If you're working on a web app that still uses Struts 1.x, the first thing you need to do is to upgrade it to the latest Struts 2 version. All versions of Struts 1 have several publicized security holes that have not -and will not- get patched.
I agree with Tim.
That said, I'm not aware of any BaseDispatchAction class in Struts 1. There is a DispatchAction, which is an abstract class intended to be extended by the developer and used to create a class with several related execute methods (For example, all the CRUD methods for a particular piece of data).
By CSP, do you mean Content Security Policy? I have used Tomcat's httpHeaderSecurity to add protection against malicious requests.
You should be aware that Struts 1.2.7 has known vulnerabilities to cross site scripting (among other known attacks) and I don't know that a filter at the server layer would protect against that.
If you are concerned about security (including XSS), the solution is to upgrade Struts or move to another framework.