Because Struts is an implementation of the Front Controllerpattern. It has little or nothing to do with business logic. Have a look here for more information (yes, it's in the 1.3 user guide, but the principal still applies).
Consider your Action classes as the one(s) responsible for processing each client request. You can have different classes or even a hierarchy of classes for processing each particular request with all interaction to the persistence/data-access layer being routed though a DAO (an interface) and a DAOImpl (class implementing the persistence methods using the preferred approach, eg:- JDBC, Hibernate, JAXB, CSV etc.).
You provide a layer of abstraction as you can switch between different persistence strategies seamlessly and the remainder of the application would not be affected by this approach. The idea behind application design is to build a system which comprises of different components independent of each other and working in tandem to arrive at the required solution. It becomes all the more better if there is sufficient level of abstraction amongst these individual components so that you can freely make modifications/changes to any particular component and the other components as well as the system, on the whole, is not affected in any manner.
Does that answer your query?
subject: where to validate username password in struts