Hi C.F.,

There's actually a whole bunch of ways to accomplish this... this is almost certainly not a complete list, but just off the top of my head...

(1) Place all your JSPs in WEB-INF. By definition, they can only be reached by forwarding from something, be it a servlet or Struts Action, on the server.

(2) Use container-managed security. I believe another poster mentioned this already as I was typing this response :)

(3) Set some value in the request as an attribute in your Action, and then check for it in the JSP. If it isn't there, forward to some "not allowed" JSP.

(4) Use a filter that rejects any request for a JSP, forwarding to a "not allowed" page.

Like I said, there are probably other choices too.

Frank

C.F. Scheidecker Antunes wrote:
Hello All,

I have an action that reads from the database and return a rowSet bean to the request scope.
Then I iterate the bean on my JSP and show the data.

Everything works.

I however have a problem. I can access the JSP straight if I type the URL.

That is, I want the JSP only to be shown if it is called from the action. I have a forward called "success" and
mapped to my struts-config.xml. On success I forward to the jsp

I would like to hide the JSP from the user, is it possible?

How?

Thanks,

C.F.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



.


--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM: fzammetti
Yahoo: fzammetti
MSN: [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to