In my security.xml file , I implemented the access rights of admin/** page like that;
Then, In my strut.xml file, I have an action mapping like that;
I am able to call the myAction without logging in to the system
and at the result of the action I am forwarded to the admin.jsp page which I dont have required priveleges, However since action redirected me to that page, I am able to see the content of the page.
Since url is not changed after the action is called, security is not restricting the page show.
How can I handle this situation?
If security handle the forwarding, wouldnt it be better ?