I am sorry - i was not quite clear with my query.... I understand that the editUser action is secured and only an admin user can access it. The edit user action is btw, in the default package and not admin package, but has an admin-check interceptor. So i need to access it with http://your.domain.com/editUser.html, using an admin user. However, even if i use http://your.domain.com/admin/editUser.html, with the admin namespace, I am able to access it, although i was expecting a "page not found error". Why is this happening?
Also, if a non-admin user tries to access http://your.domain.com/admin/editUser.html, with the admin namespace, I get a strange acces denied error embedded inside another access denied error (Have attached an image). Also wondering why is that happening. I understand its not a major issue, but was just curious to understand the cause for this behaviour. Thanks, Chris alibehzadian wrote: > > Hi Chris, > > "editUser" action is inside admin package (struts.xml). All actions in > this package have "admin" prefix. So > the exact url of "editUser" action is > "http://your.domain.com/admin/editUser.html?...";. > > All actions are -by default- secure. So you can not access any action > without logging into application. > If you want to have a public action (an action that guest users can > access), you should go to security.xml file and add your action there and > make it available to ROLE_ANONYMOUS as below: > > ... > <intercept-url pattern="/index.html*" > access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> > ... > > Ali Behzadian Nejad. > -- View this message in context: http://www.nabble.com/Appfuse-Access-denied-error-tp18284246s2369p18291847.html Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
