Hello, If a user simply types in /secured/admin.xhtml in the browser the @Secured annotation will not help, right? As far as I understand it's it only triggers the AccessDecisionVoter when you actually navigate with JSF... So I would still need to define a @WebFilter to secure my application.
Now, the effect would that a secured request will be secured twice, once by the filter and once by my AccessDecisionVoter and I didn't really accomplish much by using the AccessDecisionVoter? I feel like I am missing something. cheers
