No, this is a common mistake. The url in the xml is the URL, not the view resource. You put in .jsp which tells me you have a
jsp page that is the view. It does not say what the incoming url that is coming in will be.
So I have a url coming in like
www.myapp.com/orders/findOrder.htm but after it runs my code it will return a view, the view could be displayOrders.jsp
So instead of using /displayOrders.jsp in the intercept-url, I am not securing that particular view page file, I am securing the incoming URL of findOrder.htm
Hope that helps clear things up
Mark