I have a protected realm called spages

The realm is protected via spring-security:

Code:
<http auto-config='true'>
    <intercept-url pattern="/spages/**" access="ROLE_USER" />
    <form-login
	login-processing-url="/j_spring_security_check"
	login-page="/login"
	default-target-url="/spages/signin"
	always-use-default-target="true"			
	authentication-failure-url="/login?error" />		
</http>
When I link to /spages/signin I get the login form.. Thats ok and thats what I want.

But I also have a struts2 action:

Code:
<package name="admin" extends="struts-default">
    <action name="CategoryManagement">
        <result name="success">/spages/AdminCategoryHome.jsp</result>
    </action>		
</package>
See, the AdminCategoryHome.jsp page is in the secured directory. But when I invoke the struts action CategoryManagement, the spring-security form does not intercept the forward. I configured the spring filter as so, including the FORWARD dispatcher:

Code:
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>    
</filter-mapping>
Is there any way I can protected resources when the page is in the protected realm and accessed via a struts2 forward?

Thanks,

John Dickonson