I use *.jsf file types and any given address that ends with .xhtml is not parsed and it shows original code. I want to restrict access to .xhtml files with spring security, however it doesn't work. Spring security works fine for me, so I guess that there's problem with intercept-url:
<intercept-url pattern="*.xhtml" access="denyAll" />
Is my pattern ok and problem lies somewhere else?
