I am trying to add Spring security to my Struts2 based application and for some areas its working fine but it seems like for some its not working at all.this is a snap-shop of my spring-security.xml file
i have defined fre more such interceptor patterns in my xml file. In the above code
<http auto-config="false" entry-point-ref="preAuthenticatedProcessingFilterEntryPoint">
<intercept-url pattern="/bd/account/get-user-by-id" access="ROLE_ADMIN,ROLE_USER" />
<custom-filter ref="preAuthFilter" position="PRE_AUTH_FILTER" />
/login is Struts2 action and my expectation is as follow from this
1. If non-logged in user click on the above link Spring-security should send it to access-denied handler.
2 Access denied handler is a Struts2 action and it should get called which should simply show login page to the user.
above login action of Struts2 is working fine in normal condition but it seems that Spring security is not intercepting this URL at all or not calling the Struts2 action.
i have configured my Struts2 filter to even handle FORWARD request as follow
i am not sure where i am doing wrong in this.