File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Spring and the fly likes Spring Security Rule Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring Security Rule" Watch "Spring Security Rule" New topic

Spring Security Rule

pamir sonmez
Ranch Hand

Joined: May 31, 2010
Posts: 46
In my security.xml file , I implemented the access rights of admin/** page like that;

Then, In my strut.xml file, I have an action mapping like that;

I am able to call the myAction without logging in to the system
and at the result of the action I am forwarded to the admin.jsp page which I dont have required priveleges, However since action redirected me to that page, I am able to see the content of the page.

Since url is not changed after the action is called, security is not restricting the page show.
How can I handle this situation?
If security handle the forwarding, wouldnt it be better ?
Peter Mularien
Ranch Hand

Joined: Sep 06, 2007
Posts: 84
Sounds like you may not have the relevant servlet filters in the right order. Can you post your web.xml fille as well?

Author, Spring Security 3 (the Book), Packt Publishing, 2010
Jackie Li
Ranch Hand

Joined: Sep 12, 2010
Posts: 30
have you configured your ExceptionTranslationFilter, or in other ways, have you ever used your authorization settings?
wood burning stoves
subject: Spring Security Rule
Similar Threads
struts2 login interceptor not finding session attribute of user details.
How would i call MyAction from pages/user/admin.jsp?
Interceptor issue in Struts 2
Scope interceptor: scope.type = end not doing any cleanup.
Struts 2 file upload tag type allowed error