Hello, first i would say sorry don't speak english very good... I use the Spring framework 2.5 to apply the security rules for hand interception on the page in my application Jee, the page must be accessible only when the user is connected.
The problem is that when I do:
security:intercept-url pattern="main.xhtml" access="ROLE_USER" page is accessible by typing main.jsf! and when I do:
security:intercept-url pattern="main.jsf" access="ROLE_USER"
main is not accessible even if the user authenticates! im blocked! What must i do to make it work? Thank you in advance for your help!