearch/livesearch.action.
Creating a Velocity Template for Output
Your Velocity template must be specified with a leading slash (/) in the plugin XML configuration, and the path must correspond to the path inside the plugin JAR file.
In the above example, the Velocity template must be found in /templates/extra/livesearch/livesearchaction.vm inside the plugin JAR file. In the example plugin's source code, this would mean the Velocity template should be created in src/main/resources/template/extra/livesearch/.
Some issues to be aware of when developing or configuring a Struts plugin:
Your packages should always extend the default Confluence package. It is useful to be aware of what this provides to you in the way of interceptors and result types. Extending any other package will modify that package's configuration across the entire application, which is not supported or desirable.
You can give your packages any namespace you like, but we recommend using /plugins/unique/value - that is prefixing plugin packages with /plugins and then adding a string globally unique to your plugin. The only name you can't use is servlet as the /plugins/servlet URL pattern is reserved for the Servlet Module.
Views must be bundled in the JAR file in order to be used by your actions. This almost always means using Velocity views.
It is useful to be aware of the actions and features already bundled with Confluence, for example your actions will all be auto-wired by Spring (see Accessing Confluence Components from Plugin Modules) and your actions can use useful interfaces like PageAware and SpaceAware to reduce the amount of work they need to do.
Currently only Struts actions are protected by the temporary secure administrator sessions. Other plugin types, such as REST services or servlets are not checked for an administrator session.
All Struts actions mounted under /admin will automatically be protected by secure administrator sessions. To opt out of this protection you can mark your class or Struts action method with the WebSudoNotRequired annotation.
Conversely, all Struts actions mounted outside the /admin namespace are not protected and can be opted in by adding the WebSudoRequired annotation.
Both of these annotations work on the class or the action method. If you mark a method with the annotation, only action invocations invoking that method will be affected by the annotations. If you annotate the class, any invocation to that class will be affected. Subclasses inherit these annotations.