Meaningless Drivel is fun!
The moose likes Spring and the fly likes Spring Security Rule Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring Security Rule" Watch "Spring Security Rule" New topic

Spring Security Rule

pamir sonmez
Ranch Hand

Joined: May 31, 2010
Posts: 47
In my security.xml file , I implemented the access rights of admin/** page like that;

Then, In my strut.xml file, I have an action mapping like that;

I am able to call the myAction without logging in to the system
and at the result of the action I am forwarded to the admin.jsp page which I dont have required priveleges, However since action redirected me to that page, I am able to see the content of the page.

Since url is not changed after the action is called, security is not restricting the page show.
How can I handle this situation?
If security handle the forwarding, wouldnt it be better ?
Peter Mularien
Ranch Hand

Joined: Sep 06, 2007
Posts: 84
Sounds like you may not have the relevant servlet filters in the right order. Can you post your web.xml fille as well?

Author, Spring Security 3 (the Book), Packt Publishing, 2010
Jackie Li
Ranch Hand

Joined: Sep 12, 2010
Posts: 30
have you configured your ExceptionTranslationFilter, or in other ways, have you ever used your authorization settings?
subject: Spring Security Rule
It's not a secret anymore!